JUNOS High Availability. Best Practices for High Network Uptime - Helion
ISBN: 978-14-493-7944-5
stron: 690, Format: ebook
Data wydania: 2009-08-18
Księgarnia: Helion
Cena książki: 203,15 zł (poprzednio: 236,22 zł)
Oszczędzasz: 14% (-33,07 zł)
Whether your network is a complex carrier or just a few machines supporting a small enterprise, JUNOS High Availability will help you build reliable and resilient networks that include Juniper Networks devices. With this book's valuable advice on software upgrades, scalability, remote network monitoring and management, high-availability protocols such as VRRP, and more, you'll have your network uptime at the five, six, or even seven nines -- or 99.99999% of the time.
Rather than focus on "greenfield" designs, the authors explain how to intelligently modify multi-vendor networks. You'll learn to adapt new devices to existing protocols and platforms, and deploy continuous systems even when reporting scheduled downtime. JUNOS High Availability will help you save time and money.
- Manage network equipment with Best Common Practices
- Enhance scalability by adjusting network designs and protocols
- Combine the IGP and BGP networks of two merging companies
- Perform network audits
- Identify JUNOScripting techniques to maintain high availability
- Secure network equipment against breaches, and contain DoS attacks
- Automate network configuration through specific strategies and tools
This book is a core part of the Juniper Networks Technical Library™.
Osoby które kupowały "JUNOS High Availability. Best Practices for High Network Uptime", wybierały także:
- Zabbix 4 Network Monitoring 157,37 zł, (29,90 zł -81%)
- Cisco CCNA 200-301. Kurs video. Podstawy sieci komputerowych i konfiguracji. Część 1 790,00 zł, (316,00 zł -60%)
- Rozwiązania zadań z sieci komputerowych 43,66 zł, (17,90 zł -59%)
- Książka Packet Tracer 6 dla kursów CISCO Tom 2 - Podstawy konfiguracji IOS 38,78 zł, (15,90 zł -59%)
- Bezpieczeństwo sieci komputerowych - Praktyczne przykłady i ćwiczenia w symulatorze Cisco Packet Tracer 55,85 zł, (22,90 zł -59%)
Spis treści
JUNOS High Availability. Best Practices for High Network Uptime eBook -- spis treści
- JUNOS High Availability
- SPECIAL OFFER: Upgrade this ebook with OReilly
- Preface
- What Is High Availability?
- How to Use This Book
- Whats in This Book?
- Part I
- Part II
- Part III
- Part IV
- Conventions Used in This Book
- Using Code Examples
- Safari Books Online
- Comments and Questions
- Acknowledgments
- I. JUNOS HA Concepts
- 1. High Availability Network Design Considerations
- Why Mention Cost in a Technical Book?
- A Simple Enterprise Network
- Redundancy and the Layered Model
- Redundant Site Architectures
- Redundant Component Architectures
- Combined Component and Site-Redundant Architectures
- Redundant System Architectures
- Combined System- and Site-Redundant Architectures
- Combined System- and Component-Redundant Architectures
- Combined System-, Component-, and Site-Redundant Architectures
- What Does It All Mean?
