0% found this document useful (0 votes)

18 views1,474 pages

Config Guide Routing

Uploaded by

Василий Иванов

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

18 views1,474 pages

Config Guide Routing

Uploaded by

Василий Иванов

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 1474

Junos® OS

Routing Protocols Configuration Guide

Release

11.4

Published: 2011-11-08

Copyright © 2011, Juniper Networks, Inc.

Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright © 1986-1997,
Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part
of them is in the public domain.

This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation
and software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California. Copyright ©
1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.

GateD software copyright © 1995, the Regents of the University. All rights reserved. Gate Daemon was originated and developed through
release 3.0 by Cornell University and its collaborators. Gated is based on Kirton’s EGP, UC Berkeley’s routing daemon (routed), and DCN’s
HELLO routing protocol. Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD
software copyright © 1988, Regents of the University of California. All rights reserved. Portions of the GateD software copyright © 1991, D.
L. S. Associates.

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other
trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.

Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are
owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312,
6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

®
Junos OS Routing Protocols Configuration Guide
Release 11.4
Copyright © 2011, Juniper Networks, Inc.
All rights reserved.

Revision History
October 2011—R1 Junos OS 11.4

The information in this document is current as of the date listed in the revision history.

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the
year 2038. However, the NTP application is known to have some difficulty in the year 2036.

END USER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks
software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at
http://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to the terms and conditions
of that EULA.

ii Copyright © 2011, Juniper Networks, Inc.

Abbreviated Table of Contents
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvii

Part 1 Overview
Chapter 1 Routing Protocols Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chapter 2 Complete Routing and Routing Protocol Configuration Statements . . . . . . 17

Part 2 Protocol-Independent Routing Properties

Chapter 3 Protocol-Independent Routing Properties Overview . . . . . . . . . . . . . . . . . . . 49
Chapter 4 Configuring Routing Tables and Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Chapter 5 Configuring Other Protocol-Independent Routing Properties . . . . . . . . . . . 119
Chapter 6 Summary of Protocol-Independent Routing Properties Configuration
Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Part 3 Routing Instances

Chapter 7 Introduction to Routing Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Chapter 8 Routing Instances Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . 239
Chapter 9 Summary of Routing Instances Configuration Statements . . . . . . . . . . . . 291

Part 4 Multitopology Routing

Chapter 10 Introduction to Multitopology Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Chapter 11 Multitopology Routing Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . 313
Chapter 12 Summary of Multitopology Routing Configuration Statements . . . . . . . . 325

Part 5 Interior Gateway Protocols

Chapter 13 Introduction to IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Chapter 14 IS-IS Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Chapter 15 Summary of IS-IS Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . 433
Chapter 16 Introduction to OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
Chapter 17 OSPF Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507
Chapter 18 Summary of OSPF Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . 749
Chapter 19 Introduction to RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 835
Chapter 20 RIP Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 839
Chapter 21 Summary of RIP Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . . 867
Chapter 22 Introduction to RIPng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 893

Copyright © 2011, Juniper Networks, Inc. iii

Junos OS 11.4 Routing Protocols Configuration Guide

Chapter 23 RIPng Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 895

Chapter 24 Summary of RIPng Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . 905
Chapter 25 Introduction to ICMP Router Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 921
Chapter 26 ICMP Router Discovery Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . 923
Chapter 27 Summary of ICMP Router Discovery Configuration Statements . . . . . . . . 927
Chapter 28 Introduction to Neighbor Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 939
Chapter 29 Neighbor Discovery Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . 941
Chapter 30 Summary of Neighbor Discovery Router Advertisement Configuration
Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 949
Chapter 31 Secure Neighbor Discovery Configuration Guidelines . . . . . . . . . . . . . . . . . 961
Chapter 32 Summary of Secure Neighbor Discovery Configuration Statements . . . . 965

Part 6 BGP
Chapter 33 Introduction to BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 975
Chapter 34 BGP Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 981
Chapter 35 Summary of BGP Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . 1293

Part 7 Indexes
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1395
Index of Statements and Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1423

iv Copyright © 2011, Juniper Networks, Inc.

Table of Contents
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvii
Junos OS Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvii
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxviii
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxviii
Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxviii
Using the Indexes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxix
Using the Examples in This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxix
Merging a Full Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxix
Merging a Snippet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xl
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xl
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xlii
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xlii
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xliii
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xliii

Part 1 Overview
Chapter 1 Routing Protocols Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Routing Databases Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Routing Protocol Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Junos Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Forwarding Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
How the Routing and Forwarding Tables Are Synchronized . . . . . . . . . . . . . . . 5
Route Preferences Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Alternate and Tiebreaker Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Multiple Active Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Understanding BGP Path Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Understanding Route Preference Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Equal-Cost Paths and Load Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
IPv6 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
IPv6 Packet Headers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Header Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Extension Headers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
IPv6 Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Address Representation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Address Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Address Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Address Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
IPv6 Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Copyright © 2011, Juniper Networks, Inc. v

Junos OS 11.4 Routing Protocols Configuration Guide

Chapter 2 Complete Routing and Routing Protocol Configuration Statements . . . . . . 17

[edit logical-systems] Hierarchy Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
[edit protocols] Hierarchy Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
[edit routing-instances] Hierarchy Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
[edit routing-options] Hierarchy Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Part 2 Protocol-Independent Routing Properties

Chapter 3 Protocol-Independent Routing Properties Overview . . . . . . . . . . . . . . . . . . . 49
[edit routing-options] Hierarchy Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Common Routing Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Complete [edit routing-options] Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Minimum Protocol-Independent Routing Properties Configuration . . . . . . . . . . . 57
Chapter 4 Configuring Routing Tables and Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Creating Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Example: Creating Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Configuring Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Configuring the Destination of Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Configuring the Next Hop for Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Configuring an Independent Preference for Static Routes . . . . . . . . . . . . . . . . . . . 64
Example: Configuring Independent Preferences for an IPv4 Static Route . . . 66
Example: Configuring Independent Preferences for an IPv6 Static Route . . . 66
Example: Configuring Independent Preferences for an Unnumbered Ethernet
Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Specifying an LSP as the Next Hop for Static Routes . . . . . . . . . . . . . . . . . . . . . . 68
Installing Static Routes into More than One Routing Table . . . . . . . . . . . . . . . . . . 69
Examples: Installing a Static Route into More than One Routing Table . . . . . 69
Configuring CLNS Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Example: Configuring a Static CLNS Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Configuring Static Route Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Configuring a Metric Value for Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Configuring a Preference Value for Static Routes . . . . . . . . . . . . . . . . . . . . . . 74
Associating BGP Communities with Static Routes . . . . . . . . . . . . . . . . . . . . . 75
Associating AS Paths with Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Configuring an OSPF Tag String for Static Routes . . . . . . . . . . . . . . . . . . . . . . 77
Controlling Temporary Installation of Static Routes in the Forwarding
Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Controlling Retention of Static Routes in the Forwarding Table . . . . . . . . . . . 78
Controlling Retention of Inactive Static Routes in the Routing and Forwarding
Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Controlling Readvertisement of Static Routes . . . . . . . . . . . . . . . . . . . . . . . . 80
Controlling Resolution of Static Routes to Prefixes That Are Not Directly
Connected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Configuring Bidirectional Forwarding Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Tracing BFD Protocol Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Overview of BFD Authentication for Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . 87
BFD Authentication Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Security Authentication Keychains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

vi Copyright © 2011, Juniper Networks, Inc.

Table of Contents

Strict Versus Loose Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Configuring BFD Authentication for Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . 89
Configuring the BFD Authentication Parameters . . . . . . . . . . . . . . . . . . . . . . 89
Viewing Authentication Information for BFD Sessions . . . . . . . . . . . . . . . . . . 91
Configuring Default Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Propagating Static Routes into Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . 93
Examples: Configuring Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Configuring Aggregate Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Configuring the Destination of Aggregate Routes . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Configuring Aggregate Route Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Configuring a Metric Value for Aggregate Routes . . . . . . . . . . . . . . . . . . . . . . 98
Configuring a Preference Value for Aggregate Routes . . . . . . . . . . . . . . . . . . 98
Configuring the Next Hop for Aggregate Routes . . . . . . . . . . . . . . . . . . . . . . . 98
Associating BGP Communities with Aggregate Routes . . . . . . . . . . . . . . . . . 99
Associating AS Paths with Aggregate Routes . . . . . . . . . . . . . . . . . . . . . . . . 100
Including AS Numbers in Aggregate Route Paths . . . . . . . . . . . . . . . . . . . . . . 101
Configuring an OSPF Tag String for Aggregate Routes . . . . . . . . . . . . . . . . . . 101
Controlling Retention of Inactive Aggregate Routes in the Routing and
Forwarding Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Applying Policies to Aggregate Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Advertising Aggregate Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Configuring Generated Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Configuring the Destination of Generated Routes . . . . . . . . . . . . . . . . . . . . . . . . 105
Configuring Generated Route Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Configuring a Metric Value for Generated Routes . . . . . . . . . . . . . . . . . . . . . 106
Configuring a Preference Value for Generated Routes . . . . . . . . . . . . . . . . . 106
Configuring the Next Hop for Generated Routes . . . . . . . . . . . . . . . . . . . . . . 106
Associating BGP Communities with Generated Routes . . . . . . . . . . . . . . . . . 107
Associating AS Paths with Generated Routes . . . . . . . . . . . . . . . . . . . . . . . . 108
Configuring an OSPF Tag String for Generated Routes . . . . . . . . . . . . . . . . . 109
Including AS Numbers in Generated Route Paths . . . . . . . . . . . . . . . . . . . . . 109
Controlling Retention of Inactive Generated Routes in the Routing and
Forwarding Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Applying Policies to Generated Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Configuring Martian Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Adding Martian Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Deleting Martian Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Using Class E Addresses for Interface Addresses . . . . . . . . . . . . . . . . . . . . . . 113
Configuring Flow Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Configuring Match Conditions for Flow Routes . . . . . . . . . . . . . . . . . . . . . . . . 114
Configuring the Action for Flow Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Validating Flow Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Enabling Support for BGP Flow-Specification Algorithm Version 7 and
Later . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Applying Filters to the Forwarding Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Copyright © 2011, Juniper Networks, Inc. vii

Junos OS 11.4 Routing Protocols Configuration Guide

Chapter 5 Configuring Other Protocol-Independent Routing Properties . . . . . . . . . . . 119

Configuring AS Numbers for BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Examples: Configuring AS Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Configuring Router Identifiers for BGP and OSPF . . . . . . . . . . . . . . . . . . . . . . . . . 122
Configuring AS Confederation Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Configuring Route Recording for Flow Aggregation . . . . . . . . . . . . . . . . . . . . . . . . 123
Creating Routing Table Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Examples: Creating Routing Table Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Configuring How Interface Routes Are Imported into Routing Tables . . . . . . . . . 125
Configuring Multicast Scoping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Example: Configuring Multicast Scoping . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Enabling Multicast Forwarding Without PIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Configuring Additional Source-Specific Multicast Groups . . . . . . . . . . . . . . . . . . 127
Configuring Multicast Forwarding Cache Limits . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Configuring Per-Packet Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Examples: Configuring Per-Packet Load Balancing . . . . . . . . . . . . . . . . . . . . 130
Configuring Unicast Reverse-Path-Forwarding Check . . . . . . . . . . . . . . . . . . . . . . 131
Example: Configuring Unicast RPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Configuring Graceful Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Configuring Route Distinguishers for VRF and Layer 2 VPN Instances . . . . . . . . . 133
Configuring Dynamic GRE Tunnels for VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Configuring System Logging for the Routing Protocol Process . . . . . . . . . . . . . . . 135
Examples: Configuring System Logging for the Routing Protocol Process . . 135
Configuring Route Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Enabling Indirect Next Hops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Enabling Nonstop Active Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Tracing Global Routing Protocol Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Examples: Tracing Global Routing Protocol Operations . . . . . . . . . . . . . . . . 139
Disabling Distributed Periodic Packet Management on the Packet Forwarding
Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Enabling Source Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Creating Policies to Control Label Allocation and Substitution for MPLS Ingress
and AS Border Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Chapter 6 Summary of Protocol-Independent Routing Properties Configuration
Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
access-internal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
active . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
aggregate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
as-path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
auto-export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
autonomous-system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
bfd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
bfd-liveness-detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
color . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
confederation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

viii Copyright © 2011, Juniper Networks, Inc.

Table of Contents

destination-networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
discard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
dynamic-tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
export-rib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
fate-sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
forwarding-cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
forwarding-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
full . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
generate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
graceful-restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
import-policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
import-rib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
independent-domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
indirect-next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
input . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
instance-export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
instance-import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
interface (Multicast via Static Routes) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
interface (Multicast Scoping) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
interface-routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
lsp-next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
martians . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
maximum-paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
maximum-prefixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
med-igp-update-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
metric (Aggregate, Generated, or Static Route) . . . . . . . . . . . . . . . . . . . . . . . 192
metric (Qualified Next Hop on Static Route) . . . . . . . . . . . . . . . . . . . . . . . . . 193
multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
next-hop (Access) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
next-hop (Access Internal) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
no-install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
no-readvertise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
no-retain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
nonstop-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
p2mp-lsp-next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
passive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
ppm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Copyright © 2011, Juniper Networks, Inc. ix

Junos OS 11.4 Routing Protocols Configuration Guide

preference (Access) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

prefix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
qualified-next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
qualified-next-hop (Access) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
qualified-next-hop (Access-Internal) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
readvertise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
resolution-ribs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
resolve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
restart-duration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
retain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
rib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
rib (General) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
rib (Route Resolution) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
rib-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
rib-groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
route (Access) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
route (Access-Internal) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
route-distinguisher-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
route-record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
router-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
routing-options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
source-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
source-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
ssm-groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
tag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
tag (Access) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
traceoptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
tunnel-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
unicast-reverse-path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

Part 3 Routing Instances

Chapter 7 Introduction to Routing Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Routing Instances Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Chapter 8 Routing Instances Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . 239
Complete Routing Instances Configuration Statements . . . . . . . . . . . . . . . . . . . 240
Routing Instances Minimum Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Minimum Routing-Instance Configuration for BGP . . . . . . . . . . . . . . . . . . . . 244
Minimum Routing-Instance Configuration for IS-IS . . . . . . . . . . . . . . . . . . . 245
Minimum Routing-Instance Configuration for Layer 2 VPNs . . . . . . . . . . . . 245
Minimum Routing-Instance Configuration for LDP . . . . . . . . . . . . . . . . . . . . 246
Minimum Routing-Instance Configuration for MSDP . . . . . . . . . . . . . . . . . . 246
Minimum Routing-Instance Configuration for Multiprotocol BGP-Based
Multicast VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Minimum Routing-Instance Configuration for OSPF . . . . . . . . . . . . . . . . . . . 247

x Copyright © 2011, Juniper Networks, Inc.

Table of Contents

Minimum Routing-Instance Configuration for OSPFv3 . . . . . . . . . . . . . . . . . 248

Minimum Routing-Instance Configuration for PIM . . . . . . . . . . . . . . . . . . . . 248
Minimum Routing-Instance Configuration for RIP . . . . . . . . . . . . . . . . . . . . 249
Minimum Routing-Instance Configuration for VPLS . . . . . . . . . . . . . . . . . . . 249
Configuring Multiple Instances of BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Example: Configuring Multiple Instances of BGP . . . . . . . . . . . . . . . . . . . . . 250
Configuring Multiple Instances of IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Example: Configuring Multiple Routing Instances of IS-IS . . . . . . . . . . . . . . 252
Configuring Multiple Instances of LDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Configuring Multiple Instances of MSDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Example: Configuring Multiple Routing Instances of OSPF . . . . . . . . . . . . . . . . . 256
Configuring Multiple Instances of PIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Configuring Multiple Instances of RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Configuring Routing Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Specifying the Instance Type for Routing Instances . . . . . . . . . . . . . . . . . . . . . . 266
Configuring VRF Routing Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Configuring Non-VPN VRF Routing Instances . . . . . . . . . . . . . . . . . . . . . . . . 268
Configuring VPLS Routing Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Configuring Route Distinguishers for Routing Instances . . . . . . . . . . . . . . . . . . . 269
Configuring Filter-Based Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Configuring Class-of-Service-Based Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . 272
Configuring Secondary VRF Import and Export Policy . . . . . . . . . . . . . . . . . . . . . 273
Configuring Policy-Based Export for Routing Instances . . . . . . . . . . . . . . . . . . . . 274
Example: Configuring Policy-Based Export for an Overlapping VPN . . . . . . 274
Example: Configuring Policy-Based Export for a Nonforwarding Instance . . 276
Example: Exporting Specific Routes from One Routing Table Into Another Routing
Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Configuring VRF Table Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Configuring VRF Targets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Configuring OSPF Domain IDs for VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Examples: Configuring an OSPF Domain ID . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Configuring Route Limits for Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Configuring Independent AS Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Chapter 9 Summary of Routing Instances Configuration Statements . . . . . . . . . . . . 291
access-profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
instance-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
instance-role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
no-vrf-advertise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
ping-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
qualified-bum-pruning-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
route-distinguisher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
routing-instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
routing-options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
vrf-export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
vrf-import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Copyright © 2011, Juniper Networks, Inc. xi

Junos OS 11.4 Routing Protocols Configuration Guide

vlan-model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
vrf-table-label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
vrf-target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

Part 4 Multitopology Routing

Chapter 10 Introduction to Multitopology Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Multitopology Routing Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Routing Table Naming Conventions for Multitopology Routing . . . . . . . . . . 309
Routing Protocol Support for Multitopology Routing . . . . . . . . . . . . . . . . . . . 310
Filter-Based Forwarding Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Multitopology Routing Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Chapter 11 Multitopology Routing Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . 313
Configuring Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Configuring Multitopology Routing in OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Configuring Topologies and SPF Options for MT-OSPF . . . . . . . . . . . . . . . . 314
Configuring a Prefix Export Limit for MT-OSPF . . . . . . . . . . . . . . . . . . . . . . . 316
Configuring a Topology to Appear Overloaded . . . . . . . . . . . . . . . . . . . . . . . 316
Configuring Interface Properties for MT-OSPF . . . . . . . . . . . . . . . . . . . . . . . 316
Disabling MT-OSPF on OSPF Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Disabling MT-OSPF on Virtual Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Advertising MPLS Label-Switched Paths into MT-OSPF . . . . . . . . . . . . . . . 318
Configuring Other MT-OSPF Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Configuring Multitopology Routing in Static Routes . . . . . . . . . . . . . . . . . . . . . . . 320
Configuring Multitopology Routing in BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
BGP Route Resolution in Multitopology Routing . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Configuring Filter-Based Forwarding for Multitopology Routing . . . . . . . . . . . . . . 321
Chapter 12 Summary of Multitopology Routing Configuration Statements . . . . . . . . 325
community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
rib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
topology (Filter-Based Forwarding) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
topology (Multitopology Routing) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
topology (OSPF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
topology (OSPF Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
topology-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

Part 5 Interior Gateway Protocols

Chapter 13 Introduction to IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
IS-IS Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
IS-IS Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
ISO Network Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
IS-IS Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Persistent Route Reachability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
IS-IS Extensions to Support Traffic Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . 339
IS-IS IGP Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

xii Copyright © 2011, Juniper Networks, Inc.

Table of Contents

IS-IS Extensions to Support Route Tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340

IS-IS Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Chapter 14 IS-IS Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Configuring IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Minimum IS-IS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Configuring IS-IS Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Hitless Authentication Key Rollover for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Overview of Hitless Authentication Key Rollover for IS-IS . . . . . . . . . . . . . . 349
Example: Configuring Hitless Authentication Key Rollover for IS-IS . . . . . . 350
Configuring of Interface-Specific IS-IS Properties . . . . . . . . . . . . . . . . . . . . . . . . 355
Configuring BFD for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Overview of Configuring BFD for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Example: Configuring BFD for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Overview of BFD Authentication for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
BFD Authentication Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Security Authentication Keychains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Strict Versus Loose Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Configuring BFD Authentication for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
Configuring BFD Authentication Parameters . . . . . . . . . . . . . . . . . . . . . . . . 366
Viewing Authentication Information for BFD Sessions . . . . . . . . . . . . . . . . . 367
Enabling Packet Checksum on IS-IS Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Configuring the Transmission Frequency for CSNP Packets on IS-IS
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Configuring Synchronization Between LDP and IS-IS . . . . . . . . . . . . . . . . . . . . . 369
Configuring the Transmission Frequency for Link-State PDUs on IS-IS
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Configuring Mesh Groups of IS-IS Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Configuring IS-IS Multicast Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
IS-IS Multicast Topologies Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Example: Configuring IS-IS Multicast Topology . . . . . . . . . . . . . . . . . . . . . . . 372
Configuring IS-IS IPv6 Unicast Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Configuring Point-to-Point Interfaces for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Configuring Levels on IS-IS Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Disabling IS-IS at a Level on IS-IS Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 389
Example: Disabling IS-IS at a Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Advertising Interface Addresses Without Running IS-IS . . . . . . . . . . . . . . . . 389
Configuring Authentication for IS-IS Hello Packets . . . . . . . . . . . . . . . . . . . 390
Configuring the Transmission Frequency for IS-IS Hello Packets . . . . . . . . 390
Configuring the Delay Before IS-IS Neighbors Mark the Routing Device as
Down . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
Configuring the Metric Value for IS-IS Routes . . . . . . . . . . . . . . . . . . . . . . . . 391
Configuring the IS-IS Metric Value Used for Traffic Engineering . . . . . . . . . . 391
Configuring the Designated Router Priority for IS-IS . . . . . . . . . . . . . . . . . . . 391
Advertising Interface Addresses Without Running IS-IS . . . . . . . . . . . . . . . . 392
Configuring the Reference Bandwidth Used in IS-IS Metric Calculations . . . . . . 392
Limiting the Number of Advertised IS-IS Areas . . . . . . . . . . . . . . . . . . . . . . . . . . 393
Enabling Wide IS-IS Metrics for Traffic Engineering . . . . . . . . . . . . . . . . . . . . . . . 393
Configuring Preference Values for IS-IS Routes . . . . . . . . . . . . . . . . . . . . . . . . . . 393

Copyright © 2011, Juniper Networks, Inc. xiii

Junos OS 11.4 Routing Protocols Configuration Guide

Limiting the Number of Prefixes Exported to IS-IS . . . . . . . . . . . . . . . . . . . . . . . . 394

Configuring Link-State PDU Lifetime for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Advertising Label-Switched Paths into IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Configuring IS-IS to Make Routing Devices Appear Overloaded . . . . . . . . . . . . . 395
Configuring SPF Options for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Configuring Graceful Restart for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Configuring IS-IS for Multipoint Network Clouds . . . . . . . . . . . . . . . . . . . . . . . . . 398
Configuring IS-IS Traffic Engineering Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Configuring IS-IS to Use IGP Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Configuring IS-IS to Ignore the Metric of RSVP Label-Switched Paths . . . . 399
Disabling IS-IS Support for Traffic Engineering . . . . . . . . . . . . . . . . . . . . . . 400
Installing IPv4 Routes into the Multicast Routing Table . . . . . . . . . . . . . . . . 400
Configuring IS-IS to Use Protocol Preference to Determine the Traffic
Engineering Database Credibility Value . . . . . . . . . . . . . . . . . . . . . . . . . 400
Enabling Authentication for IS-IS Without Network-Wide Deployment . . . . . . . 401
Configuring Quicker Advertisement of IS-IS Adjacency State Changes . . . . . . . . 401
Enabling Padding of IS-IS Hello Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Configuring CLNS for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
Example: Configuring CLNS for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Disabling IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Disabling IPv4 Routing for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Disabling IPv6 Routing for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Applying Policies to Routes Exported to IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
Examples: Configuring IS-IS Routing Policy . . . . . . . . . . . . . . . . . . . . . . . . . 406
Installing a Default Route to the Nearest Routing Device That Operates at Both
IS-IS Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Configuring Loop-Free Alternate Routes for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . 409
Configuring Link Protection for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
Configuring Node-Link Protection for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
Excluding an IS-IS Interface as a Backup for Protected Interfaces . . . . . . . . 412
Configuring RSVP Label-Switched Paths as Backup Paths for IS-IS . . . . . . 412
Using Operational Mode Commands to Monitor Protected IS-IS Routes . . . 413
Example: Configuring Node-Link Protection for IS-IS Routes . . . . . . . . . . . . 413
Disabling Adjacency Down and Neighbor Down Notification in IS-IS and
OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Tracing IS-IS Protocol Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Examples: Tracing IS-IS Protocol Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Example: Configuring IS-IS on Logical Systems Within the Same Router . . . . . . 419
Example: Configuring an IS-IS Default Route Policy on Logical Systems . . . . . . 428
Chapter 15 Summary of IS-IS Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . 433
authentication-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
authentication-key-chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
authentication-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
bfd-liveness-detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
checksum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
clns-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439

xiv Copyright © 2011, Juniper Networks, Inc.

Table of Contents

csnp-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
disable (IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
disable (LDP Synchronization) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
external-preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
family . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
graceful-restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
hello-authentication-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
hello-authentication-key-chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
hello-authentication-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
hello-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
hello-padding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
hold-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
hold-time (IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
hold-time (LDP Synchronization) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
ignore-attached-bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
ignore-lsp-metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
ipv4-multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
ipv4-multicast-metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
ipv6-multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
ipv6-multicast-metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
ipv6-unicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
ipv6-unicast-metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
isis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
label-switched-path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
-synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
level (Global IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
level (IS-IS Interfaces) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
link-protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
loose-authentication-check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
lsp-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
lsp-lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
max-areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
mesh-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
multicast-rpf-routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
no-adjacency-down-notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
no-adjacency-holddown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
no-authentication-check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
no-csnp-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
no-eligible-backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
no-hello-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
no-ipv4-multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
no-ipv4-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
no-ipv6-multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
no-ipv6-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

Copyright © 2011, Juniper Networks, Inc. xv

Junos OS 11.4 Routing Protocols Configuration Guide

no-ipv6-unicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
no-psnp-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
no-unicast-topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
node-link-protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
overload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
passive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
point-to-point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
prefix-export-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481
priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
reference-bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
rib-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484
shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485
spf-options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
te-metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
traceoptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
traffic-engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
wide-metrics-only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492
Chapter 16 Introduction to OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
OSPF Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
OSPF Default Route Preference Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
OSPF Routing Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
OSPF Three-Way Handshake . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
OSPF Version 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497
OSPF Areas and Router Functionality Overview . . . . . . . . . . . . . . . . . . . . . . . . . 498
Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
Area Border Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
Backbone Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
AS Boundary Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
Backbone Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
Internal Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
Stub Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
Not-So-Stubby Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
Transit Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
Packets Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
OSPF Packet Header . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
Hello Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
Database Description Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
Link-State Request Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
Link-State Update Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502
Link-State Acknowledgment Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502
Link-State Advertisement Packet Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502
OSPF External Metrics Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
OSPF Routing Policy Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
Default OSPF Routing Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
Supported OSPF and OSPFv3 Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504

xvi Copyright © 2011, Juniper Networks, Inc.

Table of Contents

Chapter 17 OSPF Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507

OSPF Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
Examples: Configuring OSPF Designated Routers . . . . . . . . . . . . . . . . . . . . . . . . 509
OSPF Designated Router Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
Example: Configuring an OSPF Router Identifier . . . . . . . . . . . . . . . . . . . . . . 510
Example: Controlling OSPF Designated Router Election . . . . . . . . . . . . . . . . 511
Examples: Configuring OSPF Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Understanding OSPF Areas and Backbone Areas . . . . . . . . . . . . . . . . . . . . . 513
Example: Configuring a Single-Area OSPF Network . . . . . . . . . . . . . . . . . . . 514
Example: Configuring a Multiarea OSPF Network . . . . . . . . . . . . . . . . . . . . . 516
Example: Configuring OSPF Virtual Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519
Examples: Configuring OSPF Stub and Not-So-Stubby Areas . . . . . . . . . . . . . . 522
Understanding OSPF Stub Areas, Totally Stubby Areas, and Not-So-Stubby
Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
Example: Configuring OSPF Stub and Totally Stubby Areas . . . . . . . . . . . . 524
Example: Configuring OSPF Not-So-Stubby Areas . . . . . . . . . . . . . . . . . . . 528
Example: Configuring OSPF Multiarea Adjacency . . . . . . . . . . . . . . . . . . . . . . . . 533
Multiarea Adjacency for OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533
Example: Configuring Multiarea Adjacency for OSPF . . . . . . . . . . . . . . . . . . 534
Example: Disabling OSPFv2 Compatibility with RFC 1583 . . . . . . . . . . . . . . . . . . 538
OSPFv2 Compatibility with RFC 1583 Overview . . . . . . . . . . . . . . . . . . . . . . 538
Example: Disabling OSPFv2 Compatibility with RFC 1583 . . . . . . . . . . . . . . 538
Examples: Configuring OSPF Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 539
About OSPF Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 540
Example: Configuring an Interface on a Broadcast or Point-to-Point
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
Example: Configuring an OSPFv2 Interface on a Nonbroadcast Multiaccess
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543
Example: Configuring an OSPFv2 Interface on a Point-to-Multipoint
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546
Example: Configuring OSPF Demand Circuits . . . . . . . . . . . . . . . . . . . . . . . . 547
Example: Configuring a Passive OSPF Interface . . . . . . . . . . . . . . . . . . . . . . 550
Example: Configuring OSPFv2 Peer interfaces . . . . . . . . . . . . . . . . . . . . . . . 552
Example: Configuring Multiple Address Families for OSPFv3 . . . . . . . . . . . . . . . 554
Understanding Multiple Address Families for OSPFv3 . . . . . . . . . . . . . . . . . 554
Example: Configuring Multiple Address Families for OSPFv3 . . . . . . . . . . . . 554
Examples: Configuring OSPF Route Summarization . . . . . . . . . . . . . . . . . . . . . . 558
Understanding OSPF Route Summarization . . . . . . . . . . . . . . . . . . . . . . . . . 558
Example: Summarizing Ranges of Routes in OSPF Link-State
Advertisements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558
Example: Limiting the Number of Prefixes Exported to OSPF . . . . . . . . . . . 563
Configuring OSPF Refresh and Flooding Reduction in Stable Topologies . . 565
Examples: Configuring OSPF Traffic Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566
Understanding OSPF Traffic Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566
Controlling the Cost of Individual OSPF Network Segments . . . . . . . . . 567
Dynamically Adjusting OSPF Interface Metrics Based on Bandwidth . . 567

Copyright © 2011, Juniper Networks, Inc. xvii

Junos OS 11.4 Routing Protocols Configuration Guide

Controlling OSPF Route Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . 568

Example: Controlling the Cost of Individual OSPF Network Segments . . . . 568
Example: Dynamically Adjusting OSPF Interface Metrics Based on
Bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 572
Example: Controlling OSPF Route Preferences . . . . . . . . . . . . . . . . . . . . . . . 574
Example: Configuring OSPF Overload Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
OSPF Overload Function Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
Example: Configuring OSPF to Make Routing Devices Appear
Overloaded . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577
Example: Configuring the OSPF Routing Algorithm . . . . . . . . . . . . . . . . . . . . . . . 580
Understanding the SPF Algorithm Options for OSPF . . . . . . . . . . . . . . . . . . 580
Example: Configuring SPF Algorithm Options for OSPF . . . . . . . . . . . . . . . 580
Example: Configuring Synchronization Between LDP and IGPs . . . . . . . . . . . . . 583
Synchronization Between LDP and IGPs Overview . . . . . . . . . . . . . . . . . . . . 583
Example: Configuring Synchronization Between LDP and IGPs . . . . . . . . . . 583
Examples: Configuring OSPF Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
Understanding OSPFv2 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
Understanding OSPFv3 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587
Example: Configuring Simple Authentication for OSPFv2 Exchanges . . . . . 588
Example: Configuring MD5 Authentication for OSPFv2 Exchanges . . . . . . . 590
Example: Configuring a Transition of MD5 Keys on an OSPFv2 Interface . . 592
Example: Configuring IPsec Authentication for an OSPF Interface . . . . . . . 595
Example: Configuring OSPF Routing Instances . . . . . . . . . . . . . . . . . . . . . . . . . . 601
Introduction to Routing Instances for OSPF . . . . . . . . . . . . . . . . . . . . . . . . . 601
Minimum Routing-Instance Configuration for OSPFv2 . . . . . . . . . . . . . 601
Minimum Routing-Instance Configuration for OSPFv3 . . . . . . . . . . . . . 602
Multiple Routing Instances of OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
Configuring OSPF Routing Table Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
Example: Configuring Multiple Routing Instances of OSPF . . . . . . . . . . . . . 603
Example: Configuring OSPF Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609
OSPF Timers Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609
Example: Configuring OSPF Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610
Example: Configuring BFD for OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615
BFD for OSPF Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615
Example: Configuring BFD for OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 618
Example: Configuring BFD Authentication for OSPF . . . . . . . . . . . . . . . . . . . . . . . 621
BFD Authentication for OSPF Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621
BFD Authentication Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 622
Security Authentication Keychains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623
Strict Versus Loose Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623
Configuring BFD Authentication for OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . 623
Configuring BFD Authentication Parameters . . . . . . . . . . . . . . . . . . . . . 623
Viewing Authentication Information for BFD Sessions . . . . . . . . . . . . . 625

xviii Copyright © 2011, Juniper Networks, Inc.

Table of Contents

Examples: Configuring Graceful Restart for OSPF . . . . . . . . . . . . . . . . . . . . . . . . 626

Graceful Restart for OSPF Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 626
Helper Mode for Graceful Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 627
Planned and Unplanned Graceful Restart . . . . . . . . . . . . . . . . . . . . . . . 628
Example: Configuring Graceful Restart for OSPF . . . . . . . . . . . . . . . . . . . . . 628
Example: Configuring the Helper Capability Mode for OSPFv2 Graceful
Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 632
Example: Configuring the Helper Capability Mode for OSPFv3 Graceful
Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635
Example: Disabling Strict LSA Checking for OSPF Graceful Restart . . . . . . 639
Examples: Configuring Loop-Free Alternate Routes for OSPF . . . . . . . . . . . . . . . 641
Loop-Free Alternate Routes for OSPF Overview . . . . . . . . . . . . . . . . . . . . . . 642
Configuring Link Protection for OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643
Configuring Node-Link Protection for OSPF . . . . . . . . . . . . . . . . . . . . . . . . . 644
Excluding an OSPF Interface as a Backup for a Protected Interface . . . . . . 645
Configuring Backup SPF Options for Protected OSPF Interfaces . . . . . . . . 645
Configuring RSVP Label-Switched Paths as Backup Paths for OSPF . . . . . 647
Examples: Configuring OSPF Traffic Engineering . . . . . . . . . . . . . . . . . . . . . . . . . 648
OSPF Support for Traffic Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648
Example: Enabling OSPF Traffic Engineering Support . . . . . . . . . . . . . . . . . 650
Example: Configuring the Traffic Engineering Metric for a Specific OSPF
Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 654
Example: Configuring OSPF Passive Traffic Engineering Mode . . . . . . . . . . . . . . 656
OSPF Passive Traffic Engineering Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 656
Example: Configuring OSPF Passive Traffic Engineering Mode . . . . . . . . . . 656
Example: Advertising Label-Switched Paths into OSPFv2 . . . . . . . . . . . . . . . . . 659
Advertising Label-Switched Paths into OSPFv2 . . . . . . . . . . . . . . . . . . . . . . 659
Example: Advertising Label-Switched Paths into OSPFv2 . . . . . . . . . . . . . . 659
Example: Configuring OSPFv2 Sham Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 670
OSPFv2 Sham Links Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 670
Example: Configuring OSPFv2 Sham Links . . . . . . . . . . . . . . . . . . . . . . . . . . 671
Example: Configuring OSPF Database Protection . . . . . . . . . . . . . . . . . . . . . . . . 677
OSPF Database Protection Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677
Configuring OSPF Database Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 678
Examples: Configuring OSPF Routing Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679
Understanding OSPF Routing Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679
Routing Policy Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 680
Routing Policy Match Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 680
Routing Policy Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 681
Example: Injecting OSPF Routes into the BGP Routing Table . . . . . . . . . . . . 681
Example: Redistributing Static Routes into OSPF . . . . . . . . . . . . . . . . . . . . 684
Example: Configuring an OSPF Import Policy . . . . . . . . . . . . . . . . . . . . . . . . 687
Example: Configuring a Route Filter Policy to Specify Priority for Prefixes
Learned Through OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 691
Examples: Configuring Routing Policy for Network Summaries . . . . . . . . . . . . . 695
Import and Export Policies for Network Summaries Overview . . . . . . . . . . 695
Example: Configuring an OSPF Export Policy for Network Summaries . . . . 695
Example: Configuring an OSPF Import Policy for Network Summaries . . . . 704

Copyright © 2011, Juniper Networks, Inc. xix

Junos OS 11.4 Routing Protocols Configuration Guide

Examples: Configuring OSPF and Logical Systems . . . . . . . . . . . . . . . . . . . . . . . . 712

OSPF Support for Logical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 712
Introduction to Logical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 712
OSPF and Logical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 712
Example: Configuring OSPF on Logical Systems Within the Same
Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 713
Example: Configuring a Conditional OSPF Default Route Policy on Logical
Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 719
Example: Configuring an OSPF Default Route Policy on Logical Systems . . 725
Example: Configuring an OSPF Import Policy on Logical Systems . . . . . . . . 730
Example: Configuring OSPF Trace Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 737
Tracing OSPF Protocol Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 738
Example: Tracing OSPF Protocol Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . 739
Verifying an OSPF Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 744
Verifying OSPF-Enabled Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 744
Verifying OSPF Neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 745
Verifying the Number of OSPF Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 746
Verifying Reachability of All Hosts in an OSPF Network . . . . . . . . . . . . . . . . 747
Chapter 18 Summary of OSPF Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . 749
area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 750
area-range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 751
authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 752
backup-spf-options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 753
bandwidth-based-metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 754
bfd-liveness-detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 756
database-protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 760
dead-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762
default-lsa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 763
default-metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764
demand-circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765
disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 766
disable (LDP Synchronization) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 766
disable (OSPF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767
domain-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 768
domain-vpn-tag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 768
export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 769
external-preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 770
flood-reduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771
graceful-restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 772
hello-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 774
hold-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 775
ignore-lsp-metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 775
import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 776
inter-area-prefix-export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 777
inter-area-prefix-import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 778
interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 779
interface-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 781
ipsec-sa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 783

xx Copyright © 2011, Juniper Networks, Inc.

Table of Contents

label-switched-path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 784
ldp-synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 785
link-protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 786
lsp-metric-into-summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 787
md5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 788
metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 789
metric-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 791
neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 792
network-summary-export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793
network-summary-import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 794
no-domain-vpn-tag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 794
no-eligible-backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 795
no-interface-state-traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 796
no-neighbor-down-notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 796
no-nssa-abr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 797
no-rfc-1583 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 798
no-summaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 798
node-link-protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 799
nssa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 800
ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 801
ospf3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802
overload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 803
passive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 805
peer-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 806
poll-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 807
preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 808
prefix-export-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 809
priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 810
realm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811
reference-bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 812
retransmit-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 813
rib-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 814
route-type-community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 815
secondary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 815
sham-link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 816
sham-link-remote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 816
shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 817
simple-password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 818
spf-options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 819
stub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 821
summaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 822
te-metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 823
traceoptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 824
traffic-engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 827
traffic-engineering (OSPF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 828
traffic-engineering (Passive TE Mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 830
transit-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 831
transmit-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 832
type-7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 833

Copyright © 2011, Juniper Networks, Inc. xxi

Junos OS 11.4 Routing Protocols Configuration Guide

virtual-link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 834
Chapter 19 Introduction to RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 835
RIP Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 835
RIP Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 835
RIP Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 836
RIP Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 836
Chapter 20 RIP Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 839
Configuring RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 839
Minimum RIP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 841
Overview of RIP Global Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 842
Overview of RIP Neighbor Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 842
Configuring Authentication for RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 843
Configuring BFD for RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 844
Overview of BFD Authentication for RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 846
BFD Authentication Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847
Security Authentication Keychains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 848
Strict Versus Loose Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 848
Configuring BFD Authentication for RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 848
Configuring BFD Authentication Parameters . . . . . . . . . . . . . . . . . . . . . . . . 849
Viewing Authentication Information for BFD Sessions . . . . . . . . . . . . . . . . . 850
Accepting RIP Packets with Nonzero Values in Reserved Fields . . . . . . . . . . . . . . 851
Applying Policies to RIP Routes Imported from Neighbors . . . . . . . . . . . . . . . . . 852
Configuring the Number of Route Entries in RIP Update Messages . . . . . . . . . . 852
Configuring the Metric Value Added to Imported RIP Routes . . . . . . . . . . . . . . . 852
Configuring RIP Update Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 853
Configuring Routing Table Groups for RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 853
Configuring RIP Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 853
Configuring Group-Specific RIP Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 854
Applying Policies to Routes Exported by RIP . . . . . . . . . . . . . . . . . . . . . . . . . 855
Configuring the Default Preference Value for RIP . . . . . . . . . . . . . . . . . . . . . 855
Configuring the Metric for Routes Exported by RIP . . . . . . . . . . . . . . . . . . . . 856
Configuring Graceful Restart for RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 856
Disabling Strict Address Checking for RIP Messages . . . . . . . . . . . . . . . . . . . . . . 857
RIP Demand Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 857
RIP Demand Circuits Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 857
RIP Demand Circuit Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 858
Timers Used by RIP Demand Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . 859
Example: Configuring RIP Demand Circuits . . . . . . . . . . . . . . . . . . . . . . . . . 860
Tracing RIP Protocol Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 863
Example: Tracing RIP Protocol Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 864
Example: Configuring RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 864
Chapter 21 Summary of RIP Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . . 867
any-sender . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 867
authentication-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 868
authentication-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 869
bfd-liveness-detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 870
check-zero . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 872

xxii Copyright © 2011, Juniper Networks, Inc.

Table of Contents

demand-circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 873
export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 874
graceful-restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 875
group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 876
holddown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 878
import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 879
max-retrans-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 880
message-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 881
metric-in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 882
metric-out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 883
neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 884
no-check-zero . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 885
preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 885
receive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 886
rib-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 887
rip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 887
route-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 888
send . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 889
traceoptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 890
update-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 892
Chapter 22 Introduction to RIPng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 893
RIPng Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 893
RIPng Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 893
RIPng Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 894
RIPng Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 894
Chapter 23 RIPng Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 895
Configuring RIPng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 895
Minimum RIPng Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 896
Overview of RIPng Global Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 897
Overview of RIPng Neighbor Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 897
Applying Policies to RIPng Routes Imported from Neighbors . . . . . . . . . . . . . . . 897
Configuring the Metric Value Added to Imported RIPng Routes . . . . . . . . . . . . . 898
Configuring RIPng Update Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 898
Configuring RIPng Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 898
Configuring Group-Specific RIPng Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . 899
Applying Policies to Routes Exported by RIPng . . . . . . . . . . . . . . . . . . . . . . 900
Configuring the Default Preference Value for RIPng . . . . . . . . . . . . . . . . . . . 900
Configuring the Metric for Routes Exported by RIPng . . . . . . . . . . . . . . . . . 900
Configuring Graceful Restart for RIPng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 901
Tracing RIPng Protocol Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 901
Example: Configuring RIPng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 902
Chapter 24 Summary of RIPng Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . 905
export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 905
graceful-restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 906
group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 907
holddown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 908
import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 909

Copyright © 2011, Juniper Networks, Inc. xxiii

Junos OS 11.4 Routing Protocols Configuration Guide

metric-in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 910
metric-out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 911
neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 912
preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 913
receive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 914
ripng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 915
route-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 915
send . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 916
traceoptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917
update-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 919
Chapter 25 Introduction to ICMP Router Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 921
ICMP Router Discovery Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 921
Operation of a Router Discovery Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 921
Router Advertisement Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 922
ICMP Router Discovery Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 922
Chapter 26 ICMP Router Discovery Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . 923
Configuring ICMP Router Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 923
Minimum ICMP Router Discovery Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 924
Configuring the Addresses Included in ICMP Router Advertisements . . . . . . . . . 924
Configuring the Frequency of ICMP Router Advertisements . . . . . . . . . . . . . . . . 925
Modifying the Lifetime in ICMP Router Advertisements . . . . . . . . . . . . . . . . . . . . 925
Tracing ICMP Protocol Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 925
Example: Tracing ICMP Protocol Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . 926
Chapter 27 Summary of ICMP Router Discovery Configuration Statements . . . . . . . . 927
address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 927
advertise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 928
broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 928
disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 929
ignore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 929
ineligible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 929
interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 930
lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 931
max-advertisement-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 932
min-advertisement-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 933
multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 934
priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 935
router-discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 935
traceoptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 936
Chapter 28 Introduction to Neighbor Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 939
Neighbor Discovery Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 939
Router Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 940
Address Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 940
Redirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 940
Neighbor Discovery Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 940

xxiv Copyright © 2011, Juniper Networks, Inc.

Table of Contents

Chapter 29 Neighbor Discovery Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . 941

Configuring Neighbor Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 941
Minimum Neighbor Discovery Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 942
Configuring an Interface to Send Neighbor Discovery Advertisements . . . . . . . . 942
Configuring the Hop Count in Outgoing Neighbor Discovery Packets . . . . . . . . . 943
Configuring the Lifetime for the Default Neighbor Discovery Router . . . . . . . . . . 943
Configuring the MTU Option for Neighbor Discovery Advertisements . . . . . . . . 943
Enabling Stateful Autoconfiguration with Neighbor Discovery . . . . . . . . . . . . . . 944
Configuring the Frequency of Neighbor Discovery Advertisements . . . . . . . . . . 945
Configuring the Delay Before Neighbor-Discovery Neighbors Mark the Router as
Down . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 945
Configuring the Frequency of Neighbor Solicitation Messages . . . . . . . . . . . . . . 945
Configuring the Prefix Information Included in Neighbor Discovery
Advertisements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 946
Setting the Prefix for Onlink Determination . . . . . . . . . . . . . . . . . . . . . . . . . 946
Setting the Prefix for Stateless Address Autoconfiguration . . . . . . . . . . . . . 946
Configuring the Preferred Lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 947
Configuring the Valid Lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 947
Tracing Neighbor Discovery Protocol Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 947
Chapter 30 Summary of Neighbor Discovery Router Advertisement Configuration
Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 949
autonomous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 949
current-hop-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 950
default-lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 950
interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 951
link-mtu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 952
managed-configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 952
max-advertisement-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 953
min-advertisement-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 953
no-autonomous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 954
no-managed-configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 954
no-on-link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 954
no-other-stateful-configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 954
on-link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 954
other-stateful-configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 955
preferred-lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 955
prefix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 956
reachable-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 956
retransmit-timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 957
router-advertisement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 957
traceoptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 958
valid-lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 959

Copyright © 2011, Juniper Networks, Inc. xxv

Junos OS 11.4 Routing Protocols Configuration Guide

Chapter 31 Secure Neighbor Discovery Configuration Guidelines . . . . . . . . . . . . . . . . . 961

Secure Neighbor Discovery Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . 961
Configuring Secure Neighbor Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 961
Enabling Secure Neighbor Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 962
Configuring Cryptographically Generated Addresses for Secure Neighbor
Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 962
Specifying the Pathname for the Key File . . . . . . . . . . . . . . . . . . . . . . . . . . . 963
Specifying the RSA Key Length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 963
Configuring Timestamps for Secure Neighbor Discovery . . . . . . . . . . . . . . . . . . . 963
Tracing Secure Neighbor Discovery Protocol Traffic . . . . . . . . . . . . . . . . . . . . . . 964
Chapter 32 Summary of Secure Neighbor Discovery Configuration Statements . . . . 965
cryptographic-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 965
key-length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 966
key-pair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 966
neighbor-discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 967
secure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 968
security-level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 969
timestamp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 970
traceoptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 971

Part 6 BGP
Chapter 33 Introduction to BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 975
Understanding BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 976
Autonomous Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 976
AS Paths and Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 976
External and Internal BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 977
BGP Routes Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 977
BGP Messages Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 978
Open Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 979
Update Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 979
Keepalive Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 980
Notification Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 980
Chapter 34 BGP Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 981
Examples: Configuring External BGP Peering . . . . . . . . . . . . . . . . . . . . . . . . . . . . 982
Understanding External BGP Peering Sessions . . . . . . . . . . . . . . . . . . . . . . 982
Example: Configuring External BGP Point-to-Point Peer Sessions . . . . . . . 983
Example: Configuring External BGP on Logical Systems with IPv6
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 990
Examples: Configuring Internal BGP Peering . . . . . . . . . . . . . . . . . . . . . . . . . . . . 999
Understanding BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1000
Autonomous Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1000
AS Paths and Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1000
External and Internal BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1001
Example: Configuring Internal BGP Peer Sessions . . . . . . . . . . . . . . . . . . . . 1001
Example: Configuring Internal BGP Peering Sessions on Logical Systems . . 1012

xxvi Copyright © 2011, Juniper Networks, Inc.

Table of Contents

Example: Preventing BGP Session Resets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1022

Understanding BGP Session Resets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1022
Example: Preventing BGP Session Flaps When VPN Families Are
Configured . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1023
Example: Configuring BGP Interactions with IGPs . . . . . . . . . . . . . . . . . . . . . . . 1029
Understanding Routing Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1029
Example: Injecting OSPF Routes into the BGP Routing Table . . . . . . . . . . . 1029
Example: Configuring BGP Route Reflectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1033
Understanding BGP Route Reflectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1033
Example: Configuring a Route Reflector . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1035
Example: Configuring BGP Confederations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1049
Understanding BGP Confederations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1049
Example: Configuring BGP Confederations . . . . . . . . . . . . . . . . . . . . . . . . . 1051
Example: Configuring BGP Route Authentication . . . . . . . . . . . . . . . . . . . . . . . . 1056
Understanding Route Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1057
Example: Configuring Route Authentication for BGP . . . . . . . . . . . . . . . . . 1058
Example: Configuring IPsec Protection for BGP . . . . . . . . . . . . . . . . . . . . . . . . . 1063
Understanding IPsec for BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1063
Example: Using IPsec to Protect BGP Traffic . . . . . . . . . . . . . . . . . . . . . . . . 1064
Examples: Configuring BGP MED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1067
Understanding the MED Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1067
Example: Configuring the MED Attribute Directly . . . . . . . . . . . . . . . . . . . . 1069
Example: Configuring the MED Using Route Filters . . . . . . . . . . . . . . . . . . . 1082
Example: Configuring the MED Using Communities . . . . . . . . . . . . . . . . . . 1095
Example: Associating the MED Path Attribute with the IGP Metric and
Delaying MED Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1095
Example: Configuring EBGP Multihop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1105
Understanding BGP Multihop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1105
Example: Configuring EBGP Multihop Sessions . . . . . . . . . . . . . . . . . . . . . . 1105
Examples: Configuring BGP Multipath . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1114
Understanding BGP Multipath . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1115
Example: Load-Balancing BGP Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1115
Example: Configuring Single-Hop EBGP Peers to Accept Remote Next
Hops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1119
Example: Configuring BGP Local Preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1130
Understanding the BGP Local Preference . . . . . . . . . . . . . . . . . . . . . . . . . . . 1130
Example: Configuring the Local Preference Value for BGP Routes . . . . . . . . 1131
Example: Configuring BGP Route Preference (Administrative Distance) . . . . . . 1143
Understanding Route Preference Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1143
Example: Configuring the Preference Value for BGP Routes . . . . . . . . . . . . 1145
Example: Configuring BGP Path Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1150
Understanding BGP Path Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1150
Example: Ignoring the AS Path Attribute When Selecting the Best Path . . . 1153
Examples: Configuring BGP Local AS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1160
Understanding the BGP Local AS Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . 1161
Example: Configuring a Local AS for EBGP Sessions . . . . . . . . . . . . . . . . . . 1164
Example: Configuring a Private Local AS for EBGP Sessions . . . . . . . . . . . . 1174

Copyright © 2011, Juniper Networks, Inc. xxvii

Junos OS 11.4 Routing Protocols Configuration Guide

Example: Removing Private AS Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1180

Understanding Private AS Number Removal from AS Paths . . . . . . . . . . . . 1180
Example: Removing Private AS Numbers from AS Paths . . . . . . . . . . . . . . . 1181
Example: Configuring BGP Flap Damping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1186
Understanding Damping Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1186
Example: Configuring Damping Parameters . . . . . . . . . . . . . . . . . . . . . . . . . 1187
Examples: Configuring Multiprotocol BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1190
Understanding Multiprotocol BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1190
Limiting the Number of Prefixes Received on a BGP Peer Session . . . . 1193
Limiting the Number of Prefixes Accepted on a BGP Peer Session . . . 1194
Configuring BGP Routing Table Groups . . . . . . . . . . . . . . . . . . . . . . . . . 1195
Resolving Routes to PE Routing Devices Located in Other ASs . . . . . . 1195
Allowing Labeled and Unlabeled Routes . . . . . . . . . . . . . . . . . . . . . . . . 1195
Example: Configuring IPv6 BGP Routes over IPv4 Transport . . . . . . . . . . . . 1196
Example: Enabling BGP to Carry Flow-Specification Routes . . . . . . . . . . . 1202
Enabling Layer 2 VPN and VPLS Signaling . . . . . . . . . . . . . . . . . . . . . . . . . . 1215
Example: Configuring BGP and CLNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1216
Understanding BGP for CLNS VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1216
Example: Configuring BGP for CLNS VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . 1217
Enabling BGP to Carry CLNS Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1218
Example: Enabling CLNS Between Two Routers . . . . . . . . . . . . . . . . . . 1219
Example: Configuring CLNS Within a VPN . . . . . . . . . . . . . . . . . . . . . . . 1221
Examples: Configuring TCP and BGP Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 1223
Understanding TCP and BGP Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1223
Example: Configuring a Filter to Block TCP Access to a Port Except from
Specified BGP Peers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1224
Example: Configuring a Filter to Limit TCP Access to a Port Based On a
Prefix List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1229
Example: Limiting TCP Segment Size for BGP . . . . . . . . . . . . . . . . . . . . . . . 1232
Example: Configuring BGP Route Advertisement . . . . . . . . . . . . . . . . . . . . . . . . 1236
Understanding Route Advertisement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1236
Applying Routing Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1236
Setting BGP to Advertise Inactive Routes . . . . . . . . . . . . . . . . . . . . . . . 1237
Configuring BGP to Advertise the Best External Route to Internal
Peers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1237
Configuring How Often BGP Exchanges Routes with the Routing
Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1239
Disabling Suppression of Route Advertisements . . . . . . . . . . . . . . . . . 1239
Example: Configuring BGP Prefix-Based Outbound Route Filtering . . . . . . 1240
Example: Configuring BFD for BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1243
Understanding BFD for BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1243
Example: Configuring BFD on Internal BGP Peer Sessions . . . . . . . . . . . . . 1244
Example: Configuring BFD Authentication for BGP . . . . . . . . . . . . . . . . . . . . . . . 1252
Understanding BFD Authentication for BGP . . . . . . . . . . . . . . . . . . . . . . . . 1252
BFD Authentication Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1253
Security Authentication Keychains . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1254

xxviii Copyright © 2011, Juniper Networks, Inc.

