NETWORKING TUNNELS with Dynamic Routing Protocols on Juniper Devices
NETWORKING TUNNELS
*Network tunnel s typically bridge networks
*Traffic can be encrypted
*Examples of tunnel use includes:
Hiding network traffic
Providing dedudant links
Sending non-IP over IP Networks
*Encapsulators and decapsulatiors are better known as tunnel endpoins
*Tunnel layers
Most networks utilize layer 3 tunnels across IP networks
Tunnels can also operate at layer 2
Layer 2 tunnel can send encapsulated frames across other layer2 tunnels
Ipv4 ve IPv6 connectivity destekliyor tunel islemi
Examples of Tunnel Usage
Tunnels have a varierty of applications
Examples: private ip addresses
Ipv4
Remote networks for connecting
Providing network redundancy
Proxy Services Types
Local proxy server
Cloud Proxy services
Traditional proxy servers
Service are provided by Zsclaer,Virtela and Symantec
IP PROTOCOL NUMBERS
TCP : 6
UDP :17
ICMP :1
OSPF:89
EIGRP:88
For VPN traffic
AH :51
ESP : 50
GRE:47
IPv6 41
MPLS in IP :137
Lt2p: 115
TUNNEL TYPES in Junos
There are several types of tunnel
1-IP in IP Tunnels
Use only ipv4 networks
Support TCP,UDP,ICMP and other IP protocols(ospf)
2-GRE TUNNELS
Use ip protocol 47
Layer 3 traffic encapsulation within IP header
Support IP protocols, IPX,Apple talk,Decent ,CLNS and IPv6
Sifreleme yapilabilir
The ecryption is known as IPSec over GRE
MTU and TUNNELS
*IP packets minimum 20 bytes
*Maximum is 64Kb
Maximum Transmission Units (MTUs)
Default is 1500 bytes
If come over packet size , it will be drop
Juniper has several recomandations about that:
*Set the MTU for a tunnel to 1524
*enable allow-fragmentation option
*enable clear-don`t -fregment option
*Use path MTU discovery
TUNNELS and DYNAMIC ROUTING PROTOCOLS
Tunnel ve routing protocols can use same time
Tunnels can send multicast traffic
Allows tunnels to OSPF hellos
Tunnels can also send RIP and BGP packets
These protocols make administration easier
They can have an adverse affect on tunnels
OSPF and TUNNEL
Configuration IP in IP Tunnels in Junos OS
At SRX1
Has comminication between devices and after:
Edit interfaces ip-0/0/0.0
Set tunnel source 192.51.100.1
Set family inet address 192.168.0.1/30
Top
Edit security zones security-zone TRUST
Set interfaces IP-0/0/0.0
Top
Edit protocols ospf
Set area 0.0.0.0 interface ip-0/0/0.0
Commit
At SRX2
Edit interfaces ip-0/0/0.0
Set tunnel destination 192.51.100.1
Set tunnel source 203.0.113.2
Set family inet address 192.168.0.2/30
Top
Edit security zones security-zone TRUST
Set interfaces ip-0/0/0.0
Top
Edit protocols ospf
Set area 0.0.0.0 interface ip-0/0/0.0
Commit
For checking :
Show ospf neighbors
Show route protocols ospf
CONFIGURE GRE TUNNELS in JUNOS
At SRX1
Edit interfaces gr-0/0/0.0
Set tunnel source 198.51.100.1
Set tunnel destination 203..0113.2
Set family inet address 192.168.0.1/30
Set clear-don’t-fragment-bit
Set family inet mtu 1524
Set tunnel allow-fragmentation
Set tunnel path-mtu-discovery
Set family iso
top
Edit protocols isis
Set interface gr-0/0/0.0
Top
Edit security zones security-zone TRUST
Set interfaces ge-0/0/0.0
Commit
At Srx2
Edit interfaces ge0-0/0/.0
Set tunnel source 203.0.113.2
Set tunnel destination 198.51.100.1
Set family inet address 192.168.0.2/30
Set clear-don’t-fragment-bit
Set family inet mmtu 1524
Set tunnel allow-fregmantation
Set tunnel path-mtu-discovery
Set family iso
Top edit protocols isis
Set interface ger-0//0/0.0
Top
Edit security zones security-zone TRUST
Set interfaces gr-0/0/0.0
Top
Commit
And after we can check :
Show isis adjcaceny
Show route protocol isis
Run show route isis
Troubleshooting on Tunnels
Show interface gr-0/0/0 brief
Show interface gr-0/0/0.0
Monitor interface ge-0/0/0.0
Monitor traffic interface gr-0/0/0.0
Monitor traffic interface gr-0/0/0.0 detail
———————————–
Note: Do you need the Juniper CLI guide course or ebook ?
Discount code: 9FR64FRKKJJWS For Ebook on GOOGLE PLAY
Discount Link For video courses go to UDEMY