- 2. Hardware High Availability
- Divide and Conquer
- The Brains: The Routing Engine
- RE comparison
- M Series
- MX Series
- T Series
- EX Series
- SRX Series
- J Series
- RE comparison
- The Brawn: The Packet Forwarding Engine
- Hardware components
- Model comparison
- M Series
- MX Series
- T Series
- EX Series
- SRX Series
- J Series
- The Brains: The Routing Engine
- Packet Flows
- M Series
- MX Series
- T Series
- EX Series
- SRX Series
- J Series
- Redundancy and Resiliency
- M Series
- MX Series
- T Series
- J Series
- SRX Series
- EX Series
- Divide and Conquer
- 3. Software High Availability
- Software Architecture
- Stable Foundations
- Modular Design
- Daemons
- One OS to Rule Them
- Single OS
- Forks and trains
- No reeducation through labor
- One Release Architecture
- Single OS
- Automation of Operations
- Configuration Management
- Application Programming Interfaces
- Scripting
- Commit scripts
- Operation scripts
- Event policy scripts
- Software Architecture
- 4. Control Plane High Availability
- Under the Hood of the Routing Engine
- Routing Update Process
- Step 1: Verify that the RE and PFEs are up
- Step 2: Verify that the socket is built
- Step 3: Verify that there is a valid TNP communication
- Step 4: Verify that BGP adjacencies are established
- Step 5: Verify that BGP updates are being received
- Step 6: Verify that route updates are processed correctly
- Step 7: Verify that the correct next hop is being selected
- Step 8: Verify that the correct copy of the route is being selected for kernel update
- Step 9: Verify that the correct copy of the route is being sent to the forwarding plane
- Step 10: Verify that the correct copy of the route is being installed into the forwarding plane on the PFE complex
- Routing Update Process
- Graceful Routing Engine Switchover
- Implementation and Configuration
- Configuration examples
- Troubleshooting GRES
- Implementation and Configuration
- Graceful Restart
- Graceful Restart in OSPF
- Configuration
- Immunizing against topology change
- Graceful Restart in IS-IS
- Configuration
- Graceful Restart in BGP
- Restarting the node
- Peers
- Configuration
- Graceful Restart in OSPF
- MPLS Support for Graceful Restart
- Graceful Restart in RSVP
- Configuration
- Graceful Restart in LDP
- Configuration
- Graceful Restart in MPLS-Based VPNs
- Configuration
- Graceful Restart in Multicast Protocols, PIM, and MSDP
- Graceful Restart in RSVP
- Non-Stop Active Routing
- Implementation Details and Configs
- Non-Stop Bridging
- Implementation Details and Configurations
- Choosing Your High Availability Control Plane Solution
- Under the Hood of the Routing Engine
- 5. Virtualization for High Availability
- Virtual Chassis in the Switching Control Plane
- VC Roles
- IDs for VCs
- Priorities and the Election Process
- How to rig an election
- Basic VC Setup and Configuration
- Eliminating Loops Within the VC
- Highly Available Designs for VCs
- Manipulating a split VC
- Server resilience with VCs
- Control System Chassis
- Requirements and Implementation
- Consolidation Example and Configuration
- Taking Consolidation to the Next Level: Scalable Route Reflection
- Virtual Chassis in the Switching Control Plane
- 1. High Availability Network Design Considerations
- II. JUNOS HA Techniques
- 6. JUNOS Pre-Upgrade Procedures
- JUNOS Package Overview
- Software Package Naming Conventions
- When to Upgrade JUNOS in a High Availability Environment
- The Right Target Release for a High Availability Environment
- High Availability Upgrade Strategy
- Conduct a lab trial
- Choose the device to upgrade
- Ensure router steady state
- Save the working configuration
- System-archive a copy of the working configuration
- Establish a quarantine period
- Pre-Upgrade Verifications
- Filesystems and Logs
- Checklist
- Moving Services Away from a Router
- Interface Configuration
- Switching Ownership of a VRRP Virtual IP
- IGP Traffic Control Tweaks
- OSPF and the overload bit
- Moving the designated router
- The overload bit and IS-IS
- Moving the DIS
- Label-Switched Paths
- RSVP-signaled LSPs
- JUNOS Package Overview
- 7. Painless Software Upgrades
- Snapshots
- Software Upgrades with Unified ISSU
- How It Works
- Implementation Details