Table of Contents

Strict Versus Loose Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1254

Example: Configuring BFD Authentication for BGP . . . . . . . . . . . . . . . . . . . 1254
Configuring BFD Authentication Parameters . . . . . . . . . . . . . . . . . . . . 1254
Viewing Authentication Information for BFD Sessions . . . . . . . . . . . . . 1256
Example: Advertising Multiple BGP Paths to a Destination . . . . . . . . . . . . . . . . . 1257
Understanding the Advertisement of Multiple Paths to a Single Destination
in BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1257
Example: Advertising Multiple Paths in BGP . . . . . . . . . . . . . . . . . . . . . . . . 1258
Example: Configuring BGP Monitoring Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 1282
Understanding the BGP Monitoring Protocol . . . . . . . . . . . . . . . . . . . . . . . . 1282
Example: Configuring the BGP Monitoring Protocol . . . . . . . . . . . . . . . . . . 1282
Example: Configuring BGP Trace Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . 1285
Understanding Trace Operations for BGP Protocol Traffic . . . . . . . . . . . . . 1285
Example: Viewing BGP Trace Files on Logical Systems . . . . . . . . . . . . . . . . 1286
Chapter 35 Summary of BGP Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . 1293
[edit protocols bgp] Hierarchy Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1293
Common BGP Family Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1293
Complete [edit protocols bgp] Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . 1294
accept-remote-nexthop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1299
accepted-prefix-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1300
add-path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1302
advertise-external . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1303
advertise-inactive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1304
advertise-peer-as . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1305
aggregate-label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1306
allow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1307
as-override . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1308
authentication-algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1309
authentication-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1310
authentication-key-chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1311
auto-discovery-only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1312
bfd-liveness-detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1313
bgp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1317
bgp-orf-cisco-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1318
bmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1319
cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1320
confederation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1321
damping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1322
description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1323
disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1324
explicit-null . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1325
export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1326
family . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1327
flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1330
graceful-restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1331
group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1332
hold-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1335
idle-after-switch-over . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1336

Copyright © 2011, Juniper Networks, Inc. xxix

Junos OS 11.4 Routing Protocols Configuration Guide

import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1337
include-mp-next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1338
ipsec-sa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1339
iso-vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1340
keep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1341
labeled-unicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1342
local-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1344
local-as . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1346
local-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1348
local-preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1349
log-updown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1350
logical-systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1351
loops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1352
metric-out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1354
mtu-discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1356
multihop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1358
multipath . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1359
neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1360
no advertise-peer-as . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1363
no-aggregator-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1364
no-client-reflect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1365
no-validate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1366
out-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1367
outbound-route-filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1368
passive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1369
path-count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1370
path-selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1371
peer-as . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1373
precision-timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1375
preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1376
prefix-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1377
prefix-policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1378
receive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1379
remove-private . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1380
resolve-vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1381
rib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1382
rib-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1383
route-target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1384
send . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1385
session-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1386
tcp-mss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1387
traceoptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1388
type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1391
vpn-apply-export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1392

Part 7 Indexes
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1395
Index of Statements and Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1423

xxx Copyright © 2011, Juniper Networks, Inc.

List of Figures
Part 1 Overview
Chapter 1 Routing Protocols Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Figure 1: Synchronizing Routing Exchange Between the Routing
and Forwarding Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Part 2 Protocol-Independent Routing Properties

Chapter 5 Configuring Other Protocol-Independent Routing Properties . . . . . . . . . . . 119
Figure 2: Route to Forwarding Next-Hop Bindings . . . . . . . . . . . . . . . . . . . . . . . . 136
Figure 3: Route to Forwarding Indirect Next-Hop Bindings . . . . . . . . . . . . . . . . . . 137

Part 3 Routing Instances

Chapter 8 Routing Instances Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . 239
Figure 4: Configuration for Multiple Routing Instances . . . . . . . . . . . . . . . . . . . . . 252
Figure 5: Configuration for Multiple Routing Instances . . . . . . . . . . . . . . . . . . . . . 258
Figure 6: Configuration of Policy-Based Export for an Overlapping VPN . . . . . . . 275

Part 5 Interior Gateway Protocols

Chapter 14 IS-IS Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Figure 7: Hitless Authentication Key Rollover for IS-IS . . . . . . . . . . . . . . . . . . . . . . 351
Figure 8: Configuring BFD on IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Figure 9: Configuring IS-IS Multicast Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Figure 10: Install Default Route to Nearest Routing Device That Operates at Both
Level 1 and Level 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Figure 11: Link Protection and Node-Link Protection Comparison for IS-IS
Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Figure 12: IS-IS on Logical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Figure 13: IS-IS with a Default Route to an ISP . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
Chapter 16 Introduction to OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
Figure 14: OSPF Three-Way Handshake . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
Chapter 17 OSPF Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507
Figure 15: Multiarea OSPF Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513
Figure 16: OSPF Topology with a Virtual Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
Figure 17: Typical Single-Area OSPF Network Topology . . . . . . . . . . . . . . . . . . . . 515
Figure 18: Typical Multiarea OSPF Network Topology . . . . . . . . . . . . . . . . . . . . . . 517
Figure 19: OSPF Virtual Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
Figure 20: OSPF AS Network with Stub Areas and NSSAs . . . . . . . . . . . . . . . . . . 523

Copyright © 2011, Juniper Networks, Inc. xxxi

Junos OS 11.4 Routing Protocols Configuration Guide

Figure 21: OSPF Network Topology with Stub Areas and NSSAs . . . . . . . . . . . . . 526
Figure 22: OSPF Network Topology with Stub Areas and NSSAs . . . . . . . . . . . . 530
Figure 23: IPv4 Unicast Realm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556
Figure 24: Summarizing Ranges of Routes in OSPF . . . . . . . . . . . . . . . . . . . . . . . 559
Figure 25: OSPF Metric Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569
Figure 26: Configuration for Multiple Routing Instances . . . . . . . . . . . . . . . . . . . 604
Figure 27: Advertising an LSP into OSPFv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 661
Figure 28: OSPFv2 Sham Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 671
Figure 29: OSPFv2 Sham Link Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673
Figure 30: Sample Topology Used for an OSPF Export Network Summary
Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 697
Figure 31: Sample Topology Used for an OSPF Import Network Summary
Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705
Figure 32: OSPF on Logical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 713
Figure 33: OSPF with a Conditional Default Route to an ISP . . . . . . . . . . . . . . . . 720
Figure 34: OSPF with a Default Route to an ISP . . . . . . . . . . . . . . . . . . . . . . . . . . 726
Figure 35: OSPF Import Policy on Logical Systems . . . . . . . . . . . . . . . . . . . . . . . . 731
Figure 36: Sample OSPF Network Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 746

Part 6 BGP
Chapter 33 Introduction to BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 975
Figure 37: ASs, EBGP, and IBGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 977
Chapter 34 BGP Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 981
Figure 38: BGP Peering Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 982
Figure 39: Typical Network with BGP Peer Sessions . . . . . . . . . . . . . . . . . . . . . . 983
Figure 40: Typical Network with BGP Peer Sessions . . . . . . . . . . . . . . . . . . . . . . 991
Figure 41: ASs, EBGP, and IBGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1001
Figure 42: Typical Network with IBGP Sessions . . . . . . . . . . . . . . . . . . . . . . . . . 1003
Figure 43: Typical Network with IBGP Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . 1013
Figure 44: Topology for the EBGP Case . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1025
Figure 45: Topology for the RR Case . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1025
Figure 46: Simple Route Reflector Topology (One Cluster) . . . . . . . . . . . . . . . . 1033
Figure 47: Basic Route Reflection (Multiple Clusters) . . . . . . . . . . . . . . . . . . . . . 1034
Figure 48: Hierarchical Route Reflection (Clusters of Clusters) . . . . . . . . . . . . . 1034
Figure 49: IBGP Network Using a Route Reflector . . . . . . . . . . . . . . . . . . . . . . . 1036
Figure 50: BGP Confederations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1050
Figure 51: Typical Network Using BGP Confederations . . . . . . . . . . . . . . . . . . . . 1052
Figure 52: Authentication for BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1059
Figure 53: IPsec for BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1065
Figure 54: Default MED Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1068
Figure 55: Typical Network with IBGP Sessions and Multiple Exit Points . . . . . . 1071
Figure 56: Typical Network with IBGP Sessions and Multiple Exit Points . . . . . 1083
Figure 57: Topology for Delaying the MED Update . . . . . . . . . . . . . . . . . . . . . . . 1097
Figure 58: Typical Network with EBGP Multihop Sessions . . . . . . . . . . . . . . . . . 1106
Figure 59: BGP Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1116
Figure 60: Topology for Accepting a Remote Next Hop . . . . . . . . . . . . . . . . . . . . 1120
Figure 61: Typical Network with IBGP Sessions and Multiple Exit Points . . . . . . . 1132
Figure 62: BGP Preference Value Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1147

xxxii Copyright © 2011, Juniper Networks, Inc.

List of Figures

Figure 63: Topology for Ignoring the AS-Path Lengh . . . . . . . . . . . . . . . . . . . . . . 1155

Figure 64: Local AS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1162
Figure 65: Topology for Configuring the Local AS . . . . . . . . . . . . . . . . . . . . . . . . 1165
Figure 66: Topology for Configuring a Private Local AS . . . . . . . . . . . . . . . . . . . . 1175
Figure 67: Topology for Removing a Private AS from the Advertised AS Path . . . 1181
Figure 68: Topology for Configuring IPv6 BGP Routes over IPv4 Transport . . . . 1196
Figure 69: Typical Network with BGP Peer Sessions . . . . . . . . . . . . . . . . . . . . . . 1224
Figure 70: TCP Maximum Segment Size for BGP . . . . . . . . . . . . . . . . . . . . . . . . 1233
Figure 71: BGP Prefix-Based Outbound Route Filtering . . . . . . . . . . . . . . . . . . . . 1241
Figure 72: Typical Network with IBGP Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . 1245
Figure 73: Advertisement of Multiple Paths in BGP . . . . . . . . . . . . . . . . . . . . . . . 1259
Figure 74: BMP Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1283

Copyright © 2011, Juniper Networks, Inc. xxxiii

Junos OS 11.4 Routing Protocols Configuration Guide

xxxiv Copyright © 2011, Juniper Networks, Inc.

List of Tables
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvii
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xli
Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xli

Part 1 Overview
Chapter 1 Routing Protocols Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Table 3: Default Route Preference Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Part 2 Protocol-Independent Routing Properties

Chapter 4 Configuring Routing Tables and Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Table 4: Flow Route Match Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Table 5: Flow Route Action Modifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Part 4 Multitopology Routing

Chapter 10 Introduction to Multitopology Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Table 6: Examples of Routing Tables for Custom Topologies . . . . . . . . . . . . . . . 309

Part 5 Interior Gateway Protocols

Chapter 14 IS-IS Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Table 7: Configuring BFD for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
Table 8: IPv4 Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Table 9: IPv6 Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Chapter 16 Introduction to OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
Table 10: Default Route Preference Values for OSPF . . . . . . . . . . . . . . . . . . . . . . 495
Chapter 20 RIP Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 839
Table 11: RIP Demand Circuit Packet Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 858

Part 6 BGP
Chapter 34 BGP Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 981
Table 12: MED Options for Routing Table Path Selection . . . . . . . . . . . . . . . . . . 1069
Table 13: Default Route Preference Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1144
Table 14: Damping Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1187

Copyright © 2011, Juniper Networks, Inc. xxxv

Junos OS 11.4 Routing Protocols Configuration Guide

xxxvi Copyright © 2011, Juniper Networks, Inc.

About This Guide
®
This preface provides the following guidelines for using the Junos OS Routing Protocols
Configuration Guide:

• Junos OS Documentation and Release Notes on page xxxvii

• Objectives on page xxxviii
• Audience on page xxxviii
• Supported Platforms on page xxxviii
• Using the Indexes on page xxxix
• Using the Examples in This Manual on page xxxix
• Documentation Conventions on page xl
• Documentation Feedback on page xlii
• Requesting Technical Support on page xlii

Junos OS Documentation and Release Notes

For a list of related Junos OS documentation, see

http://www.juniper.net/techpubs/software/junos/ .

If the information in the latest release notes differs from the information in the
documentation, follow the Junos OS Release Notes.
®
To obtain the most current version of all Juniper Networks technical documentation,
see the product documentation page on the Juniper Networks website at
http://www.juniper.net/techpubs/ .

Juniper Networks supports a technical book program to publish books by Juniper Networks
engineers and subject matter experts with book publishers around the world. These
books go beyond the technical documentation to explore the nuances of network
architecture, deployment, and administration using the Junos operating system (Junos
OS) and Juniper Networks devices. In addition, the Juniper Networks Technical Library,
published in conjunction with O'Reilly Media, explores improving network security,
reliability, and availability using Junos OS configuration techniques. All the books are for
sale at technical bookstores and book outlets around the world. The current list can be
viewed at http://www.juniper.net/books .

Copyright © 2011, Juniper Networks, Inc. xxxvii

Junos OS 11.4 Routing Protocols Configuration Guide

Objectives

This guide is designed for network administrators who are configuring and monitoring a
Juniper Networks J Series, M Series, MX Series, or T Series routing platform.

NOTE: For additional information about the Junos OS—either corrections to

or information that might have been omitted from this guide—see the software
release notes at http://www.juniper.net/ .

Audience

This guide is designed for network administrators who are configuring and monitoring a
Juniper Networks M Series, MX Series, T Series, EX Series, or J Series router or switch.

To use this guide, you need a broad understanding of networks in general, the Internet
in particular, networking principles, and network configuration. You must also be familiar
with one or more of the following Internet routing protocols:

• Border Gateway Protocol (BGP)

• Distance Vector Multicast Routing Protocol (DVMRP)

• Intermediate System-to-Intermediate System (IS-IS)

• Internet Control Message Protocol (ICMP) router discovery

• Internet Group Management Protocol (IGMP)

• Multiprotocol Label Switching (MPLS)

• Open Shortest Path First (OSPF)

• Protocol-Independent Multicast (PIM)

• Resource Reservation Protocol (RSVP)

• Routing Information Protocol (RIP)

• Simple Network Management Protocol (SNMP)

Personnel operating the equipment must be trained and competent; must not conduct
themselves in a careless, willfully negligent, or hostile manner; and must abide by the
instructions provided by the documentation.

Supported Platforms

For the features described in this manual, the Junos OS currently supports the following
platforms:

• J Series

• M Series

xxxviii Copyright © 2011, Juniper Networks, Inc.

About This Guide

• MX Series

• T Series

• EX Series

Using the Indexes

This reference contains two indexes: a complete index that includes topic entries, and
an index of statements and commands only.

In the index of statements and commands, an entry refers to a statement summary

section only. In the complete index, the entry for a configuration statement or command
contains at least two parts:

• The primary entry refers to the statement summary section.

• The secondary entry, usage guidelines, refers to the section in a configuration guidelines
chapter that describes how to use the statement or command.

Using the Examples in This Manual

If you want to use the examples in this manual, you can use the load merge or the load
merge relative command. These commands cause the software to merge the incoming
configuration into the current candidate configuration. The example does not become
active until you commit the candidate configuration.

If the example configuration contains the top level of the hierarchy (or multiple
hierarchies), the example is a full example. In this case, use the load merge command.

If the example configuration does not start at the top level of the hierarchy, the example
is a snippet. In this case, use the load merge relative command. These procedures are
described in the following sections.

Merging a Full Example

To merge a full example, follow these steps:

1. From the HTML or PDF version of the manual, copy a configuration example into a
text file, save the file with a name, and copy the file to a directory on your routing
platform.

For example, copy the following configuration to a file and name the file ex-script.conf.
Copy the ex-script.conf file to the /var/tmp directory on your routing platform.

system {
scripts {
commit {
file ex-script.xsl;
}
}
}
interfaces {
fxp0 {

Copyright © 2011, Juniper Networks, Inc. xxxix

Junos OS 11.4 Routing Protocols Configuration Guide

disable;
unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
}

2. Merge the contents of the file into your routing platform configuration by issuing the
load merge configuration mode command:

[edit]
user@host# load merge /var/tmp/ex-script.conf
load complete

Merging a Snippet
To merge a snippet, follow these steps:

1. From the HTML or PDF version of the manual, copy a configuration snippet into a text
file, save the file with a name, and copy the file to a directory on your routing platform.

For example, copy the following snippet to a file and name the file
ex-script-snippet.conf. Copy the ex-script-snippet.conf file to the /var/tmp directory
on your routing platform.

commit {
file ex-script-snippet.xsl; }

2. Move to the hierarchy level that is relevant for this snippet by issuing the following
configuration mode command:

[edit]
user@host# edit system scripts
[edit system scripts]

3. Merge the contents of the file into your routing platform configuration by issuing the
load merge relative configuration mode command:

[edit system scripts]

user@host# load merge relative /var/tmp/ex-script-snippet.conf
load complete

For more information about the load command, see the Junos OS CLI User Guide.

Documentation Conventions

Table 1 on page xli defines notice icons used in this guide.

xl Copyright © 2011, Juniper Networks, Inc.

About This Guide

Table 1: Notice Icons

Icon Meaning Description

Informational note Indicates important features or instructions.

Caution Indicates a situation that might result in loss of data or hardware damage.

Warning Alerts you to the risk of personal injury or death.

Laser warning Alerts you to the risk of personal injury from a laser.

Table 2 on page xli defines the text and syntax conventions used in this guide.

Table 2: Text and Syntax Conventions

Convention Description Examples

Bold text like this Represents text that you type. To enter configuration mode, type the
configure command:

user@host> configure

Fixed-width text like this Represents output that appears on the user@host> show chassis alarms
terminal screen.
No alarms currently active

Italic text like this • Introduces important new terms. • A policy term is a named structure
• Identifies book names. that defines match conditions and
actions.
• Identifies RFC and Internet draft titles.
• Junos OS System Basics Configuration
Guide
• RFC 1997, BGP Communities Attribute

Italic text like this Represents variables (options for which Configure the machine’s domain name:
you substitute a value) in commands or
configuration statements. [edit]
root@# set system domain-name
domain-name

Text like this Represents names of configuration • To configure a stub area, include the
statements, commands, files, and stub statement at the [edit protocols
directories; interface names; ospf area area-id] hierarchy level.
configuration hierarchy levels; or labels • The console port is labeled CONSOLE.
on routing platform components.

< > (angle brackets) Enclose optional keywords or variables. stub <default-metric metric>;

Copyright © 2011, Juniper Networks, Inc. xli

Junos OS 11.4 Routing Protocols Configuration Guide

Table 2: Text and Syntax Conventions (continued)

Convention Description Examples

| (pipe symbol) Indicates a choice between the mutually broadcast | multicast

exclusive keywords or variables on either
side of the symbol. The set of choices is (string1 | string2 | string3)
often enclosed in parentheses for clarity.

# (pound sign) Indicates a comment specified on the rsvp { # Required for dynamic MPLS only
same line as the configuration statement
to which it applies.

[ ] (square brackets) Enclose a variable for which you can community name members [
substitute one or more values. community-ids ]

Indention and braces ( { } ) Identify a level in the configuration [edit]

hierarchy. routing-options {
static {
route default {
; (semicolon) Identifies a leaf statement at a
nexthop address;
configuration hierarchy level.
retain;
}
}
}

J-Web GUI Conventions

Bold text like this Represents J-Web graphical user • In the Logical Interfaces box, select
interface (GUI) items you click or select. All Interfaces.
• To cancel the configuration, click
Cancel.

> (bold right angle bracket) Separates levels in a hierarchy of J-Web In the configuration editor hierarchy,
selections. select Protocols>Ospf.

Documentation Feedback

We encourage you to provide feedback, comments, and suggestions so that we can

improve the documentation. You can send your comments to
[email protected], or fill out the documentation feedback form at
https://www.juniper.net/cgi-bin/docbugreport/ . If you are using e-mail, be sure to include
the following information with your comments:

• Document or topic name

• URL or page number

• Software release version (if applicable)

Requesting Technical Support

Technical product support is available through the Juniper Networks Technical Assistance
Center (JTAC). If you are a customer with an active J-Care or JNASC support contract,

xlii Copyright © 2011, Juniper Networks, Inc.

About This Guide

or are covered under warranty, and need postsales technical support, you can access
our tools and resources online or open a case with JTAC.

• JTAC policies—For a complete understanding of our JTAC procedures and policies,

review the JTAC User Guide located at
http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf .

• JTAC Hours of Operation —The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with the
following features:

• Find CSC offerings: http://www.juniper.net/customers/support/

• Find product documentation: http://www.juniper.net/techpubs/

• Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/

• Download the latest versions of software and review release notes:

http://www.juniper.net/customers/csc/software/

• Search technical bulletins for relevant hardware and software notifications:

https://www.juniper.net/alerts/

• Join and participate in the Juniper Networks Community Forum:

http://www.juniper.net/company/communities/

• Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/

To verify service entitlement by product serial number, use our Serial Number Entitlement
(SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/

Opening a Case with JTAC

You can open a case with JTAC on the Web or by telephone.

• Use the Case Management tool in the CSC at http://www.juniper.net/cm/ .

• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

For international or direct-dial options in countries without toll-free numbers, visit us at

http://www.juniper.net/support/requesting-support.html

Copyright © 2011, Juniper Networks, Inc. xliii

Junos OS 11.4 Routing Protocols Configuration Guide

xliv Copyright © 2011, Juniper Networks, Inc.

PART 1

Overview
• Routing Protocols Concepts on page 3
• Complete Routing and Routing Protocol Configuration Statements on page 17

Copyright © 2011, Juniper Networks, Inc. 1

Junos OS 11.4 Routing Protocols Configuration Guide

2 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 1

Routing Protocols Concepts

This chapter discusses the following topics:

• Routing Databases Overview on page 3

• Route Preferences Overview on page 6
• Understanding BGP Path Selection on page 7
• Understanding Route Preference Values on page 10
• Equal-Cost Paths and Load Sharing on page 11
• IPv6 Overview on page 12
• IPv6 Standards on page 15

Routing Databases Overview

The Junos OS maintains two databases for routing information:

• Routing table—Contains all the routing information learned by all routing protocols.

• Forwarding table—Contains the routes actually used to forward packets through the
router.

In addition, the interior gateway protocols (IGPs), IS-IS, and OSPF maintain link-state
databases.

This section includes the following topics:

• Routing Protocol Databases on page 3

• Junos Routing Tables on page 4
• Forwarding Tables on page 5
• How the Routing and Forwarding Tables Are Synchronized on page 5

Routing Protocol Databases

Each IGP routing protocol maintains a database of the routing information it has learned
from other routers running the same protocol and uses this information as defined and
required by the protocol. IS-IS and OSPF use the routing information they received to
maintain link-state databases, which they use to determine which adjacent neighbors
are operational and to construct network topology maps.

Copyright © 2011, Juniper Networks, Inc. 3

Junos OS 11.4 Routing Protocols Configuration Guide

IS-IS and OSPF use the Dijkstra algorithm, and RIP and RIPng use the Bellman-Ford
algorithm to determine the best route or routes (if there are multiple equal-cost routes)
to reach each destination and install these routes into the Junos OS routing table.

When you configure a protocol on an interface, you must also configure a protocol family
on that interface.

Junos Routing Tables

The Junos OS routing table is used by the routing protocol process to maintain its database
of routing information. In this table, the routing protocol process stores statically
configured routes, directly connected interfaces (also called direct routes or interface
routes), and all routing information learned from all routing protocols. The routing protocol
process uses this collected routing information to select the active route to each
destination, which is the route that actually is used to forward packets to that destination.

By default, the Junos OS maintains three routing tables: one for unicast routes, another
for multicast routes, and a third for MPLS. You can configure additional routing tables to
support situations where you need to separate a particular group of routes or where you
need greater flexibility in manipulating routing information. In general, most operations
can be performed without resorting to the complexity of additional routing tables.
However, creating additional routing tables has several specific uses, including importing
interface routes into more than one routing table, applying different routing policies when
exporting the same route to different peers, and providing greater flexibility with
incongruent multicast topologies.

Each routing table is identified by a name, which consists of the protocol family followed
by a period and a small, nonnegative integer. The protocol family can be inet (Internet),
iso (ISO), or mpls (MPLS). The following names are reserved for the default routing tables
maintained by the Junos OS:

• inet.0—Default IP version 4 (IPv4) unicast routing table

• inet6.0—Default IP version 6 (IPv6) unicast routing table

• instance-name.inet.0—Unicast routing table for a particular routing instance

• inet.1—Multicast forwarding cache

• inet.2—Unicast routes used for multicast reverse path forwarding (RPF) lookup

• inet.3—MPLS routing table for path information

• mpls.0—MPLS routing table for label-switched path (LSP) next hops

NOTE: For clarity, this manual contains general discussions of routing

tables as if there were only one table. However, when it is necessary to
distinguish among the routing tables, their names are explicitly used.

4 Copyright © 2011, Juniper Networks, Inc.

Chapter 1: Routing Protocols Concepts

Forwarding Tables
The Junos OS installs all active routes from the routing table into the forwarding table.
The active routes are used to forward packets to their destinations.

The Junos OS kernel maintains a master copy of the forwarding table. It copies the
forwarding table to the Packet Forwarding Engine, which is the part of the router
responsible for forwarding packets.

How the Routing and Forwarding Tables Are Synchronized

The Junos OS routing protocol process is responsible for synchronizing the routing
information between the routing and forwarding tables. To do this, the routing protocol
process calculates the active routes from all the routes in the routing table and installs
them into the forwarding table. The routing protocol process then copies the forwarding
table to the router’s Packet Forwarding Engine, the part of the router that forwards
packets. Figure 1 on page 5 illustrates how the routing tables are synchronized.

Figure 1: Synchronizing Routing Exchange Between the Routing

and Forwarding Tables

Copyright © 2011, Juniper Networks, Inc. 5

Junos OS 11.4 Routing Protocols Configuration Guide

Route Preferences Overview

For unicast routes, the Junos OS routing protocol process uses the information in its
routing table, along with the properties set in the configuration file, to choose an active
route for each destination. While the Junos OS might know of many routes to a destination,
the active route is the preferred route to that destination and is the one that is installed
in the forwarding table and used when actually routing packets.

The routing protocol process generally determines the active route by selecting the route
with the lowest preference value. The preference value is an arbitrary value in the range
32
from 0 through 4,294,967,295 (2 – 1) that the software uses to rank routes received
from different protocols, interfaces, or remote systems.

The preference value is used to select routes to destinations in external autonomous

systems (ASs) or routing domains; it has no effect on the selection of routes within an
AS (that is, within an interior gateway protocol [IGP]). Routes within an AS are selected
by the IGP and are based on that protocol’s metric or cost value.

This section includes the following topics:

• Alternate and Tiebreaker Preferences on page 6

• Multiple Active Routes on page 6

Alternate and Tiebreaker Preferences

The Junos OS provides support for alternate and tiebreaker preferences, and some of
the routing protocols, including BGP and label switching, use these additional preferences.
With these protocols, you can specify a primary route preference (by including the
preference statement in the configuration), and a secondary preference that is used as
a tiebreaker (by including the preference2 statement). You can also mark route preferences
with additional route tiebreaker information by specifying a color and a tiebreaker color
(by including the color and color2 statements in the configuration). For configuration
instructions, see “Configuring a Preference Value for Static Routes” on page 74,
“Configuring a Preference Value for Aggregate Routes” on page 98, and “Configuring a
Preference Value for Generated Routes” on page 106.

The software uses a 4-byte value to represent the route preference value. When using
the preference value to select an active route, the software first compares the primary
route preference values, choosing the route with the lowest value. If there is a tie and a
secondary preference has been configured, the software compares the secondary
preference values, choosing the route with the lowest value. The secondary preference
values must be included in a set for the preference values to be considered.

Multiple Active Routes

The IGPs compute equal-cost multipath next hops, and IBGP picks up these next hops.
When there are multiple, equal-cost next hops associated with a route, the routing
protocol process installs only one of the next hops in the forwarding path with each route,
randomly selecting which next hop to install. For example, if there are 3 equal-cost paths
to an exit routing device and 900 routes leaving through that routing device, each path

6 Copyright © 2011, Juniper Networks, Inc.

Chapter 1: Routing Protocols Concepts

ends up with about 300 routes pointing at it. This mechanism provides load distribution
among the paths while maintaining packet ordering per destination.

BGP multipath does not apply to paths that share the same MED-plus-IGP cost yet differ
in IGP cost. Multipath path selection is based on the IGP cost metric, even if two paths
have the same MED-plus-IGP cost.

Understanding BGP Path Selection

For each prefix in the routing table, the routing protocol process selects a single best
path. After the best path is selected, the route is installed in the routing table. The best
path becomes the active route if the same prefix is not learned by a protocol with a lower
(more preferred) global preference value. The algorithm for determining the active route
is as follows:

1. Verify that the next hop can be resolved.

2. Choose the path with the lowest preference value (routing protocol process
preference).

Routes that are not eligible to be used for forwarding (for example, because they were
rejected by routing policy or because a next hop is inaccessible) have a preference of
–1 and are never chosen.

3. For BGP, prefer the path with higher local preference.

For non-BGP paths, choose the path with the lowest preference2 value.

4. For BGP, prefer the path with the shortest autonomous system (AS) path value
(skipped if the as-path-ignore statement is configured).

A confederation segment (sequence or set) has a path length of 0. An AS set has a

path length of 1.

5. For BGP, prefer the route with the lower origin code.

Routes learned from an interior gateway protocol (IGP) have a lower origin code than
those learned from an exterior gateway protocol (EGP), and both have lower origin
codes than incomplete routes (routes whose origin is unknown).

6. For BGP, prefer the path with the lowest multiple exit discriminator (MED) metric.

Depending on whether nondeterministic routing table path selection behavior is

configured, there are two possible cases:

• If nondeterministic routing table path selection behavior is not configured (that is,
if the path-selection cisco-nondeterministic statement is not included in the BGP
configuration), for paths with the same neighboring AS numbers at the front of the
AS path, prefer the path with the lowest MED metric. To always compare MEDs
whether or not the peer ASs of the compared routes are the same, include the
path-selection always-compare-med statement.

• If nondeterministic routing table path selection behavior is configured (that is, the
path-selection cisco-nondeterministic statement is included in the BGP
configuration), prefer the path with the lowest MED metric.

Copyright © 2011, Juniper Networks, Inc. 7

Junos OS 11.4 Routing Protocols Configuration Guide

Confederations are not considered when determining neighboring ASs. A missing MED
metric is treated as if a MED were present but zero.

NOTE: MED comparison works for single path selection within an AS

(when the route does not include an AS path), though this usage Is
uncommon.

7. Prefer strictly internal paths, which include IGP routes and locally generated routes
(static, direct, local, and so forth).

8. Prefer strictly external BGP (EBGP) paths over external paths learned through internal
BGP (IBGP) sessions.

9. For BGP, prefer the path whose next hop is resolved through the IGP route with the
lowest metric.

NOTE: A path is considered a BGP equal-cost path (and will be used for
forwarding) if a tie-break is performed after the previous step. All paths
with the same neighboring AS, learned by a multipath-enabled BGP
neighbor, are considered.

BGP multipath does not apply to paths that share the same MED-plus-IGP
cost yet differ in IGP cost. Multipath path selection is based on the IGP
cost metric, even if two paths have the same MED-plus-IGP cost.

10. For BGP, if both paths are external, prefer the currently active path to minimize
route-flapping. This rule is not used if:

• path-selection external-router-id is configured.

• Both peers have the same router ID.

• Either peer is a confederation peer.

• Neither path is the current active path.

11. For BGP, prefer the path from the peer with the lowest router ID. For any path with an
originator ID attribute, substitute the originator ID for the router ID during router ID
comparison.

12. For BGP, prefer the path with the shortest cluster list length. The length is 0 for no list.

13. For BGP, prefer the path from the peer with the lowest peer IP address.

By default, only the multiple exit discriminators (MEDs) of routes that have the same
peer autonomous systems (ASs) are compared. You can configure routing table path
selection options to obtain different behaviors.

The third step of the algorithm, by default, evaluates the length of the AS path and
determines the active path. You can configure an option that enables Junos OS to skip
this third step of the algorithm by including the as-path-ignore option.

8 Copyright © 2011, Juniper Networks, Inc.

Chapter 1: Routing Protocols Concepts

NOTE: The as-path-ignore option is not supported for routing instances.

To configure routing table path selection behavior, include the path-selection statement:

path-selection {
(always-compare-med | cisco-non-deterministic | external-router-id);
as-path-ignore;
med-plus-igp {
igp-multiplier number;
med-multiplier number;
}
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Routing table path selection can be configured in one of the following ways:

• Using the same nondeterministic behavior as does the Cisco IOS software
(cisco-non-deterministic). This behavior has two effects:

• The active path is always first. All nonactive but eligible paths follow the active path
and are maintained in the order in which they were received, with the most recent
path first. Ineligible paths remain at the end of the list.

• When a new path is added to the routing table, path comparisons are made without
removing from consideration those paths that should never be selected because
those paths lose the MED tie-breaking rule.

NOTE: The result of these two effects is that the system only sometimes
compares the MED values between paths that it should otherwise compare.
Because of this, we recommend that you not configure nondeterministic
behavior.

• Always comparing MEDs whether or not the peer ASs of the compared routes are the
same (always-compare-med).

• Comparing the router ID between external BGP paths to determine the active path
(external-router-id). By default, router ID comparison is not performed if one of the
external paths is active. You can force the router ID comparison by restarting the routing
process with the restart routing operational-mode command.

• Adding the IGP cost to the next-hop destination to the MED value before comparing
MED values for path selection.

BGP multipath does not apply to paths that share the same MED-plus-IGP cost, yet
differ in IGP cost. Multipath path selection is based on the IGP cost metric, even if two
paths have the same MED-plus-IGP cost.

Copyright © 2011, Juniper Networks, Inc. 9

Junos OS 11.4 Routing Protocols Configuration Guide

Related • Example: Ignoring the AS Path Attribute When Selecting the Best Path on page 1153
Documentation
• Example: Always Comparing MEDs

Understanding Route Preference Values

The Junos OS routing protocol process assigns a default preference value (also known
as an administrative distance) to each route that the routing table receives. The default
value depends on the source of the route. The preference value is a value from 0
32
through 4,294,967,295 (2 – 1), with a lower value indicating a more preferred route.
Table 3 on page 10 lists the default preference values.

Table 3: Default Route Preference Values

Default
How Route Is Learned Preference Statement to Modify Default Preference

Directly connected network 0 –

System routes 4 –

Static and Static LSPs 5 static

RSVP-signaled LSPs 7 RSVP preference as described in the Junos OS MPLS

Applications Configuration Guide

LDP-signaled LSPs 9 LDP preference, as described in the Junos OS MPLS

Applications Configuration Guide

OSPF internal route 10 OSPF preference

IS-IS Level 1 internal route 15 IS-IS preference

IS-IS Level 2 internal route 18 IS-IS preference

Redirects 30 –

Kernel 40 –

SNMP 50 –

Router discovery 55 –

RIP 100 RIP preference

RIPng 100 RIPng preference

PIM 105 Junos OS Multicast Protocols Configuration Guide

DVMRP 110 Junos OS Multicast Protocols Configuration Guide

10 Copyright © 2011, Juniper Networks, Inc.

Chapter 1: Routing Protocols Concepts

Table 3: Default Route Preference Values (continued)

Default
How Route Is Learned Preference Statement to Modify Default Preference

Aggregate 130 aggregate

OSPF AS external routes 150 OSPF external-preference

IS-IS Level 1 external route 160 IS-IS external-preference

IS-IS Level 2 external route 165 IS-IS external-preference

BGP 170 BGP preference, export, import

MSDP 175 Junos OS Multicast Protocols Configuration Guide

In general, the narrower the scope of the statement, the higher precedence its preference
value is given, but the smaller the set of routes it affects. To modify the default preference
value for routes learned by routing protocols, you generally apply routing policy when
configuring the individual routing protocols. You also can modify some preferences with
other configuration statements, which are indicated in the table.

Related • Junos OS Routing Policy Configuration Guide

Documentation

Equal-Cost Paths and Load Sharing

For equal-cost paths, load sharing is based on the BGP next hop. For example, if four
prefixes all point to a next hop and there is more than one equal-cost path to that next
hop, the routing protocol process uses a hash algorithm to choose the path among the
four prefixes. Also, for each prefix, the routing protocol process installs a single forwarding
entry pointing along one of the paths. The routing software does not rehash the path
taken as prefixes pointing to the next hop come and go, but it does rehash if the number
of paths to the next hop changes. Because a prefix is tied to a particular path, packet
reordering should not happen. The degree of load sharing improves as the number of
prefixes increases.

Copyright © 2011, Juniper Networks, Inc. 11

Junos OS 11.4 Routing Protocols Configuration Guide

IPv6 Overview

IP version 6 (IPv6) is the latest version of IP. IP enables numerous nodes on different
networks to interoperate seamlessly. IP version 4 (IPv4) is currently used in intranets
and private networks, as well as the Internet. IPv6 is the successor to IPv4, and is based
for the most part on IPv4.

IPv4 has been widely deployed and used to network the Internet today. With the rapid
growth of the Internet, enhancements to IPv4 are needed to support the influx of new
subscribers, Internet-enabled devices, and applications. IPv6 is designed to enable the
global expansion of the Internet.

IPv6 builds upon the functionality of IPv4, providing improvements to addressing,

configuration and maintenance, and security.

IPv6 offers the following benefits:

• Expanded addressing capabilities—IPv6 provides a larger address space. IPv6 addresses

consist of 128 bits, while IPv4 addresses consist of 32 bits. 128-bit addressing increases
the address space by approximately 1029 unique addresses, enough to last for the
forseeable future.

• Header format simplification—IPv6 packet header format is designed to be efficient.

IPv6 standardizes the size of the packet header to 40 bytes, divided into 8 fields.

• Improved support for extensions and options—Extension headers carry Internet-layer

information and have a standard size and structure.

• Flow labeling capability—Flow labels provide consistent handling of packets belonging

to the same flow.

• Improved privacy and security—IPv6 supports extensions for authentication and data
integrity, which enhance privacy and security.

This section discusses the following topics:

• IPv6 Packet Headers on page 12

• IPv6 Addressing on page 13

IPv6 Packet Headers

IPv6 headers are different from IPv4 headers.

This section discusses the following topics that provide background information about
IPv6 headers:

• Header Structure on page 13

• Extension Headers on page 13

12 Copyright © 2011, Juniper Networks, Inc.

Chapter 1: Routing Protocols Concepts

Header Structure

IPv6 packet headers contain many of the fields found in IPv4 packet headers; some of
these fields have been modified from IPv4. The 40-byte IPv6 header consists of the
following 8 fields:

• Traffic class—Class-of-service (CoS) priority of the packet. Previously the

type-of-service (ToS) field in IPv4. However, the semantics of this field (for example,
DiffServ code points) are identical to IPv4.

• Destination address—Final destination node address for the packet.

• Flow label—Packet flows requiring a specific class of service. The flow label identifies
all packets belonging to a specific flow, and routers can identify these packets and
handle them in a similar fashion.

• Hop limit—Maximum number of hops allowed. Previously the time-to-live (TTL) field
in IPv4.

• Next header—Next extension header to examine. Previously the protocol field in IPv4.

• Payload length—Length of the IPv6 payload. Previously the total length field in IPv4.

• Source address—Address of the source node sending the packet.

• Version—Version of IP.

Extension Headers

In IPv6, extension headers are used to encode optional Internet-layer information.

Extension headers are placed between the IPv6 header and the upper layer header in a
packet.

Extension headers are chained together using the next header field in the IPv6 header.
The next header field indicates to the router which extension header to expect next. If
there are no more extension headers, the next header field indicates the upper layer
header (TCP header, User Datagram Protocol [UDP] header, ICMPv6 header, an
encapsulated IP packet, or other items).

IPv6 Addressing
IPv6 uses a 128-bit addressing model. This creates a much larger address space than
IPv4 addresses, which are made up of 32 bits. IPv6 addresses also contain a scope field
that categorizes what types of applications are suitable for the address. IPv6 does not
support broadcast addresses, but instead uses multicast addresses to serve this role. In
addition, IPv6 also defines a new type of address called anycast.

This section discusses the following topics that provide background information about
IPv6 addressing:

• Address Representation on page 14

• Address Types on page 14

Copyright © 2011, Juniper Networks, Inc. 13

Junos OS 11.4 Routing Protocols Configuration Guide

• Address Scope on page 14

• Address Structure on page 14

Address Representation

IPv6 addresses consist of 8 groups of 16-bit hexadecimal values separated by colons

(:). The IPv6 address format is as follows:

aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa

aaaa is a 16-bit hexadecimal value, and a is a 4-bit hexadecimal value. Following is an

example of an actual IPv6 address:

3FFE:0000:0000:0001:0200:F8FF:FE75:50DF

You can omit the leading zeros, as shown:

3FFE:0:0:1:200:F8FF:FE75:50DF

You can compress 16-bit groups of zeros to the notation :: (two colons), as shown here,
but only once per address:

3FFE::1:200:F8FF:FE75:50DF

Address Types

There are three types of IPv6 addresses:

• Unicast—For a single interface.

• Multicast—For a set of interfaces on the same physical medium. A packet is sent to all
of the interfaces associated with the address.

• Anycast—For a set of interfaces on different physical mediums. A packet is sent to only

one of the interfaces associated with this address, not to all the interfaces.

Address Scope

IPv6 addresses have scope, which identifies the application suitable for the address.
Unicast and multicast addresses support scoping.

Unicast addresses support two types of scope: global scope and local scope. There are
two types of local scope: link-local addresses and site-local addresses. Link-local unicast
addresses are used within a single network link. The first ten bits of the prefix identify the
address as a link-local address. Link-local addresses cannot be used outside a network
link. Site-local unicast addresses are used within a site or intranet. A site consists of
multiple network links, and site-local addresses identify nodes inside the intranet.
Site-local addresses cannot be used outside the site.

Multicast addresses support 16 different types of scope, including node, link, site,
organization, and global scope. A 4-bit field in the prefix identifies the scope.

Address Structure

Unicast addresses identify a single interface. The address consists of n bits for the prefix,
and 128 – n bits for the interface ID.

14 Copyright © 2011, Juniper Networks, Inc.

Chapter 1: Routing Protocols Concepts

Multicast addresses identify a set of interfaces. The address is made up of the first 8 bits
of all ones, a 4-bit flags field, a 4-bit scope field, and a 112-bit group ID:

11111111 | flags | scope | group ID

The first octet of ones identifies the address as a multicast address. The flags field
identifies whether the multicast address is a well-known address or a transient multicast
address. The scope field identifies the scope of the multicast address. The 112-bit group
ID identifies the multicast group.

Similar to multicast addresses, anycast addresses identify a set of interfaces. However,

packets are sent to only one of the interfaces, not to all interfaces. Anycast addresses
are allocated from the normal unicast address space and cannot be distinguished from
a unicast address in format. Therefore, each member of an anycast group must be
configured to recognize certain addresses as anycast addresses.

IPv6 Standards

IPv6 is defined in the following documents:

• RFC 1981, Path MTU Discovery for IP version 6

• RFC 2373, IP Version 6 Addressing Architecture

• RFC 2460, Internet Protocol, Version 6 (IPv6)

• RFC 2461, Neighbor Discovery for IP Version 6

• RFC 2462, IPv6 Stateless Address Auto configuration

• RFC 2463, Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6

• RFC 2464, Transmission of IPv6 Packets over Ethernet Networks

• RFC 2472, IP Version 6 over PPP

• RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6
Headers

• RFC 2675, IPv6 Jumbo grams

• RFC 2767, Dual Stack Hosts using the “Bump-In-the-Stack” Technique (BIS)

• RFC 2878, PPP Bridging Control Protocol

• RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers

• Internet draft draft-ietf-dhc-dhcpv6-16.txt, Dynamic Host Configuration Protocol for

IPv6 (expires May 2001)

• Internet draft draft-kato-bgp-ipv6-link-local-00.txt, BGP4+ Peering Using IPv6 Link-local

Address (expires April 2002)

• Internet draft draft-ietf-idr-flow-spec-00.txt, Dissemination of Flow Specification Rules

To access Internet Requests for Comments (RFCs) and drafts, see http://www.ietf.org.

Copyright © 2011, Juniper Networks, Inc. 15

Junos OS 11.4 Routing Protocols Configuration Guide

16 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 2

Complete Routing and Routing Protocol

Configuration Statements

For a list of the complete configuration statement hierarchy, see the Junos OS Hierarchy
and RFC Reference.

This chapter is organized as follows:

• [edit logical-systems] Hierarchy Level on page 17

• [edit protocols] Hierarchy Level on page 18
• [edit routing-instances] Hierarchy Level on page 35
• [edit routing-options] Hierarchy Level on page 40

[edit logical-systems] Hierarchy Level

The following lists the statements that can be included at the [edit logical-systems]
hierarchy level and are also documented in this manual.

logical-systems {
logical-system-name {
protocols {
bgp {
bgp-configuration;
}
isis {
isis-configuration;
}
ospf {
ospf-configuration;
}
ospf3 {
ospf3-configuration;
}
rip {
rip-configuration;
}
ripng {
ripng-configuration;
}
router-advertisement {

Copyright © 2011, Juniper Networks, Inc. 17

Junos OS 11.4 Routing Protocols Configuration Guide

router-advertisement-configuration;
}
router-discovery {
router-discovery-configuration;
}
}
routing-instances {
routing-instance-name {
routing-instance-configuration;
}
}
routing-options {
routing-option-configuration;
}
}
}

[edit protocols] Hierarchy Level

The following statements can also be included at the [edit logical-systems

logical-system-name] hierarchy level.

protocols {

BGP Global bgp {

accept-remote-nexthop;
advertise-external <conditional>;
advertise-inactive;
(advertise-peer-as | noadvertise-peer-as);
authentication-algorithm algorithm;
authentication-key key;
authentication-key-chain key-chain;
bfd-liveness-detection{
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}
holddown-interval milliseconds;
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
no-adaptation;
session-mode (automatic | multihop | single-hop);
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
multiplier number;
version (1 | automatic);
}
cluster cluster-identifier;
damping;
description text-description;

18 Copyright © 2011, Juniper Networks, Inc.

Chapter 2: Complete Routing and Routing Protocol Configuration Statements

disable;
export [ policy-names ];
family family-name{
... family-configuration ...
graceful-restart {
disable;
restart-time seconds;
stale-routes-time seconds;
}
group group-name {
... group-configuration ...
}
hold-time seconds;
idle-after-switch-over (seconds | forever);
import [ policy-names ];
include-mp-next-hop;
ipsec-sa ipsec-sa;
keep (all | none);
local-address address;
local-as autonomous-system <private>;
local-interface interface-name;
local-preference local-preference;
log-updown;
metric-out (metric | igp (delay-med-update | <metric-offset>) | minimum-igp
<metric-offset>);
mtu-discovery;
multihop {
no-nexthop-change;
ttl ttl-value;
}
no-aggregator-id;
no-client-reflect;
outbound-route-filter{
bgp-orf-cisco-mode;
prefix-based {
accept {
(inet | inet6);
}
}
}
out-delay seconds;
passive;
path-selection {
(cisco-non-deterministic | always-compare-med | external-router-id);
med-plus-igp {
igp-multiplier number;
med-multiplier number;
}
}
peer-as autonomous-system;
preference preference;
remove-private;
tcp-mss segment-size;
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;

Copyright © 2011, Juniper Networks, Inc. 19

Junos OS 11.4 Routing Protocols Configuration Guide

}
vpn-apply-export;
}

BGP Family family {

(inet | inet6 | inet-vpn | inet6-vpn | iso-vpn) {
(any | flow | labeled-unicast | multicast | unicast) {
accepted-prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
add-path {
send {
path-count number;
prefix-policy [ policy-names ];
}
receive;
}
<loops number>;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
rib-group group-name;
}
flow{
no-validate policy-name;
}
labeled-unicast {
accepted-prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
aggregate-label {
community community-name:
}
explicit-null {
connected-only;
}
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
resolve-vpn;
rib inet.3;
rib-group group-name;
}
}
route-target {
accepted-prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
advertise-default;
external-paths number;
prefix-limit {

20 Copyright © 2011, Juniper Networks, Inc.

Chapter 2: Complete Routing and Routing Protocol Configuration Statements

maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
}
(inet-mdt | inet-mvpn | inet6-mvpn | l2-vpn) {
signaling {
accepted-prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
<loops number>;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
rib-group group-name
}
}
}

BGP Group group group-name {

accept-remote-nexthop;
advertise-external <conditional>;
advertise-inactive;
advertise-peer-as;
allow ([ network/mask-length ] | all);
as-override;
authentication-algorithm algorithm;
authentication-key key;
authentication-key-chain key-chain;
bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}
holddown-interval milliseconds;
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
multiplier number;
no-adaptation;
session-mode (automatic | multihop | single-hop);transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
version (1 | automatic);
}
cluster cluster-identifier;
damping;
description text-description;
export [ policy-names ];
family {
(inet | inet6 | inet-vpn | inet6-vpn | iso-vpn) {

Copyright © 2011, Juniper Networks, Inc. 21

Junos OS 11.4 Routing Protocols Configuration Guide

(any | flow | labeled-unicast | multicast | unicast) {

accepted-prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
add-path {
send {
path-count number;
prefix-policy [ policy-names ];
}
receive;
}
<loops number>;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
rib-group group-name;
}
flow {
no-validate policy-name;
}
labeled-unicast {
accepted-prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
aggregate-label {
community community-name:
}
explicit-null {
connected-only;
}
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
resolve-vpn;
rib inet.3;
rib-group group-name;
}
}
route-target {
accepted-prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
advertise-default;
external-paths number;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
}
(inet-mdt | inet-mvpn | inet6-mvpn | l2-vpn) {
signaling {

22 Copyright © 2011, Juniper Networks, Inc.

Chapter 2: Complete Routing and Routing Protocol Configuration Statements

accepted-prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
<loops number>;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
rib-groupgroup-name
}
}
}
graceful-restart {
disable;
restart-time seconds;
stale-routes-time seconds;
}
hold-time seconds;
idle-after-switch-over (seconds | forever);
import [ policy-names ];
include-mp-next-hop;
ipsec-sa ipsec-sa;
keep (all | none);
local-address address;
local-as autonomous-system <private>;
local-interface;
local-preference local-preference;
log-updown;
metric-out (metric | minimum-igp <offset> | igp <offset>);
mtu-discovery;
multihop <ttl-value>;
multipath {
multiple-as;
}
no-advertise-peer-as;
no-aggregator-id;
no-client-reflect;
outbound-route-filter {
bgp-orf-cisco-mode;
prefix-based {
accept {
(inet | inet6);
}
}
}
out-delay seconds;
passive;
peer-as autonomous-system;
preference preference;
remove-private;
tcp-mss segment-size;
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}

Copyright © 2011, Juniper Networks, Inc. 23

Junos OS 11.4 Routing Protocols Configuration Guide

type type;
vpn-apply-export;

BGP Neighbor neighbor address {

accept-remote-nexthop;
advertise-external <conditional>;
advertise-inactive;
advertise-peer-as;
as-override;
authentication-algorithm algorithm;
authentication-key key;
authentication-key-chain key-chain;
bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
multiplier number;
no-adaptation;
session-mode (automatic | multihop | single-hop);
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
version (1 | automatic);
}
cluster cluster-identifier;
damping;
description text-description;
export [ policy-names ];
family{
(inet | inet6 | inet-vpn | inet6-vpn | iso-vpn) {
(any | flow | labeled-unicast | multicast | unicast) {
accepted-prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
add-path {
send {
path-count number;
prefix-policy [ policy-names ];
}
receive;
}
<loops number>;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
rib-group group-name;

24 Copyright © 2011, Juniper Networks, Inc.

Chapter 2: Complete Routing and Routing Protocol Configuration Statements

}
flow {
no-validate policy-name;
}
labeled-unicast {
accepted-prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
aggregate-label {
community community-name:
}
explicit-null {
connected-only;
}
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
resolve-vpn;
rib inet.3;
rib-group group-name;
}
}
route-target {
accepted-prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
advertise-default;
external-paths number;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
}
(inet-mdt | inet-mvpn | inet6-mvpn | l2-vpn) {
signaling {
accepted-prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
<loops number>;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
}
rib-group group-name
}
}
}
graceful-restart {
disable;
restart-time seconds;
stale-routes-time seconds;
}

Copyright © 2011, Juniper Networks, Inc. 25

Junos OS 11.4 Routing Protocols Configuration Guide

hold-time seconds;
idle-after-switch-over (seconds | forever);
import [ policy-names ];
include-mp-next-hop;
ipsec-sa ipsec-sa;
keep (all | none);
local-address address;
local-as autonomous-system <private>;
local-interface interface-name;
local-preference local-preference;
log-updown;
metric-out (metric | minimum-igp <offset> | igp <offset>);
mtu-discovery;
multihop <ttl-value>;
multipath {
multiple-as;
}
no-advertise-peer-as;
no-aggregator-id;
no-client-reflect;
out-delay seconds;
outbound-route-filter {
bgp-orf-cisco-mode;
prefix-based {
accept {
(inet | inet6);
}
}
}
passive;
peer-as autonomous-system;
preference preference;
remove-private;
tcp-mss segment-size;
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
vpn-apply-export;

IS-IS isis {
clns-routing;
disable;
export [ policy-names ];
graceful-restart {
disable;
helper-disable;
restart-duration seconds;
}
ignore-attached-bit;
interface (all | interface-name) {
bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;

