Routing Protocool Configuration Guide
Routing Protocool Configuration Guide
Routing Protocool Configuration Guide
Routing Protocols
Configuration Guide
Release 8.1
This product includes memory allocation software developed by Mark Moraes, copyright © 1988, 1989, 1993, University of Toronto.
This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation and software
included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by The Regents of the University of California. Copyright © 1979, 1980, 1983, 1986, 1988,
1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.
GateD software copyright © 1995, The Regents of the University. All rights reserved. Gate Daemon was originated and developed through release 3.0 by
Cornell University and its collaborators. Gated is based on Kirton’s EGP, UC Berkeley’s routing daemon (routed), and DCN’s HELLO routing protocol.
Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD software copyright © 1988, Regents of the
University of California. All rights reserved. Portions of the GateD software copyright © 1991, D. L. S. Associates.
Juniper Networks, the Juniper Networks logo, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other
countries. JUNOS and JUNOSe are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service
marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or
otherwise revise this publication without notice.
Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed
to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347,
6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
Revision History
15 September 2006—Revision 1
The information in this document is current as of the date listed in the revision history.
Juniper Networks hardware and software products are Year 2000 compliant. The JUNOS software has no known time-related limitations through the year
2038. However, the NTP application is known to have some difficulty in the year 2036.
Software License
The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to the
extent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, you
indicate that you understand and agree to be bound by those terms and conditions.
Generally speaking, the software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certain
uses. The software license may state conditions under which the license is automatically terminated. You should consult the license for further details.
For complete product documentation, please see the Juniper Networks Web site at www.juniper.net/techpubs.
READ THIS END USER LICENSE AGREEMENT (“AGREEMENT”) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE. BY DOWNLOADING,
INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER OR
IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) CONSENT TO BE BOUND BY THIS
AGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINED HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE
SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS.
1. The Parties. The parties to this Agreement are Juniper Networks, Inc. and its subsidiaries (collectively “Juniper”), and the person or organization that
originally purchased from Juniper or an authorized Juniper reseller the applicable license(s) for use of the Software (“Customer”) (collectively, the “Parties”).
2. The Software. In this Agreement, "Software" means the program modules and features of the Juniper or Juniper-supplied software, and updates and
releases of such software, for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller. "Embedded
Software" means Software which Juniper has embedded in the Juniper equipment.
3. License Grant. Subject to payment of the applicable fees and the limitations and restrictions set forth herein, Juniper grants to Customer a non-exclusive
and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the following use restrictions:
a. Customer shall use the Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased by Customer from
Juniper or an authorized Juniper reseller.
b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units for which Customer
has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey Access Client software only, Customer shall use
such Software on a single computer containing a single physical random access memory space and containing any number of processors. Use of the
Steel-Belted Radius software on multiple computers requires multiple licenses, regardless of whether such computers are physically contained on a single
chassis.
ii !
c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may specify limits to
Customer's use of the Software. Such limits may restrict use to a maximum number of seats, registered endpoints, concurrent users, sessions, calls,
connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase of separate licenses to use particular features,
functionalities, services, applications, operations, or capabilities, or provide throughput, performance, configuration, bandwidth, interface, processing,
temporal, or geographical limits. In addition, such limits may restrict the use of the Software to managing certain kinds of networks or require the Software
to be used only in conjunction with other specific Software. Customer's use of the Software shall be subject to all such limitations and purchase of all
applicable licenses.
d. For any trial copy of the Software, Customer's right to use the Software expires 30 days after download, installation or use of the Software. Customer may
operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may not extend or create an additional trial period
by re-installing the Software after the 30-day trial period.
e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customer's enterprise network.
Specifically, service provider customers are expressly prohibited from using the Global Enterprise Edition of the Steel-Belted Radius software to support any
commercial network access services.
The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase the applicable
license(s) for the Software from Juniper or an authorized Juniper reseller.
4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees not to and shall not:
(a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized copies of the Software (except as necessary
for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of the Software, in any form, to any third party; (d) remove any
proprietary notices, labels, or marks on or in any copy of the Software or any product in which the Software is embedded; (e) distribute any copy of the
Software to any third party, including as may be embedded in Juniper equipment sold in the secondhand market; (f) use any 'locked' or key-restricted
feature, function, service, application, operation, or capability without first purchasing the applicable license(s) and obtaining a valid key from Juniper, even
if such feature, function, service, application, operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to
any third party; (h) use the Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper
reseller; (i) use the Embedded Software on non-Juniper equipment; (j) use the Software (or make it available for use) on Juniper equipment that the
Customer did not originally purchase from Juniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarking of the Software to
any third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expressly provided herein.
5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper, Customer shall furnish
such records to Juniper and certify its compliance with this Agreement.
6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customer
shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includes
restricting access to the Software to Customer employees and contractors having a need to use the Software for Customer's internal business purposes.
7. Ownership. Juniper and Juniper's licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software,
associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in the
Software or associated documentation, or a sale of the Software, associated documentation, or copies of the Software.
8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty statement that
accompanies the Software (the “Warranty Statement”). Nothing in this Agreement shall give rise to any obligation to support the Software. Support services
may be purchased separately. Any such support shall be governed by a separate, written support services agreement. TO THE MAXIMUM EXTENT
PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR COSTS OR PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, THE SOFTWARE, OR ANY JUNIPER
OR JUNIPER-SUPPLIED SOFTWARE. IN NO EVENT SHALL JUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF
ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY
LAW, JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE),
INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOES
JUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT ERROR OR
INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Juniper's or its suppliers' or licensors' liability to
Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gave
rise to the claim, or if the Software is embedded in another Juniper product, the price paid by Customer for such other product. Customer acknowledges and
agrees that Juniper has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth
herein, that the same reflect an allocation of risk between the Parties (including the risk that a contract remedy may fail of its essential purpose and cause
consequential loss), and that the same form an essential basis of the bargain between the Parties.
9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license
granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customer's
possession or control.
10. Taxes. All license fees for the Software are exclusive of taxes, withholdings, duties, or levies (collectively “Taxes”). Customer shall be responsible for
paying Taxes arising from the purchase of the license, or importation or use of the Software.
11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign
agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such restrictions, laws or regulations, or
without all necessary approvals. Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption
or other capabilities restricting Customer's ability to export the Software without an export license.
12. Commercial Computer Software. The Software is “commercial computer software” and is provided with restricted rights. Use, duplication, or
disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS 227.7201 through 227.7202-4,
FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable.
13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer with the interface
information needed to achieve interoperability between the Software and another independently created program, on payment of applicable fee, if any.
Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any
applicable terms and conditions upon which Juniper makes such information available.
! iii
14. Third Party Software. Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose products or technology
are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement, and such licensor or vendor
shall have the right to enforce this Agreement in its own name as if it were Juniper. In addition, certain third party software may be provided with the
Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent portions of the Software are distributed under and
subject to open source licenses obligating Juniper to make the source code for such portions publicly available (such as the GNU General Public License
(“GPL”) or the GNU Library General Public License (“LGPL”)), Juniper will make such source code portions (including Juniper modifications, as appropriate)
available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N.
Mathilda Ave., Sunnyvale, CA 94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of the
LGPL at http://www.gnu.org/licenses/lgpl.html.
15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles. The
provisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes arising under this Agreement, the
Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal courts within Santa Clara County, California. This
Agreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software, and supersedes all prior and
contemporaneous agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that
the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are
inconsistent or conflict with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless
expressly assented to in writing by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not
affect the validity of the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and the
Parties agree that the English version will govern. (For Canada: Les parties aux présentés confirment leur volonté que cette convention de même que tous
les documents y compris tout avis qui s'y rattaché, soient redigés en langue anglaise. (Translation: The parties confirm that this Agreement and all related
documentation is and will be in the English language)).
iv !
Abbreviated Table of Contents
About This Guide xxv
Part 1 Overview
Chapter 1 Routing Protocols Concepts 3
Chapter 2 Complete Routing and Routing Protocol
Configuration Statements 17
Part 5 BGP
Chapter 32 BGP Overview 527
Chapter 33 BGP Configuration Guidelines 533
Chapter 34 Summary of BGP Configuration Statements 597
Part 6 Indexes
Index 655
Index of Statements and Commands 673
Part 1 Overview
Table of Contents ! ix
JUNOS 8.1 Routing Protocols Configuration Guide
x ! Table of Contents
Table of Contents
import-rib ....................................................................................................143
independent-domain....................................................................................144
input ............................................................................................................144
install ...........................................................................................................145
instance-export ............................................................................................145
instance-import............................................................................................146
interface.......................................................................................................147
interface (multicast enabling) ................................................................147
interface (multicast scoping) ..................................................................148
interface-routes ............................................................................................149
lsp-next-hop .................................................................................................150
martians ......................................................................................................151
maximum-paths...........................................................................................152
maximum-prefixes.......................................................................................153
metric ..........................................................................................................153
metric (Aggregate, Generated, or Static Route) ......................................154
metric (Qualified Next Hop on Static Route) ..........................................154
multicast ......................................................................................................155
no-install ......................................................................................................155
no-readvertise ..............................................................................................155
no-retain ......................................................................................................156
nonstop-routing ...........................................................................................156
options.........................................................................................................157
p2mp-lsp-next-hop.......................................................................................158
passive .........................................................................................................158
policy ...........................................................................................................159
preference....................................................................................................160
prefix ...........................................................................................................161
qualified-next-hop ........................................................................................161
readvertise ...................................................................................................162
resolution.....................................................................................................163
resolution-ribs ..............................................................................................163
resolve .........................................................................................................164
restart-duration ............................................................................................164
retain ...........................................................................................................165
rib ................................................................................................................166
rib (General) ..........................................................................................166
rib (Route Resolution) ............................................................................167
rib-group ......................................................................................................168
rib-groups ....................................................................................................169
route-distinguisher-id ...................................................................................170
route-record .................................................................................................170
router-id.......................................................................................................171
routing-options.............................................................................................171
scope ...........................................................................................................172
source-address .............................................................................................172
ssm-groups ..................................................................................................173
static ............................................................................................................174
tag................................................................................................................176
threshold .....................................................................................................177
traceoptions ............................................................................................. 178
tunnel-type...................................................................................................180
unicast-reverse-path .....................................................................................180
Table of Contents ! xi
JUNOS 8.1 Routing Protocols Configuration Guide
ipv4-multicast-rpf-routes ..............................................................................301
ipv6-multicast-metric ...................................................................................301
ipv6-unicast .................................................................................................302
ipv6-unicast-metric ......................................................................................302
isis ...............................................................................................................303
label-switched-path ......................................................................................303
ldp-synchronization .....................................................................................304
level .............................................................................................................304
level (Global IS-IS) ..................................................................................305
level (IS-IS Interfaces) ............................................................................306
loose-authentication-check...........................................................................306
lsp-interval ...................................................................................................307
lsp-lifetime ...................................................................................................307
mesh-group..................................................................................................308
metric ..........................................................................................................308
no-adjacency-holddown ...............................................................................309
no-authentication-check ...............................................................................309
no-csnp-authentication.................................................................................310
no-hello-authentication ................................................................................310
no-ipv4-multicast .........................................................................................311
no-ipv4-routing ............................................................................................311
no-ipv6-multicast .........................................................................................312
no-ipv6-routing ............................................................................................312
no-ipv6-unicast ............................................................................................313
no-psnp-authentication ................................................................................313
no-unicast-topology......................................................................................314
overload.......................................................................................................314
passive .........................................................................................................315
point-to-point ...............................................................................................315
preference....................................................................................................316
prefix-export-limit ........................................................................................316
priority.........................................................................................................317
reference-bandwidth ....................................................................................317
rib-group ......................................................................................................318
shortcuts ......................................................................................................318
spf-delay ......................................................................................................319
te-metric ......................................................................................................319
topologies ....................................................................................................320
traceoptions .................................................................................................321
traffic-engineering........................................................................................323
wide-metrics-only ........................................................................................324
Table of Contents ! xv
JUNOS 8.1 Routing Protocols Configuration Guide
interface.......................................................................................................399
interface-type...............................................................................................400
ipsec-sa ........................................................................................................401
label-switched-path ......................................................................................402
ldp-synchronization .....................................................................................402
lsp-metric-into-summary ..............................................................................403
md5 .............................................................................................................403
metric ..........................................................................................................404
metric-type ..................................................................................................405
neighbor ......................................................................................................406
no-nssa-abr ..................................................................................................406
no-summaries ..............................................................................................406
nssa .............................................................................................................407
ospf..............................................................................................................407
ospf3............................................................................................................408
overload.......................................................................................................408
passive .........................................................................................................409
peer-interface...............................................................................................410
poll-interval..................................................................................................410
preference....................................................................................................411
prefix-export-limit ........................................................................................411
priority.........................................................................................................412
reference-bandwidth ....................................................................................412
retransmit-interval .......................................................................................413
rib-group ......................................................................................................414
route-type-community .................................................................................414
sham-link .....................................................................................................415
sham-link-remote.........................................................................................415
shortcuts ......................................................................................................416
simple-password ..........................................................................................416
spf-delay ......................................................................................................417
stub..............................................................................................................418
summaries ...................................................................................................419
te-metric ......................................................................................................419
traceoptions .................................................................................................420
traffic-engineering........................................................................................423
transit-delay .................................................................................................424
transmit-interval ..........................................................................................425
type-7 ..........................................................................................................425
virtual-link....................................................................................................426
xx ! Table of Contents
Table of Contents
multicast ......................................................................................................497
priority.........................................................................................................498
router-discovery ...........................................................................................498
traceoptions .................................................................................................499
Part 5 BGP
cluster ..........................................................................................................606
damping ......................................................................................................607
description ...................................................................................................608
disable .........................................................................................................608
explicit-null .................................................................................................609
export ..........................................................................................................610
family ..........................................................................................................611
flow..............................................................................................................613
graceful-restart.............................................................................................614
group ...........................................................................................................615
hold-time .....................................................................................................617
import..........................................................................................................618
include-mp-next-hop ....................................................................................618
ipsec-sa ........................................................................................................619
iso-vpn .........................................................................................................620
keep.............................................................................................................621
labeled-unicast .............................................................................................622
local-address ................................................................................................623
local-as.........................................................................................................624
local-interface ..............................................................................................624
local-preference ...........................................................................................625
log-updown ..................................................................................................626
metric-out ....................................................................................................627
mtu-discovery ..............................................................................................628
multihop ......................................................................................................629
multipath .....................................................................................................630
neighbor ......................................................................................................631
no-advertise-peer-as .....................................................................................633
no-aggregator-id...........................................................................................633
no-client-reflect ............................................................................................634
no-validate ...................................................................................................635
out-delay ......................................................................................................636
passive .........................................................................................................637
path-selection...............................................................................................638
peer-as .........................................................................................................639
preference....................................................................................................640
prefix-limit ...................................................................................................641
protocol .......................................................................................................642
remove-private.............................................................................................643
resolve-vpn ..................................................................................................644
rib ................................................................................................................645
rib-group ......................................................................................................646
route-target ..................................................................................................647
tcp-mss ........................................................................................................648
traceoptions .................................................................................................649
type .............................................................................................................652
vpn-apply-export..........................................................................................652
Part 6 Indexes
Index........................................................................................................................ 655
Index of Statements and Commands............................................................ 673
This preface provides the following guidelines for using the JUNOS Internet Software
Routing Protocols Configuration Guide and related Juniper Networks, Inc., technical
documents:
Objectives
This guide is designed for network administrators who are configuring and
monitoring a Juniper Networks J-series, M-series, or T-series routing platform.
NOTE: This guide documents Release 8.1 of the JUNOS Internet software. For
additional information about the JUNOS software—either corrections to or
information that might have been omitted from this guide—see the software
release notes at http://www.juniper.net/.
Objectives ! xxv
JUNOS 8.1 Routing Protocols Configuration Guide
! J-series
! M-series
! T-series
Audience
This guide is designed for network administrators who are configuring and
monitoring a Juniper Networks routing platform.
To use this guide, you need a broad understanding of networks in general, the
Internet in particular, networking principles, and network configuration. You must
also be familiar with one or more of the following Internet routing protocols:
Personnel operating the equipment must be trained and competent; must not
conduct themselves in a careless, willfully negligent, or hostile manner; and must
abide by the instructions provided by the documentation.
If the example configuration does not start at the top level of the hierarchy, the
example is a snippet. In this case, use the load merge relative command. These
procedures are described in the following sections.
1. From the HTML or PDF version of the manual, copy a configuration example
into a text file, save the file with a name, and copy the file to a directory on
your routing platform.
For example, copy the following configuration to a file and name the file
ex-script.conf. Copy the ex-script.conf file to the /var/tmp directory on your
routing platform.
system {
scripts {
commit {
file ex-script.xsl;
}
}
}
interfaces {
fxp0 {
disable;
unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
}
2. Merge the contents of the file into your routing platform configuration by
issuing the load merge configuration mode command:
[edit]
user@host# load merge /var/tmp/ex-script.conf
load complete
Merging a Snippet
To merge a snippet, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration snippet
into a text file, save the file with a name, and copy the file to a directory on
your routing platform.
For example, copy the following snippet to a file and name the file
ex-script-snippet.conf. Copy the ex-script-snippet.conf file to the /var/tmp
directory on your routing platform.
commit {
file ex-script-snippet.xsl;
}
2. Move to the hierarchy level that is relevant for this snippet by issuing the
following configuration mode command:
[edit]
user@host# edit system scripts
[edit system scripts]
3. Merge the contents of the file into your routing platform configuration by
issuing the load merge relative configuration mode command:
For more information about the load command, see the JUNOS CLI User Guide.
Documentation Conventions
Table 1 defines notice icons used in this guide.
Table 2 defines the text and syntax conventions used in this guide.
Italic typeface ! Introduces important new terms. ! A policy term is a named structure that defines
match conditions and actions.
! Identifies book names. ! JUNOS System Basics Configuration Guide
! Identifies RFC and Internet draft titles. ! RFC 1997, BGP Communities Attribute
Italic sans serif typeface Represents variables (options for which Configure the machine’s domain name:
you substitute a value) in commands or [edit]
configuration statements. root@# set system domain-name domain-name
Sans serif typeface Represents names of configuration ! To configure a stub area, include the stub
statements, commands, files, and statement at the [edit protocols ospf area area-id]
directories; IP addresses; configuration hierarchy level.
hierarchy levels; or labels on routing ! The console port is labeled CONSOLE.
platform components.
< > (angle brackets) Enclose optional keywords or variables. stub <default-metric metric>;
> (bold right angle bracket) Separates levels in a hierarchy of J-Web In the configuration editor hierarchy, select
selections. Protocols>Ospf.
Document Description
JUNOS Internet Software Configuration Guides
Class of Service Provides an overview of the class-of-service (CoS) functions of the JUNOS software
and describes how to configure CoS features, including configuring multiple
forwarding classes for transmitting packets, defining which packets are placed into
each output queue, scheduling the transmission service level for each queue, and
managing congestion through the random early detection (RED) algorithm.
CLI User Guide Describes how to use the JUNOS command-line interface (CLI) to configure, monitor,
and manage Juniper Networks routing platforms. This material was formerly
covered in the JUNOS System Basics Configuration Guide.
Feature Guide Provides a detailed explanation and configuration examples for several of the most
complex features in the JUNOS software.
High Availability Provides an overview of hardware and software resources that ensure a high level of
continuous routing platform operation and describes how to configure high
availability (HA) features such as nonstop routing (NSR) and graceful Routing Engine
switchover (GRES).
MPLS Applications Provides an overview of traffic engineering concepts and describes how to configure
traffic engineering protocols.
Multicast Protocols Provides an overview of multicast concepts and describes how to configure
multicast routing protocols.
Network Interfaces Provides an overview of the network interface functions of the JUNOS software and
describes how to configure the network interfaces on the routing platform.
Network Management Provides an overview of network management concepts and describes how to
configure various network management features, such as SNMP and accounting
options.
Document Description
Policy Framework Provides an overview of policy concepts and describes how to configure routing
policy, firewall filters, forwarding options, and cflowd.
Routing Protocols Provides an overview of routing concepts and describes how to configure routing,
routing instances, and unicast routing protocols.
Secure Configuration Guide for Common Provides an overview of secure Common Criteria and JUNOS-FIPS protocols for the
Criteria and JUNOS-FIPS JUNOS Internet software and describes how to install and configure secure Common
Criteria and JUNOS-FIPS on a routing platform.
Services Interfaces Provides an overview of the services interfaces functions of the JUNOS software and
describes how to configure the services interfaces on the routing platform.
Software Installation and Upgrade Guide Provides a description of JUNOS software components and packaging, and includes
detailed information about how to initially configure, reinstall, and upgrade the
JUNOS system software. This material was formerly covered in the JUNOS System
Basics Configuration Guide.
System Basics Describes Juniper Networks routing platforms, and provides information about how
to configure basic system parameters, supported protocols and software processes,
authentication, and a variety of utilities for managing your router on the network.
VPNs Provides an overview and describes how to configure Layer 2 and Layer 3 virtual
private networks (VPNs), virtual private LAN service (VPLS), and Layer 2 circuits.
Provides configuration examples.
JUNOS References
Hierarchy and RFC Reference Describes the JUNOS configuration mode commands. Provides a hierarchy
reference that displays each level of a configuration hierarchy, and includes all
possible configuration statements that can be used at that level. This material was
formerly covered in the JUNOS System Basics Configuration Guide.
Interfaces Command Reference Describes the JUNOS software operational mode commands you use to monitor and
troubleshoot interfaces.
Routing Protocols and Policies Command Describes the JUNOS software operational mode commands you use to monitor and
Reference troubleshoot routing protocols and policies, including firewall filters.
System Basics and Services Command Describes the JUNOS software operational mode commands you use to monitor and
Reference troubleshoot system basics, including commands for real-time monitoring and route
(or path) tracing, system software management, and chassis management. Also
describes commands for monitoring and troubleshooting services such as CoS, IP
Security (IPSec), stateful firewalls, flow collection, and flow monitoring.
System Log Messages Reference Describes how to access and interpret system log messages generated by JUNOS
software modules and provides a reference page for each message.
J-Web User Guide
J-Web Interface User Guide Describes how to use the J-Web GUI to configure, monitor, and manage Juniper
Networks routing platforms.
JUNOS API and Scripting Documentation
JUNOScript API Guide Describes how to use the JUNOScript application programming interface (API) to
monitor and configure Juniper Networks routing platforms.
JUNOS XML API Configuration Reference Provides reference pages for the configuration tag elements in the JUNOS XML API.
JUNOS XML API Operational Reference Provides reference pages for the operational tag elements in the JUNOS XML API.
JUNOS Configuration and Diagnostic Describes how to use the commit script and self-diagnosis features of the JUNOS
Automation Guide software. This guide explains how to enforce custom configuration rules defined in
scripts, how to use commit script macros to provide simplified aliases for frequently
used configuration statements, and how to configure diagnostic event policies.
Document Description
NETCONF API Guide Describes how to use the NETCONF API to monitor and configure Juniper Networks
routing platforms.
JUNOS Comprehensive Index and Glossary
Comprehensive Index and Glossary Provides a complete index of all JUNOS software books, the JUNOScript API Guide,
and the NETCONF API Guide. Also provides a comprehensive glossary.
JUNOScope Documentation
JUNOScope Software User Guide Describes the JUNOScope software GUI, how to install and administer the software,
and how to use the software to manage routing platform configuration files and
monitor routing platform operations.
J-series Services Router Documentation
Getting Started Guide Provides an overview, basic instructions, and specifications for J-series Services
Routers. The guide explains how to prepare your site for installation, unpack and
install the router and its components, install licenses, and establish basic
connectivity. Use the Getting Started Guide for your router model.
Basic LAN and WAN Access Configuration Explains how to configure the interfaces on J-series Services Routers for basic IP
Guide routing with standard routing protocols, ISDN backup, and digital subscriber line
(DSL) connections.
Advanced WAN Access Configuration Explains how to configure J-series Services Routers in virtual private networks
Guide (VPNs) and multicast networks, configure data link switching (DLSw) services, and
apply routing techniques such as policies, stateless and stateful firewall filters, IP
Security (IPSec) tunnels, and class-of-service (CoS) classification for safer, more
efficient routing.
Administration Guide Shows how to manage users and operations, monitor network performance,
upgrade software, and diagnose common problems on J-series Services Routers.
M-series and T-series Hardware Documentation
Hardware Guide Describes how to install, maintain, and troubleshoot routing platforms and
components. Each platform has its own hardware guide.
PIC Guide Describes the routing platform PICs. Each platform has its own PIC guide.
Release Notes
JUNOS Release Notes Summarize new features and known problems for a particular software release,
provide corrections and updates to published JUNOS, JUNOScript, and NETCONF
manuals, provide information that might have been omitted from the manuals, and
describe upgrade and downgrade procedures.
Hardware Release Notes Describe the available documentation for the routing platform and the supported
PICs, and summarize known problems with the hardware and accompanying
software. Each platform has its own release notes.
JUNOScope Software Release Notes Contain corrections and updates to the published JUNOScope manual, provide
information that might have been omitted from the manual, and describe upgrade
and downgrade procedures.
J-series Services Router Release Notes Briefly describe the J-series Services Router features, identify known hardware
problems, and provide upgrade and downgrade instructions.
Book Description
Baseline Describes the most basic tasks for running a network using Juniper Networks
products. Tasks include upgrading and reinstalling JUNOS software, gathering basic
system management information, verifying your network topology, and searching
log messages.
Interfaces Describes tasks for monitoring interfaces. Tasks include using loopback testing and
locating alarms.
MPLS Describes tasks for configuring, monitoring, and troubleshooting an example MPLS
network. Tasks include verifying the correct configuration of the MPLS and RSVP
protocols, displaying the status and statistics of MPLS running on all routers in the
network, and using the layered MPLS troubleshooting model to investigate problems
with an MPLS network.
MPLS Log Reference Describes MPLS status and error messages that appear in the output of the show
mpls lsp extensive command. The guide also describes how and when to configure
Constrained Shortest Path First (CSPF) and RSVP trace options, and how to examine
a CSPF or RSVP failure in a sample network.
Hardware Describes tasks for monitoring M-series and T-series routing platforms.
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. Send your comments to
techpubs-comments@juniper.net, or fill out the documentation feedback form at
http://www.juniper.net/techpubs/docbug/docbugreport.html. If you are using e-mail,
be sure to include the following information with your comments:
! Document name
! Page number
Requesting Support
For technical support, open a support case using the Case Manager link at
http://www.juniper.net/support/ or call 1-888-314-JTAC (from the United States,
Canada, or Mexico) or 1-408-745-9500 (from elsewhere).
Overview ! 1
JUNOS 8.1 Routing Protocols Configuration Guide
2 ! Overview
Chapter 1
Routing Protocols Concepts
The JUNOS routing protocol process supports a wide variety of routing protocols,
including Intermediate System-to-Intermediate System (IS-IS), Open Shortest Path
First (OSPF), Routing Information Protocol (RIP), Routing Information Protocol Next
Generation (RIPng), and Border Gateway Protocol (BGP). This chapter explains the
general terminology and concepts related to configuring and using the routing
protocol process and the routing protocols. For information about configuring the
individual routing protocols, see the individual chapter about that protocol.
! IPv6 on page 11
Routing Databases
The JUNOS software maintains two databases for routing information:
In addition, the interior gateway protocols (IGPs), IS-IS, and OSPF maintain
link-state databases.
Routing Databases ! 3
JUNOS 8.1 Routing Protocols Configuration Guide
IS-IS and OSPF use the Dijkstra algorithm, and RIP and RIPng use the Bellman-Ford
algorithm to determine the best route or routes (if there are multiple equal-cost
routes) to reach each destination and install these routes into the JUNOS software
routing table.
By default, the JUNOS software maintains three routing tables: one for unicast
routes, another for multicast routes, and a third for Multiprotocol Label Switching
(MPLS). You can configure additional routing tables to support situations where you
need to separate a particular group of routes or where you need greater flexibility in
manipulating routing information. In general, most operations can be performed
without resorting to the complexity of additional routing tables. However, creating
additional routing tables has several specific uses, including importing interface
routes into more than one routing table, applying different routing policies when
exporting the same route to different peers, and providing greater flexibility with
incongruent multicast topologies.
Each routing table is identified by a name, which consists of the protocol family
followed by a period and a small, nonnegative integer. The protocol family can be
inet (Internet), iso (ISO), or mpls (MPLS). The following names are reserved for the
default routing tables maintained by the JUNOS software:
4 ! Routing Databases
Chapter 1: Routing Protocols Concepts
! inet.2—Unicast routes used for multicast reverse path forwarding (RPF) lookup
NOTE: For clarity, this manual contains general discussions of routing tables as if
there were only one table. However, when it is necessary to distinguish among
the routing tables, their names are explicitly used.
Forwarding Tables
The JUNOS software installs all active routes from the routing table into the
forwarding table. The active routes are used to forward packets to their
destinations.
The JUNOS kernel maintains a master copy of the forwarding table. It copies the
forwarding table to the Packet Forwarding Engine, which is the part of the router
responsible for forwarding packets.
Routing Databases ! 5
JUNOS 8.1 Routing Protocols Configuration Guide
Figure 1: Synchronizing Routing Exchange between the Routing and Forwarding Tables
Routing Engine
Routing
Routing table
protocol process
Forwarding table
Network interfaces
1431
Configuring Interfaces
When you configure a protocol on an interface, you must also configure a protocol
family on that interface. For information about configuring interfaces, see the
JUNOS Network Interfaces Configuration Guide and JUNOS Services Interfaces
Configuration Guide. For information about configuring protocol families, see the
individual protocol configuration chapters in this book.
Route Preferences
For unicast routes, the JUNOS routing protocol process uses the information in its
routing table, along with the properties set in the configuration file, to choose an
active route for each destination. While the JUNOS software might know of many
routes to a destination, the active route is the preferred route to that destination
and is the one that is installed in the forwarding table and used when actually
routing packets.
The routing protocol process generally determines the active route by selecting the
route with the lowest preference value. The preference is an arbitrary value in the
range from 0 through 255 that the software uses to rank routes received from
different protocols, interfaces, or remote systems.
6 ! Configuring Interfaces
Chapter 1: Routing Protocols Concepts
The software uses a four-byte value to represent the route preference value. When
using the preference value to select an active route, the software first compares the
primary route preference values, choosing the route with the lowest value. If there
is a tie and a secondary preference has been configured, the software compares the
secondary preference values, choosing the route with the lowest value. The
secondary preference values must be included in a set for the preference values to
be considered.
1. Choose the path with the lowest preference value (routing protocol process
preference). Routes that are not eligible to be used for forwarding (for example,
because they were rejected by routing policy or because a next hop is
inaccessible) have a preference of –1 and are never chosen.
2. For BGP, prefer the path with higher local preference. For non-BGP paths,
choose the path with the lowest preference2 value.
b. Prefer the route with the lower origin code. Routes learned from an IGP
have a lower origin code than those learned from an EGP, and both have
lower origin codes than incomplete routes (routes whose origin is
unknown).
Route Preferences ! 7
JUNOS 8.1 Routing Protocols Configuration Guide
4. Prefer strictly internal paths, which include IGP routes and locally generated
routes (static, direct, local, and so forth).
5. Prefer strictly external (EBGP) paths over external paths learned through
interior sessions (IBGP).
6. For BGP, prefer the path whose next hop is resolved through the IGP route with
the lowest metric.
7. For BGP, prefer the path whose BGP next hop is resolved through the IGP route
with the largest number of next hops.
8. For BGP, prefer the route with the shortest route reflection cluster list. Routes
without a cluster list are considered to have a cluster list of length 0.
8 ! Route Preferences
Chapter 1: Routing Protocols Concepts
9. For BGP, prefer the route with the lowest IP address value for the BGP router
ID. For EBGP only, prefer the current active route when a route is received
from different neighboring ASs, by default. To disable this default behavior,
specify the external-router-id option at the [edit protocols bgp path-selection]
hierarchy level. For more information, see “Configuring Routing Table Path
Selection” on page 561.
10. Prefer the path that was learned from the neighbor with the lowest peer IP
address.
Default
How Route Is Learned Preference Statement to Modify Default Preference
Directly connected network 0 —
System routes 4 —
Static 5 static on page 174
MPLS 7 MPLS preference in the JUNOS MPLS Applications
Configuration Guide
LDF 8 LDF preference in the JUNOS MPLS Applications
Configuration Guide
LDP 9 LDP preference in the JUNOS MPLS Applications
Configuration Guide
OSPF internal route 10 OSPF export on page 393
IS-IS Level 1 internal route 15 IS-IS external-preference on page 292, preference
on page 316
IS-IS Level 2 internal route 18 IS-IS external-preference on page 292, preference
on page 316
Redirects 30 —
Kernel 40 —
SNMP 50 —
Router discovery 55 —
RIP 100 RIP preference on page 454
Route Preferences ! 9
JUNOS 8.1 Routing Protocols Configuration Guide
Default
How Route Is Learned Preference Statement to Modify Default Preference
RIPng 100 RIPng preference on page 478
PIM 105 JUNOS Multicast Protocols Configuration Guide
DVMRP 110 JUNOS Multicast Protocols Configuration Guide
Routes to interfaces that 120 —
are down
Aggregate 130 aggregate on page 124
In general, the narrower the scope of the statement, the higher precedence its
preference value is given, but the smaller the set of routes it affects. To modify the
default preference value for routes learned by routing protocols, you generally
apply routing policy when configuring the individual routing protocols. You also can
modify some preferences with other configuration statements, which are indicated
in the table. For information about defining and applying routing policies, see the
JUNOS Policy Framework Configuration Guide.
IPv6
Internet Protocol version 6 (IPv6) is the new version of the Internet Protocol (IP).
The Internet Protocol allows numerous nodes on different networks to interoperate
seamlessly. Internet Protocol version 4 (IPv4) is currently used in intranets and
private networks, as well as the Internet. IPv6 is the successor to IPv4, and is based
for the most part on IPv4.
IPv4 has been widely deployed and used to network the Internet today. With the
rapid growth of the Internet, enhancements to IPv4 are needed to support the
influx of new subscribers, Internet-enabled devices, and applications. IPv6 is
designed to enable the global expansion of the Internet.
IPv6 Standards
IPv6 is defined in the following document:
IPv6 ! 11
JUNOS 8.1 Routing Protocols Configuration Guide
! RFC 2463, Internet Control Message Protocol (ICMPv6) for the Internet Protocol
Version 6
! RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and
IPv6 Headers
! RFC 2767, Dual Stack Hosts using the "Bump-In-the-Stack" Technique (BIS)
This section discusses the following topics that provide background information
about IPv6 headers:
Header Structure
IPv6 packet headers contain many of the fields found in IPv4 packet headers; some
of these fields have been modified from IPv4. The 40-byte IPv6 header consists of
the following 8 fields:
12 ! IPv6
Chapter 1: Routing Protocols Concepts
! Flow label—Packet flows requiring a specific CoS. The flow label identifies all
packets belonging to a specific flow, and routers can identify these packets and
handle them in a similar fashion.
! Payload length—Length of the IPv6 payload. Previously the total length field in
IPv4.
Extension Headers
In IPv6, extension headers are used to encode optional Internet-layer information.
Extension headers are placed between the IPv6 header and the upper layer header
in a packet.
Extension headers are chained together using the next header field in the IPv6
header. The next header field indicates to the router which extension header to
expect next. If there are no more extension headers, the next header field indicates
the upper layer header (TCP header, User Datagram Protocol [UDP] header,
ICMPv6 header, an encapsulated IP packet, or other items).
IPv6 Addressing
IPv6 uses a 128-bit addressing model. This creates a much larger address space
than IPv4 addresses, which are made up of 32 bits. IPv6 addresses also contain a
scope field that categorizes what types of applications are suitable for the address.
IPv6 does not support broadcast addresses, but instead uses multicast addresses to
serve this role. In addition, IPv6 also defines a new type of address called anycast.
This section discusses the following topics that provide background information
about IPv6 addressing:
IPv6 ! 13
JUNOS 8.1 Routing Protocols Configuration Guide
Address Representation
IPv6 addresses consist of 8 groups of 16-bit hexadecimal values separated by
colons (:). The IPv6 address format is as follows:
aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa
3FFE:0000:0000:0001:0200:F8FF:FE75:50DF
3FFE:0:0:1:200:F8FF:FE75:50DF
You can compress 16-bit groups of zeros to “::”, as shown here, but only once per
address:
3FFE::1:200:F8FF:FE75:50DF
Address Types
There are three types of IPv6 addresses:
Address Scope
IPv6 addresses have scope, which identifies the application suitable for the address.
Unicast and multicast addresses support scoping.
Unicast addresses support two types of scope: global scope and local scope. There
are two types of local scope: link-local addresses and site-local addresses. Link-local
unicast addresses are used within a single network link. The first 10 bits of the
prefix identify the address as a link-local address. Link-local addresses cannot be
used outside a network link. Site-local unicast addresses are used within a site or
intranet. A site consists of multiple network links, and site-local addresses identify
nodes inside the intranet. Site-local addresses cannot be used outside the site.
Multicast addresses support 16 different types of scope, including node, link, site,
organization, and global scope. A four-bit field in the prefix identifies the scope.
14 ! IPv6
Chapter 1: Routing Protocols Concepts
Address Structure
Unicast addresses identify a single interface. The address consists of n bits for the
prefix, and 128–n bits for the interface ID.
Multicast addresses identify a set of interfaces. The address is made up of the first 8
bits of all ones, a 4-bit flags field, a 4-bit scope field, and a 112-bit group ID:
The first octet of ones identifies the address as a multicast address. The flags field
identifies whether the multicast address is a well-known address or a transient
multicast address. The scope field identifies the scope of the multicast address. The
112-bit group ID identifies the multicast group.
IPv6 ! 15
JUNOS 8.1 Routing Protocols Configuration Guide
16 ! IPv6
Chapter 2
Complete Routing and Routing Protocol
Configuration Statements
This chapter shows the complete configuration statement hierarchy for the portions
of the configuration discussed in this manual, listing all possible configuration
statements and showing their level in the configuration hierarchy. When you are
configuring the JUNOS software, your current hierarchy level is shown in the
banner on the line preceding the user@host# prompt.
For a list of the complete configuration statement hierarchy, see the JUNOS System
Basics Configuration Guide.
ospf3 {
ospf3-configuration;
}
rip {
rip-configuration;
}
ripng {
ripng-configuration;
}
router-advertisement {
router-advertisement-configuration;
}
router-discovery {
router-discovery-configuration;
}
}
routing-instances {
routing-instance-name {
routing-instance-configuration;
}
}
routing-options {
routing-option-configuration;
}
}
}
protocols {
BGP bgp {
advertise-inactive;
advertise-peer-as;
authentication-algorithm algorithm;
authentication-key key;
authentication-key-chain key-chain;
cluster cluster-identifier ;
damping;
description text-description;
disable;
export [ policy-names ];
family {
(iso-vpn | inet | inet6 | inet-vpn | inet6-vpn | l2-vpn) {
(any | multicast | unicast) {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
rib-group group-name;
}
labeled-unicast {
aggregate-label {
community community-name;
}
explicit-null {
connected-only;
}
prefix-limit {
maximum number ;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
resolve-vpn;
rib inet.3;
rib-group group-name;
}
}
route-target {
advertise-default;
external-paths number;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
}
signaling {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
}
}
graceful-restart {
disable;
restart-time seconds;
stale-routes-time seconds;
}
hold-time seconds;
import [ policy-names ];
include-mp-next-hop;
ipsec-sa ipsec-sa;
keep (all | none);
local-address address;
local-as autonomous-system <private>;
local-preference local-preference;
log-updown;
metric-out (metric | minimum-igp <offset> | igp <offset>);
multihop {
<ttl-value>;
no-nexthop-change;
}
no-advertise-peer-as;
no-aggregator-id;
no-client-reflect;
out-delay seconds;
passive;
path-selection {
(cisco-non-deterministic | always-compare-med | external-router-id);
med-plus-igp {
igp-multiplier number;
med-multiplier number;
}
}
peer-as autonomous-system;
preference preference;
remove-private;
tcp-mss segment-size;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
vpn-apply-export;
group group-name {
advertise-inactive;
advertise-peer-as;
[network/mask-length];
as-override;
authentication-algorithm algorithm;
authentication-key key;
authentication-key-chain key-chain;
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number;
version (0 | 1);
}
cluster cluster-identifier ;
damping;
description text-description;
export [ policy-names ];
family {
(iso-vpn | inet | inet6 | inet-vpn | inet6-vpn | l2-vpn) {
(any | multicast | unicast) {
explicit-null {
connected-only;
}
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
rib-group group-name;
}
flow {
no-validate policy-name;
}
labeled-unicast {
prefix-limit {
maximum number ;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
resolve-vpn;
rib inet.3;
rib-group group-name;
}
}
route-target {
advertise-default;
external-paths number;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
}
signaling {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
}
}
graceful-restart {
disable;
restart-time seconds;
stale-routes-time seconds;
}
hold-time seconds;
import [ policy-names ];
ipsec-sa ipsec-sa;
keep (all | none);
local-address address;
local-as autonomous-system <private>;
local-preference local-preference;
log-updown;
metric-out (metric | minimum-igp <offset> | igp <offset>);
mtu-discovery;
multihop <ttl-value>;
multipath {
multiple-as;
}
no-advertise-peer-as;
no-aggregator-id;
no-client-reflect;
out-delay seconds;
passive;
peer-as autonomous-system;
preference preference;
protocol protocol;
remove-private;
tcp-mss segment-size;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
type type;
vpn-apply-export;
neighbor address {
advertise-inactive;
advertise-peer-as;
as-override;
authentication-algorithm algorithm;
authentication-key key;
authentication-key-chain key-chain;
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number;
version (0 | 1);
}
cluster cluster-identifier ;
damping;
description text-description;
export [ policy-names ];
family {
(iso-vpn | inet | inet6 | inet-vpn | inet6-vpn | l2-vpn) {
(any | multicast | unicast) {
explicit-null {
connected-only;
}
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
rib-group group-name;
}
flow {
no-validate policy-name;
}
labeled-unicast {
prefix-limit {
maximum number ;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
resolve-vpn;
rib inet.3;
rib-group group-name;
}
}
route-target {
advertise-default;
external-paths number;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
}
signaling {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
}
}
graceful-restart {
disable;
restart-time seconds;
stale-routes-time seconds;
}
hold-time seconds;
import [ policy-names ];
ipsec-sa ipsec-sa;
keep (all | none);
local-address address;
local-as autonomous-system <private>;
local-interface interface-name;
local-preference local-preference;
log-updown;
metric-out (metric | minimum-igp <offset> | igp <offset>);
mtu-discovery;
multihop <ttl-value>;
multipath {
multiple-as;
}
no-advertise-peer-as;
no-aggregator-id;
no-client-reflect;
out-delay seconds;
passive;
peer-as autonomous-system;
preference preference;
remove-private;
tcp-mss segment-size;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
vpn-apply-export;
}
}
}
ES-IS esis {
disable;
graceful-restart {
disable;
restart-duration seconds;
}
preference preference;
interface (interface-name | all) {
disable;
hello-interval seconds;
esct seconds;
}
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
}
IS-IS isis {
clns-routing;
disable;
export [ policy-names ];
ignore-attached-bit;
graceful-restart {
disable;
helper-disable;
restart-duration seconds;
}
label-switched-path name level level metric metric;
level level-number {
authentication-key key;
authentication-type authentication;
external-preference preference;
ipv6-multicast-metric number;
no-csnp-authentication;
no-hello-authentication;
no-psnp-authentication;
preference preference;
prefix-export-limit number;
wide-metrics-only;
}
loose-authentication-check;
lsp-lifetime seconds;
no-adjacency-holddown;
no-authentication-check;
no-ipv4-routing;
no-ipv6-routing;
overload {
advertise-high-metrics;
timeout seconds>;
}
reference-bandwidth reference-bandwidth;
rib-group {
inet group--name;
inet6 group--name;
}
spf-delay milliseconds;
topologies {
ipv4-multicast;
ipv6-unicast;
}
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
traffic-engineering {
disable;
ipv4-multicast-rpf-routes;
shortcuts <ignore-lsp-metrics>;
}
interface interface-name {
disable;
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number;
version (1 | automatic);
}
checksum;
csnp-interval (seconds | disable);
hello-padding (adaptive | loose | strict);
ldp-synchronization {
disable;
hold-time seconds;
}
lsp-interval milliseconds;
mesh-group (value | blocked);
no-ipv4-multicast;
no-ipv6-multicast;
no-ipv6-unicast;
no-unicast-topology;
passive;
point-to-point;
level level-number {
disable;
hello-authentication-key key;
hello-authentication-type authentication;
hello-interval seconds;
hold-time seconds;
ipv4-multicast-metric number;
ipv6-multicast-metric number;
ipv6-unicast-metric number;
metric metric;
passive;
priority number ;
te-metric metric;
}
}
}
OSPF ospf {
disable;
export [ policy-names ];
external-preference preference;
graceful-restart {
disable;
helper-disable;
notify-duration seconds;
restart-duration seconds;
}
import [ policy-names ];
no-nssa-abr;
overload {
<timeout seconds>;
}
preference preference;
reference-bandwidth reference-bandwidth;
rib-group group-name;
sham-link {
local address;
}
spf-delay;
traffic-engineering {
multicast-rpf-routes;
no-topology;
shortcuts {
ignore-lsp-metrics;
lsp-metric-into-summary;
}
}
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
area area-id {
area-range network/mask-length <restrict> <exact> <override-metric metric>;
authentication-type authentication;
interface interface-name {
demand-circuit;
disable;
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number;
version (1 | automatic);
}
authentication {
md5 key-id {
key [ key-values ];
}
simple-password key-id;
}
dead-interval seconds;
hello-interval seconds;
interface-type type;
ldp-synchronization {
disable;
hold-time seconds;
}
metric metric;
neighbor address <eligible>;
passive;
poll-interval seconds;
priority number ;
retransmit-interval seconds;
te-metric metric;
transit-delay seconds;
}
label-switched-path name metric metric;
nssa {
area-range network/mask-length <restrict> <exact>
<override-metric metric>;
default-lsa {
default-metric metric;
metric-type type;
type-7;
}
(no-summaries | summaries);
}
peer-interface interface-name {
disable;
dead-interval seconds;
hello-interval seconds;
retransmit-interval seconds;
transit-delay seconds;
}
sham-link-remote {
demand-circuit;
metric metric;
}
stub <default-metric metric> <(no-summaries | summaries)>;
virtual-link neighbor-id router-id transit-area area-id {
disable;
authentication {
md5 key-id;
simple-password key-id;
}
dead-interval seconds;
hello-interval seconds;
retransmit-interval seconds;
transit-delay seconds;
}
}
}
OSPFv3 ospf3 {
disable;
export [ policy-names ];
external-preference preference;
import [ policy-names ];
overload {
<timeout seconds>;
}
preference preference;
reference-bandwidth reference-bandwidth;
rib-group group-name;
spf-delay;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
area area-id {
area-range network/mask-length <restrict> <exact> <override-metric metric>;
interface interface-name {
disable;
dead-interval seconds;
hello-interval seconds;
ipsec-sa name;
metric metric;
neighbor address <eligible>;
passive;
priority number ;
retransmit-interval seconds;
transit-delay seconds;
}
nssa {
area-range network/mask-length <restrict> <exact>
<override-metric metric>;
default-lsa {
default-metric metric;
metric-type type;
type-7;
}
(no-summaries | summaries);
}
stub <default-metric metric> <(no-summaries | summaries)>;
virtual-link neighbor-id router-id transit-area area-id {
disable;
dead-interval seconds;
hello-interval seconds;
ipsec-sa name;
retransmit-interval seconds;
transit-delay seconds;
}
}
}
RIP rip {
any-sender;
authentication-key password;
type;
(check-zero | no-check-zero);
graceful-restart {
disable;
restart-time seconds;
}
holddown seconds;
import [ policy-names ];
message-size number ;
metric-in metric;
receive receive-options;
rib-group group-name;
route-timeout seconds;
send send-options;
update-interval seconds;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
group group-name {
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number;
version (0 | 1 | automatic);
}
export [ policy-names ];
metric-out metric;
preference preference;
route-timeout seconds;
update-interval seconds;
neighbor neighbor-name {
authentication-key password;
authentication-type type;
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number;
version (0 | 1 | automatic);
}
(check-zero | no-check-zero);
import [ policy-names ];
message-size number ;
metric-in metric;
receive receive-options;
route-timeout seconds;
send send-options;
update-interval seconds;
}
}
}
RIPng ripng {
graceful-restart {
disable;
restart-time seconds;
}
holddown seconds;
import [ policy-names ];
metric-in metric;
receive <none>;
route-timeout seconds;
send <none>;
update-interval seconds;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
group group-name {
export [ policy-names ];
metric-out metric;
preference number ;
route-timeout seconds;
update-interval seconds;
neighbor neighbor-name {
import [ policy-names ];
metric-in metric;
receive <none>;
route-timeout seconds;
send <none>;
update-interval seconds;
}
}
}
routing-instances {
routing-instance-name {
description text;
forwarding-options;
interface interface-name;
(forwarding | l2vpn | no-forwarding | virtual-router | vpls | vrf);
no-vrf-advertise;
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
vrf-table-label;
vrf-target {
export community-name;
import community-name;
}
protocols {
bgp {
bgp-configuration;
}
isis {
isis-configuration;
}
l2vpn {
l2vpn-configuration;
}
ldp {
ldp-configuration;
}
msdp {
msdp-configuration;
}
ospf {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (vendor | iana);
ospf-configuration;
}
ospf 3 {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (vendor | iana);
ospf3-configuration;
}
pim {
pim-configuration;
}
rip {
rip-configuration;
}
vpls {
vpls-configuration;
}
}
routing-options {
aggregate {
defaults {
aggregate-options;
}
route destination-prefix {
policy policy-name;
aggregate-options;
}
}
auto-export {
(disable | enable);
family {
inet {
flow {
(disable | enable);
rib-group rib-group;
}
multicast {
(disable | enable);
rib-group rib-group;
}
unicast {
(disable | enable);
rib-group rib-group;
}
}
}
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
}
static {
defaults {
static-options;
}
rib-groups group-name;
route destination-prefix {
lsp-next-hop {
metric metric;
preference preference;
}
next-hop;
p2mp-lsp-next-hop {
metric metric;
preference preference;
}
qualified-next-hop address {
interface interface-name;
metric metric;
preference preference;
}
static-options;
}
}
}
rib-groups {
group-name {
import-policy [ policy-names ];
import-rib [ group-names ];
export-rib group-name;
}
}
route-distinguisher-id address;
route-record;
router-id address ;
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number;
version (0 | 1);
}
lsp-next-hop {
metric metric;
preference preference;
}
next-hop;
qualified-next-hop address {
interface interface-name;
metric metric;
preference preference;
}
static-options;
}
}
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
}
}
}
routing-options {
aggregate {
defaults {
aggregate-options;
}
route destination-prefix {
policy policy-name;
aggregate-options;
}
}
auto-export {
(disable | enable);
family {
inet {
flow {
(disable | enable);
rib-group rib-group;
}
multicast {
(disable | enable);
rib-group rib-group;
}
unicast {
(disable | enable);
rib-group rib-group;
}
}
}
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
}
autonomous-system autonomous-system <loops number>;
confederation confederation-autonomous-system members autonomous-system;
dynamic-tunnels tunnel-name {
destination-prefix prefix;
source-address address;
tunnel-type type-of-tunnel;
}
fate-sharing {
group group-name;
cost value;
from address {
to address;
}
}
flow {
route name {
match {
match-conditions;
}
then {
actions;
}
}
validation {
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
}
forwarding-table {
export [ policy-names ];
unicast-reverse-path (active-paths | feasible-paths);
}
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
graceful-restart {
disable;
restart-duration seconds;
}
instance-export [ policy-names ];
instance-import [ policy-names ];
interface-routes {
family (inet | inet6) {
export {
lan;
point-to-point;
}
}
rib-group group-name;
}
martians {
destination-prefix match-type <allow>;
}
maximum-paths path-limit <log-only | threshold value log-interval seconds>;
maximum-prefixes prefix-limit <log-only | threshold value log-interval seconds>;
multicast {
forwarding-cache {
threshold (suppress | reuse) value value;
}
interface interface-name {
enable;
}
scope scope-name {
interface interface-name;
prefix destination-prefix;
}
scope-policy policy-name;
ssm-groups {
address;
}
}
non-stop-routing;
options {
syslog (level level | upto level);
}
resolution {
rib routing-table-name {
import [ policy-names ];
resolution-ribs [ routing-table-names ];
}
}
rib routing-table-name {
aggregate {
defaults {
aggregate-options;
}
rib-group group-name;
route destination-prefix {
policy policy-name;
aggregate-options;
}
}
filter {
input filter-name;
}
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
martians {
destination-prefix match-type <allow>;
}
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
lsp-next-hop {
metric metric;
preference preference;
}
next-hop;
qualified-next-hop address {
interface interface-name;
metric metric;
preference preference;
}
static-options;
}
}
}
rib-groups {
group-name {
import-policy [ policy-names ];
import-rib [ group-names ];
export-rib group-name;
}
}
route-distinguisher-id address;
route-record;
router-id address ;
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number;
version (0 | 1);
}
lsp-next-hop {
metric metric;
preference preference;
}
next-hop;
p2mp-lsp-next-hop {
metric metric;
preference preference;
}
qualified-next-hop address {
interface interface-name;
metric metric;
preference preference;
}
static-options;
}
}
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
}
! Add routing table entries, including static routes, aggregated (coalesced) routes,
generated routes (routes of last resort), and martian routes (routes to ignore).