- Configuration dependencies
- GRES configuration
- NSR configuration
- Configuration dependencies
- Software Upgrades Without Unified ISSU
- Loading a JUNOS Image
- Snapshots Redux
- Image Upgrade Tweaks and Options
- J Series Considerations
- Cleanup
- Backup Images
- Rescue Configuration
- 8. JUNOS Post-Upgrade Verifications
- Post-Upgrade Verification
- Device State
- Verify chassis hardware
- Check for alarms
- Verify interfaces
- Verify memory
- Network State (Routes, Peering Relationships, and Databases)
- Verify routing
- Routing table consistency
- State of Existing Services
- Filesystems and Logs
- Install logfiles
- Messages file
- Syslog settings
- Removal of Configuration Workarounds
- Device State
- Fallback Procedures
- Applicability
- Post-Upgrade Verification
- 9. Monitoring for High Availability
- I Love Logs
- Syslog Overview
- Facilities
- Severity
- Header and MSG parts
- Syslog Planning
- Pitfalls
- Implementing Syslog
- Sample configuration
- Monitoring syslog
- Syslog Overview
- Simple Network Management Protocol
- SNMP Overview
- Notification categories
- RMON alarms
- Health monitoring
- SNMP Planning
- Implementing SNMP
- SNMPv3
- RMON
- Health monitoring
- Pitfalls
- SNMP Overview
- Traffic Monitoring
- Traffic Monitoring Overview
- Traffic Monitoring Planning
- Implementing Traffic Monitoring
- Packet sampling
- Port mirroring
- Counters
- Route Monitoring
- Route Views
- Cyclops
- BGPlayer
- Pitfalls
- I Love Logs
- 10. Management Interfaces
- A GUI for Junior Techs
- Using J-Web
- J-Web for High Availability
- Mid-Level Techs and the CLI
- Event Policy Planning
- Sample event policy configuration
- Event Policies for High Availability
- Event Policy Planning
- Deep Magic for Advanced Techs
- JUNOS APIs
- XSLT
- SLAX
- Automation Scripts
- Operation scripts
- Event scripts
- Working with Scripts
- Planning scripts
- Loading and calling scripts
- Refreshing scripts
- JUNOS APIs
- A GUI for Junior Techs
- 11. Management Tools
- JUNOScope
- Overview
- JUNOScope and High Availability
- Looking Glass
- Configuration Manager
- Inventory Management System
- Software Manager
- Using JUNOScope
- JUNOScope installation
- Juniper AIS
- Overview
- AIS for High Availability
- Installation
- AIS planning
- Partner Tools
- Open IP Service Development Platform (OSDP)
- Partner Solution Development Platform (PSDP)
- JUNOScope
- 12. Managing Intradomain Routing Table Growth
- Address Allocation
- Interface Addressing
- JUNOS interface addressing syntax
- Infrastructure Routes
- Customer Routes
- Virtual Router Redundancy Protocol
- Network Virtualization and Service Overlays
- Routing instances
- Logical routers
- Enable VLAN tagging in the primary logical router
- Configuring the service overlay
- Interface Addressing
- Address Aggregation
- What Is Aggregation?
- Practical aggregation for a large domain
- Is there a risk?
- Use of the Private Address Space
- Private addressing and internal services
- Private addressing and customer services
- Private addressing, NAT, and MIP
- Use of Public Address Space
- Static Routes
- When to configure static routes
- Using Protocol Tweaks to Control Routing Table Size
- IS-IS areas and levels
- OSPF areas
- What Is Aggregation?
- Address Allocation
- 13. Managing an Interdomain Routing Table
- Enterprise Size and Effective Management
- Small to Medium-Size Enterprise Perspective
- Large Enterprises and Service Providers
- AS Number
- Border Gateway Protocol (BGP)
- EBGP Loop Prevention
- IBGP Loop Prevention
- IBGP full-mesh requirements
- Implications of full mesh for high availability
- Alternatives to full mesh
- Route Reflection
- Route reflection basics
- High availability design considerations for route reflection
- Turning it on
- Route reflectors and policy configuration
- Route reflection and next-hop self: What not to do
- What is wrong with this picture?
- Be terrific; be specific
- Confederation
- Confederation syntax
- Implications of confederation for high availability
- Configuration for redundancy
- How does multihop affect my routing table?
- Common High Availability Routing Policies
- Local address filters
- Prefix-length enforcement
- Default routes: To block or not to block?