26 Copyright © 2011, Juniper Networks, Inc.

Chapter 2: Complete Routing and Routing Protocol Configuration Statements

}
detection-time {
threshold milliseconds;
}
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
multiplier number;
}
checksum;
csnp-interval (seconds | disable);
disable;
hello-padding (adaptive | loose | strict);
ldp-synchronization {
disable;
hold-time seconds;
}
level level-number {
disable;
hello-authentication-key key;
hello-authentication-key-chain key-chain-name;
hello-authentication-type authentication;
hello-interval seconds;
hold-time seconds;
ipv4-multicast-metric number;
ipv6-multicast-metric number;
ipv6-unicast-metric number;
metric metric;
passive;
priority number;
te-metric metric;
}
link-protection;
lsp-interval milliseconds;
mesh-group (value | blocked);
no-adjacency-holddown;
no-eligible-backup;
no-ipv4-multicast;
no-ipv6-multicast;
no-ipv6-unicast;
no-unicast-topology;
node-link-protection;
passive;
point-to-point;
}
label-switched-path namelevel level metric metric;
level level-number {
authentication-key key;
authentication-key-chain key-chain-name;
authentication-type authentication;
external-preference preference;
ipv6-multicast-metric number;
no-csnp-authentication;

Copyright © 2011, Juniper Networks, Inc. 27

Junos OS 11.4 Routing Protocols Configuration Guide

no-hello-authentication;
no-psnp-authentication;
preference preference;
prefix-export-limit number;
wide-metrics-only;
}
loose-authentication-check;
lsp-lifetime seconds;
max-areas number;
no-adjacency-holddown;
no-authentication-check;
no-ipv4-routing;
no-ipv6-routing;
overload {
advertise-high-metrics;
timeout seconds;
}
reference-bandwidth reference-bandwidth;
rib-group {
inet group--name;
inet6 group--name;
}
spf-options {
delay milliseconds;
holddown milliseconds;
rapid-runs number;
}
topologies {
ipv4-multicast;
ipv6-multicast;
ipv6-unicast;
}
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
traffic-engineering {
disable;
family inet {
shortcuts <ignore-lsp-metrics> {
multicast-rpf-routes;
}
}
family inet6 {
shortcuts;
}
}
}

OSPF ospf {
disable;
export [ policy-names ];
external-preference preference;
graceful-restart {
disable;
helper-disable;

28 Copyright © 2011, Juniper Networks, Inc.

Chapter 2: Complete Routing and Routing Protocol Configuration Statements

notify-duration seconds;
restart-duration seconds;
}
import [ policy-names ];
no-nssa-abr;
overload {
timeout seconds;
}
preference preference;
reference-bandwidth reference-bandwidth;
rib-group group-name;
sham-link {
local address;
}
spf-options {
delay milliseconds;
holddown milliseconds;
rapid-runs milliseconds;
}
traffic-engineering {
accept-unnumbered-interfaces;
multicast-rpf-routes;
no-topology;
shortcuts {
ignore-lsp-metrics;
lsp-metric-into-summary;
}
}
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
area area-id {
area-range network/mask-length <restrict> <exact> <override-metric metric>;
interface interface-name {
demand-circuit;
disable;
bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
multiplier number;
no-adaptation;
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
version (1 | automatic);
}

Copyright © 2011, Juniper Networks, Inc. 29

Junos OS 11.4 Routing Protocols Configuration Guide

ipsec-sa name;
}
no-interface-state-traps;
authentication {
md5 key-id {
key [ key-values ];
}
simple-password key-id;
}
dead-interval seconds;
hello-interval seconds;
interface-type type;
ldp-synchronization {
disable;
hold-time seconds;
}
metric metric;
neighbor address <eligible>;
network-summary-export [ policy-names ];
network-summary-import [ policy-names ];
passive;
poll-interval seconds;
priority number;
retransmit-interval seconds;
te-metric metric;
transit-delay seconds;
}
label-switched-path name metric metric;
nssa {
area-range network/mask-length <restrict> <exact> <override-metric metric>;
default-lsa {
default-metric metric;
metric-type type;
type-7;
}
(no-summaries | summaries);
}
peer-interface interface-name {
disable;
dead-interval seconds;
hello-interval seconds;
retransmit-interval seconds;
transit-delay seconds;
}
sham-link-remote address {
ipsec-sa name;
}
demand-circuit;
metric metric;
}
stub <default-metric metric> <(no-summaries | summaries)>;
virtual-link neighbor-id router-id transit-area area-id {
disable;
ipsec-sa name;
}
authentication {

30 Copyright © 2011, Juniper Networks, Inc.

Chapter 2: Complete Routing and Routing Protocol Configuration Statements

md5 key-id;
simple-password key-id;
}
dead-interval seconds;
hello-interval seconds;
retransmit-interval seconds;
transit-delay seconds;

OSPFv3 ospf3 {
disable;
export [ policy-names ];
external-preference preference;
import [ policy-names ];
overload {
timeout seconds;
}
preference preference;
reference-bandwidth reference-bandwidth;
rib-group group-name;
spf-options {
delay milliseconds;
holddown milliseconds;
rapid-runs number;
}
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
area area-id {
area-range network/mask-length <restrict> <exact> <override-metric metric>;
interface interface-name {
disable;
dead-interval seconds;
hello-interval seconds;
ipsec-sa name;
metric metric;
neighbor address <eligible>;
passive;
priority number;
retransmit-interval seconds;
transit-delay seconds;
}
inter-area-prefix-export [policy-names ];
inter-area-prefix-import [ policy-names ];
nssa {
area-range network/mask-length <restrict> <exact> <override-metric metric>;
default-lsa {
default-metric metric;
metric-type type;
type-7;
}
(no-summaries | summaries);
}
stub <default-metric metric> <(no-summaries | summaries)>;
virtual-link neighbor-id router-id transit-area area-id {
disable;

Copyright © 2011, Juniper Networks, Inc. 31

Junos OS 11.4 Routing Protocols Configuration Guide

dead-interval seconds;
hello-interval seconds;
ipsec-sa name;
retransmit-interval seconds;
transit-delay seconds;
}
}
}

RIP rip {
any-sender;
authentication-key password;
authentication-type type;
(check-zero | no-check-zero);
graceful-restart {
disable;
restart-time seconds;
}
holddown seconds;
import [ policy-names ];
message-size number;
metric-in metric;
receive receive-options;
rib-group group-name;
route-timeout seconds;
send send-options;
update-interval seconds;
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
group group-name {
bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
multiplier number;
no-adaptation;
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
version (0 | 1 | automatic);
}
export [ policy-names ];
metric-out metric;
preference preference;
route-timeout seconds;
update-interval seconds;

32 Copyright © 2011, Juniper Networks, Inc.

Chapter 2: Complete Routing and Routing Protocol Configuration Statements

neighbor neighbor-name {
authentication-key password;
authentication-type type;
bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
multiplier number;
version (1 | automatic);
}
(check-zero | no-check-zero);
import [ policy-names ];
message-size number;
metric-in metric;
receive receive-options;
route-timeout seconds;
send send-options;
update-interval seconds;
}
}
}

RIPng ripng {
graceful-restart {
disable;
restart-time seconds;
}
holddown seconds;
import [ policy-names ];
metric-in metric;
receive <none>;
route-timeout seconds;
send <none>;
update-interval seconds;
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
group group-name {
export [ policy-names ];
metric-out metric;
preference number;
route-timeout seconds;
update-interval seconds;
neighbor neighbor-name {

Copyright © 2011, Juniper Networks, Inc. 33

Junos OS 11.4 Routing Protocols Configuration Guide

import [ policy-names ];
metric-in metric;
receive <none>;
route-timeout seconds;
send <none>;
update-interval seconds;
}
}
}

Router Advertisement router-advertisement {

interface interface-name {
current-hop-limit number;
default-lifetime seconds;
(link-mtu | no-link-mtu);
(managed-configuration | no-managed-configuration);
max-advertisement-interval seconds;
min-advertisement-interval seconds;
(other-stateful-configuration | no-other-stateful-configuration);
prefix prefix {
(autonomous | no-autonomous);
(on-link | no-on-link);
preferred-lifetime seconds;
valid-lifetime seconds;
}
reachable-time milliseconds;
retransmit-timer milliseconds;
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <detail> <disable>;
}
}
}

Router Discovery router-discovery {

disable;
interface interface-name {
min-advertisement-interval seconds;
max-advertisement-interval seconds;
lifetime seconds;
}
address address {
(advertise | ignore);
(broadcast | multicast);
(priority number | ineligible);
}
}

Secure Neighbor neighbor-discovery {

Discovery secure {
security-level {
(default | secure-messages-only);
}
cryptographic-address {
key-length number;

34 Copyright © 2011, Juniper Networks, Inc.

Chapter 2: Complete Routing and Routing Protocol Configuration Statements

key-pair pathname;
}
timestamp {
clock-drift number;
known-peer-window seconds;
new-peer-window seconds;
}
traceoptions {
file filename <files number> <match regular-expression> <size size> <world-readable |
no-world-readable>;
flag flag;
no-remote-trace;
}
}
}

[edit routing-instances] Hierarchy Level

routing-instances {
routing-instance-name {
bridge-domains bridge-domain-name {
domain-type bridge;
<vlan-id (all | none | number)>;
<vlan-tags outer number inner number>;
<routing-interface routing-interface-name>;
interface interface-name;
bridge-options {
interface-mac-limit limit;
mac-statistics;
mac-table-size limit;
no-mac-learning;
static-mac mac-address;
}
}
description text;
forwarding-options;
interface interface-name;
instance-type (forwarding | layer2–control | l2vpn | no-forwarding | virtual-router |
virtual-switch | vpls | vrf);
no-vrf-advertise;
no-vrf-propagate-ttl;
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
vrf-propagate-ttl;
vrf-table-label;
vrf-target {
export community-name;
import community-name;
}
protocols {
bgp {
bgp-configuration;
}
isis {

Copyright © 2011, Juniper Networks, Inc. 35

Junos OS 11.4 Routing Protocols Configuration Guide

isis-configuration;
}
l2vpn {
l2vpn-configuration;
}
ldp {
ldp-configuration;
}
msdp {
msdp-configuration;
}
ospf {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (vendor | iana);
ospf-configuration;
}
ospf 3 {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (vendor | iana);
ospf3-configuration;
}
pim {
pim-configuration;
}
rip {
rip-configuration;
}
vpls {
vpls-configuration;
}
}
routing-options {
aggregate {
defaults {
... aggregate-options ...
}
route destination-prefix {
policy policy-name;
... aggregate-options ...
}
}
auto-export {
(disable | enable);
family {
inet {
flow {
(disable | enable);
rib-group rib-group;
}
multicast {
(disable | enable);
rib-group rib-group;
}
unicast {

36 Copyright © 2011, Juniper Networks, Inc.

Chapter 2: Complete Routing and Routing Protocol Configuration Statements

(disable | enable);
rib-group rib-group;
}
}
}
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
}
autonomous-system autonomous-system <loops number> {
independent-domain <no-attrset>;
}
confederation confederation-autonomous-systems
members autonomous-system;
dynamic-tunnels tunnel-name {
destination-prefix prefix;
source-address address;
tunnel-type type-of-tunnel;
}
fate-sharing {
group group-name;
cost value;
from address {
to address;
}
flow {
route name {
match {
match-conditions;
}
then {
actions;
}
}
validation {
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
}
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
instance-export [ policy-names ];
instance-import [ policy-names ];
interface-routes {
family (inet | inet6) {
export {
lan;

Copyright © 2011, Juniper Networks, Inc. 37

Junos OS 11.4 Routing Protocols Configuration Guide

point-to-point;
}
}
rib-group group-name;
}
martians {
destination-prefix match-type <allow>;
}
maximum-paths path-limit <log-only | threshold value log-interval seconds>;
maximum-prefixes prefix-limit <log-only | threshold value log-interval seconds>;
multicast {
forwarding-cache {
threshold (suppress | reuse) value value;
}
interface interface-name {
enable;
}
scope scope-name {
interface interface-name;
prefix destination-prefix;
}
scope-policy policy-name;
ssm-groups {
addresses;
}
}
options {
syslog (level level | upto level);
}
resolution {
rib routing-table-name {
import [ policy-names ];
resolution-ribs [ routing-table-names ];
}
}
rib routing-table-name {
aggregate {
defaults {
... aggregate-options ...
}
route destination-prefix {
policy policy-name;
... aggregate-options ...
}
}
filter {
input filter-name;
}
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}

38 Copyright © 2011, Juniper Networks, Inc.

Chapter 2: Complete Routing and Routing Protocol Configuration Statements

}
martians {
destination-prefix match-type <allow>;
}
static {
defaults {
static-options;
}
passive group-name;
route destination-prefix {
lsp-next-hop {
metric metric;
preference preference;
}
next-hop;
p2mp-lsp-next-hop {
metric metric;
preference preference;
}
qualified-next-hop address {
interface interface-name;
metric metric;
preference preference;
}
static-options;
}
}
}
passive {
group-name {
import-policy [ policy-names ];
import-rib [ group-names ];
export-rib group-name;
}
}
route-distinguisher-id address;
route-record;
router-id address;
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}
local-address ip-address;
minimum-interval milliseconds;
minimum-receive-interval milliseconds;

Copyright © 2011, Juniper Networks, Inc. 39

Junos OS 11.4 Routing Protocols Configuration Guide

minimum-receive-ttl milliseconds;
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
multiplier number;
version (1 | automatic);
}
lsp-next-hop {
metric metric;
preference preference;
}
next-hop;
qualified-next-hop address {
interface interface-name;
metric metric;
preference preference;
}
static-options;
}
}
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
}
}
}
}

The following statements can also be included at the [edit logical-systems

logical-system-name] hierarchy level.

NOTE: The virtual-switch instance type is not supported at the [edit

logical-systems logical-system-name] hierarchy level. For more detailed
information about configuring a virtual switch on MX Series routers, see the
Junos OS Layer 2 Configuration Guide.

[edit routing-options] Hierarchy Level

The following statements can also be included at the [edit logical-systems

logical-system-name] hierarchy level.

routing-options {
aggregate {
defaults {
... aggregate-options ...
}
route destination-prefix {
policy policy-name;
... aggregate-options ...
}

40 Copyright © 2011, Juniper Networks, Inc.

Chapter 2: Complete Routing and Routing Protocol Configuration Statements

}
auto-export {
(disable | enable);
family {
inet {
flow {
(disable | enable);
rib-group rib-group;
}
multicast {
(disable | enable);
rib-group rib-group;
}
unicast {
(disable | enable);
rib-group rib-group;
}
}
}
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
}
autonomous-system autonomous-system <loops number>;
confederation confederation-autonomous-system members autonomous-system;
dynamic-tunnels tunnel-name {
destination-prefix prefix;
source-address address;
tunnel-type tunnel-type;
}
fate-sharing {
group group-name;
cost value;
from address {
to address;
}
}
flow {
route name {
match {
match-conditions;
}
then {
actions;
}
}
validation {
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
}
forwarding-table {
export [ policy-names ];
(indirect-next-hop | no-indirect-next-hop);

Copyright © 2011, Juniper Networks, Inc. 41

Junos OS 11.4 Routing Protocols Configuration Guide

unicast-reverse-path (active-paths | feasible-paths);

}
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
graceful-restart {
disable;
restart-duration seconds;
}
instance-export [ policy-names ];
instance-import [ policy-names ];
interface-routes {
family (inet | inet6) {
export {
lan;
point-to-point;
}
}
rib-group group-name;
}
martians {
destination-prefix match-type <allow>;
}
maximum-paths path-limit <log-only | threshold value log-interval seconds>;
maximum-prefixes prefix-limit <log-only | threshold value log-interval seconds>;
multicast {
forwarding-cache {
threshold (suppress | reuse) value value;
}
interface interface-name {
enable;
}
scope scope-name {
interface interface-name;
prefix destination-prefix;
}
scope-policy policy-name;
ssm-groups {
address;
}
}
options {
syslog (level level | upto level);
}
ppm {
delegate-processing;
}
resolution {
rib routing-table-name {
import [ policy-names ];

42 Copyright © 2011, Juniper Networks, Inc.

Chapter 2: Complete Routing and Routing Protocol Configuration Statements

resolution-ribs [ routing-table-names ];
}
}
rib routing-table-name {
aggregate {
defaults {
... aggregate-options ...
}
rib-group group-name;
route destination-prefix {
policy policy-name;
... aggregate-options ...
}
}
filter {
input filter-name;
}
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
martians {
destination-prefix match-type <allow>;
}
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
lsp-next-hop {
metric metric;
preference preference;
}
next-hop;
qualified-next-hop address {
interface interface-name;
metric metric;
preference preference;
}
static-options;
}
}
}
rib-groups {
group-name {
import-policy [ policy-names ];
import-rib [ group-names ];
export-rib group-name;
}
}

Copyright © 2011, Juniper Networks, Inc. 43

Junos OS 11.4 Routing Protocols Configuration Guide

route-distinguisher-id address;
route-record;
router-id address;
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}
holddown-interval milliseconds;
local-address ip-address;
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-receive-ttl number;
multiplier number;
neighbor address;
no-adaptation;
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
version (1 | automatic);
}
lsp-next-hop {
metric metric;
preference preference;
}
next-hop;
p2mp-lsp-next-hop {
metric metric;
preference preference;
}
qualified-next-hop (address | interface-name) {
interface interface-name;
metric metric;
preference preference;
}
source-routing {
(ip | ipv6);
}
static-options;
}
}
topologies {
(inet | inet6) {
topology name;
}

44 Copyright © 2011, Juniper Networks, Inc.

Chapter 2: Complete Routing and Routing Protocol Configuration Statements

}
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
}
}

Copyright © 2011, Juniper Networks, Inc. 45

Junos OS 11.4 Routing Protocols Configuration Guide

46 Copyright © 2011, Juniper Networks, Inc.

PART 2

Protocol-Independent Routing Properties

• Protocol-Independent Routing Properties Overview on page 49
• Configuring Routing Tables and Routes on page 59
• Configuring Other Protocol-Independent Routing Properties on page 119
• Summary of Protocol-Independent Routing Properties Configuration
Statements on page 143

Copyright © 2011, Juniper Networks, Inc. 47

Junos OS 11.4 Routing Protocols Configuration Guide

48 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 3

Protocol-Independent Routing Properties

Overview

This chapter discusses the following topics related to understanding and configuring
protocol-independent routing properties:

• [edit routing-options] Hierarchy Level on page 49

• Minimum Protocol-Independent Routing Properties Configuration on page 57

[edit routing-options] Hierarchy Level

Several statements in the [edit routing-options hierarchy are valid at numerous locations
within the hierarchy. To make the complete hierarchy easier to read, the repeated
statements are listed in “Common Routing Options” on page 49 and that section is
referenced at the appropriate locations in “Complete [edit routing-options] Hierarchy”
on page 51.

• Common Routing Options on page 49

• Complete [edit routing-options] Hierarchy on page 51

Common Routing Options

This section lists statements that are valid at the following hierarchy levels, and is
referenced at those levels in “Complete [edit routing-options] Hierarchy” on page 51
instead of the statements being repeated.

• [edit routing-options aggregate defaults]

• [edit routing-options aggregate route ip-prefix</prefix-length>]

• [edit routing-options generate defaults]

• [edit routing-options generate route ip-prefix</prefix-length>]

• [edit routing-options static defaults]

• [edit routing-options static route ip-prefix</prefix-length>]

The common routing options are as follows:

(active | passive);
as-path {

Copyright © 2011, Juniper Networks, Inc. 49

Junos OS 11.4 Routing Protocols Configuration Guide

aggregator as-number address;

atomic-aggregate;
origin (egp | igp | incomplete);
path path-identifier;
}
color metric <type metric-type>;
color2 metric <type metric-type>;
community [ community-id no-advertise no-export no-export-subconfed ];
metric metric <type metric-type>;
metric2 metric <type metric-type>;
metric3 metric <type metric-type>;
metric4 metric <type metric-type>;
passive;
preference preference-value <type metric-type>;
preference2 preference-value <type metric-type>;
tag metric <type metric-type>;
tag2 metric <type metric-type>;

50 Copyright © 2011, Juniper Networks, Inc.

Chapter 3: Protocol-Independent Routing Properties Overview

Complete [edit routing-options] Hierarchy

The statement hierarchy in this section can also be included at the [edit logical-systems
logical-system-name] hierarchy level.

routing-options {
access {
route ip-prefix</prefix-length> {
metric metric;
next-hop [ addresses ];
preference preference-value;
qualified-next-hop address;
tag route-tag;
}
}
access-internal {
route ip-prefix</prefix-length> {
next-hop [ addresses ];
qualified-next-hop address;
tag route-tag;
}
}
aggregate {
defaults {
... statements in Common Routing Options on page 49 PLUS ...
(brief | full);
discard;
}
route ip-prefix</prefix-length> {
... statements in Common Routing Options on page 49 PLUS ...
(brief | full);
discard;
policy [ policy-names ];
}
}
auto-export {
disable;
family inet {
disable;
flow {
disable;
rib-group rib-group;
}
multicast {
disable;
rib-group rib-group;
}
unicast {
disable;
rib-group rib-group;
}
}
family inet6 {
disable;
multicast {

Copyright © 2011, Juniper Networks, Inc. 51

Junos OS 11.4 Routing Protocols Configuration Guide

disable;
rib-group rib-group;
}
unicast {
disable;
rib-group rib-group;
}
}
family iso {
disable;
unicast {
disable;
rib-group rib-group;
}
}
traceoptions {
file filename <files number> <size maximum-file-size> <world-readable |
no-world-readable>;
flag flag <flag-modifier> <disable>;
}
}
autonomous-system autonomous-system <asdot-notation> <loops number>;
bgp-orf-cisco-mode;
bmp {
memory-limit bytes;
station-address (ip-address | name);
station-port-number port-number;
statistics-timeout seconds;
}
confederation as-number members [ as-numbers ];
dynamic-tunnels tunnel-name {
destination-networks prefix;
source-address address;
tunnel-type tunnel-type;
}
fate-sharing {
group group-name {
cost value;
from {
address <to address>;
}
}
}
flow {
route name {
match {
destination address;
destination-port [ afs bgp biff bootpc bootps cmd cvspserver dhcp domain eklogin
ekshell exec finger ftp ftp-data http https ident imap kerberos-sec klogin kpasswd
krb-prop krbupdate kshell ldap ldp login mobileip-agent mobilip-mn msdp
netbios-dgm netbios-ns netbios-ssn nfsd nntp ntalk ntp pop3 pptp printer radacct
radius rip rkinit smtp snmp snmptrap snpp socks ssh sunrpc syslog tacacs
tacacs-ds talk telnet tftp timed who xdmcp ];
dscp [ code-points ];
fragment [ don't-fragment first-fragment is-fragment last-fragment
not-a-fragment ];

52 Copyright © 2011, Juniper Networks, Inc.

Chapter 3: Protocol-Independent Routing Properties Overview

icmp-code [ communication-prohibited-by-filtering destination-host-prohibited

destination-host-unknow fragmentation-needed host-precedence-violation
host-unreachable host-unreachable-for-tos ip-header-bad network-unreachable
network-unreachable-for-tos port-unreachable precedence-cutoff-in-effect
protocol-unreachable redirect-for-host redirect-for-network
redirect-for-tos-and-host redirect-for-tos-and-net required-option-missing
source-host-isolated source-route-failed ttl-eq-zero-during-reassembly
ttl-eq-zero-during-transit ];
icmp-type [ echo-reply echo-request info-reply info-request mask-reply
mask-request parameter-problem redirect router-advertisement router-solicit
source-quench time-exceeded timestamp timestamp-reply unreachable ];
packet-length [ values ];
port [ ... same values as for the preceding destination-port statement ... ];
protocol [ ah egp esp gre icmp igmp ipip ospf pim rsvp sctp tcp udp ];
source address;
source-port [ ... same values as for the preceding destination-port statement ... ];
tcp-flags [ ack fin push rst syn urgent ];
}
then {
(accept | discard);
community community-name;
next-term;
rate-limit value;
routing-instance routing-instance-name;
sample;
}
}
validation {
traceoptions {
file filename <files number> <size maximum-file-size> <world-readable |
no-world-readable>;
flag flag <flag-modifier> <disable>;
}
}
}
forwarding-table {
export [ policy-names ];
(indirect-next-hop | no-indirect-next-hop);
unicast-reverse-path (active-paths | feasible-paths);
}
generate {
defaults {
... statements in Common Routing Options on page 49 PLUS ...
(brief | full);
discard;
}
route ip-prefix</prefix-length> {
... statements in Common Routing Options on page 49 PLUS ...
(brief | full);
discard;
policy [ policy-names ];
}
}
graceful-restart {
disable;
restart-duration seconds;

Copyright © 2011, Juniper Networks, Inc. 53

Junos OS 11.4 Routing Protocols Configuration Guide

}
instance-export [ policy-names ];
instance-import [ policy-names ];
interface-routes {
family (inet | inet6) {
export {
lan;
point-to-point;
}
import [ policy-names ];
}
rib-group {
inet group-name;
inet6 group-name;
}
}
l3vpn-composite-nexthop;
martians {
ip-prefix</prefix-length> (exact | longer | orlonger |
prefix-length-range /minimum-prefix-length–/maximum-prefix-length |
through ip-prefix</prefix-length> | upto /prefix-length) <allow>;
}
maximum-paths path-limit <log-only | threshold value> <log-interval seconds>;
maximum-prefixes prefix-limit <log-only | threshold value> <log-interval seconds>;
med-igp-update-interval minutes;
multicast {
... the multicast subhierarchy appears after the main [edit routing-options] hierarchy ...
}
nonstop-routing;
options {
mark seconds;
syslog {
level level;
upto level;
}
}
ppm {
no-delegate-processing;
}
resolution {
rib routing-table-name {
import [ policy-names ];
resolution-ribs [ routing-table-names ];
}
tracefilter [ filter-policy-names ];
traceoptions {
file filename <files number> <size maximum-file-size> <world-readable |
no-world-readable>;
flag flag <flag-modifier> <disable>;
}
}
rib routing-table-name {
access {
... same statements as at the [edit routing-options access] hierarchy level ...
}
access-internal {

54 Copyright © 2011, Juniper Networks, Inc.

Chapter 3: Protocol-Independent Routing Properties Overview

... same statements as at the [edit routing-options access-internal] hierarchy level ...
}
aggregate {
... same statements as at the [edit routing-options aggregate] hierarchy level ...
}
generate {
... same statements as at the [edit routing-options generate] hierarchy level ...
}
martians {
ip-prefix</prefix-length> (exact | longer | orlonger |
prefix-length-range /minimum-prefix-length–/maximum-prefix-length |
through ip-prefix</prefix-length> | upto /prefix-length) <allow>;
}
maximum-paths path-limit <log-only | threshold value> <log-interval seconds>;
maximum-prefixes prefix-limit <log-only | threshold value> <log-interval seconds>;
static {
... same statements as at the [edit routing-options static] hierarchy level ...
}
}
rib-groups {
group-name {
export-rib table-name;
import-policy [ policy-names ];
import-rib [ table-names ];
}
}
route-distinguisher-id address;
route-record;
router-id address;
source-routing {
ip;
ipv6;
}
static {
... the static subhierarchy appears after the main [edit routing-options] hierarchy ...
}
topologies {
family (inet | inet6) {
topology topology-name;
}
}
traceoptions {
file filename <files number> <size maximum-file-size> <world-readable |
no-world-readable>;
flag flag <disable>;
}
}

routing-options {
multicast {
asm-override-ssm;
backup-pe-group group-name {
backups [ addresses ];
local-address address;
}
flow-map flow-map-name {

Copyright © 2011, Juniper Networks, Inc. 55

Junos OS 11.4 Routing Protocols Configuration Guide

bandwidth <bps> <adaptive>;

forwarding-cache {
timeout (never <non-discard-entry-only> | minutes);
}
policy [ policy-names ];
redundant-sources [ addresses ];
}
forwarding-cache {
threshold {
reuse threshold-value;
suppress threshold-value;
}
timeout minutes;
}
interface interface-name {
maximum-bandwidth bps;
no-qos-adjust;
reverse-oif-mapping {
no-qos-adjust;
}
subscriber-leave-timer seconds;
}
pim-to-igmp-proxy {
upstream-interface [ interface-names ];
}
pim-to-mld-proxy {
upstream-interface [ interface-names ];
}
rpf-check-policy [ policy-names ];
scope scope-name {
interface [ interface-names ];
prefix ip-prefix</prefix-length>;
}
scope-policy [ policy-names ];
ssm-groups [ ip-prefix</prefix-length> ];
ssm-map ssm-map-name {
policy [ policy-names ];
source [ addresses ];
}
traceoptions {
file filename <files number> <size maximum-file-size> <world-readable |
no-world-readable>;
flag flag <disable>;
}
}
}

routing-options {
static {
defaults {
... statements in Common Routing Options on page 49 PLUS ...
(install | no-install);
(readvertise | no-readvertise);
(resolve | no-resolve);
(retain | no-retain);
}

56 Copyright © 2011, Juniper Networks, Inc.

Chapter 3: Protocol-Independent Routing Properties Overview

rib-group group-name;
route destination-prefix {
... statements in Common Routing Options on page 49 PLUS ...
backup-pe-group group-name;
bfd-liveness-detection {
detection-time {
threshold milliseconds;
}
holddown-interval milliseconds;
local-address ip-address;
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-receive-ttl milliseconds;
multiplier number;
neighbor address;
no-adaptation;
transmit-interval {
minimum-interval milliseconds;
threshold milliseconds;
}
version (1 | automatic);
}
(discard | next-hop [ addresses ] | next-table address | receive | reject);
(install | no-install);
lsp-next-hop {
metric metric;
preference preference;
}
p2mp-lsp-next-hop lsp-name {
metric metric;
preference preference;
}
(readvertise | no-readvertise);
(resolve | no-resolve);
(retain | no-retain);
static-lsp-next-hop lsp-name {
metric metric;
preference preference-value;
}
}
}
}

Related • Notational Conventions Used in Junos OS Configuration Hierarchies

Documentation

Minimum Protocol-Independent Routing Properties Configuration

All statements that configure protocol-independent routing properties are optional and
do not have to be included in the configuration for the router to operate. However, if you
are configuring BGP, you must configure an AS number and a router identifier. For OSPF,
the router uses the IP address configured on the loopback interface (lo0) as the router
identifier. If no IP address is configured on the loopback interface, the router uses the
highest IP address for the router identifier.

Copyright © 2011, Juniper Networks, Inc. 57

Junos OS 11.4 Routing Protocols Configuration Guide

58 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 4

Configuring Routing Tables and Routes

This chapter discusses how to perform the following tasks for configuring routing tables
and routes:

• Creating Routing Tables on page 60

• Configuring Static Routes on page 61
• Configuring the Destination of Static Routes on page 62
• Configuring the Next Hop for Static Routes on page 63
• Configuring an Independent Preference for Static Routes on page 64
• Specifying an LSP as the Next Hop for Static Routes on page 68
• Installing Static Routes into More than One Routing Table on page 69
• Configuring CLNS Static Routes on page 70
• Configuring Static Route Options on page 71
• Configuring Bidirectional Forwarding Detection on page 81
• Tracing BFD Protocol Traffic on page 86
• Overview of BFD Authentication for Static Routes on page 87
• Configuring BFD Authentication for Static Routes on page 89
• Configuring Default Routes on page 92
• Propagating Static Routes into Routing Protocols on page 93
• Examples: Configuring Static Routes on page 93
• Configuring Aggregate Routes on page 95
• Configuring the Destination of Aggregate Routes on page 97
• Configuring Aggregate Route Options on page 97
• Applying Policies to Aggregate Routes on page 102
• Advertising Aggregate Routes on page 103
• Configuring Generated Routes on page 103
• Configuring the Destination of Generated Routes on page 105
• Configuring Generated Route Options on page 105
• Applying Policies to Generated Routes on page 110
• Configuring Martian Addresses on page 110

Copyright © 2011, Juniper Networks, Inc. 59

Junos OS 11.4 Routing Protocols Configuration Guide

• Configuring Flow Routes on page 113

• Applying Filters to the Forwarding Table on page 118

Creating Routing Tables

The Junos OS can maintain one or more routing tables, thus allowing the software to
store route information learned from different protocols separately. For example, it is
common for the routing software to maintain unicast routes and multicast routes in
different routing tables. You also might have policy considerations that would lead you
to create separate routing tables to manage the propagation of routing information.

Creating routing tables is optional. If you do not create any, the Junos OS uses its default
routing tables, which are inet.0 for IP version 4 (IPv4) unicast routes, inet6.0 for IP version 6
(IPv6) unicast routes, inet.1 for the IPv4 multicast forwarding cache, and inet.3 for IPv4
MPLS. If Multiprotocol BGP (MBGP) is enabled, inet.2 is used for Subsequent Address
Family Indicator (SAFI) 2 routes. If you configure a routing instance, the Junos OS creates
the default unicast routing table instance-name.inet.0. If you configure a flow route, the
Junos OS creates the flow routing table instance-name.inetflow.0.

If you want to add static, aggregate, generated, or martian routes only to the default IPv4
unicast routing table (inet.0), you do not have to create any routing tables because, by
default, these routes are added to inet.0. You can add these routes just by including the
static, aggregate, generate, and martians statements. For a list of hierarchy levels at which
you can include this statement, see the statement summary section for this statement.

To explicitly create a routing table, include the rib statement and child statements under
the rib statement.

For a list of child statements and hierarchy levels at which you can include this statement,
see the statement summary section for this statement.

The routing table name, routing-table-name, includes the protocol family, optionally
followed by a period and a number. The protocol family can be inet for the IPv4 family,
inet6 for the IPv6 family, or iso for the International Standards Organization (ISO) protocol
family. The number represents the routing instance. The first instance is 0.

Example: Creating Routing Tables

Create the IPv4 routing table inet.0 and add a static route to it:

[edit]
routing-options {
rib inet.0 {
static {
route 140.122.0.0/16 next-hop 192.168.0.10;
}
}
}

Configure the primary IPv6 routing table inet6.0 and add a static route to it:

[edit routing-options]
rib inet6.0 {

60 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

static {
route 8:1::1/128 next-hop 8:3::1;
}
}

Configuring Static Routes

The routing device uses dynamic routes to learn how to reach network destinations.
Dynamic routes are determined from the information exchanged by the routing protocols
and, as the name implies, the routes might change as network conditions change and
these changes are discovered by the routing protocols. You can configure static
(nonchanging) routes to some network destinations. The routing device uses static routes
when it does not have a route to a destination that has a better (lower) preference value,
when it cannot determine the route to a destination, or when it is forwarding unroutable
packets.

Static routes are used when the network connects to a routing device or other system
outside the network and either that system cannot run a routing protocol or you do not
want to run a routing protocol on it. In these situations, a static route is created from an
edge routing device to the outside system and then the edge routing device redistributes
the static route to IGP.

A static route is installed in the routing table only when the route is active; that is, the list
of next-hop routing devices configured for that route contains at least one next hop on
an operational interface.

You can add the same routes to more than one routing table.

To configure static routes in the default IPv4 routing table (inet.0), include the static
statement and associated child statements.

For a list of child statements hierarchy levels at which you can include this statement,
see the statement summary section for this statement.

To configure static routes in one of the other routing tables, to explicitly configure static
routes in the default IPv4 route table (inet.0), or to explicitly configure static routes in
the primary IPv6 routing table (inet6.0), include the static statement under the rib
statement.

NOTE: You cannot configure static routes for the IPv4 multicast routing table
(inet.1) or the IPv6 multicast routing table (inet6.1).

The static statement consists of two parts:

• defaults—(Optional) Specify global static route options. These options only set default
attributes inherited by all newly created static routes. These are treated as global
defaults and apply to all the static routes you configure in the static statement.

Copyright © 2011, Juniper Networks, Inc. 61

Junos OS 11.4 Routing Protocols Configuration Guide

NOTE: Specifying the global static route options does not create default
routes. These options only set default attributes inherited by all newly
created static routes.

• route—Configure individual static routes. In this part of the static statement, you
optionally can configure static route options. These options apply to the individual
destination only and override any options you configured in the defaults part of the
static statement.

The following topics provide more information about configuring static routes:

• Configuring the Destination of Static Routes on page 62

• Configuring the Next Hop for Static Routes on page 63

• Configuring an Independent Preference for Static Routes on page 64

• Specifying an LSP as the Next Hop for Static Routes on page 68

• Installing Static Routes into More than One Routing Table on page 69

• Configuring CLNS Static Routes on page 70

• Configuring Static Route Options on page 71

• Configuring Default Routes on page 92

• Propagating Static Routes into Routing Protocols on page 93

• Examples: Configuring Static Routes on page 93

Configuring the Destination of Static Routes

When you configure an individual static route in the route part of the static statement,
specify the destination of the route (in route destination-prefix) in one of the following
ways:

• network/mask-length, where network is the network portion of the IP address and

mask-length is the destination prefix length.

• default if this is the default route to the destination. This is equivalent to specifying an
IP address of 0.0.0.0/0.

NOTE: IPv4 packets with a destination of 0.0.0.0 (the obsoleted limited

broadcast address) and IPv6 packets with a destination of 0::0 are discarded
by default. To forward traffic destined to these addresses, you can add a
static route to 0.0.0.0/32 for IPv4 or 0::0/128 for IPv6.

62 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

Configuring the Next Hop for Static Routes

When you configure an individual static route in the route part of the static statement,
specify how to reach the destination (in next-hop) in one of the following ways:

• next-hop address—IPv4 or IPv6 address of the next hop to the destination, specified
as:

• IPv4 or IPv6 address of the next hop

• Interface name (for point-to-point interfaces only)

• address or interface-name to specify an IP address of a multipoint interface or an

interface name of a point-to-point interface.

NOTE: If an interface becomes unavailable, all configured static routes

on that interface are withdrawn from the routing table.

NOTE: Load balancing is not supported on management and internal

Ethernet (fxo) interfaces because this type of interface cannot handle
the routing process. On fxp interfaces, you cannot configure multiple
next hops and enable load balancing.

• next-table routing-table-name—Name of the next routing table to the destination.

If you use the next-table action, the configuration must include a term qualifier that
specifies a different table than the one specified in the next-table action. In other words,
the term qualifier in the from statement must exclude the table in the next-table action.
In the following example, the first term contains rib vrf-customer2.inet.0 as a matching
condition. The action specifies a next-hop in a different routing table,
vrf-customer1.inet.0. The second term does the opposite by using rib vrf-customer1.inet.0
in the match condition and vrf-customer2.inet.0 In the next-table action.

term 1 {
from {
protocol bgp;
rib vrf-customer2.inet.0;
community customer;
}
then {
next-hop next-table vrf-customer1.inet.0;
}
}
term 2 {
from {
protocol bgp;
rib vrf-customer1.inet.0;
community customer;
}
then {

Copyright © 2011, Juniper Networks, Inc. 63

Junos OS 11.4 Routing Protocols Configuration Guide

next-hop next-table vrf-customer2.inet.0;

}
}

NOTE: Within a routing instance, you cannot configure a static route with
the next-table inet.0 statement if any static route in the main routing
instance is already configured with the next-table statement to point to
the inet.0 routing table of the routing instance. For example, if you configure
on the main routing instance a static route 192.168.88.88/32 with the
next-table test.inet.0 statement and the routing instance test is also
configured with a static route 192.168.88.88/32 with the next-table inet.0
statement, the commit operation fails. Instead, you must configure a routing
table group both on the main instance and on the routing instance, which
enables you to install the static route into both routing tables. For more
information, see “Installing Static Routes into More than One Routing Table”
on page 69.

• reject—Do not forward packets addressed to this destination. Instead, drop the packets,
send ICMP (or ICMPv6) unreachable messages to the packets’ originators, and install
a reject route for this destination into the routing table.

• discard—Do not forward packets addressed to this destination. Instead, drop the
packets, do not send ICMP (or ICMPv6) unreachable messages to the packets’
originators, and install a reject route for this destination into the routing table.

• receive—Install a route for this next-hop destination into the routing table.

The receive option forces the packet to be sent to the Routing Engine.

The receive option can be useful in the following cases:

• For receiving MPLS packets destined to a VRF instance's loopback address

• For receiving packets on a link's subnet address, with zeros in the host portion of the
address

Configuring an Independent Preference for Static Routes

Configuring independent preferences allows you to configure multiple static routes with
different preferences and metrics to the same destination. The static route with the best
preference, metric, and reachable next hop is chosen as the active route. This feature
allows you to specify preference and metric on a next-hop basis using the
qualified-next-hop statement.

NOTE: The preference and metric options configured by means of this

statement only apply to the qualified next hops. The qualified next hop
preference and metric override the route preference and metric (for that
specific qualified next hop), similar to how the route preference overrides
the default preference and metric (for that specific route).

64 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

To specify an independent preference for a static route on a point-to-point interface or

on an Ethernet interface, include the following statements:

qualified-next-hop address {
interface interface-name;
metric metric;
preference preference;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Specify a next-hop interface by including the qualified-next-hop option. Specifying a

next-hop interface is useful when you are creating a route to an IPv6 link-local next-hop
address (which is a link-only scope address and is specific only to an interface). The
32
preference value can be a number from 0 through 4,294,967,295 (2 – 1). A lower number
indicates a more preferred route. The metric value can also be a number from 0
through 4,294,967,295.

You can configure static routes on an unnumbered Ethernet interface by using the
qualified-next-hop option to specify the unnumbered interface as the next-hop interface
for a configured static route.

To configure an unnumbered Ethernet interface as the next-hop interface for a static

route and to specify independent preferences, include the following statements:

qualified-next-hop interface-name {
metric metric;
preference preference;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Keep the following points in mind when you configure static routes for unnumbered
Ethernet interfaces:

• The prefix length of the static route must be 32.

• The routing device uses the Address Resolution Protocol (ARP) to resolve the media
access control (MAC) address of the destination interface.

For information about how to configure an unnumbered Ethernet interface, see the Junos
OS Network Interfaces Configuration Guide.

NOTE: The qualified-next-hop statement is mutually exclusive with all other

types of next hops, except for next-hop address. Therefore, you cannot
configure next-hop reject, next-hop discard, and next-hop receive with
qualified-next-hop for the same destination.

Copyright © 2011, Juniper Networks, Inc. 65

Junos OS 11.4 Routing Protocols Configuration Guide

For sample configurations, see the following sections:

• Example: Configuring Independent Preferences for an IPv4 Static Route on page 66

• Example: Configuring Independent Preferences for an IPv6 Static Route on page 66
• Example: Configuring Independent Preferences for an Unnumbered Ethernet
Interface on page 67

Example: Configuring Independent Preferences for an IPv4 Static Route

The following example configures:

• A static route to 0.0.0.0/8 with a next hop through 192.168.1.254, with a metric of 10
and preference of 10.

• A static route to 10.0.0.0/8 with a next hop through 192.168.1.254, with a metric of 6
and preference of 5.

• A static route to 10.0.0.0/8 with a next hop through 192.168.1.2, with a metric of 6 and
preference of 7.

[edit]
routing-options {
static {
defaults {
metric 10;
preference 10;
}
route 0.0.0.0/8 {
next-hop 192.168.1.254 {
retain;
no-readvertise;
}
route 10.0.0.0/8 {
next-hop [192.168.1.2];
qualified-next-hop 192.168.1.254 {
preference 5;
}
metric 6;
preference 7;
}
}
}
}

Example: Configuring Independent Preferences for an IPv6 Static Route

Configure the following qualified next hops:

• A static route to fec0:1:1:4::/64 with a next hop through fec0:1:1:2::1, with a metric 10
and preference 10.

• A static route to fec0:1:1:5::/64 with a next hop through fec0:1:1:2::2, with a metric 6 and
preference 5.

66 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

• A static route to fec0:1:1:5::/64 with a next hop through fec0:1:1:2::3, with a metric 6 and
preference 7.

[edit]
routing-options {
rib inet6.0 {
static {
defaults {
metric 10;
preference 10;
}
route fec0:1:1:4::/64 {
next-hop fec0:1:1:2::1 {
retain;
no-readvertise;
}
route fec0:1:1:5::/64 {
next-hop fec0:1:1:2::3;
qualified-next-hop fec0:1:1:2::2 {
preference 5;
}
metric 6;
preference 7;
}
}
}
}
}

Example: Configuring Independent Preferences for an Unnumbered Ethernet Interface

The following example configures two things:

• An unnumbered SONET/SDH interface so-0/0/0, which borrows an IP address from

donor interface lo0.

• A static route to 7.7.7.1/32 with a next hop through unnumbered interface so-0/0/0.0
with a with a metric of 5 and preference of 6.

interfaces {
lo0 {
unit 0 {
family inet {
address 5.5.5.1/32;
address 6.6.6.1/32;
}
}
}
}
so-0/0/0 {
unit 0 {
family inet {
unnumbered-address lo0.0;
}
}

Copyright © 2011, Juniper Networks, Inc. 67

Junos OS 11.4 Routing Protocols Configuration Guide

}
routing-options {
static {
route 7.7.7.1/32 {
qualified next-hop so-0/0/0.0 {
metric 5;
preference 6;
}
}
}
}

Specifying an LSP as the Next Hop for Static Routes

Static routes can be configured with a next hop that is a label-switched path (LSP). This
is useful when implementing filter-based forwarding. You can specify an LSP as the next
hop and assign an independent preference and metric to this next hop.

To specify an LSP as the next hop for a static route, include the following statements:

lsp-next-hop lsp-name {
metric metric;
preference preference;
}

NOTE: The preference and metric configured by means of the lsp-next-hop

statement only apply to the LSP next hops. The LSP next-hop preference
and metric override the route preference and metric (for that specific LSP
next hop), similar to how the route preference overrides the default preference
and metric (for that specific route).

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.
32
The preference value can be a number in the range from 0 through 4,294,967,295 (2 – 1)
with a lower number indicating a more preferred route. The metric value can also be a
number in the range from 0 through 4,294,967,295.

NOTE: The lsp-next-hop statement is mutually exclusive with all other types
of next hops, except for next-hop address and qualified-next-hop. Therefore,
you cannot configure next-hop reject, next-hop discard, next-hop receive, and
next-table with lsp-next-hop for the same destination.

To specify a point-to-multipoint LSP as the next hop for a static route, include the
following statements:

p2mp-lsp-next-hop {
interface interface-name;
metric metric;
preference preference;

68 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Enable the qualified next-hop address on the interface by specifying the interface option.
32
The preference value can be a number from 0 through 4,294,967,295 (2 – 1). A lower
number indicates a more preferred route. The metric value can also be a number from
0 through 4,294,967,295.

Installing Static Routes into More than One Routing Table

You can install a static route into more than one routing table. For example, you might
want a simple configuration that allows you to install a static route into the default routing
table inet.0, as well as a second routing table inet.2. Instead of configuring the same
static route for each routing table, you can use routing table groups to insert the route
into multiple tables. To create a routing table group, include the rib-group statement.

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

To install the routing table into a configured routing table group, include the import-rib
statement:

rib-group group-name {
import-rib [ routing-table-names ];
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

The first routing table you list in the import-rib statement must be the one you configured
in the rib-group statement.

Examples: Installing a Static Route into More than One Routing Table
Install all routes in both inet.0 and inet.2.

[edit routing-options]
static {
rib-group foo;
route 1.1.1.0/24 reject;
}
rib-groups {
foo {
import-rib [ inet.0 inet.2 ];
}
}
autonomous-system 65432;

user@host> show route protocol static

inet.0: 19 destinations, 19 routes (19 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.0/24 *[Static/5] 00:00:09, metric 0

Reject

Copyright © 2011, Juniper Networks, Inc. 69

Junos OS 11.4 Routing Protocols Configuration Guide

inet.2: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

1.1.1.0/24 *[Static/5] 00:00:09, metric 0

Reject

Install only some routes in both inet.0 and inet.2, with other routes in inet.0 only.

[edit routing-options]
rib inet.2 {
static {
route 1.1.1.0/24 reject;
}
}
static {
route 1.1.1.0/24 reject;
}
autonomous-system 65432;

user@host> show route protocol static

inet.0: 19 destinations, 19 routes (19 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.0/24 *[Static/5] 00:00:06, metric 0

Reject

inet.2: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

1.1.1.0/24 *[Static/5] 00:00:06, metric 0

Reject

Configuring CLNS Static Routes

Connectionless Network Services (CLNS) is an ISO Layer 3 protocol that uses network
service access point (NSAP) reachability information instead of IPv4 prefixes. You can
configure a static route for CLNS networks.

NOTE: CLNS is supported on J Series Services Routers and MX Series routers

only.

To configure a CLNS static route, include the following statements:

rib (iso.0 | instance-name.iso.0)

static {
route nsap-prefix {
next-hop (interface-name | iso-net);
qualified-next-hop (interface-name | iso-net) {
metric metric;
preference preference;
}
}
}

70 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

For a list of hierarchy levels at which you can include these statements, see the CLNS
statement summary sections in the Junos OS Interfaces and Routing Configuration Guide.

Specify the iso.0 routing table option to configure a primary instance CLNS static route.
Specify the instance-name.iso.0 routing table option to configure CLNS static route for
a particular routing instance. Specify the route nsap-prefix statement to configure the
destination for the CLNS static route. Specify the next-hop (interface-name | iso-net)
statement to configure the next hop, specified as an ISO network entity title (NET) or
interface name. Include the qualified-next-hop (interface-name | iso-net) statement to
configure the qualified next hop, specified as an ISO network entity title or interface name.

Example: Configuring a Static CLNS Route

Configure a static CLNS route with an NSAP of 47.0005.80ff.f800.0000.ffff.ffff:

[edit]
routing-options {
rib iso.0 {
static {
iso-route 47.0005.80ff.f800.0000.ffff.ffff next-hop
47.0005.80ff.f800.0000.0108.0001.1921.6800.4212;
iso-route 47.0005.80ff.f800.0000.0108.0001.1921.6800.4212 next-hop t1-0/2/2.0;
iso-route 47.0005.80ff.f800.0000.eee {
qualified-next-hop 47.0005.80ff.f800.0000.0108.0001.1921.6800.4002 {
preference 20;
metric 10;
}
}
}
}
}

For information on CLNS, see “Configuring CLNS for IS-IS” on page 402 and the Junos OS
Interfaces and Routing Configuration Guide.

Configuring Static Route Options

In the defaults and route parts of the static statement, you can specify options that define
additional information about static routes that is included with the route when it is
installed in the routing table. All static options are optional. Static options that you specify
in the defaults part of the static statement are treated as global defaults and apply to
all the static routes you configure in the static statement. Static options that you specify
in the route part of the static statement override any global static options and apply to
that destination only.

To configure static route options for IPv4 static routes, include one or more options in
the defaults or route part of the static statement.

routing-options {
static {
defaults {
(active | passive);
as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate> <aggregator
as-number in-address>;

Copyright © 2011, Juniper Networks, Inc. 71

Junos OS 11.4 Routing Protocols Configuration Guide

community [ community-ids ];
(install | no-install);
metric metric <type type>;
(preference | preference2 | color | color2) preference <type type>;
(readvertise | no-readvertise);
(retain | no-retain);
tag string;
}
rib-group group-name;
route destination-prefix {
(active | passive);
as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate> <aggregator
as-number in-address>;
bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}
local-address ip-address;
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-receive-ttl number;
multiplier number;
neighbor address;
no-adaptation;
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds
}
version (1 | automatic);
}
community [ community-ids ];
(install | no-install);
metric metric <type type>;
(preference | preference2 | color | color2) preference <type type>;
(readvertise | no-readvertise);
resolve;
(retain | no-retain);
tag string;
}
}
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

To configure static route options for IPv6 static routes, include one or more options in
the defaults or route part of the static statement. Each of these options is explained in
the sections that follow.

rib inet6.0 {
static {

72 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

defaults {
(active | passive);
as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate> <aggregator
as-number in-address>;
community [ community-ids ];
(install | metric);
metric metric <type type>;
(preference | preference2 | color | color2) preference <type type>;
(readvertise | no-readvertise);
resolve;
(retain | no-retain);
}
rib-group group-name;
route destination-prefix {
(active | passive);
as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate> <aggregator
as-number in-address>;
bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}
local-address ip-address;
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-receive-ttl number;
multiplier number;
neighbor address;
no-adaptation;
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
version (1 | automatic);
}
community [ community-ids ];
(install | no-install);
metric metric <type type>;
(preference | preference2 | color | color2) preference <type type>;
(readvertise | no-readvertise);
resolve;
(retain | no-retain);
}
}
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Copyright © 2011, Juniper Networks, Inc. 73

Junos OS 11.4 Routing Protocols Configuration Guide

The following sections explain how to configure static route options:

• Configuring a Metric Value for Static Routes on page 74

• Configuring a Preference Value for Static Routes on page 74
• Associating BGP Communities with Static Routes on page 75
• Associating AS Paths with Static Routes on page 76
• Configuring an OSPF Tag String for Static Routes on page 77
• Controlling Temporary Installation of Static Routes in the Forwarding Table on page 77
• Controlling Retention of Static Routes in the Forwarding Table on page 78
• Controlling Retention of Inactive Static Routes in the Routing and Forwarding
Tables on page 79
• Controlling Readvertisement of Static Routes on page 80
• Controlling Resolution of Static Routes to Prefixes That Are Not Directly
Connected on page 80

Configuring a Metric Value for Static Routes

To associate a metric value with an IPv4 route, include the metric statement:

static (defaults | route) {

metric metric <type type>;
}

To associate a metric value with an IPv6 route, include the metric statement:

rib inet6.0 static (defaults | route) {

metric metric <type type>;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

In the type option, you can specify the type of route. For OSPF, when routes are exported
to OSPF, type 1 routes are advertised in type 1 externals, and routes of any other type are
advertised in type 2 externals. Note that if a qualified-next-hop metric value is configured,
this value overrides the route metric.

Configuring a Preference Value for Static Routes

By default, static routes have a preference value of 5. To modify the default preference
value, specify a primary preference value (preference). You also can specify a secondary
preference value (preference2) and colors, which are even finer-grained preference values
(color and color2). To do this for IPv4 static routes, include one or more of the following
statements:

static (defaults | route) {

(preference | preference2 | color | color2) preference <type type>;
}

To do this for IPv6 static routes, include one or more of the following statements:

rib inet6.0 static (defaults | route) {

74 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

(preference | preference2 | color | color2) preference <type type>;

}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.
32
The preference value can be a number in the range from 0 through 4,294,967,295 (2 – 1)
with a lower number indicating a more preferred route. For more information about
preference values, see “Route Preferences Overview” on page 6. Note that if a
qualified-next-hop preference value is configured, this value overrides the route
preference.

In the type option, you can specify the type of route.

Associating BGP Communities with Static Routes

By default, no BGP community information is associated with static routes. To associate
community information with IPv4 routes, include the community statement:

static (defaults | route) {

community [ community-ids ];
}

To associate community information with IPv6 routes, include the community statement:

rib inet6.0 static (defaults | route) {

community [ community-ids ];
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

community-ids is one or more community identifiers for either communities or extended

communities.

