giovedì 17 dicembre 2009

Configuration Groups in Junos

Sometimes part of the configuration is repeated, or is necessary to ensure that some statements are always applied to interfaces, protocols or other configuration portion.

With JUNOS you can collect these sets of commands in a group, and then apply it to portions of the configuration. The comparison with a programming language can be like a subroutine or much better for the principle of "inheritance" of the object-oriented programming.
The result is a reduction in the code length, eliminating the possibility of typing errors or oversights. Finally a modification of an operating parameter in the group is directly reflected in the configuration of all the elements to which the group is applied.

When defining groups wildcar can be used to specify which portions of the code to apply the configuration.

The official reference for this statementi is
http://www.juniper.net/techpubs/en_US/junos9.6/information-products/topic-collections/swconfig-cli/id-11139566.html#id-11139566

Why did I introduce groups? Most of the fxp interfaces in all router for my JNCIP/JNCIE lab topology proposed in the previous post, use "family mpls" and "familiy iso" so why not save lots of typing and exercise the use of configuration groups ?

start defining the group:

[edit]
nick@zion# show groups | no-more 
isis-mpls {
    logical-systems {
        <*> {
            interfaces {
                <fxp*> {
                    unit <*> {
                        family iso;
                        family mpls;
                    }
                }
            }
        }
    }
}

and then apply the group to the all the system:


[edit]
nick@zion# set apply-groups isis-mpls

To display the effect of the configuration group is necessary to pipe the show command trough the "display inheritance" command as follow:


show logical-systems J1 interfaces | display inheritance    
fxp1 {
    unit 102 {
        description "------- LAN  J1-J2 ----------";
        vlan-id 102;
        family inet {
            address 10.0.5.1/24;
        }
        ##
        ## 'iso' was inherited from group 'isis-mpls'
        ##
        family iso;
        ##
        ## 'mpls' was inherited from group 'isis-mpls'
        ##
        family mpls;
    }
    unit 103 {
        description "------- link ptp J1 <-> J3 --";
        vlan-id 103;
        family inet {
            address 10.0.4.14/30;
        }
        ##
        ## 'iso' was inherited from group 'isis-mpls'
        ##
        family iso;
        ##
        ## 'mpls' was inherited from group 'isis-mpls'
        ##
        family mpls;
    }
...

or simply skipping the line with "#" in a concised form:

nick@zion#show logical-systems J1 interfaces | display inheritance | except # 
fxp1 {
    unit 102 {
        description "------- LAN  J1-J2 ----------";
        vlan-id 102;
        family inet {
            address 10.0.5.1/24;
        }
        family iso;
        family mpls;
    }
    unit 103 {
        description "------- link ptp J1 <-> J3 --";
        vlan-id 103;
        family inet {
            address 10.0.4.14/30;
        }
        family iso;
        family mpls;
    }
...

Other elements of the configuration are repetitive, and therefore can find an ideal location in the definition of the group, whose final configuration is thus:


[edit]
nick@zion# show groups | no-more  
isis-mpls {
    logical-systems {
        <*> {
            interfaces {
                 {
                    unit <*> {
                        family iso;
                        family mpls;
                    }
                }
            }
            protocols {
                rsvp {
                    interface all;
                }
                mpls {
                    interface all;
                }
                isis {
                    level 1 disable;
                    level 2 wide-metrics-only;
                    interface all {
                        point-to-point;
                    }
                }
            }
        }
    }
}

Some elements use different names in each logical router, so you must configure each specific command directly into the respective stanzas:

[edit]
nick@zion# show logical-systems J3 protocols | no-more    
isis {
    interface lo0.3 {
        passive;
    }
}

The result, like in the interface portion, is the union of both statements:

nick@zion#show logical-systems J3 | find protocols | display inheritance | except ##     
protocols {
    rsvp {
        interface all;
    }
    mpls {
        interface all;
    }
    isis {
        level 1 disable;
        level 2 wide-metrics-only;
        interface lo0.3 {                      
            passive;
        }
        interface all {
            point-to-point;
        }
    }
}

If you are not confortable using "display inheritance" or working without viewing some portions of the configuration, you can always use my starting configuration with the apply-groups, save the result of the "display inheritance" in a file and then replace the original configuration. In this case is better to use a regular expression to prevent stripping of the hashed password data ( quoted also with '##' ).

nick@zion# show | display inheritance | except "^\ *#" | save Jncip-Logical-System_L2_isis.confg  
Wrote 486 lines of output to 'Jncip-Logical-System_L2_isis.confg'
[edit]
nick@zion# load override Jncip-Logical-System_L2_isis.confg 
load complete

I promised complex scenarios and not just some simple CLI tricks, but is necessary to start with someting  solid to work on...