- Route damping
- A damp policy
- Implications of damping
- BGP Tweak: Prefix Limit
- Implications of route and prefix limits
- Enterprise Size and Effective Management
- 6. JUNOS Pre-Upgrade Procedures
- III. Network Availability
- 14. Fast High Availability Protocols
- Protocols for Optical Networks
- Ethernet Operations, Administration, and Maintenance (OAM)
- IEEE 802.1ah and 802.1ag
- SONET/SDH Automatic Protection Switching
- Ethernet Operations, Administration, and Maintenance (OAM)
- Rapid Spanning Tree Protocol
- Interior Gateway Protocols
- Bidirectional Forwarding Detection
- Setting the Interval for BFD Control Packets
- Virtual Router Redundancy Protocol
- MPLS Path Protection
- Fast Reroute
- Node and Link Protection
- Protocols for Optical Networks
- 15. Transitioning Routing and Switching to a Multivendor Environment
- Industry Standards
- Multivendor Architecture for High Availability
- Two Sensible Approaches
- Layered approach to multivendor networks
- CDA model
- PE-CE model
- Site-based approach to multivendor networks
- Layered approach to multivendor networks
- Multivendor As a Transition State
- Layered transitions
- Site-based transitions
- Two Sensible Approaches
- Routing Protocol Interoperability
- Interface Connectivity
- OSPF Adjacencies Between Cisco and Juniper Equipment
- OSPF authentication keys
- IBGP Peering
- EBGP Peering
- The BGP next hop issue
- The other issue
- Success
- 16. Transitioning MPLS to a Multivendor Environment
- Multivendor Reality Check
- Cost Concerns
- MPLS Signaling for High Availability
- A Simple Multivendor Topology
- RSVP Signaling
- Traffic engineering
- JuniperCisco RSVP
- Router r5 configuration
- LDP Signaling
- A few LDP implementation differences
- MPLS Transition Case Studies
- Case Study 1: Transitioning Provider Devices
- Phase 1: P router transition
- Phase 2: P router transition
- Phase 3: P router transition
- Final state: P router transition
- Case Study 2: Transitioning Provider Edge Devices
- Phase 1: PE router transition
- Phase 2: PE router transition
- Phase 3: PE router transition
- Phase 4: PE router transition
- Final state: PE router transition
- Case Study 1: Transitioning Provider Devices
- Multivendor Reality Check
- 17. Monitoring Multivendor Networks
- Are You In or Out?
- In-Band Management
- Out-of-Band Management
- OoB and fxp0
- Configuration groups for high availability
- SNMP Configuration
- JUNOS SNMP Configuration
- IOS SNMP Configuration
- SNMP and MRTG
- Syslog Configuration
- Syslog in JUNOS
- Syslog in IOS
- Syslog and Kiwi
- Configuration Management
- Configuration for AAA
- TACACS+
- JUNOS authentication
- IOS authentication
- JUNOS locally defined accounts and authorization
- IOS authorization
- JUNOS accounting (activity tracking)
- IOS accounting (activity tracking)
- TACACS+
- JUNOS GUI Support
- What IS Normal?
- Are You In or Out?
- 18. Network Scalability
- Hardware Capacity
- Device Resources to Monitor
- Control plane capacity best practices
- Data plane specifications
- Device Resources to Monitor
- Network Scalability by Design
- Scaling BGP for High Availability
- Route reflectors and clusters
- Whats the point?
- MPLS for Network Scalability and High Availability
- Basic LSP configuration syntax
- Secondary LSPs
- Hot standby
- Fast reroute
- Link and node-link protection
- Traffic Engineering Case Study
- Scaling BGP for High Availability
- Hardware Capacity
- 19. Choosing, Migrating, and Merging Interior Gateway Protocols
- Choosing Between IS-IS and OSPF
- OSPF
- Advantages
- Disadvantages
- High availability features for OSPF in JUNOS Software
- Link and node failure detection
- Authenticating packets
- Designated routers
- Graceful Restart
- Non-Stop Active Routing
- Overload
- Prefix limits
- Bidirectional Forwarding Detection
- IS-IS
- Advantages
- Disadvantages
- High availability features for IS-IS in JUNOS Software
- Link and node failure detection
- Authenticating packets
- Graceful Restart
- Non-Stop Active Routing
- Overload
- Prefix limits
- Bidirectional Forwarding Detection
- Which Protocol Is Better?