The format for community identifiers is:

as-number:community-value

as-number is the autonomous system (AS) number and can be a value in the range from 1
through 65,534. community-value is the community identifier and can be a number in the
range from 0 through 65,535.

You also can specify community-ids as one of the following well-known community
names, which are defined in RFC 1997:

• no-export—Routes containing this community name are not advertised outside a

BGP confederation boundary.

• no-advertise—Routes containing this community name are not advertised to other

BGP peers.

• no-export-subconfed—Routes containing this community name are not advertised to

external BGP peers, including peers in other members’ ASs inside a BGP confederation.

Copyright © 2011, Juniper Networks, Inc. 75

Junos OS 11.4 Routing Protocols Configuration Guide

You can also explicitly exclude BGP community information with a static route using the
none option. Include none when configuring an individual route in the route portion of the
static statement to override a community option specified in the defaults portion of the
statement.

NOTE: Extended community attributes are not supported at the [edit

routing-options] hierarchy level. You must configure extended communities
at the [edit policy-options] hierarchy level. For information about configuring
extended communities information, see the “Defining BGP Communities and
Extended Communities for Use in Routing Policy Match Conditions” section
in the Junos OS Routing Policy Configuration Guide. For information about
configuring 4-byte AS numbers and extended communities, see Configuring
4-Byte AS Numbers and BGP Extended Community Attributes in the Using
4-Byte Autonomous System Numbers in BGP Networks Technology Overview .

Associating AS Paths with Static Routes

By default, no AS path information is associated with static routes. To associate AS path
information with IPv4 routes, include the as-path statement:

static (defaults | route) {

as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate> <aggregator
as-number in-address>;
}

To associate AS path information with IPv6 routes, include the as-path statement:

rib inet6.0 static (defaults | route) {

as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate> <aggregator
as-number in-address>;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

as-path is the AS path to include with the route. It can include a combination of individual
AS path numbers and AS sets. Enclose sets in brackets ( [ ] ). The first AS number in the
path represents the AS immediately adjacent to the local AS. Each subsequent number
represents an AS that is progressively farther from the local AS, heading toward the origin
of the path.

76 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

NOTE:

In Junos OS Release 9.1 and later, the range that you can configure for the
AS number has been extended to provide BGP support for 4-byte AS numbers
as defined in RFC 4893, BGP Support for Four-octet AS Number Space. You
can now configure a number from 1 through 4,294,967,295. All releases of
the Junos OS support 2-byte AS numbers. The 2-byte AS number range is 1
through 65,535 (this is a subset of the 4-byte range).

In Junos OS Release 9.2 and later, you can also configure a 4-byte AS number
using the AS-dot notation format of two integer values joined by a period:
<16-bit high-order value in decimal>.<16-bit low-order value in decimal>. For
example, the 4-byte AS number of 65,546 in plain-number format is
represented as 1.10 in the AS-dot notation format. You can specify a value in
the range from 0.0 through 65535.65535 in AS-dot notation format.

You also can specify the AS path using the BGP origin attribute, which indicates the origin
of the AS path information:

• igp—Path information originated within the local AS.

• egp—Path information originated in another AS.

• incomplete—Path information learned by some other means.

To attach the BGP ATOMIC_AGGREGATE path attribute to the static route, specify the
atomic-aggregate statement. This path attribute indicates that the local system selected
a less specific route rather than a more specific route.

To attach the BGP AGGREGATOR path attribute to the static route, specify the aggregator
statement. When using this statement, you must specify the last AS number that formed
the static route (encoded as two octets), followed by the IP address of the BGP system
that formed the static route.

Configuring an OSPF Tag String for Static Routes

By default, no OSPF tag strings are associated with static routes. You can specify an
OSPF tag string by including the tag statement:

static (defaults | route) {

tag string;
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Controlling Temporary Installation of Static Routes in the Forwarding Table

By default, the Junos OS installs all active static routes into the forwarding table. To
configure the software not to install active IPv4 static routes into the forwarding table,
include the no-install statement:

Copyright © 2011, Juniper Networks, Inc. 77

Junos OS 11.4 Routing Protocols Configuration Guide

static (defaults | route) {

no-install;
}

To configure the software not to install active IPv6 static routes into the forwarding table,
include the no-install statement:

rib inet6.0 static (defaults | route) {

no-install;
}

Even if you configure a route so it is not installed in the forwarding table, the route is still
eligible to be exported from the routing table to other protocols. To explicitly install IPv4
routes into the forwarding table, include the install statement. Include this statement
when configuring an individual route in the route portion of the static statement to override
a no-install option specified in the defaults portion of the statement.

static (defaults | route) {

install;
}

To explicitly install IPv6 routes into the forwarding table, include the install statement.
Include this statement when configuring an individual route in the route portion of the
static statement to override a no-install statement specified in the defaults portion of
the statement.

rib inet6.0 static (defaults | route) {

install;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Controlling Retention of Static Routes in the Forwarding Table

By default, statically configured routes are deleted from the forwarding table when the
routing protocol process shuts down normally. To have an IPv4 static route remain in
the forwarding table, include the retain statement. Doing this greatly reduces the time
required to restart a system that has a large number of routes in its routing table.

static (defaults | route) {

retain;
}

To have an IPv6 static route remain in the forwarding table, include the retain statement.
Doing this greatly reduces the time required to restart a system that has a large number
of routes in its routing table.

rib inet6.0 static (defaults | route) {

retain;
}

To explicitly specify that IPv4 routes be deleted from the forwarding table, include the
no-retain statement. Include this statement when configuring an individual route in the
route portion of the static statement to override a retain option specified in the defaults
portion of the statement.

78 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

static (defaults | route) {

no-retain;
}

To explicitly specify that IPv6 routes be deleted from the forwarding table, include the
no-retain statement. Include this statement when configuring an individual route in the
route portion of the static statement to override a retain statement specified in the defaults
portion of the statement.

rib inet6.0 static (defaults | route) {

no-retain;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Controlling Retention of Inactive Static Routes in the Routing and Forwarding Tables
Static routes are only removed from the routing table if the next hop becomes
unreachable. This can occur if the local or neighbor interface goes down. To have an IPv4
static route remain installed in the routing and forwarding tables, include the passive
statement:

static (defaults | route) {

passive;
}

To have an IPv6 static route remain installed in the routing and forwarding tables, include
the passive statement:

rib inet6.0 static (defaults | route) {

passive;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Routes that have been configured to remain continually installed in the routing and
forwarding tables are marked with reject next hops when they are inactive.

To explicitly remove IPv4 static routes when they become inactive, include the active
statement. Include this statement when configuring an individual route in the route portion
of the static statement to override a passive option specified in the defaults portion of
the statement.

static (defaults | route) {

active;
}

To explicitly remove IPv6 static routes when they become inactive, include the active
statement. Include this statement when configuring an individual route in the route portion
of the static statement to override a passive statement specified in the defaults portion
of the statement.

rib inet6.0 static (defaults | route) {

active;

Copyright © 2011, Juniper Networks, Inc. 79

Junos OS 11.4 Routing Protocols Configuration Guide

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Controlling Readvertisement of Static Routes

By default, static routes are eligible to be readvertised (that is, exported) by dynamic
routing protocols. To mark an IPv4 static route as being ineligible for readvertisement,
include the no-readvertise statement:

static (defaults | route) {

no-readvertise;
}

To mark an IPv6 static route as being ineligible for readvertisement, include the
no-readvertise statement:

rib inet6.0 static (defaults | route) {

no-readvertise;
}

To explicitly readvertise IPv4 static routes, include the readvertise statement. Include
the readvertise statement when configuring an individual route in the route portion of the
static statement to override a no-readvertise statement specified in the defaults portion
of the statement.

static (defaults | route) {

readvertise;
}

To explicitly readvertise IPv6 static routes, include the readvertise statement. Include
the readvertise statement when configuring an individual route in the route portion of the
static statement to override a no-readvertise option specified in the defaults portion of
the statement.

rib inet6.0 static (defaults | route) {

readvertise;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Controlling Resolution of Static Routes to Prefixes That Are Not Directly Connected
By default, static routes can point only to a directly connected next hop. You can configure
an IPv4 route to a prefix that is not directly connected by resolving the route through the
inet.0 and inet.3 routing tables. To configure an IPv4 static route to a prefix that is not a
directly connected next hop, include the resolve statement:

static (defaults | route) {

resolve;
}

80 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

You can configure an IPv6 route to a prefix that is not directly connected by resolving the
route through the inet6.0 routing table. To configure an IPv6 static route to a prefix that
is not a directly connected next hop, include the resolve statement:

rib inet6.0 static (defaults | route) {

resolve;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Configuring Bidirectional Forwarding Detection

The Bidirectional Forwarding Detection (BFD) protocol is a simple hello mechanism that
detects failures in a network. Hello packets are sent at a specified, regular interval. A
neighbor failure is detected when the routing device stops receiving a reply after a specified
interval. BFD works with a wide variety of network environments and topologies. The
failure detection timers for BFD have shorter time limits than the failure detection
mechanisms of static routes, providing faster detection. These timers are also adaptive.
For example, a timer can adapt to a higher value if an adjacency fails, or a neighbor can
negotiate a higher value than the one configured. By default, BFD is supported on
single-hop static routes. In Junos OS Release 8.2 and later, BFD also supports multihop
static routes.

To enable failure detection, include the bfd-liveness-detection statement:

static route destination-prefix {

bfd-liveness-detection {
detection-time {
threshold milliseconds;
}
holddown-interval milliseconds;
local-address ip-address;
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-receive-ttl number;
multiplier number;
neighbor address;
no-adaptation;
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
version (1 | automatic);
}
}

In Junos OS Release 9.1 and later, the BFD protocol is supported for IPv6 static routes.
Global unicast and link-local IPv6 addresses are supported for static routes. The BFD
protocol is not supported on multicast or anycast IPv6 addresses. For IPv6, the BFD
protocol supports only static routes and only in Junos OS Release 9.3 and later. IPv6 for
BFD is not supported for any other protocol. To configure the BFD protocol for IPv6 static
routes, include the bfd-liveness-detection statement at the [edit routing-options rib inet6.0
static route destination-prefix] hierarchy level.

Copyright © 2011, Juniper Networks, Inc. 81

Junos OS 11.4 Routing Protocols Configuration Guide

In Junos OS Release 8.5 and later, you can configure a hold-down interval to specify how
long the BFD session must remain up before state change notification is sent. To specify
the hold-down interval, include the holddown-interval statement:

static route destination-prefix {

bfd-liveness-detection {
holddown-interval milliseconds;
}
}

You can configure a number in the range from 0 through 255,000 milliseconds, and the
default is 0. If the BFD session goes down and then comes back up during the hold-down
interval, the timer is restarted.

NOTE: If a single BFD session includes multiple static routes, the hold-down
interval with the highest value is used.

To specify the minimum transmit and receive intervals for failure detection, include the
minimum-interval statement:

static route destination-prefix {

bfd-liveness-detection {
minimum-interval milliseconds;
}
}

This value represents the minimum interval at which the local routing device transmits
hello intervals as well as the minimum interval that the routing device expects to receive
a reply from a neighbor with which it has established a BFD session. You can configure
a number in the range from 1 through 255,000 milliseconds. You can also specify the
minimum transmit and receive intervals separately.

82 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

NOTE: BFD is an intensive protocol that consumes system resources.

Specifying a minimum interval for BFD less than 100 ms for Routing
Engine-based sessions and 10 ms for distributed BFD sessions can cause
undesired BFD flapping.

Depending on your network environment, these additional recommendations

might apply:

• For large-scale network deployments with a large number of BFD sessions,

specify a minimum interval of 300 ms for Routing Engine-based sessions
and 100 ms for distributed BFD sessions.

• For very large-scale network deployments with a large number of BFD

sessions, please contact Juniper Networks customer support for more
information.

• For BFD sessions to remain up during a Routing Engine switchover event

when nonstop active routing (NSR) is configured, specify a minimum
interval of 2500 ms for Routing Engine-based sessions. For distributed
BFD sessions with NSR configured, the minimum interval recommendations
are unchanged and depend only on your network deployment.

To specify only the minimum receive interval for failure detection, include the
minimum-receive-interval statement:

static route destination-prefix {

bfd-liveness-detection {
minimum-receive-interval milliseconds;
}
}

This value represents the minimum interval at which the local routing device expects to
receive a reply from a neighbor with which it has established a BFD session. You can
configure a number in the range from 1 through 255,000 milliseconds.

To specify the number of hello packets not received by the neighbor that causes the
originating interface to be declared down, include the multiplier statement:

static route destination-prefix {

bfd-liveness-detection {
multiplier number;
}
}

The default value is 3. You can configure a number in the range from 1 through 255.

To specify a threshold for detecting the adaptation of the detection time, include the
threshold statement:

static route destination-prefix {

bfd-liveness-detection {
detection-time {
threshold milliseconds;

Copyright © 2011, Juniper Networks, Inc. 83

Junos OS 11.4 Routing Protocols Configuration Guide

}
}
}

When the BFD session detection time adapts to a value equal to or higher than the
threshold, a single trap and a system log message are sent. The detection time is based
on the multiplier of the minimum-interval or the minimum-receive-interval value. The
threshold must be a higher value than the multiplier for either of these configured values.
For example if the minimum-receive-interval is 300 ms and the multiplier is 3, the total
detection time is 900 ms. Therefore, the detection time threshold must have a value
higher than 900.

To specify only the minimum transmit interval for failure detection, include the
transmit-interval minimum-interval statement:

static route destination-prefix {

bfd-liveness-detection {
transmit-interval {
minimum-interval milliseconds;
}
}
}

This value represents the minimum interval at which the local routing device transmits
hello packets to the neighbor with which it has established a BFD session. You can
configure a value in the range from 1 through 255,000 milliseconds.

To specify the transmit threshold for detecting the adaptation of the transmit interval,
include the transmit-interval threshold statement:

static route destination-prefix {

bfd-liveness-detection {
transmit-interval {
threshold milliseconds;
}
}
}

The threshold value must be greater than the transmit interval. When the BFD session
detection time adapts to a value higher than the threshold, a single trap and a system
log message are sent. The detection time is based on the multiplier of the
minimum-interval or the minimum-receive-interval value. The threshold must be a higher
value than the multiplier for either of these configured values.

To specify the BFD version, include the version statement:

static route destination-prefix {

bfd-liveness-detection {
version (1 | automatic);
}
}

The default is to have the version detected automatically.

84 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

To include an IP address for the next hop of the BFD session, include the neighbor
statement:

static route destination-prefix {

next-hop interface-name;
bfd-liveness-detection {
neighbor address;
}
}

NOTE: You must configure the neighbor statement if the next hop specified
is an interface name. If you specify an IP address as the next hop, that address
is used as the neighbor address for the BFD session.

In Junos OS Release 9.0 and later, you can configure BFD sessions not to adapt to
changing network conditions. To disable BFD adaptation, include the no-adaptation
statement:

bfd-liveness-detection {
no-adaptation;
}

NOTE: We recommend that you not disable BFD adaptation unless it is

preferable not to have BFD adaptation in your network.

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

NOTE: If BFD is configured only on one end of a static route, the route is
removed from the routing table. BFD establishes a session when BFD is
configured on both ends of the static route.

BFD is not supported on ISO address families in static routes. BFD does
support IS-IS.

If you configure graceful Routing Engine switchover at the same time as BFD,
graceful Routing Engine switchover does not preserve the BFD state
information during a failover.

The Junos OS also supports BFD over multihop static routes. For example, you can
configure BFD over a Layer 3 path to provide path integrity over that path. You can limit
the number of hops by specifying the time-to-live (TTL).

To configure BFD over multihop static routes, include the following statements:

static route destination-prefix {

bfd-liveness-detection {
local-address ip-address;
minimum-receive-ttl number;

Copyright © 2011, Juniper Networks, Inc. 85

Junos OS 11.4 Routing Protocols Configuration Guide

}
}

To specify the source address for the multihop static route and to enable multihop BFD
support, include the local-address statement.

To specify the number of hops, include the minimum-receive-ttl statement. You must
configure this statement for a multihop BFD session. You can configure a value in the
range from 1 through 255. It is optional for a single-hop BFD session. If you configure the
minimum-receive-ttl statement for a single-hop session, the value must be 255.

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Related • Tracing BFD Protocol Traffic on page 86

Documentation
• Overview of BFD Authentication for Static Routes on page 87

• Configuring BFD Authentication for Static Routes on page 89

Tracing BFD Protocol Traffic

To trace BFD protocol traffic, you can specify options in the global traceoptions statement
at the [edit routing-options] hierarchy level, and you can specify BFD-specific options by
including the traceoptions statement at the [edit protocols bfd hierarchy level.

[edit protocols]
bfd {
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

You can specify the following BFD-specific options in the BFD traceoptions statement:

• adjacency—Trace adjacency messages.

• all—Trace all options.

• error—Trace all error messages.

• event—Trace all events.

• issu—Trace in-service software upgrade (ISSU) packet activity.

• nsr-packet—Trace active nonstop active routing (NSR) packet activity.

• nsr-synchronization—Trace NSR synchronization events.

• packet—Trace all packets.

• pipe—Trace pipe messages.

86 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

• pipe-detail—Trace pipe messages in detail.

• ppm-packet—Trace packet activity by periodic packet management (PPM).

• state—Trace state transitions.

• timer—Trace timer processing.

NOTE: Use the all trace flag with caution. These flags may cause the CPU to
become very busy.

Related • Configuring Bidirectional Forwarding Detection on page 81

Documentation
• Overview of BFD Authentication for Static Routes on page 87

• Configuring BFD Authentication for Static Routes on page 89

• Junos OS System Basics Configuration Guide

Overview of BFD Authentication for Static Routes

BFD enables rapid detection of communication failures between adjacent systems. By

default, authentication for BFD sessions is disabled. However, when you run BFD over
Network Layer protocols, the risk of service attacks can be significant. We strongly
recommend using authentication if you are running BFD over multiple hops or through
insecure tunnels. Beginning with Junos OS Release 9.6, the Junos OS supports
authentication for BFD sessions running over IPv4 and IPv6 static routes. BFD
authentication is not supported on MPLS OAM sessions. BFD authentication is only
supported in the domestic image and is not available in the export image.

You authenticate BFD sessions by specifying an authentication algorithm and keychain,

and then associating that configuration information with a security authentication
keychain using the keychain name.

The following sections describe the supported authentication algorithms, security

keychains, and level of authentication that can be configured:

• BFD Authentication Algorithms on page 88

• Security Authentication Keychains on page 88
• Strict Versus Loose Authentication on page 89

Copyright © 2011, Juniper Networks, Inc. 87

Junos OS 11.4 Routing Protocols Configuration Guide

BFD Authentication Algorithms

Junos OS supports the following algorithms for BFD authentication:

• simple-password—Plain-text password. One to 16 bytes of plain text are used to

authenticate the BFD session. One or more passwords may be configured. This method
is the least secure and should be used only when BFD sessions are not subject to packet
interception.

• keyed-md5—Keyed Message Digest 5 hash algorithm for sessions with transmit and
receive intervals greater than 100 ms. To authenticate the BFD session, keyed MD5
uses one or more secret keys (generated by the algorithm) and a sequence number
that is updated periodically. With this method, packets are accepted at the receiving
end of the session if one of the keys matches and the sequence number is greater than
or equal to the last sequence number received. Although more secure than a simple
password, this method is vulnerable to replay attacks. Increasing the rate at which the
sequence number is updated can reduce this risk.

• meticulous-keyed-md5—Meticulous keyed Message Digest 5 hash algorithm. This

method works in the same manner as keyed MD5, but the sequence number is updated
with every packet. Although more secure than keyed MD5 and simple passwords, this
method may take additional time to authenticate the session.

• keyed-sha-1—Keyed Secure Hash Algorithm I for sessions with transmit and receive
intervals greater than 100 ms. To authenticate the BFD session, keyed SHA uses one
or more secret keys (generated by the algorithm) and a sequence number that is
updated periodically. The key is not carried within the packets. With this method,
packets are accepted at the receiving end of the session if one of the keys matches
and the sequence number is greater than the last sequence number received.

• meticulous-keyed-sha-1—Meticulous keyed Secure Hash Algorithm I. This method

works in the same manner as keyed SHA, but the sequence number is updated with
every packet. Although more secure than keyed SHA and simple passwords, this method
may take additional time to authenticate the session.

NOTE: Nonstop active routing (NSR) is not supported with

meticulous-keyed-md5 and meticulous-keyed-sha-1 authentication
algorithms. BFD sessions using these algorithms may go down after a
switchover.

Security Authentication Keychains

The security authentication keychain defines the authentication attributes used for
authentication key updates. When the security authentication keychain is configured and
associated with a protocol through the keychain name, authentication key updates can
occur without interrupting routing and signaling protocols.

The authentication keychain contains one or more keychains. Each keychain contains
one or more keys. Each key holds the secret data and the time at which the key becomes
valid. The algorithm and keychain must be configured on both ends of the BFD session,

88 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

and they must match. Any mismatch in configuration prevents the BFD session from
being created.

BFD allows multiple clients per session, and each client can have its own keychain and
algorithm defined. To avoid confusion, we recommend specifying only one security
authentication keychain.

Strict Versus Loose Authentication

By default, strict authentication is enabled and authentication is checked at both ends
of each BFD session. Optionally, to smooth migration from nonauthenticated sessions
to authenticated sessions, you can configure loose checking. When loose checking is
configured, packets are accepted without authentication being checked at each end of
the session. This feature is intended for transitional periods only.

Related • Configuring BFD Authentication for Static Routes on page 89

Documentation
• bfd-liveness-detection on page 155 statement

• authentication-key-chains statement in the Junos OS System Basics Configuration Guide

• show bfd session command in the Junos OS Routing Protocols and Policies Command
Reference

• Configuring Bidirectional Forwarding Detection on page 81

Configuring BFD Authentication for Static Routes

Beginning with Junos OS Release 9.6, you can configure authentication for BFD sessions
running over IPv4 and IPv6 static routes. Routing instances are also supported. Only three
steps are needed to configure authentication on a BFD session:

1. Specify the BFD authentication algorithm for the static route.

2. Associate the authentication keychain with the static route.

3. Configure the related security authentication keychain.

The following sections provide instructions for configuring and viewing BFD authentication
on static routes:

• Configuring the BFD Authentication Parameters on page 89

• Viewing Authentication Information for BFD Sessions on page 91

Configuring the BFD Authentication Parameters

To configure BFD authentication:

1. Specify the algorithm (keyed-md5, keyed-sha-1, meticulous-keyed-md5,

meticulous-keyed-sha-1, or simple-password) to use for BFD authentication on a static
route or routing instance.

[edit]

Copyright © 2011, Juniper Networks, Inc. 89

Junos OS 11.4 Routing Protocols Configuration Guide

user@host# set routing-options static route ipv4 bfd-liveness-detection authentication

algorithm keyed-sha-1

NOTE: Nonstop active routing (NSR) is not supported with

meticulous-keyed-md5 and meticulous-keyed-sha-1 authentication
algorithms. BFD sessions using these algorithms may go down after a
switchover.

2. Specify the keychain to be used to associate BFD sessions on the specified route or
routing instance with the unique security authentication keychain attributes. This
should match the keychain name configured at the [edit security authentication
key-chains] hierarchy level.

[edit]
user@host# set routing-options static route ipv4 bfd-liveness-detection authentication
keychain bfd-sr4

NOTE: The algorithm and keychain must be configured on both ends of

the BFD session, and they must match. Any mismatch in configuration
prevents the BFD session from being created.

3. Specify the unique security authentication information for BFD sessions:

• The matching key-chain-name as specified in step 2.

• At least one key, a unique integer between 0 and 63. Creating multiple keys allows
multiple clients to use the BFD session.

• The secret-data used to allow access to the session.

• The time at which the authentication key becomes active, yyyy-mm-dd.hh:mm:ss.

[edit security]
user@host# authentication-key-chains key-chain bfd-sr4 key 53 secret
$9$ggaJDmPQ6/tJgF/AtREVsyPsnCtUHm start-time 2009-06-14.10:00:00

4. (Optional) Specify loose authentication checking if you are transitioning from

nonauthenticated sessions to authenticated sessions.

[edit]
user@host> set routing-options static route ipv4 bfd-liveness-detection authentication
loose-check

5. (Optional) View your configuration using the show bfd session detail or show bfd
session extensive command.

6. Repeat these steps to configure the other end of the BFD session.

NOTE: BFD authentication is only supported in the domestic image and is

not available in the export image.

90 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

Viewing Authentication Information for BFD Sessions

You can view the existing BFD authentication configuration using the show bfd session
detail and show bfd session extensive commands.

The following example shows BFD authentication configured for the static route at
192.168.208.26. It specifies the keyed SHA-1 authentication algorithm and a keychain
name of bfd-static. The authentication keychain is configured with two keys. Key 1 contains
the secret data “$9$ggaJDmPQ6/tJgF/AtREVsyPsnCtUHm” and a start time of June 1,
2009, at 9:46:02 AM PST. Key 2 contains the secret data “$9$a5jiKW9l.reP38ny.TszF2/9”
and a start time of June 1, 2009, at 3:29:20 PM PST.

[edit routing-options]
static route 192.168.208.26 {
bfd-liveness-detection {
authentication {
algorithm keyed-sha-1;
key-chain bfd-static;
}
}
}
[edit security]
authentication key-chains {
key-chain bfd-static {
key 1 {
secret “$9$ggaJDmPQ6/tJgF/AtREVsyPsnCtUHm”;
start-time “2009-6-1.09:46:02 -0700”;
}
key 2 {
secret “$9$a5jiKW9l.reP38ny.TszF2/9”;
start-time “2009-6-1.15:29:20 -0700”;
}
}
}

If you commit these updates to your configuration, you would see output similar to the
following. In the output for the show bfd sessions detail command, Authenticate is
displayed to indicate that BFD authentication is configured. For more information about
the configuration, use the show bfd sessions extensive command. The output for this
command provides the keychain name, the authentication algorithm and mode for each
client in the session, and the overall BFD authentication configuration status, keychain
name, and authentication algorithm and mode.

show bfd sessions user@host# show bfd session detail

detail
Detect Transmit
Address State Interface Time Interval Multiplier
192.168.208.26 Up so-1/0/0.0 2.400 0.800 10
Client Static, TX interval 0.600, RX interval 0.600, Authenticate
Session up time 00:18:07
Local diagnostic None, remote diagnostic NbrSignal
Remote state Up, version 1
Replicated

Copyright © 2011, Juniper Networks, Inc. 91

Junos OS 11.4 Routing Protocols Configuration Guide

1 sessions, 1 clients
Cumulative transmit rate 1.2 pps, cumulative receive rate 1.2 pps

show bfd sessions user@host# show bfd session extensive

extensive Detect Transmit
Address State Interface Time Interval Multiplier
192.168.208.26 Up so-1/0/0.0 2.400 0.800 10
Client Static, TX interval 0.600, RX interval 0.600, Authenticate
keychain bfd-static, algo keyed-md5, mode loose
Session up time 00:18:07
Local diagnostic None, remote diagnostic NbrSignal
Remote state Up, version 1
Replicated
Min async interval 0.600, min slow interval 1.000
Adaptive async TX interval 0.600, RX interval 0.600
Local min TX interval 0.600, minimum RX interval 0.600, multiplier 10
Remote min TX interval 0.800, min RX interval 0.800, multiplier 3
Local discriminator 2, remote discriminator 3
Echo mode disabled/inactive
Authentication enabled/active, keychain bfd-static, algo keyed-md5, mode loose

1 sessions, 1 clients
Cumulative transmit rate 1.2 pps, cumulative receive rate 1.2 pps

Related • Overview of BFD Authentication for Static Routes on page 87

Documentation
• bfd-liveness-detection on page 155 statement

• authentication-key-chains statement in the Junos OS System Basics Configuration Guide

• show bfd session command in the Junos OS Routing Protocols and Policies Command
Reference

• Configuring Bidirectional Forwarding Detection on page 81

Configuring Default Routes

To configure an IPv4 default route, include the next-hop address and retain statements:

static route default {

next-hop address;
retain;
}

To configure an IPv6 static route, include the next-hop address and retain statements:

rib inet6.0 static (default | route) {

next-hop address;
retain;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

92 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

Propagating Static Routes into Routing Protocols

A common way to propagate static routes into the various routing protocols is to configure
the routes so that the next-hop routing device is the loopback address (commonly,
127.0.0.1). However, configuring static routes in this way with the Junos OS (by including
a statement such as route address/mask-length next-hop 127.0.0.1) does not propagate
the static routes, because the forwarding table ignores static routes whose next-hop
routing device is the loopback address. To propagate IPv4 static routes into the routing
protocols, include the discard statement:

rib inet.0 static (defaults | route) {

discard;
}

To propagate IPv6 static routes into the routing protocols, include the discard statement:

rib inet6.0 static (defaults | route) {

discard;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

In this configuration, you use the discard option instead of reject because discard does
not send an ICMP (or ICMPv6) unreachable message for each packet that it drops.

Examples: Configuring Static Routes

Configure an IPv4 default route through the next-hop router 192.238.52.33:

[edit]
user@host# set routing-options static route 0.0.0.0/0 next-hop 192.238.52.33
[edit]
user@host# show
routing-options {
static {
route 0.0.0.0/0 next-hop 192.238.52.33;
}
}

Configure IPv4 static routes that are retained in the forwarding table when the routing
software shuts down normally:

[edit]
user@host# set routing-options static route 0.0.0.0/0 next-hop 192.168.1.254 retain
[edit]
user@host# set routing-options static route 10.1.1.1/32 next-hop 127.0.0.1 retain
[edit]
user@host# show
routing-options {
static {
route 0.0.0.0/0 {
next-hop 192.168.1.254;
retain;

Copyright © 2011, Juniper Networks, Inc. 93

Junos OS 11.4 Routing Protocols Configuration Guide

}
route 10.1.1.1/32 {
next-hop 127.0.0.1;
retain;
}
}
}

Configure an IPv4 static route and have it propagate into the routing protocols. In this
example, specify that the route 143.172.0.0/6 next-hop 127.0.0.1 should be discarded.

[edit]
user@host# set routing-options static route 143.172.0.0/6 discard
[edit]
user@host# show
routing-options {
static {
route 143.172.0.0/6 discard;
}
}

Install an IPv4 static route into both inet.0 and inet.2:

[edit]
user@host# set routing-options static rib-group some-group
user@host# set rib-groups some-group import-rib [inet.0 inet.2]
[edit]
user@host# show
routing-options {
static {
rib-group some-group;
}
rib-groups {
some-group {
import-rib [ inet.0 inet.2 ];
}
}
}

Configure an IPv6 default route through the next-hop router 8:3::1:

[edit]
user@host# set routing-options rib inet6.0 static route 0::/0 next-hop 8:3::1
[edit]
user@host# show
routing-options {
rib inet6.0 static {
route abcd::/48 next-hop 8:3::1;
}
}

Resolve an IPv6 static route to non-next-hop router 1::/64 using next-hop router 2000::1:

[edit]
user@host# set routing-options rib inet6.0 static route 1::/64 next-hop 2000::1 resolve
[edit]
user@host# show route 1::/64

94 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

inet6.0: 26 destinations, 27 routes (25 active, 0 holddown, 1 hidden)

+ = Active Route, - = Last Active, * = Both
1::/64 *[Static/5] 00:01:50
> to 8:1::2 via ge-0/1/0.0
user@host# show route 2000::1
inet6.0: 26 destinations, 27 routes (25 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
2000::/126 *[BGP/170] 00:05:32, MED 20, localpref 100
AS path: 2 I
> to 8:1::2 via ge-0/1/0.0

Configuring Aggregate Routes

Route aggregation allows you to combine groups of routes with common addresses into
a single entry in the routing table. This decreases the size of the routing table as well as
the number of route advertisements sent by the routing device.

An aggregate route becomes active when it has one or more contributing routes. A
contributing route is an active route that is a more specific match for the aggregate
destination. For example, for the aggregate destination 128.100.0.0/16, routes to
128.100.192.0/19 and 128.100.67.0/24 are contributing routes, but routes to 128.0.0.0./8,
128.0.0.0/16, and 128.100.0.0/16 are not.

A route can contribute only to a single aggregate route. However, an active aggregate
route can recursively contribute to a less specific matching aggregate route. For example,
an aggregate route to the destination 128.100.0.0/16 can contribute to an aggregate
route to 128.96.0.0/13.

When an aggregate route becomes active, it is installed in the routing table with the
following information:

• Reject next hop—If a more-specific packet does not match a more-specific route, the
packet is rejected and an ICMP unreachable message is sent to the packet’s originator.

• Metric value as configured with the aggregate statement.

• Preference value that results from the policy filter on the primary contributor, if a filter is
specified.

• AS path as configured in the aggregate statement, if any. Otherwise, the path is

computed by aggregating the paths of all contributing routes.

• Community as configured in the aggregate statement, if any is specified.

NOTE: You can configure only one aggregate route for each destination
prefix.

To configure aggregate routes in the default routing table (inet.0), include the
aggregate statement:

aggregate {
defaults {

Copyright © 2011, Juniper Networks, Inc. 95

Junos OS 11.4 Routing Protocols Configuration Guide

... aggregate-options ...

}
route destination-prefix {
policy policy-name;
... aggregate-options ...
}
}

To configure aggregate routes in one of the other routing tables, or to explicitly configure
aggregate routes in the default routing table (inet.0), include the aggregate statement:

rib routing-table-name {
aggregate {
defaults {
... aggregate-options ...
}
route destination-prefix {
policy policy-name;
... aggregate-options ...
}
}
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

NOTE: You cannot configure aggregate routes for the IPv4 multicast routing
table (inet.1) nor the IPv6 multicast routing table (inet6.1).

The aggregate statement consists of two parts:

• defaults—Here you specify global aggregate route options. These are treated as global
defaults and apply to all the aggregate routes you configure in the aggregate statement.
This part of the aggregate statement is optional.

• route—Here you configure individual aggregate routes. In this part of the aggregate
statement, you optionally can configure aggregate route options. These options apply
to the individual destination only and override any options you configured in the defaults
part of the aggregate statement.

The following topics provide more information about configuring aggregate routes:

• Configuring the Destination of Aggregate Routes on page 97

• Configuring Aggregate Route Options on page 97

• Applying Policies to Aggregate Routes on page 102

• Advertising Aggregate Routes on page 103

96 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

Configuring the Destination of Aggregate Routes

When you configure an individual aggregate route in the route part of the aggregate
statement, specify the destination of the route (in route destination-prefix) in one of the
following ways:

• network/mask-length, where network is the network portion of the IP address and

mask-length is the destination prefix length.

• default if this is the default route to the destination. This is equivalent to specifying an
IP address of 0.0.0.0/0.

Configuring Aggregate Route Options

In the defaults and route parts of the aggregate statement, you can specify
aggregate-options, which define additional information about aggregate routes that is
included with the route when it is installed in the routing table. All aggregate options are
optional. Aggregate options that you specify in the defaults part of the aggregate
statement are treated as global defaults and apply to all the aggregate routes you
configure in the aggregate statement. Aggregate options that you specify in the route
part of the aggregate statement override any global aggregate options and apply to that
destination only.

To configure aggregate route options, include one or more of them in the defaults or route
part of the aggregate statement:

[edit]
routing-options {
aggregate {
(defaults | route) {
(active | passive);
as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate> <aggregator
as-number in-address>;
community [ community-ids ];
discard;
(brief | full);
(metric | metric2 | metric3 | metric4) metric <type type>;
(preference | preference2 | color | color2) preference <type type>;
tag string;
}
}
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

The following sections explain how to configure aggregate route options:

• Configuring a Metric Value for Aggregate Routes on page 98

• Configuring a Preference Value for Aggregate Routes on page 98
• Configuring the Next Hop for Aggregate Routes on page 98

Copyright © 2011, Juniper Networks, Inc. 97

Junos OS 11.4 Routing Protocols Configuration Guide

• Associating BGP Communities with Aggregate Routes on page 99

• Associating AS Paths with Aggregate Routes on page 100
• Including AS Numbers in Aggregate Route Paths on page 101
• Configuring an OSPF Tag String for Aggregate Routes on page 101
• Controlling Retention of Inactive Aggregate Routes in the Routing and Forwarding
Tables on page 101

Configuring a Metric Value for Aggregate Routes

You can specify up to four metric values, starting with metric (for the first metric value)
and continuing with metric2, metric3, and metric4 by including one or more of the following
statements:

aggregate (defaults | route) {

(metric | metric2 | metric3 | metric4) metric <type type>;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

In the type option, you can specify the type of route.

Configuring a Preference Value for Aggregate Routes

By default, aggregate routes have a preference value of 130. If the routing table contains
a dynamic route to a destination that has a better (lower) preference value than this,
the dynamic route is chosen as the active route and is installed in the forwarding table.

To modify the default preference value, specify a primary preference value (preference).
You also can specify secondary preference value (preference2); and colors, which are
even finer-grained preference values (color and color2). To do this, include one or more
of the following statements:

aggregate (defaults | route) {

(preference | preference2 | color | color2) preference <type type>;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.
32
The preference value can be a number in the range from 0 through 4,294,967,295 (2 – 1)
with a lower number indicating a more preferred route. For more information about
preference values, see “Route Preferences Overview” on page 6.

In the type option, you can specify the type of route.

Configuring the Next Hop for Aggregate Routes

By default, when aggregate routes are installed in the routing table, the next hop is
configured as a reject route. That is, the packet is rejected and an ICMP unreachable
message is sent to the packet’s originator.

98 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

When you configure an individual route in the route part of the aggregate statement, or
when you configure the defaults for aggregate routes, you can specify a discard next hop.
This means that if a more specific packet does not match a more specific route, the
packet is rejected and a reject route for this destination is installed in the routing table,
but ICMP unreachable messages are not sent.

Being able to discard next hops allows you to originate a summary route, which can be
advertised through dynamic routing protocols, and allows you to discard received traffic
that does not match a more specific route than the summary route. To discard next hops,
include the discard option:

discard;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Associating BGP Communities with Aggregate Routes

By default, no BGP community information is associated with aggregate routes. To
associate community information with the routes, include the community option:

aggregate (defaults | route) {

community [ community-ids ];
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement. community-value is the community identifier and
can be a number in the range from 0 through 65,535.

community-ids is one or more community identifiers for either communities or extended

communities.

The format for community identifiers is:

as-number:community-value

as-number is the AS number and can be a value in the range from 1 through 65,534.

You also can specify community-ids for communities as one of the following well-known
community names, which are defined in RFC 1997:

• no-export—Routes containing this community name are not advertised outside a

BGP confederation boundary.

• no-advertise—Routes containing this community name are not advertised to other

BGP peers.

• no-export-subconfed—Routes containing this community name are not advertised to

external BGP peers, including peers in other members’ ASs inside a BGP confederation.

You can explicitly exclude BGP community information with an aggregate route using
the none option. Include none when configuring an individual route in the route portion
of the aggregate statement to override a community option specified in the defaults
portion of the statement.

Copyright © 2011, Juniper Networks, Inc. 99

Junos OS 11.4 Routing Protocols Configuration Guide

NOTE: Extended community attributes are not supported at the [edit

routing-options] hierarchy level. You must configure extended communities
at the [edit policy-options] hierarchy level. For information about configuring
extended communities information, see the “Configuring the Extended
Communities Attribute” section in the Junos OS Routing Policy Configuration
Guide. For information about configuring 4-byte AS numbers and extended
communities, see Configuring 4-Byte AS Numbers and BGP Extended
Community Attributes in the Using 4-Byte Autonomous System Numbers in
BGP Networks Technology Overview.

Associating AS Paths with Aggregate Routes

By default, the AS path for aggregate routes is built from the component routes. To
manually specify the AS path and associate AS path information with the routes, include
the as-path option:

aggregate (defaults | route) {

as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate> <aggregator
as-number in-address>;
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

NOTE: In Junos OS Release 9.1 and later, the numeric AS range is extended
to provide BGP support for 4-byte AS numbers, as defined in RFC 4893, BGP
Support for Four-octet AS Number Space. For the AS number, you can configure
a value from 1 through 4,294,967,295. All releases of the Junos OS support
2-byte AS numbers. The 2-byte AS number range is 1 through 65,535 (this is
a subset of the 4-byte range).

You also can specify the AS path using the BGP origin attribute, which indicates the origin
of the AS path information:

• egp—Path information originated in another AS.

100 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

• igp—Path information originated within the local AS.

• incomplete—Path information was learned by some other means.

To attach the BGP ATOMIC_AGGREGATE path attribute to the aggregate route, specify
the atomic-aggregate option. This path attribute indicates that the local system selected
a less specific route rather than a more specific route.

To attach the BGP AGGREGATOR path attribute to the aggregate route, specify the
aggregator option. When using this option, you must specify the last AS number that
formed the aggregate route (encoded as two octets), followed by the IP address of the
BGP system that formed the aggregate route.

Including AS Numbers in Aggregate Route Paths

By default, all AS numbers from all contributing paths are included in the aggregate
route’s path. To include only the longest common leading sequences from the contributing
AS paths, include the brief option when configuring the route. If doing this results in AS
numbers being omitted from the aggregate route, the BGP ATOMIC_ATTRIBUTE path
attribute is included with the aggregate route.

aggregate (defaults | route) {

brief;
}

To explicitly have all AS numbers from all contributing paths be included in the aggregate
route’s path, include the full option when configuring routes. Include this option when
configuring an individual route in the route portion of the aggregate statement to override
a retain option specified in the defaults portion of the statement.

aggregate (defaults | route) {

full;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Configuring an OSPF Tag String for Aggregate Routes

By default, no OSPF tag strings are associated with aggregate routes. You can specify
an OSPF tag string by including the tag option:

aggregate (defaults | route) {

tag string;
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Controlling Retention of Inactive Aggregate Routes in the Routing and Forwarding Tables
Static routes are only removed from the routing table if the next hop becomes
unreachable, which happens if there are no contributing routes. To have an aggregate
route remain continually installed in the routing and forwarding tables, include the passive
option when configuring the route:

Copyright © 2011, Juniper Networks, Inc. 101

Junos OS 11.4 Routing Protocols Configuration Guide

aggregate (defaults | route) {

passive;
}

Routes that have been configured to remain continually installed in the routing and
forwarding tables are marked with reject next hops when they are inactive.

To explicitly remove aggregate routes when they become inactive, include the active
option when configuring routes. Include this option when configuring an individual route
in the route portion of the aggregate statement to override a passive option specified in
the defaults portion of the statement.

aggregate (defaults | route) {

active;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Applying Policies to Aggregate Routes

You can associate a routing policy when configuring an aggregate route’s destination
prefix in the routes part of the aggregate statement. Doing so provides the equivalent of
an import routing policy filter for the destination prefix. That is, each potential contributor
to an aggregate route, along with any aggregate options, is passed through the policy
filter. The policy then can accept or reject the route as a contributor to the aggregate
route and, if the contributor is accepted, the policy can modify the default preferences.

The following algorithm is used to compare two aggregate contributing routes in order
to determine which one is the primary or preferred contributor:

1. Compare the protocol’s preferences of the contributing routes. The lower the
preference, the better the route. This is similar to the comparison that is done while
determining the best route for the routing table.

2. Compare the protocol’s preferences2 of the contributing routes. The lower preference2
value is better. If only one route has preferences2, then this route is preferred.

3. The preference values are the same. Proceed with a numerical comparison of the
prefix values.

a. The primary contributor is the numerically smallest prefix value.

b. If the two prefixes are numerically equal, the primary contributor is the route that
has the smallest prefix length value.

4. At this point, the two routes are the same. The primary contributor does not change.
An additional next hop is available for the existing primary contributor.

A rejected contributor still can contribute to a less specific aggregate route. If you do not
specify a policy filter, all candidate routes contribute to an aggregate route.

To associate a routing policy with an aggregate route, include the policy statement when
configuring the route:

102 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

aggregate (defaults | route) {

policy policy-name;
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Advertising Aggregate Routes

After you have configured aggregate routes, you can have a protocol advertise the routes
by configuring a policy that is then exported by a routing protocol.

To configure a protocol to advertise routes, include the policy-statement statement:

policy-statement advertise-aggregate-routes {
term first-term {
from protocol aggregate;
then accept;
}
term second-term {
then next policy;
}
}
protocols {
bgp {
export advertise-aggregate-routes;
...
}
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Configuring Generated Routes

Generated routes are used as the route of last resort. A packet is forwarded to the route
of last resort when the routing tables have no information about how to reach that
packet’s destination. One use of route generation is to generate a default route to use if
the routing table contains a route from a peer on a neighboring backbone.

A generated route becomes active when it has one or more contributing routes. A
contributing route is an active route that is a more specific match for the generated
destination. For example, for the destination 128.100.0.0/16, routes to 128.100.192.0/19
and 128.100.67.0/24 are contributing routes, but routes to 128.0.0.0./8, 128.0.0.0/16, and
128.100.0.0/16 are not.

A route can contribute only to a single generated route. However, an active generated
route can recursively contribute to a less specific matching generated route. For example,
a generated route to the destination 128.100.0.0/16 can contribute to a generated route
to 128.96.0.0/13.

By default, when generated routes are installed in the routing table, the next hop is chosen
from the primary contributing route.

Copyright © 2011, Juniper Networks, Inc. 103

Junos OS 11.4 Routing Protocols Configuration Guide

NOTE: Currently, you can configure only one generated route for each
destination prefix.

To configure generated routes in the default routing table (inet.0), include the generate
statement:

generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}

To configure generated routes in one of the other routing tables, or to explicitly configure
generated routes in the default route table (inet.0), include the generate statement:

rib routing-table-name {
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
}

NOTE: You cannot configure generated routes for the IPv4 multicast routing
table (inet.1) or the IPv6 multicast routing table (inet6.1).

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

The generate statement consists of two parts:

• defaults—Here you specify global generated route options. These are treated as global
defaults and apply to all the generated routes you configure in the generate statement.
This part of the generate statement is optional.

• route—Here you configure individual generated routes. In this part of the generate
statement, you optionally can configure generated route options. These options apply
to the individual destination only and override any options you configured in the defaults
part of the generate statement.

The following topics provide more information about configuring generated routes:

• Configuring the Destination of Generated Routes on page 105

104 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

• Configuring Generated Route Options on page 105

• Applying Policies to Generated Routes on page 110

Configuring the Destination of Generated Routes

When you configure an individual generated route in the route part of the generate
statement, specify the destination of the route (in route destination-prefix) in one of the
following ways:

• network/mask-length, where network is the network portion of the IP address and

mask-length is the destination prefix length.

• default if this is the default route to the destination. This is equivalent to specifying an
IP address of 0.0.0.0/0.

Configuring Generated Route Options

In the defaults and route parts of the generate statement, you can specify options that
define additional information about generated routes that is included with the route
when it is installed in the routing table. All generated options are optional. Generated
options that you specify in the defaults part of the generate statement are treated as
global defaults and apply to all the generated routes you configure in the generate
statement. Generated options that you specify in the route part of the generate statement
override any global generated options and apply to that destination only.

To configure generated route options, include one or more of them in the defaults or route
part of the generate statement (for routing instances, include the statement).

[edit]
routing-options
generate {
(defaults | route) {
(active | passive);
as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate> <aggregator
as-number in-address>;
community [ community-ids ];
discard;
(brief | full);
(metric | metric2 | metric3 | metric4) metric <type type>;
(preference | preference2 | color | color2) preference <type type>;
tag string;
}
}
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Copyright © 2011, Juniper Networks, Inc. 105

Junos OS 11.4 Routing Protocols Configuration Guide

The following sections explain how to configure generated route options:

• Configuring a Metric Value for Generated Routes on page 106

• Configuring a Preference Value for Generated Routes on page 106
• Configuring the Next Hop for Generated Routes on page 106
• Associating BGP Communities with Generated Routes on page 107
• Associating AS Paths with Generated Routes on page 108
• Configuring an OSPF Tag String for Generated Routes on page 109
• Including AS Numbers in Generated Route Paths on page 109
• Controlling Retention of Inactive Generated Routes in the Routing and Forwarding
Tables on page 109

Configuring a Metric Value for Generated Routes

You can specify up to four metric values, starting with metric (for the first metric value)
and continuing with metric2, metric3, and metric4, by including one or more of the following
statements:

(metric | metric2 | metric3 | metric4) metric < type type>;

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

In the type option, you specify the type of route.

Configuring a Preference Value for Generated Routes

By default, generated routes have a preference value of 130. If the Junos OS routing table
contains a dynamic route to a destination that has a better (lower) preference value
than this, the dynamic route is chosen as the active route and is installed in the forwarding
table.

To modify the default preference value, specify a primary preference value (preference).
You also can specify a secondary preference value (preference2) and colors, which are
even finer-grained preference values (color and color2). To do this, include one or more
of the following statements:

(preference | preference2 | color | color2) preference <type type>;

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.
32
The preference value can be a number in the range from 0 through 4,294,967,295 (2 – 1)
with a lower number indicating a more preferred route. For more information about
preference values, see “Route Preferences Overview” on page 6.

In the type option, you specify the type of route.

Configuring the Next Hop for Generated Routes

By default, when generated routes are installed in the routing table, the next hop is chosen
from the primary contributing route.

106 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

When you configure an individual route in the route part of the generate statement, or
when you configure the defaults for generated routes, you can specify a discard next hop.
This means that if a more specific packet does not match a more specific route, the
packet is rejected and a reject route for this destination is installed in the routing table,
but ICMP unreachable messages are not sent. The discard next-hop feature allows you
to originate a summary route, which can be advertised through dynamic routing protocols,
and allows you to discard received traffic that does not match a more specific route than
the summary route.

For example:

[edit routing-options generate route 1.0.0.0/8]

user@host# set discard

Associating BGP Communities with Generated Routes

By default, no BGP community information is associated with generated routes. To
associate community information with the routes, include the community option:

community [ community-ids ];

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

community-ids is one or more community identifiers for either communities or extended

communities.

The format for community identifiers is:

as-number:community-value

as-number is the AS number and can be a value in the range from 1 through 65,534.

You also can specify community-ids for communities as one of the following well-known
community names, which are defined in RFC 1997:

• no-advertise—Routes containing this community name are not advertised to other

BGP peers.

• no-export—Routes containing this community name are not advertised outside a BGP
confederation boundary.

• no-export-subconfed—Routes containing this community name are not advertised to

external BGP peers, including peers in other members’ ASs inside a BGP confederation.

You can explicitly exclude BGP community information with a generated route using the
none option. Include none when configuring an individual route in the route portion of the
generate statement to override a community option specified in the defaults portion of
the statement.

Copyright © 2011, Juniper Networks, Inc. 107

Junos OS 11.4 Routing Protocols Configuration Guide

NOTE: Extended community attributes are not supported at the [edit

routing-options] hierarchy level. You must configure extended communities
at the [edit policy-options] hierarchy level. For information about configuring
extended communities, see the “Configuring the Extended Communities
Attribute” section in the Junos OS Routing Policy Configuration Guide. For
information about configuring 4-byte AS numbers and extended communities,
see Configuring 4-Byte AS Numbers and BGP Extended Community Attributes
in the Using 4-Byte Autonomous System Numbers in BGP Networks Technology
Overview.

Associating AS Paths with Generated Routes

By default, no AS path information is associated with generated routes. To associate AS
path information with the routes, include the as-path statement:

as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate> <aggregator

as-number in-address>;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

NOTE: In Junos OS Release 9.1 and later, the numeric AS range is extended
to provide BGP support for 4-byte AS numbers, as defined in RFC 4983, BGP
Support for Four-octet AS Number Space. For the AS number, you can configure
a number from 1 through 4,294,967,295. All releases of the Junos OS support
2-byte AS numbers. The 2-byte AS number range is 1 through 65,535 (this is
a subset of the 4-byte range).

You also can specify the AS path using the BGP origin attribute, which indicates the origin
of the AS path information:

• egp—Path information originated in another AS.

• igp—Path information originated within the local AS.

• incomplete—Path information was learned by some other means.

108 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

To attach the BGP ATOMIC_AGGREGATE path attribute to the generated route, specify
the atomic-aggregate option. This path attribute indicates that the local system selected
a less specific route rather than a more specific route.

To attach the BGP AGGREGATOR path attribute to the generated route, specify the
aggregator option. When using this option, you must specify the last AS number that
formed the generated route (encoded as two octets), followed by the IP address of the
BGP system that formed the generated route.

Configuring an OSPF Tag String for Generated Routes

By default, no OSPF tag strings are associated with generated routes. You can specify
an OSPF tag string by including the tag statement:

tag string;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Including AS Numbers in Generated Route Paths

By default, all AS numbers from all contributing paths are included in the generated
route’s path. To include only the longest common leading sequences from the contributing
AS paths, include the brief statement when configuring the route. If doing this results in
AS numbers being omitted from the generated route, the BGP ATOMIC_ATTRIBUTE path
attribute is included with the generated route.

brief;

To explicitly have all AS numbers from all contributing paths be included in the generated
route’s path, include the full state when configuring routes. Include this option when
configuring an individual route in the route portion of the generate statement to override
a retain option specified in the defaults portion of the statement.

full;

For a list of hierarchy levels at which you can include the brief or full statement, see the
statement summary sections for these statements.

Controlling Retention of Inactive Generated Routes in the Routing and Forwarding Tables
Static routes are only removed from the routing table if the next hop becomes
unreachable, which happens if there are no contributing routes. To have a generated
route remain continually installed in the routing and forwarding tables, include the passive
option when configuring the route:

generate (defaults | route) {

passive;
}

Routes that have been configured to remain continually installed in the routing and
forwarding tables are marked with reject next hops when they are inactive.

To explicitly remove generated routes when they become inactive, include the active
option when configuring routes. Include this option when configuring an individual route

Copyright © 2011, Juniper Networks, Inc. 109

Junos OS 11.4 Routing Protocols Configuration Guide

in the route portion of the generate statement to override a retain option specified in the
defaults portion of the statement.

generate (defaults | route) {

active;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Applying Policies to Generated Routes

You optionally can associate a routing policy when configuring a generated route’s
destination prefix in the routes part of the generate statement. Doing so provides the
equivalent of an import routing policy filter for the destination prefix. That is, each potential
contributor to a generated route, along with any generate options, is passed through the
policy filter. The policy can accept or reject the route as a contributor to the generated
route and, if the contributor is accepted, the policy can modify the default preferences.