! Set the autonomous system (AS) number of the router for use by the Border
Gateway Protocol (BGP).
! Set the router ID, which is used by BGP and Open Shortest Path First (OSPF) to
identify the router from which a packet originated.
! Configure how much system logging information to log for the routing protocol
process.
! 43
JUNOS 8.1 Routing Protocols Configuration Guide
routing-options {
aggregate {
defaults {
aggregate-options;
}
route destination-prefix {
policy policy-name;
aggregate-options;
}
}
auto-export {
(disable | enable);
family {
inet {
multicast {
(disable | enable);
rib-group rib-group;
}
unicast {
(disable | enable);
rib-group rib-group;
}
}
}
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<world-readable>;
flag flag <flag-modifier> <disable>;
}
}
autonomous-system autonomous-system <loops number>;
confederation confederation-autonomous-system
members autonomous-system;
dynamic-tunnels tunnel-name {
destination-prefix prefix;
source-address address;
tunnel-type type-of-tunnel;
}
fate-sharing {
group group-name;
cost value;
from address {
to address;
}
}
forwarding-table {
export [ policy-names ];
unicast-reverse-path (active-paths | feasible-paths);
}
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
instance-export [ policy-names ];
instance-import [ policy-names ];
interface-routes {
export {
lan;
point-to-point;
}
rib-group group-name;
}
martians {
destination-prefix match-type <allow>;
}
maximum-paths route-limit <log-only | threshold value>;
multicast {
forwarding-cache {
threshold (suppress | reuse) value value;
}
interface interface-name;
scope scope-name {
interface [ interface-names ];
prefix destination-prefix ;
}
ssm-groups {
address;
}
}
nonstop-routing;
options {
syslog (level level | upto level);
}
resolution {
rib routing-table-name {
import [ policy-names ]
resolution-ribs [ routing-table-names ];
}
}
rib routing-table-name {
aggregate {
defaults {
aggregate-options;
}
route destination-prefix {
policy policy-name;
aggregate-options;
}
}
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
martians {
destination-prefix match-type <allow>;
}
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
lsp-next-hop {
metric metric;
preference preference;
}
next-hop;
p2mp-lsp-next-hop {
metric metric;
preference preference;
}
qualified-next-hop {
interface interface-name;
metric metric;
preference preference;
}
static-options;
}
}
}
rib-groups {
group-name {
import-policy [ policy-names ];
import-rib [ group-names ];
export-rib group-name;
}
}
route-record;
router-id address;
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
lsp-next-hop {
metric metric;
preference preference;
}
next-hop;
qualified-next-hop {
interface interface-name;
metric metric;
preference preference;
}
static-options;
}
}
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<world-readable>;
flag flag <flag-modifier> <disable>;
}
}
This chapter discusses how to perform the following tasks for configuring routing
tables and routes:
Creating routing tables is optional. If you do not create any, the JUNOS software
uses its default routing tables, which are inet.0 for Internet Protocol version 4 (IPv4)
unicast routes, inet6.0 for Internet Protocol version 6 (IPv6) unicast routes, inet.1 for
the IPv4 multicast forwarding cache, and inet.3 for IPv4 Multiprotocol Label
Switching (MPLS). If the Multiprotocol Border Gateway Protocol (MBGP) is enabled,
inet.2 is used for Subsequent Address Family Indicator (SAFI) 2 routes. If you
configure a routing instance, the JUNOS software creates the default unicast routing
table instance-name.inet.0. If you configure a flow route, the JUNOS software creates
the flow routing table instance-name.inetflow.0.
If you want to add static, aggregate, generated, or martian routes only to the default
IPv4 unicast routing table (inet.0), you do not have to create any routing tables
because, by default, these routes are added to inet.0. You can add these routes just
by including the static, aggregate, generate, and martians statements. For a list of
hierarchy levels at which you can configure this statement, see the statement
summary section for this statement.
rib routing-table-name {
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
lsp-next-hop lsp-name {
metric metric;
preference preference;
}
next-hop;
p2mp-lsp-next-hop {
metric metric;
preference preference;
}
qualified-next-hop address {
metric metric;
preference preference;
}
static-options;
}
}
aggregate {
defaults {
aggregate-options;
}
route destination-prefix {
policy policy-name;
aggregate-options;
}
}
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
martians {
destination-prefix match-type <allow>;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
The routing table name, routing-table-name, includes the protocol family, optionally
followed by a period and a number. The protocol family can be inet for the IPv4
family, inet6 for the IPv6 family, or iso for the International Standards Organization
(ISO) protocol family. The number represents the routing instance. The first instance
is 0.
[edit]
routing-options {
rib inet.4 {
static {
route 140.122.0.0/16 next-hop 192.168.0.10;
}
}
}
Configure the primary IPv6 routing table inet6.0 and add a static route to it:
[edit routing-options]
rib inet6.0 {
static {
route 8:1::1/128 next-hop 8:3::1;
}
}
A static route is installed in the routing table only when the route is active; that is,
the list of next-hop routers configured for that route contains at least one next hop
on an operational interface.
You can add the same routes to more than one routing table.
To configure static routes in the default IPv4 routing table (inet.0), include the static
statement:
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
lsp-next-hop lsp-name {
metric metric;
preference preference;
}
next-hop;
p2mp-lsp-next-hop {
metric metric;
preference preference;
}
qualified-next-hop address {
metric metric;
preference preference;
}
static-options;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To configure static routes in one of the other routing tables, to explicitly configure
static routes in the default IPv4 route table (inet.0), or to explicitly configure static
routes in the primary IPv6 routing table (inet6.0), include the static statement:
rib routing-table-name {
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
lsp-next-hop lsp-name {
metric metric;
preference preference;
}
next-hop;
p2mp-lsp-next-hop {
metric metric;
preference preference;
}
qualified-next-hop address {
metric metric;
preference preference;
}
static-options;
}
}
}
NOTE: You cannot configure static routes for the IPv4 multicast routing table
(inet.1) or the IPv6 multicast routing table (inet6.1).
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
! defaults—Specify global static route options. These options only set default
attributes inherited by all newly created static routes. These are treated as
global defaults and apply to all the static routes you configure in the static
statement. This part of the static statement is optional.
NOTE: Specifying the global static route options does not create default routes.
These options only set default attributes inherited by all newly created static
routes.
! Installing a Static Route into More than One Routing Table on page 58
! reject—Do not forward packets addressed to this destination. Instead, drop the
packets, send ICMP (or ICMPv6) unreachable messages to the packets’
originators, and install a reject route for this destination into the routing table.
NOTE: The preference and metric options configured by means of this statement
only apply to the qualified next hops. The qualified-next-hop preference and
metric override the route preference and metric (for that specific qualified next
hop), similar to how the route preference overrides the default preference and
metric (for that specific route).
qualified-next-hop address {
interface interface-name;
metric metric;
preference preference;
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
NOTE: The qualified-next-hop statement is mutually exclusive with all other types of
next hops, except for next-hop address. Therefore, you cannot configure next-hop
reject, next-hop discard, and next-hop receive with qualified-next-hop for the same
destination.
[edit]
routing-options {
static {
defaults {
metric 10;
preference 10;
}
route 0.0.0.0/8 {
next-hop 192.168.1.254 {
retain;
no-readvertise;
}
route 10.0.0.0/8 {
next-hop [192.168.1.2];
qualified-next-hop 192.168.1.254 {
preference 5;
}
metric 6;
preference 7;
}
}
}
[edit]
routing-options {
rib inet6.0 {
static {
defaults {
metric 10;
preference 10;
}
route fec0:1:1:4::/64 {
next-hop fec0:1:1:2::1 {
retain;
no-readvertise;
}
route fec0:1:1:5::/64 {
next-hop fec0:1:1:2::3;
qualified-next-hop fec0:1:1:2::2 {
preference 5;
}
metric 6;
preference 7;
}
}
}
}
To specify an LSP as the next hop for a static route, include the following
statements:
lsp-next-hop lsp-name {
metric metric;
preference preference;
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
The preference value can be a number in the range from 1 through 255, with a
lower number indicating a more preferred route. The metric value can be a number
in the range from 1 through 65,535.
NOTE: The lsp-next-hop statement is mutually exclusive with all other types of next
hops, except for next-hop address and qualified-next-hop. Therefore, you cannot
configure next-hop reject, next-hop discard, next-hop receive, and next-table with
lsp-next-hop for the same destination.
To specify a point-to-multipoint LSP as the next hop for a static route, include the
following statements:
p2mp-lsp-next-hop {
interface interface-name;
metric metric;
preference preference;
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
Enable the qualified next-hop address on the interface by specifying the interface
option. The preference value can be a number from 1 through 255. A lower number
indicates a more preferred route. The metric value can be a number from
1 through 65,535.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To install the routing table into a configured routing table group, include the
import-rib statement:
rib-group group-name {
import-rib [ routing-table-names ];
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
The first routing table you list in the import-rib statement must be the one you
configured in the rib-group statement.
Examples: Installing a Static Route into More than One Routing Table
Install an IPv4 static route into inet.0 and inet.2:
Install an IPv6 static route into the inet6.0 and inet6.2 routing tables:
For a list of hierarchy levels at which you can configure these statements, see the
CLNS statement summary sections in the J-series Services Router Advanced WAN
Access Configuration Guide.
Specify the iso.0 routing table option to configure a primary instance CLNS static
route. Specify the instance-name.iso.0 routing table option to configure CLNS static
route for a particular routing instance. Specify the route nsap-prefix statement to
configure the destination for the CLNS static route. Specify the next-hop
(interface-name | iso-net) statement to configure the next hop, specified as an ISO
network entity title (NET) or interface name. Specify the qualified-next-hop
(interface-name | iso-net) statement to configure the qualified next hop, specified as
an ISO network entity title or interface name.
[edit]
routing-options {
rib iso.0 {
static {
iso-route 47.0005.80ff.f800.0000.ffff.ffff next-hop
47.0005.80ff.f800.0000.0108.0001.1921.6800.4212;
iso-route 47.0005.80ff.f800.0000.0108.0001.1921.6800.4212 next-hop
t1-0/2/2.0;
iso-route 47.0005.80ff.f800.0000.eee {
qualified-next-hop 47.0005.80ff.f800.0000.0108.0001.1921.6800.4002 {
preference 20;
metric 10;
}
}
}
}
To configure static route options for IPv4 static routes, include one or more options
in the defaults or route part of the static statement. Each of these options is
explained in the sections that follow.
routing-options {
static {
defaults {
(active | passive);
as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate>
<aggregator as-number in-address>;
community [ community-ids ];
(install | no-install);
metric metric <type type>;
(preference | preference2 | color | color2) preference <type type>;
(readvertise | no-readvertise);
(retain | no-retain);
tag string;
}
rib-group group-name;
route destination-prefix {
(active | passive);
as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate>
<aggregator as-number in-address>;
community [ community-ids ];
(install | no-install);
metric metric <type type>;
(preference | preference2 | color | color2) preference <type type>;
(readvertise | no-readvertise);
resolve;
(retain | no-retain);
tag string;
}
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To configure static route options for IPv6 static routes, include one or more options
in the defaults or route part of the static statement. Each of these options is
explained in the sections that follow.
rib inet6.0 {
static {
defaults {
(active | passive);
as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate>
<aggregator as-number in-address>;
community [ community-ids ];
(install | no-install);
metric metric <type type>;
(preference | preference2 | color | color2) preference <type type>;
(readvertise | no-readvertise);
resolve;
(no-retain | retain);
}
rib-group group-name;
route destination-prefix {
(active | passive);
as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate>
<aggregator as-number in-address>;
community [ community-ids ];
(install | no-install);
metric metric <type type>;
(preference | preference2 | color | color2) preference <type type>;
(readvertise | no-readvertise);
resolve;
(retain | no-retain);
}
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
! Specifying When the Route Can Be Resolved to a Prefix That Is Not Directly
Connected on page 69
To associate a metric value with an IPv6 route, include the metric statement:
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
In the type option, you can specify the type of route. For OSPF, when routes are
exported to OSPF, type 1 routes are advertised in type 1 externals, and routes of
any other type are advertised in type 2 externals. Note that if a qualified-next-hop
metric value is configured, this value will override the route metric.
To do this for IPv6 static routes, include one or more of the following statements:
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
The preference value can be a number in the range from 1 through 255, with a
lower number indicating a more preferred route. For more information about
preference values, see “Route Preferences” on page 6. Note that if a
qualified-next-hop preference value is configured, this value will override the route
preference.
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
as-number:community-value
as-number is the autonomous system (AS) number and can be a value in the range
from 1 through 65,534. community-value is the community identifier and can be a
number in the range from 0 through 65,535.
You also can specify community-ids as one of the following well-known community
names, which are defined in RFC 1997:
You can also explicitly exclude BGP community information with a static route
using the none option. Include none when configuring an individual route in the
route portion of the static statement to override a community option specified in the
defaults portion of the statement.
type:administrator:assigned-number
type is the type of extended community and can be a target, origin, or domain-id
community. The target community identifies the destination to which the route is
going. The origin community identifies where the route originated. The domain-id
community identifies the OSPF domain where the route originated.
To associate AS path information with IPv6 routes, include the as-path statement:
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
as-path is the AS path to include with the route. It can include a combination of
individual AS path numbers and AS sets. Enclose sets in brackets ( [ ] ). The first AS
number in the path represents the AS immediately adjacent to the local AS. Each
subsequent number represents an AS that is progressively farther from the local AS,
heading toward the origin of the path.
You also can specify the AS path using the BGP origin attribute, which indicates the
origin of the AS path information:
To attach the BGP ATOMIC_AGGREGATE path attribute to the static route, specify the
atomic-aggregate statement. This path attribute indicates that the local system
selected a less specific route rather than a more specific route.
To attach the BGP AGGREGATOR path attribute to the static route, specify the
aggregator statement. When using this statement, you must specify the last AS
number that formed the static route (encoded as two octets), followed by the IP
address of the BGP system that formed the static route.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To configure the software not to install active IPv6 static routes into the forwarding
table, include the no-install statement:
Even if you configure a route so it is not installed in the forwarding table, the route
is still eligible to be exported from the routing table to other protocols. To explicitly
install IPv4 routes into the forwarding table, include the install statement. Include
this statement when configuring an individual route in the route portion of the static
statement to override a no-install option specified in the defaults portion of the
statement.
To explicitly install IPv6 routes into the forwarding table, include the install
statement. Include this statement when configuring an individual route in the route
portion of the static statement to override a no-install statement specified in the
defaults portion of the statement.
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
To have an IPv6 static route remain in the forwarding table, include the retain
statement. Doing this greatly reduces the time required to restart a system that has
a large number of routes in its routing table.
To explicitly specify that IPv4 routes be deleted from the forwarding table, include
the no-retain statement. Include this statement when configuring an individual route
in the route portion of the static statement to override a retain option specified in
the defaults portion of the statement.
To explicitly specify that IPv6 routes be deleted from the forwarding table, include
the no-retain statement. Include this statement when configuring an individual route
in the route portion of the static statement to override a retain statement specified
in the defaults portion of the statement.
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
To have an IPv6 static route remain installed in the routing and forwarding tables,
include the passive statement:
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
Routes that have been configured to remain continually installed in the routing and
forwarding tables are marked with reject next hops when they are inactive.
To explicitly remove IPv4 static routes when they become inactive, include the
active statement. Include this statement when configuring an individual route in the
route portion of the static statement to override a retain option specified in the
defaults portion of the statement.
To explicitly remove IPv6 static routes when they become inactive, include the
active statement. Include this statement when configuring an individual route in the
route portion of the static statement to override a retain statement specified in the
defaults portion of the statement.
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
To mark an IPv6 static route as being ineligible for readvertisement, include the
no-readvertise statement:
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
You can configure an IPv6 route to a prefix that is not directly connected by
resolving the route through the inet6.0 routing table. To configure an IPv6 static
route to a prefix that is not a directly connected next hop, include the resolve
statement:
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
static route {
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number ;
version (0 | 1 | automatic);
}
}
To specify the minimum transmit and receive interval for failure detection, include
the minimum-interval statement:
static route {
bfd-liveness-detection {
minimum-interval milliseconds;
}
}
To specify the minimum receive interval for failure detection, include the
minimum-receive-interval statement:
static route {
bfd-liveness-detection {
minimum-receive-interval milliseconds;
}
}
To specify the minimum transmit interval for failure detection, include the
minimum-transmit-interval statement:
static route {
bfd-liveness-detection {
minimum-transmit-interval milliseconds;
}
}
To specify the detection time multiplier for failure detection, include the multiplier
statement:
static route {
bfd-liveness-detection {
multiplier number ;
}
}
static route {
bfd-liveness-detection {
version (0 | 1 | automatic);
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
NOTE: If BFD is configured only on one end of a static route, the route is removed
from the routing table. BFD establishes a session when BFD is configured on both
ends of the static route.
To configure an IPv6 static route, include the next-hop address and retain
statements:
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
To propagate IPv6 static routes into the routing protocols, include the discard
statement:
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
In this configuration, you use the discard option instead of reject because discard
does not send an ICMP (or ICMPv6) unreachable message for each packet that it
drops.
[edit]
user@host# set routing-options static route 0.0.0.0/0 next-hop 192.238.52.33
[edit]
user@host# show
routing-options {
static {
route 0.0.0.0/0 next-hop 192.238.52.33;
}
}
Configure IPv4 static routes that are retained in the forwarding table when the
routing software shuts down normally:
[edit]
user@host# set routing-options static route 0.0.0.0/0 next-hop 192.168.1.254
retain
[edit]
user@host# set routing-options static route 10.1.1.1/32 next-hop 127.0.0.1
retain
[edit]
user@host# show
routing-options {
static {
route 0.0.0.0/0 {
next-hop 192.168.1.254;
retain;
}
route 10.1.1.1/32 {
next-hop 127.0.0.1;
retain;
}
}
}
Configure an IPv4 static route and have it propagate into the routing protocols. In
this example, do not specify the route as 143.172.0.0/6 next-hop 127.0.0.1:
[edit]
user@host# set routing-options static route 143.172.0.0/6 discard
[edit]
user@host# show
routing-options {
static {
route 143.172.0.0/6 discard;
}
}
[edit]
user@host# set routing-options static rib-group some-group
user@host# set rib-groups some-group import-rib [inet.0 inet.2]
[edit]
user@host# show
routing-options {
static {
rib-group some-group;
}
rib-groups {
some-group {
import-rib [ inet.0 inet.2 ];
}
}
}
[edit]
user@host# set routing-options rib inet6.0 static route 0::/0 next-hop 8:3::1
[edit]
user@host# show
routing-options {
rib inet6.0 static {
route abcd::/48 next-hop 8:3::1;
}
}
Resolve an IPv6 static route to non-next-hop router 1::/64 using next-hop router
2000::1:
[edit]
user@host# set routing-options rib inet6.0 static route 1::/64 next-hop 2000::1
resolve
[edit]
user@host# show route 1::/64
inet6.0: 26 destinations, 27 routes (25 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
An aggregate route becomes active when it has one or more contributing routes. A
contributing route is an active route that is a more specific match for the aggregate
destination. For example, for the aggregate destination 128.100.0.0/16, routes to
128.100.192.0/19 and 128.100.67.0/24 are contributing routes, but routes to
128.0.0.0./8, 128.0.0.0/16, and 128.100.0.0/16 are not.
When an aggregate route becomes active, it is installed in the routing table with the
following information:
! Preference value that results from the policy filter on the primary contributor, if
a filter is specified.
NOTE: You can configure only one aggregate route for each destination prefix.
To configure aggregate routes in the default routing table (inet.0), include the
aggregate statement:
aggregate {
defaults {
aggregate-options;
}
route destination-prefix {
policy policy-name;
aggregate-options;
}
}
rib routing-table-name {
aggregate {
defaults {
aggregate-options;
}
route destination-prefix {
policy policy-name;
aggregate-options;
}
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
NOTE: You cannot configure aggregate routes for the IPv4 multicast routing table
(inet.1) nor the IPv6 multicast routing table (inet6.1).
! defaults—Here you specify global aggregate route options. These are treated as
global defaults and apply to all the aggregate routes you configure in the
aggregate statement. This part of the aggregate statement is optional.
To configure aggregate route options, include one or more of them in the defaults or
route part of the aggregate statement. For a list of hierarchy levels at which you can
configure this statement, see the statement summary section for this statement.
Each of these options is explained in the sections that follow.
[edit]
routing-options {
aggregate {
(defaults | route) {
(active | passive);
as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate>
<aggregator as-number in-address>;
community [ community-ids ];
discard;
(brief | full);
(metric | metric2 | metric3 | metric4)metric <type type>;
(preference | preference2 | color | color2) preference <type type>;
tag string;
}
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
The preference value can be a number in the range from 1 through 255, with a
lower number indicating a more preferred route. For more information about
preference values, see “Route Preferences” on page 6.
When you configure an individual route in the route part of the aggregate statement,
or when you configure the defaults for aggregate routes, you can specify a discard
next hop. This means that if a more specific packet does not match a more specific
route, the packet is rejected and a reject route for this destination is installed in the
routing table, but ICMP unreachable messages are not sent. Being able to discard
next hops allows you to originate a summary route, which is advertisable through
dynamic routing protocols, and allows you to discard received traffic that does not
match a more specific route than the summary route. To discard next hops, include
the discard option:
discard;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
as-number:community-value
as-number is the AS number and can be a value in the range from 1 through 65,534.
community-value is the community identifier and can be a number in the range from
0 through 65,535.
You also can specify community-ids for communities as one of the following
well-known community names, which are defined in RFC 1997:
You can explicitly exclude BGP community information with an aggregate route
using the none option. Include none when configuring an individual route in the
route portion of the aggregate statement to override a community option specified in
the defaults portion of the statement.
type:administrator:assigned-number
type is the type of extended community and can be a target, origin, or domain-id
community. The target community identifies the destination to which the route is
going. The origin community identifies where the route originated. The domain-id
community identifies the OSPF domain where the route originated.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
as-path is the AS path to include with the route. It can include a combination of
individual AS path numbers and AS sets. Enclose sets in brackets ( [ ] ). The first AS
number in the path represents the AS immediately adjacent to the local AS. Each
subsequent number represents an AS that is progressively farther from the local AS,
heading toward the origin of the path.
You also can specify the AS path using the BGP origin attribute, which indicates the
origin of the AS path information:
To attach the BGP ATOMIC_AGGREGATE path attribute to the aggregate route, specify
the atomic-aggregate option. This path attribute indicates that the local system
selected a less specific route rather than a more specific route.
To attach the BGP AGGREGATOR path attribute to the aggregate route, specify the
aggregator option. When using this option, you must specify the last AS number
that formed the aggregate route (encoded as two octets), followed by the IP address
of the BGP system that formed the aggregate route.
To explicitly have all AS numbers from all contributing paths be included in the
aggregate route’s path, include the full option when configuring routes. Include this
option when configuring an individual route in the route portion of the aggregate
statement to override a retain option specified in the defaults portion of the
statement.
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Routes that have been configured to remain continually installed in the routing and
forwarding tables are marked with reject next hops when they are inactive.
To explicitly remove aggregate routes when they become inactive, include the active
option when configuring routes. Include this option when configuring an individual
route in the route portion of the aggregate statement to override a retain option
specified in the defaults portion of the statement.
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
1. Compare the protocol’s preferences of the contributing routes. The lower the
preference, the better the route. This is similar to the comparison that is done
while determining the best route for the routing table.
3. The preference values are the same. Proceed with a numerical comparison of
the prefix values.
b. If the two prefixes are numerically equal, the primary contributor is the
route that has the smallest prefix length value.
4. At this point, the two routes are the same. The primary contributor does not
change. An additional next hop will be available for the existing primary
contributor.
A rejected contributor still can contribute to a less specific aggregate route. If you do
not specify a policy filter, all candidate routes contribute to an aggregate route.
To associate a routing policy with an aggregate route, include the policy statement
when configuring the route:
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
policy-statement advertise-aggregate-routes {
term first-term {
from protocol aggregate;
then accept;
}
term second-term {
then next policy;
}
}
protocols {
bgp {
export advertise-aggregate-routes;
...
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
A generated route becomes active when it has one or more contributing routes. A
contributing route is an active route that is a more specific match for the generated
destination. For example, for the destination 128.100.0.0/16, routes to
128.100.192.0/19 and 128.100.67.0/24 are contributing routes, but routes to
128.0.0.0./8, 128.0.0.0/16, and 128.100.0.0/16 are not.
By default, when generated routes are installed in the routing table, the next hop is
chosen from the primary contributing route.
NOTE: Currently, you can configure only one generated route for each destination
prefix.
To configure generated routes in the default routing table (inet.0), include the
generate statement:
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
rib routing-table-name {
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
}
NOTE: You cannot configure generated routes for the IPv4 multicast routing table
(inet.1) or the IPv6 multicast routing table (inet6.1).
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
! defaults—Here you specify global generated route options. These are treated as
global defaults and apply to all the generated routes you configure in the
generate statement. This part of the generate statement is optional.
To configure generated route options, include one or more of them in the defaults
or route part of the generate statement (for routing instances, include the
statement). For a list of hierarchy levels at which you can configure this statement,
see the statement summary section for this statement. Each of these options is
explained in the sections that follow.
[edit]
routing-options {
generate {
(defaults | route) {
(active | passive);
as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate>
<aggregator as-number in-address>;
community [ community-ids ];
discard;
(brief | full);
(metric | metric2 | metric3 | metric4) metric <type type>;
(preference | preference2 | color | color2) preference <type type>;
tag string;
}
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
The preference value can be a number in the range from 1 through 255, with a
lower number indicating a more preferred route. For more information about
preference values, see “Route Preferences” on page 6.
When you configure an individual route in the route part of the generate statement,
or when you configure the defaults for generated routes, you can specify a discard
next hop. This means that if a more specific packet does not match a more specific
route, the packet is rejected and a reject route for this destination is installed in the
routing table, but ICMP unreachable messages are not sent. The discard next-hop
feature allows you to originate a summary route, which is advertisable through
dynamic routing protocols, and allows you to discard received traffic that does not
match a more specific route than the summary route.
For example:
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
as-number:community-value
as-number is the AS number and can be a value in the range from 1 through 65,534.
community-value is the community identifier and can be a number in the range from
0 through 65,535.
You also can specify community-ids for communities as one of the following
well-known community names, which are defined in RFC 1997:
You can explicitly exclude BGP community information with a generated route
using the none option. Include none when configuring an individual route in the
route portion of the generate statement to override a community option specified in
the defaults portion of the statement.
type:administrator:assigned-number
type is the type of extended community and can be a target, origin, or domain-id
community. The target community identifies the destination to which the route is
going. The origin community identifies where the route originated. The domain-id
community identifies the OSPF domain where the route originated.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
as-path is the AS path to include with the route. It can include a combination of
individual AS path numbers and AS sets. Enclose sets in brackets ( [ ] ). The first AS
number in the path represents the AS immediately adjacent to the local AS. Each
subsequent number represents an AS that is progressively farther from the local AS,
heading toward the origin of the path.
You also can specify the AS path using the BGP origin attribute, which indicates the
origin of the AS path information:
To attach the BGP ATOMIC_AGGREGATE path attribute to the generated route, specify
the atomic-aggregate option. This path attribute indicates that the local system
selected a less specific route rather than a more specific route.
To attach the BGP AGGREGATOR path attribute to the generated route, specify the
aggregator option. When using this option, you must specify the last AS number
that formed the generated route (encoded as two octets), followed by the IP address
of the BGP system that formed the generated route.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To explicitly have all AS numbers from all contributing paths be included in the
generated route’s path, include the full option when configuring routes. Include this
option when configuring an individual route in the route portion of the generate
statement to override a retain option specified in the defaults portion of the
statement.
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
Routes that have been configured to remain continually installed in the routing and
forwarding tables are marked with reject next hops when they are inactive.
To explicitly remove generated routes when they become inactive, include the
active option when configuring routes. Include this option when configuring an
individual route in the route portion of the generate statement to override a retain
option specified in the defaults portion of the statement.
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
1. Compare the protocol’s preference of the contributing routes. The lower the
preference, the better the route. This is similar to the comparison that is done
while determining the best route for the routing table.
3. The preference values are the same. Proceed with a numerical comparison of
the prefixes values.
b. If the two prefixes are numerically equal, the primary contributor is the
route that has the smallest prefix length value.
At this point, the two routes are the same. The primary contributor does not change.
An additional next hop will be available for the existing primary contributor.
A rejected contributor still can contribute to less specific generated route. If you do
not specify a policy filter, all candidate routes contribute to a generated route.
To associate a routing policy with an generated route, include the policy statement:
policy policy-name;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
! 0.0.0.0/8
! 127.0.0.0/8
! 128.0.0.0/16
! 191.255.0.0/16
! 192.0.0.0/24
! 223.255.255.0/24
! 240.0.0.0/4
In IPv6, the loopback address, the reserved and unassigned prefixes from RFC
2373, and the link-local unicast prefix are the default martian addresses.
martians {
destination-prefix match-type;
}
To add martian addresses to the list of default martian addresses in other routing
tables, or to explicitly add martian addresses to the list of default martian addresses
in the primary IPv6 routing table (inet6.0), include the martians statement:
rib inet6.0 {
martians {
destination-prefix match-type;
}
}
To add martian addresses to the list of default martian addresses in any other
routing tables, or to explicitly add martian addresses to the list of default martian
addresses in the default routing table (inet.0), include the martians statement:
rib routing-table-name {
martians {
destination-prefix match-type;
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
In match-type, specify the type of match to apply to the destination prefix. For more
information about match types, see the JUNOS Policy Framework Configuration
Guide.
To delete a martian address from the default routing table (inet.0), include the
martians statement:
martians {
destination-prefix match-type allow;
}
rib inet6.0 {
martians {
destination-prefix match-type allow;
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
Flow routes and firewall filters are similar in that they filter packets based on their
components and perform an action on the packets that match. Flow routes provide
traffic filtering and rate-limiting capabilities much like firewall filters. In addition,
you can propagate flow routes across different autonomous systems.
flow {
route name {
match {
match-conditions;
}
then {
actions;
}
}
validation {
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Flow routes are propagated by BGP through flow-specific NLRI messages. You must
enable BGP to propagate these NLRIs. For more information on configuring BGP,
see “Enabling BGP to Carry Connectionless Network Services Routes” on page 578.
icmp-code number ICMP code field. This value or keyword provides more specific information than icmp-type. Because
the value’s meaning depends upon the associated icmp-type value, you must specify icmp-type along
with icmp-code.
In place of the numeric value, you can specify one of the following text synonyms (the field values are
also listed). The keywords are grouped by the ICMP type with which they are associated:
! parameter-problem: ip-header-bad (0), required-option-missing (1)
! redirect: redirect-for-host (1), redirect-for-network (0), redirect-for-tos-and-host (3),
redirect-for-tos-and-net (2)
! time-exceeded: ttl-eq-zero-during-reassembly (1), ttl-eq-zero-during-transit (0)
! unreachable: communication-prohibited-by-filtering (13), destination-host-prohibited (10),
destination-host-unknown (7), destination-network-prohibited (9), destination-network-unknown (6),
fragmentation-needed (4), host-precedence-violation (14), host-unreachable (1),
host-unreachable-for-TOS (12), network-unreachable (0), network-unreachable-for-TOS (11),
port-unreachable (3), precedence-cutoff-in-effect (15), protocol-unreachable (2), source-host-isolated (8),
source-route-failed (5)
Action or
Action Modifier Description
Actions
accept Accept a packet. This is the default.
discard Discard a packet silently, without sending an Internet Control Message Protocol (ICMP) message.
community Replace any communities in the route with the specified communities.
next-term Continue to the next match condition for evaluation.
routing-instance Specify a routing instance to which packets are forwarded.
extended-community
rate-limit rate Limit the bandwidth on the flow route.
sample Sample the traffic on the flow route.
Flow routes received using the BGP NLRI messages are validated before they are
installed into the flow primary instance routing table instance.inetflow.0. The
validation procedure is described in the Internet draft Dissemination of Flow
Specification Rules, draft-marques-idr-flow-spec-02.txt. You can bypass the
validation process and use your own specific import policy.
For more information about flow route validation, see Dissemination of Flow
Specification Rules, draft-marques-idr-flow-spec-02.txt.
rib routing-table-name {
filter {
input filter-name;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
NOTE: Forwarding table filtering is not supported on the interfaces you configure
as tunnel sources. Input filters affect only the transit packets exiting the tunnel.
For more information about forwarding table filters, see the JUNOS
Policy Framework Configuration Guide.
This chapter discusses how to perform the following tasks for configuring other
protocol-independent routing properties:
! 97
JUNOS 8.1 Routing Protocols Configuration Guide
ASs are identified by a number from 1 through 65,535 that is assigned by the
Network Information Center (NIC) in the United States (http://www.isi.edu).
If you are using the Border Gateway Protocol (BGP) on the router, you must
configure an AS number.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To specify how many times this AS number can appear in an AS path, include the
loops option.
router-id address;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
NOTE: We strongly recommend that you configure the router identifier under the
[edit routing-options] hierarchy level to avoid unpredictable behavior if the
interface address on a loopback interface changes.
Because each confederation is treated as if it were a single AS, you can apply the
same routing policy to all the ASs that make up the confederation.
Grouping ASs into confederations reduces the number of BGP connections required
to interconnect ASs.
If you are using BGP, you can enable the local router to participate as a member of
an AS confederation. To do this, include the confederation statement:
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Specify the AS confederation identifier, along with the AS numbers that are
members of the confederation.
Note that peer adjacencies will not form if two BGP neighbors disagree about
whether an adjacency falls within a particular confederation.
route-record;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
For more information about flow aggregation and sampling, see the JUNOS Network
Interfaces Configuration Guide.
rib-groups group-name {
import-policy [ policy-names ];
import-rib [ routing-table-names ];
export-rib routing-table-name;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
The routing table group can have any name you choose (specified in group-name). If
the group name you specify is not created explicitly, as described in “Configuring
Other Protocol-Independent Routing Properties” on page 97, you can create it by
naming it in the rib-groups statement.
Each routing table group must contain one or more routing tables that the JUNOS
software uses when importing routes (specified in the import-rib statement). The
first routing table you specify is the primary routing table, and any additional routing
tables are the secondary routing tables.
The primary routing table determines the address family of the routing table group.
To configure an Internet Protocol version 4 (IPv4) routing table group, specify inet.0
as the primary routing table. To configure an Internet Protocol version 6 (IPv6)
routing table group, specify inet6.0 as the primary routing table. If you configure an
IPv6 routing table group, the primary and all secondary routing tables must be IPv6
routing tables (inet6.x). You cannot have inet and inet6 routing tables in the same
import-rib statement.
Each routing table group optionally can contain one routing table group that the
JUNOS software uses when exporting routes to the routing protocols (specified in
the export-rib statement).
If you have configured a routing table, configure the OSPF primary instance at the
[edit protocols ospf] hierarchy level with the statements needed for your network so
that routes are installed in inet.0 and in the forwarding table. Make sure to include
the routing table group. For more information, see “Configuring Multiple Instances
of OSPF” on page 204.
After specifying the routing table from which to import routes, you can apply one or
more policies to control which routes will be installed in the routing table group. To
apply a policy to routes being imported into the routing table group, include the
import-policy statement:
rib-groups group-name {
import-policy [ policy-names ];
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
[edit]
routing-options {
interface-routes {
rib-group if-rg;
}
rib-groups if-rg {
import-rib [ inet.0 inet.2 ];
}
}
Create an IPv6 routing table group so that interface routes are installed into two
routing tables, inet6.0 and inet6.2:
[edit]
routing-options {
interface-routes {
rib-group inet6 if-rg;
}
rib-groups if-rg {
import-rib [ inet6.0 inet6.2 ];
}
}
Configuring How Interface Routes Are Imported into Routing Tables ! 101
JUNOS 8.1 Routing Protocols Configuration Guide
To associate an IPv4 routing table group with the router’s interfaces and specify
which routing table groups interface routes are imported into, include the
interface-routes statement:
interface-routes {
rib-group group-name;
}
interface-routes {
rib-group inet6 group-name;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To create the routing table groups, include the rib-groups statement at the
[edit routing-options] hierarchy level. For configuration information, see “Creating
Routing Table Groups” on page 100.
If you have configured a routing table, configure the OSPF primary instance at the
[edit protocols ospf] hierarchy level with the statements needed for your network so
that routes are installed in inet.0 and in the forwarding table. Make sure to include
the routing table group. For more information, see “Configuring Multiple Instances
of OSPF” on page 204.
export {
lan;
point-to-point;
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
To export lan routes, include the lan option. To export point-to-point routes, include
the point-to-point option.
102 ! Configuring How Interface Routes Are Imported into Routing Tables
Chapter 5: Configuring Other Protocol-Independent Routing Properties
multicast {
scope scope-name {
interface [ interface-names ];
prefix destination-prefix;
}
scoping-policy policy-name;
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
Specify a name for the scope, its address range, and the router interfaces on which
you are configuring scoping.
You can apply a multicast scoping policy to the routing table. To apply a scoping
policy, include the scoping-policy statement at the [edit routing-options multicast]
hierarchy level. For more information on configuring a scoping policy, see the
JUNOS Policy Framework Configuration Guide.
Configure the local scope on a Fast Ethernet interface. Configure the organization
scope on a Fast Ethernet and a SONET/SDH interface. Configure the engineering
and marketing scopes on two SONET/SDH interfaces.
[edit]
routing-options {
multicast {
scope local {
prefix 239.255.0.0/16;
fe-0/1/0.0;
}
scope organization {
prefix 239.192.0.0/14;
interface [ fe-0/1/0.0 so-0/0/0.0 ];
}
scope engineering {
prefix 239.255.255.0/24;
interface [ so-0/0/1.0 so-0/0/2.0 ];
}
scope marketing {
prefix 239.255.254.0/24;
interface [ so-0/0/1.0 so-0/0/2.0 ];
}
}
}
You can also configure multicast packets to be forwarded over a static route, such
as a static route associated with an LSP nexthop. Multicast packets are accepted on
an interface and forwarded over a static route in the forwarding table. This is useful
when you want to enable multicast traffic on a specific interface without
configuring PIM on the interface.
interface interface-name;
interface interface-name {
disable;
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary section for these statements.
NOTE: You cannot enable multicast traffic on an interface and configure PIM on
the same interface simultaneously.
NOTE: Static routes must be configured before you can enable multicast on an
interface. Configuring the interface statement alone does not install any routes
into the routing table. This feature relies on the static route configuration.
ssm-groups {
address;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
multicast {
forwarding-cache {
threshold suppress value <reuse value>;
}
}
! [edit routing-options]
By default, there are no limits on the number of multicast forwarding cache entries.
Specify a value for the threshold at which to suppress new multicast forwarding
cache entries and an optional reuse value for the threshold at which the router will
begin to create new multicast forwarding cache entries. The range for both is from
1 through 200,000. If configured, the reuse value should be less than the
suppression threshold value. The suppression value is mandatory. If you do not
specify the optional reuse value, then the number of multicast forwarding cache
entries is limited to the suppression value. A new entry is created as soon as the
number of multicast forwarding cache entries falls below the suppression value.
For information about supported standards for multicast scoping, see the JUNOS
Multicast Protocols Configuration Guide.
You can configure the JUNOS software so that, for the active route, all next-hop
addresses for a destination are installed in the forwarding table. This is called
per-packet load balancing. You can use load balancing to spread traffic across
multiple paths between routers. The behavior of the per-packet load-balancing
function varies according to the version of the Internet Protocol ASIC in the router.
On routers with the Internet Processor II ASIC, when per-packet load balancing is
configured, traffic between routers with multiple paths is divided into individual
traffic flows (up to a maximum of 16 equal-cost load-balanced paths). Packets for
each individual flow are kept on a single interface. To recognize individual flows in
the transit traffic, the router examines each of the following:
! Source IP address
! Destination IP address
! Protocol
The router recognizes packets in which all of these parameters are identical, and it
ensures that these packets are sent out through the same interface. This prevents
problems that might otherwise occur with packets arriving at their destination out
of their original sequence.
policy-statement policy-name {
from {
match-conditions;
route-filter destination-prefix match-type <actions>;
prefix-list name;
}
then {
load-balance per-packet;
}
}
2. Apply the policy to routes exported from the routing table to the forwarding
table. To do this, include the export statement:
export policy-name;
NOTE: You cannot apply the export policy to VRF routing instances.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
NOTE: Specify all next-hops of that route, if more than one exists, when allocating
a label corresponding to a route that is being advertised.
NOTE: Configure the forwarding-options hash key for MPLS to include the IP
payload.
[edit]
policy-options {
policy statement load-balancing-policy {
then {
load-balance per-packet;
}
}
}
routing-options {
forwarding-table {
export load-balancing-policy;
}
}
[edit]
policy-options {
policy-statement load-balancing-policy {
from {
route-filter 192.168.10/24 orlonger;
route-filter 9.114/16 orlonger;
}
then {
load-balance per-packet;
}
}
}
routing-options {
forwarding-table {
export load-balancing-policy;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To consider only active paths during the unicast RPF check, include the active-paths
option. To consider all feasible paths during the unicast RPF check, include the
feasible-paths option.
For more information about configuring unicast RPF on an interface, see the JUNOS
Network Interfaces Configuration Guide.
[edit firewall]
filter rpf-special-case-dhcp-bootp {
term allow-dhcp-bootp {
from {
source-address {
0.0.0.0/32;
}
address {
255.255.255.255/32;
}
}
then {
count rpf-dhcp-bootp-traffic;
accept;
}
}
term default {
then {
log;
reject;
}
}
}
[edit]
interfaces {
so-0/0/0 {
unit 0 {
family inet {
rpf-check fail-filter rpf-special-case-dhcp-bootp;
}
}
}
}
The graceful restart request occurs only if the following conditions are met:
! The restarting router is not already cooperating with another restart already in
progress.
Graceful restart is disabled by default. You must configure graceful restart at the
[edit routing-options] hierarchy level to enable the feature for Layer 2 and Layer 3
VPNs.
graceful-restart {
disable;
restart-duration seconds;
}
To disable graceful restart, include the disable statement. To configure a time period
for complete restart, include the restart-duration statement. You can specify a
number between 120 and 900.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
For a detailed example of a graceful restart configuration, see the JUNOS Feature
Guide.
route-distinguisher-id address;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
For more information about VPNs, see the JUNOS VPNs Configuration Guide.
When a router receives a VPN route that resolves over a BGP next hop that does not
have an MPLS path, a GRE tunnel can be created dynamically, allowing the VPN
traffic to be forwarded to that route. Formerly, GRE tunnels had to be established
manually. Only GRE IPv4 tunnels are supported.
dynamic-tunnels tunnel-name {
destination-networks prefix;
source-address address;
tunnel-type type;
}
! [edit routing-options]
Specify the IPv4 prefix range (for example, 10/8 or 11.1/16) for the destination
network by including the destination-networks statement. Only tunnels within the
specified IPv4 prefix range can be created.
destination-networks prefix;
Specify the source address for the GRE tunnels by including the source-address
statement. The source address specifies the address used as the source for the local
tunnel endpoint. It can be any local address on the router (typically the router ID or
the loopback address).
source-address address;
tunnel-type type;
Include the following form of the statement to log messages for a particular severity
level and all higher levels:
routing-options {
options syslog upto level;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
NOTE: System logging frequently deals with processes logged at the info or notice
severity level. Make sure that your regular system logging configurations include
the info or notice levels.
[edit]
user@host# set routing-options options syslog upto emergency
[edit]
user@host# show
routing-options {
options syslog upto emergency;
}
[edit]
user@host# set routing-options options syslog alert critical
[edit]
user@host# show
routing-options {
options syslog alert critical;
}
resolution {
rib routing-table-name {
import [ policy-names ];
resolution-ribs [ routing-table-names ];
}
}
To specify the name of the routing table to modify, include the rib routing-table-name
statement. To specify one or more import policies to use for route resolution,
include the import [ policy-names ] statement. To specify one or more routing tables
to use for route resolution, include the resolution-ribs [ routing-table-names ]
statement.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
nonstop-routing;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
For a complete description of non-stop routing, see the JUNOS High Availability
Configuration Guide.
For a general discussion about tracing and the precedence of multiple tracing
operations, see the JUNOS System Basics Configuration Guide.
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can specify the following global routing protocol tracing flags:
NOTE: Use the traceoption flags detail and all with caution. These flags may cause
the CPU to become very busy.
The flags in a traceoptions flag statement are identifiers. When you use the set
command to configure a flag, any flags that might already be set are not modified.
In the following example, setting the csn tracing flag has no effect on the already
configured detail flag. Use the delete command to delete a particular flag.
[edit]
routing-options {
traceoptions {
file routing size 10m files 10;
flag all;
}
}
[edit]
routing-options {
traceoptions {
file routing size 10m files 10;
flag all;
flag normal disable;
}
}
[edit]
routing-options {
traceoptions {
file routing size 10m files 10;
flag route;
}
}
You can partition a single physical router into multiple logical devices that perform
independent routing tasks. Because logical routers perform a subset of the tasks
once handled by the physical router, logical routers offer an effective way to
maximize the use of a single router.
Overview
Logical routers perform a subset of the actions of a physical router and have their
own unique routing tables, interfaces, policies, and routing instances. A set of
logical routers within a single router can handle the functions previously performed
by several small routers.
Overview ! 117
JUNOS 8.1 Routing Protocols Configuration Guide
! You can assign most interface types to a logical router, including SONET
interfaces, Ethernet interfaces, Asynchronous Transfer Mode (ATM) interfaces,
ATM2 interfaces, Channelized Q Performance Processor (QPP) interfaces,
aggregated interfaces, link services interfaces, and multilink services interfaces.
! Source class usage, destination class usage, unicast reverse path forwarding,
class of service, firewall filters, class-based forwarding, and policy-based
accounting work with logical routers when you configure these features on the
physical router.
! The router has only one configuration file, which contains configuration
information for the physical router and all associated logical routers. Master
users can access the full configuration. However, logical router users can access
only the portion of the configuration related to their particular logical router.
! If you configure trace options for a logical router, the output log file is stored in
the following location: /var/tmp/logical-router-name.
! The following Physical Interface Cards (PICs) are not supported with logical
routers: Adaptive Services PIC, ES PIC, Monitoring Services PIC, and Monitoring
Services II PIC.
118 ! Overview
Chapter 6: Logical Router Overview
! Label-switched path (LSP) ping and traceroute for autonomous system (AS)
number lookup are not supported.
[edit]
logical-routers logical-router-name {
interfaces interface-name {
interfaces-options;
}
policy-options {
policy-options;
}
protocols protocol {
protocol-options;
}
routing-instances routing-instance-name {
routing-instances-options;
}
routing-options {
routing-options;
}
}
[edit]
logical-routers logical-router-name {
interfaces interface-name {
unit unit-number {
...
}
}
}
! [edit interfaces]
! [edit policy-options]
! [edit protocols]
! [edit routing-instances]
! [edit routing-options]
Each of these hierarchy levels is used to configure an aspect of the logical router.
The logical router fully supports each subsequent hierarchy level. You always have
at least one logical router, the “master” logical router by default.
