11.2 ISP Router Configurations
This section shows relevant configurations for Juniper Networks and Cisco Systems routers acting as both RPs and non-RPs. In our example network, NY-RP and LA-nonRP are Juniper Networks routers, while LA-RP and NY-nonRP are Cisco Systems routers. On the Juniper Networks non-RP routers, interfaces so-0/0/0 and so-0/0/1 are backbone links, while interface t3-1/0/0 connects to a customer. On the Cisco non-RP routers, interfaces POS0/0/0 and POS0/0/1 are backbone links, while Serial1/0/0 connects to a customer.
To reduce repetition, MBGP, IS-IS, and OSPF configurations are shown only for the RP routers. Configuration for the non-RP routers would look the same.
11.2.1 ISP RP Configuration: Juniper Networks
This configuration describes a Juniper Networks router acting as an RP in a typical service provider's network.
system {
host-name NY-RP;
}
interfaces {
so-0/0/0 {
unit 0 {
description "Backbone Link";
family inet;
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.1.1.1/32 { /* Unique IP Address */
primary;
}
address 10.1.1.100/32; /* Anycast RP Address */
}
family iso {
address 49.0001.0100.0100.1001.00; /* ISO Address */
}
}
}
}
protocols {
sap; /* Listen to SDR announcements */
bgp {
family inet {
unicast; /* SAFI=1 */
multicast; /* SAFI=2 */
}
export static-connected; /* Redistribute static and connected */
group IBGP-Peers { /* routes into BGP */
type internal;
local-address 10.1.1.1;
neighbor 10.1.1.x;
}
group BGP-Customers {
type external;
neighbor 10.2.2.x {
peer-as 65001;
}
}
}
isis {
multicast-topology; /* M-ISIS */
level 1 disable;
interface so-0/0/0.0 {
level 2 {
metric 10; /* MT 0 metric */
multicast-metric 10; /* MT 3 metric */
}
}
interface lo0.0 {
level 2 passive;
}
}
msdp {
rib-group inet mcast-rpf-rib; /* Use inet.2 for MSDP RPF */
local-address 10.1.1.1;
group Anycast-RPs {
mode mesh-group;
peer 10.1.1.2;
peer 10.1.1.3;
peer 10.1.1.4;
peer 10.1.1.5;
}
group Customer-RPs { /* SA filter for customer peerings */
export SA-filter;
import SA-filter;
peer 10.2.2.x;
}
}
ospf {
rib-group ospf-rib; /* Put OSPF routes in inet.2 */
area 0.0.0.0 {
interface so-0/0/0.0 {
metric 10;
}
interface lo0.0 {
passive;
}
}
}
pim {
rib-group inet mcast-rpf-rib; /* Use inet.2 for PIM RPF */
rp {
bootstrap-import block-bsr; /* Prevents BSR messages from */
bootstrap-export block-bsr; /* entering or leaving router */
local {
address 10.1.1.100; /* I am the RP */
}
}
interface all { /* Enable PIM-SM on all interfaces */
mode sparse;
}
interface fxp0.0 { /* ... except management interface */
disable;
}
}
}
routing-options {
interface-routes { /* Put connected routes in inet.2 */
rib-group inet if-rib;
}
static {
rib-group static-rib; /* Put static routes in inet.2 */
}
rib-groups {
mcast-rpf-rib { /* RIB group used for PIM and MSDP RPF */
import-rib inet.2;
}
if-rib { /* RIB group used for connected routes */
import-rib [ inet.0 inet.2 ];
}
static-rib { /* RIB group used for static routes */
import-rib [ inet.0 inet.2 ];
}
ospf-rib { /* RIB group used for OSPF */
import-rib [ inet.0 inet.2 ];
}
}
autonomous-system 65000;
}
}
policy-options {
policy-statement SA-filter { /* SA filter for all customers */
term BAD-groups {
from {
route-filter 224.0.1.2/32 exact; /* SGI-Dogfight */
route-filter 224.0.1.3/32 exact; /* RWHOD */
route-filter 224.0.1.22/32 exact; /* SVRLOC */
route-filter 224.0.1.24/32 exact; /* MICROSOFT-DS */
route-filter 224.0.1.35/32 exact; /* SVRLOC-DA */
route-filter 224.0.1.39/32 exact; /* AutoRP Announce */
route-filter 224.0.1.40/32 exact; /* AutoRP Discovery */
route-filter 224.0.1.60/32 exact; /* HP-Dev-Disc */
route-filter 224.0.2.2/32 exact; /* Sun RPC */
route-filter 229.55.150.208/32 exact;/* Norton Ghost */
route-filter 232.0.0.0/8 orlonger; /* SSM */
route-filter 239.0.0.0/8 orlonger; /* Admin-scoped */
}
then reject;
}
term BAD-Sources {
from { /* Private address space */
source-address-filter 10.0.0.0/8 orlonger;
source-address-filter 127.0.0.0/8 orlonger;
source-address-filter 172.16.0.0/12 orlonger;
source-address-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term everything-else {
then accept;
}
}
policy-statement static-connected { /* Redistribute static and */
from protocol [ static direct ]; /* connected routes into BGP */
then accept;
}
policy-statement block-bsr { /* BSR input/output filter */
then reject;
}
}
11.2.2 ISP RP Configuration: Cisco Systems
This configuration describes a Cisco Systems router acting as an RP in a typical service provider's network.