The following algorithm is used to compare two generated contributing routes in order
to determine which one is the primary or preferred contributor:

1. Compare the protocol’s preference of the contributing routes. The lower the preference,
the better the route. This is similar to the comparison that is done while determining
the best route for the routing table.

2. Compare the protocol’s preference2 of the contributing routes. The lower preference2
value is better. If only one route has preference2, then this route is preferred.

3. The preference values are the same. Proceed with a numerical comparison of the
prefixes’ values.

a. The primary contributor is the numerically smallest prefix value.

b. If the two prefixes are numerically equal, the primary contributor is the route that
has the smallest prefix length value.

At this point, the two routes are the same. The primary contributor does not change. An
additional next hop is available for the existing primary contributor.

A rejected contributor still can contribute to less specific generated route. If you do not
specify a policy filter, all candidate routes contribute to a generated route.

To associate a routing policy with an generated route, include the policy statement:

policy policy-name;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Configuring Martian Addresses

Martian addresses are host or network addresses about which all routing information is
ignored. They commonly are sent by improperly configured systems on the network and

110 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

have destination addresses that are obviously invalid. To view the default and configured
martian routes, run the show route martians command.

In IPv4, the following are the default martian addresses:

• 0.0.0.0/8

• 127.0.0.0/8

• 128.0.0.0/16

• 191.255.0.0/16

• 192.0.0.0/24

• 223.255.255.0/24

• 224.0.0.0/4

• 224.0.0.0/24

• 240.0.0.0/4

In IPv6, the loopback address and the multicast resolve and discard routes are the default
martian addresses, as shown here:

• ::1/128

• ff00::/8

• ff02::/16

Tables inet.1 and inet6.1 are multicast route tables. Table inet.1 does not include martian
routes for 224/4 or 224/24. Likewise, inet6.1 does not include martian routes for ff00::/8
and ff02::/16. The default martian route for inet6.1 is ::1/128. The default martian routes
for inet.1 are as follows:

• 0.0.0.0/8

• 127.0.0.0/8

• 128.0.0.0/16

• 191.255.0.0/16

• 192.0.0.0/24

• 223.255.255.0/24

• 240.0.0.0/4

The following sections explain how to configure martian routes:

• Adding Martian Addresses on page 112

• Deleting Martian Addresses on page 112
• Using Class E Addresses for Interface Addresses on page 113

Copyright © 2011, Juniper Networks, Inc. 111

Junos OS 11.4 Routing Protocols Configuration Guide

Adding Martian Addresses

To add martian addresses to the list of default martian addresses in the default IPv4
routing table (inet.0), include the martians statement:

martians {
destination-prefix match-type;
}

To add martian addresses to the list of default martian addresses in other routing tables,
or to explicitly add martian addresses to the list of default martian addresses in the
primary IPv6 routing table (inet6.0), include the martians statement:

rib inet6.0 {
martians {
destination-prefix match-type;
}
}

To add martian addresses to the list of default martian addresses in any other routing
tables, or to explicitly add martian addresses to the list of default martian addresses in
the default routing table (inet.0), include the martians statement:

rib routing-table-name {
martians {
destination-prefix match-type;
}
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

In destination-prefix, specify the routing destination in one of the following ways:

• default—If this is the default route to the destination. This is equivalent to specifying
the IP address 0.0.0.0/0.

• network/mask-length—network is the network portion of the IP address and mask-length

is the destination prefix length.

In match-type, specify the type of match to apply to the destination prefix. For more
information about match types, see the Junos OS Routing Policy Configuration Guide.

Deleting Martian Addresses

To delete a martian address from within a range of martian addresses, include the allow
option in the martians statement. This option removes an exact prefix that is within a
range of addresses that has been specified to be martian addresses.

To delete a martian address from the default routing table (inet.0), include the martians
statement:

martians {
destination-prefix match-type allow;
}

112 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

To delete a martian address from other routing tables, or to explicitly delete a martian
address from the primary IPv6 routing table (inet6.0), include the martians statement:

rib inet6.0 {
martians {
destination-prefix match-type allow;
}
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Using Class E Addresses for Interface Addresses

In Junos OS Release 9.6 and later, you can configure Class E addresses on interfaces.
Class E addresses are treated like any other unicast address for the purpose of forwarding.
To allow Class E addresses to be configured on interfaces, you must remove the Class
E prefix from the list of martian addresses. To remove the Class E prefix from the list of
martian addresses include the martians 240/4 orlonger allow statement at the [edit
routing-options] hierarchy level.

Configuring Flow Routes

A flow route is an aggregation of match conditions for IP packets. Flow routes are
propagated through the network using flow-specification network-layer reachability
information (NLRI) messages and installed into the flow routing table
instance-name.inetflow.0. Packets can travel through flow routes only if specific match
conditions are met.

Flow routes and firewall filters are similar in that they filter packets based on their
components and perform an action on the packets that match. Flow routes provide
traffic filtering and rate-limiting capabilities much like firewall filters. In addition, you can
propagate flow routes across different autonomous systems.

To configure a flow route, include the flow statement:

flow {
route name {
match {
match-conditions;
}
then {
actions;
}
}
term-order (legacy | standard);
validation {
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
}
}

Copyright © 2011, Juniper Networks, Inc. 113

Junos OS 11.4 Routing Protocols Configuration Guide

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Flow routes are propagated by BGP through flow-specification NLRI messages. You must
enable BGP to propagate these NLRIs. For more information on configuring BGP, see
Configuring BGP.

The following sections describe the specified tasks:

• Configuring Match Conditions for Flow Routes on page 114

• Configuring the Action for Flow Routes on page 116
• Validating Flow Routes on page 116
• Enabling Support for BGP Flow-Specification Algorithm Version 7 and Later on page 117

Configuring Match Conditions for Flow Routes

You specify conditions that the packet must match before the action in the then statement
is taken for a flow route. All conditions in the from statement must match for the action
to be taken. The order in which you specify match conditions is not important, because
a packet must match all the conditions in a term for a match to occur.

To configure a match condition, include the match statement at the [edit routing-options
flow] hierarchy level:

[edit routing-options flow]

match {
match-conditions;
}

Table 4 on page 114 describes the flow route match conditions.

Table 4: Flow Route Match Conditions

Match Condition Description

destination prefix IP destination address field.

destination-port TCP or User Datagram Protocol (UDP) destination port field. You cannot specify both the port and
number destination-port match conditions in the same term.

In place of the numeric value, you can specify one of the following text synonyms (the port numbers
are also listed): afs (1483), bgp (179), biff (512), bootpc (68), bootps (67), cmd (514), cvspserver (2401),
dhcp (67), domain (53), eklogin (2105), ekshell (2106), exec (512), finger (79), ftp (21), ftp-data (20),
http (80), https (443), ident (113), imap (143), kerberos-sec (88), klogin (543), kpasswd (761),
krb-prop (754), krbupdate (760), kshell (544), ldap (389), login (513), mobileip-agent (434),
mobilip-mn (435), msdp (639), netbios-dgm (138), netbios-ns (137), netbios-ssn (139), nfsd (2049),
nntp (119), ntalk (518), ntp (123), pop3 (110), pptp (1723), printer (515), radacct (1813), radius (1812),
rip (520), rkinit (2108), smtp (25), snmp (161), snmptrap (162), snpp (444), socks (1080), ssh (22),
sunrpc (111), syslog (514), tacacs-ds (65), talk (517), telnet (23), tftp (69), timed (525), who (513),
xdmcp (177), zephyr-clt (2103), or zephyr-hm (2104).

dscp number Differentiated Services code point (DSCP). The DiffServ protocol uses the type-of-service (ToS) byte
in the IP header. The most significant six bits of this byte form the DSCP.

You can specify DSCP in hexadecimal or decimal form.

114 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

Table 4: Flow Route Match Conditions (continued)

Match Condition Description

fragment type Fragment type field. The keywords are grouped by the fragment type with which they are associated:

• dont-fragment
• first-fragment
• is-fragment
• last-fragment
• not-a-fragment

icmp-code number ICMP code field. This value or keyword provides more specific information than icmp-type. Because
the value’s meaning depends upon the associated icmp-type value, you must specify icmp-type along
with icmp-code.

In place of the numeric value, you can specify one of the following text synonyms (the field values are
also listed). The keywords are grouped by the ICMP type with which they are associated:

• parameter-problem: ip-header-bad (0), required-option-missing (1)

• redirect: redirect-for-host (1), redirect-for-network (0), redirect-for-tos-and-host (3),
redirect-for-tos-and-net (2)
• time-exceeded: ttl-eq-zero-during-reassembly (1), ttl-eq-zero-during-transit (0)
• unreachable: communication-prohibited-by-filtering (13), destination-host-prohibited (10),
destination-host-unknown (7), destination-network-prohibited (9), destination-network-unknown (6),
fragmentation-needed (4), host-precedence-violation (14), host-unreachable (1),
host-unreachable-for-TOS (12), network-unreachable (0), network-unreachable-for-TOS (11),
port-unreachable (3), precedence-cutoff-in-effect (15), protocol-unreachable (2),
source-host-isolated (8), source-route-failed (5)

icmp-type number ICMP packet type field. Normally, you specify this match in conjunction with the protocol match
statement to determine which protocol is being used on the port.

In place of the numeric value, you can specify one of the following text synonyms (the field values are
also listed): echo-reply (0), echo-request (8), info-reply (16), info-request (15), mask-request (17),
mask-reply (18), parameter-problem (12), redirect (5), router-advertisement (9), router-solicit (10),
source-quench (4), time-exceeded (11), timestamp (13), timestamp-reply (14), or unreachable (3).

packet-length number Total IP packet length.

port number TCP or UDP source or destination port field. You cannot specify both the port match and either the
destination-port or source-port match condition in the same term.

In place of the numeric value, you can specify one of the text synonyms listed under destination-port.

protocol number IP protocol field. In place of the numeric value, you can specify one of the following text synonyms (the
field values are also listed): ah, egp (8), esp (50), gre (47), icmp (1), igmp (2), ipip (4), ipv6 (41), ospf (89),
pim (103), rsvp (46), tcp (6), or udp (17).

source prefix IP source address field.

source-port number TCP or UDP source port field. You cannot specify the port and source-port match conditions in the
same term.

In place of the numeric field, you can specify one of the text synonyms listed under destination-port.

Copyright © 2011, Juniper Networks, Inc. 115

Junos OS 11.4 Routing Protocols Configuration Guide

Table 4: Flow Route Match Conditions (continued)

Match Condition Description

tcp-flag type TCP header format.

Configuring the Action for Flow Routes

You can specify the action to take if the packet matches the conditions you have
configured in the flow route. To configure an action, include the then statement at the
[edit routing-options flow] hierarchy level:

[edit routing-options flow]

then {
action;
}

Table 5 on page 116 describes the flow route actions.

Table 5: Flow Route Action Modifiers

Action or Action Modifier Description

Actions
accept Accept a packet. This is the default.

discard Discard a packet silently, without sending an Internet Control Message Protocol (ICMP) message.

community Replace any communities in the route with the specified communities.

next-term Continue to the next match condition for evaluation.

routing-instance Specify a routing instance to which packets are forwarded.

extended-community

rate-limit bytes-per-second Limit the bandwidth on the flow route. Express the limit in bytes per second (Bps).

sample Sample the traffic on the flow route.

Validating Flow Routes

The Junos OS installs flow routes into the flow routing table only if they have been
validated using the validation procedure. The Routing Engine does the validation before
the installing routes into the flow routing table.

Flow routes received using the BGP network layer reachability information (NLRI)
messages are validated before they are installed into the flow primary instance routing
table instance.inetflow.0. The validation procedure is described in the
draft-ietf-idr-flow-spec-09.txt, Dissemination of Flow Specification Rules. You can bypass
the validation process for flow routes using BGP NLRI messages and use your own specific
import policy.

116 Copyright © 2011, Juniper Networks, Inc.

Chapter 4: Configuring Routing Tables and Routes

To trace validation operations, include the validation statement at the [edit routing-options
flow] hierarchy level:

[edit routing-options flow]

validation {
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
}

Enabling Support for BGP Flow-Specification Algorithm Version 7 and Later

By default, the Junos OS uses the term-ordering algorithm defined in version 6 of the
BGP flow specification draft. In Junos OS Release 10.0 and later, you can configure the
router to comply with the term-ordering algorithm first defined in version 7 of the BGP
flow specification and supported through RFC 5575, Dissemination of Flow Specification
Routes.

BEST PRACTICE: We recommend that you configure the Junos OS to use the
term-ordering algorithm first defined in version 7 of the BGP flow specification
draft. We also recommend that you configure the Junos OS to use the same
term-ordering algorithm on all routing instances configured on a router.

To configure BGP to use the flow-specification algorithm first defined in version 7 of the
Internet draft, include the standard statement at the [edit routing-options flow term-order]
hierarchy level:

[edit routing-options]
flow {
term-order standard;
}

To revert to using the term-ordering algorithm defined in version 6, include the legacy
statement at the [edit routing-options flow term-order] hierarchy level:

[edit routing-options]
flow {
term-order legacy;
}

NOTE: The configured term order has only local significance. That is, the
term order does not propagate with flow routes sent to the remote BGP peers,
whose term order is completely determined by their own term order
configuration. Therefore, you should be careful when configuring the
order-dependent action next term when you are not aware of the term order
configuration of the remote peers. The local next term might differ from the
next term configured on the remote peer.

Copyright © 2011, Juniper Networks, Inc. 117

Junos OS 11.4 Routing Protocols Configuration Guide

Related • Example: Enabling BGP to Carry Flow-Specification Routes on page 1202

Documentation
• flow on page 169

Applying Filters to the Forwarding Table

To apply a forwarding table filter to a forwarding table, include the filter and input
statements at the [edit forwarding-options family family-name] hierarchy level:

[edit forwarding-options family family-name]

filter {
input filter-name;
}

NOTE: Forwarding table filtering is not supported on the interfaces you

configure as tunnel sources. Input filters affect only the transit packets exiting
the tunnel.

Forwarding table filtering is not supported with the flow routes configuration.

For more information about forwarding table filters, see the Junos OS Routing Policy
Configuration Guide.

118 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 5

Configuring Other Protocol-Independent

Routing Properties

This chapter discusses how to perform the following tasks for configuring other
protocol-independent routing properties:

• Configuring AS Numbers for BGP on page 120

• Configuring Router Identifiers for BGP and OSPF on page 122
• Configuring AS Confederation Members on page 122
• Configuring Route Recording for Flow Aggregation on page 123
• Creating Routing Table Groups on page 123
• Configuring How Interface Routes Are Imported into Routing Tables on page 125
• Configuring Multicast Scoping on page 126
• Enabling Multicast Forwarding Without PIM on page 127
• Configuring Additional Source-Specific Multicast Groups on page 127
• Configuring Multicast Forwarding Cache Limits on page 128
• Configuring Per-Packet Load Balancing on page 128
• Configuring Unicast Reverse-Path-Forwarding Check on page 131
• Configuring Graceful Restart on page 132
• Configuring Route Distinguishers for VRF and Layer 2 VPN Instances on page 133
• Configuring Dynamic GRE Tunnels for VPNs on page 134
• Configuring System Logging for the Routing Protocol Process on page 135
• Configuring Route Resolution on page 136
• Enabling Indirect Next Hops on page 136
• Enabling Nonstop Active Routing on page 137
• Tracing Global Routing Protocol Operations on page 138
• Disabling Distributed Periodic Packet Management on the Packet Forwarding
Engine on page 140
• Enabling Source Routing on page 141
• Creating Policies to Control Label Allocation and Substitution for MPLS Ingress and
AS Border Routers on page 141

Copyright © 2011, Juniper Networks, Inc. 119

Junos OS 11.4 Routing Protocols Configuration Guide

Configuring AS Numbers for BGP

An autonomous system (AS) is a set of routing devices that are under a single technical
administration and that generally use a single interior gateway protocol (IGP) and metrics
to propagate routing information within the set of routing devices. An AS appears to other
ASs to have a single, coherent interior routing plan and presents a consistent picture of
what destinations are reachable through it.

ASs are identified by a number that is assigned by the Network Information Center (NIC)
in the United States (http://www.isi.edu). In Junos OS Release 9.1 and later, you can
configure a number from 1 through 4,294,967,295 in plain-number format. The range is
extended to provide BGP support for 4-byte AS numbers, as defined in RFC 4893, BGP
Support for Four-octet AS Number Space. All releases of the Junos OS support 2-byte AS
numbers. The 2-byte AS number range is 1 through 65,535 in plain-number format (this
is a subset of the 4-byte range).

RFC 4893 introduces two new optional transitive BGP attributes, AS4_PATH and
AS4_AGGREGATOR. These new attributes are used to propagate 4-byte AS path
information across BGP speakers that do not support 4-byte AS numbers. RFC 4893
also introduces a reserved, well-known, 2-byte AS number, AS 23456. This reserved AS
number is called AS_TRANS in RFC 4893.

In Junos OS Release 9.3 and later, you can also configure a 4-byte AS number using the
AS-dot notation format of two integer values joined by a period: <16-bit high-order value
in decimal>.<16-bit low-order value in decimal>. For example, the 4-byte AS number
of 65,546 in plain-number format is represented as 1.10 in the AS-dot notation format.
In AS-dot notation format, you can specify a value for AS number from 0.0
through 65535.65535.

If you are using BGP on the routing device, you must configure an AS number.

To configure the routing device’s AS number, include the autonomous-system statement:

autonomous-system autonomous-system <asdot-notation> <loops number>;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

To specify the number of times detection of the AS number in the AS_PATH attribute
causes the route to be discarded or hidden, include the loops option. For example, if you
configure loops 1, the route is hidden if the AS number is detected in the path one or more
times. This is the default behavior. If you configure loops 2, the route is hidden if the AS
number is detected in the path two or more times. You can specify a value in the range
from 1 through 10. The default value is 1.

The AS path attribute is modified when a route is advertised to an EBGP peer. Each time
a route is advertised to an EBGP peer, the local routing device prepends its AS number
to the existing path attribute, and a value of 1 is added to the AS number.

120 Copyright © 2011, Juniper Networks, Inc.

Chapter 5: Configuring Other Protocol-Independent Routing Properties

NOTE: When you specify the same AS number in more than one routing
instance on the local routing device, you must configure the same number
of loops for the AS number in each instance. For example, if you configure a
value of 3 for the loops statement in a VPN routing and forwarding (VRF)
routing instance that uses the same AS number as that of the master instance,
you must also configure a value of 3 loops for the AS number in the master
instance.

Use the independent-domain option if the loops statement must be enabled

only on a subset of routing instances. For more information about configuring
an independent AS domain, see “Configuring Independent AS Domains” on
page 289.

By default, the AS number is displayed in plain-number format even if you configured a

4-byte AS number using the AS-dot notation format. Include the asdot-notation statement
to configure the router to display a 4-byte AS number in the AS-dot notation format.

Examples: Configuring AS Numbers

Configure the 4-byte AS number 65,546 represented in plain-number format:

[edit]
routing-options {
autonomous-system 65546;
}
}

Configure the 4-byte AS number 65,546 represented in AS-dot notation format (in this
example, 1.10 is the AS-dot notation format for 65,546):

[edit]
routing-options {
autonomous-system 1.10;
}
}

Configure the 2-byte AS number 60,000 represented in plain-number format:

[edit]
routing-options {
autonomous-system 60000;
}
}

Related • 4-Byte Autonomous System Numbers Overview in the Using 4-Byte Autonomous System
Documentation Numbers in BGP Networks Technology Overview

• Juniper Networks Implementation of 4-Byte Autonomous System Numbers in the Using

4-Byte Autonomous System Numbers in BGP Networks Technology Overview

• Configuring 4-Byte Autonomous System Numbers in the Using 4-Byte Autonomous

System Numbers in BGP Networks Technology Overview

Copyright © 2011, Juniper Networks, Inc. 121

Junos OS 11.4 Routing Protocols Configuration Guide

• Understanding a 4-Byte Capable Router AS Path Through a 2-Byte Capable Domain

in the Using 4-Byte Autonomous System Numbers in BGP Networks Technology Overview

Configuring Router Identifiers for BGP and OSPF

The router identifier is used by BGP and OSPF to identify the routing device from which
a packet originated. The router identifier usually is the IP address of the local routing
device. If you do not configure a router identifier, the IP address of the first interface to
come online is used. This is usually the loopback interface. Otherwise, the first hardware
interface with an IP address is used.

To configure the router identifier, include the router-id statement:

router-id address;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

NOTE: We strongly recommend that you configure the router identifier under
the [edit routing-options] hierarchy level to avoid unpredictable behavior if
the interface address on a loopback interface changes.

Configuring AS Confederation Members

If you administer multiple ASs that contain a very large number of BGP systems, you can
group them into one or more confederations. Each confederation is identified by its own
AS number, which is called a confederation AS number. To external ASs, a confederation
appears to be a single AS. Thus, the internal topology of the ASs making up the
confederation is hidden.

The BGP path attributes NEXT_HOP, LOCAL_PREF, and MULTI_EXIT_DISC, which normally
are restricted to a single AS, are allowed to be propagated throughout the ASs that are
members of the same confederation.

Because each confederation is treated as if it were a single AS, you can apply the same
routing policy to all the ASs that make up the confederation.

Grouping ASs into confederations reduces the number of BGP connections required to
interconnect ASs.

If you are using BGP, you can enable the local routing device to participate as a member
of an AS confederation. To do this, include the confederation statement:

confederation confederation-autonomous-system members [ autonomous-systems ];

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

122 Copyright © 2011, Juniper Networks, Inc.

Chapter 5: Configuring Other Protocol-Independent Routing Properties

Specify the AS confederation identifier, along with the peer AS numbers that are members
of the confederation.

Note that peer adjacencies do not form if two BGP neighbors disagree about whether
an adjacency falls within a particular confederation.

Related • Example: Configuring BGP Confederations on page 1051

Documentation

Configuring Route Recording for Flow Aggregation

Before you can perform flow aggregation, the routing protocol process must export the
AS path and routing information to the sampling process. To do this, include the
route-record statement:

route-record;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Related • Junos OS Services Interfaces Configuration Guide

Documentation

Creating Routing Table Groups

You can group together one or more routing tables to form a routing table group. Within
a group, a routing protocol can import routes into all the routing tables in the group and
can export routes from a single routing table.

To create a routing table group, include the rib-groups statement:

rib-groups group-name {
import-policy [ policy-names ];
import-rib [ routing-table-names ];
export-rib routing-table-name;
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

The routing table group can have any name you choose (specified in group-name). If the
group name you specify is not created explicitly, you can create it by naming it in the
rib-groups statement.

Each routing table group must contain one or more routing tables that the Junos OS uses
when importing routes (specified in the import-rib statement). The first routing table you
specify is the primary routing table, and any additional routing tables are the secondary
routing tables.

The primary routing table determines the address family of the routing table group. To
configure an IP version 4 (IPv4) routing table group, specify inet.0 as the primary routing
table. To configure an IP version 6 (IPv6) routing table group, specify inet6.0 as the

Copyright © 2011, Juniper Networks, Inc. 123

Junos OS 11.4 Routing Protocols Configuration Guide

primary routing table. If you configure an IPv6 routing table group, the primary and all
secondary routing tables must be IPv6 routing tables (inet6.x).

In Junos OS Release 9.5 and later, you can include both IPv4 and IPv6 routing tables in
an IPv4 import routing table group using the import-rib statement. In releases prior to
Junos OS Release 9.5, you can only include either IPv4 or IPv6 routing tables in the same
import-rib statement. The ability to configure an import routing table group with both
IPv4 and IPv6 routing tables enables you, for example, to populate the inet6.3 routing
table with IPv6 addresses that are compatible with IPv4. Specify inet.0 as the primary
routing table, and specify inet6.3 as a secondary routing table.

Each routing table group optionally can contain one routing table group that the Junos
OS uses when exporting routes to the routing protocols (specified in the export-rib
statement).

NOTE: If you configure an import routing table group that includes both IPv4
and IPv6 routing tables, any corresponding export routing table group must
include only IPv4 routing tables.

If you have configured a routing table, configure the OSPF primary instance at the
[edit protocols ospf] hierarchy level with the statements needed for your network so that
routes are installed in inet.0 and in the forwarding table. Make sure to include the routing
table group. For more information, see “Example: Configuring Multiple Routing Instances
of OSPF” on page 256.

After specifying the routing table from which to import routes, you can apply one or more
policies to control which routes are installed in the routing table group. To apply a policy
to routes being imported into the routing table group, include the import-policy statement:

rib-groups group-name {
import-policy [ policy-names ];
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Examples: Creating Routing Table Groups

Create an IPv4 routing table group so that interface routes are installed into two routing
tables, inet.0 and inet.2:

[edit]
routing-options {
interface-routes {
rib-group if-rg;
}
rib-groups if-rg {
import-rib [ inet.0 inet.2 ];
}
}

124 Copyright © 2011, Juniper Networks, Inc.

Chapter 5: Configuring Other Protocol-Independent Routing Properties

Create an IPv6 routing table group so that interface routes are installed into two routing
tables, inet6.0 and inet6.2:

[edit]
routing-options {
interface-routes {
rib-group inet6 if-rg;
}
rib-groups if-rg {
import-rib [ inet6.0 inet6.2 ];
}
}

Configuring How Interface Routes Are Imported into Routing Tables

By default, IPv4 interface routes (also called direct routes) are imported into routing
table inet.0, and IPv6 interface routes are imported into routing table inet6.0. If you are
configuring alternate routing tables for use by some routing protocols, it might be
necessary to import the interface routes into the alternate routing tables. To define the
routing tables into which interface routes are imported, you create a routing table group
and associate it with the routing device’s interfaces.

To associate an IPv4 routing table group with the routing device’s interfaces and specify
which routing table groups interface routes are imported into, include the interface-routes
statement:

interface-routes {
rib-group group-name;
}

To associate an IPv6 routing table group with an interface, include the interface-routes
statement at the [edit routing-options] hierarchy level:

interface-routes {
rib-group inet6 group-name;
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

To create the routing table groups, include the passive statement at the
[edit routing-options] hierarchy level. For configuration information, see “Creating Routing
Table Groups” on page 123.

If you have configured a routing table, configure the OSPF primary instance at the [edit
protocols ospf] hierarchy level with the statements needed for your network so that
routes are installed in inet.0 and in the forwarding table. Make sure to include the routing
table group. For more information, see “Example: Configuring Multiple Routing Instances
of OSPF” on page 256.

To export local routes, include the export statement:

export {
lan;

Copyright © 2011, Juniper Networks, Inc. 125

Junos OS 11.4 Routing Protocols Configuration Guide

point-to-point;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

To export LAN routes, include the lan option. To export point-to-point routes, include
the point-to-point option.

Only local routes on point-to-point interfaces configured with a destination address are
exportable.

Configuring Multicast Scoping

To configure multicast address scoping, include the following statements:

multicast {
scope scope-name {
interface [ interface-names ];
prefix destination-prefix;
}
scope-policy policy-name;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Specify a name for the scope, its address range, and the routing device interfaces on
which you are configuring scoping.

You can apply a multicast scoping policy to the routing table. To apply a scoping policy,
include the scope-policy statement at the [edit routing-options multicast] hierarchy level.
For more information on configuring a scoping policy, see the Junos OS Routing Policy
Configuration Guide.

Example: Configuring Multicast Scoping

Configure multicast scoping by creating four scopes: local, organization, engineering, and
marketing.

Configure the local scope on a Fast Ethernet interface. Configure the organization scope
on a Fast Ethernet and a SONET/SDH interface. Configure the engineering and marketing
scopes on two SONET/SDH interfaces.

[edit]
routing-options {
multicast {
scope local {
prefix 239.255.0.0/16;
fe-0/1/0.0;
}
scope organization {
prefix 239.192.0.0/14;
interface [ fe-0/1/0.0 so-0/0/0.0 ];
}

126 Copyright © 2011, Juniper Networks, Inc.

Chapter 5: Configuring Other Protocol-Independent Routing Properties

scope engineering {
prefix 239.255.255.0/24;
interface [ so-0/0/1.0 so-0/0/2.0 ];
}
scope marketing {
prefix 239.255.254.0/24;
interface [ so-0/0/1.0 so-0/0/2.0 ];
}
}
}

Enabling Multicast Forwarding Without PIM

By default, multicast packets are forwarded by enabling Protocol Independent Multicast

(PIM) on an interface. PIM adds multicast routes into the routing table.

You can also configure multicast packets to be forwarded over a static route, such as a
static route associated with an LSP next hop. Multicast packets are accepted on an
interface and forwarded over a static route in the forwarding table. This is useful when
you want to enable multicast traffic on a specific interface without configuring PIM on
the interface.

To enable multicast traffic on an interface, include the interface statement:

interface interface-name;

To disable multicast traffic on an interface, include the disable statement:

interface interface-name {
disable;
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary section for these statements.

NOTE: You cannot enable multicast traffic on an interface and configure PIM
on the same interface simultaneously.

NOTE: Static routes must be configured before you can enable multicast on
an interface. Configuring the interface statement alone does not install any
routes into the routing table. This feature relies on the static route
configuration.

Configuring Additional Source-Specific Multicast Groups

IGMPv3 supports Source Specific Multicast (SSM) groups. By utilizing inclusion lists, only
sources that are specified send to the SSM group. By default, the SSM group multicast
address is limited to the IP address range 232.0.0.0 to 232.255.255.255. You can configure
additional SSM groups. Shared tree delivery is prohibited on SSM groups.

Copyright © 2011, Juniper Networks, Inc. 127

Junos OS 11.4 Routing Protocols Configuration Guide

To configure additional SSM groups, include the ssm-groups statement:

ssm-groups {
address;
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Configuring Multicast Forwarding Cache Limits

To configure multicast forwarding cache limits, include the following statements:

multicast {
forwarding-cache {
threshold suppress value <reuse value>;
}
}

You can include these statements at the following hierarchy levels:

• [edit routing-options]

• [edit logical-systems logical-system-name routing-options]

By default, there are no limits on the number of multicast forwarding cache entries.

Specify a value for the threshold at which to suppress new multicast forwarding cache
entries and an optional reuse value for the threshold at which the router begins to create
new multicast forwarding cache entries. The range for both is from 1 through 200,000.
If configured, the reuse value should be less than the suppression threshold value. The
suppression value is mandatory. If you do not specify the optional reuse value, then the
number of multicast forwarding cache entries is limited to the suppression value. A new
entry is created as soon as the number of multicast forwarding cache entries falls below
the suppression value.

Related • Junos OS Logical Systems Configuration Guide

Documentation
• Junos OS Multicast over Layer 3 VPNs Feature Guide

Configuring Per-Packet Load Balancing

For the active route, when there are multiple equal-cost paths to the same destination,
by default, the Junos OS chooses in a random fashion one of the next-hop addresses to
install into the forwarding table. Whenever the set of next hops for a destination changes
in any way, the next-hop address is chosen again, also in a random fashion.

You can configure the Junos OS so that, for the active route, all next-hop addresses for
a destination are installed in the forwarding table. This is called per-packet load balancing.
You can use load balancing to spread traffic across multiple paths between routing
devices. The behavior of the per-packet load-balancing function varies according to the
version of the Internet Processor ASIC in the routing device.

128 Copyright © 2011, Juniper Networks, Inc.

Chapter 5: Configuring Other Protocol-Independent Routing Properties

On routing devices with an Internet Processor I ASIC, when per-packet load balancing is
configured, traffic between routing devices with multiple paths is spread in a random
fashion across the available interfaces. The forwarding table balances the traffic headed
to a destination, transmitting packets in round-robin fashion among the multiple next
hops (up to a maximum of eight equal-cost load-balanced paths). The traffic is
load-balanced on a per-packet basis.

NOTE: Per-packet load distribution uses a hashing algorithm that distributes

packets over equal-cost links. The algorithm is designed to distribute packets
to prevent any single link from being saturated. However, per-packet load
balancing offers no guarantee of equal distribution of traffic over equal-cost
links, nor does it guarantee that increasing the number of Internet flows
creates a better hash distribution.

On routing devices with the Internet Processor II ASIC and T Series Internet Processor II
ASIC, when per-packet load balancing is configured, traffic between routing devices with
multiple paths is divided into individual traffic flows (up to a maximum of 16 equal-cost
load-balanced paths). Packets for each individual flow are kept on a single interface. To
recognize individual flows in the transit traffic, the routing device examines each of the
following:

• Source IP address

• Destination IP address

• Protocol

• Source port number

• Destination port number

• Source interface index

• Type of service (ToS)

The routing device recognizes packets in which all of these parameters are identical, and
it ensures that these packets are sent out through the same interface. This prevents
problems that might otherwise occur with packets arriving at their destination out of
their original sequence.

NOTE: Load balancing is not supported on management and internal Ethernet

(fxo) interfaces because this type of interface cannot handle the routing
process. On fxp interfaces, you cannot configure multiple next hops and
enable load balancing.

The following steps shows how to configure per-packet load balancing:

1. Define a load-balancing routing policy by including one or more policy-statement

statements at the [edit policy-options] hierarchy level, defining an action of
load-balance per-packet:

Copyright © 2011, Juniper Networks, Inc. 129

Junos OS 11.4 Routing Protocols Configuration Guide

policy-statement policy-name {
from {
match-conditions;
route-filter destination-prefix match-type <actions>;
prefix-list name;
}
then {
load-balance per-packet;
}
}

2. Apply the policy to routes exported from the routing table to the forwarding table. To
do this, include the forwarding-table and export statements:

forwarding-table {
export policy-name;
}

NOTE: You cannot apply the export policy to VRF routing instances.

For a list of hierarchy levels at which you can include these statements, see the statement
summary section for these statements.

NOTE: Specify all next-hops of that route, if more than one exists, when
allocating a label corresponding to a route that is being advertised.

NOTE: Configure the forwarding-options hash key for MPLS to include the
IP payload.

Examples: Configuring Per-Packet Load Balancing

Perform per-packet load balancing for all routes:

[edit]
policy-options {
policy-statement load-balancing-policy {
then {
load-balance per-packet;
}
}
}
routing-options {
forwarding-table {
export load-balancing-policy;
}
}

Perform per-packet load balancing for only a limited set of routes:

[edit]

130 Copyright © 2011, Juniper Networks, Inc.

Chapter 5: Configuring Other Protocol-Independent Routing Properties

policy-options {
policy-statement load-balancing-policy {
from {
route-filter 192.168.10/24 orlonger;
route-filter 9.114/16 orlonger;
}
then {
load-balance per-packet;
}
}
}
routing-options {
forwarding-table {
export load-balancing-policy;
}
}

Configuring Unicast Reverse-Path-Forwarding Check

IP spoofing can occur during a denial-of-service (DoS) attack. IP spoofing allows an

intruder to pass IP packets to a destination as genuine traffic, when in fact the packets
are not actually meant for the destination. This type of spoofing is harmful because it
consumes the destination’s resources.

Unicast reverse-path-forwarding (RPF) check is a tool to reduce forwarding of IP packets

that may be spoofing an address. A unicast RPF check performs a route table lookup on
an IP packet’s source address, and checks the incoming interface. The router determines
whether the packet is arriving from a path that the sender would use to reach the
destination. If the packet is from a valid path, the router forwards the packet to the
destination address. If it is not from a valid path, the router discards the packet. Unicast
RPF is supported for the IPv4 and IPv6 protocol families, as well as for the virtual private
network (VPN) address family.

To control the operation of unicast RPF check, include the unicast-reverse-path statement:

unicast-reverse-path (active-paths | feasible-paths);

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

To consider only active paths during the unicast RPF check, include the active-paths
option. To consider all feasible paths during the unicast RPF check, include the
feasible-paths option.

NOTE: Reverse-path forwarding is not supported on the interfaces you

configure as tunnel sources. This affects only the transit packets exiting the
tunnel.

You must enable unicast RPF check on an interface. To do so, include the rpf-check
statement:

rpf-check <fail-filter filter-name>;

Copyright © 2011, Juniper Networks, Inc. 131

Junos OS 11.4 Routing Protocols Configuration Guide

You can include this statement at the following hierarchy levels:

• [edit interfaces interface-name unit logical-unit-number family (inet | inet6)]

• [edit logical-systems logical-system-name interfaces interface-name unit

logical-unit-number family (inet | inet6)]

For more information about configuring unicast RPF on an interface, see the Junos OS
Services Interfaces Configuration Guide.

Example: Configuring Unicast RPF

Configure unicast RPF strict mode, and apply a fail filter that allows the interface to
accept BOOTP packets and DHCP packets. The filter accepts all packets with a source
address of 0.0.0.0 and a destination address of 255.255.255.255.

[edit firewall]
filter rpf-special-case-dhcp-bootp {
term allow-dhcp-bootp {
from {
source-address {
0.0.0.0/32;
}
address {
255.255.255.255/32;
}
}
then {
count rpf-dhcp-bootp-traffic;
accept;
}
}
term default {
then {
log;
reject;
}
}
}
[edit]
interfaces {
so-0/0/0 {
unit 0 {
family inet {
rpf-check fail-filter rpf-special-case-dhcp-bootp;
}
}
}
}

Configuring Graceful Restart

Graceful restart allows a routing device undergoing a restart to inform its adjacent
neighbors and peers of its condition. The restarting routing device requests a grace period
from the neighbor or peer, which can then cooperate with the restarting routing device.

132 Copyright © 2011, Juniper Networks, Inc.

Chapter 5: Configuring Other Protocol-Independent Routing Properties

With a graceful restart, the restarting routing device can still forward traffic during the
restart period, and convergence in the network is not disrupted. The restart is not visible
to the rest of the network, and the restarting routing device is not removed from the
network topology.

The graceful restart request occurs only if the following conditions are met:

• The network topology is stable.

• The neighbor or peer cooperates.

• The restarting routing device is not already cooperating with another restart already
in progress.

• The grace period does not expire.

Graceful restart is disabled by default. You must configure graceful restart at the [edit
routing-options] hierarchy level to enable the feature for Layer 2 and Layer 3 VPNs.

To enable graceful restart, include the graceful-restart statement:

graceful-restart {
disable;
restart-duration seconds;
}

NOTE: Configuring graceful restart for BGP resets the BGP peer routing
statistics to zero.

To disable graceful restart, include the disable statement. To configure a time period for
complete restart, include the restart-duration statement. You can specify a number
between 120 and 900.

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Related • Junos OS High Availability Configuration Guide

Documentation

Configuring Route Distinguishers for VRF and Layer 2 VPN Instances

If the route distinguisher ID is configured, the routing process automatically generates a

type 1 route distinguisher for VPN routing and forwarding (VRF) and Layer 2 VPN instances.
If a route distinguisher is explicitly configured under the routing instances stanza, then
that configured route distinguisher is used.

To configure a route distinguisher identifier globally, include the route-distinguisher-id

statement:

route-distinguisher-id address;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Copyright © 2011, Juniper Networks, Inc. 133

Junos OS 11.4 Routing Protocols Configuration Guide

Related • Junos OS VPNs Configuration Guide

Documentation

Configuring Dynamic GRE Tunnels for VPNs

A VPN that travels through a non-MPLS network requires a generic routing encapsulation
(GRE) tunnel. This tunnel can be either a static tunnel or a dynamic tunnel. A static tunnel
is configured manually between two provider edge (PE) routers. A dynamic tunnel is
configured using BGP route resolution.

When a router receives a VPN route that resolves over a BGP next hop that does not have
an MPLS path, a GRE tunnel can be created dynamically, allowing the VPN traffic to be
forwarded to that route. Formerly, GRE tunnels had to be established manually. Only
GRE IPv4 tunnels are supported.

To configure a dynamic tunnel between two PE routers, include the dynamic-tunnels

statement:

dynamic-tunnels tunnel-name {
destination-networks prefix;
source-address address;
tunnel-type type;
}

You can include this statement at the following hierarchy levels:

• [edit routing-options]

• [edit logical-systems logical-system-name routing-options]

Specify the IPv4 prefix range (for example, 10/8 or 11.1/16) for the destination network
by including the destination-networks statement. Only tunnels within the specified IPv4
prefix range can be created.

destination-networks prefix;

You can include this statement at the following hierarchy levels:

• [edit routing-options dynamic-tunnels tunnel-name]

• [edit logical-systems logical-system-name routing-options dynamic-tunnels tunnel-name]

Specify the source address for the GRE tunnels by including the source-address statement.
The source address specifies the address used as the source for the local tunnel endpoint.
It can be any local address on the router (typically the router ID or the loopback address).

source-address address;

You can include this statement at the following hierarchy levels:

• [edit routing-options dynamic-tunnels tunnel-name]

• [edit logical-systems logical-system-name routing-options dynamic-tunnels tunnel-name]

134 Copyright © 2011, Juniper Networks, Inc.

Chapter 5: Configuring Other Protocol-Independent Routing Properties

Specify the type of tunnel to be dynamically created by including the tunnel-type

statement. The only currently valid value is gre (for GRE tunnels).

tunnel-type type;

You can include this statement at the following hierarchy levels:

• [edit routing-options dynamic-tunnels tunnel-name]

• [edit logical-systems logical-system-name routing-options dynamic-tunnels tunnel-name]

Configuring System Logging for the Routing Protocol Process

To control how much information the routing protocol process should log, include the
options statement.

Include the following form of the statement to log messages for a particular severity
level and all higher levels:

routing-options {
options syslog upto level;
}

Include the following form of the statement to log messages for a particular severity
level:

routing-options {
options syslog level level;
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

NOTE: System logging frequently deals with processes logged at the info or
notice severity level. Make sure that your regular system logging configurations
include the info or notice levels.

Examples: Configuring System Logging for the Routing Protocol Process

Configure the router to log messages of all severities:

[edit]
user@host# set routing-options options syslog upto emergency
[edit]
user@host# show
routing-options {
options syslog upto emergency;
}

Configure the router to log only alert-level and critical-level messages:

[edit]
user@host# set routing-options options syslog level alert critical
[edit]

Copyright © 2011, Juniper Networks, Inc. 135

Junos OS 11.4 Routing Protocols Configuration Guide

user@host# show
routing-options {
options syslog alert critical;
}

Configuring Route Resolution

You can configure a routing table to accept routes from specific routing tables. You can
also configure a routing table to use specific import policies to produce a route resolution
table to resolve routes.

To configure route resolution, include the resolution statement:

resolution {
rib routing-table-name {
import [ policy-names ];
resolution-ribs [ routing-table-names ];
}
}

To specify the name of the routing table to modify, include the rib routing-table-name
statement. To specify one or more import policies to use for route resolution, include the
import [ policy-names ] statement. To specify one or more routing tables to use for route
resolution, include the resolution-ribs [ routing-table-names ] statement.

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Enabling Indirect Next Hops

The Junos OS supports the concept of an indirect next hop for all routing protocols that
support indirectly connected next hops, also known as third-party next hops.

Because routing protocols such as IBGP can send routing information about indirectly
connected routes, the Junos OS relies on routes from intra-AS routing protocols (OSPF,
IS-IS, RIP, and static) to resolve the best directly connected next hop. The Routing Engine
performs the task of route resolution to determine the best directly connected next hop
and install the route to the Packet Forwarding Engine.

By default, the Junos OS does not maintain the route for indirect next hop to forwarding
next-hop binding on the Packet Forwarding Engine forwarding table. As a result, when
a rerouting event occurs, potentially thousands of route to forwarding next-hop bindings
must be updated, which increases the route convergence time. Figure 2 on page 136
illustrates the route to forwarding next-hop bindings with indirect next hop disabled.

Figure 2: Route to Forwarding Next-Hop Bindings

136 Copyright © 2011, Juniper Networks, Inc.

Chapter 5: Configuring Other Protocol-Independent Routing Properties

You can enable the Junos OS to maintain the indirect next hop to forwarding next-hop
binding on the Packet Forwarding Engine forwarding table. As a result, fewer route to
forwarding next-hop bindings need to be updated, which improves the route convergence
time. Figure 3 on page 137 illustrates the route to forwarding next-hop bindings with indirect
next hop enabled.

Figure 3: Route to Forwarding Indirect Next-Hop Bindings

To enable indirectly connected next hops, include the indirect-next-hop statement:

indirect-next-hop;

NOTE: When virtual private LAN service (VPLS) is configured on the routing
device, the indirect-next-hop statement is configurable at the [edit
routing-options forwarding-table] hierarchy level. However, this configuration
is not applicable to indirect nexthops specific to VPLS routing instances.

To disable indirectly connected next hops, include the no-indirect-next-hop statement:

no-indirect-next-hop;

NOTE: By default, the Junos Trio Modular Port Concentrator (MPC) chipset
on MX Series Routers is enabled with indirectly connected next hops and this
cannot be disabled using the no-indirect-next-hop statement.

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Enabling Nonstop Active Routing

Nonstop active routing (NSR) allows a routing platform with redundant Routing Engines
to switch over from a primary Routing Engine to a backup Routing Engine without alerting
peer nodes that a change has occurred. NSR uses the same infrastructure as graceful
Routing Engine switchover (GRES) to preserve interface and kernel information. However,
NSR also saves routing protocol information by running the routing protocol (rpd) process
on the backup Routing Engine. Saving this additional information makes NSR
self-contained and eliminates the need for helper routers to assist the routing platform
in restoring routing protocol information. As a result of this enhanced functionality, NSR
is a natural replacement for graceful restart protocol extensions.

If the kernel on the master Routing Engine stops operating, the master Routing Engine
experiences a hardware failure, or the administrator initiates a manual switchover,

Copyright © 2011, Juniper Networks, Inc. 137

Junos OS 11.4 Routing Protocols Configuration Guide

mastership switches to the backup Routing Engine. To configure NSR, you must first
enable GRES on your routing platform.

To enable NSR, include the nonstop-routing statement at the [edit routing-options]

hierarchy level.

[edit routing-options]
nonstop-routing;

NOTE: You cannot configure NSR and graceful restart protocol extensions
simultaneously. To ensure proper operation, include either the nonstop-routing
statement or the graceful-restart statement at the hierarchy level, but not
both statements at the same time.

Related • Junos OS High Availability Configuration Guide

Documentation

Tracing Global Routing Protocol Operations

Global routing protocol tracing operations track all general routing operations and record
them in a log file. To set protocol-specific tracing operations and to modify the global
tracing operations for an individual protocol, configure tracing for that protocol.

For a general discussion about tracing and the precedence of multiple tracing operations,
see the Junos OS System Basics Configuration Guide.

To configure global routing protocol tracing, include the traceoptions statement at the
[edit routing-options] hierarchy level:

traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <disable>;
}

Using the traceoptions statement, you can specify the following global routing protocol
tracing flags:

• all—All tracing operations

• condition-manager—Condition manager events

• config-internal—Configuration internals

• general—All normal operations and routing table changes (a combination of the normal
and route trace operations)

• graceful-restart—Graceful restart operations

• normal—All normal operations

• nsr-synchronization—Nonstop-routing synchronization events

• parse—Configuration parsing

138 Copyright © 2011, Juniper Networks, Inc.

Chapter 5: Configuring Other Protocol-Independent Routing Properties

• policy—Policy operations and actions

• regex-parse—Regular-expression parsing

• route—Routing table changes

• state—State transitions

• task—Interface transactions and processing

• timer—Timer usage

NOTE: Use the trace flag all with caution. This flag may cause the CPU to
become very busy.

The flags in a traceoptions flag statement are identifiers. When you use the set command
to configure a flag, any flags that might already be set are not modified. In the following
example, setting the timer tracing flag has no effect on the already configured task flag.
Use the delete command to delete a particular flag.

[edit routing-options traceoptions]

user@host# show
flag task;
user@host# set traceoptions flag timer
user@host# show
flag task;
flag timer;
user@host# delete traceoptions flag task
user@host# show
flag timer;

Examples: Tracing Global Routing Protocol Operations

Log all globally traceable operations, saving the output in up to 10 files that are up to
10 MB in size:

[edit]
routing-options {
traceoptions {
file routing size 10m files 10;
flag all;
}
}

Log all unusual or abnormal traceable operations:

[edit]
routing-options {
traceoptions {
file routing size 10m files 10;
flag all;
flag normal disable;
}
}

Copyright © 2011, Juniper Networks, Inc. 139

Junos OS 11.4 Routing Protocols Configuration Guide

Log changes that occur in the Junos OS routing table:

[edit]
routing-options {
traceoptions {
file routing size 10m files 10;
flag route;
}
}

Disabling Distributed Periodic Packet Management on the Packet Forwarding Engine

Periodic packet management (PPM) is responsible for periodic transmission of packets

on behalf of its various client processes, such as Bidirectional Forwarding Detection
(BFD). PPM also receives packets on behalf of client processes. By default, PPM handles
time-sensitive periodic processing and performs such processes as the gathering of
statistics and the sending of process-specific packets. Distributing PPM to the Packet
Forwarding Engine allows you to run such processes as BFD on the Packet Forwarding
Engine. In Junos OS Release 9.4 and later, PPM automatically runs on both the Routing
Engine and the host subsystem of the Packet Forwarding Engine or Dense Port
Concentrator (DPC).

NOTE: Distributed PPM runs on access ports on EX3200 and EX4200

switches and on line cards on EX8200 switches. Therefore, each instance of
“Packet Forwarding Engine” in this topic is a shortened version of “Packet
Forwarding Engine, access ports, or line cards.”

PPM runs on the Routing Engine and Packet Forwarding Engine by default. You can only
disable PPM on the Packet Forwarding Engine. To disable distributed PPM on the Packet
Forwarding Engine, include the ppm statement:

ppm {
no-delegate-processing;
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

NOTE: Distributed PPM is supported only on the M7i and M10i routers with
Enhanced CFEB (CFEB-E); M120 and M320 routers; and all MX Series, T
Series, TX Matrix routers, and EX Series switches.

The following types of sessions are supported by distributed PPM:

• BFD single-hop session for both IPv4 and IPv6, including EBGP, ISIS, and OSPF

• Connectivity fault management (CFM) sessions

• Link fault management (LFM) sessions

140 Copyright © 2011, Juniper Networks, Inc.

Chapter 5: Configuring Other Protocol-Independent Routing Properties

• Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP)
interface sessions

• Link Aggregation Control Protocol (LACP) sessions (MX Series and M320 routers only)

• BFD over an aggregated interface for IPv4

The following types of sessions are not supported by distributed PPM:

• BFD over an aggregated interface for IPv6, RSTP, MSTP, and LACP

• BFD over an IPv6 interface that does not have the global IPv6 address (or only has a
link local address)

• Multihop BFD with IBGP, static routes, EBGP multihop, and MPLS LSP

• BFD over an MPLS path using OAM

In addition, on the M120 router, when Forwarding Engine Board (FEB) redundancy is
configured and a FEB fails over, PPM sessions do not automatically switch over to the
newly active FEB.

Related • Junos OS System Basics Configuration Guide

Documentation

Enabling Source Routing

Starting in Junos OS Release 8.2 for IPv6 and Junos OS Release 8.5 for IPv4, source
routing is disabled by default on J Series Services Routers , M Series Multiservice Edge
Routers, MX Series 3D Universal Edge Routers, T Series Core Routers, and on EX Series
switches. To enable source routing, include the source-routing statement:

NOTE: We recommend that you not use source routing.

source-routing {
(ip | ipv6);
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Creating Policies to Control Label Allocation and Substitution for MPLS Ingress and
AS Border Routers

In Junos OS Release 10.0 and later, you can control label-advertisements on MPLS ingress
and AS border routers (ASBRs) on a per-route basis by specifying a label allocation policy
using the allocation label-allocation-policy statement at the [edit routing-instances
routing-instance-name routing-options label] hierarchy level. You can configure the label
allocation mode as either per-nexthop or per-table.

Additionally, you can configure label substitution on a per-route basis by specifying a

label substitution policy using the substitution label-substitution-policy statement at the

Copyright © 2011, Juniper Networks, Inc. 141

Junos OS 11.4 Routing Protocols Configuration Guide

[edit routing-instances routing-instance-name routing-options label] hierarchy level. The

label substitution policy is used to determine whether or not a label should be substituted
on an ASBR router. The results of the policy operation are either accept (label substitution
is performed) or reject (label substitution is not performed). The default behavior is to
accept.

Related • Junos OS VPNs Configuration Guide

Documentation

142 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 6

Summary of Protocol-Independent
Routing Properties Configuration
Statements

This chapter provides a reference for each of the protocol-independent routing

configuration statements. The statements are organized alphabetically.

access

Syntax access {
route ip-prefix</prefix-length> {
metric route-cost;
next-hop next-hop;
preference (Access) route-distance;
qualified-next-hop next-hop;
tag tag-number
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options],

Release Information Statement introduced in Junos OS Release 10.1.

Description Configure access routes.

Options The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Static Routes on page 61

Documentation

Copyright © 2011, Juniper Networks, Inc. 143

Junos OS 11.4 Routing Protocols Configuration Guide

access-internal

Syntax access-internal {
route ip-prefix</prefix-length> {
next-hop next-hop;
qualified-next-hop next-hop
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options],

Release Information Statement introduced in Junos OS Release 10.1.

Description Configure parameters for internal access routes.

Options The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Static Routes on page 61

Documentation

144 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

active

Syntax (active | passive);

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure whether static, aggregate, or generated routes are removed from the routing
and forwarding tables when they become inactive. Routes that have been configured to
remain continually installed in the routing and forwarding tables are marked with reject
next hops when they are inactive.

• active—Remove a route from the routing and forwarding tables when it becomes
inactive.

• passive—Have a route remain continually installed in the routing and forwarding tables
even when it becomes inactive.

Default active

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Static Routes on page 61

Documentation
• Configuring Aggregate Routes on page 95

• Configuring Generated Routes on page 103

Copyright © 2011, Juniper Networks, Inc. 145

Junos OS 11.4 Routing Protocols Configuration Guide

aggregate

Syntax aggregate {
defaults {
... aggregate-options ...
}
route destination-prefix {
policy policy-name;
... aggregate-options ...
}
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-instances routing-instance-name
routing-options rib routing-table-name],
[edit logical-systems logical-system-name routing-options],
[edit logical-systems logical-system-name routing-options rib routing-table-name],
[edit routing-instances routing-instance-name routing-options],
[edit routing-instances routing-instance-name routing-options rib routing-table-name],
[edit routing-options],
[edit routing-options rib routing-table-name]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure aggregate routes.

Options aggregate-options—Additional information about aggregate routes that is included with

the route when it is installed in the routing table. Specify zero or more of the following
options in aggregate-options. Each option is explained separately.