- A final thought
- OSPF
- Migrating from One IGP to Another
- Migrating from OSPF to IS-IS
- Step 1: Plan for the migration
- Step 2: Add IS-IS to the network
- Step 3: Make IS-IS the preferred IGP
- Step 4: Verify the success of the migration
- Step 5: Remove OSPF from the network
- Migrating from IS-IS to OSPF
- Step 1: Plan for the migration
- Step 2: Add OSPF to the network
- Step 3: Make OSPF the preferred IGP
- Step 4: Verify the success of the migration
- Step 5: Remove IS-IS from the network
- Migrating from OSPF to IS-IS
- Merging Networks Using a Common IGP
- Considerations
- Area design
- Matching configuration parameters
- Tunneling
- Other Options for Merging IGPs
- BGP
- Routing instances
- Considerations
- Choosing Between IS-IS and OSPF
- 20. Merging BGP Autonomous Systems
- Planning the Merge
- Architecture
- Making the choice
- Pitfalls
- External peering
- Route reflector 1
- Route reflector 2
- Oscillation commences
- Outcomes
- BGP Migration Features in JUNOS
- Graceful Restart
- Non-Stop Active Routing
- Full mesh made easy (well, easier)
- Zen and the art of AS numbers
- Sometimes loopy is OK
- Architecture
- Merging Our ASs Off
- Merge with Full Mesh
- IBGP
- Bring in the EBGP peer
- Merge with Route Reflectors
- Cluster 1
- Cluster 2
- Merge with Confederations
- Merge with Full Mesh
- Monitoring the Merge
- Neighbor Peering
- Persistent route oscillation
- Neighbor Peering
- Planning the Merge
- 21. Making Configuration Audits Painless
- Why Audit Configurations?
- Knowledge Is Power
- JUNOS: Configuration Auditing Made Easy
- Configuration Auditing 101
- Organizing the Audit
- Configuration modules
- Functional network areas
- Organization involvement
- Organizing the Audit
- Auditing Configurations
- Baseline Configurations
- Saving a baseline
- Baseline configuration with JUNOS groups
- Baseline configuration with commit scripts
- Manually Auditing Configurations
- Manual auditing through the GUI
- Manual auditing through the CLI
- Automating Configuration Audits
- Event policies
- JUNOScope
- Advanced Insight Solution
- Baseline Configurations
- Performing and Updating Audits
- Auditing Intervals
- Analyzing Updates
- Auditing Changes
- Why Audit Configurations?
- 22. Securing Your Network Equipment Against Security Breaches
- Authentication Methods
- Local Password Authentication
- RADIUS and TACACS+ Authentication
- Authentication Order
- Hardening the Device
- Use a Strong Password, and Encrypt It
- Disable Unused Access Methods
- Control Physical Access to the Device
- Control Network Access to the Device
- Control and Authenticate Protocol Traffic
- Define Access Policies
- Firewall Filters
- Firewall Filter Syntax
- Match conditions
- Actions
- Evaluating filters
- Implicit discard
- Applying Firewall Filters
- Using Firewall Filters to Protect the Network
- Spoof prevention
- Securing a web/FTP server
- The options are endless
- Using Firewall Filters to Protect the Routing Engine
- Stateful Firewalls
- Firewall Filter Syntax
- Authentication Methods
- 23. Monitoring and Containing DoS Attacks in Your Network
- Attack Detection
- Using Filtering to Detect Ping Attacks
- Using Filtering to Detect TCP SYN Attacks
- Taking Action When a DoS Attack Occurs
- Using Filtering to Block DoS Attacks
- Filter some, filter all
- Request Help from Your Upstream Provider
- Using Filtering to Block DoS Attacks
- Attack Prevention
- Eliminate Unused Services
- Enable Reverse Path Forwarding
- Use Firewall Filters
- Use Rate Limiting
- Deploy Products Specifically to Address DoS Attacks
- Gathering Evidence