For documentation of these aspects of the logical router, see the documentation for
each hierarchy level. The configurations are not documented separately for logical
routers.
For a detailed example of a logical router configuration, see the JUNOS Feature
Guide.
For information on configuring logical router interface properties, see the JUNOS
Network Interfaces Configuration Guide and the JUNOS Services Interfaces
Configuration Guide.
For information on configuring logical router routing policy properties, see the
JUNOS Policy Framework Configuration Guide.
For information on configuring logical router multicast protocols, see the JUNOS
Multicast Protocols Configuration Guide.
[edit]
logical-routers {
logical-router-name;
}
logical-routers
Syntax logical-routers logical-router-name;
active
Description Configure whether static, aggregate, or generated routes are removed from the
routing and forwarding tables when they become inactive. Routes that have been
configured to remain continually installed in the routing and forwarding tables are
marked with reject next hops when they are inactive.
active ! 123
JUNOS 8.1 Routing Protocols Configuration Guide
Default active
Usage Guidelines See “Configuring Static Routes” on page 51, “Configuring Aggregate Routes” on
page 74, and “Configuring Generated Routes” on page 82.
aggregate
Syntax aggregate {
defaults {
aggregate-options;
}
route destination-prefix {
policy policy-name;
aggregate-options;
}
}
! (active | passive);
! community [ community-ids ];
! discard;
! (brief | full);
! tag string;
124 ! aggregate
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
defaults—Specify global aggregate route options. These options only set default
attributes inherited by all newly created aggregate routes. These are treated as
global defaults and apply to all the aggregate routes you configure in the
aggregate statement. This part of the aggregate statement is optional.
aggregate ! 125
JUNOS 8.1 Routing Protocols Configuration Guide
as-path
Description Associate Border Gateway Protocol (BGP) autonomous system (AS) path information
with a static, aggregate, or generated route.
Options aggregator—(Optional) Attach the BGP aggregator path attribute to the aggregate
route. You must specify the last AS number that formed the aggregate route
(encoded as two octets) for as-number, followed by the IP address of the BGP
system that formed the aggregate route for in-address.
origin egp—BGP origin attribute that indicates that the path information originated
in another AS.
origin igp—BGP origin attribute that indicates that the path information originated
within the local AS.
origin incomplete—BGP origin attribute that indicates that the path information was
learned by some other means.
Usage Guidelines See “Configuring Static Routes” on page 51, “Configuring Aggregate Routes” on
page 74, and “Configuring Generated Routes” on page 82.
126 ! as-path
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
auto-export
Syntax auto-export {
(disable | enable);
family {
inet {
multicast {
(disable | enable);
rib-group rib-group;
}
unicast {
(disable | enable);
rib-group rib-group;
}
}
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
}
}
family—Address family.
Usage Guidelines See “Configuring Policy-Based Export for Routing Instance” on page 219.
auto-export ! 127
JUNOS 8.1 Routing Protocols Configuration Guide
autonomous-system
128 ! autonomous-system
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
bfd-liveness-detection
Syntax bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number;
version (0 | 1);
}
bfd-liveness-detection ! 129
JUNOS 8.1 Routing Protocols Configuration Guide
brief
Description Configure all AS numbers from all contributing paths to be included in the
aggregate or generated route’s path.
Default full
Usage Guidelines See “Configuring Aggregate Routes” on page 74 and “Configuring Generated
Routes” on page 82.
color
130 ! brief
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
community
Description Associate BGP community information with a static, aggregate, or generated route.
For more information about BGP community attributes, see the JUNOS Policy
Framework Configuration Guide.
For specifying the BGP community attribute only, you also can specify community-ids
as one of the following well-known community names defined in RFC 1997:
community ! 131
JUNOS 8.1 Routing Protocols Configuration Guide
! type is the type of extended community and can be a target, origin, or domain-id
community. The target community identifies the route destination. The origin
community identifies where the route originated. The domain-id community
identifies the OSPF domain where the route originated.
For more information about the BGP extended communities attribute, see the
JUNOS Policy Framework Configuration Guide.
Usage Guidelines See “Configuring Static Routes” on page 51, “Configuring Aggregate Routes” on
page 74, and “Configuring Generated Routes” on page 82.
See Also aggregate on page 124, generate on page 141, static on page 174
confederation
132 ! confederation
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
destination-networks
Description Specifies the IPv4 prefix range for the destination network by including the
destination-networks statement. Only tunnels within the specified IPv4 prefix range
can be created.
disable
Syntax disable;
destination-networks ! 133
JUNOS 8.1 Routing Protocols Configuration Guide
discard
Syntax discard;
Description Do not forward packets addressed to this destination. Instead, drop the packets, do
not send ICMP unreachable messages to the packets’ originators, and install a reject
route for this destination into the routing table.
Default When an aggregate route becomes active, it is installed in the routing table with a
reject next hop, which means that ICMP unreachable messages are sent.
Usage Guidelines See “Configuring Aggregate Routes” on page 74 and “Configuring Generated
Routes” on page 82.
134 ! discard
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
dynamic-tunnels
export
Description Apply one or more policies to routes being exported from the routing table into the
forwarding table.
Usage Guidelines See “Configuring Per-Packet Load Balancing” on page 105 and the JUNOS Policy
Framework Configuration Guide.
dynamic-tunnels ! 135
JUNOS 8.1 Routing Protocols Configuration Guide
export-rib
Description Name of the routing table from which the JUNOS software should export routing
information.
136 ! export-rib
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
fate-sharing
Syntax fate-sharing {
group group-name;
cost value;
from address <to address>;
}
Description Specify a backup path in case the primary path becomes unusable.
You specify one or more objects within a group. The objects can be a LAN interface,
a router ID, or a point-to-point link. Sequence is insignificant.
Changing the fate-sharing database does not affect existing established LSP until the
next CSPF reoptimization. The fate-sharing database does affect fast-reroute detour
path computations.
Options group group-name—Each fate-sharing group must have a name, which can be up to
32 characters long and can contain letters, digits, periods (.) and hyphens (–).
You can define up to 512 groups.
fate-sharing ! 137
JUNOS 8.1 Routing Protocols Configuration Guide
filter
Syntax filter {
input filter-name;
}
Description Name of the routing table from which the JUNOS software should export routing
information.
138 ! filter
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
flow
Syntax flow {
route name {
match {
match-conditions;
}
then {
actions;
}
}
validation {
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
}
}
actions—An action to take if conditions match. The actions are described in Table 7
on page 94.
flow ! 139
JUNOS 8.1 Routing Protocols Configuration Guide
forwarding-cache
Syntax forwarding-cache {
threshold suppress value <reuse value>;
}
Usage Guidelines See “Configuring Multicast Forwarding Cache Limits” on page 105.
forwarding-table
Syntax forwarding-table {
export [ policy--names ];
unicast-reverse-path (active-paths | feasible-paths);
}
full
140 ! forwarding-cache
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
generate
Syntax generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
Description Configure generated routes, which are used as routes of last resort.
! (active | passive);
! community [ community-ids ];
! discard;
! (brief | full);
! tag string;
defaults—Specify global generated route options. These options only set default
attributes inherited by all newly created generated routes. These are treated as
global defaults and apply to all the generated routes you configure in the generate
statement. This part of the generate statement is optional.
generate ! 141
JUNOS 8.1 Routing Protocols Configuration Guide
graceful-restart
Syntax graceful-restart {
disable;
restart-duration seconds;
}
import
Description Specify one or more import policies to use for route resolution.
142 ! graceful-restart
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
import-policy
Description Apply one or more policies to routes imported into the routing table group. The
import-policy statement complements the import-rib statement and cannot be used
unless you first specify the routing tables to which routes are being imported.
import-rib
Description Name of the routing table into which the JUNOS software should import routing
information. The first routing table name you enter is the primary routing table. Any
additional names you enter identify secondary routing tables. When a protocol
imports routes, it imports them into the primary and any secondary routing tables.
If the primary route is deleted, the secondary route also is deleted. For IPv4 import
routing tables, the primary routing table must be inet.0 or
routing-instance-name.inet.0. For IPv6 import routing tables, the primary routing
table must be inet6.0.
import-policy ! 143
JUNOS 8.1 Routing Protocols Configuration Guide
independent-domain
Statement independent-domain;
input
Syntax input;
144 ! independent-domain
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
install
Description Configure whether the JUNOS software installs all static routes into the forwarding
table. Even if you configure a route so it is not installed in the forwarding table, the
route is still eligible to be exported from the routing table to other protocols.
Default install
Options install—Explicitly install all static routes into the forwarding table.
no-install—Do not install the route into the forwarding table, even if it is the route
with the lowest preference.
instance-export
Description Apply one or more policies to routes being exported from a routing instance.
Usage Guidelines See “Configuring Policy-Based Export for Routing Instance” on page 219 and the
JUNOS Policy Framework Configuration Guide.
install ! 145
JUNOS 8.1 Routing Protocols Configuration Guide
instance-import
Description Apply one or more policies to routes being imported into a routing instance.
Usage Guidelines See “Configuring Policy-Based Export for Routing Instance” on page 219 and the
JUNOS Policy Framework Configuration Guide.
146 ! instance-import
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
interface
See the following sections:
NOTE: You cannot enable multicast traffic on an interface using the enable
statement and configure PIM on the same interface simultaneously.
interface ! 147
JUNOS 8.1 Routing Protocols Configuration Guide
NOTE: You cannot apply a scoping policy to a specific routing instance. All scoping
policies are applied to all routing instances. However, you can apply the scope
statement to a specific routing instance.
148 ! interface
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
interface-routes
Syntax interface-routes {
family (inet | inet6) {
export {
lan
point-to-point;
}
}
rib-group group-name;
}
Description Associate a routing table group with the router’s interfaces and specify routing table
groups into which interface routes are imported.
Usage Guidelines See “Configuring How Interface Routes Are Imported into Routing Tables” on
page 101.
interface-routes ! 149
JUNOS 8.1 Routing Protocols Configuration Guide
lsp-next-hop
Description Specify an LSP as the next hop for a static route, and configure an independent
metric or preference on that next-hop LSP.
metric—Metric value.
Range: 1 through 65,535
Usage Guidelines See “Specifying an LSP as the Next Hop for a Static Route” on page 57.
150 ! lsp-next-hop
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
martians
Syntax martians {
destination-prefix match-type <allow>;
}
Options allow—(Optional) Explicitly allow a subset of a range of addresses that has been
disallowed.
! longer—The route’s mask length is greater than the specified mask length.
Default: exact
martians ! 151
JUNOS 8.1 Routing Protocols Configuration Guide
maximum-paths
Description Configure a limit for the number of routes installed in a routing table based upon
the route path.
log-only —(Optional) Sets the route limit as an advisory limit. An advisory limit
triggers only a warning, and additional routes are not rejected.
When the number or routes reaches the threshold value, routes are still installed
into the routing table while warning messages are sent. When the number or
routes reaches the path-limit value, then additional routes are rejected.
Usage Guidelines See “Configuring Route Limits for Routing Tables” on page 231.
152 ! maximum-paths
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
maximum-prefixes
Description Configure a limit for the number of routes installed in a routing table based upon
the route prefix.
log-only —(Optional) Sets the prefix limit as an advisory limit. An advisory limit
triggers only a warning, and additional routes are not rejected.
When the number or routes reaches the threshold value, routes are still installed
into the routing table while warning messages are sent. When the number or
routes reaches the prefix-limit value, then additional routes are rejected.
Usage Guidelines See “Configuring Route Limits for Routing Tables” on page 231.
metric
See the following sections:
maximum-prefixes ! 153
JUNOS 8.1 Routing Protocols Configuration Guide
Description Metric value for an aggregate, generated, or static route. You can specify up to four
metric values, starting with metric (for the first metric value) and continuing with
metric2, metric3, and metric4.
Usage Guidelines See “Specifying the Route Metric” on page 63, “Specifying the Route Metric” on
page 77, and “Specifying the Route Metric” on page 85.
See Also aggregate on page 124, generate on page 141, static on page 174
Usage Guidelines See “Specifying an Independent Preference for a Static Route” on page 55.
154 ! metric
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
multicast
Syntax multicast {
forwarding-cache {
threshold suppress value <reuse value>;
}
interface interface-name {
enable;
}
scope scope-name {
interface [ interface-names ];
prefix destination-prefix;
}
ssm-groups {
address;
}
}
NOTE: You cannot apply a scoping policy to a specific routing instance. All scoping
policies are applied to all routing instances. However, you can apply the scope
statement to a specific routing instance.
Usage Guidelines See “Configuring Multicast Scoping” on page 103 and “Configuring Additional
Source-Specific Multicast Groups” on page 104.
no-install
no-readvertise
multicast ! 155
JUNOS 8.1 Routing Protocols Configuration Guide
no-retain
nonstop-routing
Syntax nonstop-routing {
156 ! no-retain
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
options
Syntax options {
syslog (level level | upto level);
}
Description Configure the types of system logging messages sent about the routing protocols
process to the system message logging file. These messages are also displayed on
the system console. You can log messages at a particular level, or up to and
including a particular level.
Options level level—Severity of the message. It can be one or more of the following levels, in
order of decreasing urgency:
! notice—Conditions that are not error conditions, but might warrant special
handling.
! info—Informational messages.
Default: info
Usage Guidelines See “Configuring Logging for the Routing Protocol Process” on page 112.
options ! 157
JUNOS 8.1 Routing Protocols Configuration Guide
p2mp-lsp-next-hop
Syntax p2mp-lsp-next-hop {
metric metric;
preference preference;
}
Description Specify a point-to-multipoint LSP as the next hop for a static route, and configure
an independent metric or preference on that next-hop LSP.
Usage Guidelines See “Specifying an LSP as the Next Hop for a Static Route” on page 57.
passive
158 ! p2mp-lsp-next-hop
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
policy
Usage Guidelines See “Configuring Aggregate Routes” on page 74 and “Configuring Generated
Routes” on page 82.
policy ! 159
JUNOS 8.1 Routing Protocols Configuration Guide
preference
Description Preference value for a static, aggregated, or generated route. You also can specify a
secondary preference value (preference2), as well as colors, which are even
finer-grained preference values (color and color2).
Usage Guidelines See “Configuring Static Routes” on page 51, “Configuring Aggregate Routes” on
page 74, and “Configuring Generated Routes” on page 82.
See Also aggregate on page 124, generate on page 141, static on page 174
160 ! preference
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
prefix
qualified-next-hop
metric—Metric value.
Range: 1 through 65,535
prefix ! 161
JUNOS 8.1 Routing Protocols Configuration Guide
Usage Guidelines See “Specifying an Independent Preference for a Static Route” on page 55.
readvertise
Description Configure whether static routes are eligible to be readvertised by routing protocols:
Default readvertise
162 ! readvertise
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
resolution
Syntax resolution {
rib routing-table-name {
import [ policy-names ];
resolution-ribs [ routing-table-names ];
}
}
resolution-ribs
Description Specify one or more routing tables to use for route resolution.
resolution ! 163
JUNOS 8.1 Routing Protocols Configuration Guide
resolve
Syntax resolve;
Description Configure statically configured routes to be resolved to a next hop that is not
directly connected:
restart-duration
Options restart-duration seconds—Configure the time period for the restart to last, in
seconds.
Range: 120 through 900 seconds
Default: 90 seconds
164 ! resolve
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
retain
! retain—Have a static route remain in the forwarding table when the routing
protocol process shuts down normally. Doing this greatly reduces the time
required to restart a system that has a large number of routes in its routing
table.
Default no-retain
retain ! 165
JUNOS 8.1 Routing Protocols Configuration Guide
rib
See the following sections:
rib (General)
Syntax rib routing-table-name {
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
next-hop;
static-options;
}
}
aggregate {
defaults {
aggregate-options;
}
route destination-prefix {
policy policy-name;
aggregate-options;
}
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
martians {
destination-prefix match-type <allow>;
}
}
166 ! rib
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
NOTE: The IPv4 multicast routing table (inet.1) and the IPv6 multicast routing table
(inet6.1) are not supported for this statement.
Default If you do not specify a routing table name with the routing-table-name statement, the
software uses the default routing tables, which are inet.0 for unicast routes and
inet.1 for the multicast cache.
protocol[.identifier]
! protocol is the protocol family. It can be inet6 for the IPv6 family, inet for
the IPv4 family, iso for the ISO protocol family, or instance-name.iso.0 for a
ISO routing instance.
! identifier is a positive integer that specifies the instance of the routing table.
Default: inet.0
rib ! 167
JUNOS 8.1 Routing Protocols Configuration Guide
rib-group
Description Configure which routing table groups interface routes are imported into.
Options group-name—Name of the routing table group. The name must start with a letter
and can include letters, numbers, and hyphens. It generally does not make
sense to specify more than a single routing table group.
Usage Guidelines See “Configuring How Interface Routes Are Imported into Routing Tables” on
page 101 and “Creating Routing Table Groups” on page 100.
168 ! rib-group
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
rib-groups
Syntax rib-groups {
group-name {
import-policy [ policy-names ];
import-rib [ group-names ];
export-rib group-name;
}
}
Description Group one or more routing tables to form a routing table group. A routing protocol
can import routes into all the routing tables in the group and can export routes
from a single routing table.
Each routing table group must contain one or more routing tables that the JUNOS
software uses when importing routes (specified in the import-rib statement) and
optionally can contain one routing table group that the JUNOS software uses when
exporting routes to the routing protocols (specified in the export-rib statement).
Options group-name—Name of the routing table group. The name must start with a letter
and can include letters, numbers, and hyphens.
rib-groups ! 169
JUNOS 8.1 Routing Protocols Configuration Guide
route-distinguisher-id
route-record
Syntax route-record;
Description Export the AS path and routing information to the traffic sampling process.
Usage Guidelines See “Configuring Route Recording for Flow Aggregation” on page 99.
170 ! route-distinguisher-id
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
router-id
NOTE: We strongly recommend that you configure the router identifier under the
[routing-options] hierarchy level to avoid unpredictable behavior if the interface
address on a loopback interface changes.
routing-options
router-id ! 171
JUNOS 8.1 Routing Protocols Configuration Guide
scope
source-address
Description Specifies the source address for the GRE tunnels. The source address specifies the
address used as the source for the local tunnel endpoint. This address can be any
local address on the router (typically the router ID or the loopback address).
172 ! scope
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
ssm-groups
Syntax ssm-groups {
address;
}
Usage Guidelines See “Configuring Additional Source-Specific Multicast Groups” on page 104.
ssm-groups ! 173
JUNOS 8.1 Routing Protocols Configuration Guide
static
Syntax static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
next-hop;
qualified-next-hop address {
metric metric;
preference preference;
}
static-options;
}
}
Description Configure static routes to be installed in the routing table. You can specify any
number of routes within a single static statement, and you can specify any number
of static options in the configuration.
Options defaults—Specify global static route options. These options only set default
attributes inherited by all newly created static routes. These are treated as
global defaults and apply to all the static routes you configure in the static
statement. This part of the static statement is optional.
174 ! static
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
! receive—Install a receive route for this destination into the routing table.
You can specify one or more of the following in static-options. Each of the
options is explained separately.
! (active | passive);
! community [ community-ids ];
! (install | no-install);
! (readvertise | no-readvertise);
! (resolve | no-resolve);
! (no-retain | retain);
! tag string;
static ! 175
JUNOS 8.1 Routing Protocols Configuration Guide
tag
Usage Guidelines See “Configuring Static Routes” on page 51, “Configuring Aggregate Routes” on
page 74, and “Configuring Generated Routes” on page 82.
See Also aggregate on page 124, generate on page 141, static on page 174
176 ! tag
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
threshold
Description Configure the suppression and reuse thresholds for multicast forwarding cache
limits.
Usage Guidelines See “Configuring Multicast Forwarding Cache Limits” on page 105.
threshold ! 177
JUNOS 8.1 Routing Protocols Configuration Guide
traceoptions
Syntax traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
Description Define tracing operations that track all routing protocol functionality in the router.
To specify more than one tracing operation, include multiple flag statements.
Default If you do not include this statement, no global tracing operations are performed.
Options disable—(Optional) Disable the tracing operation. You can use this option to disable
a single operation when you have defined a broad group of tracing operations,
such as all.
file name—Name of the file to receive the output of the tracing operation. Enclose
the name within quotation marks. All files are placed in the directory /var/log.
We recommend that you place global routing protocol tracing output in the file
routing-log.
files number—(Optional) Maximum number of trace files. When a trace file named
trace-file reaches its maximum size, it is renamed trace-file.0, then trace-file.1,
and so on, until the maximum number of trace files is reached. Then, the
oldest trace file is overwritten.
If you specify a maximum number of files, you also must specify a maximum
file size with the size option.
! config-internal—Configuration internals
! event—Event processing
! flash—Flash processing
178 ! traceoptions
Chapter 7: Summary of Protocol-Independent Routing Properties Configuration Statements
! kernel—Kernel communication
! parse—Configuration parsing
! regex-parse—Regular-expression parsing
! state—State transitions
! timer—Timer usage
flag-modifier—(Optional) Modifier for the tracing flag. You can specify one or more
of these modifiers:
size size—(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes
(MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is
renamed trace-file.0. When the trace-file again reaches its maximum size,
trace-file.0 is renamed trace-file.1 and trace-file is renamed trace-file.0. This
renaming scheme continues until the maximum number of trace files is
reached. Then, the oldest trace file is overwritten.
If you specify a maximum file size, you also must specify a maximum number
of trace files with the files option.
traceoptions ! 179
JUNOS 8.1 Routing Protocols Configuration Guide
Usage Guidelines See “Tracing Global Routing Protocol Operations” on page 114.
Required Privilege Level routing and trace—To view this statement in the configuration.
routing-control and trace-control—To add this statement to the configuration.
tunnel-type
Description Specifies the type of tunnel to be dynamically created. The only valid value is gre
(for GRE tunnels).
unicast-reverse-path
Options active-paths—Consider only active paths during the unicast reverse-path check.
Usage Guidelines See “Enabling Unicast Reverse-Path Forwarding Check” on page 108 and the JUNOS
Network Interfaces Configuration Guide.
180 ! tunnel-type
Part 3
Routing Instances
You can create multiple instances of Border Gateway Protocol (BGP), Intermediate
System-to-Intermediate System (IS-IS), Open Shortest Path First (OSPF), Protocol
Independent Multicast (PIM), Routing Information Protocol (RIP), and static routes
by including statements at the following hierarchy levels:
You can configure six types of routing instances: forwarding, Layer 2 virtual private
network (VPN), nonforwarding, VPN routing and forwarding (VRF), virtual router,
and virtual private LAN service (VPLS).
Each routing instance has a unique name and a corresponding IP unicast table. For
example, if you configure a routing instance with the name my-instance, its
corresponding IP unicast table will be my-instance.inet.0. All routes for my-instance
are installed into my-instance.inet.0.
NOTE: The default routing instance, master, refers to the main inet.0 routing table.
The master routing instance is reserved and cannot be specified as a routing
instance.
Configure global routing options and protocols for the master instance by including
statements at the [edit protocols] and [edit routing-options] hierarchy levels. Routes
are installed into the master routing instance inet.0 by default, unless a routing
instance is specified.
Multiple instances of BGP, OSPF, and RIP are used for Layer 3 VPN
implementation. The multiple instances of BGP, OSPF, and RIP keep routing
information for different VPNs separate. The VRF instance advertises routes from
the customer edge (CE) router to the provider edge (PE) router and advertises
routes from the PE router to the CE router. Each VPN receives only routing
information belonging to that VPN.
! 183
JUNOS 8.1 Routing Protocols Configuration Guide
Nonforwarding instances of IS-IS and OSPF can be used to separate a very large
network into smaller administrative entities. Instead of configuring a large number
of filters, nonforwarding instances can be used to filter routes, thereby instantiating
policy. Nonforwarding instances can be used to reduce the amount of routing
information advertised throughout all components of a network. Routing
information associated with a particular instance can be announced where
required, instead of being advertised to the whole network.
Virtual router instances are similar to a VPN routing and forwarding instance type,
but used for non-VPN-related applications. There are no VRF import, VRF export,
VRF target, or route distinguisher requirements for this instance type.
Use the VPLS routing instance type for point-to-multipoint LAN implementations
between a set of sites in a VPN.
184 !
Chapter 9
Routing Instances Configuration
Guidelines
You can create multiple instances of Border Gateway Protocol (BGP), Intermediate
System-to-Intermediate System (IS-IS), Label Distribution Protocol (LDP), Multicast
Source Discovery Protocol (MSDP), Open Shortest Path First version 2 (OSPF),
Open Shortest Path First version 3 (OSPFv3), Protocol Independent Multicast (PIM),
Routing Information Protocol (RIP), and static routes by including statements at the
following hierarchy levels:
NOTE: The default routing instance, master, refers to the main inet.0 routing table.
The master routing instance is reserved and cannot be specified as a routing
instance.
! Routing tables
! Layer 2 VPN—Use this routing instance type for Layer 2 virtual private network
(VPN) implementations.
! 185
JUNOS 8.1 Routing Protocols Configuration Guide
! Virtual router—Similar to a VPN routing and forwarding instance type, but used
for non-VPN-related applications. There are no virtual routing and forwarding
(VRF) import, VRF export, VRF target, or route distinguisher requirements for
this instance type.
! VRF—Use the VPN routing and forwarding routing (VRF) instance type for
Layer 3 VPN implementations. This routing instance type has a VPN routing
table as well as a corresponding VPN forwarding table. For this instance type,
there is a one-to-one mapping between an interface and a routing instance.
Each VRF instance corresponds with a forwarding table. Routes on an interface
go into the corresponding forwarding table.
For more detailed information about configuring VPNs and Layer 2 VPNs, see the
JUNOS VPNs Configuration Guide.
This chapter describes the following tasks for configuring routing instances:
186 !
Chapter 9: Routing Instances Configuration Guidelines
routing-instances {
routing-instance-name {
description text;
forwarding-options;
interface interface-name;
instance-type (forwarding | l2vpn | no-forwarding | virtual-router | vpls | vrf);
no-vrf-advertise;
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy--names ];
vrf-table-label;
vrf-target {
export community-name;
import community-name;
}
protocols {
bgp {
bgp-configuration;
}
isis {
isis-configuration;
}
l2vpn {
l2vpn-configuration;
}
ldp {
ldp-configuration;
}
msdp {
msdp-configuration;
}
ospf {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
ospf-configuration;
}
ospf3 {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
ospf3-configuration;
}
pim {
pim-configuration;
}
! 187
JUNOS 8.1 Routing Protocols Configuration Guide
rip {
rip-configuration;
}
vpls {
vpls-configuration;
}
}
routing-options {
aggregate {
defaults {
aggregate-options;
}
route destination-prefix {
policy policy-name;
aggregate-options;
}
}
auto-export {
(disable | enable);
family {
inet {
multicast {
(disable | enable);
rib-group rib-group;
}
unicast {
(disable | enable);
rib-group rib-group;
}
}
}
traceoptions {
file name <replace> <size size> <files number>
<no-stamp> <world-readable>;
flag flag <flag-modifier> <disable>;
}
}
autonomous-system autonomous-system <loops number> {
independent-domain;
}
confederation confederation-autonomous-system
members autonomous-system;
fate-sharing {
group group-name;
cost value;
from address [to address];
}
forwarding-table {
export [ policy-names ];
}
188 !
Chapter 9: Routing Instances Configuration Guidelines
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
instance-export [ policy-names ];
instance-import [ policy-names ];
interface-routes {
rib-group group-name;
}
martians {
destination-prefix match-type <allow>;
}
maximum-paths path-limit <log-only | threshold value
log-interval seconds>;
maximum-prefixes prefix-limit <log-only | threshold value
log-interval seconds>;
multicast {
scope scope-name {
interface interface-name;
prefix destination-prefix;
}
ssm-groups {
addresses;
}
}
options {
syslog (level level | upto level);
}
rib routing-table-name {
aggregate {
defaults {
aggregate-options;
}
route destination-prefix {
policy policy-name;
aggregate-options;
}
}
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
martians {
destination-prefix match-type <allow>;
}
! 189
JUNOS 8.1 Routing Protocols Configuration Guide
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
lsp-next-hop {
metric metric;
preference preference;
}
next-hop;
p2mp-lsp-next-hop {
metric metric;
preference preference;
}
qualified-next-hop {
interface interface-name;
metric metric;
preference preference;
}
static-options;
}
}
}
rib-groups {
group-name {
import-policy [ policy-names ];
import-rib [ group-names ];
export-rib group-name;
}
}
route-record;
router-id address ;
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
lsp-next-hop {
metric metric;
preference preference;
}
next-hop;
p2mp-lsp-next-hop {
metric metric;
preference preference;
}
qualified-next-hop {
interface interface-name;
metric metric;
preference preference;
}
static-options;
}
}
190 !
Chapter 9: Routing Instances Configuration Guidelines
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
}
}
}
BGP
To configure a routing instance for BGP, you must include at least the following
statements in the configuration.
[edit]
routing-instances {
routing-instance-name {
interface interface-name;
instance-type (forwarding | l2vpn | no-forwarding | virtual-router | vpls | vrf);
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
protocols {
bgp {
bgp configuration;
}
}
}
}
For more information about the BGP configuration statements, see “BGP
Configuration Guidelines” on page 533. For more information about configuring
VPNs, see the JUNOS VPNs Configuration Guide.
IS-IS
To configure a routing instance for IS-IS, you must include at least the following
statements in the configuration:
[edit]
routing-instances {
routing-instance-name {
interface interface-name;
instance-type (forwarding | l2vpn | no-forwarding | virtual-router | vpls | vrf);
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
protocols {
isis {
isis configuration;
}
}
}
}
For more information about the IS-IS configuration statements, see “IS-IS
Configuration Guidelines” on page 247.
Layer 2 VPN
To create a routing instance for Layer 2 VPN, you must include at least the following
statements in the configuration:
[edit]
routing-instances {
routing-instance-name {
instance-type l2vpn;
interface interface-name;
route-distinguisher (as-number:number | ip-address:number);
vrf-export [ policy-names ];
vrf-import [ policy-names ];
protocols {
l2vpn {
l2vpn configuration;
}
}
}
}
For more information about configuring Layer 2 VPNs, see the JUNOS VPNs
Configuration Guide.
LDP
To create a routing instance for LDP, you must include at least the following
statements in the configuration:
[edit]
routing-instances {
routing-instance-name {
instance-type (forwarding | l2vpn | no-forwarding | virtual-router | vpls | vrf);
interface interface-name;
route-distinguisher (as-number:number | ip-address:number);
vrf-export [ policy-names ];
vrf-import [ policy-names ];
protocols {
ldp {
ldp configuration;
}
}
}
}
For more information about configuring LDP, see the JUNOS MPLS Applications
Configuration Guide.
LDP routing instances are used to support LDP over VPNs. For more information
about configuring multicast over VPNs, see the JUNOS VPNs Configuration Guide.
MSDP
To create a routing instance for MSDP, you must include at least the following
statements in the configuration:
[edit]
routing-instances {
routing-instance-name {
instance-type (forwarding | l2vpn | no-forwarding | virtual-router | vpls | vrf);
interface interface-name;
route-distinguisher (as-number:number | ip-address:number);
vrf-export [ policy-names ];
vrf-import [ policy-names ];
protocols {
msdp {
msdp configuration;
}
}
}
}
For more information about configuring MSDP, see the JUNOS Multicast Protocols
Configuration Guide.
OSPF
To configure a routing instance for OSPF, you must include at least the following
statements in the configuration:
[edit]
routing-instances {
routing-instance-name {
interface interface-name;
instance-type (forwarding | l2vpn | no-forwarding | virtual-router | vpls | vrf);
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
protocols {
ospf {
ospf-configuration;
}
}
}
}
NOTE: You can configure a logical interface under only one routing instance.
For more information about the OSPF configuration statements, see “OSPF
Configuration Guidelines” on page 349.
OSPFv3
To configure a routing instance for OSPFv3, you must include at least the following
statements in the configuration:
[edit]
routing-instances {
routing-instance-name {
interface interface-name;
instance-type (no-forwarding | vrf);
vrf-export [ policy-names ];
vrf-import [ policy-names ];
protocols {
ospf3 {
ospf3-configuration;
}
}
}
}
NOTE: You can configure a logical interface under only one routing instance.
NOTE: OSPFv3 supports the no-forwarding and vrf routing instance types only.
For more information about the OSPF configuration statements, see “OSPF
Configuration Guidelines” on page 349.
PIM
To create a routing instance for PIM, you must include at least the following
statements in the configuration:
[edit]
routing-instances {
routing-instance-name {
instance-type (forwarding | l2vpn | no-forwarding | virtual-router | vpls | vrf);
interface interface-name;
route-distinguisher (as-number:number | ip-address:number);
vrf-export [ policy-names ];
vrf-import [ policy-names ];
protocols {
pim {
pim configuration;
}
}
}
}
For more information about configuring PIM, see the JUNOS Multicast Protocols
Configuration Guide.
PIM routing instances are used to support multicast over VPNs. For more detailed
information about configuring multicast over VPNs, see the JUNOS VPNs
Configuration Guide.
RIP
RIP instances are supported only for VPN routing and forwarding (VRF) instance
types. This instance type provides support for Layer 3 VPNs. To configure a routing
instance for RIP, you must include at least the following statements in the
configuration:
[edit]
routing-instances {
routing-instance-name {
interface interface-name;
instance-type vrf;
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
protocols {
rip {
rip configuration;
}
}
}
}
For more information about the RIP configuration statements, see “RIP
Configuration Guidelines” on page 429. For more information about configuring
VPNs, see the JUNOS VPNs Configuration Guide.
VPLS
To create a routing instance for virtual private LAN services (VPLS), you must
include at least the following statements in the configuration:
[edit]
routing-instances {
routing-instance-name {
instance-type vpls;
interface interface-name;
route-distinguisher (as-number:number | ip-address:number);
vrf-export [ policy-names ];
vrf-import [ policy-names ];
protocols {
vpls {
vpls configuration;
}
}
}
}
For more information about configuring VPLS, see the JUNOS VPNs Configuration
Guide. For a detailed VPLS example configuration, see the JUNOS Feature Guide.
Multiple instances of BGP are primarily used for Layer 3 VPN support.
For Layer 3 VPN support, configure BGP on the provider edge (PE) router to receive
routes from the customer edge (CE) router and to send the instances’ routes to the
CE router if necessary. You can use multiple instances of BGP to maintain separate
per-site forwarding tables for keeping VPN traffic separate on the PE router. For
more detailed information about configuring VPNs, see the JUNOS VPNs
Configuration Guide.
You can configure import and export policies that allow the service provider to
control and rate-limit traffic to and from the customer.
[edit]
routing-instances {
routing-instance-name {
interface so-1/1/1.0;
interface so-1/1/1.1;
instance-type vrf;
route distinguisher (as-number:number | ip-address:number);
protocols {
bgp {
group group-name {
peer-as 01;
type external;
import route-name;
export route-name;
neighbor 10.0.0.1;
}
}
}
}
}
You can configure an EBGP multihop session for a VRF routing instance. Also, you
can set up the EBGP peer between the PE and CE routers by using the loopback
address of the CE router instead of the interface addresses.
NOTE: BGP route reflection is not supported for VRF routing instances.
1. Configure the IS-IS default instance at the [edit protocols isis] or [edit
logical-routers logical-router-name protocols isis] hierarchy levels with the
statements needed for your network so that routes are installed in inet.0 and in
the forwarding table. Make sure to include the routing table group.
2. Configure an IS-IS routing instance for each additional IS-IS routing entity,
configuring the following items:
! Interfaces
! Routing options
3. Configure a routing table group to install routes from the routing instance into
the inet.0 routing table. You can do this in two ways:
! Create a common routing table group so that either one of two conditions
is configured:
! Routes from the routing instances are installed in inet.0 and therefore
installed in the forwarding table.
! Create a routing table group with just the routing table from one instance
and inet.0 to keep the routes from going to other instances.
4. Create an export policy to export routes with a specific tag and to use that tag
to export routes back into the instances. For more information, see the JUNOS
Policy Framework Configuration Guide.
Site A Site B
4 6
voice_policy other_policy
1 3
so-4/2/2.0 so-3/2/2.0
2
7 5
other_policy voice_policy
Site C Site D
1460
Sites A and D belong to the voice_policy routing instance. Sites B and C belong to
the other_policy instance. Router 1 and Router 3 at the edge of the backbone
connect the routing instances. Each runs a separate IS-IS instance (one per entity).
Router 1 runs three IS-IS instances: one each for Site A (voice_policy), Site C
(other_policy), and the backbone, otherwise known as the default instance. Router 3
also runs three IS-IS instances: one each for Site B (other_policy), Site D
(voice_policy), and the backbone (default instance).
! Routes from the default instance routing table are placed in the voice_policy and
other_policy instance routing tables.
! Routes from the voice_policy routing instance are placed in the default instance
routing table.
! Routes from the other_policy routing instance are placed in the default instance
routing table.
! Routes from the voice_policy routing instance do not enter the other_policy
instance routing table.
! Routes from the other_policy routing instance do not enter the voice_policy
instance routing table.
Configuring Router 1 The following sections describe how to configure Router 1 in the backbone entity
with multiple routing instances.
Configure the routing instances for voice-policy and other-policy. Use all routes
learned from the routing tables in the routing table group common. Export routes
tagged as belonging to the routing instance.
[edit]
routing-instances {
voice-policy {
interface so-2/2/2.0;
protocols {
isis {
rib-group voice_to_inet;
export filter-on-voice-policy;
interface so-2/2/2.0 {
level 2 metric 20;
}
}
}
routing-options {...};
}
other-policy {
interface so-4/2/2.0;
protocols {
isis {
rib-group other_to_inet;
export filter-on-other-policy;
interface so-4/2/2.0 {
level 2 metric 20;
}
}
routing-options {...};
}
}
Configure the routing table group common to share routes with the inet.0 (in the
backbone entity), voice-policy.inet.0, and other-policy.inet.0 routing tables:
[edit]
routing-options {
rib-groups {
inet_to_voice _and_other {
import-rib [ inet.0 voice-policy.inet.0 other-policy.inet.0 ];
}
}
}
Configure the routing table group common to share routes with the inet.0 (in the
backbone entity) and voice-policy.inet.0 routing tables:
[edit]
routing-options {
rib-groups {
voice_to_inet {
import-rib [ inet.0 voice-policy.inet.0 ];
}
}
}
Configure the routing table group common to share routes with the inet.0 (in the
backbone entity) and other-policy.inet.0 routing tables:
[edit]
routing-options {
rib-groups {
other_to_inet {
import-rib [ inet.0 other-policy.inet.0 ];
}
}
}
Configure the default IS-IS instance so that the routes learned from the routing
instances are installed in inet.0 and the tagged routes are exported from voice-policy
and other-policy:
[edit]
protocols {
isis {
export apply-tag;
rib-group inet_to_voice_and_other;
interface so-1/0/0.0 {
level 2 metric 20;
}
interface fxp0.0 {
disable;
}
interface lo0.0 {
passive;
}
}
}
Configure routing policy for the routes learned from the routing instances:
[edit]
policy-options {
policy-statement apply-tag {
term voice-policy {
from instance voice-policy;
then {
tag 10;
accept;
}
}
term other-policy {
from instance other-policy;
then {
tag 12;
accept;
}
}
}
policy-statement filter-on-voice-policy {
from {
tag 10;
protocol isis;
}
then {
accept;
}
}
policy-statement filter-on-other-policy {
from {
tag 12;
protocol isis;
}
then {
accept;
}
}
}
Configuring Router 3 The configuration for Router 3 is the same as for Router 1 except that the interface
names might differ. In this topology, the interface so-5/2/2.0 belongs to other-policy,
and so-3/2/2.0 belongs to voice-policy.
LDP instances are used to distribute labels from a provider edge (PE) router to a
customer edge (CE) router. LDP instances in a VPN are useful in carrier-of-carrier
networks, where data is transmitted between two or more telecommunications
carrier sites across a core provider network. Each carrier may want to restrict
Internet routes strictly to the PE routers.
An advantage of using LDP instances within a VPN is that a full-mesh internal BGP
(IBGP) is not required between the PE and CE routers. A router ID is required to
configure an instance of LDP.
routing-instances {
routing-instance-name {
interface interface-name;
instance-type vrf;
protocols {
ldp {
ldp-configuration;
}
}
}
}
For more information about configuring LDP, see the JUNOS MPLS Applications
Configuration Guide. For more information about configuring LDP over VPNs, see
the JUNOS VPNs Configuration Guide.
routing-instances {
routing-instance-name {
interface interface-name;
instance-type vrf;
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
protocols {
msdp {
msdp-configuration;
}
}
}
}
For more information about configuring MSDP, see the JUNOS Multicast Protocols
Configuration Guide. For more information about configuring multicast over VPNs,
see the JUNOS VPNs Configuration Guide.
1. Configure the OSPF or OSPFv3 default instance at the [edit protocols (ospf |
ospf3)] and [edit logical-routers logical-router-name protocols (ospf | ospf3)]
hierarchy levels with the statements needed for your network so that routes are
installed in inet.0 and in the forwarding table. Make sure to include the routing
table group.
! Interfaces
! Routing options
3. Configure a routing table group to install routes from the default route table,
inet.0, into a routing instance’s route table.
4. Configure a routing table group to install routes from a routing instance into the
default route table, inet.0.
5. Create an export policy to export routes with a specific tag and to use that tag
to export routes back into the instances. For more information, see the JUNOS
Policy Framework Configuration Guide.
Site A Site B
Router 4 Router 6
voice_policy other_policy
so-4/2/2.0 so-3/2/2.0
Router 1 Router 3
Router 2
Router 7 Router 5
other_policy voice_policy
Site C Site D
1460
Sites A and D belong to the voice_policy routing instance. Sites B and C belong to the
other_policy instance. Router 1 and Router 3 at the edge of the backbone connect
the routing instances. Each runs a separate OSPF or OSPFv3 instance (one per
entity).
Router 1 runs three OSPF or OSPFv3 instances: one each for Site A (voice_policy),
Site C (other_policy), and the backbone, otherwise known as the default instance.
Router 3 also runs three OSPF or OSPFv3 instances: one each for Site B
(other_policy), Site D (voice_policy), and the backbone (default instance).
When Router 1 runs the OSPF or OSPFv3 instances, the following occur:
! Routes from the default instance routing table are placed in the voice_policy and
other_policy instance routing tables.
! Routes from the voice_policy routing instance are placed in the default instance
routing table.
! Routes from the other_policy routing instance are placed in the default instance
routing table.
! Routes from the voice_policy routing instance do not enter the other_policy
instance routing table.
! Routes from the other_policy routing instance do not enter the voice_policy
instance routing table.
Configuring Router 1 The following sections describe how to configure Router 1 in the backbone entity
with multiple routing instances.
[edit]
routing-instances {
voice-policy {
interface so-2/2/2.0;
protocols {
(ospf | ospf3) {
rib-group voice_to_inet; # Places routes into inet.0 #
area 0.0.0.0 {
interface so-2/2/2.0;
}
}
}
routing-options {...};
}
other-policy {
interface so-4/2/2.0;
protocols {
(ospf | ospf3) {
rib-group other_to_inet; # Places routes into inet.0 #
area 0.0.0.0 {
interface so-4/2/2.0;
}
}
}
routing-options {...};
}
}
[edit]
routing-options {
rib-groups {
inet_to_voice_and_other {
import-rib [ inet.0 voice-policy.inet.0 other-policy.inet.0 ];
}
}
}
Configure the routing table group voice_to_inet to take routes from voice-policy.inet.0
and place them in the inet.0 default routing table:
[edit]
routing-options {
rib-groups {
voice_to_inet {
import-rib [ inet.0 voice-policy.inet.0 ];
}
}
}
Configure the routing table group other_to_inet to take routes from other-policy.inet.0
and place them in the inet.0 default routing table:
[edit]
routing-options {
rib-groups {
other_to_inet {
import-rib [ inet.0 other-policy.inet.0 ];
}
}
}
[edit]
protocols {
(ospf | ospf3) {
rib-group inet_to_voice_and_other; # Place prefixes from inet.0 into
area 0.0.0.0 { # voice-policy.inet.0 and
interface so-2/2/2.0; # other-policy.inet.0
interface so-4/2/2.0;
}
}
}
Configuring Router 3 The configuration for Router 3 is the same as for Router 1 except that the interface
names might differ. In this topology, the interface so-5/2/2.0 belongs to other-policy,
and so-3/2/2.0 belongs to voice-policy.
routing-instances {
routing-instance-name {
interface interface-name;
instance-type vrf;
protocols {
pim {
pim-configuration;
}
}
}
}
For more information about configuring PIM, see the JUNOS Multicast Protocols
Configuration Guide. For more information about configuring multicast over VPNs,
see the JUNOS VPNs Configuration Guide.
RIP routes learned from neighbors configured under any instance hierarchy are
added to the instance’s routing table, instance-name.inet.0.
RIP does not support routing table groups; therefore, it cannot import routes into
multiple tables as the OSPF or OSPFv3 protocol does.
routing-instances {
routing-instance-name {
interface interface-name;
instance-type vrf;
protocols {
rip {
interface interface-name;
neighbor ip-address;
}
}
}
}
Configuring an Instance
You can create multiple instances of BGP, IS-IS, OSPF, OSPFv3, RIP, and static routes
by including statements.
Each routing instance has a unique name and a corresponding IP unicast table. For
example, if you configure a routing instance with the name my-instance, its
corresponding IP unicast table will be my-instance.inet.0. All routes for my-instance
are installed into my-instance.inet.0.
Configure global routing options and protocols for the default instance by including
statements.
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
Routes are installed into the default routing instance inet.0 by default, unless a
routing instance is specified.
For details about specifying interfaces, see the JUNOS Network Interfaces
Configuration Guide.
routing-instances {
routing-instance-name {
interface interface-name;
instance-type (forwarding | l2vpn | no-forwarding | virtual-router | vpls | vrf);
no-vrf-advertise;
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
vrf-table-label;
protocols {
bgp {
bgp-configuration;
}
isis {
isis-configuration;
}
l2vpn {
l2vpn-configuration;
}
ldp {
ldp-configuration;
}
msdp {
msdp-configuration;
}
ospf {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
ospf-configuration;
}
ospf3 {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
ospf3-configuration;
}
pim {
pim-configuration;
}
rip {
rip-configuration;
}
vpls {
vpls-configuration;
}
}
routing-options {...};
}
}
Configuring VPNs
To configure virtual private networks (VPNs), see the JUNOS VPNs Configuration
Guide.
! Layer 2 VPN—Use this routing instance type for Layer 2 VPN implementations.
! Virtual router—Similar to a VPN routing and forwarding instance type, but used
for non-VPN-related applications. There are no VRF import, VRF export, VRF
target, or route distinguisher requirements for this instance type.
! VRF—Use this routing instance type for Layer 3 VPN implementations. For this
instance type, there is a one-to-one mapping between an interface and a
routing instance. Each VRF instance corresponds with a forwarding table.
Routes on an interface go into the corresponding forwarding table.
routing-instances {
routing-instance-name {
interface interface-name;
instance-type (forwarding | l2vpn | no-forwarding | virtual-router | vpls | vrf);
}
}
For more information about configuring Layer 2 VPNs, Layer 3 VPNs, and VPLS, see
the JUNOS VPNs Configuration Guide.
routing-instances {
routing-instance-name {
interface interface-name;
instance-type vrf;
no-vrf-advertise;
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
vrf-table-label;
protocols {
bgp {
bgp-configuration;
}
isis {
isis-configuration;
}
l2vpn {
l2vpn-configuration;
}
ldp {
ldp-configuration;
}
msdp {
msdp-configuration;
}
ospf {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
ospf-configuration;
}
ospf3 {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
ospf3-configuration;
}
pim {
pim-configuration;
}
rip {
rip-configuration;
}
vpls {
vpls-configuration;
}
}
routing-options {...};
}
}
routing-instances {
routing-instance-name {
interface interface-name;
instance-type virtual-router;
protocols {
bgp {
bgp-configuration;
}
isis {
isis-configuration;
}
ldp {
ldp-configuration;
}
msdp {
msdp-configuration;
}
ospf {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
ospf-configuration;
}
ospf3 {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
ospf3-configuration;
}
pim {
pim-configuration;
}
rip {
rip-configuration;
}
}
routing-options {...};
}
}
routing-instances {
routing-instance-name {
interface interface-name;
instance-type vpls;
protocols {
vpls {
vpls-configuration;
}
}
routing-options {...};
}
}
For more detailed information about configuring VPLS and Layer 2 VPN, see the
JUNOS VPNs Configuration Guide and the JUNOS Feature Guide.
We recommend that you use a unique route distinguisher for each routing instance
that you configure. Although you could use the same route distinguisher on all PE
routers for the same VPN, if you use a unique route distinguisher, you can
determine the CE router from which a route originated.
routing-instances routing-instance-name {
route-distinguisher (as-number:number | ip-address:number);
}
The route distinguisher is a 6-byte value that you can specify in one of the following
formats:
Use filter-based forwarding for service provider selection when customers have
Internet connectivity provided by different ISPs yet share a common access layer.
When a shared media (such as a cable modem) is used, a mechanism on the
common access layer looks at Layer 2 or Layer 3 addresses and distinguishes
between customers. You can use filter-based forwarding when the common access
layer is implemented using a combination of Layer 2 switches and a single router.
! Create a match filter on an ingress router. To specify a match filter, include the
filter filter-name statement at the [edit firewall] hierarchy level. For more
information about creating a match filter for packet forwarding, see the JUNOS
Policy Framework Configuration Guide. A packet that passes through the filter is
compared against a set of rules to classify it and to determine its membership
in a set. Once classified, the packet is forwarded to a routing table specified in
the accept action in the filter description language. The routing table then
forwards the packet to the next hop that corresponds to the destination address
entry in the table.
! Create routing instances that specify the routing table(s) to which a packet is
forwarded, and the destination to which the packet is forwarded at the [edit
routing-instances] or [edit logical-routers logical-router-name routing-instances]
hierarchy levels. For example:
[edit]
routing-instances {
routing-table-name1 {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 nexthop 10.0.0.1;
}
}
}
routing-table-name2 {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 nexthop 10.0.0.2;
}
}
}
}
! Create a routing table group that adds interface routes to the forwarding routing
instances used in filter-based forwarding (FBF), as well as to the default routing
instance inet.0. This part of the configuration resolves the routes installed in the
routing instances to directly connected next hops on that interface. Create the
routing table group at the [edit routing-options] or [edit logical-routers
logical-router-name routing-options] hierarchy levels.