hostname LA-RP
ip multicast-routing
!
! Enable PIM-SM on all interfaces
! Listen to SDR sessions on one interface
!
interface Loopback0
description Unique IP address
ip address 10.1.1.5 255.255.255.255
ip pim sparse-mode
ip sdr listen
!
interface Loopback1
description Anycast RP address
ip address 10.1.1.100 255.255.255.255
ip pim sparse-mode
!
interface POS0/0/0
description Backbone link
ip pim sparse-mode
ip router isis ISP
clns router isis ISP
isis circuit-type level-2-only
isis metric 10 level-2
ip ospf cost 10
!
! ISIS config
!
router isis ISP
passive-interface Loopback0
passive-interface Loopback1
summary-address 10.1.1.0 255.255.255.0
net 49.0001.0100.0100.1005.00
is-type level-2-only
!
! OSPF Config
!
router ospf 10
passive-interface Loopback0
passive-interface Loopback1
network 10.1.1.0 0.0.0.255 area 0
!
! BGP Peerings
!
router bgp 65000
no synchronization
redistribute connected route-map static-connected-mbgp
redistribute static route-map static-connected-mbgp
neighbor ibgp-peers peer-group nlri unicast multicast
neighbor ibgp-peers remote-as 65000
neighbor ibgp-peers update-source Loopback0
neighbor 10.1.1.x peer-group ibgp-peers
neighbor 10.2.2.x remote-as 65001 nlri unicast multicast
neighbor 10.2.2.x description MBGP Customer peering
!
! Static RP mapping and SSM address range
!
ip pim rp-address 10.1.1.100 override
ip pim ssm default
!
! Customer MSDP peering
!
ip msdp peer 10.2.2.x connect-source Loopback0
ip msdp sa-filter in 10.2.2.x list 101
ip msdp sa-filter out 10.2.2.x list 101
!
! Anycast RP MSDP peerings in mesh group
!
ip msdp peer 10.1.1.1 connect-source Loopback0
ip msdp peer 10.1.1.2 connect-source Loopback0
ip msdp peer 10.1.1.3 connect-source Loopback0
ip msdp peer 10.1.1.4 connect-source Loopback0
ip msdp mesh-group IMSDP 10.1.1.1
ip msdp mesh-group IMSDP 10.1.1.2
ip msdp mesh-group IMSDP 10.1.1.3
ip msdp mesh-group IMSDP 10.1.1.4
!
! Set the RP in originating SAs to unique address
! and cache SAs (both done by default on Juniper routers)
!
ip msdp originator-id Loopback0
ip msdp cache-sa-state
!
! MSDP SA filter
!
access-list 101 deny ip any host 224.0.1.2 ! SGI "Dogfight" game
access-list 101 deny ip any host 224.0.1.3 ! RWHOD
access-list 101 deny ip any host 224.0.1.22 ! SVRLOC
access-list 101 deny ip any host 224.0.1.24 ! MICROSOFT-DS
access-list 101 deny ip any host 224.0.1.35 ! SVRLOC-DA
access-list 101 deny ip any host 224.0.1.39 ! AutoRP Announce
access-list 101 deny ip any host 224.0.1.40 ! AutoRP Discovery
access-list 101 deny ip any host 224.0.1.60 ! HP Device Discovery
access-list 101 deny ip any host 224.0.2.2 ! Sun RPC
access-list 101 deny ip any host 229.55.150.208 ! Norton "Ghost"
access-list 101 deny ip any 232.0.0.0 0.255.255.255 ! SSM
access-list 101 deny ip any 239.0.0.0 0.255.255.255 ! Admin Scoped
! Private Address Space
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 permit ip any any
!
! Redistributes static and connected routes
! into MBGP
!
route-map static-connected-mbgp permit 10
set nlri unicast multicast
!