• (active | passive);

• as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate>

<aggregator as-number in-address>;

• (brief | full);

• community [ community-ids ];

• discard;

• (metric | metric2 | metric3 | metric4) value <type type>;

• (preference | preference2 | color | color2) preference <type type>;

• tag string;

defaults—Specify global aggregate route options. These options only set default attributes
inherited by all newly created aggregate routes. These are treated as global defaults
and apply to all the aggregate routes you configure in the aggregate statement. This
part of the aggregate statement is optional.

146 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

route destination-prefix—Configure a nondefault aggregate route:

• default—For the default route to the destination. This is equivalent to specifying an IP

address of 0.0.0.0/0.

• destination-prefix/prefix-length—destination-prefix is the network portion of the IP

address, and prefix-length is the destination prefix length.

The policy statement is explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Aggregate Routes on page 95

Documentation

Copyright © 2011, Juniper Networks, Inc. 147

Junos OS 11.4 Routing Protocols Configuration Guide

as-path

Syntax as-path <as-path> <aggregator as-number ip-address> <atomic-aggregate> <origin (egp |

igp | incomplete)>;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Associate BGP autonomous system (AS) path information with a static, aggregate, or
generated route.

In Junos OS Release 9.1 and later, the numeric range for the AS number is extended to
provide BGP support for 4-byte AS numbers as defined in RFC 4893, BGP Support for
Four-octet AS Number Space. RFC 4893 introduces two new optional transitive BGP
attributes, AS4_PATH and AS4_AGGREGATOR. These new attributes are used to
propagate 4-byte AS path information across BGP speakers that do not support 4-byte
AS numbers. RFC 4893 also introduces a reserved, well-known, 2-byte AS number, AS
23456. This reserved AS number is called AS_TRANS in RFC 4893. For more information,
see “Configuring AS Numbers for BGP” on page 120. All releases of the Junos OS support
2-byte AS numbers.

In Junos OS Release 9.2 and later, you can also configure a 4-byte AS number using the
AS-dot notation format of two integer values joined by a period: <16-bit high-order value
in decimal>.<16-bit low-order value in decimal>. For example, the 4-byte AS number
of 65,546 in plain-number format is represented as 1.10 in the AS-dot notation format.
You can specify a value in the range from 0.0 through 65535.65535 in AS-dot notation
format.

Options aggregator—(Optional) Attach the BGP aggregator path attribute to the aggregate route.
You must specify the last AS number that formed the aggregate route (encoded as
two octets) for as-number, followed by the IP address of the BGP system that formed
the aggregate route for in-address.

as-path—(Optional) AS path to include with the route. It can include a combination of

individual AS path numbers and AS sets. Enclose sets in brackets ( [ ] ). The first AS

148 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

number in the path represents the AS immediately adjacent to the local AS. Each
subsequent number represents an AS that is progressively farther from the local AS,
heading toward the origin of the path. You cannot specify a regular expression for
as-path; you must use a full, valid AS path.

atomic-aggregate—(Optional) Attach the BGP atomic-aggregate path attribute to the

aggregate route. This path attribute indicates that the local system selected a less
specific route instead of a more specific route.

origin egp—(Optional) BGP origin attribute that indicates that the path information
originated in another AS.

origin igp—(Optional) BGP origin attribute that indicates that the path information
originated within the local AS.

origin incomplete—(Optional) BGP origin attribute that indicates that the path information
was learned by some other means.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Static Routes on page 61

Documentation
• Configuring Aggregate Routes on page 95

• Configuring Generated Routes on page 103

• Understanding a 4-Byte Capable Router AS Path Through a 2-Byte Capable Domain

in the Using 4-Byte Autonomous System Numbers in BGP Networks Technology Overview

Copyright © 2011, Juniper Networks, Inc. 149

Junos OS 11.4 Routing Protocols Configuration Guide

auto-export

Syntax auto-export {
(disable | enable);
family {
inet {
multicast {
(disable | enable);
rib-group rib-group;
}
unicast {
(disable | enable);
rib-group rib-group;
}
}
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
}
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Description Export routes between routing instances.

Options (disable | enable)—Disable or enable auto-export.

Default: Enable

family—Address family.

inet—IP version 4 (IPv4) address family.

multicast—Multicast routing information.

unicast—Unicast routing information.

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Policy-Based Export for Routing Instances on page 274

Documentation

150 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

autonomous-system

Syntax autonomous-system autonomous-system <asdot-notation> <loops number> {

independent-domain <no-attrset>;
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
asdot-notation introduced in Junos OS Release 9.3.
asdot-notation introduced in Junos OS Release 9.3 for EX Series switches.
no-attrset option introduced in Junos OS Release 10.4.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Specify the routing device’s AS number.

In Junos OS Release 9.1 and later, the numeric range is extended to provide BGP support
for 4-byte AS numbers as defined in RFC 4893, BGP Support for Four-octet AS Number
Space. RFC 4893 introduces two new optional transitive BGP attributes, AS4_PATH and
AS4_AGGREGATOR. These new attributes are used to propagate 4-byte AS path
information across BGP speakers that do not support 4-byte AS numbers. RFC 4893
also introduces a reserved, well-known, 2-byte AS number, AS 23456. This reserved AS
number is called AS_TRANS in RFC 4893. All releases of the Junos OS support 2-byte
AS numbers.

Options autonomous-system—AS number. Use a number assigned to you by the Network

Information Center (NIC).
32
Range: 1 through 4,294,967,295 (2 – 1) in plain-number format for 4-byte AS numbers
Range: 1 through 65,535 in plain-number format for 2-byte AS numbers (this is a subset
of the 4-byte range)
Range: 0.0 through 65535.65535 in AS-dot notation format for 4-byte numbers

asdot-notation—(Optional) Display the configured 4-byte autonomous system number

in the AS-dot notation format.
Default: Even if a 4-byte AS number is configured in the AS-dot notation format, the
default is to display the AS number in the plain-number format.

loops number—(Optional) Specify the number of times detection of the AS number in

the AS_PATH attribute causes the route to be discarded or hidden. For example, if
you configure loops 1, the route is hidden if the AS number is detected in the path

Copyright © 2011, Juniper Networks, Inc. 151

Junos OS 11.4 Routing Protocols Configuration Guide

one or more times. This is the default behavior. If you configure loops 2, the route is
hidden if the AS number is detected in the path two or more times.
Range: 1 through 10
Default: 1

NOTE: When you specify the same AS number in more than one routing
instance on the local routing device, you must configure the same number
of loops for the AS number in each instance. For example, if you configure a
value of 3 for the loops statement in a VRF routing instance that uses the
same AS number as that of the master instance, you must also configure a
value of 3 loops for the AS number in the master instance.

Use the independent-domain option if the loops statement must be enabled

only on a subset of routing instances.

The remaining statement is explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring AS Numbers for BGP on page 120

Documentation
• 4-Byte Autonomous System Numbers Overview in the Using 4-Byte Autonomous
System Numbers in BGP Networks Technology Overview

• Juniper Networks Implementation of 4-Byte Autonomous System Numbers in the Using

4-Byte Autonomous System Numbers in BGP Networks Technology Overview

• Configuring 4-Byte Autonomous System Numbers in the Using 4-Byte Autonomous

System Numbers in BGP Networks Technology Overview

152 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

bfd

Syntax bfd {
traceoptions {
file filename <files number> <match regular-expression> <size size> <world-readable |
no-world-readable>;
flag flag <flag-modifier> <disable>;
}

Hierarchy Level [edit logical-systems logical-system-name protocols],

[edit logical-systems logical-system-name routing-instances routing-instance-name
protocols],
[edit protocols],
[edit routing-instances routing-instance-name protocols]

Release Information Statement introduced before Junos OS Release 7.4.

pipe-detail statement introduced in Junos OS Release 8.3.

Description Configure trace options for Bidirectional Forwarding Protocol (BFD) traffic.

Default If you do not include this statement, no BFD tracing operations are performed.

Options disable—(Optional) Disable the BFD tracing operation. You can use this option to disable
a single operation when you have defined a broad group of tracing operations, such
as all.

file filename—Name of the file to receive the output of the tracing operation. Enclose the
name in quotation marks. All files are placed in the /var/log directory . We recommend
that you place global routing protocol tracing output in the routing-log file.

If you specify a maximum number of files, you also must specify a maximum file size with
the size option.
Range: 2 through 1000 files
Default: 2 files

flag flag—Tracing operation to perform. To specify more than one tracing operation,
include multiple flag statements. These are the BFD protocol tracing options:

• adjacency—Trace adjacency messages.

• all—Trace all options for BFD.

• error—Trace all errors.

• event—Trace all events.

• issu—Trace in-service software upgrade (ISSU) packet activity.

Copyright © 2011, Juniper Networks, Inc. 153

Junos OS 11.4 Routing Protocols Configuration Guide

• nsr-packet—Trace non-stop-routing (NSR) packet activity.

• nsr-synchronization—Trace NSR synchronization events.

• packet—Trace all packets.

• pipe—Trace pipe messages.

• pipe-detail—Trace pipe messages in detail.

• ppm-packet—Trace packet activity by periodic packet management (PPM).

• state—Trace state transitions.

• timer—Trace timer processing.

match expression—(Optional) Regular expression for lines to be logged.

no-world-readable—(Optional) Prevent any user from reading the log file.

If you specify a maximum file size, you also must specify a maximum number of trace
files with the files option.
Syntax: xk to specify KB, xm to specify MB, or xg to specify GB
Range: 10 KB through the maximum file size supported on your system
Default: 128 KB

world-readable—(Optional) Allow any user to read the log file.

Required Privilege routing and trace—To view this statement in the configuration.
Level routing-control and trace–control—To add this statement to the configuration.

Related • Tracing BFD Protocol Traffic on page 86

Documentation

154 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

bfd-liveness-detection

Syntax bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}
holddown-interval milliseconds;
local-address ip-address;
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-receive-ttl number;
multiplier number;
neighbor address;
no-adaptation;
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
version (1 | automatic);
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options rib routing-table-name static route destination-prefix],
[edit logical-systems logical-system-name routing-instances routing-instance-name
routing-options rib routing-table-name static route destination-prefix qualified-next-hop
(interface-name | address)],
[edit logical-systems logical-system-name routing-instances routing-instance-name
routing-options static route destination-prefix],
[edit logical-systems logical-system-name routing-instances routing-instance-name
routing-options static route destination-prefix qualified-next-hop (interface-name |
address)],
[edit logical-systems logical-system-name routing-options rib routing-table-name static
route destination-prefix],
[edit logical-systems logical-system-name routing-options rib routing-table-name static
route destination-prefix qualified-next-hop (interface-name | address)],
[edit logical-systems logical-system-name routing-options static route destination-prefix],
[edit logical-systems logical-system-name routing-options static route destination-prefix
qualified-next-hop (interface-name | address)],
[edit routing-instances routing-instance-name routing-options rib routing-table-name static
route destination-prefix],
[edit routing-instances routing-instance-name routing-options rib routing-table-name static
route destination-prefix qualified-next-hop (interface-name | address)],
[edit routing-instances routing-instance-name routing-options static route destination-prefix
qualified-next-hop (interface-name | address)],
[edit routing-instances routing-instance-name routing-options static route destination-prefix],
[edit routing-options rib routing-table-name static route destination-prefix],
[edit routing-options rib routing-table-name static route destination-prefix qualified-next-hop
(interface-name | address)],
[edit routing-options static route destination-prefix],

Copyright © 2011, Juniper Networks, Inc. 155

Junos OS 11.4 Routing Protocols Configuration Guide

[edit routing-options static route destination-prefix qualified-next-hop (interface-name |

address)]

Release Information Statement introduced before Junos OS Release 7.4.

detection-time threshold and transmit-interval threshold options introduced in Junos OS
Release 8.2.
local-address statement introduced in Junos OS Release 8.2.
minimum-receive-ttl statement introduced in Junos OS Release 8.2.
Support for logical routers introduced in Junos OS Release 8.3.
holddown-interval statement introduced in Junos OS Release 8.5.
no-adaptation statement introduced in Junos OS Release 9.0.
Support for IPv6 static routes introduced in Junos OS Release 9.1.
authentication algorithm, authentication key-chain, and authentication loose-check
statements introduced in Junos OS Release 9.6.

Description Configure bidirectional failure detection timers and authentication criteria for static
routes.

156 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

Options authentication algorithm algorithm-name —Configure the algorithm used to authenticate

the specified BFD session: simple-password, keyed-md5, keyed-sha-1,
meticulous-keyed-md5, or meticulous-keyed-sha-1.

authentication key-chain key-chain-name—Associate a security key with the specified

BFD session using the name of the security keychain. The name you specify must
match one of the keychains configured in the authentication-key-chains key-chain
statement at the [edit security] hierarchy level.

authentication loose-check—(Optional) Configure loose authentication checking on the

BFD session. Use only for transitional periods when authentication may not be
configured at both ends of the BFD session.

detection-time threshold milliseconds—Configure a threshold. When the Bidirectional

Forwarding Detection (BFD) protocol session detection time adapts to a value equal
to or greater than the threshold, a single trap and a single system log message are
sent.

holddown-interval milliseconds—Configure an interval specifying how long a BFD session

must remain up before a state change notification is sent.
Range: 0 through 255,000
Default: 0

local-address ip-address—Enable a multihop BFD session and configure the source address
for the BFD session.

minimum-interval milliseconds—Configure the minimum intervals at which the local

routing device transmits a hello packet and then expects to receive a reply from the
neighbor with which it has established a BFD session.
Range: 1 through 255,000

minimum-receive-interval milliseconds—Configure the minimum interval at which the

local routing device expects to receive a reply from a neighbor with which it has
established a BFD session.
Range: 1 through 255,000

minimum-receive-ttl number—Configure the time-to-live (TTL) for the multihop BFD

session.
Range: 1 through 255
Default: 255

multiplier number—Configure number of hello packets not received by the neighbor that
causes the originating interface to be declared down.
Range: 1 through 255
Default: 3

neighbor address—Configure a next-hop address for the BFD session for a next hop
specified as an interface name.

Copyright © 2011, Juniper Networks, Inc. 157

Junos OS 11.4 Routing Protocols Configuration Guide

no-adaptation—Specify for BFD sessions not to adapt to changing network conditions.

We recommend that you not disable BFD adaptation unless it is preferable not to
have BFD adaptation enabled in your network.

transmit-interval threshold milliseconds—Configure a threshold. When the BFD session

transmit interval adapts to a value greater than the threshold, a single trap and a
single system log message are sent. The interval threshold must be greater than the
minimum transmit interval.
Range: 0 through 4,294,967,295

transmit-interval minimum-interval milliseconds—Configure the minimum interval at which

the local routing device transmits hello packets to a neighbor with which it has
established a BFD session.
Range: 1 through 255,000

version—Configure the BFD protocol version to detect.

Range: 1 or automatic
Default: automatic (autodetect the BFD protocol version)

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Bidirectional Forwarding Detection on page 81

Documentation
• Configuring BFD Authentication for Static Routes on page 89

158 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

brief

Syntax (brief | full);

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options (aggregate | generate) (defaults | route)],
[edit logical-systems logical-system-name routing-instances routing-instance-name
routing-options rib routing-table-name (aggregate | generate) (defaults | route)],
[edit logical-systems logical-system-name routing-options (aggregate | generate) (defaults |
route)],
[edit logical-systems logical-system-name routing-options rib routing-table-name (aggregate |
generate) (defaults | route)],
[edit routing-instances routing-instance-name routing-options (aggregate | generate)
(defaults | route)],
[edit routing-instances routing-instance-name routing-options rib routing-table-name
(aggregate | generate) (defaults | route)],
[edit routing-options (aggregate | generate) (defaults | route)],
[edit routing-options rib routing-table-name (aggregate | generate) (defaults | route)]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure all AS numbers from all contributing paths to be included in the aggregate or
generated route’s path.

• brief—Include only the longest common leading sequences from the contributing AS
paths. If this results in AS numbers being omitted from the aggregate route, the BGP
ATOMIC_ATTRIBUTE path attribute is included with the aggregate route.

• full—Include all AS numbers from all contributing paths in the aggregate or generated
route’s path.

Default full

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • aggregate on page 146

Documentation
• generate on page 172

• Configuring Aggregate Routes on page 95

• Configuring Generated Routes on page 103

color

See preference

Copyright © 2011, Juniper Networks, Inc. 159

Junos OS 11.4 Routing Protocols Configuration Guide

community

Syntax community ([ community-ids ] | no-advertise | no-export | no-export-subconfed | none);

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Associate BGP community information with a static, aggregate, or generated route.

Options community-ids—One or more community identifiers. The community-ids format varies

according to the type of attribute that you use.

The BGP community attribute format is as-number:community-value:

• as-number—AS number of the community member. It can be a value from 1

through 65,535. The AS number can be a decimal or hexadecimal value.

• community-value—Identifier of the community member. It can be a number from 0

through 65,535.

For more information about BGP community attributes, see the “Configuring the Extended
Communities Attribute” section in the Junos OS Routing Policy Configuration Guide.

For specifying the BGP community attribute only, you also can specify community-ids as
one of the following well-known community names defined in RFC 1997:

• no-advertise—Routes containing this community name are not advertised to other

BGP peers.

• no-export—Routes containing this community name are not advertised outside a BGP
confederation boundary.

• no-export-subconfed—Routes containing this community name are not advertised to

external BGP peers, including peers in other members’ ASs inside a BGP confederation.

160 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

• none—Explicitly exclude BGP community information with a static route. Include this
option when configuring an individual route in the route portion to override a community
option specified in the defaults portion.

NOTE: Extended community attributes are not supported at the [edit

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • aggregate on page 146

Documentation
• generate on page 172

• static on page 223

• Configuring Static Routes on page 61

• Configuring Aggregate Routes on page 95

• Configuring Generated Routes on page 103

Copyright © 2011, Juniper Networks, Inc. 161

Junos OS 11.4 Routing Protocols Configuration Guide

confederation

Syntax confederation confederation-autonomous-system members [ autonomous-systems ];

Hierarchy Level [edit logical-systems logical-system-name routing-options],

[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Specify the routing device’s confederation AS number.

Options autonomous-system—AS numbers of the confederation members.

Range: 1 through 65,535

confederation-autonomous-system—Confederation AS number. Use one of the numbers

assigned to you by the NIC.
Range: 1 through 65,535

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring AS Confederation Members on page 122

Documentation
• Example: Configuring BGP Confederations on page 1051

162 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

destination-networks

Syntax destination-networks prefix;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options dynamic-tunnels tunnel-name],
[edit logical-systems logical-system-name routing-options dynamic-tunnels tunnel-name],
[edit routing-instances routing-instance-name routing-options dynamic-tunnels tunnel-name],
[edit routing-options dynamic-tunnels tunnel-name]

Release Information Statement introduced before Junos OS Release 7.4.

Description Specify the IPv4 prefix range for the destination network by including the
destination-networks statement. Only tunnels within the specified IPv4 prefix range can
be created.

Options prefix—Destination prefix of network.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Dynamic GRE Tunnels for VPNs on page 134

Documentation

disable

Syntax disable;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options graceful-restart],
[edit logical-systems logical-system-name routing-options graceful-restart],
[edit routing-instances routing-instance-name routing-options graceful-restart],
[edit routing-options graceful-restart]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Disable graceful restart.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Graceful Restart on page 132

Documentation

Copyright © 2011, Juniper Networks, Inc. 163

Junos OS 11.4 Routing Protocols Configuration Guide

discard

Syntax discard;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Do not forward packets addressed to this destination. Instead, drop the packets, do not
send ICMP unreachable messages to the packets’ originators, and install a reject route
for this destination into the routing table.

Default When an aggregate route becomes active, it is installed in the routing table with a reject
next hop, which means that ICMP unreachable messages are sent.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • aggregate on page 146

Documentation
• generate on page 172

• Configuring Aggregate Routes on page 95

• Configuring Generated Routes on page 103

164 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

dynamic-tunnels

Syntax dynamic-tunnels tunnel-name {

destination-networks prefix;
source-address address;
tunnel-type type-of-tunnel;
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Description Configure a dynamic tunnel between two PE routers.

Options tunnel-name—Name of the dynamic tunnel.

The remaining statements are explained separately in this chapter.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Dynamic GRE Tunnels for VPNs on page 134

Documentation

Copyright © 2011, Juniper Networks, Inc. 165

Junos OS 11.4 Routing Protocols Configuration Guide

export

Syntax export [ policy--names ];

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options forwarding-table],
[edit logical-systems logical-system-name routing-options forwarding-table],
[edit routing-instances routing-instance-name routing-options forwarding-table],
[edit routing-options forwarding-table]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Apply one or more policies to routes being exported from the routing table into the
forwarding table.

Options policy-name—Name of one or more policies.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Per-Packet Load Balancing on page 128

Documentation
• Junos OS Routing Policy Configuration Guide

export-rib

Syntax export-rib routing-table-name;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options rib-group group-name],
[edit logical-systems logical-system-name routing-options passive group-name],
[edit routing-instances routing-instance-name routing-options rib-group group-name],
[edit routing-options passive group-name]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Name of the routing table from which the Junos OS should export routing information.

Options routing-table-name—Routing table group name.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • import-rib on page 176

Documentation
• passive on page 198

• Creating Routing Table Groups on page 123

166 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

fate-sharing

Syntax fate-sharing {
cost value;
from address <to address>;
group group-name;
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Specify a backup path in case the primary path becomes unusable.

You specify one or more objects within a group. The objects can be a LAN interface, a
router ID, or a point-to-point link. Sequence is insignificant.

Changing the fate-sharing database does not affect existing established LSP until the
next CSPF reoptimization. The fate-sharing database does affect fast-reroute detour
path computations.

Options group group-name—Each fate-sharing group must have a name, which can be up to
32 characters long and can contain letters, digits, periods (.) and hyphens (-). You
can define up to 512 groups.

cost value—Cost assigned to the group.

Range: 1 through 65,535
Default: 1

from address—Address of ingress routing device.

to address—Address of egress routing device. For point-to-point link objects, you must
specify both a from and a to address.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Junos OS MPLS Applications Configuration Guide

Documentation

Copyright © 2011, Juniper Networks, Inc. 167

Junos OS 11.4 Routing Protocols Configuration Guide

filter

Syntax filter {
input filter-name;
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options rib routing-table-name],
[edit logical-systems logical-system-name routing-options rib routing-table-name],
[edit routing-instances routing-instance-name routing-options rib routing-table-name],
[edit routing-options rib routing-table-name]

Release Information Statement introduced before Junos OS Release 7.4.

Description Name of the routing table from which the Junos OS should export routing information.

Options input filter-name—Forwarding table filter name.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Applying Filters to the Forwarding Table on page 118

Documentation

168 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

flow

Syntax flow {
route name {
match {
match-conditions;
}
term-order (legacy | standard);
then {
actions;
}
}
validation {
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
}
}

Hierarchy Level [edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
term-order statement introduced in Junos OS Release 10.0
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure a flow route.

Default legacy

Options actions—An action to take if conditions match.

match-conditions—Match packets to these conditions.

route name—Name of the flow route.

standard—Specify to use version 7 or later of the flow-specification algorithm.

term-order (legacy | standard)—Specify the version of the flow-specification algorithm.

• legacy—Use version 6 of the flow-specification algorithm.

• standard—Use version 7 of the flow-specification algorithm.

then—Actions to take on matching packets.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Flow Routes on page 113

Documentation
• Example: Enabling BGP to Carry Flow-Specification Routes on page 1202

Copyright © 2011, Juniper Networks, Inc. 169

Junos OS 11.4 Routing Protocols Configuration Guide

forwarding-cache

Syntax forwarding-cache {
threshold suppress value <reuse value>;
timeout minutes;
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options multicast],
[edit logical-systems logical-system-name routing-options multicast],
[edit routing-instances routing-instance-name routing-options multicast],
[edit routing-options multicast]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure multicast forwarding cache limits.

Options The threshold statement is explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Multicast Forwarding Cache Limits on page 128

Documentation

forwarding-table

Syntax forwarding-table {
export [ policy--names ];
(indirect-next-hop | no-indirect-next-hop);
unicast-reverse-path (active-paths | feasible-paths);
}

Hierarchy Level [edit logical-systems logical-system-name routing-options],

[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure information about the routing device’s forwarding table.

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Per-Packet Load Balancing on page 128

Documentation

170 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

full

See brief

Copyright © 2011, Juniper Networks, Inc. 171

Junos OS 11.4 Routing Protocols Configuration Guide

generate

Syntax generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-instances routing-instance-name
routing-options rib routing-table-name],
[edit routing-options],
[edit routing-options rib routing-table-name]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure generated routes, which are used as routes of last resort.

Options generate-options—Additional information about generated routes, which is included with

the route when it is installed in the routing table. Specify zero or more of the following
options in generate-options. Each option is explained separately.

• (active | passive);

• as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate> <aggregator

as-number in-address>;

• community [ community-ids ];

• discard;

• (brief | full);

• (metric | metric2 | metric3 | metric4) value <type type>;

• (preference | preference2 | color | color2) preference <type type>;

• tag string;

defaults—Specify global generated route options. These options only set default attributes
inherited by all newly created generated routes. These are treated as global defaults
and apply to all the generated routes you configure in the generate statement. This
part of the generate statement is optional.

route destination-prefix—Configure a non-default generated route:

• default—For the default route to the destination. This is equivalent to specifying an IP

address of 0.0.0.0/0.

172 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

• destination-prefix/prefix-length—/destination-prefix is the network portion of the IP

address, and prefix-length is the destination prefix length.

The policy statement is explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Generated Routes on page 103

Documentation

graceful-restart

Syntax graceful-restart {
disable;
restart-duration seconds;
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure graceful restart.

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Graceful Restart on page 132

Documentation
• Junos OS High Availability Configuration Guide

Copyright © 2011, Juniper Networks, Inc. 173

Junos OS 11.4 Routing Protocols Configuration Guide

import

Syntax import [ policy-names ];

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options resolution rib],
[edit logical-systems logical-system-name routing-options resolution rib],
[edit routing-instances routing-instance-name routing-options resolution rib],
[edit routing-options resolution rib]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Specify one or more import policies to use for route resolution.

Options policy-names—Name of one or more import policies.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Route Resolution on page 136

Documentation

174 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

import-policy

Syntax import-policy [ policy-names ];

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Apply one or more policies to routes imported into the routing table group. The
import-policy statement complements the import-rib statement and cannot be used
unless you first specify the routing tables to which routes are being imported.

Options policy-names—Name of one or more policies.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • export-rib on page 166

Documentation
• passive on page 198

• Creating Routing Table Groups on page 123

Copyright © 2011, Juniper Networks, Inc. 175

Junos OS 11.4 Routing Protocols Configuration Guide

import-rib

Syntax import-rib [ routing-table--names ];

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options rib-group group-name],
[edit logical-systems logical-system-name routing-options rib-group group-name],
[edit routing-instances routing-instance-name routing-options rib-group group-name],
[edit routing-options rib-group group-name]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Name of the routing table into which the Junos OS should import routing information.
The first routing table name you enter is the primary routing table. Any additional names
you enter identify secondary routing tables. When a protocol imports routes, it imports
them into the primary and any secondary routing tables. If the primary route is deleted,
the secondary route also is deleted. For IPv4 import routing tables, the primary routing
table must be inet.0 or routing-instance-name.inet.0. For IPv6 import routing tables, the
primary routing table must be inet6.0.

In Junos OS Release 9.5 and later, you can configure an IPv4 import routing table that
includes both IPv4 and IPv6 routing tables. Including both types of routing tables permits
you, for example, to populate an IPv6 routing table with IPv6 addresses that are
compatible with IPv4. In releases prior to Junos OS Release 9.5, you could configure an
import routing table with only either IPv4 or IPv6 routing tables.

Options routing-table-names—Name of one or more routing tables.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • export-rib on page 166

Documentation
• passive on page 198

• Creating Routing Table Groups on page 123

176 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

independent-domain

Syntax independent-domain <no-attrset>;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options autonomous-system autonomous-system],
[edit routing-instances routing-instance-name routing-options autonomous-system
autonomous-system]

Release Information Statement introduced before Junos OS Release 7.4.

no-attrset option introduced in Junos OS Release 10.4.

Description Configure an independent AS domain.

The independent domain uses transitive path attribute 128 (attribute set) messages to
tunnel the independent domain’s BGP attributes through the internal BGP (IBGP) core.

NOTE: In Junos OS Release 10.3 and later, if BGP receives attribute 128 and
you have not configured an independent domain in any routing instance, BGP
treats the received attribute 128 as an unknown attribute.

Options no-attrset—(Optional) Disables attribute set messages on the independent AS domain.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • autonomous-system on page 151

Documentation
• Configuring Independent AS Domains on page 289

• Disabling Attribute Set Messages on Independent AS Domains for BGP Loop Detection

• Configuring Layer 3 VPNs to Carry IBGP Traffic

Copyright © 2011, Juniper Networks, Inc. 177

Junos OS 11.4 Routing Protocols Configuration Guide

indirect-next-hop

Syntax (indirect-next-hop | no-indirect-next-hop);

Hierarchy Level [edit logical-systems logical-system-name routing-options forwarding-table],

[edit routing-options forwarding-table]

Release Information Statement introduced in Junos OS Release 8.2.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Enable indirectly connected next hops for route convergence.

NOTE:
• When virtual private LAN service (VPLS) is configured on the routing device,
the indirect-next-hop statement is configurable at the [edit routing-options
forwarding-table] hierarchy level. However, this configuration is not
applicable to indirect nexthops specific to VPLS routing instances.

• By default, the Junos Trio Modular Port Concentrator (MPC) chipset on MX

Series Routers is enabled with indirectly connected next hops and this
cannot be disabled using the no-indirect-next-hop statement.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Enabling Indirect Next Hops on page 136

Documentation

input

Syntax input filter-name;

Hierarchy Level [edit logical-systems logical-system-name routing-options rib routing-table-name filter],

[edit routing-options rib routing-table-name filter]

Release Information Statement introduced before Junos OS Release 7.4.

Description Name of the input filter.

Options filter-name—Name of the input filter.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Applying Filters to the Forwarding Table on page 118

Documentation

178 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

install

Syntax (install | no-install);

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options static (defaults | route)],
[edit logical-systems logical-system-name routing-instances routing-instance-name
routing-options rib routing-table-name static (defaults | route)],
[edit logical-systems logical-system-name routing-options rib routing-table-name static
(defaults | route)],
[edit logical-systems logical-system-name routing-options static (defaults | route)],
[edit routing-instances routing-instance-name routing-options rib routing-table-name static
(defaults | route)],
[edit routing-instances routing-instance-name routing-options static (defaults | route)],
[edit routing-options rib routing-table-name static (defaults | route)]
[edit routing-options static (defaults | route)]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure whether the Junos OS installs all static routes into the forwarding table. Even
if you configure a route so it is not installed in the forwarding table, the route is still eligible
to be exported from the routing table to other protocols.

Options install—Explicitly install all static routes into the forwarding table.

no-install—Do not install the route into the forwarding table, even if it is the route with
the lowest preference.
Default: install

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • static on page 223

Documentation
• Configuring Static Routes on page 61

Copyright © 2011, Juniper Networks, Inc. 179

Junos OS 11.4 Routing Protocols Configuration Guide

instance-export

Syntax instance-export [ policy--names ];

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Apply one or more policies to routes being exported from a routing instance.

Options policy-names—Name of one or more export policies.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Policy-Based Export for Routing Instances on page 274

Documentation
• Junos OS Routing Policy Configuration Guide

instance-import

Syntax instance-import [ policy--names ];

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Apply one or more policies to routes being imported into a routing instance.

Options policy-names—Name of one or more import policies.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Policy-Based Export for Routing Instances on page 274

Documentation
• Junos OS Routing Policy Configuration Guide

180 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

interface

See the following sections:

• interface (Multicast via Static Routes) on page 181

• interface (Multicast Scoping) on page 182

interface (Multicast via Static Routes)

Syntax interface interface-names {
maximum-bandwidth bps;
no-qos-adjust;
reverse-oif-mapping {
no-qos-adjust;
}
subscriber-leave-timer seconds;
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

Release Information Statement introduced in Junos OS Release 8.1.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Enable multicast traffic on an interface.

NOTE: You cannot enable multicast traffic on an interface using the enable
statement and configure PIM on the same interface simultaneously.

Options interface-name—Name of the interface on which to enable multicast traffic. Specify the
interface-name to enable multicast traffic on the interface.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Enabling Multicast Forwarding Without PIM on page 127

Documentation

Copyright © 2011, Juniper Networks, Inc. 181

Junos OS 11.4 Routing Protocols Configuration Guide

interface (Multicast Scoping)

Syntax interface [ interface-names ];

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options multicast scope scope-name],
[edit logical-systems logical-system-name routing-options multicast scope scope-name],
[edit routing-instances routing-instance-name routing-options multicast scope scope-name],
[edit routing-options multicast scope scope-name]

Release Information Statement introduced before Junos OS Release 7.4.

Description Configure the set of interfaces for multicast scoping.

Options interface-names—Names of the interfaces on which to configure scoping. Specify the full
interface name, including the physical and logical address components. To configure
all interfaces, you can specify all.

NOTE: You cannot apply a scoping policy to a specific routing instance. All
scoping policies are applied to all routing instances. However, you can apply
the scope statement to a specific routing instance.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • multicast on page 194

Documentation
• Configuring Multicast Scoping on page 126

182 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

interface-routes

Syntax interface-routes {
family (inet | inet6) {
export {
lan;
point-to-point;
}
}
rib-group group-name;
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Associate a routing table group with the routing device’s interfaces and specify routing
table groups into which interface routes are imported.

Options inet—Specify the IPv4 address family.

inet6—Specify the IPv6 address family.

lan—Export LAN routes.

point-to-point—Export point-to-point routes.

The remaining statement is explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • passive on page 198

Documentation
• Configuring How Interface Routes Are Imported into Routing Tables on page 125

Copyright © 2011, Juniper Networks, Inc. 183

Junos OS 11.4 Routing Protocols Configuration Guide

lsp-next-hop

Syntax lsp-next-hop lsp-name {

metric metric;
preference preference;
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options static route destination-prefix],
[edit logical-systems logical-system-name routing-options static route destination-prefix],
[edit routing-instances routing-instance-name routing-options static route destination-prefix]
[edit routing-options static route destination-prefix]

Release Information Statement introduced before Junos OS Release 7.4.

Description Specify an LSP as the next hop for a static route, and configure an independent metric
or preference on that next-hop LSP.

Options lsp-name—Name of the next-hop LSP.

metric—Metric value.
32
Range: 0 through 4,294,967,295 (2 – 1)

preference—Preference value. A lower number indicates a more preferred route.

32
Range: 0 through 4,294,967,295 (2 – 1)
Default: 5

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Specifying an LSP as the Next Hop for Static Routes on page 68
Documentation

184 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

martians

Syntax martians {
destination-prefix match-type <allow>;
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure martian addresses.

Options allow—(Optional) Explicitly allow a subset of a range of addresses that has been
disallowed. The allow option is the only supported action.

destination-prefix—Destination route you are configuring:

• destination-prefix/prefix-length—destination-prefix is the network portion of the IP

address, and prefix-length is the destination prefix length.

• default—Default route to use when routing packets do not match a network or host in
the routing table. This is equivalent to specifying the IP address 0.0.0.0/0.

match-type—Criteria that the destination must match:

• exact—Exactly match the route’s mask length.

• longer—The route’s mask length is greater than the specified mask length.

• orlonger—The route’s mask length is equal to or greater than the specified mask length.

• through destination-prefix—The route matches the first prefix, the route matches the
second prefix for the number of bits in the route, and the number of bits in the route is
less than or equal to the number of bits in the second prefix.

• upto prefix-length—The route’s mask length falls between the two destination prefix
lengths, inclusive.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Copyright © 2011, Juniper Networks, Inc. 185

Junos OS 11.4 Routing Protocols Configuration Guide

Related • Configuring Martian Addresses on page 110

Documentation

186 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

maximum-paths

Syntax maximum-paths path-limit <log-interval seconds> <log-only | threshold value>;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced in Junos OS Release 8.0.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure a limit for the number of routes installed in a routing table based upon the
route path.

NOTE: The maximum-paths statement is similar to the maximum-prefixes

statement. The maximum-prefixes statement limits the number of unique
destinations in a routing instance. For example, suppose a routing instance
has the following routes:

OSPF 10.10.10.0/24
ISIS 10.10.10.0/24

These are two routes, but only one destination (prefix). The maximum-paths
limit applies the total number of routes (two). The maximum-prefixes limit
applies to the total number of unique prefixes (one).

Options log-interval seconds—(Optional) Minimum time interval (in seconds) between log
messages.
Range: 5 through 86,400

log-only—(Optional) Sets the route limit as an advisory limit. An advisory limit triggers
only a warning, and additional routes are not rejected.

path-limit—Maximum number of routes. If this limit is reached, a warning is triggered and

additional routes are rejected.
32
Range: 1 through 4,294,967,295 (2 – 1)
Default: No default

threshold value—(Optional) Percentage of the maximum number of routes that starts

triggering warning. You can configure a percentage of the path-limit value that starts
triggering the warnings.
Range: 1 through 100

Copyright © 2011, Juniper Networks, Inc. 187

Junos OS 11.4 Routing Protocols Configuration Guide

NOTE: When the number or routes reaches the threshold value, routes are
still installed into the routing table while warning messages are sent. When
the number or routes reaches the path-limit value, then additional routes are
rejected.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Route Limits for Routing Tables on page 288

Documentation

188 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

maximum-prefixes

Syntax maximum-prefixes prefix-limit <log-interval seconds> <log-only | threshold value>;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced in Junos OS Release 8.0.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure a limit for the number of routes installed in a routing table based upon the
route prefix.

NOTE: The maximum-paths statement is similar to the maximum-prefixes

statement. The maximum-prefixes statement limits the number of unique
destinations in a routing instance. For example, suppose a routing instance
has the following routes:

OSPF 10.10.10.0/24
ISIS 10.10.10.0/24

Options log-interval seconds—(Optional) Minimum time interval (in seconds) between log
messages.
Range: 5 through 86,400

log-only—(Optional) Sets the prefix limit as an advisory limit. An advisory limit triggers
only a warning, and additional routes are not rejected.

prefix-limit—Maximum number of route prefixes. If this limit is reached, a warning is

triggered and any additional routes are rejected.
Range: 1 through 4,294,967,295
Default: No default

threshold value—(Optional) Percentage of the maximum number of prefixes that starts

triggering warning. You can configure a percentage of the prefix-limit value that starts
triggering the warnings.
Range: 1 through 100

Copyright © 2011, Juniper Networks, Inc. 189

Junos OS 11.4 Routing Protocols Configuration Guide

NOTE: When the number or routes reaches the threshold value, routes are
still installed into the routing table while warning messages are sent. When
the number or routes reaches the prefix-limit value, then additional routes
are rejected.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Route Limits for Routing Tables on page 288

Documentation

med-igp-update-interval

Syntax med-igp-update-interval minutes;

Hierarchy Level [edit routing-options]

Release Information Statement introduced in Junos OS Release 9.0

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure a timer for how long to delay updates for the multiple-exit discriminator (MED)
path attribute for BGP groups and peers configured with the metric-out igp offset
delay-med-update statement. The timer delays MED updates for the interval configured
unless the MED is lower than the previously advertised attribute or another attribute
associated with the route has changed or if the BGP peer is responding to a refresh route
request.

Options minutes—Interval to delay MED updates.

Default: 10 minutes
Range: 10 through 600

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • metric-out on page 1354

Documentation
• Example: Associating the MED Path Attribute with the IGP Metric and Delaying MED
Updates on page 1095

190 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

metric

See the following sections:

• metric on page 191

• metric (Aggregate, Generated, or Static Route) on page 192
• metric (Qualified Next Hop on Static Route) on page 193

metric
Syntax metric route-cost;

Hierarchy Level [edit routing-options access route ip-prefix</prefix-length>]

Release Information Statement introduced in Junos OS Release 10.1.

Description Configure the cost for an access route.

Options route-cost—Specific cost you want to assign to the access route.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Static Routes on page 61

Documentation

Copyright © 2011, Juniper Networks, Inc. 191

Junos OS 11.4 Routing Protocols Configuration Guide

metric (Aggregate, Generated, or Static Route)

Syntax (metric | metric2 | metric3 | metric4) metric <type type>;

Hierarchy Level [edit logical-systems logical-system-name routing-options (aggregate | generate | static)

(defaults | route)],
[edit routing-options (aggregate | generate | static) (defaults | route)]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Metric value for an aggregate, generated, or static route. You can specify up to four metric
values, starting with metric (for the first metric value) and continuing with metric2, metric3,
and metric4.

Options metric—Metric value.

32
Range: 0 through 4,294,967,295 (2 – 1)

type type—(Optional) Type of route.

Range: 1 through 16

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • aggregate on page 146

Documentation
• generate on page 172

• static on page 223

• Configuring a Metric Value for Static Routes on page 74

• Configuring a Metric Value for Aggregate Routes on page 98

• Configuring a Metric Value for Generated Routes on page 106

192 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

metric (Qualified Next Hop on Static Route)

Syntax metric metric;

Hierarchy Level [edit logical-systems logical-system-name routing-options static route destination-prefix

qualified-next-hop],
[edit routing-options static route destination-prefix qualified-next-hop]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Metric value for a static route.

Options metric—Metric value.

32
Range: 0 through 4,294,967,295 (2 – 1)

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • qualified-next-hop on page 203

Documentation
• static on page 223

• Configuring an Independent Preference for Static Routes on page 64

Copyright © 2011, Juniper Networks, Inc. 193

Junos OS 11.4 Routing Protocols Configuration Guide

multicast

Syntax multicast {
forwarding-cache {
threshold suppress value <reuse value>;
}
interface interface-name {
enable;
}
scope scope-name {
interface [ interface-names ];
prefix destination-prefix;
}
ssm-groups {
address;
}
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure generic multicast properties.

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • (indirect-next-hop on page 178 | no-indirect-next-hop)

Documentation
• Configuring Multicast Scoping on page 126

• Configuring Additional Source-Specific Multicast Groups on page 127

• Junos OS Multicast Protocols Configuration Guide

194 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

next-hop (Access)

Syntax next-hop next-hop;

Hierarchy Level [edit routing-options access route ip-prefix</prefix-length>]

Release Information Statement introduced in Junos OS Release 10.1.

Description Configure the next-hop address for an access route. Access routes are typically
unnumbered interfaces.

Options next-hop—Specific next-hop address you want to assign to the access route.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Static Routes on page 61

Documentation

next-hop (Access Internal)

Syntax next-hop next-hop;

Hierarchy Level [edit routing-options access-internal route ip-prefix</prefix-length>]

Release Information Statement introduced in Junos OS Release 10.1.

Description Configure the next-hop address for an internal access route. Access routes are typically
unnumbered interfaces.

Options next-hop—Specific next-hop address you want to assign to the internal access route.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Static Routes on page 61

Documentation

no-install

See install

no-readvertise

See readvertise

no-retain

See retain

Copyright © 2011, Juniper Networks, Inc. 195

Junos OS 11.4 Routing Protocols Configuration Guide

nonstop-routing

Syntax nonstop-routing;

Hierarchy Level [edit logical-systems logical-system-name routing-options],

[edit logical-systems logical-system-name routing-instances routing-instance-name
routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced in Junos OS Release 8.4.

Description For routing platforms with two Routing Engines, configure a master Routing Engine to
switch over gracefully to a backup Routing Engine and to preserve routing protocol
information.

Default disabled

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Enabling Nonstop Active Routing on page 137

Documentation
• Junos OS High Availability Configuration Guide

196 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

options

Syntax options {
syslog (level level | upto level level);
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure the types of system logging messages sent about the routing protocols process
to the system message logging file. These messages are also displayed on the system
console. You can log messages at a particular level, or up to and including a particular
level.

Options level level—Severity of the message. It can be one or more of the following levels, in order
of decreasing urgency:

• alert—Conditions that should be corrected immediately, such as a corrupted system

database.

• critical—Critical conditions, such as hard drive errors.

• debug—Software debugging messages.

• emergency—Panic or other conditions that cause the system to become unusable.

• error—Standard error conditions.

• info—Informational messages.

• notice—Conditions that are not error conditions, but might warrant special handling.

• warning—System warning messages.

upto level level—Log all messages up to a particular level.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • syslog in the Junos OS System Basics Configuration Guide

Documentation
• Configuring System Logging for the Routing Protocol Process on page 135

Copyright © 2011, Juniper Networks, Inc. 197

Junos OS 11.4 Routing Protocols Configuration Guide

p2mp-lsp-next-hop

Syntax p2mp-lsp-next-hop {
metric metric;
preference preference;
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options static route destination-prefix],
[edit logical-systems logical-system-name routing-options static route destination-prefix],
[edit routing-instances routing-instance-name routing-options static route destination-prefix].
[edit routing-options static route destination-prefix]

Release Information Statement introduced before Junos OS Release 7.4.

Description Specify a point-to-multipoint LSP as the next hop for a static route, and configure an
independent metric or preference on that next-hop LSP.

Options metric—Metric value.

32
Range: 0 through 4,294,967,295 (2 – 1)

preference—Preference value. A lower number indicates a more preferred route.

32
Range: 0 through 4,294,967,295 (2 – 1)
Default: 5

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Specifying an LSP as the Next Hop for Static Routes on page 68
Documentation

passive

See active

198 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

policy

Syntax policy policy-name;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Associate a routing policy when configuring an aggregate or generated route’s destination
prefix in the routes part of the aggregate or generate statement. This provides the
equivalent of an import routing policy filter for the destination prefix. That is, each potential
contributor to an aggregate route, along with any aggregate options, is passed through
the policy filter. The policy then can accept or reject the route as a contributor to the
aggregate route and, if the contributor is accepted, the policy can modify the default
preferences. The contributor with the numerically smallest prefix becomes the most
preferred, or primary, contributor. A rejected contributor still can contribute to a less
specific aggregate route. If you do not specify a policy filter, all candidate routes contribute
to an aggregate route.

Options policy-name—Name of a routing policy.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • aggregate on page 146

Documentation
• generate on page 172

• Configuring Aggregate Routes on page 95

• Configuring Generated Routes on page 103

Copyright © 2011, Juniper Networks, Inc. 199

Junos OS 11.4 Routing Protocols Configuration Guide

ppm

Syntax ppm {
no-delegate-processing;
}

Hierarchy Level [edit logical-systems logical-system-name routing-options],

[edit routing-options]

Release Information Statement introduced in Junos OS Release 8.2.

Statement introduced in Junos OS Release 10.2 for EX Series switches.
no-delegate-processing statement introduced in Junos OS Release 9.4.
no-delegate-processing statement introduced in Junos OS Release 10.2 for EX Series
switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description (M120, M320, MX Series, T Series, TX Matrix routers, M7i and M10i routers with Enhanced
CFEB [CFEB-E], and EX Series switches only) Disable distributed periodic packet
management (PPM) to the Packet Forwarding Engine (on routers), to access ports (on
EX3200 and EX4200 switches), or line cards (on EX8200 switches).

After you disable PPM, PPM processing continues to run on the Routing Engine.

Default enabled

Options no-delegate-processing—Disable PPM to the Packet Forwarding Engine, access ports, or

line cards. Distributed PPM is enabled by default.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Disabling Distributed Periodic Packet Management on the Packet Forwarding Engine
Documentation on page 140

• Configuring Distributed Periodic Packet Management on an EX Series Switch (CLI

Procedure)

200 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

preference

Syntax (preference | preference2 | color | color2) preference <type type>;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Preference value for a static, aggregated, or generated route. You also can specify a
secondary preference value (preference2), as well as colors, which are even finer-grained
preference values (color and color2).

Options preference—Preference value. A lower number indicates a more preferred route.

32
Range: 0 through 4,294,967,295 (2 – 1)
Default: 5 (for static routes), 130 (for aggregate and generated routes)

type—(Optional) Type of route.

Range: 1 through 16

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • aggregate on page 146

Documentation
• generate on page 172

• static on page 223

• Configuring Static Routes on page 61

• Configuring Aggregate Routes on page 95

• Configuring Generated Routes on page 103

Copyright © 2011, Juniper Networks, Inc. 201

Junos OS 11.4 Routing Protocols Configuration Guide

preference (Access)

Syntax preference route-distance;

Hierarchy Level [edit routing-options access route ip-prefix</prefix-length>]

Release Information Statement introduced in Junos OS Release 10.1.

Description Configure the distance for an access route.

Options route-distance—Specific distance you want to assign to the access route.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Static Routes on page 61

Documentation

prefix

Syntax prefix destination-prefix;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure the prefix for multicast scopes.

Options destination-prefix—Address range for the multicast scope.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • multicast on page 194

Documentation
• Configuring Multicast Scoping on page 126

202 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

qualified-next-hop

Syntax qualified-next-hop (address | interface-name) {

interface interface-name;
metric metric;
preference preference;
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options static route destination-prefix],
[edit logical-systems logical-system-name routing-options rib inet6.0 static route
destination-prefix],
[edit logical-systems logical-system-name routing-options static route destination-prefix],
[edit routing-instances routing-instance-name routing-options static route destination-prefix],
[edit routing-options rib inet6.0 static route destination-prefix],
[edit routing-options static route destination-prefix]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure an independent metric or preference on a static route.

Options address—IPv4, IPv6, or ISO network address of the next hop.

interface-name—Name of the interface on which to configure an independent metric or

preference for a static route. To configure an unnumbered Ethernet interface as the
next-hop interface for a static route, specify qualified-next-hop interface-name, where
interface-name is the name of the IPv4 or IPv6 unnumbered Ethernet interface.

metric—Metric value.
32
Range: 0 through 4,294,967,295 (2 – 1)

preference—Preference value. A lower number indicates a more preferred route.

32
Range: 0 through 4,294,967,295 (2 – 1)
Default: 5

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring an Independent Preference for Static Routes on page 64

Documentation

Copyright © 2011, Juniper Networks, Inc. 203

Junos OS 11.4 Routing Protocols Configuration Guide

qualified-next-hop (Access)

Syntax qualified-next-hop next-hop;

Hierarchy Level [edit routing-options access route ip-prefix</prefix-length>]

Release Information Statement introduced in Junos OS Release 10.1.

Description Configure the qualified next-hop address for an access route.

Options next-hop—The specific qualified next-hop address you want to assign to the access route.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Static Routes on page 61

Documentation

qualified-next-hop (Access-Internal)

Syntax qualified-next-hop next-hop;

Hierarchy Level [edit routing-options access-internal route ip-prefix</prefix-length>]

Release Information Statement introduced in Junos OS Release 10.1.

Description Configure the qualified next-hop address for an internal access route.

Options next-hop—Specific qualified next-hop address you want to assign to the access route.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Static Routes on page 61

Documentation

204 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

readvertise

Syntax (readvertise | no-readvertise);

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options rib routing-table-name static (defaults | route)],
[edit logical-systems logical-system-name routing-instances routing-instance-name
routing-options static (defaults | route)],
[edit logical-systems logical-system-name routing-options rib routing-table-name static
(defaults | route)],
[edit logical-systems logical-system-name routing-options static (defaults | route)],
[edit routing-instances routing-instance-name routing-options rib routing-table-name static
(defaults | route)],
[edit routing-instances routing-instance-name routing-options static (defaults | route)],
[edit routing-options rib routing-table-name static (defaults | route)],
[edit routing-options static (defaults | route)]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure whether static routes are eligible to be readvertised by routing protocols:

• readvertise—Readvertise static routes.

• no-readvertise—Mark a static route as being ineligible for readvertisement; include the

no-readvertise option when configuring the route.

Default readvertise

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • static on page 223

Documentation
• Configuring Static Routes on page 61

Copyright © 2011, Juniper Networks, Inc. 205

Junos OS 11.4 Routing Protocols Configuration Guide

resolution

Syntax resolution {
rib routing-table-name {
import [ policy-names ];
resolution-ribs [ routing-table-names ];
}
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure route resolution.

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Route Resolution on page 136

Documentation

206 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

resolution-ribs

Syntax resolution-ribs [ routing-table-names ];

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Specify one or more routing tables to use for route resolution.

The remaining statements are explained separately.

Options routing-table-names—Name of one or more routing tables.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Route Resolution on page 136

Documentation

Copyright © 2011, Juniper Networks, Inc. 207

Junos OS 11.4 Routing Protocols Configuration Guide

resolve

Syntax resolve;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure statically configured routes to be resolved to a next hop that is not directly
connected. The route is resolved through the inet.0 and inet.3 routing tables.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • static on page 223

Documentation
• Controlling Resolution of Static Routes to Prefixes That Are Not Directly Connected
on page 80

208 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

restart-duration

Syntax restart-duration seconds;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure the restart timer for graceful restart.

Options restart-duration seconds—Configure the time period for the restart to last.
Range: 120 through 900 seconds
Default: 90 seconds

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Graceful Restart on page 132

Documentation

Copyright © 2011, Juniper Networks, Inc. 209

Junos OS 11.4 Routing Protocols Configuration Guide

retain

Syntax (retain | no-retain);

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure statically configured routes to be deleted from or retained in the forwarding
table when the routing protocol process shuts down normally:

• retain—Have a static route remain in the forwarding table when the routing protocol
process shuts down normally. Doing this greatly reduces the time required to restart
a system that has a large number of routes in its routing table.

• no-retain—Delete statically configured routes from the forwarding table when the
routing protocol process shuts down normally.

Default no-retain

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • static on page 223

Documentation
• Configuring Static Routes on page 61

210 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

rib

See the following sections:

• rib (General) on page 212

• rib (Route Resolution) on page 214

Copyright © 2011, Juniper Networks, Inc. 211

Junos OS 11.4 Routing Protocols Configuration Guide

rib (General)
Syntax rib routing-table-name {
aggregate {
defaults {
... aggregate-options ...
}
route destination-prefix {
policy policy-name;
... aggregate-options ...
}
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
martians {
destination-prefix match-type <allow>;
}
}
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
next-hop;
static-options;
}
}
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Create a routing table.

Explicitly creating a routing table with the routing-table-name statement is optional if you
are not adding any static, martian, aggregate, or generated routes to the routing table
and if you also are creating a routing table group. Simply including the passive statement
to indicate that a routing table is part of a routing table group is sufficient to create it.