For IPv4, the following configuration installs interface routes into the default
routing instance inet.0, as well as two forwarding routing
instances—routing-table-name1.inet.0 and routing-table-name2.inet.0:
[edit]
routing-options {
interface-routes {
rib-group inet group-name;
}
rib-groups {
group-name {
import-rib [ inet.0 routing-table-name1.inet.0
routing-table-name2.inet.0 ];
}
}
}
NOTE: Specify inet.0 as one of the routing instances that the interface routes will
be imported into. If the default instance inet.0 is not specified, interface routes
will not be imported into the default routing instance.
[edit]
policy-options {
policy-statement my-cos-forwarding {
from {
route-filter ...;
}
then {
cos-next-hop-map my-cos-map;
}
}
}
2. Create a CoS next-hop map. To specify a CoS next-hop map, include the
cos-next-hop-map statement at the [edit class-of-service] hierarchy level. For
more information about creating a CoS next-hop map, see the JUNOS Class of
Service Configuration Guide.
3. Specify the exporting of the routes to the forwarding table at the [edit
routing-options] or [edit logical-routers logical-router-name routing-options]
hierarchy levels:
[edit]
routing-options {
forwarding-table {
export my-cos-forwarding;
}
}
4. Specify a static route that has multiple next hops for load balancing at the
[edit routing-options] or [edit logical-routers logical-router-name routing-options]
hierarchy levels:
[edit]
routing-options {
static {
route 12.1.1.1/32 {
next-hop [ 3.1.1.2 3.1.1.4 3.1.1.6 3.1.1.8 ];
}
}
}
To configure secondary VRF import and export policies, include the following
statements:
[edit]
routing-instances {
routing-instance-name {
instance-type vrf;
vrf-import [ policy-names ];
vrf-export [ policy-names ];
}
}
policy-options {
policy-statement policy-name {
from community community-name;
then accept;
}
}
For more information about configuring VPNs, see the JUNOS VPNs Configuration
Guide.
! Overlapping VPNs—VPN configurations in which more than one VRF has the
same route target
NOTE: The instance-export and instance-import statements are not valid for VRF
instances. The auto-export statement is valid for VRF and non-VRF instances. The
instance-import statement automatically enables auto-export for non-VRF
instances.
The configuration statements enable the VPN AB Router CE2 to communicate with
the VPN A Router CE1 and the VPN B Router CE3, both directly connected to the
Router PE1. VPN routes that originate from the remote PE routers (the PE2 Router,
in this case) are placed in a global Layer 3 VPN routing table (bgp.l3vpn.inet.0) and
routes with appropriate route targets are imported into the routing tables, as
dictated by the VRF import policy configuration.
VPN A
192.168.197.141
CE1
VPN A
lo0 10.255.14.185
CE5
VPN B
192.168.197.242 fe-1/0/2.0
CE3
g017003
lo0 10.255.14.186
Configuring Router PE1 This section describes how to configure Router PE1 in the backbone entity for this
overlapping VPN by means of policy-based export.
[edit]
routing-instances {
VPN-A {
instance-type vrf;
interface fe-1/0/0.0;
route-distinguisher 10.255.14.175:3;
vrf-export A-out;
vrf-import A-in;
routing-options {
auto-export;
static {
route 1.1.1.1/32 next-hop fe-1/0/0.0;
route 1.1.1.2/32 next-hop fe-1/0/0.0;
}
}
}
VPN-AB {
instance-type vrf;
interface fe-1/1/0.0;
route-distinguisher 10.255.14.175:9;
vrf-export AB-out;
vrf-import AB-in;
routing-options {
auto-export;
static {
route 1.1.3.1/32 next-hop fe-1/1/0.0;
route 1.1.3.2/32 next-hop fe-1/1/0.0;
}
}
VPN-B {
instance-type vrf;
interface fe-1/0/2.0;
route-distinguisher 10.255.14.175:9;
vrf-export B-out;
vrf-import B-in;
routing-options {
auto-export;
static {
route 1.1.2.1/32 next-hop fe-1/0/2.0;
route 1.1.2.2/32 next-hop fe-1/0/2.0;
}
}
}
Configuring Router PE2 The configuration for Router PE2 is the same as that for Router PE1; however, the
interface names might differ.
There are two nonforwarding instances: data and voice. The following is the
configuration for a PE router.
[edit]
routing-instances {
data {
instance-type no-forwarding;
interface t3-0/1/3.0;
routing-options {
instance-import data-import;
auto-export;
protocols {
ospf {
export accept;
area 0.0.0.0 {
interface all;
}
}
}
}
voice {
instance-type no-forwarding;
interface t3-0/1/0.0;
routing-options {
instance-import voice-import;
auto-export;
}
protocols {
ospf {
export accept;
area 0.0.0.0 {
interface all;
}
}
}
}
}
[edit]
policy-options {
policy-statement {
master-import {
term a {
from instance master;
then {
tag 11;
accept;
}
}
term b {
from instance data;
then {
tag 10;
accept;
}
}
}
}
}
[edit]
policy-options {
policy-statement {
data-import {
term a {
from {
instance master;
tag 10;
then accept;
}
}
term b {
then reject;
}
}
voice-import {
term a {
from {
instance master;
protocol ospf;
tag 11;
}
}
term b {
then reject;
}
}
}
}
[edit]
routing-instances {
routing-instance-name {
instance-type vrf;
vrf-import [ policy-names ];
vrf-export [ policy-names ];
vrf-table-label;
}
}
For more information about configuring VPNs, see the JUNOS VPNs Configuration
Guide.
To configure a VRF target, include the vrf-target statement. Use the import and export
options to specify the allowed communities to accept from neighbors and to send to
neighbors:
routing-instances {
routing-instance-name {
vrf-target {
export community-name;
import community-name;
}
}
}
NOTE: This statement does not prevent the exportation of VPN routes to other
VRFs on the same router by configuring the [edit routing-options auto-export]
statement.
To prevent advertising VPN routes from the primary instance, include the
no-vrf-advertise statement:
routing-instances {
routing-instance-name {
no-vrf-advertise;
}
}
For more information about configuring VPNs, see the JUNOS VPNs Configuration
Guide.
For more detailed information about configuring VPNs, see the JUNOS VPNs
Configuration Guide.
Without the domain IDs, there is no way to identify which domain the routes
originated from after the OSPF or OSPFv3 routes are distributed into BGP routes
and advertised across the BGP VPN backbone. Distinguishing which OSPF or
OSPFv3 domain a route originated from allows classification of routes as Type 3
LSAs or Type 5 LSAs.
For more information about configuring export policies, see the JUNOS Policy
Framework Configuration Guide.
This extended community ID can then be carried across the BGP VPN backbone.
When the route is redistributed back as an OSPF or OSPFv3 route on the PE router
and advertised to the CE near the destination, the domain ID identifies which
domain the route originated. The routing instance checks incoming routes for the
domain ID. The route is then propagated as either a Type 3 LSA or Type 5 LSA.
When a PE router receives a route, it redistributes and advertises the route as either
a Type 3 LSA or a Type 5 LSA, depending on the following:
! If the receiving PE router sees a Type 3 route with a matching domain ID, the
route is redistributed and advertised as a Type 3 LSA.
! If the receiving PE router sees a Type 3 route with a non-matching domain ID,
the route is redistributed and advertised as a Type 5 LSA.
! If the receiving PE router sees a Type 3 route with a domain ID, but the router
does not have a domain ID configured, the route is redistributed and advertised
as a Type 5 LSA.
! If the receiving PE router sees a Type 5 route, the route is redistributed and
advertised as a Type 5 LSA, regardless of the domain ID.
On the local PE router, the prefix of the directly connected PE/CE interface is an
active direct route. This route is also an OSPF or OSPFv3 route.
In the VRF export policy, the direct prefix is exported to advertise the route to the
remote PE. This route is injected as an AS-External-LSA, much as when a direct
route is exported into OSPF or OSPFv3.
(ospf | ospfv3) {
domain-id domain-id;
}
If the router ID is not configured in the routing instance, the router ID is derived
from an interface address belonging to the routing instance.
You can set a VPN tag for the OSPF or OSPFv3 external routes generated by the PE
router. This prevents looping when a domain ID is used as an alternate route
preference. By default, this tag is automatically calculated and needs no
configuration. To configure the domain VPN tag for Type 5 LSAs, include the
domain-vpn-tag number statement:
(ospf | ospfv3) {
domain-vpn-tag number;
}
The range is from 1 through 4,294,967,295. If you set VPN tags manually, you
must set the same value for all PE routers in the VPN.
routing-instances routing-instance-name {
protocols {
(ospf | ospfv3) {
route-type-community (iana | vendor);
}
}
}
The domain-id setting in the routing instance is for a match on inbound Layer 3 VPN
routes. A VRF export policy must be explicitly set for the outbound extended
community domain-id attribute. You must configure an export policy to attach the
domain ID to outgoing routes. To configure an export policy to attach the domain
ID and route distinguisher to the extended community ID on outbound routes,
include the community statement:
policy-statement policy-name {
term term-name {
from protocol (ospf | ospfv3);
then {
community add community-name;
accept;
}
}
term b {
then reject;
}
}
community community-name members [ target:target-id domain-id:domain-id];
community name {
members [ community-ids ];
}
! [edit policy-options]
[edit]
routing-instances {
CE_A {
instance-type vrf;
interface ge-0/1/0.0;
route-distinguisher 1:100;
vrf-import vrf_import_routes;
vrf-export vrf_export_routes;
protocols {
ospf {
domain-id 1.1.1.1; #match for inbound routes
route-type-community vendor;
export vrf_import_routes;
area 0.0.0.0 {
interface ge-0/1/0.0;
}
}
}
}
}
policy-options {
policy-statement vrf_export_routes {
term a {
from protocol ospf;
then {
community add export_target;
accept;
}
}
term b {
then reject;
}
}
community export_target members [ target:1:100 domain-id:1.1.1.1:0 ];
}
[edit]
routing-options {
interface-routes {
rib-group inet inet_to_site_A;
}
}
[edit]
rib-groups {
inet_to_site_A {
import-rib [ inet.0 site_A.inet.0 ];
}
}
[edit]
protocols {
ospf {
rib-group inet_to_site_A;
}
}
[edit]
policy-options {
policy-statement announce_to_ce {
term a {
from {
protocol direct;
interface lo0.0;
}
then accept;
}
}
}
[edit]
routing-instances {
site_A {
protocols {
ospf {
export announce_to_ce;
}
}
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
Specify the log-only option to generate warning messages only (an advisory limit).
Specify the threshold option to generate warnings before the limit is reached.
Specify the log-interval option to configure the minimum time interval between log
messages.
There are two modes for route limits: advisory and mandatory. An advisory limit
triggers warnings. A mandatory limit rejects additional routes after the limit is
reached.
For more information about configuring VPNs, see the JUNOS VPNs Configuration
Guide.
If you are using BGP on the router, you must configure an AS number.
independent-domain;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
This chapter provides a reference for each of the routing instance configuration
statements. The statements are organized alphabetically.
description
Description Provide a text description for the routing instance. If the text includes one or more
spaces, enclose it in quotation marks (" "). Any descriptive text you include is
displayed in the output of the show route instance detail command and has no
effect on the operation of the routing instance.
forwarding-options
description ! 233
JUNOS 8.1 Routing Protocols Configuration Guide
instance-type
Default no-forwarding
Options forwarding—Provide support for filter-based forwarding, where interfaces are not
associated with instances. All interfaces belong to the default instance. Other
instances are used for populating RPD learned routes. See “Configuring
Filter-Based Forwarding” on page 215.
l2vpn—Provide support for Layer 2 VPNs. For more detailed information about
configuring VPNs, see the JUNOS VPNs Configuration Guide.
virtual-router—Similar to a VPN routing and forwarding instance type, but used for
non-VPN-related applications. There are no VRF import, VRF export, VRF
target, or route distinguisher requirements for this instance type.
vpls—Virtual private local-area network (LAN) service. Use this routing instance
type for point-to-multipoint LAN implementations between a set of sites in a
VPN. For more information about configuring VPLS, see the JUNOS VPNs
Configuration Guide.
vrf—VPN routing and forwarding instance. Provides support for Layer 3 VPNs,
where interface routes for each instance go into the corresponding forwarding
table only. For more information about configuring VPNs, see the JUNOS VPNs
Configuration Guide.
Usage Guidelines See “Configuring an Instance” on page 209 and the JUNOS VPNs Configuration
Guide.
234 ! instance-type
Chapter 10: Summary of Routing Instances Configuration Statements
interface
Description Identify the logical, private interface between the provider edge (PE) router and the
customer edge (CE) router on the PE side.
no-vrf-advertise
Syntax no-vrf-advertise;
Description Prevent advertising VPN routes from a VRF instance to remote PEs.
interface ! 235
JUNOS 8.1 Routing Protocols Configuration Guide
protocols
Syntax protocols {
bgp {
bgp-configuration;
}
isis {
isis-configuration;
}
ldp {
ldp-configuration;
}
msdp {
msdp-configuration;
}
ospf {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
ospf-configuration;
}
ospf3 {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
ospf3-configuration;
}
pim {
pim-configuration;
}
rip {
rip-configuration;
}
}
Description Specify the protocol for a routing instance. You can configure multiple instances of
the following supported protocols: BGP, IS-IS, LDP, MSDP, OSPF, OSPFv3, PIM, and
RIP.
Options bgp—Specify the Border Gateway Protocol for a routing instance. For a description
of the BGP configuration statements, see “BGP Configuration Guidelines” on
page 533.
ldp—Specify the Label Distribution Protocol for a routing instance. For more
information about configuring LDP, see the JUNOS MPLS Applications
Configuration Guide.
236 ! protocols
Chapter 10: Summary of Routing Instances Configuration Statements
msdp—Specify the Multicast Source Discovery Protocol for a routing instance. For
more information about configuring MSDP, see the JUNOS Multicast Protocols
Configuration Guide.
ospf—Specify the Open Shortest Path First protocol for a routing instance. For a
description of the OSPF configuration statements, see “OSPF Configuration
Guidelines” on page 349.
ospf3—Specify the Open Shortest Path First Version 3 protocol for a routing
instance. For a description of the OSPFv3 configuration statements, see “OSPF
Configuration Guidelines” on page 349.
NOTE: OSPFv3 supports the no-forwarding and vrf routing instance types only.
Usage Guidelines See“Configuring Multiple Instances of BGP” on page 197, “Configuring Multiple
Instances of IS-IS” on page 198, “Configuring Multiple Instances of LDP” on
page 203, “Configuring Multiple Instances of MSDP” on page 204, “Configuring
Multiple Instances of OSPF” on page 204, “Configuring Multiple Instances of PIM”
on page 208, and “Configuring Multiple Instances of RIP” on page 209.
route-distinguisher
Description An identifier attached to a route, enabling you to distinguish to which VPN the route
belongs. Each routing instance must have a unique route distinguisher associated
with it. The route distinguisher is used to place bounds around a VPN so that the
same IP address prefixes can be used in different VPNs without having them
overlap. If the instance type is vrf, the route-distinguisher statement is required.
route-distinguisher ! 237
JUNOS 8.1 Routing Protocols Configuration Guide
routing-instances
Description Configure an additional routing entity for a router. You can create multiple
instances of BGP, IS-IS, OSPF, OSPFv3, and RIP for a router.
Usage Guidelines See “Routing Instances Configuration Guidelines” on page 185 and the JUNOS Policy
Framework Configuration Guide.
routing-options
vrf-export
Default If the instance-type is vrf, vrf-export is a required statement. The default action is to
reject.
Usage Guidelines See “Configuring Secondary VRF Import and Export Policy” on page 218.
238 ! routing-instances
Chapter 10: Summary of Routing Instances Configuration Statements
vrf-import
Description How routes are imported into the local PE router's VPN routing
table—instance-name.inet.0—from the remote PE router.
Default If the instance-type is vrf, vrf-import is a required statement. The default action is to
accept.
Usage Guidelines See “Configuring Secondary VRF Import and Export Policy” on page 218.
vrf-table-label
Syntax vrf-table-label;
Description Enable mapping of the inner label of a packet to a specific VRF, thereby allowing
the examination of the encapsulated IP header. All routes in the VRF configured
with this option are advertised with the label allocated per VRF.
vrf-import ! 239
JUNOS 8.1 Routing Protocols Configuration Guide
vrf-target
Syntax vrf-target {
community;
import community;
export community;
Description Configure a single policy for import and a single policy for export to replace the
per-VRF policies for every community.
240 ! vrf-target
Part 4
Interior Gateway Protocols
IS-IS is a link-state IGP that uses the shortest path first (SPF) algorithm to determine
routes. IS-IS evaluates the topology changes and determines whether to perform a
full SPF recalculation or a partial route calculation (PRC). This protocol originally
was developed for routing International Organization for Standardization (ISO)
Connectionless Network Protocol (CLNP) packets.
NOTE: Because IS-IS uses ISO addresses, the configuration of the Internet Protocol
version 6 (IPv6) and Internet Protocol version 4 (IPv4) implementations of IS-IS is
identical.
This chapter discusses the following topics that provide background information
about IS-IS:
IS-IS Standards
IS-IS is defined in the following documents:
! ISO 9542, End System to Intermediate System Routing Exchange Protocol for Use
in Conjunction with the Protocol for the Provision of the Connectionless-mode
Network Service
! RFC 1195, Use of OSI IS-IS for Routing in TCP/IP and Dual Environments
To access Internet Requests for Comments (RFCs) and drafts, go to the Internet
Engineering Task Force (IETF) Web site at http://www.ietf.org.
IS-IS Terminology
An IS-IS network is a single autonomous system (AS), also called a routing domain,
that consists of end systems and intermediate systems. End systems are network
entities that send and receive packets. Intermediate systems send and receive
packets and relay (forward) packets. (Intermediate system is the Open System
Interconnection [OSI] term for a router.) ISO packets are called network protocol
data units (PDUs).
In IS-IS, a single AS can be divided into smaller groups called areas. Routing
between areas is organized hierarchically, allowing a domain to be administratively
divided into smaller areas. This organization is accomplished by configuring Level 1
and Level 2 intermediate systems. Level 1 systems route within an area; when the
destination is outside an area, they route toward a Level 2 system. Level 2
intermediate systems route between areas and toward other ASs.
An end system can have multiple NSAP addresses, in which case the addresses
differ only by the last byte (called the n-selector). Each NSAP represents a service
that is available at that node. In addition to having multiple services, a single node
can belong to multiple areas.
Each network entity also has a special network address called a network entity title
(NET). Structurally, an NET is identical to an NSAP address but has an n-selector of
00. Most end systems and intermediate systems have one NET. Intermediate
systems that participate in multiple areas can have multiple NETs.
49.0001.00a0.c96b.c490.00
49.0001.2081.9716.9018.00
The first portion of the address is the area number, which is a variable number
from 1 through 13 bytes. The first byte of the area number (49) is the authority and
format indicator (AFI). The next bytes are the assigned domain (area) identifier,
which can be from 0 through 12 bytes. In the examples above, the area identifier is
0001.
The next six bytes form the system identifier. The system identifier can be any six
bytes that are unique throughout the entire domain. The system identifier
commonly is the media access control (MAC) address (as in the first example,
00a0.c96b.c490) or the IP address expressed in binary-coded decimal (BCD) (as in
the second example, 2081.9716.9018, which corresponds to IP address
208.197.169.18). The last byte (00) is the n-selector.
To provide help with IS-IS debugging, the JUNOS software supports dynamic
mapping of ISO system identifiers to the hostname. Each system can be configured
with a hostname, which allows the system identifier-to-hostname mapping to be
carried in a dynamic hostname type length value (TLV) in IS-IS link-state protocol
data units (LSP) packets. This permits ISs in the routing domain to learn about the
ISO system identifier of a particular IS.
IS-IS Packets
IS-IS uses the following protocol data units (PDUs) to exchange protocol
information:
NOTE: Whenever possible, use IS-IS IGP shortcuts instead of traffic engineering
shortcuts.
The traffic engineering extensions are defined in IS-IS Extensions for Traffic
Engineering, Internet draft draft-isis-traffic-traffic-02.
NOTE: Route tagging does not work when IS-IS traffic engineering is disabled.
protocols {
isis {
clns-routing;
disable;
ignore-attached-bit;
graceful-restart {
disable;
helper-disable;
restart-duration seconds;
}
label-switched-path name level level metric metric;
level level-number {
authentication-key key;
authentication-type authentication;
external-preference preference;
no-csnp-authentication;
no-hello-authentication;
no-psnp-authentication;
preference preference;
prefix-export-limit number;
wide-metrics-only;
}
loose-authentication-check;
lsp-lifetime seconds;
no-adjacency-holddown;
no-authentication-check;
no-ipv4-routing;
no-ipv6-routing;
overload {
advertise-high-metrics;
<timeout seconds>;
}
reference-bandwidth reference-bandwidth;
rib-group {
inet group-name;
inet6 group-name;
}
spf-delay milliseconds;
! 247
JUNOS 8.1 Routing Protocols Configuration Guide
topologies {
ipv4-multicast;
ipv6-multicast;
ipv6-unicast;
}
traffic-engineering {
disable;
ipv4-multicast-rpf-routes;
shortcuts <ignore-lsp-metrics>;
}
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
interface interface-name {
disable;
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number;
version (0 | 1 | automatic);
}
checksum;
csnp-interval (seconds | disable);
hello-padding (adaptive | loose | strict);
ldp-synchronization {
disable;
hold-time seconds;
}
lsp-interval milliseconds;
mesh-group (value | blocked);
no-clns-unicast;
no-ipv4-multicast;
no-ipv6-multicast;
no-ipv6-unicast;
no-unicast-topology;
passive;
point-to-point;
248 !
Chapter 12: IS-IS Configuration Guidelines
level level-number {
disable;
hello-authentication-key key;
hello-authentication-type authentication;
hello-interval seconds;
hold-time seconds;
ipv4-multicast-metric number;
ipv6-multicast-metric number;
ipv6-unicast-metric number;
metric metric;
clns-unicast-metric metric;
passive;
priority number ;
te-metric metric;
}
}
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
By default, IS-IS is enabled for Level 1 and Level 2 routers on all interfaces on which
an International Standards Organization (ISO) address is configured.
This chapter discusses the following topics that provide information about
configuring IS-IS:
! 249
JUNOS 8.1 Routing Protocols Configuration Guide
! Installing a Default Route to the Nearest Level 1/Level 2 Router on page 280
interfaces {
lo0 {
unit logical-unit-number {
family iso {
address address;
}
}
}
type-fpc/pic/port {
unit logical-unit-number {
family iso;
}
}
}
protocols {
isis {
interface all;
}
}
NOTE: To create the IS-IS interface, you must also configure IS-IS at the [protocols
isis] hierarchy level. If you want the JUNOS software to create IS-IS interfaces
automatically, include the interface-all option at the [protocols isis] hierarchy level.
You can also configure more fine-grained authentication for hello packets. To do
this, see “Configuring Authentication for Hello Packets” on page 259.
authentication-type authentication;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
authentication-key key;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
The password can contain up to 255 characters. If you include spaces, enclose all
characters in quotation marks (" ").
If you are using the JUNOS IS-IS software with another implementation of IS-IS, the
other implementation must be configured to use the same password for the
domain, the area, and all interfaces that are shared with a JUNOS implementation.
no-authentication-check;
no-hello-authentication;
no-psnp-authentication;
no-csnp-authentication;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
interface interface-name {
disable;
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number;
version (0 | 1 | automatic);
}
checksum;
csnp-interval (seconds | disable);
ldp-synchronization {
disable;
hold-time seconds;
}
lsp-interval milliseconds;
mesh-group (value | blocked);
no-ipv4-multicast;
no-ipv6-multicast;
no-ipv6-unicast;
no-unicast-topology;
passive;
level level-number {
disable;
hello-authentication-type authentication;
hello-authentication-key key;
hello-interval seconds;
hold-time seconds;
ipv4-multicast-metric number;
ipv6-multicast-metric number;
ipv6-unicast-metric number;
metric metric;
passive;
priority number ;
te-metric metric;
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
For interface-name, specify the full interface name, including the physical and logical
address components. To configure all interfaces, specify the interface name as all.
For information about configuring interfaces, see the JUNOS Network Interfaces
Configuration Guide.
Enabling Checksum
You can enable checksum for packets on a per-interface basis. To enable
checksum, include the checksum statement:
checksum;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
csnp-interval seconds;
To configure the interface not to send any CSN packets, specify the disable option:
csnp-interval disable;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
To create a mesh group and designate that an interface is part of the group, assign a
mesh-group number to all the router interfaces in the group:
mesh-group value;
To prevent an interface in the mesh group from flooding LSPs, configure blocking
on that interface:
mesh-group blocked;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
cost = reference-bandwidth/bandwidth
reference-bandwidth reference-bandwidth;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
For example, if you set the reference bandwidth to 1 Gbps (that is,
reference-bandwidth is set to 1,000,000,000), a 100-Mbps interface has a default
metric of 10.
For more information about IS-IS interface metrics, see “Modifying the IS-IS Metric”
on page 260.
By default, the JUNOS software supports the sending and receiving of wide metrics.
The JUNOS software allows a maximum metric value of 63 and generates both pairs
of TLVs. To configure IS-IS to generate only the new pair of TLVs and thus to allow
the wider range of metric values, include the wide-metrics-only statement:
wide-metrics-only;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
By default, Level 1 IS-IS internal routes have a preference value of 15, Level 2 IS-IS
internal routes have a preference of 18, Level 1 IS-IS external routes have a
preference of 160, and Level 2 external routes have a preference of 165. To change
the preference values, include the preference statement (for internal routes) or the
external-preference statement:
external-preference preference;
preference preference;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
prefix-export-limit number ;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can configure one Level 1 routing process and one Level 2 routing process on
each interface, and you can configure the two levels differently.
level level-number {
disable;
hello-authentication-key key;
hello-authentication-type authentication;
hello-interval seconds;
hold-time seconds;
ipv4-multicast-metric number;
ipv6-multicast-metric number;
ipv6-unicast-metric number;
metric metric;
passive;
priority number ;
te-metric metric;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
The statements within the level statement allow you to perform the following tasks
when configuring the following optional level-specific properties:
! Configuring the Priority for Becoming the Designated Router on page 261
disable;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Enabling IS-IS on an interface (by including the interface statement at the [edit
protocols isis] hierarchy level), disabling it (by including the disable statement), and
not actually having IS-IS run on an interface (by including the passive statement)
are mutually exclusive states.
protocols {
isis {
traceoptions {
file isis size 1m files 10;
flag spf;
flag lsp;
flag error;
}
interface so-0/0/0 {
level 2 {
disable;
}
}
}
}
passive;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Enabling IS-IS on an interface (by including the interface statement at the [edit
protocols isis] hierarchy level), disabling it (by including the disable statement), and
not actually having IS-IS run on an interface (by including the passive statement)
are mutually exclusive states.
NOTE: If neither passive mode nor family ISO are configured on the IS-IS interface,
then the router treats the interface as not being operational and no direct
IPv4/IPv6 routes are exported into IS-IS.
hello-authentication-type authentication;
hello-authentication-key key;
hello-authentication-type authentication;
hello-authentication-key key;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
To modify how often the router sends hello packets out of an interface, include the
hello-interval statement:
hello-interval seconds;
You can send out hello packets in sub-second intervals. To send out hello packets
every 333 milliseconds, set the hello-interval value to 1.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To modify the hold-time value on the local router, include the hold-time statement:
hold-time seconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
metric metric;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
For more information about IS-IS interface metrics, see “Modifying the Interface
Metric” on page 255.
te-metric metric;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
priority number ;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
passive;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
lsp-interval milliseconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To advertise the maximum cost metric until LDP is operational for LDP
synchronization, include the ldp-synchronization statement:
ldp-synchronization {
disable;
hold-time seconds;
}
NOTE: When an interface has been in the holddown state for more than three
minutes, a syslog message with a warning level is sent. This message appears in
both the messages file and the trace file.
For a list of hierarchy levels at which you can configure these statements, see the
statement summary section for these statements.
lsp-lifetime seconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
The LSP refresh interval is derived from the LSP lifetime and is equal to the lifetime
minus 317 seconds.
! Use the label-switched path metric configured for the label-switched path under
MPLS.
! If you do not configure any of the above, use the default IS-IS metric of 10.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
For more information about advertising label-switched paths, see the JUNOS
Software MPLS Applications Configuration Guide.
You configure or disable overload mode in IS-IS with or without a timeout. Without
a timeout, overload mode is set until it is explicitly deleted from the configuration.
With a timeout, overload mode is set if the time elapsed since the IS-IS instance
started is less than the specified timeout.
A timer is started for the difference between the timeout and the time elapsed since
the instance started. When the timer expires, overload mode is cleared. In overload
mode, the router IS-IS advertisements are originated with the overload bit set. This
causes the transit traffic to avoid the overloaded router and take paths around the
router. However, the overloaded router's own links are still accessible.
In overload mode, the router advertisement is originated with all the transit router
links (except stub) set to a metric of 0xFFFF. The stub router links are advertised
with the actual cost of the interfaces corresponding to the stub. This causes the
transit traffic to avoid the overloaded router and take paths around the router.
However, the overloaded router's own links are still accessible.
You can configure the local router so that it appears to be overloaded. You might
want to do this when you want the router to participate in IS-IS routing, but do not
want it to be used for transit traffic. (Note that traffic to immediately attached
interfaces continues to transit the router.) To mark the router as overloaded, include
the overload statement:
overload {
advertise-high-metrics;
<timeout seconds>;
}
To advertise maximum link metrics in NLRIs instead of setting the overload bit,
include the advertise-high-metrics option when specifying the overload statement:
advertise-high-metrics;
To specify the number of seconds at which overload is reset, include the timeout
option when specifying the overload statement:
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
spf-delay milliseconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can configure graceful restart parameters specifically for IS-IS. To do this,
include the graceful-restart statement:
graceful-restart {
helper-disable;
restart-duration seconds;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To disable graceful restart for IS-IS, specify the disable statement. Helper mode is
enabled by default. To disable the graceful restart helper capability, specify the
helper-disable statement. To configure a time period for complete restart, specify
the restart-duration statement. You can specify a number between 1 and 3600. The
default value is 90 seconds.
The point-to-point statement affects only IS-IS protocol procedures on that interface;
all other protocols will continue to treat the interface as a LAN interface. Only two
IS-IS routers can be connected to the LAN interface and both must be configured as
point-to-point.
point-to-point;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
! Install IPv4 Routes into the Multicast Routing Table on page 267
When configuring traffic engineering support, you can also configure IS-IS to use
metric values greater than 63, as described in “Enabling Wide Metrics for Traffic
Engineering” on page 255.
NOTE: Whenever possible, use IS-IS IGP shortcuts instead of traffic engineering
shortcuts.
If you enable IS-IS traffic engineering shortcuts and if there is a label-switched path
to a point along the path to that prefix, IS-IS installs the prefix in the inet.3 routing
table and uses the label-switched path as a next hop. The net result is that for BGP
egress routers for which there is no LSP, BGP automatically uses a label-switched
path along the path to reach the egress router.
traffic-engineering {
shortcuts <ignore-lsp-metrics>;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Because the inet.3 routing table is present only on ingress routers, you can
configure label-switched path shortcuts only on these routers.
For more information about configuring label-switched paths and MPLS, see the
JUNOS MPLS Applications Configuration Guide.
traffic-engineering {
disable;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To install routes into the multicast routing table for RPF checks, include the
ipv4-multicast-rpf-routes statement:
traffic-engineering {
ipv4-multicast-rpf-routes;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number ;
version (0 | 1 | automatic);
}
To specify the minimum transmit and receive interval for failure detection, include
the minimum-interval statement:
minimum-interval milliseconds;
NOTE: Specifying an interval smaller than 300ms can cause undesired BFD
flapping.
To specify the minimum receive interval for failure detection, include the
minimum-receive-interval statement:
minimum-receive-interval milliseconds;
To specify the minimum transmit interval for failure detection, include the
minimum-transmit-interval statement:
minimum-transmit-interval milliseconds;
To specify the detection time multiplier for failure detection, include the multiplier
statement:
multiplier number ;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
To specify the BFD version used for detection, include the version statement:
version (0 | 1 | automatic);
loose-authentication-check;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
no-adjacency-holddown;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
As an OSI Layer 2 protocol, IS-IS does not support data fragmentation. Therefore,
maximum packet sizes must be established and supported between two routers.
During adjacency establishment, the IS-IS protocol makes sure that the link
supports a packet size of 1,492 bytes by padding outgoing hello packets up to the
maximum packet size of 1,492 bytes.
! Loose padding (the default). The hello packet is padded from the initial
detection of a new neighbor until the adjacency transitions to the Up state.
Loose padding may not be able to detect certain situations such as
asymmetrical MTUs between the routers. Specify the loose option to configure
enough padding to initialize an adjacency to neighbors.
! Strict padding. Padding is done on all interface types and for all adjacency
states, and is continuous. Strict padding has the most overhead. The advantage
is that strict padding detects MTU issues on both sides of a link. Specify the
strict option to configure padding to allow all adjacency states with neighbors.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary sections for this statement.
You can use IS-IS as the IGP to carry ISO CLNS routes through a network.
clns-routing;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can configure a pure CLNS network by disabling IPv4 and IPv6 for IS-IS.
no-ipv4-routing;
no-ipv6-routing;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary section for these statements.
You can export BGP routes into Layer 2 IS-IS by configuring an export policy and
applying the policy to IS-IS. You can export BGP routes from a specific VRF instance
into IS-IS by configuring and applying an export policy at the [edit routing-instance
instance-name protocols isis] hierarchy level. ES-IS routes from one routing instance
cannot be exported into a Layer 1 IS-IS area of another routing instance.
To configure an export policy to export BGP routes into IS-IS, include the
policy-statement statement:
policy-statement policy-name {
from {
protocol bgp;
family iso;
}
then {
accept;
}
}
To apply an export policy, include the export statement at the [edit protocols isis]
hierarchy level:
export policy-name;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for these statements.
For more information on policy configuration, see the JUNOS Policy Framework
Configuration Guide.
You can also export routes from protocols other than BGP into IS-IS. ES-IS routes are
exported to IS-IS by default. You can export ES-IS routes into IS-IS by configuring a
routing policy.
For information on CLNS, see the J-series Services Router Advanced WAN Access
Configuration Guide.
policy-options {
policy-statement dist-bgp {
from {
protocol bgp;
family iso;
}
then accept;
}
policy-statement dist-static {
from {
protocol static;
family iso;
}
then accept;
}
}
protocols {
isis {
traceoptions {
file isis size 5m world-readable;
flag error;
}
export dist-static;
no-ipv6-routing;
no-ipv4-routing;
clns-routing;
interface fe-0/0/1.0;
interface t1-0/2/1.0;
interface fxp0.0 {
disable;
}
interface lo0.0;
}
}
routing-instances {
aaaa {
instance-type vrf;
interface lo0.1;
interface t1-3/0/0.0;
interface fe-5/0/1.0;
route-distinguisher 10.245.245.1:1;
vrf-target target:11111:1;
protocols {
isis {
export dist-bgp;
no-ipv4-routing;
no-ipv6-routing;
clns-routing;
interface all;
}
}
}
}
Disabling IS-IS
To disable IS-IS on the router without removing the IS-IS configuration statements
from the configuration, include the disable statement:
isis {
disable;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
[edit protocols]
user@host# delete isis disable
[edit protocols]
user@host# show
isis;
! Router does not advertise the NLPID for IPv4 in JUNOS software 0th LSP
fragment
! Router does not advertise any IPv4 prefixes in JUNOS software LSPs
! Router does not advertise the NLPID for IPv4 in JUNOS software hello packets
! Router does not advertise any IPv4 addresses in JUNOS software hello packets
isis {
no-ipv4-routing;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
[edit protocols]
user@host# delete isis no-ipv4-routing
! Router does not advertise the NLPID for IPv6 in JUNOS software 0th LSP
fragment
! Router does not advertise any IPv6 prefixes in JUNOS software LSPs
! Router does not advertise the NLPID for IPv6 in JUNOS software hello packets
! Router does not advertise any IPv6 addresses in JUNOS software hello packets
isis {
no-ipv6-routing;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
[edit protocols]
user@host# delete isis no-ipv6-routing
For each protocol, you control which routes the protocol stores in the routing table
and which routes the routing table exports into the protocol from the routing table
by defining a routing policy for that protocol. For information about defining routing
policy, see the JUNOS Policy Framework Configuration Guide.
To apply routing policies that affect how the routing protocol process (rpd) exports
routes into IS-IS, include the export statement:
export [ policy-names ];
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
NOTE: For IS-IS, you cannot apply routing policies that affect how routes are
imported into the routing table; doing so with a link-state protocol can easily lead
to an inconsistent topology database.
policy-options {
policy-statement usc-hosts-only {
term first {
from {
route-filter 128.125.0.0/16 upto /31;
}
then reject;
}
then accept;
}
}
protocols {
isis {
export usc-hosts-only;
}
}
Define a policy that takes Border Gateway Protocol (BGP) routes from the Edu
community and places them into IS-IS with a metric of 14. Apply the policy to
routes exported from the routing table into IS-IS:
protocols {
isis {
export edu-to-isis;
}
}
policy-options {
community Edu members 666:5;
policy-statement edu-to-isis {
from {
protocol bgp;
community Edu;
}
to protocol isis;
then metric 14;
}
}
Define a policy that rejects all IS-IS Level 1 routes so that none are exported into
IS-IS:
policy-options {
policy-statement level1 {
term first {
from level 1;
then reject;
}
then accept;
}
}
protocols {
isis {
export level1;
interface fxp0;
}
}
Define a routing policy to export IS-IS Level 1 internal-only routes into Level 2:
[edit]
protocols {
isis {
export L1-L2;
}
}
policy-statement L1-L2 {
term one {
from {
level 1;
external;
}
then reject;
}
term two {
from level 1;
to level 2;
then accept;
}
}
[edit]
protocols {
isis {
export L2-L1;
}
}
policy-statement L2-L1 {
term one {
from level 2;
to level 1;
then accept;
}
}
In certain instances, the unicast routing table used for the RPF check is also the
table used for forwarding unicast data packets. Thus, unicast and multicast routing
are congruent. In other cases, where it is preferred that multicast routing be
independent of unicast routing, the multicast routing protocols are configured to
perform the RPF check using an alternate unicast routing table inet.2.
You can configure IS-IS to calculate an alternate IPv4 multicast topology, in addition
to the normal IPv4 unicast topology, and add the corresponding routes to inet.2.
The IS-IS interface metrics for the multicast topology can be configured
independently of the unicast metrics. You can also selectively disable interfaces
from participating in the multicast topology while continuing to participate in the
regular unicast topology. This lets you exercise control over the paths that multicast
data takes through a network so that it is independent of unicast data paths.
You can also configure IS-IS to calculate an alternate IPv6 multicast topology, in
addition to the normal IPv6 unicast topology.
To enable an alternate IPv4 multicast topology for IS-IS, include the ipv4-multicast
statement:
ipv4-multicast;
To configure the multicast metric for an alternate multicast topology, include the
ipv4-multicast-metric statement:
ipv4-multicast-metric number;
To exclude an interface from the multicast topology for IS-IS, include the
no-ipv4-multicast statement:
no-ipv4-multicast;
To enable an alternate IPv6 multicast topology for IS-IS, include the ipv6-multicast
statement:
ipv6-multicast;
To configure the multicast metric for an alternate IPv6 multicast topology, include
the ipv6-multicast-metric statement:
ipv6-multicast-metric number;
To exclude an interface from the IPv6 multicast topology for IS-IS, include the
no-ipv4-multicast statement:
no-ipv6-multicast;
To exclude an interface from the IPv4 unicast topologies for IS-IS, include the
no-ipv4-multicast statement:
no-unicast-topology;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
To enable an alternate IPv6 unicast topology for IS-IS, include the ipv6-unicast
statement:
isis {
topologies {
ipv6-unicast;
}
}
isis {
interface interface-name {
level level-number {
ipv6-unicast-metric number;
}
}
}
To exclude an interface from the IPv6 unicast topologies for IS-IS, include the
no-ipv6-unicast statement:
isis {
interface interface-name {
no-ipv6-unicast;
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
L1 L2
A B C
L2 L2
Area X
L2 L1
D E F
g017004
Area Y
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can specify the following IS-IS–specific trace options in the IS-IS flag statement:
! all—Everything
! error—Errored packets
! general—General events
! hello—Hello packets
! normal—Normal events
! policy—Policy processing
! route—Routing information
! state—State transitions
You can optionally specify one or more of the following flag modifiers:
NOTE: Use the traceoption flags detail and all with caution. These flags may cause
the CPU to become very busy.
For information about tracing and global tracing options, see “Tracing Global
Routing Protocol Operations” on page 114.
[edit]
protocols {
isis {
traceoptions {
file isis-log size 1m files 10;
flag spf;
flag lsp;
flag error;
flag normal;
}
}
}
Trace only unusual or abnormal operations to the file routing-log, and trace detailed
information about all IS-IS packets to the file isis-log:
[edit]
routing-options {
traceoptions {
file routing-log;
}
}
protocols {
isis {
traceoptions {
file isis-log size 10k files 5;
flag csn detail;
flag hello detail;
flag lsp detail;
flag psn detail;
}
}
}
[edit]
protocols {
isis {
traceoptions {
file isis-log;
flag lsp detail;
}
}
}
IS-IS LSP packets that contain errors are discarded by default. To log these errors,
specify the error tracing operation:
[edit]
protocols {
isis {
traceoptions {
file isis-log;
flag error;
}
}
}
authentication-key
Description Authentication key (password). Neighboring routers use the password to verify the
authenticity of packets sent from this interface. For the key to work, you also must
include the authentication-type statement.
All routers must use the same password. If you are using the JUNOS IS-IS software
with another implementation of IS-IS, the other implementation must be
configured to use the same password for the domain, the area, and all interfaces
adjacent to the Juniper router.
Default If you do not include this statement and the authentication-type statement, IS-IS
authentication is disabled.
authentication-key ! 285
JUNOS 8.1 Routing Protocols Configuration Guide
authentication-type
Description Enable authentication and specify the authentication scheme for IS-IS. If you enable
authentication, you must specify a password by including the authentication-key
statement.
Default If you do not include this statement and the authentication-key statement, IS-IS
authentication is disabled.
286 ! authentication-type
Chapter 13: Summary of IS-IS Configuration Statements
bfd-liveness-detection
Syntax bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number;
version (0 | 1 | automatic);
}
bfd-liveness-detection ! 287
JUNOS 8.1 Routing Protocols Configuration Guide
checksum
Syntax checksum;
Description Enable checksum for packets on this interface. Checksum cannot be enabled with
MD5 hello authentication on the same interface.
clns-routing
Syntax clns-routing;
Usage Guidelines See “Configuring Support for Connectionless Network Services” on page 270.
See Also J-series Services Router Advanced WAN Access Configuration Guide.
288 ! checksum
Chapter 13: Summary of IS-IS Configuration Statements
csnp-interval
Description Configure the interval between complete sequence number (CSN) packets on a LAN
interface.
csnp-interval ! 289
JUNOS 8.1 Routing Protocols Configuration Guide
disable
See the following sections:
disable (IS-IS)
Syntax disable;
Description Disable IS-IS on the router, on an interface, or on a level. At the [edit protocols isis
traffic-engineering] hierarchy level, disable IS-IS support for traffic engineering.
Enabling IS-IS on an interface (by including the interface statement at the [edit
protocols isis] or the [edit routing-instances routing-instance-name protocols isis]
hierarchy level), disabling it (by including the disable statement), and not actually
having IS-IS run on an interface (by including the passive statement) are mutually
exclusive states.
Default IS-IS is enabled for Level 1 and Level 2 routers on all interfaces on which an
International Organization of Standardization (ISO) protocol family is enabled.
Usage Guidelines See “IS-IS Overview” on page 243, “Disabling IS-IS Support for Traffic Engineering”
on page 266, and “Disabling IS-IS” on page 272.
290 ! disable
Chapter 13: Summary of IS-IS Configuration Statements
Usage Guidelines See “Configuring Label Distribution Protocol Synchronization” on page 262.
export
Description Apply one or more policies to routes being exported from the routing table into
IS-IS.
Usage Guidelines See “Configuring IS-IS Routing Policy” on page 274 and the JUNOS Policy Framework
Configuration Guide.
See Also J-series Services Router Advanced WAN Access Configuration Guide.
export ! 291
JUNOS 8.1 Routing Protocols Configuration Guide
external-preference
292 ! external-preference
Chapter 13: Summary of IS-IS Configuration Statements
graceful-restart
Syntax graceful-restart {
disable;
helper-disable;
restart-duration seconds;
}
Usage Guidelines See “Configuring Graceful Restart” on page 110 and “Configuring Graceful Restart”
on page 264.
graceful-restart ! 293
JUNOS 8.1 Routing Protocols Configuration Guide
hello-authentication-key
Description Authentication key (password) for hello packets. Neighboring routers use the
password to verify the authenticity of packets sent from an interface. For the key to
work, you also must include the hello-authentication-type statement.
Usage Guidelines See “Configuring Authentication for Hello Packets” on page 259.
294 ! hello-authentication-key
Chapter 13: Summary of IS-IS Configuration Statements
hello-authentication-type
Description Enable authentication on an interface for hello packets. If you enable authentication
on hello packets, you must specify a password by including the
hello-authentication-key statement.
Usage Guidelines See “Configuring Authentication for Hello Packets” on page 259.
hello-authentication-type ! 295
JUNOS 8.1 Routing Protocols Configuration Guide
hello-interval
Hierarchy Level [edit logical-routers logical-router-name protocols isis interface interface-name level
level-number],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols isis interface interface-name level level-number],
[edit protocols isis interface interface-name level level-number],
[edit routing-instances routing-instance-name protocols isis interface interface-name
level level-number]
Description How often the router sends hello packets out of an interface, in seconds.
hello-padding
296 ! hello-interval
Chapter 13: Summary of IS-IS Configuration Statements
hold-time
See the following sections:
hold-time (IS-IS)
Syntax hold-time seconds;
Hierarchy Level [edit logical-routers logical-router-name protocols isis interface interface-name level
level-number],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols isis interface interface-name level level-number],
[edit protocols isis interface interface-name level level-number],
[edit routing-instances routing-instance-name protocols isis interface interface-name
level level-number]
Description How long a neighbor should consider the sending router (this router) to be operative
(up). The hold time is advertised in IS-IS hello packets.
hold-time ! 297
JUNOS 8.1 Routing Protocols Configuration Guide
Hierarchy Level [edit logical-routers logical-router-name protocols isis interface interface-name level
level-number],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols isis interface interface-name level level-number],
[edit protocols isis interface interface-name level level-number],
[edit routing-instances routing-instance-name protocols isis interface interface-name
level level-number]
Description Configure the time period to advertise the maximum cost metric for a link that is
not fully operational.
Usage Guidelines See “Configuring Label Distribution Protocol Synchronization” on page 262.
ignore-attached-bit
Syntax ignore-attached-bit;
Description Ignore the attached bit on IS-IS Level 1 routers. Configuring this statement allows
the router to ignore the attached bit on incoming Level 1 LSPs. If the attached bit is
ignored, no default route, which points to the router which has set the attached bit,
will be installed.
298 ! ignore-attached-bit
Chapter 13: Summary of IS-IS Configuration Statements
interface
Description Configure interface-specific IS-IS properties. To configure more than one interface,
include the interface statement multiple times.
Enabling IS-IS on an interface (by including the interface statement at the [edit
protocols isis] or the [edit routing-instances routing-instance-name protocols isis]
hierarchy level), disabling it (by including the disable statement), and not actually
having IS-IS run on an interface (by including the passive statement) are mutually
exclusive states.
interface ! 299
JUNOS 8.1 Routing Protocols Configuration Guide
Options interface-name—Name of an interface. Specify the full interface name, including the
physical and logical address components. To configure all interfaces, specify the
interface name as all. For details about specifying interfaces, see the JUNOS
Network Interfaces Configuration Guide and the JUNOS Services Interfaces
Configuration Guide.
ipv4-multicast
Syntax ipv4-multicast;
ipv4-multicast-metric
Hierarchy Level [edit logical-routers logical-router-name protocols isis interface interface-name level
level-number],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols isis interface interface-name level level-number],
[edit protocols isis interface interface-name level level-number],
[edit routing-instances routing-instance-name protocols isis interface interface-name
level level-number]
Description Specify the multicast topology metric value for the level.
300 ! ipv4-multicast
Chapter 13: Summary of IS-IS Configuration Statements
ipv4-multicast-rpf-routes
Syntax ipv4-multicast-rpf-routes;
Hierarchy Level [edit logical-routers logical-router-name protocols isis interface interface-name level
level-number],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols isis interface interface-name level level-number],
[edit protocols isis interface interface-name level level-number],
[edit routing-instances routing-instance-name protocols isis interface interface-name
level level-number]
Description Install routes into the multicast routing table for RPF checks.
Usage Guidelines See “Install IPv4 Routes into the Multicast Routing Table” on page 267.
ipv6-multicast-metric
Hierarchy Level [edit logical-routers logical-router-name protocols isis interface interface-name level
level-number],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols isis interface interface-name level level-number],
[edit protocols isis interface interface-name level level-number],
[edit routing-instances routing-instance-name protocols isis interface interface-name
level level-number]
Description Specify the IPv6 alternate multicast topology metric value for the level.
ipv4-multicast-rpf-routes ! 301
JUNOS 8.1 Routing Protocols Configuration Guide
ipv6-unicast
Syntax ipv6-unicast;
Usage Guidelines See “Configuring IS-IS IPv6 Unicast Topologies” on page 278.
ipv6-unicast-metric
Hierarchy Level [edit logical-routers logical-router-name protocols isis interface interface-name level
level-number],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols isis interface interface-name level level-number],
[edit protocols isis interface interface-name level level-number],
[edit routing-instances routing-instance-name protocols isis interface interface-name
level level-number]
Description Specify the IPv6 unicast topology metric value for the level.
Usage Guidelines See “Configuring IS-IS IPv6 Unicast Topologies” on page 278.
302 ! ipv6-unicast
Chapter 13: Summary of IS-IS Configuration Statements
isis
The isis statement is the one statement you must include in the configuration to run
IS-IS on the router or in a routing instance.
label-switched-path
metric—Metric value.