The complete configuration is available Here
Pubblicato da alle Nessun commento:
Etichette:

venerdì 11 dicembre 2009

Setting up the lab

My lab setup is based on the standard JNCIP/JNCIE topology.












 
The basic configuration for this topology is here 

I mainly use an Olive router ( http://juniper.cluepon.net/index.php/Olive ) connected in my lab with some other nice gear. The standard topology is based on 7 router [J1- J7] that I simulate with logical-router, now Logical-System. I'ts a very common and simple level-2 only isis area, with MPLS and ISO (CLNS) enable on all the backbone interface. RSVP is chosen as the signaling protocol for the MPLS labels.
nick@zion# show logical-systems J4 | no-more   
interfaces {
    fxp1 {
        unit 204 {
            description "------- link ptp J2 <-> J4 --";
            vlan-id 204;
            family inet {
                address 10.0.4.9/30;
            }
            family iso;        /* enable CLNS for ISIS */
            family mpls;       /* enable MPLS packet forwarding */
        }
        unit 304 {
            description "------- link ptp J3 <-> J4 --";
            vlan-id 304;
            family inet {
                address 10.0.2.6/30;
            }
            family iso;
            family mpls;
        }
        unit 405 {
            description "------- link ptp J4 <-> J5 --";
            vlan-id 405;
            family inet {
                address 10.0.2.10/30;
            }
            family iso;
            family mpls;
        }
    }
    lo0 {
        unit 4 {
            family inet {
                address 10.0.3.4/32;
            }
            family iso {
                address 49.0000.0000.0004.00;    /* assign ISO net */
            }
        }
    }
}
protocols {
    rsvp {
        interface all;
    }
    mpls {
        interface all;
    }
    isis {
        level 1 disable;
        interface lo0.4 {
            passive;
        }
        interface all {    /* prevent DIS election */
            point-to-point;
        }
    }
}
I don't want to spend time explaining the lab setup and the mpls theory for this basic environment, because I prefer to depper analize the more complex features.


Just to confirm that all things work correctly, some command output to verify that all is going right..
/* verify on witch interface ISIS is running */

nick@zion> show isis interface logical-system J4                           
IS-IS interface database:
Interface     L CirID Level 1 DR        Level 2 DR        L1/L2 Metric
fxp1.204      2   0x1 Disabled          Point to Point         10/10
fxp1.304      2   0x1 Disabled          Point to Point         10/10
fxp1.405      2   0x1 Disabled          Point to Point         10/10
lo0.4         0   0x1 Passive           Passive                 0/0

/* TLV 137 permit to show neighbor names...*/ 

nick@zion> show isis adjacency logical-system J4                           
Interface             System         L State        Hold (secs) SNPA
fxp1.204              zion-J2        2  Up                   25
fxp1.304              zion-J3        2  Up                   22
fxp1.405              zion-J5        2  Up                   22

/* and the routing table from this point of view... */

nick@zion> show route protocol isis logical-system J4 terse                

inet.0: 22 destinations, 22 routes (22 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