- Firewall Logs and Counters
- Port Mirroring
- Sampling
- cflowd
- Attack Detection
- 24. Goals of Configuration Automation
- CLI Configuration Automation
- Hierarchical Configuration
- Protections for Manual Configuration
- User access
- Exclusive configuration
- Private configuration
- Transaction-Based Provisioning
- Standard commits
- Commit with scripts
- Persistent changes
- Transient changes
- Script processing
- Archives and Rollback
- Configuration stores
- Automating Remote Configuration
- CLI Configuration Automation
- 25. Automated Configuration Strategies
- Configuration Change Types
- Deployment
- Network equipment
- Services
- Infrastructure
- Ad Hoc Changes
- Workarounds
- One-off configurations
- Deployment
- Automation Strategies
- Global Strategies
- Deployment
- Hardware deployment
- Interfaces
- Routing engines
- Service deployment
- Hardware deployment
- Infrastructure
- Interfaces
- Routing
- Ad Hoc Changes
- Workarounds
- JUNOS issues
- External device issues
- One-off workarounds
- Workarounds
- Configuration Change Types
- 14. Fast High Availability Protocols
- IV. Appendixes
- A. System Test Plan
- Physical Inspection and Power On
- Check General System Status
- Check for Any Active Alarms
- Save the System Hardware Configuration for Future Reference
- Check Voltages and Temperatures
- Check the Status of the Individual Components
- Check Routing Engine and Storage Media
- Check Routing Engine Status
- Check Storage Media on Each Routing Engine
- Test Optical Interfaces
- Configure a Private IP Address and Run Ping Tests
- Run a loopback test on SONET/SDH interfaces
- Run a loopback test on Fast Ethernet and Gigabit Ethernet interfaces
- Configure a Private IP Address and Run Ping Tests
- Failover and Redundancy Tests
- Routing Engine Redundancy
- SFM Redundancy (M40e Platform Only)
- Final Burn-In Check
- Power Down the Router
- Power On the Router/Burn-In Test
- Final Checks and Power Down
- B. Configuration Audit
- Audit Responsibilities
- Audit Response Key
- Audit Checklist
- Audit Interval
- C. High Availability Configuration Statements
- Routing Engine and Switching Control Board
- cfeb
- description
- failover on-disk-failure
- failover on-loss-of-keepalives
- failover other-routing-engine
- feb (Creating a Redundancy Group)
- feb (Assigning a FEB to a Redundancy Group)
- keepalive-time
- no-auto-failover
- redundancy
- redundancy-group
- routing-engine
- sfm
- ssb
- Graceful Routing Engine Switchover
- graceful-switchover
- Nonstop Bridging Statements
- nonstop-bridging
- Nonstop Active Routing
- commit synchronize
- nonstop-routing
- traceoptions
- Graceful Restart
- disable
- graceful-restart
- helper-disable
- maximum-helper-recovery-time
- maximum-helper-restart-time
- maximum-neighbor-reconnect-time
- maximum-neighbor-recovery-time
- no-strict-lsa-checking
- notify-duration
- reconnect-time
- recovery-time
- restart-duration
- restart-time
- stale-routes-time
- traceoptions
- VRRP
- accept-data
- advertise-interval
- authentication-key
- authentication-type
- bandwidth-threshold
- fast-interval
- hold-time
- inet6-advertise-interval
- interface
- preempt
- priority
- priority-cost
- priority-hold-time
- route
- startup-silent-period
- traceoptions
- track
- virtual-address
- virtual-inet6-address
- virtual-link-local-address
- vrrp-group
- vrrp-inet6-group
- Unified In-Service Software Upgrade (ISSU)
- no-issu-timer-negotiation
- traceoptions
- Routing Engine and Switching Control Board
- A. System Test Plan
- Index
- About the Authors
- Colophon
- SPECIAL OFFER: Upgrade this ebook with OReilly