Range: 1 through 63, or 1 through 16,777,215 (if you have configured wide
metrics)
Default: 10 (for all interfaces except lo0), 0 (for lo0)
Usage Guidelines See “Advertising Label-Switched Paths into IS-IS” on page 263.
isis ! 303
JUNOS 8.1 Routing Protocols Configuration Guide
ldp-synchronization
Syntax ldp-synchronization {
disable;
hold-time seconds;
}
Description Enable synchronization by advertising the maximum cost metric until LDP is
operational on the link.
Usage Guidelines See “Configuring Label Distribution Protocol Synchronization with the IGP” on
page 371.
level
See the following sections:
304 ! ldp-synchronization
Chapter 13: Summary of IS-IS Configuration Statements
level ! 305
JUNOS 8.1 Routing Protocols Configuration Guide
Description Configure the IS-IS level. You can configure one instance of Level 1 routing and one
instance of Level 2 routing on each interface, and you can configure the two levels
differently.
loose-authentication-check
Syntax loose-authentication-check;
Description Allow the use of MD5 authentication without requiring network-wide deployment.
306 ! loose-authentication-check
Chapter 13: Summary of IS-IS Configuration Statements
lsp-interval
lsp-lifetime
Description How long an LSP originating from the router should persist in the network. The
router sends LSPs often enough so that the LSP lifetime never expires.
lsp-interval ! 307
JUNOS 8.1 Routing Protocols Configuration Guide
mesh-group
Description Configure an interface to be part of a mesh group, which is a set of fully connected
nodes.
metric
Hierarchy Level [edit logical-routers logical-router-name protocols isis interface interface-name level
level-number],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols isis interface interface-name level level-number],
[edit protocols isis interface interface-name level level-number],
[edit routing-instances routing-instance-name protocols isis interface interface-name
level level-number]
308 ! mesh-group
Chapter 13: Summary of IS-IS Configuration Statements
no-adjacency-holddown
Syntax no-adjacency-holddown;
no-authentication-check
Syntax no-authentication-check;
Description Generate authenticated packets, check the authentication on received packets, but
do not reject packets that cannot be authenticated.
no-adjacency-holddown ! 309
JUNOS 8.1 Routing Protocols Configuration Guide
no-csnp-authentication
Syntax no-csnp-authentication;
Description Suppress authentication check on complete sequence number PDU (CSNP) packets.
no-hello-authentication
Syntax no-hello-authentication;
310 ! no-csnp-authentication
Chapter 13: Summary of IS-IS Configuration Statements
no-ipv4-multicast
Syntax no-ipv4-multicast;
no-ipv4-routing
Syntax no-ipv4-routing;
no-ipv4-multicast ! 311
JUNOS 8.1 Routing Protocols Configuration Guide
no-ipv6-multicast
Syntax no-ipv6-multicast;
no-ipv6-routing
Syntax no-ipv6-routing;
312 ! no-ipv6-multicast
Chapter 13: Summary of IS-IS Configuration Statements
no-ipv6-unicast
Syntax no-ipv6-unicast;
Usage Guidelines See “Configuring IS-IS IPv6 Unicast Topologies” on page 278.
no-psnp-authentication
Syntax no-psnp-authentication;
Description Suppress authentication check on partial sequence number PDU (PSNP) packets.
no-ipv6-unicast ! 313
JUNOS 8.1 Routing Protocols Configuration Guide
no-unicast-topology
Syntax no-unicast-topology;
overload
Syntax overload {
advertise-high-metrics;
<timeout seconds>;
}
Description Configure the local router so that it appears to be overloaded. You might want to do
this when you want the router to participate in IS-IS routing, but do not want it to be
used for transit traffic. Note that traffic to immediately attached interfaces
continues to transit the router. You can also advertise maximum link metrics in
NLRIs instead of setting the overload bit.
NOTE: If the time elapsed after the IS-IS instance is enabled is less than the
specified timeout, overload mode is set.
Usage Guidelines See “Configuring the Router to Appear Overloaded” on page 263.
314 ! no-unicast-topology
Chapter 13: Summary of IS-IS Configuration Statements
passive
Syntax passive;
Description Advertise the direct interface addresses on an interface or into a level on the
interface without actually running IS-IS on that interface or level.
Enabling IS-IS on an interface (by including the interface statement at the [edit
protocols isis] or the [edit routing-instances routing-instance-name protocols isis]
hierarchy level), disabling it (by including the disable statement), and not actually
having IS-IS run on an interface (by including the passive statement) are mutually
exclusive states.
Usage Guidelines See “Advertising Interface Addresses Without Running IS-IS” on page 258.
point-to-point
Syntax point-to-point;
passive ! 315
JUNOS 8.1 Routing Protocols Configuration Guide
preference
prefix-export-limit
316 ! preference
Chapter 13: Summary of IS-IS Configuration Statements
priority
Hierarchy Level [edit logical-routers logical-router-name protocols isis interface interface-name level
level-number],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols isis interface interface-name level level-number],
[edit protocols isis interface interface-name level level-number],
[edit routing-instances routing-instance-name protocols isis interface interface-name
level level-number]
Description The interface’s priority for becoming the designated router. The interface with the
highest priority value becomes that level’s designated router.
Usage Guidelines See “Configuring the Priority for Becoming the Designated Router” on page 261.
reference-bandwidth
Description Set the reference bandwidth used in calculating the default interface cost. The cost
is calculated using the following formula:
cost = reference-bandwidth/bandwidth
priority ! 317
JUNOS 8.1 Routing Protocols Configuration Guide
rib-group
Syntax rib-group; {
inet group-name;
inet6 group-name;
}
Description Install routes learned from IS-IS routing instances into routing tables in the IS-IS
routing table group. You can install IPv4 routes or IPv6 routes.
Support for IPv6 routing table groups in IS-IS--Enables IPv6 routes that are learned
from IS-IS routing instances to be installed into other routing tables defined in an
IS-IS routing table group.
Usage Guidelines See “Creating Routing Table Groups” on page 100, “Configuring How Interface
Routes Are Imported into Routing Tables” on page 101, “IS-IS Configuration
Guidelines” on page 247, and “Configuring BGP Routing Table Groups” on
page 576.
shortcuts
Description Configure IS-IS to use MPLS label-switched paths (LSPs) as next hops if possible
when installing routing information into the inet.3 routing table.
Usage Guidelines See “Configuring IS-IS to Use IGP Shortcuts” on page 266.
318 ! rib-group
Chapter 13: Summary of IS-IS Configuration Statements
spf-delay
te-metric
Hierarchy Level [edit logical-routers logical-router-name protocols isis interface interface-name level
level-number],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols isis interface interface-name level level-number],
[edit protocols isis interface interface-name level level-number],
[edit routing-instances routing-instance-name protocols isis interface interface-name
level level-number]
Description Metric value used by traffic engineering for information injected into the traffic
engineering database (TED). The value of the traffic engineering metric does not
affect normal IS-IS forwarding.
spf-delay ! 319
JUNOS 8.1 Routing Protocols Configuration Guide
topologies
Syntax topologies {
ipv4-multicast;
ipv6-multicast;
ipv6-unicast;
}
320 ! topologies
Chapter 13: Summary of IS-IS Configuration Statements
traceoptions
Syntax traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
To specify more than one tracing operation, include multiple flag statements.
Default The default IS-IS protocol-level tracing options are those inherited from the routing
protocols traceoptions statement included at the [edit routing-options] hierarchy
level.
Options disable—(Optional) Disable the tracing operation. You can use this option to disable
a single operation when you have defined a broad group of tracing operations,
such as all.
file name—Name of the file to receive the output of the tracing operation. Enclose
the name within quotation marks. All files are placed in the directory /var/log.
We recommend that you place IS-IS tracing output in the file isis-log.
files number—(Optional) Maximum number of trace files. When a trace file named
trace-file reaches its maximum size, it is renamed trace-file.0, then trace-file.1,
and so on, until the maximum number of trace files is reached. Then, the
oldest trace file is overwritten.
If you specify a maximum number of files, you also must specify a maximum
file size with the size option.
flag—Tracing operation to perform. To specify more than one flag, include multiple
flag statements.
! hello—Hello packets
traceoptions ! 321
JUNOS 8.1 Routing Protocols Configuration Guide
! spf—Shortest-path-first calculations
! state—State transitions
! timer—Timer usage
flag-modifier—(Optional) Modifier for the tracing flag. You can specify one or more
of these modifiers:
size size—(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes
(MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is
renamed trace-file.0. When the trace-file again reaches its maximum size,
trace-file.0 is renamed trace-file.1 and trace-file is renamed trace-file.0. This
renaming scheme continues until the maximum number of trace files is
reached. Then, the oldest trace file is overwritten.
322 ! traceoptions
Chapter 13: Summary of IS-IS Configuration Statements
If you specify a maximum file size, you also must specify a maximum number
of trace files with the files option.
Required Privilege Level routing and trace—To view this statement in the configuration.
routing-control and trace-control—To add this statement to the configuration.
traffic-engineering
Syntax traffic-engineering {
disable;
ipv4-multicast-rpf-routes;
shortcuts;
}
Usage Guidelines See “Configuring IS-IS Traffic Engineering Attributes” on page 265.
traffic-engineering ! 323
JUNOS 8.1 Routing Protocols Configuration Guide
wide-metrics-only
Statement wide-metrics-only;
Description Configure IS-IS to generate metric values greater than 63 on a per IS-IS level basis.
Usage Guidelines See “Enabling Wide Metrics for Traffic Engineering” on page 255.
324 ! wide-metrics-only
Chapter 14
ES-IS Overview
NOTE: ES-IS configuration is supported for the J-series Services Router only.
Overview
Connectionless Network Services (CLNS) is a Layer 3 protocol similar to IPv4. CLNS
uses network service access points (NSAPs) to address end systems and
intermediate systems.
ES-IS provides the basic interaction between CLNS hosts (end systems) and routers
(intermediate systems). ES-IS allows hosts to advertise NSAP addresses to other
routers and hosts attached to the network. Those routers can then advertise the
address to the rest of the network using Intermediate System-to-Intermediate
System (IS-IS). Routers use ES-IS to advertise their network entity title (NET) to
hosts and routers attached to that network.
ES-IS generates and receives end system hello (ESH) hello messages when the
protocol is configured on an interface.
ES-IS is a resolution protocol that allows a network to be fully ISO integrated at both
the network and data layer.
Overview ! 325
JUNOS 8.1 Routing Protocols Configuration Guide
326 ! Overview
Chapter 15
ES-IS Configuration Guidelines
ES-IS is enabled only if either ES-IS or IS-IS is configured on the router. ES-IS must
not be disabled. If ES-IS is not explicitly configured, the interface sends and receives
only Intermediate System Hello (ISH) messages. If ES-IS is explicitly configured and
disabled, the interface does not send or receive ES-IS packets. If ES-IS is explicitly
configured and not disabled, the interface sends and receives ISH messages as well
as ES-IS packets.
One of the interfaces configured for ES-IS must be configured with an ISO address
used for hello messages. The ISO address family must be configured on an interface
to support ES-IS on that interface.
! 327
JUNOS 8.1 Routing Protocols Configuration Guide
esis {
disable;
graceful-restart {
disable;
restart-duration seconds;
}
preference preference;
interface (interface-name | all) {
disable;
hello-interval seconds;
esct seconds;
}
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary section for these statements.
This chapter discusses the following topics that provide information about
configuring ES-IS:
esis {
interface (interface-name | all);
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary section for the esis statement.
esis {
interface (interface-name | all);
disable;
hello-interval seconds;
esct seconds;
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary section for the esis statement.
Specify the interface statement to configure an interface to send and receive hello
messages. Specify the disable statement to stop sending or receiving ES-IS packets
on the interface.
To configure the hello interval for ES-IS, include the hello-interval statement:
hello-interval seconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
esct seconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can configure graceful restart parameters specifically for ES-IS. To do this,
include the graceful-restart statement:
graceful-restart {
disable;
restart-duration seconds;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To disable graceful restart for ES-IS, specify the disable statement. To configure a
time limit for restart completion, specify the restart-duration statement. You can
specify a number between 1 and 3600. The default value is 180 seconds.
preference value;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can specify the following ES-IS–specific trace options in the ES-IS flag
statement:
! all—Everything
! error—Errored packets
! general—General events
! normal—Normal events
! policy—Policy processing
! route—Routing information
! state—State transitions
You can optionally specify one or more of the following flag modifiers:
NOTE: Use the traceoption flags detail and all with caution. These flags may cause
the CPU to become very busy.
disable
Syntax disable;
esct
Options seconds—How often a system reports its availability to other systems, in seconds.
Default: 180 seconds
Usage Guidelines See “Configuring the End System Configuration Timer” on page 329.
disable ! 333
JUNOS 8.1 Routing Protocols Configuration Guide
esis
graceful-restart
Syntax graceful-restart {
disable;
restart-duration seconds;
}
Usage Guidelines See “Configuring Graceful Restart for ES-IS” on page 330.
334 ! esis
Chapter 16: Summary of ES-IS Configuration Statements
hello-interval
interface
preference
hello-interval ! 335
JUNOS 8.1 Routing Protocols Configuration Guide
traceoptions
Syntax traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
To specify more than one tracing operation, include multiple flag statements.
Default The default ES-IS protocol-level tracing options are those inherited from the routing
protocols traceoptions statement included at the [edit routing-options] hierarchy
level.
Options disable—(Optional) Disable the tracing operation. You can use this option to disable
a single operation when you have defined a broad group of tracing operations,
such as all.
file name—Name of the file to receive the output of the tracing operation. Enclose
the name within quotation marks. All files are placed in the directory /var/log.
We recommend that you place ES-IS tracing output in the file esis-log.
files number—(Optional) Maximum number of trace files. When a trace file named
trace-file reaches its maximum size, it is renamed trace-file.0, then trace-file.1,
and so on, until the maximum number of trace files is reached. Then the oldest
trace file is overwritten.
If you specify a maximum number of files, you also must specify a maximum
file size with the size option.
flag—Tracing operation to perform. To specify more than one flag, include multiple
flag statements.
336 ! traceoptions
Chapter 16: Summary of ES-IS Configuration Statements
! state—State transitions
! timer—Timer usage
flag-modifier—(Optional) Modifier for the tracing flag. You can specify one or more
of these modifiers:
size size—(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes
(MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is
renamed trace-file.0. When the trace-file again reaches its maximum size,
trace-file.0 is renamed trace-file.1 and trace-file is renamed trace-file.0. This
renaming scheme continues until the maximum number of trace files is
reached. Then the oldest trace file is overwritten.
If you specify a maximum file size, you also must specify a maximum number
of trace files with the files option.
traceoptions ! 337
JUNOS 8.1 Routing Protocols Configuration Guide
Required Privilege Level routing and trace—To view this statement in the configuration.
routing-control and trace-control—To add this statement to the configuration.
338 ! traceoptions
Chapter 17
OSPF Overview
The Open Shortest Path First version 2 (OSPF) protocol is an interior gateway
protocol (IGP) that routes packets within a single autonomous system (AS). OSPF
uses link-state information to make routing decisions.
In this document, the term OSPF refers to both OSPFv2 and OSPFv3.
This chapter discusses the following topics that provide background information
about OSPF:
The JUNOS software supports OSPF version 2, including virtual links, stub areas,
and authentication. The JUNOS software does not support type-of-service (ToS)
routing.
OSPF routes IP packets based solely on the destination IP address contained in the
IP packet header. OSPF quickly detects topological changes, such as when router
interfaces become unavailable, and calculates new loop-free routes quickly and
with a minimum of routing overhead traffic.
Each interface running OSPF is assigned a cost, which is a unitless number based
on factors such as throughput, round-trip time, and reliability, which are used to
determine how easy or difficult it is to reach a destination. If two or more routes to
a destination have the same cost, OSPF distributes traffic equally among the routes,
a process that is called load balancing.
Each router maintains a database that describes the topology of the AS. Each OSPF
router has an identical topological database so that all routers in the area have a
consistent view of the network. All routers maintain summarized topologies of
other areas within an AS. Each router distributes information about its local state by
flooding link-state advertisements throughout the AS. When the AS topology
changes, OSPF ensures that the contents of all routers’ topological databases
converge quickly.
All OSPF protocol exchanges can be authenticated. This means that only trusted
routers can participate in the AS’s routing. A variety of authentication schemes can
be used; a single authentication scheme is configured for each area, which enables
some areas to use stricter authentication than others.
Externally derived routing data (for example, routes learned from BGP) is passed
transparently throughout the AS. This externally derived data is kept separate from
the OSPF link-state data. Each external route can be tagged by the advertising
router, enabling the passing of additional information between routers on the
boundaries of the AS.
OSPF Version 3
OSPFv3 is a modified version of OSPF that supports Internet Protocol version 6
(IPv6) addressing. OSPFv3 differs from OSPFv2 in the following ways:
! Link-local
! Area
! AS
! Link-local addresses are used for all neighbor exchanges except virtual links.
OSPF Standards
OSPF is defined in the following documents:
To access Internet RFCs and drafts, go to the IETF Web site at http://www.ietf.org.
Areas
An area is a set of networks and hosts within an AS that have been administratively
grouped together. We recommend that you configure an area as a collection of
contiguous IP subnetted networks. Routers that are wholly within an area are called
internal routers. All interfaces on internal routers are directly connected to networks
within the area.
The topology of an area is hidden from the rest of the AS, thus significantly
reducing routing traffic in the AS. Also, routing within the area is determined only
by the area’s topology, providing the area with some protection from bad routing
data.
Backbone Areas
An OSPF backbone area consists of all networks in area ID 0.0.0.0, their attached
routers, and all area border routers. The backbone itself does not have any area
border routers. The backbone distributes routing information between areas. The
backbone is simply another area, so the terminology and rules of areas apply: a
router that is directly connected to the backbone is an internal router on the
backbone, and the backbone’s topology is hidden from the other areas in the AS.
The routers that make up the backbone must be physically contiguous. If they are
not, you must configure virtual links to create the appearance of backbone
connectivity. You can create virtual links between any two area border routers that
have an interface to a common nonbackbone area. OSPF treats two routers joined
by a virtual link as if they were connected to an unnumbered point-to-point
network.
AS Boundary Routers
Routers that exchange routing information with routers in other ASs are called AS
boundary routers. They advertise externally learned routes throughout the AS. Any
router in the AS—an internal router, an area border router, or a backbone
router—can be an AS boundary router.
Every router within the AS knows the path to the AS boundary routers.
Stub Areas
Stub areas are areas through which or into which AS external advertisements are
not flooded. You might want to create stub areas when much of the topological
database consists of AS external advertisements. Doing so reduces the size of the
topological databases and therefore the amount of memory required on the internal
routers in the stub area.
When an area border router is configured for a stub area, the router automatically
advertises a default route in place of the external routes that are not being
advertised within the stub area so that routers in the stub area can reach
destinations outside the area.
The following restrictions apply to stub areas: you cannot create a virtual link
through a stub area, and a stub area cannot contain an AS boundary router.
Not-So-Stubby Areas
An OSPF stub area has no external routes in it, so you cannot redistribute from
another protocol into a stub area. A not-so-stubby area (NSSA) allows external
routes to be flooded within the area. These routes are then leaked into other areas.
However, external routes from other areas still do not enter the NSSA.
Transit Areas
Transit areas are used to pass traffic from one adjacent area to the backbone (or to
another area if the backbone is more than two hops away from an area). The traffic
does not originate in, nor is it destined for, the transit area.
When a router starts, it initializes OSPF and waits for indications from lower-level
protocols that the router interfaces are functional. The router then uses the OSPF
hello protocol to acquire neighbors, doing this by sending hello packets to its
neighbors and receiving their hello packets.
The router then attempts to form adjacencies with some of its newly acquired
neighbors. (On multiaccess networks, only the designated router and backup
designated router form adjacencies with other routers.) Adjacencies determine the
distribution of routing protocol packets: routing protocol packets are sent and
received only on adjacencies, and topological database updates are sent only along
adjacencies. When adjacencies have been established, pairs of adjacent routers
synchronize their topological databases.
A router sends LSA packets to advertise its state periodically and when the router’s
state changes. These packets include information about the router’s adjacencies,
which allows detection of nonoperational routers.
Using a reliable algorithm, the router floods LSAs throughout the area, which
ensures that all routers in an area have exactly the same topological database. Each
router uses the information in its topological database to calculate a shortest-path
tree, with itself as the root. The router then uses this tree to route network traffic.
The description of the SPF algorithm up to this point has explained how the
algorithm works within a single area (intra-area routing). For internal routers to be
able to route to destinations outside the area (interarea routing), the area border
routers must inject additional routing information into the area. Because the area
border routers are connected to the backbone, they have access to complete
topological data about the backbone. They use this information to calculate paths to
all destinations outside its area and then advertise these paths to the area’s internal
routers.
AS boundary routers flood information about external ASs throughout the AS,
except to stub areas. Area border routers are responsible for advertising the paths to
all AS boundary routers.
OSPF Packets
This section contains the following topics:
There also are several types of link-state advertisement packets, which are
discussed in “Link-State Advertisement Packet Types” on page 347.
! Router ID—IP address of the router from which the packet originated.
! Area ID—Identifier of the area in which the packet is traveling. Each OSPF
packet is associated with a single area. Packets traveling over a virtual link are
labeled with the backbone area ID, 0.0.0.0. You configure the area ID with the
area statements.
! Checksum—Fletcher checksum.
Hello Packets
Routers periodically send hello packets on all interfaces, including virtual links, to
establish and maintain neighbor relationships. Hello packets are multicast on
physical networks that have a multicast or broadcast capability, which enables
dynamic discovery of neighboring routers. (On nonbroadcast networks, dynamic
neighbor discovery is not possible, so you must configure all neighbors statically
using the neighbor statement.)
Hello packets consist of the OSPF header plus the following fields:
! Hello interval—How often the router sends hello packets. All routers on a
shared network must use the same hello interval. You configure this interval
with the hello-interval statement.
! Router priority—The router’s priority to become the designated router. You can
configure this value with the priority statement.
! Router dead interval—How long the router waits without receiving any OSPF
packets from a router before declaring that router to be down. All routers on a
shared network must use the same router dead interval. You can configure this
value with the dead-interval statement.
! Neighbor—IP addresses of the routers from which valid hello packets have
been received within the time specified by the router dead interval.
Link-state update packets consist of the OSPF header plus the following fields:
Link-state acknowledgment packets consist of the OSPF header plus the link-state
advertisement header.
! Router link advertisements—Are sent by all routers to describe the state and
cost of the router’s links to the area. These link-state advertisements are
flooded throughout a single area only.
Each link-state advertisement type describes a portion of the OSPF routing domain.
All link-state advertisements are flooded throughout the AS.
External Metrics
When OSPF exports route information from external ASs, it includes a cost, or
external metric, in the route. There are two types of external metrics: Type 1 and
Type 2. Type 1 external metrics are equivalent to the link-state metric; that is, the
cost of the route used in the internal AS. Type 2 external metrics are greater than
the cost of any path internal to the AS.
Designated Router
Each multiaccess network has a designated router, which performs two main
functions:
! Establish adjacencies with all routers on the network, thus participating in the
synchronizing of the link-state databases.
The OSPF hello protocol elects a designated router for the network based on the
priorities advertised by all the routers. In general, when an interface first becomes
functional, it checks whether the network currently has a designated router. If there
is one, the router accepts that designated router regardless of its own router priority.
Otherwise, if the router has the highest priority on the network, it becomes the
designated router. If router priorities tie, the router with the highest router ID (which
is typically the router’s IP address) is chosen as the designated router.
NOTE: Whenever possible, use IS-IS IGP shortcuts instead of traffic engineering
shortcuts.
To configure Open Shortest Path First version 2 (OSPF), you include the following
statements:
protocols {
ospf {
disable;
export [ policy-names ];
external-preference preference;
graceful-restart {
disable;
helper-disable;
notify-duration seconds;
restart-duration seconds;
}
import [ policy-names ];
no-nssa-abr;
overload {
<timeout seconds>;
}
preference preference;
prefix-export-limit;
rib-group group-name;
reference-bandwidth reference-bandwidth;
sham-link {
local address;
}
spf-delay;
traffic-engineering {
multicast-rpf-routes;
no-topology;
shortcuts {
lsp-metric-into-summary;
}
}
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
! 349
JUNOS 8.1 Routing Protocols Configuration Guide
area area-id {
area-range network/mask-length <restrict> <exact>
<override-metric metric>;
authentication-type authentication;
interface interface-name {
demand-circuit;
disable;
authentication {
md5 key-id {
key [ key-values ];
}
simple-password key-id;
}
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number;
version (1 | automatic);
}
dead-interval seconds;
hello-interval seconds;
interface-type type;
ldp-synchronization {
disable;
hold-time seconds;
}
metric metric;
neighbor address <eligible>;
passive;
poll-interval seconds;
priority number ;
retransmit-interval seconds;
te-metric metric;
transit-delay seconds;
}
label-switched-path name metric metric;
nssa {
area-range network/mask-length <restrict> <exact>
<override-metric metric>;
default-lsa {
default-metric metric;
metric-type type;
type-7;
}
(no-summaries | summaries);
}
peer-interface interface-name {
disable;
dead-interval seconds;
hello-interval seconds;
retransmit-interval seconds;
transit-delay seconds;
}
350 !
Chapter 18: OSPF Configuration Guidelines
sham-link-remote {
demand-circuit;
metric metric;
}
}
stub <default-metric metric> <summaries | no-summaries>;
virtual-link neighbor-id router-id transit-area area-id {
disable;
authentication {
md5 key-id {
key [ key-values ];
}
simple-password key-id;
}
dead-interval seconds;
hello-interval seconds;
retransmit-interval seconds;
transit-delay seconds;
}
}
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
protocols {
ospf3 {
disable;
export [ policy-names ];
external-preference preference;
graceful-restart {
disable;
helper-disable;
notify-duration seconds;
restart-duration seconds;
}
import [ policy-names ];
overload {
<timeout seconds>;
}
preference preference;
prefix-export-limit;
reference-bandwidth reference-bandwidth;
rib-group group-name;
spf-delay;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
! 351
JUNOS 8.1 Routing Protocols Configuration Guide
area area-id {
area-range network/mask-length <restrict> <exact>
<override-metric metric>;
interface interface-name {
disable;
dead-interval seconds;
hello-interval seconds;
ipsec-sa name;
metric metric;
passive;
priority number ;
retransmit-interval seconds;
transit-delay seconds;
}
nssa {
area-range network/mask-length <restrict> <exact>
<override-metric metric>;
default-lsa {
default-metric metric;
metric-type type;
type-7;
}
(no-summaries | summaries);
}
stub <default-metric metric> <summaries | no-summaries>;
virtual-link neighbor-id router-id transit-area area-id {
disable;
dead-interval seconds;
hello-interval seconds;
ipsec-sa name;
retransmit-interval seconds;
transit-delay seconds;
}
}
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
For a detailed OSPFv3 example configuration, see the JUNOS Feature Guide.
NOTE: In this manual, the term OSPF refers to both OSPFv2 and OSPFv3.
352 !
Chapter 18: OSPF Configuration Guidelines
! Configuring the Priority for Becoming the Designated Router on page 365
! 353
JUNOS 8.1 Routing Protocols Configuration Guide
protocols {
(ospf | ospf3 ) {
area 0 {
interface interface-name;
}
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
NOTE: When you configure OSPFv2 on an interface, you must also include the
family inet statement at the [edit interfaces interface-name unit logical-unit-number]
hierarchy level. When you configure OSPFv3 on an interface, you must also
include the family inet6 statement at the [edit interfaces interface-name unit
logical-unit-number] hierarchy level. For more information about the family inet
statement, see the JUNOS Network Interfaces Configuration Guide.
Active backbone detection enables transit through an area border router with no
active backbone connection. An area border router advertises to other routers that
it is an area border router even if the connection to the backbone is down, so that
the neighbors can consider it for inter-area routes.
(ospf | ospf3) {
area 0.0.0.0;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
(ospf | ospf3) {
area area-id;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You cannot configure an area as being both a stub area and an NSSA.
(ospf | ospf3) {
area area-id {
stub <default-metric metric> <(no-summaries | summaries)>;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To inject a default route with a specified metric value into the area, include the
default-metric option and a metric value. The default route matches any destination
that is not explicitly reachable from within the area.
To have the stub areas not advertise summary routes into the stub area, include the
no-summaries option. Only the default route is advertised, and only if you include
the default-metric option. The default route injected into the not-so-stubby area
(NSSA) is a Type 3 LSA.
You must include the stub statement when configuring all routers that are in the
stub area.
(ospf | ospf3) {
area area-id {
nssa {
area-range network/mask-length <restrict> <exact>
<override-metric metric>;
default-lsa {
default-metric metric;
metric-type type;
type-7;
}
}
(no-summaries | summaries);
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
By default, a default route is not advertised. To advertise a default route with the
specified metric within the area, include the default-metric statement. You can
configure this option only on area border routers.
To prevent an ABR from advertising summary routes into an NSSA, include the
no-summaries statement. If you include the default-metric option in addition to the
no-summaries statement, only the default route is advertised. The default route is a
Type 3 LSA injected into the NSSA. To flood summary LSAs into the NSSA area,
include the summaries statement. When summaries is configured (which is the
default if the no-summaries statement is not specified), a Type 7 LSA is sent. To
define the type of metric, include the metric-type statement.
To aggregate external routes learned within the area when a route is advertised to
other areas, include one or more area-range statements. If you also include the
restrict option, the aggregate is not advertised, effectively creating a route filter. All
external routes learned within the area that do not fall into the range of one of the
prefixes are advertised individually to other areas. To restrict an exact area range,
include the exact option. For an example, you can suppress the exact 0/0 prefix
from being advertised from a NSSA area into the backbone area by including both
the exact and restrict options. To override the metric for the IP address range and
configure a specific metric value, include the override-metric option.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Specify the router ID (as an IPv4 address) of the router at the other end of the
virtual link. This router must be an area border router that is physically connected
to the backbone. Also, specify the number of the area through which the virtual link
transits.
For the virtual connection to work, you also must configure a link to the backbone
area on the remote area border router (the router at the other end of the LSP).
You must also configure an OSPF virtual link on the remote area border router:
NOTE: Type 7 LSAs are not exported into an NSSA if there is only one NSSA and
backbone area connected to the ABR.
To disable exporting Type 7 LSAs into NSSAs, include the no-nssa-abr statement:
no-nssa-abr;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
NOTE: When you configure OSPFv2 on an interface, you must also include the
family inet statement at the [edit interfaces interface-name unit logical-unit-number]
hierarchy level. When you configure OSPFv3 on an interface, you must also
include the family inet6 statement at the [edit interfaces interface-name unit
logical-unit-number] hierarchy level. For more information about the family inet
statement, see the JUNOS Network Interfaces Configuration Guide.
ospf | ospf3) {
area area-id {
interface interface-name;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Specify the interface by IP address or interface name for OSPFv2, or only the
interface name for OSPFv3. For more information about interface names, see the
JUNOS Network Interfaces Configuration Guide.
interface interface-name {
neighbor address;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Specify the interface by IP address or interface name. For more information about
interface names, see the JUNOS Network Interfaces Configuration Guide.
interface interface-name {
interface-type nbma;
neighbor address <eligible>;
poll-interval seconds;
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
Specify the interface by IP address or interface name. For more information about
interface names, see the JUNOS Network Interfaces Configuration Guide.
By default, the router sends hello packets out the interface every 120 seconds
before it establishes adjacency with a neighbor. To modify this interval, include the
poll-interval statement.
(ospf | ospf3) {
area area-id {
demand-circuit;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
For MD5 authentication to work, both the receiving and transmitting routers must
have the same MD5 key. Define an MD5 key for each interface. If MD5 is enabled
on an interface, that interface accepts routing updates only if MD5 authentication
succeeds; otherwise, updates are rejected. The key ID can be set to any value
between 0 and 255, with a default value of 0. The router only accepts OSPFv2
packets sent using the same key ID that is defined for that interface.
authentication-type authentication;
The authentication type can be none, simple, or md5. The same authentication type
is used on all interfaces under an OSPF area.
authentication {
md5 key-id {
key [ key-values ] {
start-time time;
}
}
simple-password key-id;
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
The simple key (password) can be from 1 through 8 characters long. Each MD5 key
is identified by a key identifier. The MD5 key value can be from 1 through 16
characters long. Characters can include ASCII strings. If you include spaces, enclose
all characters in quotation marks (" ").
You can configure only one simple password. However, you can configure multiple
MD5 keys.
As part of your security measures, you can change MD5 keys. You can do this by
configuring multiple MD5 keys, each with a unique key ID, and setting the date and
time to switch to the new key. Each unique MD5 key has a unique ID. The ID is used
by the receiver of the OSPF packet to determine which key to use for
authentication. The key identifier, which is required for MD5 authentication,
specifies the identifier associated with the MD5 key.
The start time specifies when to start using the MD5 key. This is optional. The
start-time option enables you to configure a smooth transition mechanism for
multiple keys. The start time is relevant for transmission but not for receiving OSPF
packets.
Set the same passwords and transition dates and times on all the routers in the area
so that OSPF adjacencies remain active.
Use ESP with NULL encryption to provide authentication to the OSPFv3 protocol
headers only. Use AH to provide authentication to the OSPFv3 protocol headers,
portions of the IPv6 header, and portions of the extension headers. Use ESP with
non-NULL encryption for full confidentiality.
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
You specify the IPSec authentication name by including the name option. You
configure the actual IPSec authentication separately.
For more information on IPSec, see the JUNOS System Basics Configuration Guide
and the JUNOS Services Interfaces Configuration Guide.
(ospf | ospf3) {
level level-number {
prefix-export-limit number ;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
At least one router on each logical IP network or subnet must be eligible to be the
designated router for OSPFv2. At least one router on each logical link must be
eligible to be the designated router for OSPFv3.
(ospf | ospf3) {
area area-id interface interface-name {
priority number ;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
(ospf | ospf3) {
area area-id {
area-range network/mask-length <restrict > <exact>
<override-metric metric>;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
All routes that match the specified area range are filtered at the area boundary, and
the summary is advertised in their place. If you specify the restrict option, the
routes are filtered but no summary is advertised. If you specify the exact option,
summarization of a route is advertised only when an exact match is made with the
configured summary range. To override the metric for the IP address range and
configure a specific metric value, include the override-metric option. If you specify
the override-metric option, the dynamically computed metric for the IP address
range is overridden by the specified value.
cost = reference-bandwidth/bandwidth
reference-bandwidth is the reference bandwidth. Its default value is 100 Mbps (which
you specify as 100,000,000), which gives a metric of 1 for any bandwidth that is
100 Mbps or greater.
To modify the metric for routes advertised from an interface, include the metric
statement:
(ospf | ospf3) {
area area-id interface interface-name {
metric metric;
}
}
(ospf | ospf3) {
reference-bandwidth reference-bandwidth;
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
For example, if you set the reference bandwidth to 1 Gbps (that is,
reference-bandwidth is set to 1,000,000,000), a 100-Mbps interface has a default
metric of 10.
By default, internal OSPF routes have a preference value of 10, and external OSPF
routes have a value of 150. To change the preference values, include the preference
statement (for internal routes) or the external-preference statement (for external
routes):
(ospf | ospf3) {
external-preference preference;
preference preference;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can perform the following tasks when modifying the OSPF timers:
To modify how often the router sends hello packets out of an interface, include the
hello-interval statement:
hello-interval seconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
On nonbroadcast networks, the router sends hello packets every 120 seconds until
active neighbors are detected by default. This interval is long enough to minimize
the bandwidth required on slow WAN links. To modify this interval, include the
poll-interval statement:
poll-interval seconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Once the router detects an active neighbor, the hello packet interval changes from
the time specified in the poll-interval statement to the time specified in the
hello-interval statement.
NOTE: You must configure LSA retransmit intervals to be equal or greater than 3
seconds to avoid triggering a retransmit trap because the JUNOS software delays
LSA acknowledgments by up to 2 seconds.
retransmit-interval seconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To modify the router dead interval, include the dead-interval statement. This interval
must be the same for all routers on a shared network.
dead-interval seconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
The default transit delay is 1 second. You should never have to modify the default
value. However, if you need to specify the approximate transit delay to use to age
update packets, include the transit-delay statement:
transit-delay seconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number ;
version (1 | automatic);
}
To specify the minimum transmit and receive interval for failure detection, include
the minimum-interval statement:
minimum-interval milliseconds;
NOTE: Specifying an interval smaller than 300 ms can cause undesired BFD
flapping.
To specify the minimum receive interval for failure detection, include the
minimum-receive-interval statement:
minimum-receive-interval milliseconds;
To specify the minimum transmit interval for failure detection, include the
minimum-transmit-interval statement:
minimum-transmit-interval milliseconds;
To specify the detection time multiplier for failure detection, include the multiplier
statement:
multiplier number ;
To specify the BFD version used for detection, include the version statement:
version (1 | automatic);
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
To advertise the maximum cost metric until LDP is operational for synchronization,
include the ldp-synchronization statement:
ldp-synchronization {
disable;
hold-time seconds;
}
NOTE: If you do not configure the hold-time option, the hold-time value will
default to infinity.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
NOTE: On a broadcast link with a single neighbor, when the neighbor initiates an
OSPFv3 graceful restart operation, the restart might be terminated at the point
when the local router assumes the role of a helper. A change in the LSA is
considered a topology change, which terminates the neighbor's restart operation.
Graceful restart is disabled by default. You can globally enable graceful restart for
all routing protocols at the [edit routing-options] hierarchy level.
(ospf | ospf3) {
graceful-restart {
disable;
helper-disable;
notify-duration seconds;
restart-duration seconds;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To disable graceful restart, specify the disable statement. To configure a time period
for complete reacquisition of OSPF neighbors, specify the restart-duration
statement. To configure a time period for sending out purged grace LSAs over all
interfaces, specify the notify-duration statement. Helper mode is enabled by default.
To disable the graceful restart helper capability, specify the helper-disable statement.
The grace period interval for OSPF graceful restart is determined as equal to or
smaller than the sum of the notify-duration time interval and the restart-duration time
interval. The grace period is the number of seconds that the router's neighbors
continue to advertise the router as fully adjacent, regardless of the connection state
between the router and its neighbors.
(ospf | ospf3) {
spf-delay milliseconds;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
(ospf | ospf3) {
interface interface-name {
passive;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Point-to-point interfaces are different from multipoint in that only one OSPF
adjacency is possible. (A LAN, for instance, can have multiple addresses and can run
OSPF on each subnet simultaneously.) As such, when you configure a numbered
point-to-point interface to OSPF by name, multiple OSPF interfaces are created.
One, which is unnumbered, is the interface on which the protocol is run. An
additional OSPF interface is created for each address configured on the interface, if
any, which is automatically marked as passive.
For OSPFv3, one OSPF-specific interface must be created per interface name
configured under OSPFv3. OSPFv3 does not allow interfaces to be configured by IP
address.
2. Use the label-switched path metric configured for the label-switched path under
MPLS.
3. If you do not configure any of the above, use the default OSPFv2 metric of 1.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
NOTE: If you want an LSP that is announced into OSPFv2 to be used in SPF
calculations, there must be a reverse link (that is, a link from the tail end of the
LSP to the head end). You can accomplish this by configuring an LSP in the
reverse direction and also announcing it in OSPFv2.
For more information about advertising label-switched paths, see the JUNOS MPLS
Applications Configuration Guide.
You can configure the local router so that it appears to be overloaded. You might do
this when you want the router to participate in OSPF routing, but do not want it to
be used for transit traffic. (Traffic to directly attached interfaces continues to transit
the router.)
You configure or disable overload mode in OSPF with or without a timeout. Without
a timeout, overload mode is set until it is explicitly deleted from the configuration.
With a timeout, overload mode is set if the time elapsed since the OSPF instance
started is less than the specified timeout.
A timer is started for the difference between the timeout and the time elapsed since
the instance started. When the timer expires, overload mode is cleared. In overload
mode, the router LSA is originated with all the transit router links (except stub) set
to a metric of 0xFFFF. The stub router links are advertised with the actual cost of the
interfaces corresponding to the stub. This causes the transit traffic to avoid the
overloaded router and take paths around the router. However, the overloaded
router’s own links are still accessible.
(ospf | ospf3) {
overload;
}
To specify the number of seconds at which overload is reset, include the timeout
option when specifying the overload statement:
(ospf | ospf3) {
overload timeout <seconds>;
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
NOTE: Whenever possible, use IS-IS IGP shortcuts instead of traffic engineering
shortcuts.
traffic-engineering {
multicast-rpf-routes;
no-topology;
shortcuts {
ignore-lsp-metrics;
lsp-metric-into-summary;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
When traffic engineering is enabled for OSPF, the SPF algorithm takes into account
the various LSPs configured under MPLS. These routes are installed into the primary
routing table, inet.0. To advertise the LSP metric for a prefix in a summary LSA,
specify the lsp-metric-into-summary statement. To ignore RSVP LSP metrics in OSPF
traffic engineering shortcut calculations, specify the ignore-lsp-metrics statement.
You can configure OSPF to install routes with regular IP next hops (no LSPs as next
hops) into the inet.2 routing table for a reverse-path-forwarding (RPF) check. The
inet.2 routing table consists of unicast routes used for multicast RPF lookup. RPF is
an antispoofing mechanism used to check if the packet is coming in on an interface
that is also sending data back to the packet source. To install routes for multicast
RPF checks into the inet.2 routing table, include the multicast-rpf-routes statement.
NOTE: You must enable OSPF traffic engineering shortcuts to use the
multicast-rpf-routes statement. You must not allow LSP advertisement into OSPF
when configuring the multicast-rpf-routes statement.
For more information about configuring LSPs and MPLS, see the JUNOS MPLS
Applications Configuration Guide.
[edit protocols]
ospf {
traffic-engineering {
shortcuts {
lsp-metric-into-summary;
}
}
}
[edit protocols]
mpls {
traffic-engineering bgp-igp;
label-switched-path xxxx {
to yy.yy.yy.yy
}
}
te-metric metric;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
For each protocol, you control which routes the protocol stores in the routing table
and which routes the routing table exports into the protocol by defining a routing
policy for that protocol. For information about defining a routing policy, see the
JUNOS Policy Framework Configuration Guide.
By default, if a router has multiple OSPF areas, learned routes from other areas are
automatically installed into area 0 of the routing table.
To apply routing policies that affect how the routing table exports routes into OSPF,
include the export statement:
(ospf | ospf3) {
export [ policy-names ];
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
OSPF import policy allows users to define policy to prevent adding OSPF routes to
the routing table. This filtering happens when OSPF installs the route in the routing
table. You can filter the routes, but not LSA flooding. The import policy can filter on
any attribute of the OSPF route.
To filter OSPF routes from being added to the routing table, include the import
statement:
(ospf | ospf3) {
import [ policy-names ];
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
(ospf | ospf3) {
rib-group group-name;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
sham-link {
local address;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
sham-link-remote {
demand-circuit;
metric metric;
}
peer-interface interface-name {
disable;
dead-interval seconds;
hello-interval seconds;
retransmit-interval seconds;
transit-delay seconds;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To disable the peer interface, specify the disable statement. To modify the peer
interface dead interval, specify the dead-interval statement. To modify how often the
router sends hello packets out of the peer interface, specify the hello-interval
statement. To modify how often the peer interface retransmits the link-state
advertisement, specify the retransmit-interval statement. To specify the approximate
transit delay to use to age update packets, include the transit-delay statement.
For more information about configuring GMPLS, see the JUNOS MPLS Applications
Configuration Guide.
(ospf | ospf3) {
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can specify the following OSPF-specific trace flags in the OSPF traceoptions
statement:
! all—Everything
! general—General events
! normal—Normal events
! policy—Policy processing
! state—State transitions
NOTE: Use the traceoption flags detail and all with caution. These flags may cause
the CPU to become very busy.
For general information about tracing and global tracing options, see “Tracing
Global Routing Protocol Operations” on page 114.
[edit]
routing-options {
traceoptions {
file routing-log;
}
}
protocols {
ospf {
traceoptions {
file ospf-log size 10k files 5;
flag lsa-ack;
flag database-description;
flag hello;
flag lsa-update;
flag lsa-request;
}
area 0.0.0.0 {
interface 10.0.0.1;
}
}
}
[edit}
protocols {
ospf {
traceoptions {
file ospf-log;
flag spf;
}
area 0.0.0.0 {
interface 10.0.0.1;
}
}
}
[edit}
protocols {
ospf {
traceoptions {
file ospf-log;
flag lsa-request;
flag lsa-update;
flag lsa-ack;
area 0.0.0.0 {
interface 10.0.0.1;
}
}
}
The following sections explain each of the Open Shortest Path First (OSPF)
configuration statements, which are organized alphabetically. The term OSPF refers
to both OSPF version 2 (OSPF) and OSPF version 3 (OSPFv3).
area
Description Specify the area identifier for this router to use when participating in OSPF routing.
All routers in an area must use the same area identifier to establish adjacencies.
Specify multiple area statements to configure the router as an area border router.
An area border router does not automatically summarize routes between areas; use
the area-range statement to configure route summarization. By definition, an area
border router must be connected to the backbone area either through a physical
link or through a virtual link. To create a virtual link, use the virtual-link statement.
To specify that the router is directly connected to the OSPF and OSPFv3 backbone,
include the area 0.0.0.0 statement.
All routers on the backbone must be contiguous. If they are not, use the virtual-link
statement to create the appearance of connectivity to the backbone.
Usage Guidelines See “Configuring the Backbone Area and Other Areas” on page 354.
area ! 383
JUNOS 8.1 Routing Protocols Configuration Guide
area-range
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id],
[edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id nssa],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id nssa],
[edit protocols (ospf | ospf3) area area-id],
[edit protocols (ospf | ospf3) area area-id nssa],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
nssa]
Description (Area border routers only) For an area, summarize a range of IP addresses when
sending summary link advertisements (within an area). To summarize multiple
ranges, include multiple area-range statements.
For an NSSA, summarize a range of IP addresses when sending NSSA LSAs. The
specified prefixes are used to aggregate external routes learned within the area
when the routes are advertised to other areas. To specify multiple prefixes, include
multiple area-range statements. All external routes learned within the area that do
not fall into one of the prefixes are advertised individually to other areas.
Default By default, area border routers do not summarize routes being sent from one area
to other areas, but rather send all routes explicitly.
restrict—(Optional) Do not advertise the configured summary. This hides all routes
that are contained within the summary, effectively creating a route filter.
override-metric metric—(Optional) Override the metric for the IP address range and
configure a specific metric value.
Range: 1 through 16777215
Usage Guidelines See “Configuring Route Summarization” on page 366 and “Configuring a
Not-So-Stubby Area” on page 356.
384 ! area-range
Chapter 19: Summary of OSPF Configuration Statements
authentication
Syntax authentication {
md5 key-id {
key [ key-values ];
}
simple-password key-id;
}
Description Configure an authentication key (password). Neighboring routers use the password
to verify the authenticity of packets sent from this interface.
All routers that are connected to the same IP subnet must use the same
authentication scheme and password.
authentication ! 385
JUNOS 8.1 Routing Protocols Configuration Guide
authentication-type
All routers connected to the same IP subnet must use the same authentication
scheme and password.
! none—Disable authentication.
386 ! authentication-type
Chapter 19: Summary of OSPF Configuration Statements
bfd-liveness-detection
Syntax bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number;
version (1 | automatic);
}
bfd-liveness-detection ! 387
JUNOS 8.1 Routing Protocols Configuration Guide
dead-interval
Description Specify how long OSPF waits before declaring that a neighboring router is
unavailable. This is an interval during which the router receives no hello packets
from the neighbor.
Usage Guidelines See “Modifying the Router Dead Interval” on page 369.
388 ! dead-interval
Chapter 19: Summary of OSPF Configuration Statements
default-lsa
Syntax default-lsa {
default-metric metric;
metric-type type;
type-7;
}
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id nssa],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id nssa] ,
[edit protocols (ospf | ospf3) area area-id nssa],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
nssa]
Description On area border routers only, for an NSSA, inject a default LSA with a specified
metric value into the area. The default route matches any destination that is not
explicitly reachable from within the area.
default-lsa ! 389
JUNOS 8.1 Routing Protocols Configuration Guide
default-metric
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id nssa
default-lsa],
[edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id stub],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id nssa default-lsa],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id stub],
[edit protocols (ospf | ospf3) area area-id nssa default-lsa],
[edit protocols (ospf | ospf3) area area-id stub],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id nssa
default-lsa],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
stub]
Description On area border routers only, for a stub area, inject a default route with a specified
metric value into the area. The default route matches any destination that is not
explicitly reachable from within the area.
390 ! default-metric
Chapter 19: Summary of OSPF Configuration Statements
demand-circuit
Syntax demand-circuit;
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id
interface interface-name],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols ospf area area-id sham-link-remote ],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id interface interface-name],
[edit protocols (ospf | ospf3) area area-id interface interface-name],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
interface interface-name]
[edit routing-instances routing-instance-name protocols ospf area area-id
sham-link-remote ]
Usage Guidelines See “Configuring an OSPF Demand Circuit Interface” on page 361 and “Configuring
a Sham Link” on page 378.
disable
See the following sections:
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id
interface interface-name],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id interface interface-name],
[edit protocols (ospf | ospf3) area area-id interface interface-name],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
interface interface-name]
Usage Guidelines See “Configuring Label Distribution Protocol Synchronization with the IGP” on
page 371.
demand-circuit ! 391
JUNOS 8.1 Routing Protocols Configuration Guide
disable (OSPF)
Syntax disable;
domain-id
Description Specify a domain ID for a route. The domain ID identifies the OSPFv2 domain from
which the route originated.
392 ! domain-id
Chapter 19: Summary of OSPF Configuration Statements
domain-vpn-tag
Description Set a virtual private network (VPN) tag for OSPFv2 external routes generated by the
provider edge (PE) router.
export
Description Apply one or more policies to routes being exported from the routing table into
OSPF.
Usage Guidelines See “Configuring OSPF Routing Policy” on page 377 and the JUNOS Policy
Framework Configuration Guide.
domain-vpn-tag ! 393
JUNOS 8.1 Routing Protocols Configuration Guide
external-preference
394 ! external-preference
Chapter 19: Summary of OSPF Configuration Statements
graceful-restart
Syntax graceful-restart {
disable;
helper-disable;
notify-duration seconds;
restart-duration seconds;
}
notify-duration seconds—Estimated time to send out purged grace LSAs over all the
interfaces, in seconds.