A Destination        P Prf   Metric 1   Metric 2  Next hop        AS path
* 10.0.2.0/30        I  18         20            >10.0.2.5
                                                  10.0.2.9
* 10.0.3.3/32        I  18         10            >10.0.2.5
* 10.0.3.5/32        I  18         10            >10.0.2.9
* 10.0.3.12/30       I  18         20            >10.0.2.5
* 10.0.4.0/30        I  18         20             10.0.4.10
                                                 >10.0.2.5
* 10.0.4.4/30        I  18         30            >10.0.2.5
* 10.0.4.12/30       I  18         20            >10.0.2.5
* 10.0.5.0/24        I  18         30            >10.0.2.5
* 10.0.6.1/32        I  18         20            >10.0.2.5
* 10.0.6.2/32        I  18         10            >10.0.4.10
* 10.0.8.0/30        I  18         30            >10.0.2.9
* 10.0.8.4/30        I  18         20            >10.0.2.9
* 10.0.8.8/30        I  18         20            >10.0.2.9
* 10.0.9.6/32        I  18         20            >10.0.2.9
* 10.0.9.7/32        I  18         20            >10.0.2.9

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

mpls.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

/* a brief look into the isis database */

nick@zion> show isis database logical-system J4                            
IS-IS level 1 link-state database:
  0 LSPs

IS-IS level 2 link-state database:
LSP ID                      Sequence Checksum Lifetime Attributes
zion-J1.00-00                   0x2a   0xc3ba      774 L1 L2
zion-J2.00-00                   0x2a   0xaa64      945 L1 L2
zion-J3.00-00                   0x38    0xe99      515 L1 L2
zion-J4.00-00                   0x20   0x8c2f      671 L1 L2
zion-J5.00-00                   0x2e   0x9fa6      557 L1 L2
zion-J6.00-00                   0x14   0x46e2      520 L1 L2
zion-J7.00-00                   0x2e   0x3f57     1093 L1 L2
  7 LSPs

/* a snipped detailed part of the isis database expose some TED ( Traffic Engineering Database )  information */

nick@zion> show isis database logical-system J4 zion-J4.00-00 extensive    
...
  Header: LSP ID: zion-J4.00-00, Length: 439 bytes
    Allocated length: 1492 bytes, Router ID: 10.0.3.4
    Remaining lifetime: 655 secs, Level: 2, Interface: 0
    Estimated free bytes: 896, Actual free bytes: 1053
    Aging timer expires in: 655 secs
    Protocols: IP, IPv6

  Packet: LSP ID: zion-J4.00-00, Length: 439 bytes, Lifetime : 1198 secs
    Checksum: 0x8c2f, Sequence: 0x20, Attributes: 0x3 
    NLPID: 0x83, Fixed length: 27 bytes, Version: 1, Sysid length: 0 bytes
    Packet type: 20, Packet version: 1, Max area: 0

  TLVs:
    Area address: 49 (1)
    Speaks: IP
    Speaks: IPV6
    IP router id: 10.0.3.4
    IP address: 10.0.3.4
    Hostname: zion-J4
    IS neighbor: zion-J2.00, Internal, Metric: default 10
    IS neighbor: zion-J3.00, Internal, Metric: default 10
    IS neighbor: zion-J5.00, Internal, Metric: default 10
    IS extended neighbor: zion-J2.00, Metric: default 10
      IP address: 10.0.4.9
      Neighbor's IP address: 10.0.4.10
      Local interface index: 103, Remote interface index: 81
      Current reservable bandwidth:
        Priority 0 : 100Mbps
        Priority 1 : 100Mbps
        Priority 2 : 100Mbps
        Priority 3 : 100Mbps
        Priority 4 : 100Mbps
        Priority 5 : 100Mbps
        Priority 6 : 100Mbps
        Priority 7 : 100Mbps
      Maximum reservable bandwidth: 100Mbps
      Maximum bandwidth: 100Mbps
      Administrative groups:  0 
    ...


Some note about the Junos Version, I currently use:

nick@zion> show version
Hostname: zion
Model: olive
JUNOS Base OS boot [9.6R1.13]

As a side note, Olive is a great gift from Juniper but remember:

"It is also important to remember that Olive exists because Juniper allows it to exist, and is a testament to the mutual respect between the extremely knowledgeable developer and user bases. If the Olive platform became widely abused, Juniper could easily add additional software checks to prevent it from working. Please do not abuse this feature by doing stupid things like contacting JTAC for support on an Olive, or selling illegal copies of the software as "router simulators". This type of activity is likely to have serious legal consequences and/or provoke a justified response from Juniper, so just don't do it."
Pubblicato da alle 2 commenti:
Etichette:
Iscriviti a: Post (Atom)