212 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

NOTE: The IPv4 multicast routing table (inet.1) and the IPv6 multicast routing
table (inet6.1) are not supported for this statement.

Default If you do not specify a routing table name with the routing-table-name statement, the
software uses the default routing tables, which are inet.0 for unicast routes and inet.1 for
the multicast cache.

Options routing-table-name—Name of the routing table, in the following format:

protocol [.identifier].

In a routing instance, the routing table name must include the routing instance name.
For example, if the routing instance name is link0, the routing table name might be
link0.inet6.0.

• protocol is the protocol family. It can be inet6 for the IPv6 family, inet for the IPv4 family,
iso for the ISO protocol family, or instance-name.iso.0 for an ISO routing instance.

• identifier is a positive integer that specifies the instance of the routing table.

Default: inet.0

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • passive on page 198

Documentation
• Example: Creating Routing Tables on page 60

Copyright © 2011, Juniper Networks, Inc. 213

Junos OS 11.4 Routing Protocols Configuration Guide

rib (Route Resolution)

Syntax rib routing-table-name {
import [ policy-names ];
resolution-ribs [ routing-table-names ];
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options resolution],
[edit logical-systems logical-system-name routing-options resolution],
[edit routing-instances routing-instance-name routing-options resolution],
[edit routing-options resolution]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Specify a routing table name for route resolution.

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Route Resolution on page 136

Documentation

214 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

rib-group

Syntax rib-group group-name;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options interface-routes],
[edit logical-systems logical-system-name routing-options interface-routes],
[edit logical-systems logical-system-name routing-options rib routing-table-name static],
[edit logical-systems logical-system-name routing-options static],
[edit routing-instances routing-instance-name routing-options interface-routes],
[edit routing-options interface-routes],
[edit routing-options rib routing-table-name static],
[edit routing-options static]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure which routing table groups interface routes are imported into.

Options group-name—Name of the routing table group. The name must start with a letter and
can include letters, numbers, and hyphens. It generally does not make sense to
specify more than a single routing table group.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • interface-routes on page 183

Documentation
• rib-groups on page 216

• Configuring How Interface Routes Are Imported into Routing Tables on page 125

• Creating Routing Table Groups on page 123

Copyright © 2011, Juniper Networks, Inc. 215

Junos OS 11.4 Routing Protocols Configuration Guide

rib-groups

Syntax rib-groups {
group-name {
export-rib group-name;
import-policy [ policy-names ];
import-rib [ group-names ];
}
}

Hierarchy Level [edit logical-systems logical-system-name routing-options],

[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Group one or more routing tables to form a routing table group. A routing protocol can
import routes into all the routing tables in the group and can export routes from a single
routing table.

Each routing table group must contain one or more routing tables that the Junos OS uses
when importing routes (specified in the import-rib statement) and optionally can contain
one routing table group that the Junos OS uses when exporting routes to the routing
protocols (specified in the export-rib statement).

Options group-name—Name of the routing table group. The name must start with a letter and
can include letters, numbers, and hyphens.

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • rib-group on page 215

Documentation
• Creating Routing Table Groups on page 123

216 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

route (Access)

Syntax route ip-prefix</prefix-length> {

metric route-cost;
next-hop next-hop;
preference route-distance;
qualified-next-hop next-hop;
tag tag-number;
}

Hierarchy Level [edit routing-options access]

Release Information Statement introduced in Junos OS Release 10.1.

Description Configure the parameters for access routes.

Options ip-prefix</prefix-length>—Specific route prefix that you want to assign to the access
route.

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Static Routes on page 61

Documentation

route (Access-Internal)

Syntax route ip-prefix</prefix-length> {

next-hop next-hop;
qualified-next-hop next-hop;
}

Hierarchy Level [edit routing-options access-internal]

Release Information Statement introduced in Junos OS Release 10.1.

Description Configure the parameters for internal access routes.

Options ip-prefix</prefix-length>—Specific route prefix that you want to assign to the internal
access route.

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Static Routes on page 61

Documentation

Copyright © 2011, Juniper Networks, Inc. 217

Junos OS 11.4 Routing Protocols Configuration Guide

route-distinguisher-id

Syntax route-distinguisher-id address;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure a route distinguisher identifier for a routing instance, specifying an IP address.
If a route distinguisher is configured for a particular routing instance, that value supersedes
the route distinguisher configured by this statement.

Options address—IP address.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Route Distinguishers for VRF and Layer 2 VPN Instances on page 133
Documentation

route-record

Syntax route-record;

Hierarchy Level [edit logical-systems logical-system-name routing-options],

[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Export the AS path and routing information to the traffic sampling process.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Route Recording for Flow Aggregation on page 123

Documentation
• Junos OS Services Interfaces Configuration Guide

218 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

router-id

Syntax router-id address;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Specify the routing device’s IP address.

Options address—IP address of the routing device.

Default: Address of the first interface encountered by the Junos OS

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Router Identifiers for BGP and OSPF on page 122
Documentation

routing-options

Syntax routing-options { ... }

Hierarchy Level [edit],

[edit logical-systems logical-system-name],
[edit logical-systems logical-system-name routing-instances routing-instance-name],
[edit routing-instances routing-instance-name]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure protocol-independent routing properties.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Protocol-Independent Routing Properties Configuration Statements

Documentation

Copyright © 2011, Juniper Networks, Inc. 219

Junos OS 11.4 Routing Protocols Configuration Guide

scope

Syntax scope scope-name {

interface [ interface-names ];
prefix destination-prefix;
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure the set of interfaces for multicast scoping.

Options scope-name—Name of the multicast scope.

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • multicast on page 194

Documentation
• Configuring Multicast Scoping on page 126

220 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

source-address

Syntax source-address address;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options dynamic-tunnels tunnel-name,
[edit logical-systems logical-system-namerouting-options dynamic-tunnels tunnel-name,
[edit routing-instances routing-instance-name routing-options dynamic-tunnels tunnel-name],
[edit routing-options dynamic-tunnels tunnel-name]

Release Information Statement introduced before Junos OS Release 7.4.

Description Specify the source address for the generic routing encapsulation (GRE) tunnels. The
source address specifies the address used as the source for the local tunnel endpoint.
This address can be any local address on the router (typically the router ID or the loopback
address).

Options address—Name of the source address.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Dynamic GRE Tunnels for VPNs on page 134

Documentation

source-routing

Syntax source-routing {
(ip | ipv6)
}

Hierarchy Level [edit routing-options]

Release Information Statement for IPv6 introduced in Junos OS Release 8.2.

Statement for IPv4 introduced in Junos OS Release 8.5.
Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Enable source routing.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Enabling Source Routing on page 141

Documentation

Copyright © 2011, Juniper Networks, Inc. 221

Junos OS 11.4 Routing Protocols Configuration Guide

ssm-groups

Syntax ssm-groups {
address;
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options multicast]
[edit logical-systems logical-system-name routing-options multicast],
[edit routing-instances routing-instance-name routing-options multicast],
[edit routing-options multicast]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure additional (source-specific multicast) SSM groups.

Options address—Address range of the additional SSM group.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • multicast on page 194

Documentation
• Configuring Additional Source-Specific Multicast Groups on page 127

222 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

static

Syntax static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}
local-address ip-address;
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
minimum-receive-ttl number;
multiplier number;
neighbor address;
no-adaptation;
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
version (1 | automatic);
}
next-hop address;
next-hop options;
qualified-next-hop address {
metric metric;
preference preference;
}
static-options;
}
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-options],
[edit logical-systems logical-system-name routing-options rib routing-table-name],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options],
[edit routing-options rib routing-table-name]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Support for BFD authentication introduced in Junos 9.6.
Support for BFD authentication introduced in Junos 9.6 for EX Series switches.

Copyright © 2011, Juniper Networks, Inc. 223

Junos OS 11.4 Routing Protocols Configuration Guide

Description Configure static routes to be installed in the routing table. You can specify any number
of routes within a single static statement, and you can specify any number of static
options in the configuration.

224 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

Options defaults—Specify global static route options. These options only set default attributes
inherited by all newly created static routes. These are treated as global defaults and
apply to all the static routes you configure in the static statement. This part of the
static statement is optional.

route destination-prefix—Destination of the static route.

• defaults—For the default route to the destination. This is equivalent to specifying an

IP address of 0.0.0.0/0.

• destination-prefix/prefix-length—destination-prefix is the network portion of the IP

address, and prefix-length is the destination prefix length.

• next-hop address—Reach the next-hop routing device by specifying an IP address, an

interface name, or an ISO network entity title (NET).

• nsap-prefix—nsap-prefix is the network service access point (NSAP) address for ISO.

next-hop options—Additional information for how to manage forwarding of packets to

the next hop.

• discard—Do not forward packets addressed to this destination. Instead, drop the
packets, do not send ICMP unreachable messages to the packets’ originators, and
install a reject route for this destination into the routing table.

• iso-net—Reach the next-hop routing device by specifying an ISO NSAP.

• next-table routing-table-name—Name of the next routing table to the destination.

• receive—Install a route for this next-hop destination into the routing table.

The receive option forces the packet to be sent to the Routing Engine.

The receive option can be useful in the following cases:

• For receiving MPLS packets destined to a VRF instance's loopback address

• For receiving packets on a link's subnet address, with zeros in the host portion of the
address

• reject—Do not forward packets addressed to this destination. Instead, drop the packets,
send ICMP unreachable messages to the packets’ originators, and install a reject route
for this destination into the routing table.

static-options—(Optional under route) Additional information about static routes, which

is included with the route when it is installed in the routing table.

You can specify one or more of the following in static-options. Each of the options is
explained separately.

• (active | passive);

• as-path <as-path> <origin (egp | igp | incomplete)> <atomic-aggregate> <aggregator

as-number in-address>;

Copyright © 2011, Juniper Networks, Inc. 225

Junos OS 11.4 Routing Protocols Configuration Guide

• community [ community-ids ];

• (install | no-install);

• (metric | metric2 | metric3 | metric4) value <type type>;

• (preference | preference2 | color | color2) preference <type type>;

• (readvertise | no-readvertise);

• (resolve | no-resolve);

• (no-retain | retain);

• tag string;

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Static Routes on page 61

Documentation

226 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

tag

Syntax tag string;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Associate an OSPF tag with a static, aggregate, or generated route.

Options string—OSPF tag string.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • aggregate on page 146

Documentation
• generate on page 172

• static on page 223

• Configuring Static Routes on page 61

• Configuring Aggregate Routes on page 95

• Configuring Generated Routes on page 103

Copyright © 2011, Juniper Networks, Inc. 227

Junos OS 11.4 Routing Protocols Configuration Guide

tag (Access)

Syntax tag tag-number;

Hierarchy Level [edit routing-options access route ip-prefix</prefix-length>]

Release Information Statement introduced in Junos OS Release 10.1.

Description Configure a tag for an access route.

Options tag-number—Tag number for the access route.

Required Privilege interface—To view this statement in the configuration.

Level interface-control—To add this statement to the configuration.

Related • Configuring Static Routes on page 61

Documentation

threshold

Syntax threshold suppress value <reuse value>;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options multicast forwarding-cache],
[edit logical-systems logical-system-name routing-options multicast forwarding-cache],
[edit routing-instances routing-instance-name routing-options multicast forwarding-cache],
[edit routing-options multicast forwarding-cache]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.2 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Configure the suppression and reuse thresholds for multicast forwarding cache limits.

Options reuse value—Value at which to begin creating new multicast forwarding cache entries.
This value is optional. If configured, this number should be less than the suppress
value.
Range: 1 through 200,000

suppress value—Value at which to begin suppressing new multicast forwarding cache

entries. This value is mandatory. This number should be greater than the reuse value.
Range: 1 through 200,000

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Multicast Forwarding Cache Limits on page 128

Documentation

228 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

traceoptions

Syntax traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <disable>;
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options],
[edit logical-systems logical-system-name routing-instances routing-instance-name
routing-options multicast],
[edit logical-systems logical-system-name routing-options],
[edit logical-systems logical-system-name routing-options multicast],
[edit routing-instances routing-instance-name routing-options],
[edit routing-instances routing-instance-name routing-options multicast],
[edit routing-options],
[edit routing-options multicast],
[edit routing-options flow]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Define tracing operations that track all routing protocol functionality in the routing device.

To specify more than one tracing operation, include multiple flag statements.

Default If you do not include this statement, no global tracing operations are performed.

Options Values:

disable—(Optional) Disable the tracing operation. You can use this option to disable a
single operation when you have defined a broad group of tracing operations, such
as all.

file filename—Name of the file to receive the output of the tracing operation. Enclose the
name within quotation marks. All files are placed in the directory /var/log. We
recommend that you place global routing protocol tracing output in the file
routing-log.

files number—(Optional) Maximum number of trace files. When a trace file named
trace-file reaches its maximum size, it is renamed trace-file.0, then trace-file.1, and
so on, until the maximum number of trace files is reached. Then, the oldest trace file
is overwritten. Note that if you specify a maximum number of files, you also must
specify a maximum file size with the size option.
Range: 2 through 1000 files
Default: 10 files

flag flag—Tracing operation to perform. To specify more than one tracing operation,
include multiple flag statements. These are the global routing protocol tracing
options:

Copyright © 2011, Juniper Networks, Inc. 229

Junos OS 11.4 Routing Protocols Configuration Guide

• all—All tracing operations

• condition-manager—Condition-manager events

• config-internal—Configuration internals

• general—All normal operations and routing table changes (a combination of the normal
and route trace operations)

• graceful-restart—Graceful restart operations

• normal—All normal operations

• nsr-synchronization—Nonstop active routing synchronization

• parse—Configuration parsing

• policy—Routing policy operations and actions

• regex-parse—Regular-expression parsing

• route—Routing table changes

• state—State transitions

• task—Interface transactions and processing

• timer—Timer usage

no-world-readable—(Optional) Prevent any user from reading the log file.

size size—(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes (MB),
or gigabytes (GB). When a trace file named trace-file reaches this size, it is renamed
trace-file.0. When the trace-file again reaches its maximum size, trace-file.0 is renamed
trace-file.1 and trace-file is renamed trace-file.0. This renaming scheme continues
until the maximum number of trace files is reached. Then, the oldest trace file is
overwritten. Note that if you specify a maximum file size, you also must specify a
maximum number of trace files with the files option.
Syntax: xk to specify KB, xm to specify MB, or xg to specify GB
Range: 10 KB through the maximum file size supported on your system
Default: 128 KB

world-readable—(Optional) Allow any user to read the log file.

Required Privilege routing and trace—To view this statement in the configuration.
Level routing-control and trace-control—To add this statement to the configuration.

Related • Tracing Global Routing Protocol Operations on page 138

Documentation

230 Copyright © 2011, Juniper Networks, Inc.

Chapter 6: Summary of Protocol-Independent Routing Properties Configuration Statements

tunnel-type

Syntax tunnel-type type;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name

routing-options dynamic-tunnels tunnel-name],
[edit logical-systems logical-system-namerouting-options dynamic-tunnels tunnel-name,
[edit routing-instances routing-instance-name routing-options dynamic-tunnels tunnel-name],
[edit routing-options dynamic-tunnels tunnel-name

Release Information Statement introduced before Junos OS Release 7.4.

Description Specify the type of tunnel to be dynamically created. The only valid value is gre (for GRE
tunnels).

Options type—Tunnel type.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Dynamic GRE Tunnels for VPNs on page 134

Documentation

unicast-reverse-path

Syntax unicast-reverse-path (active-paths | feasible-paths);

Hierarchy Level [edit logical-systems logical-system-name routing-options forwarding-table],

[edit routing-instances routing-instance-name instance-type name routing-options
forwarding-table],
[edit routing-options forwarding-table]

Release Information Statement introduced before Junos OS Release 7.4.

Support for routing instances added in Junos OS Release 8.3.

Description Control the operation of unicast reverse-path-forwarding check.

Options active-paths—Consider only active paths during the unicast reverse-path check.

feasible-paths—Consider all feasible paths during the unicast reverse-path check.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Unicast Reverse-Path-Forwarding Check on page 131

Documentation
• Junos OS Network Interfaces Configuration Guide

Copyright © 2011, Juniper Networks, Inc. 231

Junos OS 11.4 Routing Protocols Configuration Guide

232 Copyright © 2011, Juniper Networks, Inc.

PART 3

Routing Instances
• Introduction to Routing Instances on page 235
• Routing Instances Configuration Guidelines on page 239
• Summary of Routing Instances Configuration Statements on page 291

Copyright © 2011, Juniper Networks, Inc. 233

Junos OS 11.4 Routing Protocols Configuration Guide

234 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 7

Introduction to Routing Instances

This chapter discusses the following topics:

• Routing Instances Overview on page 235

Routing Instances Overview

You can create multiple instances of BGP, IS-IS, LDP, Multicast Source Discovery Protocol
(MSDP), OSPF version 2 (usually referred to simply as OSPF), OSPF version 3 (OSPFv3),
Protocol Independent Multicast (PIM), RIP, and static routes by including statements at
the following hierarchy levels:

• [edit routing-instances routing-instance-name protocols]

• [edit logical-systems logical-system-name routing-instances routing-instance-name

protocols]

NOTE: You can also create multiple routing instances for separating routing
tables, routing policies, and interfaces for individual DHCP wholesale
subscribers (retailers) in a layer 3 wholesale network. For information about
how to configure layer 3 wholesale network services, see the Junos OS
Broadband Subscriber Management Solutions Guide.

A routing instance is a collection of routing tables, interfaces, and routing protocol

parameters. The set of interfaces belongs to the routing tables, and the routing protocol
parameters control the information in the routing tables.

You can configure eight types of routing instances: forwarding, Layer 2 control (MX Series
routers only), Layer 2 virtual private network (VPN), nonforwarding, VPN routing and
forwarding (VRF), virtual router, virtual private LAN service (VPLS), and virtual switch
(MX Series routers only).

Each routing instance has a unique name and a corresponding IP unicast table. For
example, if you configure a routing instance with the name my-instance, the corresponding
IP unicast table is my-instance.inet.0. All routes for my-instance are installed into
my-instance.inet.0.

Copyright © 2011, Juniper Networks, Inc. 235

Junos OS 11.4 Routing Protocols Configuration Guide

NOTE: The default routing instance, master, refers to the main inet.0 routing
table. The master routing instance is reserved and cannot be specified as a
routing instance.

Each routing instance consists of sets of the following:

• Routing tables

• Interfaces that belong to these routing tables

• Routing option configurations

You can configure eight types of routing instances:

• Forwarding—Use this routing instance type for filter-based forwarding applications.

For this instance type, there is no one-to-one mapping between an interface and a
routing instance. All interfaces belong to the default instance inet.0.

• Layer 2 Backhaul VPN—(MX Series routers only) Use this routing instance type to
provide support for Layer 2 wholesale VLAN packets with no existing corresponding
logical interface. When using this instance, the router learns both the outer tag and
inner tag of the incoming packets, when the instance-role statement is defined as
access, or the outer VLAN tag only, when the instance-role statement is defined as nni.

• Layer2-control—(MX Series routers only) Use this routing instance type for RSTP or
MSTP in customer edge interfaces of a VPLS routing instance. This instance type
cannot be used if the customer edge interface is multihomed to two provider edge
interfaces. If the customer edge interface is multihomed to two provider edge interfaces,
use the default BPDU tunneling.

• Layer 2 VPN—Use this routing instance type for Layer 2 virtual private network (VPN)
implementations.

• Nonforwarding—Use this routing instance type when a separation of routing table

information is required. There is no corresponding forwarding table. All routes are
installed into the default forwarding table. IS-IS instances are strictly nonforwarding
instance types.

• Virtual router—Similar to a VPN routing and forwarding instance type, but used for
non-VPN-related applications. There are no virtual routing and forwarding (VRF)
import, VRF export, VRF target, or route distinguisher requirements for this instance
type.

• Virtual switch—(MX Series routers only) Use the virtual switch instance type to isolate
a LAN segment with its Spanning Tree Protocol (STP) instance and separates its VLAN
identifier space. For more detail information about configuring a virtual switch, see the
Junos OS Layer 2 Configuration Guide and the Junos OS MX Series 3D Universal Edge Routers
Solutions Guide.

236 Copyright © 2011, Juniper Networks, Inc.

Chapter 7: Introduction to Routing Instances

• VPLS—Use the virtual private local-area network service (VPLS) routing instance type
for point-to-multipoint LAN implementations between a set of sites in a VPN.

• VRF—Use the VPN routing and forwarding routing (VRF) instance type for Layer 3 VPN
implementations. This routing instance type has a VPN routing table as well as a
corresponding VPN forwarding table. For this instance type, there is a one-to-one
mapping between an interface and a routing instance. Each VRF instance corresponds
with a forwarding table. Routes on an interface go into the corresponding forwarding
table.

Configure global routing options and protocols for the master instance by including
statements at the [edit protocols] and [edit routing-options] hierarchy levels. Routes are
installed into the master routing instance inet.0 by default, unless a routing instance is
specified.

Multiple instances of BGP, OSPF, and RIP are used for Layer 3 VPN implementation. The
multiple instances of BGP, OSPF, and RIP keep routing information for different VPNs
separate. The VRF instance advertises routes from the customer edge (CE) router to the
provider edge (PE) router and advertises routes from the PE router to the CE router. Each
VPN receives only routing information belonging to that VPN.

Forwarding instances are used to implement filter-based forwarding for Common Access
Layer applications.

PIM instances are used to implement multicast over VPN applications.

Nonforwarding instances of IS-IS and OSPF can be used to separate a very large network
into smaller administrative entities. Instead of configuring a large number of filters,
nonforwarding instances can be used to filter routes, thereby instantiating policy.
Nonforwarding instances can be used to reduce the amount of routing information
advertised throughout all components of a network. Routing information associated with
a particular instance can be announced where required, instead of being advertised to
the whole network.

Layer 2 VPN instances are used for Layer 2 VPN implementation.

Virtual router instances are similar to a VPN routing and forwarding instance type, but
used for non-VPN-related applications. There are no VRF import, VRF export, VRF target,
or route distinguisher requirements for this instance type.

Use the VPLS routing instance type for point-to-multipoint LAN implementations between
a set of sites in a VPN.

Related • Junos OS VPNs Configuration Guide

Documentation
• Junos OS Layer 2 Configuration Guide

• Junos OS MX Series 3D Universal Edge Routers Solutions Guide

Copyright © 2011, Juniper Networks, Inc. 237

Junos OS 11.4 Routing Protocols Configuration Guide

238 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 8

Routing Instances Configuration

Guidelines

This chapter describes the following tasks for configuring routing instances:

• Complete Routing Instances Configuration Statements on page 240

• Routing Instances Minimum Configuration on page 244
• Configuring Multiple Instances of BGP on page 250
• Configuring Multiple Instances of IS-IS on page 251
• Configuring Multiple Instances of LDP on page 255
• Configuring Multiple Instances of MSDP on page 256
• Example: Configuring Multiple Routing Instances of OSPF on page 256
• Configuring Multiple Instances of PIM on page 263
• Configuring Multiple Instances of RIP on page 263
• Configuring Routing Instances on page 264
• Specifying the Instance Type for Routing Instances on page 266
• Configuring Route Distinguishers for Routing Instances on page 269
• Configuring Filter-Based Forwarding on page 270
• Configuring Class-of-Service-Based Forwarding on page 272
• Configuring Secondary VRF Import and Export Policy on page 273
• Configuring Policy-Based Export for Routing Instances on page 274
• Example: Exporting Specific Routes from One Routing Table Into Another Routing
Table on page 278
• Configuring VRF Table Labels on page 283
• Configuring VRF Targets on page 283
• Configuring OSPF Domain IDs for VPNs on page 284
• Configuring Route Limits for Routing Tables on page 288
• Configuring Independent AS Domains on page 289

Copyright © 2011, Juniper Networks, Inc. 239

Junos OS 11.4 Routing Protocols Configuration Guide

Complete Routing Instances Configuration Statements

To configure routing instances, include the following statements:

access {
... address-assignment; ...
}
access-profile profile-name;
description text;
forwarding-options;
instance-role;
instance-type (forwarding |l2backhaul-vpn | l2vpn | layer2-control | no-forwarding |
virtual-router | virtual-switch | vpls | vrf);
interface interface-name;
bridge-domains {
bridge-domains-name {
domain-type bridge;
vlan-id (none | all | number);
vlan-tags outer number inner number;
interface interface-name;
routing-interface routing-interface-name;
bridge-options {
mac-limit limit;
mac-statistics;
mac-table-size limit;
no-mac-learning;
static-mac mac-address;
}
}
}
no-vrf-advertise;
no-vrf-propagate-ttl;
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy--names ];
vrf-propagate-ttl;
vrf-table-label;
vrf-target {
export community-name;
import community-name;
}
protocols {
bgp {
... bgp-configuration ...
}
isis {
... isis-configuration ...
}
l2vpn {
... l2vpn-configuration ...
}
ldp {
... ldp-configuration ...
}

240 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

msdp {
... msdp-configuration ...
}
mstp {
... mstp-configuration ...
}
ospf {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
... ospf-configuration ...
}
ospf3 {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
... ospf3-configuration ...
}
pim {
... pim-configuration ...
}
rip {
... rip-configuration ...
}
ripng {
... ripng-configuration ...
}
rstp {
... rstp-configuration ...
}
vpls {
... vpls-configuration ...
}
}
routing-options {
aggregate {
defaults {
... aggregate-options ...
}
route destination-prefix {
policy policy-name;
... aggregate-options ...
}
}
auto-export {
(disable | enable);
family {
inet {
multicast {
(disable | enable);
rib-group rib-group;
}
unicast {
(disable | enable);
rib-group rib-group;
}

Copyright © 2011, Juniper Networks, Inc. 241

Junos OS 11.4 Routing Protocols Configuration Guide

}
}
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
}
autonomous-system autonomous-system <loops number> {
independent-domain <no-attrset>;
}
confederation confederation-autonomous-system members autonomous-system;
fate-sharing {
group group-name;
cost value;
from address [to address];
}
forwarding-table {
export [ policy--names ];
(indirect-next-hop | no-indirect-next-hop);
}
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
instance-export [ policy-names ];
instance-import [ policy-names ];
interface-routes {
rib-group group-name;
}
martians {
destination-prefix match-type <allow>;
}
maximum-paths path-limit <log-only | threshold value log-interval seconds>;
maximum-prefixes prefix-limit <log-only | threshold value log-interval seconds>;
multicast {
scope scope-name {
interface [ interface-names ];
prefix destination-prefix;
}
ssm-groups {
address;
}
}
options {
syslog (level level | upto level);
}
rib routing-table-name {
aggregate {
defaults {
... aggregate-options ...
}

242 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

route destination-prefix {
policy policy-name;
... aggregate-options ...
}
}
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
martians {
destination-prefix match-type <allow>;
}
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
lsp-next-hop{
metric metric;
preference preference;
}
next-hop;
p2mp-lsp-next-hop {
metric metric;
preference preference;
}
qualified-next-hop address {
interface interface-name;
metric metric;
preference preference;
}
static-options;
}
}
}
route-record;
router-id address;
static {
defaults {
static-options;
}
rib-group group-name;
route destination-prefix {
lsp-next-hop {
metric metric;
preference preference;
}
next-hop;
p2mp-lsp-next-hop {
metric metric;

Copyright © 2011, Juniper Networks, Inc. 243

Junos OS 11.4 Routing Protocols Configuration Guide

preference preference;
}
qualified-next-hop address {
interface interface-name;
metric metric;
preference preference;
}
static-options;
}
}
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
}

You can include the statements at the following hierarchy levels:

• [edit routing-instances routing-instance-name]

• [edit logical-systems logical-system-name routing-instances routing-instance-name]

Routing Instances Minimum Configuration

You can configure BGP, IS-IS, Layer 2 VPN, LDP, MSDP, OSPF, OSPFv3, PIM, RIP, RIPng,
and VPLS routing instances.

This section discusses the following routing instance minimum configurations:

• Minimum Routing-Instance Configuration for BGP on page 244

• Minimum Routing-Instance Configuration for IS-IS on page 245
• Minimum Routing-Instance Configuration for Layer 2 VPNs on page 245
• Minimum Routing-Instance Configuration for LDP on page 246
• Minimum Routing-Instance Configuration for MSDP on page 246
• Minimum Routing-Instance Configuration for Multiprotocol BGP-Based Multicast
VPNs on page 247
• Minimum Routing-Instance Configuration for OSPF on page 247
• Minimum Routing-Instance Configuration for OSPFv3 on page 248
• Minimum Routing-Instance Configuration for PIM on page 248
• Minimum Routing-Instance Configuration for RIP on page 249
• Minimum Routing-Instance Configuration for VPLS on page 249

Minimum Routing-Instance Configuration for BGP

To configure a routing instance for BGP, you must include at least the following
statements:

[edit]
routing-instances {
routing-instance-name {

244 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

interface interface-name;
instance-type (forwarding | l2vpn | no-forwarding | virtual-router | vpls | vrf);
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
protocols {
bgp {
bgp configuration;
}
}
}
}

For more information about the BGP configuration statements, see Configuring BGP. For
more information about configuring VPNs, see the Junos OS VPNs Configuration Guide.

Minimum Routing-Instance Configuration for IS-IS

To configure a routing instance for IS-IS, you must include at least the following
statements in the configuration:

[edit]
routing-instances {
routing-instance-name {
interface interface-name;
instance-type (forwarding | l2vpn | no-forwarding | virtual-router | vpls | vrf);
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
protocols {
isis {
... isis configuration ...
}
}
}
}

For more information about the IS-IS configuration statements, see “Configuring IS-IS”
on page 344.

Minimum Routing-Instance Configuration for Layer 2 VPNs

To create a routing instance for Layer 2 VPN, you must include at least the following
statements in the configuration:

[edit]
routing-instances {
routing-instance-name {
instance-type l2vpn;
interface interface-name;
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
protocols {
l2vpn {
... l2vpn-configuration ...

Copyright © 2011, Juniper Networks, Inc. 245

Junos OS 11.4 Routing Protocols Configuration Guide

}
}
}
}

For more information about configuring Layer 2 VPNs, see the Junos OS VPNs Configuration
Guide.

Minimum Routing-Instance Configuration for LDP

To create a routing instance for LDP, you must include at least the following statements
in the configuration:

[edit]
routing-instances {
routing-instance-name {
instance-type (forwarding | l2vpn | no-forwarding | virtual-router | vpls | vrf);
interface interface-name;
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
protocols {
ldp {
... ldp-configuration ...
}
}
}
}

For more information about configuring LDP, see the Junos OS MPLS Applications
Configuration Guide.

LDP routing instances are used to support LDP over VPNs. For more information about
configuring multicast over VPNs, see the Junos OS VPNs Configuration Guide.

Minimum Routing-Instance Configuration for MSDP

To create a routing instance for MSDP, you must include at least the following statements
in the configuration:

246 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

For more information about configuring MSDP, see the Junos OS Multicast Protocols
Configuration Guide.

Minimum Routing-Instance Configuration for Multiprotocol BGP-Based Multicast VPNs

To configure a routing instance for a multiprotocol BGP-based multicast VPN, you must
include at least the following minimum configuration:

[edit]
routing-instances {
routing-instance-name;
instance-type vrf;
interface interface-name;
provider-tunnel {
pim-asm {
group-address -address;
}
protocols {
mvpn;
route-target {
export-target {
target;
unicast;
}
import-target {
target {
receiver;
sender;
}
unicast {
receiver;
sender;
}
}
}
}
}
route-distinguisher (as:number | ip-address:number);
vrf-target community | export community-name | import community-name);
}
}

For more information about Multiprotocol BGP-based Multicast VPNs, see the Junos OS
VPNs Configuration Guide and the Junos OS Multicast Protocols Configuration Guide.

Minimum Routing-Instance Configuration for OSPF

To configure a routing instance for OSPF, you must include at least the following
statements in the configuration:

Copyright © 2011, Juniper Networks, Inc. 247

Junos OS 11.4 Routing Protocols Configuration Guide

vrf-import [ policy-names ];
vrf-export [ policy-names ];
protocols {
ospf {
... ospf-configuration ...
}
}
}
}

NOTE: You can configure a logical interface under only one routing instance.

For more information about the OSPF configuration statements, see Configuring OSPF.

Minimum Routing-Instance Configuration for OSPFv3

To configure a routing instance for OSPFv3, you must include at least the following
statements in the configuration:

[edit]
routing-instances {
routing-instance-name {
interface interface-name;
instance-type (no-forwarding | virtual-router | vrf);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
protocols {
ospf3 {
... ospf3-configuration ...
}
}
}
}

NOTE: You can configure a logical interface under only one routing instance.

NOTE: OSPFv3 supports the no-forwarding, virtual-router, and vrf routing

instance types only.

For more information about the OSPF configuration statements, see Configuring OSPF.

Minimum Routing-Instance Configuration for PIM

To create a routing instance for PIM, you must include at least the following statements
in the configuration:

[edit]
routing-instances {
routing-instance-name {
instance-type (forwarding | l2vpn | no-forwarding | virtual-router | vpls | vrf);

248 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

interface interface-name;
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
protocols {
pim {
... pim-configuration ...
}
}
}
}

For more information about configuring PIM, see the Junos OS Multicast Protocols
Configuration Guide.

PIM routing instances are used to support multicast over VPNs. For more detailed
information about configuring multicast over VPNs, see the Junos OS VPNs Configuration
Guide.

Minimum Routing-Instance Configuration for RIP

RIP instances are supported only for VPN routing and forwarding (VRF) instance types.
This instance type provides support for Layer 3 VPNs. To configure a routing instance for
RIP, you must include at least the following statements in the configuration:

[edit]
routing-instances {
routing-instance-name {
interface interface-name;
instance-type vrf;
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
protocols {
rip {
... rip-configuration ...
}
}
}
}

For more information about the RIP configuration statements, see “Configuring RIP” on
page 839. For more information about configuring VPNs, see the Junos OS VPNs Configuration
Guide.

Minimum Routing-Instance Configuration for VPLS

To create a routing instance for virtual private LAN services (VPLS), you must include at
least the following statements in the configuration:

[edit]
routing-instances {
routing-instance-name {
instance-type vpls;
interface interface-name;
route-distinguisher (as-number:number | ip-address:number);

Copyright © 2011, Juniper Networks, Inc. 249

Junos OS 11.4 Routing Protocols Configuration Guide

vrf-import [ policy-names ];
vrf-export [ policy-names ];
protocols {
vpls {
... vpls configuration ...
}
}
}
}

Related • Junos OS VPNs Configuration Guide

Documentation
• Junos OS Virtual Private LAN Services Feature Guide

Configuring Multiple Instances of BGP

You can configure multiple instances of BGP at the following hierarchy levels:

• [edit routing-instances routing-instance-name protocols]

• [edit logical-systems logical-system-name routing-instances routing-instance-name

protocols]

Multiple instances of BGP are primarily used for Layer 3 VPN support.

IGP peers and EBGP peers (both nonmultihop and multihop) are all supported for routing
instances. BGP peering is established over one of the interfaces configured under the
routing-instances hierarchy. Routes learned from the BGP peer are added to the
instance-name.inet.0 table by default. You can configure import and export policies to
control the flow of information into and out of the instance routing table.

For Layer 3 VPN support, configure BGP on the provider edge (PE) router to receive routes
from the customer edge (CE) router and to send the instances’ routes to the CE router
if necessary. You can use multiple instances of BGP to maintain separate per-site
forwarding tables for keeping VPN traffic separate on the PE router. For more detailed
information about configuring VPNs, see the Junos OS VPNs Configuration Guide.

You can configure import and export policies that allow the service provider to control
and rate-limit traffic to and from the customer.

Example: Configuring Multiple Instances of BGP

Configure multiple instances of BGP:

[edit]
routing-instances {
routing-instance-name {
interface so-1/1/1.0;
interface so-1/1/1.1;
instance-type vrf;
route distinguisher (as-number:number | ip-address:number);
protocols {
bgp {
group group-name {

250 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

peer-as 01;
type external;
import route-name;
export route-name;
neighbor 10.0.0.1;
}
}
}
}
}

You can configure an EBGP multihop session for a VRF routing instance. Also, you can
set up the EBGP peer between the PE and CE routers by using the loopback address of
the CE router instead of the interface addresses.

Configuring Multiple Instances of IS-IS

You can configure multiple instances of IS-IS for administrative separation.

To configure multiple routing instances, perform the following tasks:

1. Configure the IS-IS default instance at the [edit protocols isis] or [edit logical-systems
logical-system-name protocols isis] hierarchy levels with the statements needed for
your network so that routes are installed in inet.0 and in the forwarding table. Make
sure to include the routing table group.

2. Configure an IS-IS routing instance for each additional IS-IS routing entity, configuring
the following items:

• Interfaces

• Routing options

• IS-IS protocol statements belonging to that entity

• Routing table group

3. Configure a routing table group to install routes from the routing instance into the
inet.0 routing table. You can do this in two ways:

• Create a common routing table group so that either one of two conditions is
configured:

• Routes from the routing instances are installed in inet.0 and therefore installed
in the forwarding table.

• Routes from one router in a routing instance are forwarded to another router in
the same routing instance.

• Create a routing table group with just the routing table from one instance and inet.0
to keep the routes from going to other instances.

4. Create an export policy to export routes with a specific tag and to use that tag to
export routes back into the instances. For more information, see the Junos OS Routing
Policy Configuration Guide.

Copyright © 2011, Juniper Networks, Inc. 251

Junos OS 11.4 Routing Protocols Configuration Guide

Example: Configuring Multiple Routing Instances of IS-IS

Figure 4 on page 252 shows how you can use multiple instances of IS-IS to segregate
traffic within a large network. The network consists of three administrative entities:
voice-policy, other-policy, and the backbone or core. Each entity is composed of several
geographically separate sites that are connected by the backbone and managed by the
backbone entity.

Figure 4: Configuration for Multiple Routing Instances

Site A Site B

4 6

voice-policy other-policy

so-2/2/2.0 so-5/2/2.0
Backbone
1 3
so-4/2/2.0 so-3/2/2.0

7 5

other-policy voice-policy

g040730
Site C Site D

Sites A and D belong to the voice-policy routing instance. Sites B and C belong to the
other-policy instance. Router 1 and Router 3 at the edge of the backbone connect the
routing instances. Each runs a separate IS-IS instance (one per entity).

Router 1 runs three IS-IS instances: one each for Site A (voice-policy), Site C (other-policy),
and the backbone, otherwise known as the default instance. Router 3 also runs three
IS-IS instances: one each for Site B (other-policy), Site D (voice-policy), and the backbone
(default instance).

When Router 1 runs the IS-IS instances, the following occur:

• Routes from the default instance routing table are placed in the voice-policy and
other-policy instance routing tables.

• Routes from the voice-policy routing instance are placed in the default instance routing
table.

• Routes from the other-policy routing instance are placed in the default instance routing
table.

252 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

• Routes from the voice-policy routing instance do not enter the other-policy instance
routing table.

• Routes from the other-policy routing instance do not enter the voice-policy instance
routing table.

Configuring Router 1 The following sections describe how to configure Router 1 in the backbone entity with
multiple routing instances.

Configure the routing instances for voice-policy and other-policy. Use all routes learned
from the routing tables in the routing table group inet-to-voice-and-other. Export routes
tagged as belonging to the routing instance.

[edit]
routing-instances {
voice-policy {
interface so-2/2/2.0;
protocols {
isis {
rib-group voice-to-inet;
export filter-on-voice-policy;
interface so-2/2/2.0 {
level 2 metric 20;
}
}
}
}
other-policy {
interface so-4/2/2.0;
protocols {
isis {
rib-group other-to-inet;
export filter-on-other-policy;
interface so-4/2/2.0 {
level 2 metric 20;
}
}
}
}
}

Configure the routing table group inet-to-voice-and-other to share routes with the inet.0
(in the backbone entity), voice-policy.inet.0, and other-policy.inet.0 routing tables:

[edit]
routing-options {
rib-groups {
inet-to-voice-and-other {
import-rib [ inet.0 voice-policy.inet.0 other-policy.inet.0 ];
}
}
}

Configure the routing table group voice-to-inet to share routes with the inet.0 (in the
backbone entity) and voice-policy.inet.0 routing tables:

Copyright © 2011, Juniper Networks, Inc. 253

Junos OS 11.4 Routing Protocols Configuration Guide

[edit]
routing-options {
rib-groups {
voice-to-inet {
import-rib [ voice-policy.inet.0 inet.0];
}
}
}

Configure the routing table group other-to-inet to share routes with the inet.0 (in the
backbone entity) and other-policy.inet.0 routing tables:

[edit]
routing-options {
rib-groups {
other-to-inet {
import-rib [ other-policy.inet.0 inet.0];
}
}
}

Configure the default IS-IS instance so that the routes learned from the routing instances
are installed in inet.0 and the tagged routes are exported from voice-policy and
other-policy:

[edit]
protocols {
isis {
export apply-tag;
rib-group inet-to-voice-and-other;
interface so-1/0/0.0 {
level 2 metric 20;
}
interface fxp0.0 {
disable;
}
interface lo0.0 {
passive;
}
}
}

Configure routing policy for the routes learned from the routing instances:

[edit]
policy-options {
policy-statement apply-tag {
term voice-policy {
from instance voice-policy;
then {
tag 10;
accept;
}
}
term other-policy {
from instance other-policy;
then {

254 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

tag 12;
accept;
}
}
}
policy-statement filter-on-voice-policy {
from {
tag 10;
protocol isis;
}
then {
accept;
}
}
policy-statement filter-on-other-policy {
from {
tag 12;
protocol isis;
}
then {
accept;
}
}
}

Configuring Router 3 The configuration for Router 3 is the same as for Router 1 except that the interface names
might differ. In this topology, the interface so-5/2/2.0 belongs to other-policy, and
so-3/2/2.0 belongs to voice-policy.

Configuring Multiple Instances of LDP

LDP is a protocol used to distribute labels in an MPLS-enabled network.

LDP instances are used to distribute labels from a provider edge (PE) router to a customer
edge (CE) router. LDP instances in a VPN are useful in carrier-of-carrier networks, where
data is transmitted between two or more telecommunications carrier sites across a core
provider network. Each carrier may want to restrict Internet routes strictly to the PE
routers.

An advantage of using LDP instances within a VPN is that full-mesh IBGP is not required
between the PE and CE routers. A router ID is required to configure an instance of LDP.

To configure multiple instances of LDP, include the following statements:

routing-instances {
routing-instance-name {
interface interface-name;
instance-type vrf;
protocols {
ldp {
... ldp-configuration ...
}
}
}

Copyright © 2011, Juniper Networks, Inc. 255

Junos OS 11.4 Routing Protocols Configuration Guide

You can include the statements at the following hierarchy levels:

• [edit routing-instances routing-instance-name protocols]

• [edit logical-systems logical-system-name routing-instances routing-instance-name

protocols]

Related • Junos OS MPLS Applications Configuration Guide

Documentation
• Junos OS VPNs Configuration Guide

Configuring Multiple Instances of MSDP

MSDP instances are supported only for VRF instance types. You can configure multiple
instances of MSDP to support multicast over VPNs.

To configure multiple instances of MSDP, include the following statements:

routing-instances {
routing-instance-name {
interface interface-name;
instance-type vrf;
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
protocols {
msdp {
... msdp-configuration ...
}
}
}
}

You can include the statements at the following hierarchy levels:

• [edit routing-instances routing-instance-name protocols]

• [edit logical-systems logical-system-name routing-instances routing-instance-name

protocols]

Related • Junos OS MPLS Applications Configuration Guide

Documentation
• Junos OS VPNs Configuration Guide

Example: Configuring Multiple Routing Instances of OSPF

This example shows how to configure multiple routing instances of OSPF.

• Requirements on page 257

• Overview on page 257

256 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

• Configuration on page 258

• Verification on page 262

Requirements
Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

Overview
When you configure multiple routing instances of OSPF, we recommend that you perform
the following tasks:

1. Configure the OSPFv2 or OSPFv3 default instance at the [edit protocols (ospf | ospf3)]
and [edit logical-systems logical-system-name protocols (ospf | ospf3)] hierarchy levels
with the statements needed for your network so that routes are installed in inet.0 and
in the forwarding table.
Make sure to include the routing table group.

2. Configure an OSPFv2 or OSPFv3 routing instance for each additional OSPFv2 or

OSPFv3 routing entity, configuring the following:

• Interfaces

• Routing options

• OSPF protocol statements belonging to that entity

• Routing table group

3. Configure a routing table group to install routes from the default route table, inet.0,
into a routing instance’s route table.

4. Configure a routing table group to install routes from a routing instance into the default
route table, inet.0.

NOTE: Nonforwarding routing instances do not have forwarding tables

that correspond to their routing tables.

5. Create an export policy to export routes with a specific tag, and use that tag to export
routes back into the instances. For more information, see the Junos OS Routing Policy
Configuration Guide.

Copyright © 2011, Juniper Networks, Inc. 257

Junos OS 11.4 Routing Protocols Configuration Guide

entity is composed of several geographically separate sites that are connected by the
backbone and managed by the backbone entity.

Figure 5: Configuration for Multiple Routing Instances

Site A Site B

4 6

voice-policy other-policy

so-2/2/2.0 so-5/2/2.0
Backbone
1 3
so-4/2/2.0 so-3/2/2.0

7 5

other-policy voice-policy

g040730
Site C Site D

Sites A and D belong to the voice-policy routing instance. Sites B and C belong to the
other-policy instance. Device 1 and Device 3 at the edge of the backbone connect the
routing instances. Each runs a separate OSPF or OSPFv3 instance (one per entity).

Device 1 runs three OSPFv2 or OSPFv3 instances: one each for Site A (voice-policy), Site C
(other-policy), and the backbone, otherwise known as the default instance. Device 3 also
runs three OSPFv2 or OSPFv3 instances: one each for Site B (other-policy), Site D
(voice-policy), and the backbone (default instance).

When Device 1 runs the OSPFv2 or OSPFv3 instances, the following occur:

• Routes from the default instance routing table are placed in the voice-policy and
other-policy instance routing tables.

• Routes from the voice-policy routing instance are placed in the default instance routing
table.

• Routes from the other-policy routing instance are placed in the default instance routing
table.

• Routes from the voice-policy routing instance do not enter the other-policy instance
routing table.

• Routes from the other-policy routing instance do not enter the voice-policy instance
routing table.

Configuration
CLI Quick To quickly configure multiple routing instances of OSPF, copy the following commands,
Configuration remove any line breaks, and then paste the commands into the CLI.

258 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

Configuration on Device 1:

[edit]
set routing-instances voice-policy interface so-2/2/2
set routing-instances voice-policy protocols ospf rib-group voice-to-inet area 0.0.0.0
interface so-2/2/2
set routing-instances other-policy interface so-4/2/2
set routing-instances other-policy protocols ospf rib-group other-to-inet area 0.0.0.0
interface so-4/2/2
set routing-options rib-groups inet-to-voice-and-other import-rib [ inet.0 voice-policy.inet.0
other-policy.inet.0 ]
set routing-options rib-groups voice-to-inet import-rib [ voice-policy.inet.0 inet.0 ]
set routing-options rib-groups other-to-inet import-rib [ other-policy.inet.0 inet.0 ]
set protocols ospf rib-group inet-to-voice-and-other area 0.0.0.0 interface so-2/2/2
set protocols ospf rib-group inet-to-voice-and-other area 0.0.0.0 interface so-4/2/2

Configuration on Device 3:

[edit]
set routing-instances voice-policy interface so-3/2/2
set routing-instances voice-policy protocols ospf rib-group voice-to-inet area 0.0.0.0
interface so-3/2/2
set routing-instances other-policy interface so-5/2/2
set routing-instances other-policy protocols ospf rib-group other-to-inet area 0.0.0.0
interface so-5/2/2
set routing-options rib-groups inet-to-voice-and-other import-rib [ inet.0 voice-policy.inet.0
other-policy.inet.0 ]
set routing-options rib-groups voice-to-inet import-rib [ voice-policy.inet.0 inet.0 ]
set routing-options rib-groups other-to-inet import-rib [ other-policy.inet.0 inet.0 ]
set protocols ospf rib-group inet-to-voice-and-other area 0.0.0.0 interface so-3/2/2
set protocols ospf rib-group inet-to-voice-and-other area 0.0.0.0 interface so-5/2/2

Step-by-Step To configure multiple routing instances of OSPF:

Procedure
1. Configure the routing instances for voice-policy and other-policy.

NOTE: To specify OSPFv3, include the ospf3 statement at the [edit

routing-instances protocols] hierarchy level.

[edit]
user@D1# set routing-instances voice-policy interface so-2/2/2
user@D1# set routing-instances voice-policy protocols ospf rib-group voice-to-inet
area 0.0.0.0 interface so-2/2/2
user@D1# set routing-instances other-policy interface so-4/2/2
user@D1# set routing-instances other-policy protocols ospf rib-group other-to-inet
area 0.0.0.0 interface so-4/2/2

[edit]
user@D3# set routing-instances voice-policy interface so-3/2/2
user@D3# set routing-instances voice-policy protocols ospf rib-group voice-to-inet
area 0.0.0.0 interface so-3/2/2
user@D3#set routing-instances other-policy interface so-5/2/2
user@D3# set routing-instances other-policy protocols ospf rib-group other-to-inet
area 0.0.0.0 interface so-5/2/2

Copyright © 2011, Juniper Networks, Inc. 259

Junos OS 11.4 Routing Protocols Configuration Guide

2. Configure the routing table group inet-to-voice-and-other to take routes from inet.0
(default routing table) and place them in the voice-policy.inet.0 and
other-policy.inet.0 routing tables.

[edit]
user@D1# set routing-options rib-groups inet-to-voice-and-other import-rib [ inet.0
voice-policy.inet.0 other-policy.inet.0 ]

[edit]
user@D3# set routing-options rib-groups inet-to-voice-and-other import-rib [ inet.0
voice-policy.inet.0 other-policy.inet.0 ]

3. Configure the routing table group voice-to-inet to take routes from voice-policy.inet.0
and place them in the inet.0 default routing table.

[edit]
user@D1# set routing-options rib-groups voice-to-inet import-rib [ voice-policy.inet.0
inet.0 ]

[edit]
user@D3# set routing-options rib-groups voice-to-inet import-rib [ voice-policy.inet.0
inet.0 ]

4. Configure the routing table group other-to-inet to take routes from other-policy.inet.0
and place them in the inet.0 default routing table.

[edit]
user@D1# set routing-options rib-groups other-to-inet import-rib [ other-policy.inet.0
inet.0 ]

[edit]
user@D3# set routing-options rib-groups other-to-inet import-rib [ other-policy.inet.0
inet.0 ]

5. Configure the default OSPF instance.

NOTE: To specify OSPFv3, include the ospf3 statement at the [edit

routing-instances protocols] hierarchy level.

[edit]
user@D1# set protocols ospf rib-group inet-to-voice-and-other area 0.0.0.0 interface
so-2/2/2
user@D1# set protocols ospf rib-group inet-to-voice-and-other area 0.0.0.0 interface
so-4/2/2

[edit]
user@D3# set protocols ospf rib-group inet-to-voice-and-other area 0.0.0.0 interface
so-3/2/2
user@D3# set protocols ospf rib-group inet-to-voice-and-other area 0.0.0.0 interface
so-5/2/2

6. If you are done configuring the device, commit the configuration.

[edit]
user@host# commit

260 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

Results Confirm your configuration by entering the show routing-instances, show routing-options,
and show protocols ospf commands. If the output does not display the intended
configuration, repeat the instructions in this example to correct the configuration.

Configuration on Device 1:

user@D1# show routing-instances

voice-policy {
interface so-2/2/2.0;
protocols {
ospf {
rib-group voice-to-inet;
area 0.0.0.0 {
interface so-2/2/2.0;
}
}
}
}
other-policy {
interface so-4/2/2.0;
protocols {
ospf {
rib-group other-to-inet;
area 0.0.0.0 {
interface so-4/2/2.0;
}
}
}
}

user@D1# show routing-options

rib-groups {
inet-to-voice-and-other {
import-rib [ inet.0 voice-policy.inet.0 other-policy.inet.0 ];
}
voice-to-inet {
import-rib [ voice-policy.inet.0 inet.0 ];
}
other-to-inet {
import-rib [ other-policy.inet.0 inet.0 ];
}
}

user@D1# show protocols ospf

rib-group inet-to-voice-and-other;
area 0.0.0.0 {
interface so-2/2/2.0;
interface so-4/2/2.0;
}

Configuration on Device 3:

user@D3# show routing-instances

voice-policy {
interface so-3/2/2.0;
protocols {
ospf {

Copyright © 2011, Juniper Networks, Inc. 261

Junos OS 11.4 Routing Protocols Configuration Guide

rib-group voice-to-inet;
area 0.0.0.0 {
interface so-3/2/2.0;
}
}
}
}
other-policy {
interface so-5/2/2.0;
protocols {
ospf {
rib-group other-to-inet;
area 0.0.0.0 {
interface so-5/2/2.0;
}
}
}
}

user@D3# show routing-options

user@D3# show protocols ospf

rib-group inet-to-voice-and-other;
area 0.0.0.0 {
interface so-3/2/2.0;
interface so-5/2/2.0;
}

To confirm your OSPFv3 configuration, enter the show routing-instances, show

routing-options, and show protocols ospf3 commands.

Verification
Confirm that the configuration is working properly.

Verifying the Routing Instances

Purpose Verify the configured routing instance settings.

Action From operational mode, enter the show route instance detail command.

Related • Introduction to Routing Instances for OSPF on page 601

Documentation

262 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

Configuring Multiple Instances of PIM

PIM instances are supported only for VRF instance types. You can configure multiple
instances of PIM to support multicast over VPNs.

To configure multiple instances of PIM, include the following statements:

routing-instances {
routing-instance-name {
interface interface-name;
instance-type vrf;
protocols {
pim {
... pim-configuration ...
}
}
}
}

You can include the statements at the following hierarchy levels:

• [edit routing-instances routing-instance-name protocols]

• [edit logical-systems logical-system-name routing-instances routing-instance-name

protocols]

Related • Junos OS Multicast Protocols Configuration Guide

Documentation
• Junos OS VPNs Configuration Guide

Configuring Multiple Instances of RIP

RIP instances are supported only for VRF instance types. You can configure multiple
instances of RIP for VPN support only. You can use RIP in the customer edge-provider
edge (CE-PE) environment to learn routes from the CE router and to propagate the PE
router’s instance routes in the CE router.