Range: 1 through 3600 seconds
Default: 30 seconds
graceful-restart ! 395
JUNOS 8.1 Routing Protocols Configuration Guide
hello-interval
Hierarchy Level [edit logical-routers logical-router-name protocols ospf area area-id peer-interface
interface-name],
[edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id
interface interface-name],
[edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id virtual-link],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id interface interface-name],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id virtual-link],
[edit protocols ospf area area-id peer-interface interface-name],
[edit protocols (ospf | ospf3) area area-id interface interface-name],
[edit protocols (ospf | ospf3) area area-id virtual-link],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
interface interface-name],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
virtual-link]
Description Specify how often the router sends hello packets out the interface. The hello interval
must be the same for all routers on a shared logical IP network.
396 ! hello-interval
Chapter 19: Summary of OSPF Configuration Statements
hold-time
Description Configure the time period to advertise the maximum cost metric for a link that is
not fully operational.
Usage Guidelines See “Configuring Label Distribution Protocol Synchronization with the IGP” on
page 371.
ignore-lsp-metrics
Syntax ignore-lsp-metrics;
Description Ignore RSVP LSP metrics in OSPF traffic engineering shortcut calculations.
Usage Guidelines See “Enabling OSPF Traffic Engineering Support” on page 375.
hold-time ! 397
JUNOS 8.1 Routing Protocols Configuration Guide
import
Description Filter OSPF routes from being added to the routing table.
Usage Guidelines See “Configuring OSPF Routing Policy” on page 377 and the JUNOS Policy
Framework Configuration Guide.
398 ! import
Chapter 19: Summary of OSPF Configuration Statements
interface
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id ],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id ],
[edit protocols (ospf | ospf3) area area-id ],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id ]
You must include at least one interface statement in the configuration to enable
OSPF on the router.
Options interface-name—Name of the interface. To configure all interfaces, you can specify
all. For details about specifying interfaces, see interface naming in the JUNOS
Network Interfaces Configuration Guide.
Usage Guidelines See “Minimum OSPF Configuration” on page 354 and “Configuring an Interface on
a Broadcast or Point-to-Point Network” on page 359.
interface ! 399
JUNOS 8.1 Routing Protocols Configuration Guide
interface-type
By default, the software chooses the correct interface type based on the type of
physical interface. Therefore, you should never have to set the interface type. The
exception to this is for NBMA interfaces, which default to an interface type of
point-to-multipoint. To have these interfaces explicitly run in NBMA mode,
configure the nbma interface type, using the IP address of the local ATM interface.
Default The software chooses the correct interface type based on the type of physical
interface.
p2mp—Point-to-multipoint interface.
p2p—Point-to-point interface.
400 ! interface-type
Chapter 19: Summary of OSPF Configuration Statements
ipsec-sa
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id
interface interface-name],
[edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id virtual-link],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id interface interface-name],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id virtual-link],
[edit protocols (ospf | ospf3) area area-id interface interface-name],
[edit protocols (ospf | ospf3) area area-id virtual-link],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
interface interface-name],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
virtual-link]
See Also JUNOS System Basics Configuration Guide, JUNOS Services Interfaces Configuration
Guide
ipsec-sa ! 401
JUNOS 8.1 Routing Protocols Configuration Guide
label-switched-path
metric—Metric value.
Range: 1 through 65,535
Default: 1
Usage Guidelines See “Advertising Label-Switched Paths into OSPF” on page 373.
ldp-synchronization
Syntax ldp-synchronization {
disable;
hold-time seconds;
}
Description Enable synchronization by advertising the maximum cost metric until LDP is
operational on the link.
Usage Guidelines See “Configuring Label Distribution Protocol Synchronization with the IGP” on
page 371.
402 ! label-switched-path
Chapter 19: Summary of OSPF Configuration Statements
lsp-metric-into-summary
Syntax lsp-metric-into-summary;
Usage Guidelines See “Enabling OSPF Traffic Engineering Support” on page 375.
md5
key-values—One or more MD5 key strings. The MD5 key values can be from 1
through 16 characters long. You can specify more than one key value within the
list. Characters can include ASCII strings. If you include spaces, enclose all
characters in quotation marks (" ").
lsp-metric-into-summary ! 403
JUNOS 8.1 Routing Protocols Configuration Guide
metric
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id
interface interface-name],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id interface interface-name],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols ospf area area-id sham-link-remote ],
[edit protocols (ospf | ospf3) area area-id interface interface-name],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
interface interface-name],
[edit routing-instances routing-instance-name protocols ospf area area-id
sham-link-remote ],
Description Cost of an OSPF interface. The cost is a routing metric that is used in the link-state
calculation.
To set the cost of routes exported into OSPF, configure the appropriate routing
policy.
Usage Guidelines See “Modifying the Interface Metric” on page 366 and “Configuring a Sham Link”
on page 378.
404 ! metric
Chapter 19: Summary of OSPF Configuration Statements
metric-type
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id nssa
default-lsa],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id nssa default-lsa] ,
[edit protocols (ospf | ospf3) area area-id nssa default-lsa],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id nssa
default-lsa]
metric-type ! 405
JUNOS 8.1 Routing Protocols Configuration Guide
neighbor
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id
interface interface-name],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id interface interface-name],
[edit protocols (ospf | ospf3) area area-id interface interface-name],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
interface interface-name]
no-nssa-abr
Syntax no-nssa-abr ;
Description Disable exporting Type 7 LSAs into NSSAs for an autonomous system border router
(ASBR) area border router (ABR).
Usage Guidelines See “Disabling NSSA Support on an ASBR ABR” on page 358.
no-summaries
406 ! neighbor
Chapter 19: Summary of OSPF Configuration Statements
nssa
Syntax nssa {
area-range network/mask-length <restrict> <exact> <override-metric metric>;
default-lsa {
default-metric metric;
metric-type type;
type-7;
}
(no-summaries | summaries);
}
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id],
[edit protocols (ospf | ospf3) area area-id],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id]
You cannot configure an area as being both a stub area and an NSSA.
ospf
You must include the ospf statement to enable OSPF on the router.
nssa ! 407
JUNOS 8.1 Routing Protocols Configuration Guide
ospf3
overload
Syntax overload {
<timeout seconds>;
}
Description Configure the local router so that it appears to be overloaded. You might do this
when you want the router to participate in OSPF routing, but do not want it to be
used for transit traffic. Note that traffic destined to immediately attached interfaces
continues to reach the router.
Usage Guidelines See “Configuring the Router to Appear Overloaded” on page 374.
408 ! ospf3
Chapter 19: Summary of OSPF Configuration Statements
passive
Syntax passive;
Description Advertise the direct interface addresses on an interface without actually running
OSPF on that interface. A passive interface is one for which the address information
is advertised as an internal route in OSPF, but on which the protocol does not run.
Enabling OSPF on an interface (by including the interface statement at the [edit
protocols (ospf | ospf3)] or the [edit routing-instances routing-instance-name protocols
ospf] hierarchy level), disabling it (by including the disable statement), and not
actually having OSPF run on an interface (by including the passive statement) are
mutually exclusive states.
Usage Guidelines See “Advertising Interface Addresses Without Running OSPF” on page 373.
passive ! 409
JUNOS 8.1 Routing Protocols Configuration Guide
peer-interface
Options interface-name—Name of the peer interface. To configure all interfaces, you can
specify all. For details about specifying interfaces, see the JUNOS Network
Interfaces Configuration Guide.
poll-interval
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id
interface interface-name],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id interface interface-name],
[edit protocols (ospf | ospf3) area area-id interface interface-name],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
interface interface-name]
Description For nonbroadcast interfaces only, specify how often the router sends hello packets
out of the interface before it establishes adjacency with a neighbor.
410 ! peer-interface
Chapter 19: Summary of OSPF Configuration Statements
preference
prefix-export-limit
preference ! 411
JUNOS 8.1 Routing Protocols Configuration Guide
priority
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id
interface interface-name],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id interface interface-name,
[edit protocols (ospf | ospf3) area area-id interface interface-name],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
interface interface-name]
Description Specify the router’s priority for becoming the designated router. The router that has
the highest priority value on the logical IP network or subnet becomes the
network’s designated router. You must configure at least one router on each logical
IP network or subnet to be the designated router. You also should specify a router’s
priority for becoming the designated router on point-to-point interfaces.
Options number—Router’s priority for becoming the designed router. A priority value of 0
means that the router never will become the designated router. A value of 1
means that the router has the least chance of becoming a designated router.
Range: 0 through 255
Default: 128
Usage Guidelines See “Designated Router” on page 348 and “Configuring the Priority for Becoming
the Designated Router” on page 365.
reference-bandwidth
Description Set the reference bandwidth used in calculating the default interface cost. The cost
is calculated using the following formula:
cost = ref-bandwidth/bandwidth
412 ! priority
Chapter 19: Summary of OSPF Configuration Statements
retransmit-interval
Hierarchy Level [edit logical-routers logical-router-name protocols ospf area area-id peer-interface
interface-name],
[edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id
interface interface-name],
[edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id virtual-link],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id interface interface-name],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id virtual-link],
[edit protocols ospf area area-id peer-interface interface-name],
[edit protocols (ospf | ospf3) area area-id interface interface-name],
[edit protocols (ospf | ospf3) area area-id virtual-link],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
interface interface-name],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
virtual-link]
Description Specify how long the router waits to receive a link-state acknowledgment packet
before retransmitting link-state advertisements to an interface’s neighbors.
NOTE: You must configure LSA retransmit intervals to be equal or greater than 3
seconds to avoid triggering a retransmit trap because the JUNOS software delays
LSA acknowledgments by up to 2 seconds.
Usage Guidelines See “Controlling the LSA Retransmission Interval” on page 369.
retransmit-interval ! 413
JUNOS 8.1 Routing Protocols Configuration Guide
rib-group
Description Install routes learned from OSPF routing instances into routing tables in the OSPF
routing table group.
Usage Guidelines See “Creating Routing Table Groups” on page 100, “Configuring How Interface
Routes Are Imported into Routing Tables” on page 101, and “Configuring BGP
Routing Table Groups” on page 576.
route-type-community
Description Specify an extended community value to encode the OSPF route type. Each
extended community is coded as an eight-octet value. This statement sets the most
significant bit to either an IANA or vendor-specific route type.
Options iana—Encode a route type with the value 0x0306. This is the default value.
414 ! rib-group
Chapter 19: Summary of OSPF Configuration Statements
sham-link
Syntax sham-link {
local address;
}
sham-link-remote
Syntax sham-link-remote {
demand-circuit;
metric metric;
}
sham-link ! 415
JUNOS 8.1 Routing Protocols Configuration Guide
shortcuts
Syntax shortcuts;
Description Configure OSPFv2 to use MPLS label-switched paths (LSPs) as next hops if possible
when installing routing information into the inet.3 routing table.
Usage Guidelines See “Enabling OSPF Traffic Engineering Support” on page 375.
simple-password
416 ! shortcuts
Chapter 19: Summary of OSPF Configuration Statements
spf-delay
spf-delay ! 417
JUNOS 8.1 Routing Protocols Configuration Guide
stub
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id],
[edit protocols (ospf | ospf3) area area-id],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id]
Description Indicate that this area should not be flooded with AS external link-state
advertisements. You must include the stub statement when configuring all routers
that are in the stub area.
You cannot configure an area as being both a stub area and an NSSA.
Options default-metric metric—(Optional) Inject a default route with a specified metric value
into the area. The default route matches any destination that is not explicitly
reachable from within the area.
Range: 1 through 16,777,215
no-summaries—(Optional) Do not advertise routes into the stub area. If you include
the default-metric option, only the default route is advertised.
418 ! stub
Chapter 19: Summary of OSPF Configuration Statements
summaries
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id nssa],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id nssa],
[edit protocols (ospf | ospf3) area area-id nssa],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
nssa]
Description Configure whether area border routers advertise summary routes into an NSSA:
te-metric
Hierarchy Level [edit logical-routers logical-router-name protocols ospf area area-id interface
interface-name],
[edit protocols ospf area area-id interface interface-name]
Description Metric value used by traffic engineering for information injected into the Traffic
Engineering Database (TED). The value of the traffic engineering metric does not
affect normal OSPF forwarding.
Usage Guidelines See “Modifying the Traffic Engineering Metric” on page 376.
summaries ! 419
JUNOS 8.1 Routing Protocols Configuration Guide
traceoptions
Syntax traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
To specify more than one tracing operation, include multiple flag statements.
Default The default OSPF protocol-level tracing options are those inherited from the routing
protocols traceoptions statement included at the [edit routing-options] hierarchy
level.
Options disable—(Optional) Disable the tracing operation. You can use this option to disable
a single operation when you have defined a broad group of tracing operations,
such as all.
file name—Name of the file to receive the output of the tracing operation. Enclose
the name within quotation marks. All files are placed in the directory /var/log.
We recommend that you place OSPF tracing output in the file ospf-log.
files number—(Optional) Maximum number of trace files. When a trace file named
trace-file reaches its maximum size, it is renamed trace-file.0, then trace-file.1,
and so on, until the maximum number of trace files is reached. Then, the
oldest trace file is overwritten.
If you specify a maximum number of files, you also must specify a maximum
file size with the size option.
420 ! traceoptions
Chapter 19: Summary of OSPF Configuration Statements
! state—State transitions.
! timer—Timer usage.
flag-modifier—(Optional) Modifier for the tracing flag. You can specify one or more
of these modifiers:
traceoptions ! 421
JUNOS 8.1 Routing Protocols Configuration Guide
size size—(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes
(MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is
renamed trace-file.0. When the trace-file again reaches its maximum size,
trace-file.0 is renamed trace-file.1 and trace-file is renamed trace-file.0. This
renaming scheme continues until the maximum number of trace files is
reached. Then, the oldest trace file is overwritten.
If you specify a maximum file size, you also must specify a maximum number
of trace files with the files option.
Required Privilege Level routing and trace—To view this statement in the configuration.
routing-control and trace-control—To add this statement to the configuration.
422 ! traceoptions
Chapter 19: Summary of OSPF Configuration Statements
traffic-engineering
Syntax traffic-engineering {
<multicast-rpf-routes>;
<no-topology>;
<shortcuts> {
<ignore-lsp-metrics>;
<lsp-metric-into-summary>;
}
}
Options multicast-rpf-routes—(Optional) Install routes for multicast RPF checks into the
inet.2 routing table.
Usage Guidelines See “Enabling OSPF Traffic Engineering Support” on page 375.
traffic-engineering ! 423
JUNOS 8.1 Routing Protocols Configuration Guide
transit-delay
Hierarchy Level [edit logical-routers logical-router-name protocols ospf area area-id peer-interface
interface-name],
[edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id
interface interface-name],
[edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id virtual-link],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols ospf area area-id interface interface-name],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols ospf area area-id virtual-link],
[edit protocols ospf area area-id peer-interface interface-name],
[edit protocols (ospf | ospf3) area area-id interface interface-name],
[edit protocols (ospf | ospf3) area area-id virtual-link],
[edit routing-instances routing-instance-name protocols ospf area area-id
interface interface-name],
[edit routing-instances routing-instance-name protocols ospf area area-id virtual-link]
Description Set the estimated time required to transmit a link-state update on the interface.
When calculating this time, you should account for transmission and propagation
delays.
424 ! transit-delay
Chapter 19: Summary of OSPF Configuration Statements
transmit-interval
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id
interface interface-name],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id interface interface-name],
[edit protocols (ospf | ospf3) area area-id interface interface-name],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area-id
interface interface-name]
Description Set the interval at which OSPF packets are transmitted on an interface.
Usage Guidelines See “Controlling the LSA Retransmission Interval” on page 369.
type-7
Syntax type-7;
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id nssa
default-lsa],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols (ospf | ospf3) area area-id nssa default-lsa],
[edit protocols (ospf | ospf3) area area-id nssa default-lsa],
[edit routing-instances routing-instance-name protocols (ospf | ospf3) area area
nssa default-lsa]
transmit-interval ! 425
JUNOS 8.1 Routing Protocols Configuration Guide
virtual-link
Hierarchy Level [edit logical-routers logical-router-name protocols (ospf | ospf3) area area-id],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols ospf area area-id],
[edit protocols (ospf | ospf3) area area-id],
[edit routing-instances routing-instance-name protocols ospf area area-id]
Description For backbones only, create a virtual link to use in place of an actual physical link. All
area border routers and other routers on the backbone must be contiguous. If this is
not possible and there is a break in OSPF connectivity, use virtual links to create
connectivity to the OSPF backbone. When configuring virtual links, you must
configure links on the two routers that form the end points of the link, and both
these two routers must be area border routers. You cannot configure links through
stub areas.
Options neighbor-id router-id—IP address of the router at the remote end of the virtual link.
transit-area area-id—Area identifier of the area through which the virtual link
transits. Virtual links are not allowed to transit the backbone area.
426 ! virtual-link
Chapter 20
RIP Overview
The Routing Information Protocol (RIP) is an interior gateway protocol (IGP) that
uses a distance-vector algorithm to determine the best route to a destination, using
the hop count as the metric.
This chapter discusses the following topics that provide background information
about RIP:
RIP version 1 packets contain the minimal information necessary to route packets
through a network. However, this version of RIP does not support authentication or
subnetting.
! The longest network path cannot exceed 15 hops (assuming that each network,
or hop, has a cost of 1).
! RIP uses only a fixed metric to select a route. Other IGPs use additional
parameters, such as measured delay, reliability, and load.
RIP Standards
RIP is defined in the following documents:
To access Internet Requests for Comments (RFCs) and drafts, go to the Internet
Engineering Task Force (IETF) Web site at http://www.ietf.org.
RIP Packets
RIP packets contain the following fields:
To configure the Routing Information Protocol (RIP), you include the following
statements:
protocols {
rip {
any-sender;
authentication-key password;
type;
(check-zero | no-check-zero);
graceful-restart {
disable;
restart-time seconds;
}
holddown seconds;
import [ policy-names ];
message-size number ;
metric-in metric;
receive receive-options;
rib-group group-name;
route-timeout seconds;
send send-options;
update-interval seconds;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
group group-name {
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number ;
version (0 | 1 | automatic);
}
export [ policy-names ];
metric-out metric
preference number ;
route-timeout seconds;
update-interval seconds;
neighbor neighbor-name {
authentication-key password;
authentication-type type;
! 429
JUNOS 8.1 Routing Protocols Configuration Guide
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number ;
version (0 | 1 | automatic);
}
(check-zero | no-check-zero);
import [ policy-names ];
message-size number ;
metric-in metric;
metric-out metric;
receive receive-options;
route-timeout seconds;
send send-options;
update-interval seconds;
}
}
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
To have a router exchange routes with other routers, you must configure RIP
groups and neighbors. RIP routes received from routers not configured as RIP
neighbors are ignored. Likewise, RIP routes are advertised only to routers
configured as RIP neighbors, with an appropriate RIP export policy applied.
430 !
Chapter 21: RIP Configuration Guidelines
protocols {
rip {
group group-name {
neighbor interface-name {
}
}
}
}
NOTE: When you configure RIP on an interface, you must also configure family inet
at the [edit interfaces interface-name unit logical-unit-number] hierarchy level. For
more information about the family inet statement, see the JUNOS Network
Interfaces Configuration Guide.
authentication-key password;
authentication-type type;
(check-zero | no-check-zero);
import [ policy-names ];
message-size number;
metric-in metric;
receive receive-options;
rib-group group-name;
send send-options;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
neighbor neighbor-name {
authentication-key password;
authentication-type type;
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number ;
version (0 | 1 | automatic);
}
(check-zero | no-check-zero);
import [ policy-names ];
message-size number ;
metric-in metric;
receive receive-options;
send send-options;
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
Configuring Authentication
You can configure the router to authenticate RIP route queries. By default,
authentication is disabled. You can use the following authentication method:
authentication-key password;
authentication-type type;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
The password can be up to 16 contiguous characters and can include any ASCII
strings.
To change the default metric to be added to incoming routes, include the metric-in
statement:
metric-in metric;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
RIP routes expire when either a route timeout limit is met or a route metric reaches
infinity, and the route is no longer valid. However, the expired route is retained in
the routing table for a time period so that neighbors can be notified that the route
has been dropped. This time period is set by configuring the hold-down timer. Upon
expiration of the hold-down timer, the route is removed from the routing table.
To configure the hold-down timer for RIP, include the holddown statement:
holddown seconds;
seconds can be a value from 10 through 180. The default value is 120 seconds.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can set a route timeout interval. If a route is not refreshed after being installed
into the routing table by the specified time interval, the route is removed from the
routing table.
To configure the route timeout for RIP, include the route-timeout statement:
route-timeout seconds;
seconds can be a value from 60 through 360. The default value is 180 seconds.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can set an update time interval to periodically send out routes learned by RIP to
neighbors.
update-interval seconds;
seconds can be a value from 10 through 60. The default value is 30 seconds.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
message-size number ;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
NOTE: To ensure interoperability with routers from other vendors, do not change
the default number of route entries in a RIP update message.
If you find that you are receiving RIP version 1 packets with nonzero values in the
reserved fields or RIP version 2 packets with nonzero values in the fields that must
be zero, you can configure RIP to receive these packets in spite of the fact that they
are being sent in violation of the specifications in RFC 1058 and RFC 2453. To
receive packets whose reserved fields are nonzero, include the no-check-zero
statement:
no-check-zero;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
receive receive-options;
send send-options;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
rib-group group-name;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
import [ policy-names ];
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
For more information about creating policies, see the JUNOS Policy Framework
Configuration Guide.
export [ policy-names ];
To configure export policy globally for all RIP neighbors, include the export
statement.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can define one or more export policies. If no routes match the policies, the
local router does not export any routes to its neighbors. Export policies override
any metric values determined through calculations involving the metric-in and
metric-out values.
For more information about creating policies, see the JUNOS Policy Framework
Configuration Guide.
To modify the default RIP preference value, include the preference statement:
preference preference;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
The metric associated with a RIP route (unless modified by an export policy) is the
normal RIP metric. For example, a RIP route with a metric of 5 learned from a
neighbor configured with a metric-in value of 2 is advertised with a combined metric
of 7 when advertised to RIP neighbors in the same group. However, if this route
was learned from a RIP neighbor in a different group or from a different protocol,
the route is advertised with the metric value configured for that group with the
metric-out statement. The default value for metric-out is 1.
The metric for a route may be modified with an export policy. That metric is seen
when the route is exported to the next hop.
To increase the metric for routes advertised outside a group, include the metric-out
statement:
metric-out metric;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can configure graceful restart parameters specifically for RIP. To do this, include
the graceful-restart statement:
graceful-restart {
restart-time seconds;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To disable graceful restart for RIP, specify the disable statement. To configure a time
period for the restart to finish, specify the restart-time statement.
NOTE: To enable BFD for RIP, both sides of the connection must receive an update
message from the peer. By default, RIP does not export any routes. Therefore you
must enable update messages to be sent by configuring an export policy for
routes before a BFD session is triggered.
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number ;
version (0 | 1 | automatic);
}
To specify the minimum transmit and receive interval for failure detection, include
the minimum-interval statement:
minimum-interval milliseconds;
NOTE: Specifying an interval smaller than 300 ms can cause undesired BFD
flapping.
To specify the minimum receive interval for failure detection, include the
minimum-receive-interval statement:
minimum-receive-interval milliseconds;
To specify the minimum transmit interval for failure detection, include the
minimum-transmit-interval statement:
minimum-transmit-interval milliseconds;
To specify the detection time multiplier for failure detection, include the multiplier
statement:
multiplier number ;
To specify the BFD version used for detection, include the version statement:
version (0 | 1 | automatic);
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
any-sender;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can specify the following RIP-specific options in the RIP traceoptions
statement:
NOTE: Use the traceoption flags detail and all with caution. These flags may cause
the CPU to become very busy.
For general information about tracing and global tracing options, see “Tracing
Global Routing Protocol Operations” on page 114.
[edit]
routing-options {
traceoptions {
file /var/log/routing-log;
flag errors;
}
}
protocols {
rip {
traceoptions {
file /var/log/rip-log;
flag packets detail;
}
}
}
[edit policy-options]
policy-statement redist-direct {
from protocol direct;
then accept;
}
[edit]
interfaces {
so-0/0/0 {
unit 0 {
inet;
}
}
at-1/1/0 {
unit 0 {
inet;
}
}
at-1/1/0 {
unit 42 {
inet;
}
}
at-1/1/1 {
unit 42 {
inet;
}
}
}
policy-statement redist-direct {
from protocol direct;
then accept;
}
[edit protocols rip]
metric-in 3;
receive both;
group wan {
metric-out 2;
export redist-direct;
neighbor so-0/0/0.0;
neighbor at-1/1/0.0;
neighbor at-1/1/0.42;
neighbor at-1/1/1.42 {
receive version-2;
}
}
group local {
neighbor ge-2/3/0.0 {
metric-in 1;
send broadcast;
}
}
The following sections explain each of the individual Routing Information Protocol
(RIP) statements in the [edit protocols rip] hierarchy. The statements are organized
alphabetically.
any-sender
Syntax any-sender;
Hierarchy Level [edit logical-routers logical-router-name protocols rip group group-name neighbor
neighbor-name],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols rip group group-name neighbor neighbor-name],
[edit protocols rip group group-name neighbor neighbor-name],
[edit routing-instances routing-instance-name protocols rip group group-name neighbor
neighbor-name]
any-sender ! 443
JUNOS 8.1 Routing Protocols Configuration Guide
authentication-key
Options password—Authentication password. If the password does not match, the packet is
rejected. The password can be from 1 through 16 contiguous characters long
and can include any ASCII strings.
444 ! authentication-key
Chapter 22: Summary of RIP Configuration Statements
authentication-type
Description Configure the type of authentication for RIP route queries received on an interface.
Default If you do not include this statement and the authentication-key statement, RIP
authentication is disabled.
authentication-type ! 445
JUNOS 8.1 Routing Protocols Configuration Guide
bfd-liveness-detection
Syntax bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number;
version (0 | 1 | automatic);
}
446 ! bfd-liveness-detection
Chapter 22: Summary of RIP Configuration Statements
check-zero
Description Check whether the reserved fields in a RIP packet are zero:
Default: check-zero
Usage Guidelines See “Accepting Packets Whose Reserved Fields Are Nonzero” on page 434.
check-zero ! 447
JUNOS 8.1 Routing Protocols Configuration Guide
export
Usage Guidelines See “Applying Export Policy” on page 436 and the JUNOS Policy Framework
Configuration Guide.
graceful-restart
Syntax graceful-restart {
disable;
restart-time seconds;
}
Usage Guidelines See “Configuring Graceful Restart” on page 110 and “Configuring Graceful Restart”
on page 437.
448 ! export
Chapter 22: Summary of RIP Configuration Statements
group
Description Configure a set of RIP neighbors that share an export policy and metric. The export
policy and metric govern what routes to advertise to neighbors in a given group.
group ! 449
JUNOS 8.1 Routing Protocols Configuration Guide
holddown
Description Configure the time period the expired route is retained in the routing table before
being removed.
Options seconds—Estimated time to wait before making updates to the routing table, in
seconds.
Range: 10 through 180 seconds
Default: 180 seconds
import
Description Apply one or more policies to routes being imported into the local router from the
neighbors.
Usage Guidelines See “Applying Import Policy” on page 435 and the JUNOS Policy Framework
Configuration Guide.
450 ! holddown
Chapter 22: Summary of RIP Configuration Statements
message-size
Description Number of route entries to be included in every RIP update message. To ensure
interoperability with other vendors’ equipment, use the standard of 25 route
entries per message.
Usage Guidelines See “Configuring the Number of Route Entries in an Update Message” on page 434.
message-size ! 451
JUNOS 8.1 Routing Protocols Configuration Guide
metric-in
Description Metric to add to incoming routes when advertising into RIP routes that were
learned from other protocols. Use this statement to configure the router to prefer
RIP routes learned through a specific neighbor.
metric-out
Hierarchy Level [edit logical-routers logical-router-name protocols rip group group-name neighbor
neighbor-name],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols rip group group-name neighbor neighbor-name],
[edit protocols rip group group-name neighbor neighbor-name],
[edit routing-instances routing-instance-name protocols rip group group-name
neighbor neighbor-name]
Description Metric value to add to routes transmitted to the neighbor. Use this statement to
control how other routers prefer RIP routes sent from this neighbor.
452 ! metric-in
Chapter 22: Summary of RIP Configuration Statements
neighbor
Description Configure neighbor-specific RIP parameters, thereby overriding the defaults set for
the router.
no-check-zero
neighbor ! 453
JUNOS 8.1 Routing Protocols Configuration Guide
preference
Description Preference of external routes learned by RIP as compared to those learned from
other routing protocols.
454 ! preference
Chapter 22: Summary of RIP Configuration Statements
receive
Default: both
receive ! 455
JUNOS 8.1 Routing Protocols Configuration Guide
rib-group
Description Install RIP routes into multiple routing tables by configuring a routing table group.
rip
456 ! rib-group
Chapter 22: Summary of RIP Configuration Statements
route-timeout
Options seconds—Estimated time to wait before making updates to the routing table, in
seconds.
Range: 30 through 360 seconds
Default: 180 seconds
route-timeout ! 457
JUNOS 8.1 Routing Protocols Configuration Guide
send
Default: multicast
458 ! send
Chapter 22: Summary of RIP Configuration Statements
traceoptions
Syntax traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
Default The default RIP protocol-level trace options are inherited from the global
traceoptions statement.
Options disable—(Optional) Disable the tracing operation. One use of this option is to
disable a single operation when you have defined a broad group of tracing
operations, such as all.
file name—Name of the file to receive the output of the tracing operation. Enclose
the name in quotation marks. We recommend that you place RIP tracing
output in the file /var/log/rip-log.
files number—(Optional) Maximum number of trace files. When a trace file named
trace-file reaches its maximum size, it is renamed trace-file.0, then trace-file.1,
and so on, until the maximum number of trace files is reached. Then, the
oldest trace file is overwritten.
If you specify a maximum number of files, you must also specify a maximum
file size with the size option.
! auth—RIP authentication
! error—RIP errors
traceoptions ! 459
JUNOS 8.1 Routing Protocols Configuration Guide
! state—State transitions
! timer—Timer usage
flag-modifier—(Optional) Modifier for the tracing flag. You can specify one or more
of these modifiers:
460 ! traceoptions
Chapter 22: Summary of RIP Configuration Statements
If you specify a maximum file size, you must also specify a maximum number
of trace files with the files option.
update-interval
Description Configure an update time interval to periodically send out routes learned by RIP to
neighbors.
Options seconds—Estimated time to wait before making updates to the routing table, in
seconds.
Range: 10 through 60 seconds
Default: 30 seconds
update-interval ! 461
JUNOS 8.1 Routing Protocols Configuration Guide
462 ! update-interval
Chapter 23
RIPng Overview
This chapter discusses the following topics that provide background information
about RIPng:
RIPng is a User Datagram Protocol (UDP)-based protocol and uses UDP port 521.
! The longest network path cannot exceed 15 hops (assuming that each network,
or hop, has a cost of 1).
! RIPng uses only a fixed metric to select a route. Other IGPs use additional
parameters, such as measured delay, reliability, and load.
RIPng Standards
RIPng is defined in the following documents:
To access Internet Requests for Comments (RFCs) and drafts, go to the Internet
Engineering Task Force (IETF) Web site at http://www.ietf.org.
RIPng Packets
A RIPng packet header contains the following fields:
The rest of the RIPng packet contains a list of routing table entries that contain the
following fields:
! Route tag—A route attribute that must be advertised and redistributed with the
route. Primarily, the route tag distinguishes external RIPng routes from internal
RIPng routes in cases where routes must be redistributed across an exterior
gateway protocol (EGP).
To configure Routing Information Protocol next generation (RIPng), you include the
following statements:
protocols {
ripng {
graceful-restart {
disable;
restart-time seconds;
}
holddown seconds;
import [ policy-names ];
metric-in metric;
receive <none>;
route-timeout seconds;
send <none>;
update-interval seconds;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
group group-name {
export [ policy-names ];
metric-out metric;
preference number ;
route-timeout seconds;
update-interval seconds;
neighbor neighbor-name {
import [ policy-names ];
metric-in metric;
receive <none>;
route-timeout seconds;
send <none>;
update-interval seconds;
}
}
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
! 465
JUNOS 8.1 Routing Protocols Configuration Guide
NOTE: By default, RIPng routes are not redistributed. You must configure export
policy needs to redistribute RIPng routes.
To have a router exchange routes with other routers, you must configure RIPng
groups and neighbors. RIPng routes received from routers not configured as RIPng
neighbors are ignored. Likewise, RIPng routes are advertised only to routers
configured as RIPng neighbors.
This chapter discusses the following topics that provide information for configuring
and monitoring RIPng:
[edit]
protocols {
ripng {
group group-name {
neighbor interface-name;
}
}
}
NOTE: When you configure RIPng on an interface, you must also configure family
inet6 at the [edit interfaces interface-name unit logical-unit-number] hierarchy level.
import [ policy-names ];
metric-in metric;
receive receive-options;
send send-options;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
neighbor neighbor-name {
import [ policy-names ];
metric-in metric;
receive receive-options;
send send-options;
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
To change the default metric to be added to incoming routes, include the metric-in
statement:
metric-in metric;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
RIPng routes expire when either a route timeout limit is met or a route metric
reaches infinity, and the route is no longer valid. However, the expired route is
retained in the routing table for a time period so that neighbors can be notified that
the route has been dropped. This time period is set by configuring the hold-down
timer. Upon expiration of the hold-down timer, the route is removed from the
routing table.
To configure the hold-down timer for RIPng, include the holddown statement:
holddown seconds;
seconds can be a value from 10 through 180. The default value is 120 seconds.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can set a route timeout interval. If a route is not refreshed after being installed
into the routing table by the specified time interval, the route is removed from the
routing table.
To configure the route timeout for RIPng, include the route-timeout statement:
route-timeout seconds;
seconds can be a value from 60 through 360. The default value is 180 seconds.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can set an update time interval to periodically send out routes learned by RIPng
to neighbors.
update-interval seconds;
seconds can be a value from 10 through 60. The default value is 30 seconds.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
receive none;
send none;
To enable the sending and receiving of update messages, include the receive and
send statements:
receive;
send;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
import [ policy-names ];
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
group group-name {
export [ policy-names ];
metric-out metric;
neighbor {
neighbor-options;
}
preference number ;
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
Each group must contain at least one neighbor. You should create a group for each
export policy that you have. For information about configuring neighbors, see
“Defining RIPng Global Properties” on page 467.
export [ policy--names ];
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can define one or more export policies. If no routes match the policies, the
local router does not export any routes to its neighbors. Export policies override
any metric values determined through calculations involving the metric-in and
metric-out values.
To modify the default RIPng preference value, include the preference statement:
preference preference;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
If a route being exported was learned from a member of the same RIPng group, the
metric associated with that route (unless modified by an export policy) is the
normal RIPng metric. For example, a RIPng route with a metric of 5 learned from a
neighbor configured with a metric-in value of 2 is advertised with a combined metric
of 7 when advertised to RIPng neighbors in the same group. However, if this route
was learned from a RIPng neighbor in a different group or from a different
protocol, the route is advertised with the metric value configured for that group with
the metric-out statement. The default value for metric-out is 1.
To modify the metric for routes advertised outside a group, include the metric-out
statement:
metric-out metric;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can configure graceful restart parameters specifically for RIPng. To do this,
include the graceful-restart statement:
graceful-restart {
restart-time seconds;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To disable graceful restart for RIPng, specify the disable statement. To configure a
time period for the restart to finish, specify the restart-time statement.
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can specify the following RIPng-specific options in the RIPng traceoptions
statement:
! all—Trace everything.
NOTE: Use the traceoption flags detail and all with caution. These flags may cause
the CPU to become very busy.
[edit policy-options]
policy-statement redist-direct {
from protocol direct;
then accept;
}
[edit protocols ripng]
metric-in 3;
group wan {
metric-out 2;
export redist-direct;
neighbor so-0/0/0.0;
neighbor at-1/1/0.0;
neighbor at-1/1/0.42;
neighbor at-1/1/1.42 {
receive version-2;
}
}
group local {
neighbor ge-2/3/0.0 {
metric-in 1;
send broadcast;
}
}
The following sections explain each of the individual Routing Information Protocol
next generation (RIPng) statements in the [edit protocols ripng] hierarchy. The
statements are organized alphabetically.
export
Description Apply a policy or list of policies to routes being exported to the neighbors.
export ! 473
JUNOS 8.1 Routing Protocols Configuration Guide
graceful-restart
Syntax graceful-restart {
disable;
restart-time seconds;
}
Usage Guidelines See “Configuring Graceful Restart” on page 110 and “Configuring Graceful Restart”
on page 471.
474 ! graceful-restart
Chapter 25: Summary of RIPng Configuration Statements
group
Description Configure a set of RIPng neighbors that share an export policy and metric. The
export policy and metric govern what routes to advertise to neighbors in a given
group.
holddown
Description Configure the time period the expired route is retained in the routing table before
being removed.
Options seconds—Estimated time to wait before making updates to the routing table, in
seconds.
Default: 180 seconds
Range: 10 through 180 seconds
group ! 475
JUNOS 8.1 Routing Protocols Configuration Guide
import
Description Apply one or more policies to routes being imported into the local router from the
neighbors.
metric-in
Description Metric to add to incoming routes when advertising into RIPng routes that were
learned from other protocols. Use this statement to configure the router to prefer
RIPng routes learned through a specific neighbor.
476 ! import
Chapter 25: Summary of RIPng Configuration Statements
metric-out
Description Metric value to add to routes transmitted to the neighbor. Use this statement to
control how other routers prefer RIPng routes sent from this neighbor.
neighbor
Description Configure neighbor-specific RIPng parameters, thereby overriding the defaults set
for the router.
metric-out ! 477
JUNOS 8.1 Routing Protocols Configuration Guide
preference
Description Preference of external routes learned by RIPng as compared to those learned from
other routing protocols.
receive
478 ! preference
Chapter 25: Summary of RIPng Configuration Statements
ripng
route-timeout
Options seconds—Estimated time to wait before making updates to the routing table, in
seconds.
Range: 60 through 360 seconds
Default: 180 seconds
ripng ! 479
JUNOS 8.1 Routing Protocols Configuration Guide
send
480 ! send
Chapter 25: Summary of RIPng Configuration Statements
traceoptions
Syntax traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
Default The default RIPng protocol-level trace options are inherited from the global
traceoptions statement.
Options disable—(Optional) Disable the tracing operation. One use of this option is to
disable a single operation when you have defined a broad group of tracing
operations, such as all.
file name—Name of the file to receive the output of the tracing operation. Enclose
the name in quotation marks. We recommend that you place RIPng tracing
output in the file /var/log/ripng-log.
files number—(Optional) Maximum number of trace files. When a trace file named
trace-file reaches its maximum size, it is renamed trace-file.0, then trace-file.1,
and so on, until the maximum number of trace files is reached. Then, the
oldest trace file is overwritten.
If you specify a maximum number of files, you must also specify a maximum
file size with the size option.
flag flag—Tracing operation to perform. To specify more than one tracing operation,
include multiple flag statements. The following are the RIPng–specific tracing
options:
! error—RIPng errors
traceoptions ! 481
JUNOS 8.1 Routing Protocols Configuration Guide
! state—State transitions
! timer—Timer usage
flag-modifier—(Optional) Modifier for the tracing flag. You can specify one or more
of these modifiers:
482 ! traceoptions
Chapter 25: Summary of RIPng Configuration Statements
If you specify a maximum file size, you must also specify a maximum number
of trace files with the files option.
update-interval
Description Configure an update time interval to periodically send out routes learned by RIP to
neighbors.
Options seconds—Estimated time to wait before making updates to the routing table, in
seconds.
Range: 10 through 60 seconds
Default: 30 seconds
update-interval ! 483
JUNOS 8.1 Routing Protocols Configuration Guide
484 ! update-interval
Chapter 26
ICMP Router Discovery Overview
The router discovery messages do not constitute a routing protocol. They enable
hosts to discover the existence of neighboring routers, but do not determine which
router is best to reach a particular destination.
This chapter discusses the following topics that provide background information
about ICMP router discovery:
To access Internet Requests for Comments (RFCs) and drafts, go to the Internet
Engineering Task Force (IETF) Web site at http://www.ietf.org.
The server can either transmit broadcast or multicast router advertisement packets.
Multicast packets are sent to 224.0.0.1, which is the all-hosts multicast address.
When packets are sent to the all-hosts multicast address, or when an interface is
configured for the limited-broadcast address 255.255.255.255, all IP addresses
configured on the physical interface are included in the router advertisement. When
the packets are being sent to a network or subnet broadcast address, only the
address associated with that network or subnet is included in the router
advertisement.
When the routing protocol process first starts on the server router, the server sends
router advertisement packets every few seconds. Then, the server sends these
packets less frequently, commonly every 10 minutes.
The server responds to route solicitation packets it receives from a client. The
response is sent unicast unless a router advertisement packet is due to be sent out
momentarily.
The preference level specifies the router’s preference to become the default router.
When a host chooses a default router address, it chooses the address with the
highest preference. You can configure the preference level with the priority
statement.
The lifetime field indicates the maximum length of time that the advertised
addresses are to be considered valid by hosts in the absence of further
advertisements. You can configure the advertising rate with the
max-advertisement-interval and min-advertisement-interval statements, and you can
configure the lifetime with the lifetime statement.
To configure a router as a server for Internet Control Message Protocol (ICMP) router
discovery, you can include the following statements in the configuration:
protocols {
router-discovery {
disable;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <detail> <disable>;
}
interface interface-name {
min-advertisement-interval seconds;
max-advertisement-interval seconds;
lifetime seconds;
}
address address {
(advertise | ignore);
(broadcast | multicast);
(priority number | ineligible);
}
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
This chapter describes the following tasks for configuring ICMP router discovery:
! 487
JUNOS 8.1 Routing Protocols Configuration Guide
protocols {
router-discovery;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
NOTE: When you configure ICMP on an interface, you must also configure family
inet at the [edit interfaces interface-name unit logical-unit-number] hierarchy level.
For more information about the family inet statement, see the JUNOS Network
Interfaces Configuration Guide.
address address {
(advertise | ignore);
(broadcast | multicast);
(priority number | ineligible);
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
Specify the IP address of the router, and optionally specify the following
information about the router:
min-advertisement-interval seconds;
max-advertisement-interval seconds;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
lifetime seconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
You can specify the following ICMP-specific options in the ICMP flag statement:
! all—Trace everything.
NOTE: Use the traceoption flags detail and all with caution. These flags may cause
the CPU to become very busy.
For general information about tracing and global tracing options, see “Tracing
Global Routing Protocol Operations” on page 114.
[edit]
routing-options {
traceoptions {
file routing-log;
}
}
protocols {
router-discovery {
traceoptions {
file icmp-log;
flag state;
}
}
}
The following sections explain each of the Internet Control Message Protocol (ICMP)
router discovery configuration statements. The statements are organized
alphabetically.
address
Options address—IP address. To specify more than one address, specify multiple addresses
or include multiple address statements.
Usage Guidelines See “Configuring the Addresses to Include in Router Advertisements” on page 488.
address ! 493
JUNOS 8.1 Routing Protocols Configuration Guide
advertise
Description Specify whether the server should advertise the IP address in its router
advertisement packets:
Default advertise
Usage Guidelines See “Configuring the Addresses to Include in Router Advertisements” on page 488.
broadcast
Description Specify when the server should include the IP addresses in router advertisement
packets. On the same physical interfaces, some addresses might be included only
in multicast packets, while others might be included only in broadcast packets.
If you specify broadcast, the server includes the addresses in router advertisement
packets only if the packets are broadcast.
Default multicast if the router supports IP multicast; broadcast if the router does not support
IP multicast.
Usage Guidelines See “Configuring the Addresses to Include in Router Advertisements” on page 488.
494 ! advertise
Chapter 28: Summary of ICMP Router Discovery Configuration Statements
disable
Syntax disable;
ignore
ineligible
interface
Description Specify physical interfaces on which to configure timers for router advertisement
messages.
Options interface-name—Name of an interface. Specify the full interface name, including the
physical and logical address components. To configure all interfaces, specify
all. For details about specifying interfaces, see the JUNOS Network Interfaces
Configuration Guide.
Usage Guidelines See “Configuring the Frequency of Router Advertisements” on page 489 and
“Modifying the Router Advertisement Lifetime” on page 489.
disable ! 495
JUNOS 8.1 Routing Protocols Configuration Guide
lifetime
Description How long the addresses sent by the server in its router advertisement packets are
valid. This time must be long enough so that another router advertisement packet is
sent before the lifetime has expired. The lifetime value is placed in the
advertisement lifetime field of the router advertisement packet.
Options seconds—Lifetime value. A value of 0 indicates that one or more addresses are no
longer valid.
Range: 3, max-advertisement-interval value through 2 hours, 30 minutes (9000
seconds), specified in seconds
Default: 1800 seconds (30 minutes; three times the default
max-advertisement-interval value)
Usage Guidelines See “Modifying the Router Advertisement Lifetime” on page 489.
max-advertisement-interval
Description Maximum time the router waits before sending periodic router advertisement
packets out the interface. These packets are broadcast or multicast, depending on
how the address corresponding to this physical interface is configured.
Usage Guidelines See “Configuring the Frequency of Router Advertisements” on page 489.
496 ! lifetime
Chapter 28: Summary of ICMP Router Discovery Configuration Statements
min-advertisement-interval
Description Minimum time the router waits before sending router advertisement packets out
the interface in response to route solicitation packets it receives from a client. These
packets are broadcast or multicast, depending on how the address corresponding to
this physical interface is configured.
Usage Guidelines See “Configuring the Frequency of Router Advertisements” on page 489.
multicast
Description Specify when the server should include the IP addresses in router advertisement
packets. On the same physical interfaces, some addresses might be included only in
multicast packets, while others might be included only in broadcast packets.
If you specify multicast, the server includes the addresses in router advertisement
packets only if the packets are multicast. If the router supports IP multicast, and if
the interface supports IP multicast, multicast is the default. Otherwise, the
addresses are included in broadcast router advertisement packets. If the router does
not support IP multicast, the addresses are not included.
Default multicast if the router supports IP multicast; broadcast if the router does not support
IP multicast.
Usage Guidelines See “Configuring the Addresses to Include in Router Advertisements” on page 488.
min-advertisement-interval ! 497
JUNOS 8.1 Routing Protocols Configuration Guide
priority
Description Preference of the address to become a default router. This preference is set relative
to the preferences of other router addresses on the same subnet.
Usage Guidelines See “Configuring the Addresses to Include in Router Advertisements” on page 488.
router-discovery
Usage Guidelines See “Minimum Router Discovery Server Configuration” on page 488.
498 ! priority
Chapter 28: Summary of ICMP Router Discovery Configuration Statements
traceoptions
Syntax traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
To specify more than one tracing operation, include multiple flag statements.
Default The default ICMP protocol-level tracing options are inherited from the routing
protocols traceoptions statement included at the [edit routing-options] hierarchy
level.
Options disable—(Optional) Disable the tracing operation. One use of this option is to
disable a single operation when you have defined a broad group of tracing
operations, such as all.
file name—Name of the file to receive the output of the tracing operation. Enclose
the name within quotation marks. All files are placed in the directory /var/log.
We recommend that you place ICMP tracing output in the file icmp-log.
files number—(Optional) Maximum number of trace files. When a trace file named
trace-file reaches its maximum size, it is renamed trace-file.0, then trace-file.1,
and so on, until the maximum number of trace files is reached. Then, the
oldest trace file is overwritten.
If you specify a maximum number of files, you also must specify a maximum
file size with the size option.
flag flag—Tracing operation to perform. To specify more than one tracing operation,
include multiple flag statements. These are the ICMP-specific tracing options:
! packets—All packets
traceoptions ! 499
JUNOS 8.1 Routing Protocols Configuration Guide
! state—State transitions
! timer—Timer usage
flag-modifier—(Optional) Modifier for the tracing flag. You can specify one or more
of these modifiers:
size size—(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes
(MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is
renamed trace-file.0. When the trace-file again reaches its maximum size,
trace-file.0 is renamed trace-file.1 and trace-file is renamed trace-file.0. This
renaming scheme continues until the maximum number of trace files is
reached. Then, the oldest trace file is overwritten.
If you specify a maximum file size, you also must specify a maximum number
of trace files with the files option.
500 ! traceoptions
Chapter 28: Summary of ICMP Router Discovery Configuration Statements
Required Privilege Level routing and trace—To view this statement in the configuration.
routing-control and trace-control—To add this statement to the configuration.
traceoptions ! 501
JUNOS 8.1 Routing Protocols Configuration Guide
502 ! traceoptions
Chapter 29
Neighbor Discovery Overview
Neighbor discovery is a protocol that allows different nodes on the same link to
advertise their existence to their neighbors, and to learn about the existence of
their neighbors.
The router discovery messages do not constitute a routing protocol. They enable
hosts to discover the existence of neighboring routers, but are not used to
determine which router is best to reach a particular destination.
Neighbor discovery uses the following Internet Control Message Protocol version 6
(ICMPv6) messages: router solicitation, router advertisement, neighbor solicitation,
neighbor advertisement, and redirect.
Neighbor discovery for IPv6 replaces the following IPv4 protocols: router discovery
(RDISC), Address Resolution Protocol (ARP), and ICMPv4 redirect.
This chapter discusses the following topics that provide background information
about neighbor discovery:
! RFC 2463, Internet Control Message Protocol (ICMPv6) for the Internet Protocol
Version 6 Specification
To access Internet Requests for Comments (RFCs) and drafts, go to the Internet
Engineering Task Force (IETF) Web site at http://www.ietf.org.
Router Discovery
Router advertisements can contain a list of prefixes. These prefixes are used for
address autoconfiguration, to maintain a database of onlink (on the same data link)
prefixes, and for duplication address detection. If a node is onlink, the router
forwards packets to that node. If the node is not onlink, the packets are sent to the
next router for consideration. For IPv6, each prefix in the prefix list can contain a
prefix length, a valid lifetime for the prefix, a preferred lifetime for the prefix, an
onlink flag, and an autoconfiguration flag. This information enables address
autoconfiguration and the setting of link parameters such as maximum
transmission unit (MTU) size and hop limit.