11.2.3 ISP Non-RP Configuration: Juniper Networks
This configuration describes a Juniper Networks router acting as a non-RP in a typical service provider's network.
system {
host-name LA-nonRP;
}
interfaces {
so-0/0/0 {
unit 0 {
description "Backbone Link";
family inet;
family iso;
}
}
so-0/0/1 {
unit 0 {
description "Backbone Link";
family inet;
family iso;
}
}
t3-1/0/0 {
unit 0 {
description "Customer Link";
family inet;
}
}
lo0 {
unit 0 {
family inet;
family iso;
}
}
}
protocols {
sap; /* Listen to SDR announcements */
pim {
rib-group inet mcast-rpf-rib; /* Use inet.2 for PIM RPF */
rp {
bootstrap-import block-bsr; /* Prevents BSR messages from */
bootstrap-export block-bsr; /* entering or leaving router */
static {
address 10.1.1.100; /* RP address */
}
}
interface all { /* Enable PIM-SM on all interfaces */
mode sparse;
}
interface fxp0.0 { /* ... except management interface */
disable;
}
}
}
routing-options {
interface-routes { /* Put connected routes in inet.2 */
rib-group inet if-rib;
}
static {
rib-group static-rib; /* Put static routes in inet.2 */
}
rib-groups {
mcast-rpf-rib { /* RIB group used for PIM and MSDP RPF */
import-rib inet.2;
}
if-rib { /* RIB group used for connected routes */
import-rib [ inet.0 inet.2 ];
}
static-rib { /* RIB group used for static routes */
import-rib [ inet.0 inet.2 ];
}
ospf-rib { /* RIB group used for OSPF */
import-rib [ inet.0 inet.2 ];
}
}
multicast { /* Boundaries between customers and provider */
scope SGI-Dogfight {
prefix 224.0.1.2/32;
interface all;
}
scope RWHOD {
prefix 224.0.1.3/32;
interface all;
}
scope SVRLOC {
prefix 224.0.1.22/32;
interface all;
}
scope MICROSOFT-DS {
prefix 224.0.1.24/32;
interface all;
}
scope SVRLOC-DA {
prefix 224.0.1.35/32;
interface all;
}
scope AutoRP-Announce {
prefix 224.0.1.39/32;
interface all;
}
scope AutoRP-Discovery {
prefix 224.0.1.40/32;
interface all;
}
scope HP-Device-Discovery {
prefix 224.0.1.60/32;
interface all;
}
scope Sun-RPC {
prefix 224.0.2.2/32;
interface all;
}
scope Norton-Ghost {
prefix 229.55.150.208/32;
interface all;
}
scope Admin-Scope {
prefix 239.0.0.0/8;
interface all;
}
}
}
policy-options {
policy-statement block-bsr { /* BSR input/output filter */
then reject;
}
}
11.2.4 ISP Non-RP Configuration: Cisco Systems
This configuration describes a Cisco Systems router acting as a non-RP in a typical service provider's network.
hostname NY-nonRP
ip multicast-routing
!
! Enable PIM-SM on all interfaces
! Listen to SDR sessions on one interface
!
interface Loopback0
ip pim sparse-mode
ip sdr listen
!
interface POS0/0/0
description Backbone link
ip pim sparse-mode
!
interface POS0/0/1
description Backbone link
ip pim sparse-mode
!
interface Serial1/0/0
description Customer link
ip pim sparse-mode
ip multicast boundary 10 ! Apply boundary between customer and provider
!
! Static RP mapping and SSM address range
!
ip pim rp-address 10.1.1.100 override
ip pim ssm default
!
! Boundaries between customer and provider
!
access-list 10 deny 224.0.1.2 ! SGI "Dogfight" game
access-list 10 deny 224.0.1.3 ! RWHOD
access-list 10 deny 224.0.1.22 ! SVRLOC
access-list 10 deny 224.0.1.24 ! MICROSOFT-DS
access-list 10 deny 224.0.1.35 ! SVRLOC-DA
access-list 10 deny 224.0.1.39 ! AutoRP Announce
access-list 10 deny 224.0.1.40 ! AutoRP Discovery
access-list 10 deny 224.0.1.60 ! HP Device Discovery Protocol
access-list 10 deny 224.0.2.2 ! Sun RPC
access-list 10 deny 229.55.150.208 ! Norton "Ghost"
access-list 10 deny 239.0.0.0 0.255.255.255 ! Admin Scoped
access-list 10 permit any
!
| 
No comments:
Post a Comment