Address Resolution
For IPv6, ICMPv6 neighbor discovery replaces ARP for resolving network addresses
to link-level addresses. Neighbor discovery also handles changes in link-layer
addresses, inbound load balancing, anycast addresses, and proxy advertisements.
Neighbor solicitation and advertisement messages are used for detecting duplicate
unicast addresses on the same link. Autoconfiguration of an IP address depends on
whether there is a duplicate address on that link. Duplicate address detection is a
requirement for autoconfiguration.
Neighbor solicitation and advertisement messages are also used for neighbor
unreachability detection. Neighbor unreachability detection involves detecting the
presence of a target node on a given link.
Redirect
Redirect messages are sent to inform a host of a better next-hop router to a
particular destination or an onlink neighbor. This is similar to ICMPv4 redirect.
protocols {
router-advertisement {
interface interface-name {
current-hop-limit number;
default-lifetime seconds;
(managed-configuration | no-managed-configuration);
max-advertisement-interval seconds;
min-advertisement-interval seconds;
(other-stateful-configuration | no-other-stateful-configuration);
prefix prefix {
(autonomous | no-autonomous);
(on-link | no-on-link);
preferred-lifetime seconds;
valid-lifetime seconds;
}
reachable-time milliseconds;
retransmit-timer milliseconds;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <detail> <disable>;
}
}
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
This chapter describes the following tasks for configuring and monitoring neighbor
discovery router advertisement messages:
! 505
JUNOS 8.1 Routing Protocols Configuration Guide
protocols {
router-advertisement {
interface interface-name {
prefix prefix;
}
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
interface interface-name;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
physical<:channel>.logical
For more information about interface names, see the JUNOS Network Interfaces
Configuration Guide.
NOTE: JUNOS enters the Neighbor Discovery Protocol packets into the routing
platform cache, even if there is no known route to the source.
current-hop-limit number ;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
default-lifetime seconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
By default, the default router lifetime is three times the maximum advertisement
interval. For more information about the maximum advertisement interval, see
“Configuring the Frequency of Router Advertisements” on page 508.
managed-configuration;
no-managed-configuration;
To set the other stateful configuration field and enable autoconfiguration of other
types of information, include the other-stateful-configuration statement:
other-stateful-configuration;
no-other-stateful-configuration;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
min-advertisement-interval seconds;
max-advertisement-interval seconds;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
By default, the maximum advertisement interval is 600 seconds and the minimum
advertisement interval is one-third the maximum interval, or 200 seconds.
reachable-time milliseconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
retransmit-timer milliseconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can perform the following tasks when configuring the prefix information:
on-link;
no-on-link;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
autonomous;
no-autonomous;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
preferred-lifetime seconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
The preferred lifetime value must never exceed the valid lifetime value.
valid-lifetime seconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
The valid lifetime value must never be smaller than the preferred lifetime value.
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
NOTE: Use the traceoption flags detail and all with caution. These flags may cause
the CPU to become very busy.
The following sections explain each of the neighbor discovery router advertisement
configuration statements. The statements are organized alphabetically.
autonomous
Description Specify whether prefixes in the router advertisement messages are used for
stateless address autoconfiguration:
Default autonomous
Usage Guidelines See “Setting the Prefix for Stateless Address Autoconfiguration” on page 510.
autonomous ! 513
JUNOS 8.1 Routing Protocols Configuration Guide
current-hop-limit
Description Default value placed in the hop count field of the IP header for outgoing packets.
Options number—Hop limit. A value of 0 means the limit is unspecified by this router.
Range: 0 through 255
Default: 64
default-lifetime
Options seconds—Default lifetime, in seconds. A value of 0 means this router is not the
default router.
Range: Maximum advertisement interval value through 9000 seconds
Default: Three times the maximum advertisement interval value
Usage Guidelines See “Modifying the Default Router Lifetime” on page 507.
514 ! current-hop-limit
Chapter 31: Summary of Neighbor Discovery Router Advertisement Configuration Statements
interface
Options interface-name—Name of an interface. Specify the full interface name, including the
physical and logical address components.
interface ! 515
JUNOS 8.1 Routing Protocols Configuration Guide
managed-configuration
Description Specify whether to enable the host to use a stateful autoconfiguration protocol for
address autoconfiguration, along with any stateless autoconfiguration already
configured:
max-advertisement-interval
Usage Guidelines See “Configuring the Frequency of Router Advertisements” on page 508.
516 ! managed-configuration
Chapter 31: Summary of Neighbor Discovery Router Advertisement Configuration Statements
min-advertisement-interval
Usage Guidelines See “Configuring the Frequency of Router Advertisements” on page 508.
no-autonomous
no-managed-configuration
no-on-link
no-other-stateful-configuration
min-advertisement-interval ! 517
JUNOS 8.1 Routing Protocols Configuration Guide
on-link
other-stateful-configuration
518 ! on-link
Chapter 31: Summary of Neighbor Discovery Router Advertisement Configuration Statements
preferred-lifetime
Description Specify how long the prefix generated by stateless autoconfiguration remains
preferred.
Options seconds—Preferred lifetime, in seconds. If you set the preferred lifetime to 0xffffffff,
the lifetime is infinite. The preferred lifetime is never greater than the valid
lifetime.
Default: 604,800 seconds
prefix
preferred-lifetime ! 519
JUNOS 8.1 Routing Protocols Configuration Guide
reachable-time
Description A length of time that a node considers a neighbor reachable until another
reachability confirmation is received from that neighbor.
Usage Guidelines See “Modifying the Reachable Time Limit” on page 508.
retransmit-timer
Usage Guidelines See “Modifying the Frequency of Neighbor Solicitation Messages” on page 509.
520 ! reachable-time
Chapter 31: Summary of Neighbor Discovery Router Advertisement Configuration Statements
router-advertisement
router-advertisement ! 521
JUNOS 8.1 Routing Protocols Configuration Guide
traceoptions
Syntax traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
Default The default trace options are inherited from the global traceoptions statement.
Options disable—(Optional) Disable the tracing operation. One use of this option is to
disable a single operation when you have defined a broad group of tracing
operations, such as all.
file name—Name of the file to receive the output of the tracing operation. Enclose
the name in quotation marks. We recommend that you place router
advertisement tracing output in the file /var/log/router-advertisement-log.
files number—(Optional) Maximum number of trace files. When a trace file named
trace-file reaches its maximum size, it is renamed trace-file.0, then trace-file.1,
and so on, until the maximum number of trace files is reached. Then, the
oldest trace file is overwritten.
If you specify a maximum number of files, you must also specify a maximum
file size with the size option.
522 ! traceoptions
Chapter 31: Summary of Neighbor Discovery Router Advertisement Configuration Statements
! state—State transitions
! timer—Timer usage
flag-modifier—(Optional) Modifier for the tracing flag. You can specify one or more
of these modifiers:
traceoptions ! 523
JUNOS 8.1 Routing Protocols Configuration Guide
If you specify a maximum file size, you must also specify a maximum number
of trace files with the files option.
valid-lifetime
Description How long the prefix remains valid for onlink determination.
Options seconds—Valid lifetime, in seconds. If you set the valid lifetime to 0xffffffff, the
lifetime is infinite.
Default: 2,592,000 seconds
524 ! valid-lifetime
Part 5
BGP
BGP ! 525
JUNOS 8.1 Routing Protocols Configuration Guide
526 ! BGP
Chapter 32
BGP Overview
The Border Gateway Protocol (BGP) is an exterior gateway protocol (EGP) that is
used to exchange routing information among routers in different autonomous
systems (ASs). BGP routing information includes the complete route to each
destination. BGP uses the routing information to maintain a database of network
reachability information, which it exchanges with other BGP systems. BGP uses the
network reachability information to construct a graph of AS connectivity, thus
allowing BGP to remove routing loops and enforce policy decisions at the AS level.
BGP allows for policy-based routing. You can use routing policies to choose among
multiple paths to a destination and to control the redistribution of routing
information.
BGP uses the Transmission Control Protocol (TCP) as its transport protocol, using
port 179 for establishing connections. Running over a reliable transport protocol
eliminates the need for BGP to implement update fragmentation, retransmission,
acknowledgment, and sequencing.
The JUNOS routing protocol software supports BGP version 4. This version of BGP
adds support for classless interdomain routing (CIDR), which eliminates the
concept of network classes. Instead of assuming which bits of an address represent
the network by looking at the first octet, CIDR allows you to explicitly specify the
number of bits in the network address, thus providing a means to decrease the size
of the routing tables. BGP version 4 also supports aggregation of routes, including
the aggregation of AS paths.
This chapter discusses the following topics that provide background information
about BGP:
! 527
JUNOS 8.1 Routing Protocols Configuration Guide
BGP Standards
The JUNOS software supports BGP version 4 and several extensions to the protocol,
which are defined in the following documents:
! RFC 2385, Protection of BGP Sessions via the TCP MD5 Signature Option
! RFC 2545, Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing
To access Internet Requests for Comments (RFCs) and drafts, go to the Internet
Engineering Task Force (IETF) Web site at http://www.ietf.org.
Autonomous Systems
An autonomous system (AS) is a set of routers that are under a single technical
administration and normally use a single interior gateway protocol and a common
set of metrics to propagate routing information within the set of routers. To other
ASs, an AS appears to have a single, coherent interior routing plan and presents a
consistent picture of what destinations are reachable through it.
AS 1
EBGP
IBGP
IBGP
AS 2
EBGP
AS 3
IBGP
g017005
A BGP system shares network reachability information with adjacent BGP systems,
which are referred to as neighbors or peers.
BGP systems are arranged into groups. In an internal BGP group, all peers in the
group—called internal peers—are in the same AS. Internal peers can be anywhere
in the local AS and do not have to be directly connected to each other. Internal
groups use routes from an IGP to resolve forwarding addresses. They also
propagate external routes among all other internal routers running internal BGP,
computing the next hop by taking the BGP next hop received with the route and
resolving it using information from one of the interior gateway protocols.
BGP Routes
A BGP route consists of the following:
! Information that describes the path to the destination, including the following:
! AS path, which is a list of numbers of the ASs that a route passes through to
reach the local router. The first number in the path is that of the last AS in
the path—the AS closest to the local router. The last number in the path is
the AS farthest from the local router, which is generally the origin of the
path.
BGP stores its routes in the JUNOS software routing table. The routing table stores
the following information about BGP routes:
! Local routing information that the BGP system selects by applying local policies
to routes received in update messages
! Information that the BGP system selects to advertise to its BGP peers in the
update messages it sends
For each prefix in the routing table, the routing protocol process selects a single
best path, called the active path. The algorithm for determining the active path is
described in “How the Active Route Is Determined” on page 7.
BGP Messages
BGP systems send four types of messages:
! Open
! Update
! Keepalive
! Notification
All BGP messages have the same fixed-size header, which contains a marker field
indicating the total length of the message and a type field indicating the message
type.
Open Messages
After a TCP connection is established between two BGP systems, they exchange
BGP open messages to create a BGP connection between them. Once the
connection is established, the two systems can exchange BGP messages and data
traffic.
Open messages consist of the BGP header plus the following fields:
! Hold time—Proposed hold-time value. You configure the local hold time with
the BGP hold-time statement.
! BGP identifier—IP address of the BGP system. This address is determined when
the system starts up and is the same for every local interface and every BGP
peer. You can configure the BGP identifier with the router-id statement at the
[edit routing-options] or [edit logical-routers logical-router-name routing-options]
hierarchy levels. By default, BGP uses the IP address of the first interface it
finds in the router.
! Parameter field length and the parameter itself—These are optional fields.
Update Messages
BGP systems send update messages to exchange network reachability information.
BGP systems use this information to construct a graph that describes the
relationships among all known ASs.
Update messages consist of the BGP header plus the following optional fields:
! Unfeasible routes length—Length of the field that lists the routes being
withdrawn from service because they are no longer deemed reachable
! Withdrawn routes—IP address prefixes for the routes being withdrawn from
service
! Total path attribute length—Length of the field that lists the path attributes for a
feasible route to a destination
! Path attributes—Properties of the routes, including the path origin, the multiple
exit discriminator (MED), the originating system’s preference for the route, and
information about aggregation, communities, confederations, and route
reflection
Keepalive Messages
BGP systems exchange keepalive messages to determine whether a link or host has
failed or is no longer available. Keepalive messages are exchanged often enough so
that the hold timer does not expire. These messages consist only of the BGP
header.
Notification Messages
BGP systems send notification messages when an error condition is detected. After
the message is sent, the BGP session and the TCP connection between the BGP
systems are closed. Notification messages consist of the BGP header plus the error
code and subcode, and data that describes the error.
To configure the Border Gateway Protocol (BGP), you can include the following
statements. Three portions of the bgp statement—those in which you configure
global BGP, group-specific, and peer-specific options—contain many of the same
statements. The following simplified version of the bgp statement omits these
repeated statements to present a high-level, readable overview:
protocols {
bgp {
numerous global BGP statements
group group-name {
peer-as autonomous-system;
type type;
[network/mask-length ];
numerous group-specific statements;
neighbor address {
numerous peer-specific statements;
}
}
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
For a list of global BGP statements, see “Defining BGP Global Properties” on
page 537. For a list of group-specific statements, see “Defining Group Properties”
on page 542. For a list of peer-specific statements, see “Defining Peer Properties”
on page 544.
Many of the global BGP, group-specific, and peer-specific statements are identical.
For statements that you can configure at more than one level in the hierarchy, the
more-specific statement overrides the less-specific statement. That is, a
group-specific statement overrides a global BGP statement, and a peer-specific
statement overrides a global BGP or group-specific statement.
! 533
JUNOS 8.1 Routing Protocols Configuration Guide
! Choosing the Protocol Used to Determine the Next Hop on page 559
534 !
Chapter 33: BGP Configuration Guidelines
Configure a BGP group, specify the group type, and configure an explicit peer:
[edit]
routing-options {
autonomous-system autonomous-system;
}
protocols {
bgp {
group group-name {
peer-as autonomous-system;
type type;
neighbor address;
}
}
}
Configure a BGP group and type and allow all BGP systems to be peers:
[edit]
routing-options {
autonomous-system autonomous-system;
}
protocols {
bgp {
group group-name {
type type;
peer-as autonomous-system;
all;
}
}
}
NOTE: When you configure BGP on an interface, you must also include the family
inet statement at the [edit interfaces interface-name unit logical-unit-number]
hierarchy level. For more information about the family inet statement, see the
JUNOS Network Interfaces Configuration Guide.
Enabling BGP
To enable BGP on the router, perform the following tasks:
! Example: Defining a Large Number of Group with Static Peers on page 540
! Example: Defining a Small Number of Groups with Static Peers for Better
Scalability on page 541
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
For more information about configuring the AS number, see “Configuring the AS
Number” on page 98.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Explicitly assigning a BGP identifier is optional. If you do not assign one, the IP
address of the first interface encountered in the router is used.
router-id address;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
For more information, see “Configuring the Router Identifier” on page 98.
advertise-inactive;
advertise-peer-as;
authentication-algorithm algorithm;
authentication-key key;
authentication-key-chain key-chain;
cluster cluster-identifier;
damping;
description text-description;
disable;
family {
(iso-vpn | inet | inet6 | inet-vpn | inet6-vpn | l2-vpn) {
(any | multicast | unicast) {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
rib-group group-name;
}
labeled-unicast {
aggregate-label {
community community-name:
}
explicit-null {
connected-only;
}
prefix-limit {
maximum number ;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
resolve-vpn;
rib inet.3;
rib-group group-name;
}
}
route-target {
advertise-default;
external-paths number;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
}
signaling {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
}
}
export [ policy-names ];
graceful-restart {
disable;
restart-time seconds;
stale-routes-time seconds;
}
hold-time seconds;
import [ policy-names ];
include-mp-next-hop;
ipsec-sa ipsec-sa;
keep (all | none);
local-address address;
local-as autonomous-system <private>;
local-preference local-preference;
log-updown;
metric-out (metric | minimum-igp <offset> | igp <offset>);
multihop <ttl-value>;
no-advertise-peer-as;
no-aggregator-id;
no-client-reflect;
out-delay seconds;
passive;
path-selection {
(always-compare-med | cisco-non-deterministic | external-router-id);
med-plus-igp {
igp-multiplier number;
med-multiplier number;
}
}
peer-as autonomous-system;
preference preference;
remove-private;
tcp-mss segment-size;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
vpn-apply-export;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
You arrange BGP routers into groups of peers. Different peer groups must have
different group types, AS numbers, or router reflector cluster identifiers.
group group-name {
peer-as autonomous-system;
type type;
neighbor address; # One “neighbor” statement for each peer
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
As the number of external BGP (EBGP) groups increases, the ability to support a
large number of BGP sessions may become a scaling issue. The preferred way to
configure a large number of BGP neighbors is to configure a few groups consisting
of multiple neighbors per group. Supporting fewer EBGP groups generally scales
better than supporting a large number of EBGP groups. This becomes more evident
in the case of hundreds of EBGP groups when compared with a few EBGP groups
with multiple peers in each group. The following examples illustrate this point.
[edit]
routing-options {
autonomous-system 23;
}
protocols {
bgp {
group G1 {
type external;
peer-as 56;
neighbor 10.0.0.1;
}
group G2 {
type external;
peer-as 57;
neighbor 10.0.10.1;
}
group G3 {
type external;
peer-as 58;
neighbor 10.0.20.1;
}
}
}
Example: Defining a Small Number of Groups with Static Peers for Better
Scalability
For improved scalability, configure only one EBGP group consisting of the three
BGP neighbors:
[edit]
routing-options {
autonomous-system 23;
}
protocols {
bgp {
group G {
type external;
neighbor 10.0.0.1 {
peer-as 56;
}
neighbor 10.0.10.1 {
peer-as 57;
}
neighbor 10.0.20.1 {
peer-as 58;
}
}
}
}
group group-name {
peer-as autonomous-system;
type type;
(allow [ network/mask-length... ] | all);
}
NOTE: You cannot define a BGP group with dynamic peers with authentication
enabled.
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
To configure an IBGP group, which allows intra-AS BGP routing, include the
following form of the type statement:
type internal;
To configure an EBGP group, which allows inter-AS BGP routing, include the
following form of the type statement:
type external;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
peer-as autonomous-system;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
For EBGP, the peer is in another AS, so the AS number you specify in the peer-as
statement must be different from the local router’s AS number, which you specify
in the autonomous-system statement. For IBGP, the peer is in the same AS, so the
two AS numbers that you specify in the autonomous-system and peer-as statements
must be the same.
advertise-inactive;
advertise-peer-as;
[ network/mask-length ];
as-override;
authentication-algorithm algorithm;
authentication-key key;
authentication-key-chain key-chain;
cluster cluster-identifier ;
damping;
description text-description;
export [ policy-names ];
family {
(inet | inet6 | inet-vpn | inet6-vpn | l2-vpn) {
(any | multicast | unicast) {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | time-in-minutes)>;
}
rib-group group-name;
}
flow {
no-validate policy-name;
}
labeled-unicast {
explicit-null {
connected-only;
}
prefix-limit {
maximum number ;
teardown <percentage> <idle-timeout (forever | time-in-minutes)>;
}
resolve-vpn;
rib inet.3;
rib-group group-name;
}
}
route-target {
advertise-default;
external-paths number;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | time-in-minutes)>;
}
}
signaling {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
}
}
graceful-restart {
disable;
restart-time seconds;
stale-routes-time seconds;
}
hold-time seconds;
import [ policy-names ];
ipsec-sa ipsec-sa;
keep (all | none);
local-address address;
local-as autonomous-system <private>;
local-preference local-preference;
log-updown;
metric-out (metric | minimum-igp <offset> | igp <offset>);
mtu-discovery;
multihop <ttl-value>;
multipath {
multiple-as;
}
neighbor address {
peer-specific options;
}
no-advertise-peer-as;
no-aggregator-id;
no-client-reflect;
out-delay seconds;
passive;
peer-as autonomous-system;
preference preference;
protocol protocol;
remove-private;
tcp-mss segment-size;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
type type;
vpn-apply-export;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
advertise-inactive;
advertise-peer-as;
as-override;
authentication-algorithm algorithm;
authentication-key key;
authentication-key-chain key-chain;
cluster cluster-identifier ;
damping;
description text-description;
export [ policy-names ];
family {
(iso-vpn | inet | inet6 | inet-vpn | inet6-vpn | l2-vpn) {
(any | multicast | unicast) {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | time-in-minutes)>;
}
rib-group group-name;
}
flow {
no-validate policy-name;
}
labeled-unicast {
explicit-null {
connected-only;
}
prefix-limit {
maximum number ;
teardown <percentage> <idle-timeout (forever | time-in-minutes)>;
}
resolve-vpn;
rib inet.3;
rib-group group-name;
}
}
route-target {
advertise-default;
external-paths number;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | time-in-minutes)>;
}
}
signaling {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
}
}
graceful-restart {
disable;
restart-time seconds;
stale-routes-time seconds;
}
hold-time seconds;
import [ policy-names ];
ipsec-sa ipsec-sa;
keep (all | none);
local-address address;
local-as autonomous-system <private>;
local-interface interface-name;
local-preference preference;
log-updown;
metric-out (metric | minimum-igp <offset> | igp <offset>);
mtu-discovery
multihop <ttl-value>;
multipath {
multiple-as;
}
no-advertise-peer-as;
no-aggregator-id;
no-client-reflect;
out-delay seconds;
passive;
peer-as autonomous-system;
preference preference;
tcp-mss segment-size;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
vpn-apply-export;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
[edit]
routing-options {
autonomous-system 23;
}
protocols {
bgp {
group 23 {
type external;
peer-as 56;
0.0.0.0/0;
}
}
}
Enable BGP and define an IBGP group that recognizes only the specified addresses
as BGP peers.
[edit]
routing-options {
autonomous-system 23;
router-id 10.0.0.1;
}
protocols {
bgp {
group 23 {
type internal;
peer-as 23;
neighbor 10.0.0.2;
neighbor 10.0.0.3;
}
}
}
AS 5 AS 32
Confederation Confederation member AS 65502
member
A B AS 65500
E F
C D
G
AS 37
g017006
On Router A:
[edit]
routing-options {
autonomous-system 5;
}
protocols {
bgp {
group AtoB {
type external;
peer-as 32;
neighbor 10.0.0.2;
}
}
}
On Router B:
[edit]
routing-options {
autonomous-system 65500;
confederation 32 members [65500 65501 65502];
}
protocols {
bgp {
group BtoA {
type external;
peer-as 5;
neighbor 10.0.0.1;
}
group BtoD {
type external;
peer-as 65501;
neighbor 10.0.10.2;
}
}
}
On Router C:
[edit]
routing-options {
autonomous-system 65501;
confederation 32 members [65500 65501 65502];
}
protocols {
bgp {
group CtoD {
type internal;
neighbor 10.0.10.3;
}
}
}
On Router D:
[edit]
routing-options {
autonomous-system 65501;
confederation 32 members [65500 65501 65502];
}
protocols {
bgp {
group DtoC {
type internal;
neighbor 10.0.10.1;
}
group DtoB {
type external;
peer-as 65500;
neighbor 10.0.10.1;
}
group DtoE {
type external;
peer-as 65502;
neighbor 10.0.30.1;
}
}
}
On Router E:
[edit]
routing-options {
autonomous-system 65502;
confederation 32 members [65500 65501 65502];
}
protocols {
bgp {
group EtoD {
type external;
peer-as 65501;
neighbor 10.0.10.4;
}
group EtoFandG {
type internal;
neighbor 10.0.30.2;
neighbor 10.0.30.5;
}
}
}
On Router F:
[edit]
routing-options {
autonomous-system 65502;
confederation 32 members [65500 65501 65502];
}
protocols {
bgp {
group FtoEandG {
type internal;
neighbor 10.0.30.3;
neighbor 10.0.30.7;
}
}
}
On Router G:
[edit]
routing-options {
autonomous-system 65502;
confederation 32 members [65500 65501 65502];
}
protocols {
bgp {
group GtoH {
type external;
peer-as 37;
neighbor 10.0.40.1;
}
group GtoEandF {
type internal;
neighbor 10.0.30.4;
neighbor 10.0.30.5;
}
}
}
On Router H:
[edit]
routing-options {
autonomous-system 37;
}
protocols {
bgp {
group HtoG {
type external;
peer-as 32;
neighbor 10.0.30.8;
}
}
}
To modify the hold-time value on the local BGP system, include the hold-time
statement:
hold-time seconds;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
The hold time is three times the interval at which keepalive messages are sent.
mtu-discovery;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
graceful-restart {
restart-time;
stale-routes-time;
}
For a list of hierarchy levels at which you can configure this statements see the
statement summary section for this statement.
NOTE: Configuring graceful restart for BGP resets the BGP peer routing statistics to
zero.
To disable graceful restart for BGP, specify the disable statement. To configure a
time period to complete restart, specify the restart-time statement. To configure a
time period over which to keep stale routes during a restart, specify the
stale-routes-time statement.
Configure the labeled-unicast statement with the explicit-null option. As with regular
BGP configuration, the family statement can be specified.
family inet {
labeled-unicast {
aggregate-label {
community community-name:
}
explicit-null {
connected-only;
}
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
NOTE: Explicit null labels are supported for the IPv4 (inet) family only.
For a set of labels to share a single forwarding label, they must belong to the same
forwarding equivalence class (FEC). The labeled packets must have the same
destination egress interface.
aggregate-label {
community community-name;
}
For a list of hierarchy levels at which you can include the aggregate-label statement,
see the statement summary for this statement.
Configuring Authentication
All BGP protocol exchanges can be authenticated to guarantee that only trusted
routers participate in the AS’s routing. By default, authentication is disabled on the
router. You can configure MD5 authentication on the router. The MD5 algorithm
creates an encoded checksum that is included in the transmitted packet. The
receiving router uses an authentication key (password) to verify the packet’s MD5
checksum.
authentication-key key;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
If you configure authentication for all peers, each individual peer in that group
inherits the group’s authentication.
The key (password) can be up to 126 characters long. Characters can include any
ASCII strings. If you include spaces, enclose all characters in quotation marks
(double quotes).
You can update MD5 authentication keys without resetting any BGP peering
sessions. This is referred to as hitless authentication key rollover. Hitless
authentication key rollover uses authentication key chains, which consist of the
authentication keys that are being updated.
Hitless authentication key rollover also allows users to choose the algorithm
through which authentication is established. The user associates a key chain and an
authentication algorithm with a BGP neighboring session. The key chain includes
multiple keys. Each key contains an identifier and a secret. The key is also
configured with a unique start time and an end time.
The sending peer chooses the active key based on the system time. The receiving
peer determines the key with which it authenticates based upon the incoming key
identifier.
To configure the authentication key, include the key-chain statement at the [edit
security authentication-key-chains] hierarchy level, and specify the key option to
create a key chain consisting of several authentication keys.
[edit security]
authentication-key-chains {
key-chain key-chain-name {
key key {
secret secret-data;
start-time yyyy-mm-dd.hh:mm:ss;
}
}
}
Each key within a key chain must be identified by a unique integer value configured
in the key statement. The range of valid identifier values is from 0 through 63. Each
key must specify a secret. This secret can be entered in either encrypted or plain
text format in the secret statement. It is always displayed in encrypted format.
Each key must specify a start time with the start-time statement. Start times are
specified in the local time zone for a router and must be unique within the
key chain.
For more information on configuring authentication key chains, see the JUNOS
System Basics Configuration Guide.
authentication-key-chain key-chain;
To specify the authentication algorithm type to use for key chains, include the
authentication-algorithm statement:
authentication-algorithm algorithm;
NOTE: BGP authentication is not supported with promiscuous mode BGP sessions.
If you include the allow statement, you cannot include authentication-key or
authentication-key-chain at the same hierarchy level or any higher hierarchy level.
When configuring authentication for all peers in a group, you cannot include the
allow statement in the configuration because BGP keys require a destination
address.
For a list of hierarchy levels at which you can include the previous statements, see
the statement summary for those statements.
ipsec-sa ipsec-sa;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement. The security association is identified
by the SA name.
In transport mode, the JUNOS software does not support authentication header
(AH) or encapsulating security payload (ESP) header bundles.
A more specific security association overrides a less general SA. For example, if a
specific SA is applied to a specific peer, that SA overrides the SA applied to the
whole peer group.
For more detailed information about configuring IPSec security associations, see
the JUNOS System Basics Configuration Guide.
To configure the router so that it does not send Open requests to a peer, include the
passive statement:
passive;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
local-address address;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
If a MED is received over an external BGP link, it is propagated over internal links to
other BGP systems within the AS.
BGP update messages include a MED metric if the route was learned from BGP and
already had a MED metric associated with it, or if you configure the MED metric in
the configuration file in one of the following ways:
A MED metric is advertised with a route according to the following general rules:
! A more specific metric overrides a less specific metric. That is, a group-specific
metric overrides a global BGP metric and a peer-specific metric overrides a
global BGP or group-specific metric.
! A metric defined with routing policy overrides a metric defined with the
metric-out statement.
! If the received route did not have an associated MED metric, and if you did not
explicitly configure a metric, no metric is advertised.
For a description of the algorithm used to determine the active path, see “How the
Active Route Is Determined” on page 7.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
metric is the primary metric on all routes sent to peers. It can be a value in the
range from 0 through 232 – 1.
Specify minimum-igp to set the metric to the minimum metric value calculated in the
IGP to get to the BGP next hop. If a newly calculated metric is greater than the
minimum metric value, the metric value remains unchanged. If a newly calculated
metric is lower, the metric value is lowered to that value.
Specify igp to set the metric to the most recent metric value calculated in the IGP to
get to the BGP next hop.
Specify a value for <offset> to increase or decrease the metric that is used from the
metric value calculated in the IGP. The metric value is offset by the value specified.
The metric calculated in the IGP (by specifying either igp or igp-minimum) is
increased if the <offset> value is positive. The metric calculated in the IGP (by
specifying either igp or igp-minimum) is decreased if the <offset> value is negative.
offset can be a value in the range from –231 through 231 – 1. Note that the adjusted
metric can never go below 0 or above 232 – 1.
When defining the routing policy filter, include an action that specifies the desired
metric value:
policy-statement policy-name {
term term-name {
from {
match-conditions;
route-filter destination-prefix match-type <actions>;
prefix-list name;
}
to {
match-conditions;
}
then actions;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
For information about defining routing policy, see the JUNOS Policy Framework
Configuration Guide. For information about applying filters in BGP, see “Configuring
BGP Routing Policy” on page 586.
[edit]
routing-options {
router-id 10.0.0.1;
autonomous-system 23;
}
protocols {
bgp {
metric-out 20;
group 23 {
type external;
peer-as 56;
neighbor 192.168.0.1 {
traceoptions {
file bgp-log-peer;
flag packets;
}
log-updown;
metric-out 10;
}
}
}
}
Set the MED metric to 20 for all routes from a particular community:
[edit]
routing-options {
router-id 10.0.0.1;
autonomous-system 23;
}
policy-options {
policy-statement from-otago {
from community otago;
then metric 20;
}
community otago members [56:2379 23:46944];
}
protocols {
bgp {
import from-otago;
group 23 {
type external;
peer-as 56;
neighbor 192.168.0.1 {
traceoptions {
file bgp-log-peer;
flag packets;
}
log-updown;
}
}
}
}
BGP adds the aggregator path attribute to BGP update messages. This attribute
contains the local system’s AS number and IP address (router ID).
no-aggregator-id;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
protocol protocol;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
multihop {
<ttl-value>;
no-nexthop-change;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To configure the maximum time-to-live (TTL) value for the TTL in the IP header of
BGP packets, specify ttl-value. If you do not specify a TTL value, the system’s default
maximum TTL value is used. To specify not to change the TTL value for
next-hop-to-self route advertisements, specify the no-nexthop-change option.
The LOCAL_PREF path attribute is always advertised to internal BGP peers and to
neighboring confederations. It is never advertised to external BGP peers. The
default behavior is to not modify the LOCAL_PREF path attribute if it is present.
By default, if a received route contains a LOCAL_PREF path attribute value, the value
is not modified. If a BGP route is received without a LOCAL_PREF attribute, the route
is handled locally (that is, it is stored in the routing table and advertised by BGP) as
if it were received with a LOCAL_PREF value of 100. A non-BGP route that is
advertised by BGP is advertised with a LOCAL_PREF value of 100 by default.
To change the local preference metric advertised in the path attribute, include the
local-preference statement, specifying a value from 0 through 4,294,967,295 (232
–1):
local-preference local-preference;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To modify the default BGP preference value, include the preference statement,
specifying a value from 0 through 4,294,967,295 (232 – 1):
preference preference;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
[edit]
routing-options {
autonomous-system 23;
}
protocols {
bgp {
group 23 {
type external;
peer-as 56;
neighbor 192.168.1.1 {
preference 160;
}
}
}
}
Assign a preference of 140 to all routes learned by BGP systems. Because the
default OSPF preference is 150, BGP routes will be preferred over those learned
from OSPF.
[edit]
routing-options {
autonomous-system 23;
}
protocols {
bgp {
preference 140;
group 23 {
type external;
peer-as 56;
neighbor 192.168.1.1;
}
}
}
path-selection {
(cisco-non-deterministic | always-compare-med | external-router-id);
med-plus-igp {
igp-multiplier number;
med-multiplier number;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Routing table path selection can be configured in one of the following ways:
! Using the same nondeterministic behavior as does the Cisco IOS software
(cisco-non-deterministic). This behavior has two effects:
! The active path is always first. All nonactive, but eligible, paths follow the
active path and are maintained in the order in which they were received,
with the most recent path first. Ineligible paths remain at the end of the
list.
! When a new path is added to the routing table, path comparisons are
made without removing from consideration those paths that should never
be selected because those paths lose the MED tie-breaking rule.
These two effects cause the system to only sometimes compare the MEDs
between paths that it should otherwise compare. Because of this, we
recommend that you not configure nondeterministic behavior.
! Always comparing MEDs whether or not the peer ASs of the compared routes
are the same (always-compare-med).
! Comparing the router ID between external BGP paths to determine the active
path (external-router-id). By default, router ID comparison is not performed if
one of the external paths is active.
! Adding the IGP cost to the next-hop destination to the MED before comparing
MED values for path selection.
For a description of the algorithm used to determine the active path, see “How the
Active Route Is Determined” on page 7.
[edit]
protocols {
bgp {
path-selection always-compare-med;
group ref {
type external;
import math;
peer-as 10458;
neighbor 208.197.169.14;
}
group ref {
type external;
peer-as 10;
neighbor 208.197.169.15;
}
}
}
policy-options {
policy-statement math {
then {
metric add 4;
}
}
}
multipath {
multiple-as;
}
To disable the default check requiring that paths accepted by BGP multipath must
have the same neighboring AS, include the multiple-as option.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Configuring a Local AS
You can configure BGP with a different local AS number for each EBGP session,
which allows BGP to configure a local AS for each EBGP session. Configuring a local
AS simulates a virtual AS for the router. The AS paths for the routes from that EBGP
peer have the configured local-as prepended before the peer AS for that session.
This is useful if ISP A has acquired another ISP B, but does not want to change the
configurations of ISP B’s customer routers. ISP B’s AS is the AS that is configured as
the local AS.
NOTE: If the local AS for the EBGP/IBGP peer is the same as the current AS, do not
use the local-as statement to specify the local AS number.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
If you include the private keyword, the local AS is not prepended before the
peer AS. This means that the AS paths do not show details of such a configuration,
and ISP A’s EBGP peers and IBGP peers do not see any difference from before the
local AS configuration.
Use the local-as statement when ISPs merge and want to preserve a customer’s
configuration, particularly the AS the customer is configured to peer with. Use the
local-as statement to simulate the AS number already in place in customer routers,
even if the ISP’s router is in a different AS now.
AS 65500 AS 64513
192.168.1
1 2 4
IBGP EBGP
.1 .2
AS 65001
192.168.10 10.0.0.0/8
EBGP
.2
3 g017007
AS 64512
Router 2 adds AS 65001 when announcing Router 1’s routes to Router 3. Router 3
sees an AS path of 65001 65500 64512 for the prefix 10/8. To prevent Router 2
from adding the virtual AS number in its announcements to other peers, use the
local-as autonomous-system private statement. The local-as autonomous-system
private statement configures Router 2 to not include the virtual AS number
configured in local-as when announcing Router 1’s routes to Router 3. In this case,
Router 3 sees an AS path of 65500 64512 for the prefix 10/8.
On Router 1:
routing-options {
autonomous-system 65500;
}
protocols {
bgp {
group internal-AS65500 {
type internal;
local-address 10.1.1.1;
neighbor 10.1.1.2;
}
}
}
On Router 2:
routing-options {
autonomous-system 65500;
}
protocols {
bgp {
group internal-AS65500 {
type internal;
local-address 10.1.1.2;
neighbor 10.1.1.1;
}
group external-AS64513 {
type external;
peer-as 64513;
neighbor 192.168.1.2;
}
group external-AS64512 {
type external;
peer-as 64512;
neighbor 192.168.10.2;
}
}
}
On Router 3:
routing-options {
autonomous-system 64512;
}
protocols {
bgp {
group external-AS65001 {
type external;
peer-as 65001;
neighbor 192.168.10.1;
}
}
}
On Router 4:
routing-options {
autonomous-system 64513;
}
protocols {
bgp {
group external-65500 {
peer-as 65500;
neighbor 192.168.1.1;
}
}
}
! A remote AS for which you provide connectivity is multihomed, but only to the
local AS.
To have the local system strip private AS numbers from the AS path, include the
remove-private statement:
remove-private;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
The AS numbers are stripped from the AS path starting at the left end of the AS
path (the end where AS paths have been most recently added). This operation takes
place after any confederation member ASs have already been removed from the AS
path, if applicable.
In route reflection, BGP systems are arranged in clusters. Each cluster consists of at
least one system that acts as a route reflector, along with any number of client peers.
BGP peers outside the cluster are called nonclient peers. The route reflector reflects
(redistributes) routing information to each client peer (intracluster reflection) and to
all nonclient peers (intercluster reflection). Because the route reflector redistributes
routes within the cluster, the BGP systems within the cluster do not have to be fully
meshed.
When the route reflector receives a route, it selects the best path. Then, if the route
came from a nonclient peer, the route reflector sends the route to all client peers
within the cluster. If the route came from a client peer, the route reflector sends it
to all nonclient peers and to all client peers except the originator. In this process,
none of the client peers send routes to other client peers.
To configure route reflection, you specify a cluster identifier only on the BGP
systems that are to be the route reflectors. These systems then determine, from the
network reachability information they receive, which BGP systems are part of its
cluster and are client peers, and which BGP systems are outside the cluster and are
nonclient peers.
! Configure a cluster identifier (using the cluster statement) for groups that are
members of the cluster.
group group-name {
type internal;
peer-as autonomous-system;
neighbor address1;
neighbor address2;
}
group group-name {
type internal;
peer-as autonomous-system;
cluster cluster-identifier ;
neighbor address3;
neighbor address4;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
group group-name {
type internal;
peer-as autonomous-system;
cluster cluster-identifier ;
no-client-reflect;
neighbor address3;
neighbor address4;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement
NOTE: BGP route reflection is not supported for VPN routing and forwarding (VRF)
routing instances.
! Router 1—10.1.2.3
! Router 2—10.1.2.4
! Router 3—10.1.2.5
You must configure all routers to run a common IGP or to have static configuration,
so that they learn each other’s loopback addresses.
IBGP
16.0.0.0/8
2
10.1.2.4
g017008
Client
Configure Router 1 to be a route reflector for Router 2 and a regular IBGP neighbor
for Router 3:
[edit]
routing-options {
autonomous-system 65534;
}
protocols {
bgp {
group 13 {
type internal;
local-address 10.1.2.3;
neighbor 10.1.2.5;
}
group 12 {
type internal;
local-address 10.1.2.3;
cluster 1.2.3.4;
neighbor 10.1.2.4;
}
}
}
[edit]
routing-options {
static {
route 16.0.0.0/8 nexthop 172.16.1.2;
}
autonomous-system 65534;
}
protocols {
bgp {
group 21 {
type internal;
local-address 10.1.2.4;
export dist-static;
neighbor 10.1.2.3;
}
}
}
policy-options {
policy-statement dist-static {
from protocol static;
then accept;
}
}
[edit]
routing-options {
static {
route 15.0.0.0/8 nexthop 172.16.1.2;
}
autonomous-system 65534;
}
protocols {
bgp {
group 31 {
type internal;
local-address 10.1.2.5;
export dist-static;
neighbor 10.1.2.3;
}
}
}
policy-options {
policy-statement dist-static {
from protocol static;
then accept;
}
}
The following is the output of the show route detail command for route 16.0.0.0/8
on Router 1 and Router 3. Note that router 1 learns 16.0.0.0/8 from its client,
Router 2, and reflects it to Router 3. On Router 3, the output of the show route
commands include the cluster list and originator ID attributes, which are added by
Router 1 when the route is reflected.
Router 1:
user@router1> show route 16.0.0.0/8 detail
Router 3:
user@router3> show route 16.0.0.0/8 detail
The following is the output of the show route detail command for route 15.0.0.0/8
on router 1 and router 2. Similar to when routes are reflected from client peers to
nonclient peers, router 1 reflects a route it learns from a regular IBGP neighbor to
its client. Cluster list and Originator ID attributes are added during the reflection
process.
Router 1:
user@router1> show route 15.0.0.0/8 detail
Router 2:
user@router2> show route 15.0.0.0/8 detail
By default, route flap damping is disabled. To enable it, include the damping
statement:
damping;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
! Reuse threshold—750
! Cutoff threshold—3000
To change these default parameters, you must define the flap damping parameters
with the damping statement at the [edit policy-options] hierarchy level and then apply
them using an import statement when configuring BGP. For more information about
flap damping and defining flap damping parameters, see the JUNOS Policy
Framework Configuration Guide. For more information about applying policy filters
in BGP, see “Configuring BGP Routing Policy” on page 586.
To enable MBGP, you configure BGP to carry network layer reachability information
(NLRI) for address families other than unicast IPv4 by including the family inet
statement:
family inet {
(any | labeled-unicast | multicast | unicast) {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | time-in-minutes)>;
}
rib-group group-name;
}
}
To enable MBGP to carry NLRI for the IPv6 address family, include the family inet6
statement:
family inet6 {
(any | labeled-unicast | multicast | unicast) {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
rib-group group-name;
}
}
To enable MBGP to carry Layer 3 VPN NLRI for the IPv4 address family, include the
family inet-vpn statement:
family inet-vpn {
(any | multicast | unicast) {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
rib-group group-name;
}
}
To enable MBGP to carry Layer 3 VPN NLRI for the IPv6 address family, include the
family inet6-vpn statement:
family inet6-vpn {
(any | multicast | unicast) {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
rib-group group-name;
}
}
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
NOTE: If you change the address family specified in the [edit bgp family inet]
hierarchy level, the BGP sessions are dropped and then reestablished.
By default, BGP peers carry only unicast routes used for unicast forwarding
purposes. To configure BGP peers to carry only multicast routes, specify the
multicast option. To configure BGP peers to carry both unicast and multicast routes,
specify the any option.
When MBGP is configured, BGP installs the MBGP routes into different routing
tables. Each routing table is identified by the protocol family or address family
indicator (AFI) and a subaddress family indicator (SAFI).
The JUNOS software supports all unicast and multicast SAFIs (1 and 2) for both AFI
1 (IPv4) and AFI 2 (IPv6). The following table shows all possible AFI/SAFI
combinations and routing tables populated with this information:
SAFI 1 SAFI 2
AFI 1 (IPv4) inet.0 inet.2
AFI 2 (IPv6) inet6.0 inet6.2
If peers are not MBGP, you cannot export routes from inet.2 to them, only routes in
the inet.0 routing table. Routes in inet.2 can be sent only to MBGP peers, since they
are sent with subaddress family information that identifies them as routes to
multicast sources. The inet.2 table should be a subset of the routes that you have in
inet.0, since it is unlikely that you would have a route to a multicast source to which
you could not send unicast traffic.
The inet.2 routing table is used to keep the unicast routes that are used for multicast
reverse-path-forwarding checks. You automatically get an inet.2 routing table when
you configure MBGP (by setting NLRI to any). The additional reachability
information learned by MBGP from the NLRI multicast updates are placed in inet.2.
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
When you set the maximum number of prefixes, a message is logged when that
number is reached.
If you include the teardown statement, the session is torn down when the maximum
number of prefixes is reached. If you specify a percentage, messages are logged
when the number of prefixes reaches that percentage. Once the session is torn
down, it is reestablished in a short time (unless you include the idle-timeout
statement). Then the session can be kept down for a specified amount of time, or
forever. If you specify forever, the session is reestablished only after the you use a
clear bgp neighbor command.
rib-group group-name;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To resolve routes into the inet.3 routing table, include the resolve-vpn statement:
resolve-vpn group-name;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To allow both labeled and unlabeled routes to be exchanged, include the rib inet.3
statement:
rib inet.3;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
flow;
NOTE: Unicast flow routes are supported for the default instance, VRF instances,
and virtual-router instances only. Instance type is configured with the
instance-type statement at the [edit routing-instance instance-name] hierarchy level.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Flow routes received using the BGP NLRI messages are validated before they are
installed into the flow routing table instance-name.inetflow.0. The validation
procedure is described in the Internet draft Dissemination of Flow Specification
Rules, draft-marques-idr-flow-spec-02.txt. You can bypass the validation process
and use your own specific import policy.
To disable the validation procedure and use an import policy instead, include the
no-validate statement at the [edit protocols bgp group group-name family inet flow]
hierarchy level:
no-validate policy-name;
Flow routes can also be propagated throughout a VPN network and shared among
VPNs, providing filter and rate-limiting capabilities.
To enable MBGP to carry flow-specific NLRI for the inet-vpn address family, include
the flow statement at the [edit protocols bgp group group-name family inet-vpn]
hierarchy level:
flow;
NOTE: VPN flow routes are supported for the default instance only. Instance type
is configured with the instance-type statement at the [edit routing-instance
instance-name] hierarchy level.
Flow routes configured for VPNs with family inet-vpn are not automatically
validated, so the no-validate statement is not supported at the [edit protocols bgp
group group-name family inet-vpn] hierarchy level.
For more information on flow routes, see “Configuring a Flow Route” on page 92
and the Internet draft Dissemination of Flow Specification Rules,
draft-marques-idr-flow-spec-02.txt.
A single routing domain consisting of ISO NSAP devices are considered to be CLNS
islands. CLNS islands are connected together by VPNs.
You can configure BGP to exchange ISO CLNS routes between PE routers
connecting various CLNS islands in a VPN using multiprotocol BGP extensions.
These extensions are the ISO VPN NLRIs.
To enable MBGP to carry CLNS VPN NLRIs, include the iso-vpn statement:
iso-vpn {
unicast {
prefix-limit number;
rib-group group-name;
}
}
To limit the number of prefixes from a peer, include the prefix-limit statement. To
specify a routing table group, include the rib-group statement.
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Each CLNS network island is treated as a separate VRF instance on the PE router.
You can configure CLNS on the global level, group level, and neighbor level.
On Router 1:
[edit protocols bgp]
protocols {
bgp {
local-address 10.255.245.195;
group pe-pe {
type internal;
neighbor 10.255.245.194 {
family iso-vpn {
unicast;
}
}
}
}
}
[edit routing-instances]
routing-instances {
aaaa {
instance-type vrf;
interface fe-0/0/0.0;
interface so-1/1/0.0;
interface lo0.1;
route-distinguisher 10.255.245.194:1;
vrf-target target:11111:1;
protocols {
isis {
export dist-bgp;
no-ipv4-routing;
no-ipv6-routing;
clns-routing;
interface all;
}
}
}
}
On Router 2:
[edit protocols bgp]
protocols {
bgp {
group pe-pe {
type internal;
local-address 10.255.245.198;
family route-target;
neighbor 10.255.245.194 {
family iso-vpn {
unicast;
}
}
}
}
}
[edit routing-instances]
routing-instances {
aaaa {
instance-type vrf;
interface lo0.1;
interface so-0/1/2.0;
interface so-0/1/3.0;
route-distinguisher 10.255.245.194:1;
vrf-target target:11111:1;
routing-options {
rib aaaa.iso.0 {
static {
iso-route 47.0005.80ff.f800.0000.bbbb.1022/104 next-hop
47.0005.80ff.f800.0000.aaaa.1000.1921.6800.4196.00;
}
}
}
protocols {
isis {
export dist-bgp;
no-ipv4-routing;
no-ipv6-routing;
clns-routing;
interface all;
}
}
}
}
On Route Reflector:
[edit protocols bgp]
protocols {
bgp {
group pe-pe {
type internal;
local-address 10.255.245.194;
family route-target;
neighbor 10.255.245.195 {
cluster 0.0.0.1;
}
neighbor 10.255.245.198 {
cluster 0.0.0.1;
}
}
}
}
On PE Router 1:
[edit protocols bgp]
protocols {
mpls {
interface all;
}
bgp {
group asbr {
type external;
local-address 10.245.245.3;
neighbor 10.245.245.1 {
multihop;
family iso-vpn {
unicast;
}
peer-as 200;
}
}
}
}
[edit routing-instances]
routing-instances {
aaaa {
instance-type vrf;
interface lo0.1;
interface t1-3/0/0.0;
interface fe-5/0/1.0;
route-distinguisher 10.245.245.1:1;
vrf-target target:11111:1;
protocols {
isis {
export dist-bgp;
no-ipv4-routing;
no-ipv6-routing;
clns-routing;
interface all;
}
}
}
}
On PE Router 2:
[edit protocols bgp]
protocols {
bgp {
group asbr {
type external;
multihop;
local-address 10.245.245.1;
family iso-vpn {
unicast;
}
neighbor 10.245.245.2 {
peer-as 300;
}
neighbor 10.245.245.3 {
peer-as 100;
}
}
}
}
[edit routing-instances]
routing-instances {
aaaa {
instance-type vrf;
interface lo0.1;
route-distinguisher 10.245.245.1:1;
vrf-target target:11111:1;
}
}
On PE Router 3:
[edit protocols bgp]
protocols {
bgp {
group asbr {
type external;
multihop;
local-address 10.245.245.2;
neighbor 10.245.245.1 {
family iso-vpn {
unicast;
}
peer-as 200;
}
}
}
}
[edit routing-instances]
routing-instances {
aaaa {
instance-type vrf;
interface lo0.1;
interface fe-0/0/1.0;
interface t1-3/0/0.0;
route-distinguisher 10.245.245.1:1;
vrf-target target:11111:1;
protocols {
isis {
export dist-bgp;
no-ipv6-routing;
clns-routing;
interface all;
}
}
}
}
In a VPN provider network, a BGP speaker advertises all VPN routes to the peers in
the same VPN. Peers that are configured either as a route reflector or border router
for a VPN must store all routes within the network. While PE routers automatically
discard routes that do not affect them, these route updates must still be generated
and received.
Enabling route target filtering allows you to limit these route updates.
route-target {
advertise-default;
external-paths number;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | time-in-minutes)>;
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
If you include the advertise-default statement, the router advertises the default
route-target route (0:0:0/0) and suppresses any specific route-target routes. This is
useful for a route reflector in a BGP group consisting of neighbor PE routers only. If
you include the external-paths statement, the router limits the number of external
paths accepted for route filtering. The range is from 1 through 16. The default is 1.
If you include the teardown statement, the session is torn down when the
maximum number of prefixes is reached. If you specify a percentage, messages are
logged when the number of prefixes reaches that percentage. Once the session is
torn down, it is reestablished in a short time. Include the idle-timeout statement to
keep the session down for a specified amount of time, or forever. If you specify
forever, the session is reestablished only after you use the clear bgp neighbor
command.
For more information about VPNs, see the JUNOS VPNs Configuration Guide.
family {
l2vpn {
signaling {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
}
}
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
When you set the maximum number of prefixes, a message is logged when that
number is reached. If you include the teardown statement, the session is torn down
when the maximum number of prefixes is reached. If you specify a percentage,
messages are logged when the number of prefixes reaches that percentage. Once
the session is torn down, it is reestablished in a short time. Include the idle-timeout
statement to keep the session down for a specified amount of time, or forever. If
you specify forever, the session is reestablished only after you use the clear bgp
neighbor command.
For more information about VPNs, see the JUNOS VPNs Configuration Guide. For a
detailed VPLS example configuration, see the JUNOS Feature Guide.
When configuring BGP routing policy, you can perform the following tasks:
! Configuring How Often BGP Exchanges Routes with the Routing Table on
page 587
! BGP global import and export statements—Include these statements at the [edit
protocols bgp] hierarchy level (for routing instances, include these statements at
the [edit routing-instances routing-instance-name protocols bgp] hierarchy level).
! Applying Policies to Routes Being Imported into the Routing Table from BGP on
page 587
! Applying Policies to Routes Being Exported from the Routing Table into BGP on
page 587
Applying Policies to Routes Being Imported into the Routing Table from
BGP
To apply policy to routes being imported into the routing table from BGP, include
the import statement, listing the names of one or more policies to be evaluated:
import [ policy-names ];
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
If you specify more than one policy, they are evaluated in the order specified, from
first to last, and the first matching filter is applied to the route. If no match is found,
BGP places into the routing table only those routes that were learned from BGP
routers.
Applying Policies to Routes Being Exported from the Routing Table into
BGP
To apply policy to routes being exported from the routing table into BGP, include
the export statement, listing the names of one or more policies to be evaluated:
export [ policy-names ];
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
If you specify more than one policy, they are evaluated in the order specified, from
first to last, and the first matching filter is applied to the route. If no routes match
the filters, the routing table exports into BGP only the routes that it learned from
BGP.
advertise-inactive;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Configuring How Often BGP Exchanges Routes with the Routing Table
BGP stores the route information it receives from update messages in the routing
table, and the routing table exports active routes from the routing table into BGP.
BGP then advertises the exported routes to its peers. By default, the exchange of
route information between BGP and the routing table occurs immediately after the
routes are received. This immediate exchange of route information might cause
instabilities in the network reachability information. To guard against this, you can
delay the time between when BGP and the routing table exchange route
information.
To configure how often BGP and the routing table exchange route information,
include the out-delay statement:
out-delay seconds;
By default, the routing table retains some of the route information learned from
BGP. To have the routing table retain all or none of this information, include the
keep statement:
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
The routing table can retain the route information learned from BGP in one of the
following ways:
! Default (omit the keep statement)—Keep all route information that was learned
from BGP except for routes whose AS path is looped and the loop includes the
local AS.
! keep all—Keep all route information that was learned from BGP.
! keep none—Discard routes that were received from a peer and that were
rejected by import policy or other sanity checking, such as AS path or next hop.
When you configure keep none for the BGP session and the inbound policy
changes, the JUNOS software forces readvertisement of the full set of routes
advertised by the peer.
advertise-peer-as;
no-advertise-peer-as;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary section for this statement.
To configure an EBGP peer, specify a 128-bit IPv6 link-local address in the neighbor
statement:
neighbor ipv6-link-local-address;
To specify the interface name for the EBGP link-local peer, include the
local-interface statement:
local-interface interface-name;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for this statements.
This statement is valid only for 128-bit IPv6 link-local addresses and is mandatory
for configuring an IPv6 EBGP link-local peering session. For more information
about IPv6 addressing, see “Routing Protocols Concepts” on page 3.
NOTE: Configuring EBGP peering using link-local addresses is only applicable for
directly connected interfaces. There is no support for multihop peering.
! BGP derives next-hop prefixes using the IPv4-compatible IPv6 prefix. For
example, the IPv4 next-hop prefix 10.19.1.1 translates to the IPv6 next-hop
prefix ::10.19.1.1 (hexadecimal format ::a13:101).
NOTE: There must be an active route to the IPv4-compatible IPv6 next hop to
export IPv6 BGP prefixes.
! An IPv6 connection must be configured over the link. The connection must be
either an IPv6 tunnel or a dual-stack configuration.
Define IPv4 and IPv6 BGP groups for 11.19.1.2 with BGP neighbor 11.19.1.1:
[edit protocols]
bgp {
group ebgp_both {
type external;
local-address 11.19.1.2;
family inet {
unicast;
}
family inet6 {
unicast;
}
peer-as 1;
neighbor 11.19.1.1;
}
}
[edit interfaces]
ge-0/1/0 {
unit 0 {
family inet {
address 11.19.1.2/24;
}
family inet6 {
address ::11.19.1.2/126;
}
}
}
log-updown;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
description description-text;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
To restrict TCP connection attempts to BGP peers include the apply-path statement:
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
For detailed information about configuring TCP connection attempts, see the
JUNOS Policy Framework Configuration Guide.
vpn-apply-export;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
include-mp-next-hop;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number ;
version (0 | 1 | automatic);
}
To specify the minimum transmit and receive interval for failure detection, include
the minimum-interval statement:
minimum-interval milliseconds;
NOTE: Specifying an interval smaller than 300ms can cause undesired BFD
flapping.
To specify the minimum receive interval for failure detection, include the
minimum-receive-interval statement:
minimum-receive-interval milliseconds;
To specify the minimum transmit interval for failure detection, include the
minimum-transmit-interval statement:
minimum-transmit-interval milliseconds;
To specify the detection time multiplier for failure detection, include the multiplier
statement:
multiplier number ;
For a list of hierarchy levels at which you can configure these statements, see the
statement summary sections for these statements.
To specify the BFD version used for detection, include the version statement:
version (1 | automatic);
tcp-mss segment-size;
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
Include the tcp-mss statement for a specific BGP neighbor to send the specified
segment size to the BGP neighbor as the advertised MSS. The configured MSS value
is also used as the maximum segment size for the sender. If the MSS value from the
BGP neighbor is less than the MSS value configured, the MSS value from the BGP
neighbor is used as the maximum segment size for the sender.
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
For a list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.
You can specify the following BGP-specific options in the BGP traceoptions
statement:
! open—Trace BGP open packets. These packets are sent between peers when
they are establishing a connection.
You can filter trace statements and output only the statement information that
passes through the filter by specifying the filter flag modifier. The filter modifier is
only supported for the route and damping tracing flags.
NOTE: Use the traceoption flags detail and all with caution. These flags may cause
the CPU to become very busy.
For general information about tracing, see the tracing and logging information in
the JUNOS System Basics Configuration Guide.
[edit]
routing-options {
traceoptions {
file routing-log;
}
autonomous-system 23;
}
protocols {
bgp {
group 23 {
type external;
peer-as 56;
traceoptions {
file bgp-log size 10k files 5;
flag packets detail;
}
0.0.0.0/0;
}
}
}
[edit]
routing-options {
autonomous-system 23;
router-id 10.0.0.1;
}
protocols {
bgp {
group 23 {
type external;
peer-as 56;
neighbor boojum.snark.net {
traceoptions {
file bgp-log size 10k files 2;
flag update detail;
}
}
}
}
}
Trace only messages that pass the policy based on prefix match:
[edit]
protocols {
bgp {
traceoptions {
file bgp-tr size 5m files 10;
flag route filter policy couple-route match-on prefix;
}
}
}
The following sections explain each of the Border Gateway Protocol (BGP)
configuration statements. The statements are organized alphabetically.
advertise-inactive
Syntax advertise-inactive;
Description Have BGP advertise the best route even if the routing table did not select it to be an
active route.
Usage Guidelines See “Setting BGP to Advertise Inactive Routes” on page 587.
advertise-inactive ! 597
JUNOS 8.1 Routing Protocols Configuration Guide
advertise-peer-as
Syntax advertise-peer-as;
aggregate-label
Syntax aggregate-label {
community community-name;
}
Hierarchy Level [edit logical-routers logical-router-name protocols bgp family inet labeled-unicast],
[edit logical-routers logical-router-name protocols bgp family inet-vpn labeled-unicast],
[edit protocols bgp family inet labeled-unicast],
[edit protocols bgp family inet-vpn labeled-unicast]
Usage Guidelines See “Configuring Aggregate Labels for VPNs” on page 552.
598 ! advertise-peer-as
Chapter 34: Summary of BGP Configuration Statements
allow
Description Implicitly configure BGP peers, allowing peer connections from any of the specified
networks or hosts. To configure multiple BGP peers, configure one or more
networks and hosts within a single allow statement or include multiple allow
statements.
Usage Guidelines See “Minimum BGP Configuration” on page 535 and “Defining BGP Groups and
Peers” on page 539.
allow ! 599
JUNOS 8.1 Routing Protocols Configuration Guide
as-override
Syntax as-override;
Description Compare the AS path of an incoming advertised route with the AS number of the
BGP peer under the group and replace all occurrences of the peer AS number in the
AS path with its own AS number before advertising the route to the peer.
Note that enabling the AS override feature may result in routing loops. Use this
feature only for specific applications that require this type of behavior, and in
situations with strict network control. One application is the IGP protocol between
the provider edge router and the customer edge router in a virtual private network.
For more information, see the JUNOS MPLS Applications Configuration Guide.
600 ! as-override
Chapter 34: Summary of BGP Configuration Statements
authentication-algorithm
authentication-algorithm ! 601
JUNOS 8.1 Routing Protocols Configuration Guide
authentication-key
Description Configure an MD5 authentication key (password). Neighboring routers use the same
password to verify the authenticity of BGP packets sent from this system.
602 ! authentication-key
Chapter 34: Summary of BGP Configuration Statements
authentication-key-chain
authentication-key-chain ! 603
JUNOS 8.1 Routing Protocols Configuration Guide
authentication-key-chains
Syntax authentication-key-chains {
key-chain key-chain-name {
key key {
secret secret-data;
start-time yyyy-mm-dd.hh:mm:ss;
}
}
}
Description Configure authentication key updates for the Border Gateway Protocol
(BGP) and Label Distribution Protocol (LDP) routing protocols. When an
authentication-key-chain statement is configured at the [edit security] hierarchy level,
and associated with the BGP and LDP protocols at the [edit protocols] hierarchy
level, authentication key updates can occur without interrupting routing and
signaling protocols such as Open Shortest Path First (OSPF), and Resource
Reservation Setup Protocol (RSVP).
Options key-chain—Key chain name. This name is also configured at the [edit protocols bgp]
or the [edit protocols ldp] hierarchy level to associate unique authentication key-chain
attributes with each protocol as specified using the following options:
604 ! authentication-key-chains
Chapter 34: Summary of BGP Configuration Statements
bfd-liveness-detection
Syntax bfd-liveness-detection {
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-transmit-interval milliseconds;
multiplier number;
version (1 | automatic);
}
bfd-liveness-detection ! 605
JUNOS 8.1 Routing Protocols Configuration Guide
bgp
cluster
Description Specify the cluster identifier to be used by the route reflector cluster in an internal
BGP group.
606 ! bgp
Chapter 34: Summary of BGP Configuration Statements
damping
Syntax damping;
Usage Guidelines See “Enabling Route Flap Damping” on page 573 and the JUNOS Policy Framework
Configuration Guide.
damping ! 607
JUNOS 8.1 Routing Protocols Configuration Guide
description
Usage Guidelines See “Defining BGP Global Properties” on page 537, “Defining Group Properties” on
page 542, and “Defining Peer Properties” on page 544.
disable
Syntax disable;
608 ! description
Chapter 34: Summary of BGP Configuration Statements
explicit-null
Syntax explicit-null;
Hierarchy Level [edit logical-routers logical-router-name protocols bgp family inet labeled-unicast],
[edit logical-routers logical-router-name protocols bgp group group-name family inet
labeled-unicast],
[edit logical-routers logical-router-name protocols bgp group group-name
neighbor address family inet labeled-unicast],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols bgp family inet labeled-unicast],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols bgp group group-name family inet labeled-unicast],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols bgp group group-name neighbor address family inet labeled-unicast],
[edit protocols bgp family inet labeled-unicast],
[edit protocols bgp group group-name family inet labeled-unicast],
[edit protocols bgp group group-name neighbor address family inet labeled-unicast],
[edit routing-instances routing-instance-name protocols bgp family inet labeled-unicast],
[edit routing-instances routing-instance-name protocols bgp group group-name family
inet labeled-unicast],
[edit routing-instances routing-instance-name protocols bgp group group-name
neighbor address family inet labeled-unicast]
Default If you do not include the explicit-null statement in the configuration, label 3 (implicit
null) is advertised.
explicit-null ! 609
JUNOS 8.1 Routing Protocols Configuration Guide
export
Description Apply one or more policies to routes being exported from the routing table into
BGP.
Usage Guidelines See “Configuring BGP Routing Policy” on page 586 and the JUNOS Policy Framework
Configuration Guide.
See Also import on page 618 and the JUNOS Policy Framework Configuration Guide.
610 ! export
Chapter 34: Summary of BGP Configuration Statements
family
Syntax family {
(inet | inet6 | inet-vpn | inet6-vpn | l2-vpn) {
(any | multicast | unicast) {
prefix-limit {
maximum number ;
teardown <percentage> <idle-timeout (forever | time-in-minutes)>;
}
rib-group group-name;
}
flow {
no-validate policy-name;
}
labeled-unicast {
aggregate-label {
community community-name;
}
explicit-null {
connected-only;
}
prefix-limit {
maximum number ;
teardown <percentage> <idle-timeout (forever | time-in-minutes)>;
}
resolve-vpn;
rib inet.3;
rib-group group-name;
}
}
route-target {
advertise-default;
external-paths number;
prefix-limit {
maximum number ;
teardown <percentage> <idle-timeout (forever | time-in-minutes)>;
}
}
}
family ! 611
JUNOS 8.1 Routing Protocols Configuration Guide
Description Enable multiprotocol BGP (MBGP) by configuring BGP to carry network layer
reachability information (NLRI) for address families other than unicast IPv4, to
specify MBGP to carry NLRI for the IPv6 address family, or to carry NLRI for VPNs.
multicast—Configure the family type to be multicast. This means that the BGP peers
are being used only to carry the unicast routes that are being used by multicast
for resolving the multicast routes.
unicast—Configure the family type to be unicast. This means that the BGP peers
only carry the unicast routes that are being used for unicast forwarding
purposes.
Default: unicast
612 ! family
Chapter 34: Summary of BGP Configuration Statements
flow
Syntax flow {
no-validate policy-name;
}
Hierarchy Level [edit protocols bgp group group-name family (inet | inet-vpn)],
[edit protocols bgp group group-name neighbor address
family (inet | inet-vpn)],
[edit routing-instances routing-instance-name protocols bgp group group-name family
(inet | inet-vpn)],
[edit routing-instances routing-instance-name protocols bgp group group-name
neighbor address family (inet | inet-vpn)]
NOTE: This statement is supported for the default instance, VRF instance, and
virtual-router instance only. It is configured with the instance-type statement at the
[edit routing-instance instance-name hierarchy level. For VPNs, this statement is
supported for the default instance only.
Usage Guidelines See “Enabling BGP to Carry Flow-Specific Routes” on page 577.
flow ! 613
JUNOS 8.1 Routing Protocols Configuration Guide
graceful-restart
Syntax graceful-restart {
disable;
restart-time seconds;
stale-routes-time seconds;
}
Usage Guidelines See “Configuring Graceful Restart” on page 110 and “Configuring Graceful Restart”
on page 551.
614 ! graceful-restart
Chapter 34: Summary of BGP Configuration Statements
group
group ! 615
JUNOS 8.1 Routing Protocols Configuration Guide
multipath {
multiple-as;
}
no-aggregator-id;
no-client-reflect;
out-delay seconds;
passive;
peer-as autonomous-system;
preference preference;
protocol protocol;
remove-private;
tcp-mss segment-size;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
type type;
neighbor address {
numerous peer-specific options;
}
}
Description Define a BGP peer group. BGP peer groups share a common type, peer autonomous
system (AS) number, and cluster ID, if present. To configure multiple BGP groups,
include multiple group statements.
By default, the group’s options are identical to the global BGP options. To override
the global options, include group-specific options within the group statement.
The group statement is one of the statements you must include in the configuration
to run BGP on the router. See “Minimum BGP Configuration” on page 535.
The remaining statements within the group statement are explained separately.
Usage Guidelines See “Defining BGP Groups and Peers” on page 539.
616 ! group
Chapter 34: Summary of BGP Configuration Statements
hold-time
Description Hold-time value to use when negotiating a connection with the peer. The hold-time
value is advertised in open packets and indicates to the peer the length of time that
it should consider the sender valid. If the peer does not receive a keepalive, update,
or notification message within the specified hold time, the BGP connection to the
peer is closed and routers through that peer become unavailable.
The hold time is three times the interval at which keepalive messages are sent.
hold-time ! 617
JUNOS 8.1 Routing Protocols Configuration Guide
import
Description Apply one or more routing policies to routes being imported into the JUNOS routing
table from BGP.
Usage Guidelines See “Configuring BGP Routing Policy” on page 586 and the JUNOS Policy Framework
Configuration Guide.
See Also export on page 610 and the JUNOS Policy Framework Configuration Guide
include-mp-next-hop
Syntax include-mp-next-hop;
618 ! import
Chapter 34: Summary of BGP Configuration Statements
ipsec-sa
Description Apply a security association to BGP peers. You can apply the security association
globally for all BGP peers, to a group of peers, or to an individual peer.
ipsec-sa ! 619
JUNOS 8.1 Routing Protocols Configuration Guide
iso-vpn
Syntax iso-vpn {
unicast }
prefix-limit number;
rib-group group-name;
}
}
Description Enable BGP to carry ISO VPN NLRI messages between PE routes connecting a VPN.
Default Disabled.
Usage Guidelines See “Enabling BGP to Carry Connectionless Network Services Routes” on page 578
and the J-series Services Router Advanced WAN Access Configuration Guide.
620 ! iso-vpn
Chapter 34: Summary of BGP Configuration Statements
keep
Description Specify whether routes learned from a BGP peer are retained in the routing table
even if they contain an AS number that was exported from the local AS.
Default If you do not include this statement, most routes are retained in the routing table.
none—Retain none of the routes. When keep none is configured for the BGP session
and the inbound policy changes, the JUNOS software forces readvertisement of
the full set of routes advertised by the peer.
Usage Guidelines See “Configuring How Often BGP Exchanges Routes with the Routing Table” on
page 587.
keep ! 621
JUNOS 8.1 Routing Protocols Configuration Guide
labeled-unicast
Syntax labeled-unicast {
aggregate-label {
community community-name;
}
explicit-null {
connected-only;
}
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | timeout-in-minutes)>;
}
resolve-vpn;
rib inet.3;
rib-group group-name;
}
622 ! labeled-unicast
Chapter 34: Summary of BGP Configuration Statements
local-address
Description Specify the address of the local end of a BGP session. This address is used to accept
incoming connections to the peer and to establish connections to the remote peer.
When none of the operational interfaces are configured with the specified local
address, a session with a BGP peer is placed in the idle state.
Default If you do not configure a local address, BGP uses the router’s source address
selection rules to set the local address. For more information, see the JUNOS
Network Interfaces Configuration Guide.
local-address ! 623
JUNOS 8.1 Routing Protocols Configuration Guide
local-as
local-interface
Description Specify the interface name of the peer for IPv6 peering using link-local addresses.
This peer is link-local in scope.
Usage Guidelines See “Configuring EBGP Peering Using IPv6 Link-local Address” on page 589.
624 ! local-as
Chapter 34: Summary of BGP Configuration Statements
local-preference
Description Modify the value of the LOCAL_PREF path attribute, which is a metric used by
internal BGP sessions to indicate the degree of preference for an external route. The
route with the highest local preference value is preferred.
The LOCAL_PREF path attribute always is advertised to internal BGP peers and to
neighboring confederations. It is never advertised to external BGP peers.
Default If you omit this statement, the LOCAL_PREF path attribute, if present, is not
modified.
Options local-preference—Preference to assign to routes learned from BGP or from the group
or peer.
Range: 0 through 4,294,967,295 (232 –1)
Default: If the LOCAL_PREF path attribute is present, do not modify its value. If a
BGP route is received without a LOCAL_PREF attribute, the route is handled
locally (it is stored in the routing table and advertised by BGP) as if it were
received with a LOCAL_PREF value of 100. By default, non-BGP routes that are
advertised by BGP are advertised with a LOCAL_PREF value of 100.
Usage Guidelines See “Configuring the BGP Local Preference” on page 559.
local-preference ! 625
JUNOS 8.1 Routing Protocols Configuration Guide
log-updown
Syntax log-updown;
Description Log a message whenever a BGP peer makes a state transition. Messages are logged
using the system logging mechanism located at the [edit system syslog] hierarchy
level.
Usage Guidelines See “Configuring BGP to Log System Log Messages” on page 591 and the JUNOS
System Basics Configuration Guide.
626 ! log-updown
Chapter 34: Summary of BGP Configuration Statements
metric-out
Description Metric for all routes sent using the multiple exit discriminator (MED, or
MULTI_EXIT_DISC) path attribute in update messages. This path attribute is used to
discriminate among multiple exit points to a neighboring AS. If all other factors are
equal, the exit point with the lowest metric is preferred.
You can specify a constant metric value by including the metric option. For
configurations in which a BGP peer sends third-party next hops that require the
local system to perform next-hop resolution—IBGP configurations, configurations
within confederation peers, or EBGP configurations that include the multihop
command—you can specify a variable metric by including the minimum-igp or igp
option.
You can increase or decrease the variable metric calculated from the IGP metric
(either from the igp or igp-minimum statement) by specifying a value for <offset>.
The metric is increased by specifying a positive value for <offset>, and decreased
by specifying a negative value for <offset>.
Options igp—Set the metric to the most recent metric value calculated in the IGP to get to
the BGP next hop.
minimum-igp—Set the metric to the minimum metric value calculated in the IGP to
get to the BGP next hop. If a newly calculated metric is greater than the
minimum metric value, the metric value remains unchanged. If a newly
calculated metric is lower, the metric value is lowered to that value.
metric-out ! 627
JUNOS 8.1 Routing Protocols Configuration Guide
Usage Guidelines See “Configuring the Multiple Exit Discriminator Metric” on page 555.
mtu-discovery
Syntax mtu-discovery;
Description Configure TCP path MTU discovery. MTU discovery improves convergence times
for internal BGP sessions.
628 ! mtu-discovery
Chapter 34: Summary of BGP Configuration Statements
multihop
Syntax multihop {
<ttl-value>;
no-nexthop-change;
}
If you have confederation external BGP peer-to-loopback addresses, you still need
the multihop configuration.
Default If you omit this statement, all EBGP peers are assumed to be directly connected
(that is, you are establishing a nonmultihop, or “regular”, BGP session), and the
default time-to-live (TTL) value is 1.
Options ttl-value—Configure the maximum TTL value for the TTL in the IP header of BGP
packets.
Range: 1 through 255
Default: 64 (for multihop EBGP sessions, confederations, and internal BGP sessions)
multihop ! 629
JUNOS 8.1 Routing Protocols Configuration Guide
multipath
Syntax multipath {
multiple-as;
}
Description Allow load sharing among multiple EBGP paths and multiple IBGP paths.
Options multiple-as—Disable the default check requiring that paths accepted by BGP
multipath must have the same neighboring AS.
Usage Guidelines See “Configuring BGP to Select Multiple BGP Paths” on page 563.
630 ! multipath
Chapter 34: Summary of BGP Configuration Statements
neighbor
neighbor ! 631
JUNOS 8.1 Routing Protocols Configuration Guide
multipath {
multiple-as;
}
no-aggregator-id;
no-client-reflect;
out-delay seconds;
passive;
peer-as autonomous-system;
preference preference;
tcp-mss segment-size;
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
}
Description Explicitly configure a neighbor (peer). To configure multiple BGP peers, include
multiple neighbor statements.
By default, the peer’s options are identical to those of the group. You can override
these options by including peer-specific option statements within the neighbor
statement.
The neighbor statement is one of the statements you can include in the
configuration to define a minimal BGP configuration on the router. (You can include
an allow all statement in place of a neighbor statement.)
Usage Guidelines See “Minimum BGP Configuration” on page 535 and “Defining BGP Groups and
Peers” on page 539.
632 ! neighbor
Chapter 34: Summary of BGP Configuration Statements
no-advertise-peer-as
no-aggregator-id
Syntax no-aggregator-id;
Description Set the router ID in the BGP aggregator path attribute to zero. (This is one of the
path attributes included in BGP update messages.) Doing this prevents different
routers within an AS from creating aggregate routes that contain different AS paths.
Default If you omit this statement, the router ID is included in the BGP aggregator path
attribute.
Usage Guidelines See “Update Messages” on page 532 and “Controlling the Aggregator Path
Attribute” on page 558.
no-advertise-peer-as ! 633
JUNOS 8.1 Routing Protocols Configuration Guide
no-client-reflect
Syntax no-client-reflect;
Description Disable intracluster route redistribution by the system acting as the route reflector.
Include this statement when the client cluster is fully meshed to prevent the
sending of redundant route advertisements.
634 ! no-client-reflect
Chapter 34: Summary of BGP Configuration Statements
no-validate
Hierarchy Level [edit protocols bgp group group-name family (inet | inetflow)],
[edit protocols bgp group group-name neighbor address
family (inet | inetflow)],
[edit routing-instances routing-instance-name protocols bgp group group-name family
(inet | inetflow)],
[edit routing-instances routing-instance-name protocols bgp group group-name
neighbor address family (inet | inetflow)]
Description Allows you to skip the flow route validation procedure after packets are accepted by
a policy.
Usage Guidelines See “Enabling BGP to Carry Flow-Specific Routes” on page 577.
no-validate ! 635
JUNOS 8.1 Routing Protocols Configuration Guide
out-delay
Description Specify how long a route must be present in the JUNOS routing table before it is
exported to BGP. Use this time delay to help bundle routing updates.
Default If you omit this statement, routes are exported to BGP immediately after they have
been added to the routing table.
Usage Guidelines See “Configuring How Often BGP Exchanges Routes with the Routing Table” on
page 587.
636 ! out-delay
Chapter 34: Summary of BGP Configuration Statements
passive
Syntax passive;
Description Do not send active open messages to the peer. Rather, wait for the peer to issue an
open request.
Default If you omit this statement, all explicitly configured peers are active, and each peer
periodically sends open requests until its peer responds.
passive ! 637
JUNOS 8.1 Routing Protocols Configuration Guide
path-selection
Syntax path-selection {
(cisco-non-deterministic | always-compare-med | external-router-id);
med-plus-igp {
igp-multiplier number;
med-multiplier number;
}
}
Default If the path-selection statement is not included in the configuration, only the MEDs of
routes that have the same peer ASs are compared.
med-plus-igp—Add the IGP cost to the next-hop destination to the MED before
comparing MED values for path selection.
igp-multiplier number—The multiplier value for the IGP cost to a next-hop address.
Range: 1 through 1000
Default: None
Usage Guidelines See “Configuring Routing Table Path Selection” on page 561.
638 ! path-selection
Chapter 34: Summary of BGP Configuration Statements
peer-as
Usage Guidelines See “Defining BGP Groups and Peers” on page 539.
peer-as ! 639
JUNOS 8.1 Routing Protocols Configuration Guide
preference
At the BGP global level, the preference statement sets the preference for routes
learned from BGP. You can override this preference in a BGP group or peer
preference statement.
At the group or peer level, the preference statement sets the preference for routes
learned from the group or peer. Use this statement to override the preference set in
the BGP global preference statement when you want to favor routes from one group
or peer over those of another.
Options preference—Preference to assign to routes learned from BGP or from the group or
peer.
Range: 0 through 4,294,967,295 (232 –1)
Default: 170 for the primary preference
640 ! preference
Chapter 34: Summary of BGP Configuration Statements
prefix-limit
Syntax prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | timeout-in-minutes)>;
}
Description Limit the number of prefixes received on a BGP peering and a rate-limit logging
when injected prefixes exceed a set limit.
Options maximum number—When you set the maximum number of prefixes, a message is
logged when that number is reached.
Range: 1 through 4,294,967,295
teardown <percentage>—If you include the teardown statement, the session is torn
down when the maximum number of prefixes is reached. If you specify a
percentage, messages are logged when the number of prefixes reaches that
percentage. Once the session is torn down, it will reestablish in a short time
unless you include the idle-timeout statement. Then the session can be kept
down for a specified amount of time, or forever. If you specify forever, the
session is reestablished only after you issue a clear bgp neighbor command.
Range: 0 through 100
prefix-limit ! 641
JUNOS 8.1 Routing Protocols Configuration Guide
protocol
Description Specify the interior gateway protocol (IGP) that BGP should use to resolve the next
hop for BGP routes.
Default If you do not include this statement, BGP uses all active routes when resolving next
hops.
Usage Guidelines See “Choosing the Protocol Used to Determine the Next Hop” on page 559.
642 ! protocol
Chapter 34: Summary of BGP Configuration Statements
remove-private
Syntax remove-private;
Description When advertising AS paths to remote systems, have the local system strip private
AS numbers from the AS path. The numbers are stripped from the AS path starting
at the left end of the AS path (the end where AS paths have been most recently
added). The router stops searching for private ASs when it finds the first
non-private AS. This operation takes place after any confederation member ASs
have already been removed from the AS path, if applicable.
The software recognizes the set of AS numbers that is considered private, a range
that is defined in the Internet Assigned Numbers Authority (IANA) assigned
numbers document.
The set of reserved AS numbers is in the range from 64,512 through 65,535.
Usage Guidelines See “Removing Private AS Numbers from AS Paths” on page 566.
remove-private ! 643
JUNOS 8.1 Routing Protocols Configuration Guide
resolve-vpn
Syntax resolve-vpn;
Hierarchy Level [edit logical-routers logical-router-name protocols bgp family inet labeled-unicast],
[edit logical-routers logical-router-name protocols bgp group group-name family inet
labeled-unicast],
[edit logical-routers logical-router-name protocols bgp group group-name
neighbor address family inet labeled-unicast],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols bgp family inet labeled-unicast],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols bgp group group-name family inet labeled-unicast],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols bgp group group-name neighbor address family inet labeled-unicast],
[edit protocols bgp family inet labeled-unicast],
[edit protocols bgp group group-name family inet labeled-unicast],
[edit protocols bgp group group-name neighbor address family inet labeled-unicast],
[edit routing-instances routing-instance-name protocols bgp family inet labeled-unicast],
[edit routing-instances routing-instance-name protocols bgp group group-name family
inet labeled-unicast],
[edit routing-instances routing-instance-name protocols bgp group group-name
neighbor address family inet labeled-unicast]
Description Allow labeled routes to be placed in the inet.3 routing table for route resolution.
These routes are then resolved for PE router connections where the remote PE is
located across another AS. For a PE router to install a route in the VRF, the next hop
must resolve to a route stored within the inet.3 table.
644 ! resolve-vpn
Chapter 34: Summary of BGP Configuration Statements
rib
Hierarchy Level [edit logical-routers logical-router-name protocols bgp family inet labeled-unicast],
[edit logical-routers logical-router-name protocols bgp group group-name family inet
labeled-unicast],
[edit logical-routers logical-router-name protocols bgp group group-name
neighbor address family inet labeled-unicast],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols bgp family inet labeled-unicast],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols bgp group group-name family inet labeled-unicast],
[edit logical-routers logical-router-name routing-instances routing-instance-name
protocols bgp group group-name neighbor address family inet labeled-unicast],
[edit protocols bgp family inet labeled-unicast],
[edit protocols bgp group group-name family inet labeled-unicast],
[edit protocols bgp group group-name neighbor address family inet labeled-unicast],
[edit routing-instances routing-instance-name protocols bgp family inet labeled-unicast],
[edit routing-instances routing-instance-name protocols bgp group group-name family
inet labeled-unicast],
[edit routing-instances routing-instance-name protocols bgp group group-name
neighbor address family inet labeled-unicast]
Description You can allow both labeled and unlabeled routes to be exchanged in a single
session. The labeled routes are placed in the inet.3 routing table, and both labeled
and unlabeled unicast routes can be sent or received by the router.
rib ! 645
JUNOS 8.1 Routing Protocols Configuration Guide
rib-group
Options group-name—Name of the routing table group. The name must start with a letter
and can include letters, numbers, and hyphens. You generally specify only one
routing table group.
Usage Guidelines See “Creating Routing Table Groups” on page 100, “Configuring How Interface
Routes Are Imported into Routing Tables” on page 101, and “Configuring BGP
Routing Table Groups” on page 576.
646 ! rib-group
Chapter 34: Summary of BGP Configuration Statements
route-target
Syntax route-target {
advertise-default;
external-paths number;
prefix-limit {
maximum number ;
teardown <percentage > <idle-timeout (forever | time-in-minutes)>;
}
}
Description Limit the number of prefixes advertised on BGP peerings specifically to the peers
that need the updates.
route-target ! 647
JUNOS 8.1 Routing Protocols Configuration Guide
tcp-mss
Description Configure the maximum segment size (MSS) for the TCP connection for BGP
neighbors.
Usage Guidelines See“Configuring the Segment Size for TCP” on page 593.
648 ! tcp-mss
Chapter 34: Summary of BGP Configuration Statements
traceoptions
Syntax traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <flag-modifier> <disable>;
}
To specify more than one tracing operation, include multiple flag statements.
Default The default BGP protocol-level tracing options are inherited from the routing
protocols traceoptions statement included at the [edit routing-options] hierarchy
level. The default group-level trace options are inherited from the BGP
protocol-level traceoptions statement. The default peer-level trace options are
inherited from the group-level traceoptions statement.
Options disable—(Optional) Disable the tracing operation. You can use this option is to
disable a single operation when you have defined a broad group of tracing
operations, such as all.
file name—Name of the file to receive the output of the tracing operation. Enclose
the name within quotation marks. All files are placed in the directory /var/log.
We recommend that you place BGP tracing output in the file bgp-log.
files number—(Optional) Maximum number of trace files. When a trace file named
trace-file reaches its maximum size, it is renamed trace-file.0, then trace-file.1,
and so on, until the maximum number of trace files is reached. Then, the
oldest trace file is overwritten.
If you specify a maximum number of files, you must also specify a maximum
file size with the size option.
traceoptions ! 649
JUNOS 8.1 Routing Protocols Configuration Guide
! damping—Damping operations.
! open—Open packets. These packets are sent between peers when they are
establishing a connection.
! state—State transitions.
! timer—Timer usage.
flag-modifier—(Optional) Modifier for the tracing flag. You can specify one or more
of these modifiers:
! filter—Filter trace information. Applies only for route and damping tracing
flags.
650 ! traceoptions
Chapter 34: Summary of BGP Configuration Statements
size size—(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes
(MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is
renamed trace-file.0. When the trace-file again reaches its maximum size,
trace-file.0 is renamed trace-file.1 and trace-file is renamed trace-file.0. This
renaming scheme continues until the maximum number of trace files is
reached. Then, the oldest trace file is overwritten.
If you specify a maximum file size, you also must specify a maximum number
of trace files with the files option.
Required Privilege Level routing and trace—To view this statement in the configuration.
routing-control and trace-control—To add this statement to the configuration.
traceoptions ! 651
JUNOS 8.1 Routing Protocols Configuration Guide
type
! internal—Internal group
! external—External group
Usage Guidelines See “Defining BGP Groups and Peers” on page 539.
vpn-apply-export
Syntax vpn-apply-export;
Description Apply a BGP export policy in addition to a VPN routing and forwarding (VRF) export
policy to routes.
Usage Guidelines See “Applying BGP Export Policy to VRF Routes” on page 592.
652 ! type
Part 6
Indexes
Indexes ! 653
JUNOS 8.1 Routing Protocols Configuration Guide
654 ! Indexes
Index
A any-sender statement
accept RIP ...........................................................................443
firewall filters usage guidelines ....................................................439
action ...................................................................94 area border routers ......................................................342
action modifiers, firewall filters ...................................94 area statement .............................................................383
active aggregate routes .................................................74 usage guidelines ....................................................355
active routes .............................................................6, 7–9 area-range statement ..................................................384
active statement ..........................................................123 usage guidelines ....................................................366
aggregate routes areas ..............................................................................342
usage guidelines .................................................81 AS external link advertisements ................................347
generated routes as-override statement ..................................................600
usage guidelines .................................................89 usage guidelines ....................................................542
static routes as-path (tracing flag) ....................................................650
usage guidelines .................................................68 as-path statement ........................................................126
address extension, configuring ..................................215 aggregate routes
address statement .......................................................493 usage guidelines .................................................79
usage guidelines ....................................................488 generated routes
advertise statement .....................................................494 usage guidelines .................................................87
usage guidelines ....................................................489 static routes
advertise-inactive statement ......................................597 usage guidelines .................................................65
usage guidelines ....................................................587 ASs
advertise-peer-as statement .......................................598 boundary routers ...................................................343
usage guidelines ....................................................588 configuring ...............................................98, 128, 536
aggregate routes ..............................................74–82, 124 description .............................................................529
preferences ..............................................................10 paths .......................................................................530
aggregate statement ....................................................124 aggregate routes .........................................79, 126
usage guidelines ......................................................75 generated routes ................................87, 126, 131
aggregate-label statement...........................................598 operations, tracing ...........................................650
usage guidelines ....................................................552 static routes.................................................65, 126
aggregator path attribute See BGP, aggregator path private, removing ..........................................566, 643
attribute atomic-aggregate statement .......................................126
aggregator statement ..................................................126 aggregate routes
aggregate routes usage guidelines .................................................79
usage guidelines .................................................79 generated routes
generated routes usage guidelines .................................................87
usage guidelines .................................................88 static routes
static routes usage guidelines .................................................65
usage guidelines .................................................65 auth (tracing flag) .........................................................459
alert (system logging severity level) ..........................157 authentication
all (tracing flag) ............................................................178 algorithm
allow statement ...........................................................599 BGP ....................................................................553
usage guidelines ....................................................541 BGP .........................................................................532
alternate preferences ......................................................7 keychains
always-compare-med option ......................561, 562, 638 BGP ....................................................................553
Index ! 655
JUNOS 8.1 Routing Protocols Configuration Guide
656 ! Index
Index
Index ! 657
JUNOS 8.1 Routing Protocols Configuration Guide
658 ! Index
Index
Index ! 659
JUNOS 8.1 Routing Protocols Configuration Guide
660 ! Index
Index
Intermediate System-to-Intermediate System protocol enabling ..................................250, 272, 273, 274, 303
See IS-IS end system .............................................................244
internal routers, OSPF .................................................342 errored packets ......................................................321
Internet Control Message Protocol See router discovery errored PDUs .........................................................280
ipsec-sa statement .......................................................619 graceful restart ...............................................265, 293
OSPFv3 ...................................................................401 hello
usage guidelines ............................................364, 554 interval ......................................................259, 296
ipv4-multicast statement ............................................300 packet authentication ..............................259, 295
usage guidelines ....................................................277 packet authentication key ...............................294
ipv4-multicast-metric statement ........................300, 301 PDUs ..................................................245, 281, 321
usage guidelines ....................................................277 hold time ........................................................260, 297
ipv4-multicast-rpf-routes statement ..........................301 interfaces ........................................................253, 299
IS-IS intermediate system .............................................244
usage guidelines ...............................................267 IPv6 unicast topology ...........................302, 313, 314
IPv6 label-switched path .......................................303, 402
addressing ................................................................13 LDP synchronization .....................................262, 291
representation ....................................................14 hold time ...........................................................298
scope ...................................................................14 Level 1 ....................................................................244
structure ..............................................................15 Level 2 ....................................................................244
types ....................................................................14 level properties ......................................................305
advantages ...............................................................11 link-state PDUs See IS-IS, LSPs
EBGP link-local peering ........................................589 loose authentication ......................................268, 306
header fields ............................................................12 LSPs.........................................................245, 281, 321
standards documents .............................................11 errored ...............................................................283
ipv6-unicast statement ................................................302 generation .........................................................281
usage guidelines ....................................................279 interval ..............................................261, 307, 319
ipv6-unicast-metric statement ...................................302 lifetime ......................................................262, 307
usage guidelines ....................................................279 tracing................................................................322
IS-IS mesh groups ..........................................254, 282, 308
addresses ...............................................................244 metrics ....................................................255, 260, 317
advertise label-switched paths.............................263 IPv6 ....................................................................302
areas ...............................................................244, 256 multicast ....................................................300, 301
authentication ................................251, 285, 286, 309 normal ...............................................................308
CSNP ..................................................................310 traffic engineering ............................................319
hello ...................................................................310 wide ...........................................................255, 324
PSNP ..................................................................313 multicast reverse-path forwarding ......................267
BFD .................................................................267, 287 multicast topologies ......................................276, 300
checksum .......................................................254, 269 IPv4 ....................................................................311
CLNS .......................................................270, 288, 325 IPv6 ....................................................................312
export BGP routes ............................................270 NET .........................................................................244
pure ISO network .............................................270 network PDUs ........................................................244
complete sequence number PDUs .....246, 254, 280, non-stop routing messages ..................................322
289, 321 NSAP .......................................................................244
configuration statements .............................247, 250 overloaded, marking router as ............264, 314, 374
designated router ..........................................261, 317 packets See IS-IS, PDUs
disable ....................................................................265 padding ...........................................................269, 296
disabling .................................................257, 272, 290 partial sequence number PDUs ...........246, 281, 322
IPv4 multicast topology ...................................277 PDUs .......................................................................245
IPv4 routing ......................................................273 point-to-point interface .................................265, 315
IPv4 unicast topology ......................................277 policy, routing ................................................274, 291
IPv6 multicast topology ...................................277 preferences ................................9, 256, 274, 292, 316
IPv6 routing ......................................................273 prefix limit......................................................256, 316
IPv6 unicast topology ......................................279 protocol data units See IS-IS, PDUs
disabling holddown ...............................................309
Index ! 661
JUNOS 8.1 Routing Protocols Configuration Guide
662 ! Index
Index
M RIP ...........................................................................452
managed-configuration statement ............................516 usage guidelines ...............................................437
usage guidelines ....................................................507 RIPng ......................................................................477
martian addresses ...........................................90–91, 151 usage guidelines ...............................................471
martians statement .....................................................151 metrics
usage guidelines ................................................90, 91 aggregate routes ......................................................77
match conditions BGP .........................................................................555
firewall filters generated routes......................................................85
overview ..............................................................92 IS-IS .........................................................255, 260, 317
max-advertisement-interval statement OSPF ...............................................366, 367, 376, 412
ICMP .......................................................................496 RIP ...................................................................433, 437
usage guidelines ...............................................489 RIPng ..............................................................467, 470
neighbor discovery ...............................................516 static routes ..............................................................63
usage guidelines ...............................................508 metric-type statement .................................................405
maximum-paths statement ........................................152 usage guidelines ............................................356, 357
usage guidelines ....................................................231 min-advertisement-interval statement ......................497
maximum-prefixes statement ....................................153 usage guidelines ............................................489, 508
usage guidelines ....................................................231 minimum-interval statement
MBGP ..............................................................49, 573, 612 BFD .........................................................................129
MD5 authentication usage guidelines .................................................70
BGP .........................................................................552 BGP .........................................................................605
OSPF .......................................................................361 usage guidelines ...............................................593
See also HMAC-MD5 authentication IS-IS .........................................................................287
MED See BGP usage guidelines ...............................268, 370, 438
med-plus-igp statement ..............................................638 OSPF .......................................................................387
usage guidelines ....................................................561 usage guidelines ...............................................370
mesh groups .........................................................254, 308 RIP ...........................................................................446
mesh-group statement ................................................308 usage guidelines ...............................................438
usage guidelines ....................................................254 minimum-receive-interval statement
message-size statement ..............................................451 BFD .........................................................................129
usage guidelines ....................................................434 usage guidelines .................................................70
metric statement BGP .........................................................................605
aggregate routes ....................................................154 usage guidelines ...............................................593
usage guidelines .................................................77 IS-IS .........................................................................287
CLNS usage guidelines ...............................................268
usage guidelines .................................................59 OSPF .......................................................................387
generated routes ...................................................154 usage guidelines ...............................................370
usage guidelines .................................................85 RIP ...........................................................................446
IS-IS .........................................................................308 usage guidelines ...............................................438
usage guidelines ...............................................260 minimum-transmit-interval statement
OSPF .......................................................................404 BFD .........................................................................129
usage guidelines ...............................................367 BGP .........................................................................605
qualified next hop .................................................154 IS-IS .........................................................................287
usage guidelines .................................................55 usage guidelines .................................70, 268, 593
static routes............................................................154 OSPF .......................................................................387
usage guidelines .................................................63 usage guidelines ...............................................370
metric-in statement .....................................................452 RIP ...........................................................................446
RIPng ......................................................................476 usage guidelines ...............................................438
usage guidelines ...............................................467 MPLS .................................................................................9
usage guidelines ....................................................433 inet.3 routing table ..................................................49
metric-out statement routing tables ...........................................................49
BGP .........................................................................627 ultimate-hop popping ...........................................609
usage guidelines ...............................................556 mpls.0 routing table.........................................................5
Index ! 663
JUNOS 8.1 Routing Protocols Configuration Guide
664 ! Index
Index
Index ! 665
JUNOS 8.1 Routing Protocols Configuration Guide
666 ! Index
Index
Index ! 667
JUNOS 8.1 Routing Protocols Configuration Guide
668 ! Index
Index
Index ! 669
JUNOS 8.1 Routing Protocols Configuration Guide
670 ! Index
Index
Index ! 671
JUNOS 8.1 Routing Protocols Configuration Guide
V
validation statement
usage guidelines ...................................................... 92
valid-lifetime statement .............................................. 524
usage guidelines .................................................... 510
version statement
BFD ......................................................................... 129
usage guidelines ................................................. 70
672 ! Index
Index of Statements and Commands
A confederation statement.............................................132
active statement ..........................................................123 csnp-interval statement ..............................................289
advertise statement .....................................................494 current-hop-limit statement .......................................514
advertise-inactive statement ......................................597
advertise-peer-as statement .......................................598 D
aggregate statement ....................................................124 damping statement .....................................................607
aggregate-label statement ..........................................598 dead-interval statement ..............................................388
aggregator statement ..................................................126 default-lifetime statement ..........................................514
allow statement ...........................................................599 default-lsa statement ...................................................389
any-sender statement default-metric statement ............................................390
RIP ...........................................................................443 demand-circuit statement...........................................391
area statement .............................................................383 description statement .........................................233, 608
area-range statement ..................................................384 destination-networks statement ................................133
as-override statement .................................................600 disable statement ................................................333, 334
atomic-aggregate statement .......................................126 graceful restart .......................................................133
authentication-algorithm statement domain-id statement ...................................................392
BGP .......................................................................... 601 domain-vpn-tag statement .........................................393
authentication-key statement dynamic-tunnels statement ........................................135
RIP ...........................................................................444
authentication-key-chain statement E
BGP ..........................................................................603 enable statement
authentication-key-chains statement routing options .......................................................147
security....................................................................604 esct statement
authentication-type statement ES-IS.........................................................................333
RIP ...........................................................................445 esis statement ..............................................................334
auto-export statement ................................................127 explicit-null statement.................................................609
autonomous-system statement .................................128 export statement
IS-IS ..........................................................................291
B export-rib statement ...................................................136
bfd-liveness-detection statement external-preference statement
BGP ..........................................................................605 IS-IS ..........................................................................292
IS-IS .........................................................................287
OSPF........................................................................387 F
RIP ...........................................................................446 fate-sharing statement ................................................137
static routes ............................................................129 filter statement.............................................................138
bgp statement ..............................................................606 flow statement .....................................................139, 613
brief statement ............................................................130 forwarding-cache statement.......................................140
broadcast statement....................................................494 forwarding-table statement ........................................140
full statement ...............................................................130
C
checksum statement ...................................................288 G
check-zero statement ..................................................447 generate statement......................................................141
clns-routing statement graceful-restart statement...........................................334
IS-IS .........................................................................288 BGP ..........................................................................614
cluster statement .........................................................606 OSPF ........................................................................395
S V
scope statement .......................................................... 172 valid-lifetime statement ..............................................524
send statement version statement
RIP ........................................................................... 458 BFD ..........................................................................129
RIPng ....................................................................... 480 BGP ..........................................................................605
sham-link statement ................................................... 415 IS-IS .........................................................................287
sham-link-remote statement ...................................... 415 OSPF........................................................................387
shortcuts statement RIP ...........................................................................446
IS-IS ......................................................................... 318 virtual-link statement ..................................................426
OSPF ....................................................................... 416 vpn-apply-export statement .......................................652
source-address statement .......................................... 172 vrf-export statement ...................................................238
usage guidelines..................................................... 111 vrf-import statement ...................................................239
spf-delay statement vrf-table-label statement .............................................239
IS-IS ......................................................................... 319 vrf-target statement.....................................................240
OSPF ....................................................................... 417
ssm-groups statement ................................................ 173 W
static statement ........................................................... 174 wide-metrics-only statement .....................................324