RIP routes learned from neighbors configured under any instance hierarchy are added to
the instance’s routing table, instance-name.inet.0.

RIP does not support routing table groups; therefore, it cannot import routes into multiple
tables as the OSPF or OSPFv3 protocol does.

To configure multiple instances of RIP, include the following statements:

routing-instances {
routing-instance-name {
interface interface-name;
instance-type vrf;
protocols {
rip {
interface interface-name;
neighbor ip-address;

Copyright © 2011, Juniper Networks, Inc. 263

Junos OS 11.4 Routing Protocols Configuration Guide

}
}
}
}

You can include the statements at the following hierarchy levels:

• [edit routing-instances routing-instance-name protocols]

• [edit logical-systems logical-system-name routing-instances routing-instance-name

protocols]

Configuring Routing Instances

You can create multiple instances of BGP, IS-IS, OSPF, OSPFv3, RIP, and static routes.
For information about how to configure a virtual switch, see the Junos OS Layer 2
Configuration Guide.

You can include the statements at the following hierarchy levels:

• [edit routing-instances routing-instance-name protocols]

• [edit logical-systems logical-system-name routing-instances routing-instance-name

protocols]

Each routing instance consist of the following:

• A set of routing tables

• A set of interfaces that belong to these routing tables

• A set of routing option configurations

Each routing instance has a unique name and a corresponding IP unicast table. For
example, if you configure a routing instance with the name my-instance, its corresponding
IP unicast table is my-instance.inet.0. All routes for my-instance are installed into
my-instance.inet.0.

Configure global routing options and protocols for the default instance by including
statements.

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Routes are installed into the default routing instance inet.0 by default, unless a routing
instance is specified.

NOTE: In Junos OS Release 9.0 and later, you can no longer specify a
routing-instance name of default or include special characters within the
name of a routing instance.

To configure a routing instance, include the following statements:

264 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

routing-instances {
routing-instance-name {
interface interface-name;
instance-type (forwarding | layer2-control | l2vpn | no-forwarding | virtual-router |
virtual-switch | vpls | vrf);
no-vrf-advertise;
no-vrf-propagate-ttl;
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
vrf-propagate-ttl;
vrf-table-label;
protocols {
bgp {
... bgp-configuration ...
}
isis {
isis-configuration;
}
l2vpn {
l2vpn-configuration;
}
ldp {
... ldp-configuration ...
}
msdp {
msdp-configuration;
}
ospf {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
ospf-configuration;
}
ospf3 {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
ospf3-configuration;
}
pim {
pim-configuration;
}
rip {
rip-configuration;
}
ripng {
ripng-configuration;
}
vpls {
vpls-configuration;
}
}
}
}

Copyright © 2011, Juniper Networks, Inc. 265

Junos OS 11.4 Routing Protocols Configuration Guide

Specifying the Instance Type for Routing Instances

You can configure eight routing instance types at the [edit routing-instances
routing-instance-name instance-type] and [edit logical-systems logical-system-name
routing-instances routing-instance-name instance-type] hierarchy levels:

• Forwarding—Use this routing instance type for filter-based forwarding applications.

For this instance type, there is no one-to-one mapping between an interface and a
routing instance. All interfaces belong to the default instance inet.0.

• Layer 2 VPN—Use this routing instance type for Layer 2 VPN implementations.

• Layer 2-control—(MX Series routers only) Use this routing instance type for RSTP or
MSTP in customer edge interfaces of a VPLS routing instance. This instance type
cannot be used if the customer edge interface is multihomed to two provider edge
interfaces. If the customer edge interface is multihomed to two provider edge interfaces,
use the default BPDU tunneling. For more information about configuring a layer2-control
instance type, see the Junos OS Layer 2 Configuration Guide.

• No-forwarding—Use this routing instance type when a separation of routing table

information is required. There is no corresponding forwarding table. All routes are
installed into the default forwarding table. IS-IS instances are strictly nonforwarding
instance types.

• Virtual router—This routing instance is similar to a VPN routing and forwarding instance
type, but used for non-VPN-related applications. There are no VRF import, VRF export,
VRF target, or route distinguisher requirements for this instance type.

• Virtual switch—(MX Series routers only) Use the virtual switch instance type to isolate
a LAN segment with its Spanning Tree Protocol (STP) instance and separates its VLAN
identifier space. For more information about configuring a virtual switch instance type,
see the Junos OS Layer 2 Configuration Guide. and the Junos OS MX Series 3D Universal
Edge Routers Solutions Guide.

• VPLS—Use this routing instance type for point-to-multipoint LAN implementations

between a set of sites in a VPN.

• VRF—Use this routing instance type for Layer 3 VPN implementations. For this instance
type, there is a one-to-one mapping between an interface and a routing instance. Each
VRF instance corresponds with a forwarding table. Routes on an interface go into the
corresponding forwarding table.

To configure a routing instance type, include the instance-type statement:

routing-instances {
routing-instance-name {
interface interface-name;
instance-type (forwarding | l2vpn | layer2-control | no-forwarding | virtual-router |
virtual-switch | vpls | vrf);
}
}

You can include the statement at the following hierarchy levels:

266 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

• [edit routing-instances routing-instance-name]

• [edit logical-systems logical-system-name routing-instances routing-instance-name]

For more information about configuring Layer 2 VPNs, Layer 3 VPNs, and VPLS, see the
Junos OS VPNs Configuration Guide.

For more information about configuring the types of routing instances, see the following
sections:

• Configuring VRF Routing Instances on page 267

• Configuring Non-VPN VRF Routing Instances on page 268
• Configuring VPLS Routing Instances on page 269

Configuring VRF Routing Instances

To configure a VPN VRF routing instance, include the following statements:

interface interface-name;
instance-type vrf;
no-vrf-advertise;
no-vrf-propagate-ttl;
route-distinguisher (as-number:number | ip-address:number);
vrf-import [ policy-names ];
vrf-export [ policy-names ];
vrf-propagate-ttl;
vrf-table-label;
protocols {
bgp {
... bgp-configuration ...
}
isis {
... isis-configuration ...
}
l2vpn {
... l2vpn-configuration ...
}
ldp {
... ldp-configuration ...
}
msdp {
... msdp-configuration ...
}
ospf {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
... ospf-configuration ...
}
ospf3 {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
... ospf3-configuration ...
}

Copyright © 2011, Juniper Networks, Inc. 267

Junos OS 11.4 Routing Protocols Configuration Guide

pim {
... pim-configuration ...
}
rip {
... rip-configuration ...
}
vpls {
... vpls-configuration ...
}
}

You can include the statements at the following hierarchy levels:

• [edit routing-instances routing-instance-name]

• [edit logical-systems logical-system-name routing-instances routing-instance-name]

Configuring Non-VPN VRF Routing Instances

To configure a non-VPN VRF routing instance (for example, to allow IPsec tunnels within
VRF routing instances), include the following statements:

interface interface-name;
instance-type virtual-router;
protocols {
bgp {
... bgp-configuration ...
}
isis {
,,, isis-configuration ...
}
ldp {
... ldp-configuration ...
}
msdp {
... msdp-configuration ...
}
ospf {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
... ospf-configuration ...
}
ospf3 {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
... ospf3-configuration ...
}
pim {
... pim-configuration ...
}
rip {
... rip-configuration ...
}
}

268 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

You can include the statements at the following hierarchy levels:

• [edit routing-instances routing-instance-name]

• [edit logical-systems logical-system-name routing-instances routing-instance-name]

Configuring VPLS Routing Instances

To configure a VPLS routing instance, include the following statements:

interface interface-name;
instance-type vpls;
protocols {
vpls {
... vpls-configuration ...
}
}

You can include the statements at the following hierarchy levels:

• [edit routing-instances routing-instance-name]

• [edit logical-systems logical-system-name routing-instances routing-instance-name]

Related • Junos OS VPNs Configuration Guide

Documentation
• Junos OS Virtual Private LAN Services Feature Guide

Configuring Route Distinguishers for Routing Instances

Each routing instance must have a unique route distinguisher associated with it. The
route distinguisher is used to place bounds around a VPN so the same IP address prefixes
can be used in different VPNs without having them overlap.

We recommend that you use a unique route distinguisher for each routing instance that
you configure. Although you could use the same route distinguisher on all PE routers for
the same VPN, if you use a unique route distinguisher, you can determine the CE router
from which a route originated.

To configure a route distinguisher, include the route-distinguisher statement:

route-distinguisher (as-number:number | ip-address:number);

}

You can include the statement at the following hierarchy levels:

• [edit routing-instances routing-instance-name]

• [edit logical-systems logical-system-name routing-instances routing-instance-name]

The route distinguisher is a 6-byte value that you can specify in one of the following
formats:

Copyright © 2011, Juniper Networks, Inc. 269

Junos OS 11.4 Routing Protocols Configuration Guide

• as-number:number, where as-number is your assigned AS number and number is any

2-byte or 4-byte value. The AS number can be in the range from 1
through 4,294,967,295. If the AS number is a 2-byte value, the administrative number
is a 4-byte value. If the AS number is 4-byte value, the administrative number is a 2-byte
value.

A route distinguisher consisting of a 4-byte AS number and a 2-byte administrative

number is defined as a type 2 route distinguisher in RFC 4364 BGP/MPLS IP Virtual
Private Networks.

NOTE: In Junos OS Release 9.1 and later, the numeric range for AS numbers
is extended to provide BGP support for 4-byte AS numbers, as defined in
RFC 4893, BGP support for Four-octet AS Number Space. All releases of
the Junos OS support 2-byte AS numbers. To configure a route distinguisher
that includes a 4-byte AS number, append the letter “L” to the end of the
number. For example, a route distinguisher with the 4-byte AS number
7,765,000 and an administrative number of 1,000 is represented as
77765000L:1000.

In Junos OS Release 9.2 and later, you can also configure a 4-byte AS
number using the AS-dot notation format of two integer values joined by
a period: <16-bit high-order value in decimal>.<16-bit low-order value in
decimal>. For example, the 4-byte AS number of 65,546 in plain-number
format is represented as 1.10 in the AS-dot notation format.

• ip-address:number, where ip-address is an IP address in your assigned prefix range

(a 4-byte value) and number is any 2-byte value. The IP address can be in the range
32
from 0 through 4,294,967,295 (2 – 1).

If the router you are configuring is a BGP peer of a router that does not support 4-byte
AS numbers, you need to configure a local AS number. For more information, see
Establishing a Peer Relationship Between a 4-Byte Capable Router and a 2-Byte Capable
Router Using a 4-Byte AS Number in the Using 4-Byte Autonomous System Numbers in
BGP Networks Technology Overview.

Related • Understanding 4-Byte AS Numbers and Route Distinguishers in the Using 4-Byte
Documentation Autonomous System Numbers in BGP Networks Technology Overview

Configuring Filter-Based Forwarding

You can create a filter to classify packets to determine their forwarding path within a
router. Use filter-based forwarding to redirect traffic for analysis.

Filter-based forwarding is supported for IP version 4 (IPv4) and IP version 6 (IPv6).

Use filter-based forwarding for service provider selection when customers have Internet
connectivity provided by different ISPs yet share a common access layer. When a shared
media (such as a cable modem) is used, a mechanism on the common access layer
looks at Layer 2 or Layer 3 addresses and distinguishes between customers. You can use

270 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

filter-based forwarding when the common access layer is implemented using a

combination of Layer 2 switches and a single router.

With filter-based forwarding, all packets received on an interface are considered. Each
packet passes through a filter that has match conditions. If the match conditions are
met for a filter and you have created a routing instance, filter-based forwarding is applied
to a packet. The packet is forwarded based on the next hop specified in the routing
instance. For static routes, the next hop can be a specific LSP. For more information about
configuring LSPs, see the Junos OS MPLS Applications Configuration Guide.

NOTE: Source-class usage filter matching and unicast reverse-path

forwarding checks are not supported on an interface configured with
filter-based forwarding (FBF).

To configure filter-based forwarding, perform the following tasks:

• Create a match filter on an ingress router. To specify a match filter, include the filter
filter-name statement at the [edit firewall] hierarchy level. For more information about
creating a match filter for packet forwarding, see the Junos OS Routing Policy Configuration
Guide. A packet that passes through the filter is compared against a set of rules to
classify it and to determine its membership in a set. Once classified, the packet is
forwarded to a routing table specified in the accept action in the filter description
language. The routing table then forwards the packet to the next hop that corresponds
to the destination address entry in the table.

• Create routing instances that specify the routing table(s) to which a packet is forwarded,
and the destination to which the packet is forwarded at the [edit routing-instances] or
[edit logical-systems logical-system-name routing-instances] hierarchy levels. For
example:

[edit]
routing-instances {
routing-table-name1 {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 nexthop 10.0.0.1;
}
}
}
routing-table-name2 {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 nexthop 10.0.0.2;
}
}
}
}

• Create a routing table group that adds interface routes to the forwarding routing
instances used in filter-based forwarding (FBF), as well as to the default routing

Copyright © 2011, Juniper Networks, Inc. 271

Junos OS 11.4 Routing Protocols Configuration Guide

instance inet.0. This part of the configuration resolves the routes installed in the routing
instances to directly connected next hops on that interface. Create the routing table
group at the [edit routing-options] or [edit logical-systems logical-system-name
routing-options] hierarchy levels.

For IPv4, the following configuration installs interface routes into the default routing
instance inet.0, as well as two forwarding routing instances—routing-table-name1.inet.0
and routing-table-name2.inet.0:

[edit]
routing-options {
interface-routes {
rib-group inet group-name;
}
rib-groups {
group-name {
import-rib [ inet.0 routing-table-name1.inet.0
routing-table-name2.inet.0 ];
}
}
}

NOTE: Specify inet.0 as one of the routing instances that the interface routes
are imported into. If the default instance inet.0 is not specified, interface
routes are not imported into the default routing instance.

Configuring Class-of-Service-Based Forwarding

Class-of-service (CoS)-based forwarding allows you to control the next-hop selection

based on a packet’s class of service or IP precedence. It allows path selection based on
a multifield classifier.

To configure CoS-based forwarding, perform the following tasks:

1. Create a routing policy at the [edit policy-options] or [edit logical-systems

logical-system-name policy-options] hierarchy levels to limit the configuration so that
routes matching the route filter are subject to the CoS next-hop mapping specified
in my-cos-map:

[edit]
policy-options {
policy-statement my-cos-forwarding {
from {
route-filter ...;
}
then {
cos-next-hop-map my-cos-map;
}
}
}

272 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

2. Create a CoS next-hop map. To specify a CoS next-hop map, include the
cos-next-hop-map statement at the [edit class-of-service] hierarchy level. For more
information about creating a CoS next-hop map, see the Junos OS Class of Service
Configuration Guide.

3. Specify the exporting of the routes to the forwarding table at the [edit routing-options]
or [edit logical-systems logical-system-name routing-options] hierarchy levels:

[edit]
routing-options {
forwarding-table {
export my-cos-forwarding;
}
}

4. Specify a static route that has multiple next hops for load balancing at the
[edit routing-options] or [edit logical-systems logical-system-name routing-options]
hierarchy levels:

[edit]
routing-options {
static {
route 12.1.1.1/32 {
next-hop [ 3.1.1.2 3.1.1.4 3.1.1.6 3.1.1.8 ];
}
}
}

Configuring Secondary VRF Import and Export Policy

You configure a VPN routing and forwarding instance (VRF) so that routes received from
the provider edge-provider edge (PE-PE) session (in the default instance) can be imported
into any of an instance’s VRF secondary routing tables. Importing depends on defined
policies. Routes to be exported should pass through the policies listed in the export list.

To configure secondary VRF import and export policies, include the following statements:

[edit]
routing-instances {
routing-instance-name {
instance-type vrf;
vrf-import [ policy-names ];
vrf-export [ policy-names ];
}
}
policy-options {
policy-statement policy-name {
from community community-name;
then accept;
}
}

Related • Junos OS VPNs Configuration Guide

Documentation

Copyright © 2011, Juniper Networks, Inc. 273

Junos OS 11.4 Routing Protocols Configuration Guide

Configuring Policy-Based Export for Routing Instances

Configuring policy-based export simplifies the process of exchanging route information

between routing instances.

Exporting routing information between routing instances typically is accomplished by

configuring separate routing table groups for each instance. The use of policy-based
export reduces the configuration needed for exporting routes between multiple routing
instances by eliminating the configuration of separate routing table groups for each
instance.

Policy-based export is particularly useful in the following two cases:

• Overlapping VPNs—VPN configurations in which more than one VRF has the same
route target

• Nonforwarding instances—Multilevel IGPs using multiple routing instances

NOTE: The instance-export and instance-import statements are not valid

for VRF instances. The auto-export statement is valid for VRF and non-VRF
instances. The instance-import statement automatically enables auto-export
for non-VRF instances.

For detailed information about configuring overlapping VPNs and nonforwarding instances,
see the Junos OS VPNs Configuration Guide.

For sample configurations, see the following sections:

• Example: Configuring Policy-Based Export for an Overlapping VPN on page 274

• Example: Configuring Policy-Based Export for a Nonforwarding Instance on page 276

Example: Configuring Policy-Based Export for an Overlapping VPN

In Layer 3 VPNs, a CE router is often a member of more than one VPN. Figure 6 on page 275
illustrates the topology for the configuration example in this section. The configurations
in this section illustrate local connectivity between CE routers connected to the same
PE router using BGP.

The configuration statements enable the VPN AB Router CE2 to communicate with the
VPN A Router CE1 and the VPN B Router CE3, both directly connected to the Router PE1.
VPN routes that originate from the remote PE routers (the PE2 Router, in this case) are
placed in a global Layer 3 VPN routing table (bgp.l3vpn.inet.0) and routes with appropriate
route targets are imported into the routing tables, as dictated by the VRF import policy
configuration.

274 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

Figure 6: Configuration of Policy-Based Export for an Overlapping VPN

Configuring Router PE1 This section describes how to configure Router PE1 in the backbone entity for this
overlapping VPN by means of policy-based export.

Configure the routing instances for VPN-A, VPN-AB, and VPN-B:

[edit]
routing-instances {
VPN-A {
instance-type vrf;
interface fe-1/0/0.0;
route-distinguisher 10.255.14.175:3;
vrf-export A-out;
vrf-import A-in;
routing-options {
auto-export;
static {
route 1.1.1.1/32 next-hop fe-1/0/0.0;
route 1.1.1.2/32 next-hop fe-1/0/0.0;
}
}
}
VPN-AB {
instance-type vrf;
interface fe-1/1/0.0;
route-distinguisher 10.255.14.175:9;
vrf-export AB-out;
vrf-import AB-in;
routing-options {
auto-export;
static {

Copyright © 2011, Juniper Networks, Inc. 275

Junos OS 11.4 Routing Protocols Configuration Guide

route 1.1.3.1/32 next-hop fe-1/1/0.0;

route 1.1.3.2/32 next-hop fe-1/1/0.0;
}
}
VPN-B {
instance-type vrf;
interface fe-1/0/2.0;
route-distinguisher 10.255.14.175:9;
vrf-export B-out;
vrf-import B-in;
routing-options {
auto-export;
static {
route 1.1.2.1/32 next-hop fe-1/0/2.0;
route 1.1.2.2/32 next-hop fe-1/0/2.0;
}
}
}
}
}

Configuring Router PE2 The configuration for Router PE2 is the same as that for Router PE1; however, the interface
names might differ.

Example: Configuring Policy-Based Export for a Nonforwarding Instance

This example shows how to use the instance-import and instance-export statements to
control route export between multiple instances. This is equivalent to using the vrf-import
and vrf-export statements for VPNs, except these are with nonforwarding instances, not
VRF instances.

There are two nonforwarding instances: data and voice. The following is the configuration
for a PE router.

Configure the routing instances for data and voice:

[edit]
routing-instances {
data {
instance-type no-forwarding;
interface t3-0/1/3.0;
routing-options {
instance-import data-import;
auto-export;
protocols {
ospf {
export accept;
area 0.0.0.0 {
interface all;
}
}
}
}
voice {
instance-type no-forwarding;

276 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

interface t3-0/1/0.0;
routing-options {
instance-import voice-import;
auto-export;
}
protocols {
ospf {
export accept;
area 0.0.0.0 {
interface all;
}
}
}
}
}
}

Configure a master policy:

[edit]
policy-options {
policy-statement master-import {
term a {
from instance master;
then {
tag 11;
accept;
}
}
term b {
from instance data;
then {
tag 10;
accept;
}
}
}
}

Configure policies for each instance:

[edit]
policy-options {
policy-statement data-import {
term a {
from {
instance master;
tag 10;
then accept;
}
}
term b {
then reject;
}
}
policy-statement voice-import {
term a {

Copyright © 2011, Juniper Networks, Inc. 277

Junos OS 11.4 Routing Protocols Configuration Guide

from {
instance master;
protocol ospf;
tag 11;
}
}
term b {
then reject;
}
}
}

Related • Example: Exporting Specific Routes from One Routing Table Into Another Routing
Documentation Table on page 278

Example: Exporting Specific Routes from One Routing Table Into Another Routing
Table

This example shows how to duplicate specific routes from one routing table into another
routing table within the same routing instance.

• Requirements on page 278

• Overview on page 278
• Configuration on page 279
• Verification on page 282

Requirements
No special configuration beyond device initialization is required before configuring this
example.

Overview
This example uses the auto-export statement and the rib-group statement to accomplish
the goal of exporting specific routes from one routing table to another.

Consider the following points:

• When auto-export is configured in a routing instance, the vrf-import and vrf-export

policies are examined. Based on the route target and community information in the
policies, the auto-export function performs route leaking among the local routing
instance inet.0 tables.

• You can use the rib-group statement if it is necessary to import routes into tables other
than instance.inet.0. If a RIB group is used, the RIB group's export-rib and import-policy
statements are not used. Only the import-rib statement is used. To use a RIB group
with auto-export, the routing instance should specify explicit vrf-import and vrf-export
policies. The vrf-import and vrf-export policies can be extended to contain additional
terms to filter routes as needed for the RIB group.

278 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

In this example, access-internal routes are added into the vpna.inet.0 routing table. The
access-internal routes are also duplicated into the vpna.inet.2 routing table.

Configuration
• [xref target has no title]

CLI Quick To quickly configure this example, copy the following commands, paste them into a text
Configuration file, remove any line breaks, change any details necessary to match your network
configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy
level.

set interfaces fe-1/3/1 vlan-tagging

set interfaces fe-1/3/1 unit 0 vlan-id 512
set interfaces fe-1/3/1 unit 0 family inet address 10.168.100.3/24
set interfaces lo0 unit 0 family inet address 192.168.3.3/32
set routing-options rib-groups rib-group-vpna-access-internal import-rib vpna.inet.2
set routing-options autonomous-system 63000
set policy-options policy-statement vpna-export term a from protocol bgp
set policy-options policy-statement vpna-export term a then community add vpna-comm
set policy-options policy-statement vpna-export term a then accept
set policy-options policy-statement vpna-export term b from protocol access-internal
set policy-options policy-statement vpna-export term b then accept
set policy-options policy-statement vpna-export term c then reject
set policy-options policy-statement vpna-import term a from protocol bgp
set policy-options policy-statement vpna-import term a from community vpna-comm
set policy-options policy-statement vpna-import term a then accept
set policy-options policy-statement vpna-import term b from instance vpna
set policy-options policy-statement vpna-import term b from protocol access-internal
set policy-options policy-statement vpna-import term b then accept
set policy-options policy-statement vpna-import term c then reject
set policy-options community vpna-comm members target:63000:100
set routing-instances vpna instance-type vrf
set routing-instances vpna interface fe-1/3/1.1
set routing-instances vpna route-distinguisher 100:1
set routing-instances vpna vrf-import vpna-import
set routing-instances vpna vrf-export vpna-export
set routing-instances vpna routing-options auto-export family inet unicast rib-group
rib-group-vpna-access-internal
set routing-instances vpna protocols bgp group bgp-vpna type external
set routing-instances vpna protocols bgp group bgp-vpna family inet multicast
set routing-instances vpna protocols bgp group bgp-vpna peer-as 100
set routing-instances vpna protocols bgp group bgp-vpna neighbor 10.0.0.10

Step-by-Step The following example requires you to navigate various levels in the configuration
Procedure hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration
Mode in the Junos OS CLI User Guide.

To configure the device:

1. Configure the interfaces.

[edit interfaces fe-1/3/1]

user@host# set vlan-tagging
user@host# set unit 0 vlan-id 512
user@host# set unit 0 family inet address 10.168.100.3/24

Copyright © 2011, Juniper Networks, Inc. 279

Junos OS 11.4 Routing Protocols Configuration Guide

[edit interfaces lo0 unit 0]

user@host# set family inet address 192.168.3.3/32

2. Configure the routing policy that specifies particular routes for import into vpna.inet.0
and export from vpna.inet.0.

[edit policy-options]
user@host# set policy-statement vpna-export term a from protocol bgp
user@host# set policy-statement vpna-export term a then community add
vpna-comm
user@host# set policy-statement vpna-export term a then accept
user@host# set policy-statement vpna-export term b from protocol access-internal
user@host# set policy-statement vpna-export term b then accept
user@host# set policy-statement vpna-export term c then reject
user@host# set policy-statement vpna-import term a from protocol bgp
user@host# set policy-statement vpna-import term a from community vpna-comm
user@host# set policy-statement vpna-import term a then accept
user@host# set policy-statement vpna-import term b from instance vpna
user@host# set policy-statement vpna-import term b from protocol access-internal
user@host# set policy-statement vpna-import term b then accept
user@host# set policy-statement vpna-import term c then reject
user@host# set community vpna-comm members target:63000:100

3. Configure the routing instance.

[edit routing-instances vpna]

user@host# set instance-type vrf
user@host# set interface fe-1/3/1.1
user@host# set route-distinguisher 100:1
user@host# set vrf-import vpna-import
user@host# set vrf-export vpna-export

The vrf-import and vrf-export statements are used to apply the vpna-import and
vpna-export routing policies configured in 2.

4. Configure the RIB group, and import routes into the vpna.inet.2 routing table.

[edit routing-options]
user@host# set rib-groups rib-group-vpna-access-internal import-rib vpna.inet.2

5. Configure the auto-export statement to enable the routes to be exported from one
routing table into another.

[edit routing-options]
user@host# set auto-export family inet unicast rib-group
rib-group-vpna-access-internal

6. Configure BGP.

[edit routing-instances vpna protocols bgp group bgp-vpna]

user@host# set type external
user@host# set family inet multicast
user@host# set peer-as 100
user@host# set neighbor 100.0.0.10

7. Configure the autonomous system (AS) number.

[edit routing-options]
user@host# set autonomous-system 63000

280 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

Results From configuration mode, confirm your configuration by entering the show interfaces,
show policy-options, show routing-options, and show routing-instances commands. If the
output does not display the intended configuration, repeat the instructions in this example
to correct the configuration.

user@host# show interfaces

fe-1/3/1 {
vlan-tagging;
unit 0 {
vlan-id 512;
family inet {
address 10.168.100.3/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.3.3/32;
}
}
}

user@host# show policy-options

policy-statement vpna-export {
term a {
from {
protocol bgp;
}
then {
community add vpna-comm;
accept;
}
}
term b {
from protocol access-internal;
then accept;
}
term c {
then reject;
}
}
policy-statement vpna-import {
term a {
from {
protocol bgp;
community vpna-comm;
}
then accept;
}
term b {
from {
instance vpna;
protocol access-internal;
}
then accept;

Copyright © 2011, Juniper Networks, Inc. 281

Junos OS 11.4 Routing Protocols Configuration Guide

}
term c {
then reject;
}
}
community vpna-comm members target:63000:100;

user@host# show routing-options

rib-groups {
rib-group-vpna-access-internal {
import-rib vpna.inet.2;
}
}
autonomous-system 63000;

user@host# show routing-instances

vpna {
instance-type vrf;
interface fe-1/3/1.1;
route-distinguisher 100:1;
vrf-import vpna-import;
vrf-export vpna-export;
routing-options {
auto-export {
family inet {
unicast {
rib-group rib-group-vpna-access-internal;
}
}
}
}
protocols {
bgp {
group bgp-vpna {
type external;
family inet {
multicast;
}
peer-as 100;
neighbor 100.0.0.10;
}
}
}
}

If you are done configuring the device, enter commit from configuration mode.

Verification
Confirm that the configuration is working properly by running the show table route
vpna.inet.0 and show route table vpna.inet.2 commands.

Related • Configuring Policy-Based Export for Routing Instances on page 274

Documentation

282 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

Configuring VRF Table Labels

You configure a separate label for each VRF to provide double lookup and egress filtering.
To configure a label for a VRF, include the following statements:

[edit]
routing-instances {
routing-instance-name {
instance-type vrf;
vrf-import [ policy-names ];
vrf-export [ policy-names ];
vrf-table-label;
}
}

Related • Junos OS VPNs Configuration Guide

Documentation

Configuring VRF Targets

Configuring a VPN routing and forwarding (VRF) target provides a configurable community
within a VRF routing instance and allows a single policy for import and a single policy for
export to replace the per-VRF policies for every community.

To configure a VRF target, include the vrf-target statement. Use the import and export
options to specify the allowed communities to accept from neighbors and to send to
neighbors:

vrf-target {
community;
export community-name;
import community-name;
}

You can configure the statements at the following hierarchy levels:

• [edit routing-instances routing-instance-name]

• [edit logical-systems logical-system-name routing-instances routing-instance-name]

Within a hub-and-spoke configuration, you can configure a PE router not to advertise

VPN routes from the primary (hub) instance. Instead, these routes are advertised from
the secondary (downstream) instance. You can do this without configuring routing table
groups, by using the no-vrf-advertise statement.

NOTE: This statement does not prevent the exportation of VPN routes to
other VRF instances on the same router by configuring the [edit routing-options
auto-export] statement.

To prevent advertising VPN routes from the primary instance, include the no-vrf-advertise
statement:

Copyright © 2011, Juniper Networks, Inc. 283

Junos OS 11.4 Routing Protocols Configuration Guide

no-vrf-advertise;

You can configure the statement at the following hierarchy levels:

• [edit routing-instances routing-instance-name]

• [edit logical-systems logical-system-name routing-instances routing-instance-name]

Related • Junos OS VPNs Configuration Guide

Documentation

Configuring OSPF Domain IDs for VPNs

For most OSPF or OSPFv3 configurations involving Layer 3 VPNs, you do not need to
configure an OSPF domain ID. However, for a Layer 3 VPN connecting multiple OSPF or
OSPFv3 domains, configuring domain IDs can help you control LSA translation (for Type 3
and Type 5 LSAs) between the OSPF domains and back-door paths. The default domain
ID is 0.0.0.0. Each VPN routing table in a PE router associated with an OSPF or OSPFv3
instance is configured with the same OSPF domain ID.

Junos OS is fully compliant with Internet draft draft-ietf-l3vpn-ospf-2547-04.txt, OSPF

as the Provider/Customer Edge Protocol for BGP/MPLS IP VPNs.

For more detailed information about configuring VPNs, see the Junos OS VPNs Configuration
Guide.

Without the domain IDs, there is no way to identify which domain the routes originated
from after the OSPF or OSPFv3 routes are distributed into BGP routes and advertised
across the BGP VPN backbone. Distinguishing which OSPF or OSPFv3 domain a route
originated from allows classification of routes as Type 3 LSAs or Type 5 LSAs.

To configure a domain ID, perform the following tasks:

1. Specify a domain ID in the BGP extended community ID.

2. Set a route type.

3. Configure a VRF export policy to explicitly attach the outbound extended community
ID to outbound routes.

4. Define a community with members that possess the community ID.

For more information about configuring export policies, see the Junos OS Routing Policy
Configuration Guide.

This extended community ID can then be carried across the BGP VPN backbone. When
the route is redistributed back as an OSPF or OSPFv3 route on the PE router and advertised
to the CE near the destination, the domain ID identifies which domain the route originated
from. The routing instance checks incoming routes for the domain ID. The route is then
propagated as either a Type 3 LSA or Type 5 LSA.

When a PE router receives a route, it redistributes and advertises the route as either a
Type 3 LSA or a Type 5 LSA, depending on the following:

284 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

• If the receiving PE router sees a Type 3 route with a matching domain ID, the route is
redistributed and advertised as a Type 3 LSA.

• If the receiving PE router sees a Type 3 route without a domain ID (the extended
attribute field of the route’s BGP update does not include a domain ID), the route is
redistributed and advertised as a Type 3 LSA.

• If the receiving PE router sees a Type 3 route with a non-matching domain ID, the route
is redistributed and advertised as a Type 5 LSA.

• If the receiving PE router sees a Type 3 route with a domain ID, but the router does not
have a domain ID configured, the route is redistributed and advertised as a Type 5 LSA.

• If the receiving PE router sees a Type 5 route, the route is redistributed and advertised
as a Type 5 LSA, regardless of the domain ID.

On the local PE router, the prefix of the directly connected PE/CE interface is an active
direct route. This route is also an OSPF or OSPFv3 route.

In the VRF export policy, the direct prefix is exported to advertise the route to the remote
PE. This route is injected as an AS-External-LSA, much as when a direct route is exported
into OSPF or OSPFv3.

Domain ID ensures that an originated summary LSA arrives at the remote PE as a summary
LSA. Domain ID does not translate AS-external-LSAs into summary LSAs.

To configure an OSPF or OSPFv3 domain ID match condition for incoming Layer 3 VPN
routes going into a routing instance, include the domain-id statement:

domain-id domain-id;

For domain-id, specify either an IP address or an IP address and a local identifier using
the following format: ip-address:local-identifier. If you do not specify a local identifier with
the IP address, the identifier is assumed to have a value of 0.

You can configure the statement at the following hierarchy levels:

• [edit routing-instances routing-instance-name protocols (ospf | ospf3)]

• [edit logical-systems logical-system-name routing-instances routing-instance-name

protocols (ospf | ospf3)]

If the router ID is not configured in the routing instance, the router ID is derived from an
interface address belonging to the routing instance.

To prevent routing loops when a domain ID is used as an alternate route preference for
the OSPF or OSPFv3 external routes generated by the PE router, the DN bit of the LSA
being distributed by the PE router must be set. If the route is distributed in a Type 5 LSA
and the DN bit is not supported by the PE router, the VPN tag is used instead.

By default, the VPN tag is automatically calculated and needs no configuration. To

configure the domain VPN tag for Type 5 LSAs, include the domain-vpn-tag number
statement:

domain-vpn-tag number;

Copyright © 2011, Juniper Networks, Inc. 285

Junos OS 11.4 Routing Protocols Configuration Guide

You can configure the statement at the following hierarchy levels:

• [edit routing-instances routing-instance-name protocols (ospf | ospf3)]

• [edit logical-systems logical-system-name routing-instances routing-instance-name

protocols (ospf | ospf3)]

The range is from 1 through 4,294,967,295. If you set VPN tags manually, you must set
the same value for all PE routers in the VPN.

To clear the VPN tag when it is no longer needed (when the DN bit is supported on the
PE router), include the no-domain-vpn-tag statement:

no-domain-vpn-tag;

You can configure the statement at the following hierarchy levels:

• [edit routing-instances routing-instance-name protocols (ospf | ospf3)]

• [edit logical-systems logical-system-name routing-instances routing-instance-name

protocols (ospf | ospf3)]

The DN bit is not currently supported in OSPFv3.

To set the route type, include the route-type-community statement:

route-type-community (iana | vendor);

You can include the statement at the following hierarchy levels:

• [edit routing-instances routing-instance-name protocols (ospf | ospf3)]

• [edit logical-systems logical-system-name routing-instances routing-instance-name

protocols (ospf | ospf3)]

The domain-id setting in the routing instance is for a match on inbound Layer 3 VPN
routes. A VRF export policy must be explicitly set for the outbound extended community
domain-id attribute. You must configure an export policy to attach the domain ID to
outgoing routes. To configure an export policy to attach the domain ID and route
distinguisher to the extended community ID on outbound routes, include the community
statement:

policy-statement policy-name {
term term-name {
from protocol (ospf | ospf3);
then {
community add community-name;
accept;
}
}
term b {
then reject;
}
}
community community-name members [ target:target-id domain-id:domain-id];

286 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

You can include the statement at the following hierarchy levels:

• [edit policy-options policy-statement policy-name term term-name then]

• [edit logical-systems logical-system-name policy-options policy-statement policy-name

term term-name then]

To define the members of a community, include the community statement:

community name {
members [ community-ids ];
}

You can include the statement at the following hierarchy levels:

• [edit policy-options]

• [edit logical-systems logical-system-name policy-options]

Examples: Configuring an OSPF Domain ID

Configure a domain ID as a match condition for inbound Layer 3 VPN routes. Then
configure an export policy to tag the extended community ID and the route distinguisher
onto outgoing routes:

[edit]
routing-instances {
CE_A {
instance-type vrf;
interface ge-0/1/0.0;
route-distinguisher 1:100;
vrf-import vrf_import_routes;
vrf-export vrf_export_routes;
protocols {
ospf {
domain-id 1.1.1.1; # match for inbound routes
route-type-community vendor;
export vrf_import_routes;
area 0.0.0.0 {
interface ge-0/1/0.0;
}
}
}
}
}
policy-options {
policy-statement vrf_export_routes {
term a {
from protocol ospf;
then {
community add export_target;
accept;
}
}
term b {
then reject;

Copyright © 2011, Juniper Networks, Inc. 287

Junos OS 11.4 Routing Protocols Configuration Guide

}
}
community export_target members [ target:1:100 domain-id:1.1.1.1:0 ];
}

Leak a noninstance route into the instance routing table:

[edit]
routing-options {
interface-routes {
rib-group inet inet_to_site_A;
}
}
[edit]
rib-groups {
inet_to_site_A {
import-rib [ inet.0 site_A.inet.0 ];
}
}
[edit]
protocols {
ospf {
rib-group inet_to_site_A;
}
}
[edit]
policy-options {
policy-statement announce_to_ce {
term a {
from {
protocol direct;
interface lo0.0;
}
then accept;
}
}
}
[edit]
routing-instances {
site_A {
protocols {
ospf {
export announce_to_ce;
}
}
}
}

Configuring Route Limits for Routing Tables

A route limit sets an upper limit for the number of paths and prefixes installed in routing
tables. You can, for example, use a route limit to limit the number of routes received from
the CE router in a VPN. A route limit applies only to dynamic routing protocols, not to
static or interface routes.

288 Copyright © 2011, Juniper Networks, Inc.

Chapter 8: Routing Instances Configuration Guidelines

To configure a route limit on route paths, include the maximum-paths statement:

maximum-paths path-limit <log-only | threshold value log-interval seconds>;

To configure a route limit on route prefixes, include the maximum-prefixes statement:

maximum-prefixes prefix-limit <log-only | threshold value log-interval seconds>;

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Specify the log-only option to generate warning messages only (an advisory limit). Specify
the threshold option to generate warnings before the limit is reached. Specify the
log-interval option to configure the minimum time interval between log messages.

There are two modes for route limits: advisory and mandatory. An advisory limit triggers
warnings. A mandatory limit rejects additional routes after the limit is reached.

NOTE: Application of a route limit may result in unpredictable dynamic routing

protocol behavior. For example, when the limit is reached and routes are
rejected, BGP may not reinstall the rejected routes after the number of routes
drops back below the limit. BGP sessions may need to be cleared.

Related • Junos OS VPNs Configuration Guide

Documentation

Configuring Independent AS Domains

You can configure an independent autonomous system (AS) domain that is separate
from the primary routing instance domain. An AS is a set of routers that are under a single
technical administration and that generally use a single IGP and metrics to propagate
routing information within the set of routers. An AS appears to other ASs to have a single,
coherent interior routing plan and presents a consistent picture of what destinations are
reachable through it.

Configuring an independent domain allows you to keep the AS paths of the independent
domain from being shared with the AS path and AS path attributes of other domains,
including the master routing instance domain.

If you are using BGP on the router, you must configure an AS number.

The independent domain uses the transitive path attribute 128 (attribute set) to tunnel
the independent domain’s BGP attributes through the Internal BGP (IBGP) core. In Junos
OS Release 10.3 and later, if BGP receives attribute 128 and you have not configured an
independent domain in any routing instance, BGP treats the received attribute 128 as an
unknown attribute.

To configure an independent domain, include the independent-domain statement:

independent-domain;

Copyright © 2011, Juniper Networks, Inc. 289

Junos OS 11.4 Routing Protocols Configuration Guide

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

There is a limit of 16 ASs for each domain.

290 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 9

Summary of Routing Instances

Configuration Statements

This chapter provides a reference for each of the routing instance configuration
statements. The statements are organized alphabetically.

access-profile

Syntax access-profile profile-name;

Hierarchy Level [edit],

[edit routing-instances routing-instances-name],

Release Information Statement introduced in Junos OS Release 9.1.

Description Specify the access profile for use by the master routing instance.

Options profile-name—Name of the access profile.

Required Privilege access—To view this statement in the configuration.

Level access-control—To add this statement to the configuration.

Related • Configuring Access Components for the DHCP Layer 3 Wholesale Network Solution
Documentation
• Configuring Access Components for the PPPoE Wholesale Network Solution

• Configuring Address Server Elements for the Broadband Subscriber Management

Solution

Copyright © 2011, Juniper Networks, Inc. 291

Junos OS 11.4 Routing Protocols Configuration Guide

description

Syntax description text;

Hierarchy Level [edit routing-instances routing-instance-name]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 11.1 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Provide a text description for the routing instance. If the text includes one or more spaces,
enclose it in quotation marks (" "). Any descriptive text you include is displayed in the
output of the show route instance detail command and has no effect on the operation
of the routing instance.

Required Privilege interface—To view this statement in the configuration.

Level interface-control—To add this statement to the configuration.

Related • Complete Routing Instances Configuration Statements on page 240

Documentation

292 Copyright © 2011, Juniper Networks, Inc.

Chapter 9: Summary of Routing Instances Configuration Statements

instance-type

Syntax instance-type (forwarding |l2backhaul-vpn | l2vpn | layer2-control | no-forwarding |

virtual-router | virtual-switch | vpls | vrf);

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],

[edit routing-instances routing-instance-name]

Release Information Statement introduced before Junos OS Release 7.4.

virtual-switch and layer2-control options introduced in Junos OS Release 8.4.

Description Define the type of routing instance.

Default no-forwarding

Options forwarding—Provide support for filter-based forwarding, where interfaces are not
associated with instances. All interfaces belong to the default instance. Other
instances are used for populating RPD learned routes. See “Configuring Filter-Based
Forwarding” on page 270.

l2backhaul-vpn—Provide support for Layer 2 wholesale VLAN packets with no existing

corresponding logical interface. When using this instance, the router learns both the
outer tag and inner tag of the incoming packets, when the instance-role statement
is defined as access, or the outer VLAN tag only, when the instance-role statement
is defined as nni.

l2vpn—Provide support for Layer 2 VPNs.

layer2-control—(MX Series routers only) Provide support for RSTP or MSTP in customer
edge interfaces of a VPLS routing instance.

no-forwarding—This is the default routing instance. Do not create a corresponding

forwarding instance.

virtual-router—Similar to a VPN routing and forwarding instance type, but used for
non-VPN-related applications. There are no VRF import, VRF export, VRF target, or
route distinguisher requirements for this instance type.

virtual-switch—(MX Series routers only) Provide support for Layer 2 bridging. Use this
routing instances type to isolate a LAN segment with its Spanning Tree Protocol
(STP) instance and separates its VLAN identifier space.

vpls—Virtual private local-area network (LAN) service. Use this routing instance type for
point-to-multipoint LAN implementations between a set of sites in a VPN.

vrf—VPN routing and forwarding instance. Provides support for Layer 3 VPNs, where
interface routes for each instance go into the corresponding forwarding table only.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Copyright © 2011, Juniper Networks, Inc. 293

Junos OS 11.4 Routing Protocols Configuration Guide

Related • Specifying the Instance Type for Routing Instances on page 266
Documentation
• Junos OS VPNs Configuration Guide

• Junos OS Layer 2 Configuration Guide

• Junos OS MX Series 3D Universal Edge Routers Solutions Guide

instance-role

Syntax instance-role (access | nni);

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],

[edit routing-instances routing-instance-name]

Release Information Statement introduced in Junos OS Release 11.2.

Description Define the role of the routing instance in a Layer 2 Wholesale network.

Options access—Defines the connectivity role of the routing instance in a Layer 2 Wholesale
network as an access routing instance. When defined for this role, the same process
occurs as in a Layer 3 Wholesale network—when the first packet is received from a
given client,, authentication for the client initiates with an external entity (for example,
RADIUS). If authentication is successful, a logical interface is created with the
appropriate outer and inner VLAN tags for that client.

nni—Defines the connectivity role of the routing instance in a Layer 2 Wholesale network
as a network to network interface (NNI) routing instance. When defined for this role,
only outer VLAN tags are learned. In addition, when the NNI routing instance receives
a response from the ISP, the packets are forwarded to the appropriate client, provided
the packet has the same two tags that were verified during authentication.

NOTE: If you connect an access node or MSAN device to a router participating

in the Layer 2 Wholesale network in an NNI role, you must create a new routing
instance of type l2backhaul-vpn with an instance role of type access for that
connection.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Specifying the Instance Type for Routing Instances on page 266
Documentation
• Configuring Separate Access Routing Instances for Layer 2 Wholesale Service Retailers

• Configuring Separate NNI Routing Instances for Layer 2 Wholesale Service Retailers

• Junos OS Broadband Subscriber Management Solutions Guide

294 Copyright © 2011, Juniper Networks, Inc.

Chapter 9: Summary of Routing Instances Configuration Statements

interface

Syntax interface interface-name;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],

[edit routing-instances routing-instance-name]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.2 for EX Series switches.

Description Identify the logical, private interface between the provider edge (PE) router and the
customer edge (CE) router on the PE side.

Options interface-name—Name of the interface.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Routing Instances on page 264

Documentation
• Example: Configuring MPLS-Based Layer 3 VPNs on EX Series Switches

no-vrf-advertise

Syntax no-vrf-advertise;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],

[edit routing-instances routing-instance-name]

Release Information Statement introduced before Junos OS Release 7.4.

Description Prevent advertising VPN routes from a VRF instance to remote PEs.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring VRF Targets on page 283

Documentation

Copyright © 2011, Juniper Networks, Inc. 295

Junos OS 11.4 Routing Protocols Configuration Guide

ping-interval

Syntax ping-interval;

Hierarchy Level [edit logical-systems logical-system-name protocols l2circuit neighbor address interface
interface-name oam],
[edit logical-systems logical-system-name routing-instances instance-name protocols l2vpn
oam],
[edit logical-systems logical-system-name routing-instances instance-name protocols vpls
neighbor address oam],
[edit logical-systems logical-system-name routing-instances instance-name protocols vpls
mesh-group mesh-group-name neighbor address oam],
[edit logical-systems logical-system-name routing-instances instance-name protocols vpls
oam],
[edit protocols l2circuit neighbor address interface interface-name oam],
[edit routing-instances instance-name protocols l2vpn oam],
[edit routing-instances instance-name protocols vpls neighbor address oam],
[edit routing-instances instance-name protocols vpls mesh-group mesh-group-name neighbor
address oam],
[edit routing-instances instance-name protocols vpls oam]

Release Information Statement introduced in Junos OS Release 10.0.

Description Configure the time interval between ping messages for bidirectional forwarding detection
(BFD) sessions enabled over pseudowires inside a VPN.

Options seconds—Time interval between ping messages.

Range: 30 through 3600

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring BFD for VCCV for Layer 2 VPNs, Layer 2 Circuits, and VPLS in the Junos OS
Documentation VPNs Configuration Guide

296 Copyright © 2011, Juniper Networks, Inc.

Chapter 9: Summary of Routing Instances Configuration Statements

protocols

Syntax protocols {
bgp {
... bgp-configuration ...
}
isis {
... isis-configuration ...
}
ldp {
... ldp-configuration ...
}
msdp {
... msdp-configuration ...
}
mstp {
... mstp-configuration ...
}
ospf {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
... ospf-configuration ...
}
ospf3 {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
... ospf3-configuration ...
}
pim {
... pim-configuration ...
}
rip {
... rip-configuration ...
}
ripng {
... ripng-configuration ...
}
rstp {
rstp-configuration;
}
vstp {
vstp configuration;
}
vpls {
vpls configuration;
}
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],

[edit routing-instances routing-instance-name]

Release Information Statement introduced before Junos OS Release 7.4.

Copyright © 2011, Juniper Networks, Inc. 297

Junos OS 11.4 Routing Protocols Configuration Guide

Support for RIPng introduced in Junos OS Release 9.0.

Statement introduced in Junos OS Release 11.1 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Specify the protocol for a routing instance. You can configure multiple instances of the
following supported protocols: BGP, IS-IS, LDP, MSDP, OSPF, OSPFv3, PIM, RIP, and
RIPng. Not all protocols are supported on the switches. See the switch CLI.

Options bgp—Specify BGP as the protocol for a routing instance.

isis—Specify IS-IS as the protocol for a routing instance.

ldp—Specify LDP as the protocol for a routing instance.

l2vpn—Specify Layer 2 VPN as the protocol for a routing instance.

msdp—Specify the Multicast Source Discovery Protocol (MSDP) for a routing instance.

mstp—Specify the Multiple Spanning Tree Protocol (MSTP) for a virtual switch routing
instance.

ospf—Specify OSPF as the protocol for a routing instance.

ospf3—Specify OSPF version 3 (OSPFv3) as the protocol for a routing instance.

NOTE: OSPFv3 supports the no-forwarding, virtual-router, and vrf routing

instance types only.

pim—Specify the Protocol Independent Multicast (PIM) protocol for a routing instance.

rip—Specify RIP as the protocol for a routing instance.

ripng—Specify RIP next generation (RIPng) as the protocol for a routing instance.

rstp—Specify the Rapid Spanning Tree Protocol (RSTP) for a virtual switch routing
instance.

vstp—Specify the VLAN Spanning Tree Protocol (VSTP) for a virtual switch routing
instance.

vpls—Specify VPLS as the protocol for a routing instance.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

298 Copyright © 2011, Juniper Networks, Inc.

Chapter 9: Summary of Routing Instances Configuration Statements

Related • Configuring Multiple Instances of BGP on page 250

Documentation
• Configuring Multiple Instances of IS-IS on page 251

• Configuring Multiple Instances of LDP on page 255

• Configuring Multiple Instances of MSDP on page 256

• Example: Configuring Multiple Routing Instances of OSPF on page 256

• Configuring Multiple Instances of PIM on page 263

• Configuring Multiple Instances of RIP on page 263

qualified-bum-pruning-mode

Syntax qualified-bum-pruning-mode;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],

[edit routing-instances routing-instance-name]

Release Information Statement introduced in Junos OS Release 10.4.

Description For Junos OS Layer 2 Wholesale configurations, prune (constrain) distribution of

broadcast, unicast, and multicast (BUM) packets of unknown origin to only those
interfaces that match the traffic from a specific VLAN pair.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Separate NNI Routing Instances for Layer 2 Wholesale Service Retailers
Documentation
• Junos OS VPNs Configuration Guide

Copyright © 2011, Juniper Networks, Inc. 299

Junos OS 11.4 Routing Protocols Configuration Guide

route-distinguisher

Syntax route-distinguisher (as-number:number | ip-address:number);

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
vpls mesh-group mesh-group-name],
[edit routing-instances routing-instance-name],
[edit routing-instances routing-instance-name protocols vpls mesh-group mesh-group-name]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 11.1 for EX Series switches.

Description Specify an identifier attached to a route, enabling you to distinguish to which VPN the
route belongs. Each routing instance must have a unique route distinguisher associated
with it. The route distinguisher is used to place bounds around a VPN so that the same
IP address prefixes can be used in different VPNs without having them overlap. If the
instance type is vrf, the route-distinguisher statement is required.

Options as-number:number—as-number is an assigned AS number and number is any 2-byte for

4-byte value. The AS number can be from 1 through 4,294,967,295. If the AS number
is a 2-byte value, the administrative number is a 4-byte value. If the AS number is
4-byte value, the administrative number is a 2-byte value. A route distinguisher
consisting of a 4-byte AS number and a 2-byte administrative number is defined as
a type 2 route distinguisher in RFC 4364 BGP/MPLS IP Virtual Private Networks.

NOTE: In Junos OS Release 9.1 and later, the numeric range for AS numbers
is extended to provide BGP support for 4-byte AS numbers, as defined in
RFC 4893, BGP Support for Four-octet AS Number Space. All releases of the
Junos OS support 2-byte AS numbers. To configure a route distinguisher that
includes a 4-byte AS number, append the letter “L” to the end of the number.
For example, a route distinguisher with the 4-byte AS number 7,765,000 and
an administrative number of 1,000 is represented as 77765000L:1000.

ip-address:number—ip-address is an IP address in your assigned prefix range (a 4-byte

value) and number is any 2-byte value.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

300 Copyright © 2011, Juniper Networks, Inc.

Chapter 9: Summary of Routing Instances Configuration Statements

Related • Configuring Routing Instances on PE Routers in VPNs

Documentation
• Configuring Route Distinguishers for Routing Instances on page 269

• Configuring an MPLS-Based Layer 2 VPN (CLI Procedure)

• Configuring an MPLS-Based Layer 3 VPN (CLI Procedure)

• Understanding 4-Byte AS Numbers and Route Distinguishers in the Using 4-Byte

Autonomous System Numbers in BGP Networks Technology Overview

Copyright © 2011, Juniper Networks, Inc. 301

Junos OS 11.4 Routing Protocols Configuration Guide

routing-instances

Syntax routing-instances routing-instance-name { ... }

Hierarchy Level [edit],

[edit logical-systems logical-system-name]

Release Information Statement introduced before Junos OS Release 7.4.

Description Configure an additional routing entity for a router. You can create multiple instances of
BGP, IS-IS, OSPF, OSPFv3, and RIP for a router. You can also create multiple routing
instances for separating routing tables, routing policies, and interfaces for individual
wholesale subscribers (retailers) in a Layer 3 wholesale network.

Default Routing instances are disabled for the router.

Options routing-instance-name—Name of the routing instance, a maximum of 128 characters. A

routing instance name can contain letters, numbers, and hyphens.

NOTE: In Junos OS Release 9.6 and later, you can include a slash (/) in a
routing-instance name only if a logical system is not configured. That is, you
cannot include the slash character in a routing-instance name if a logical
system other than the default is explicitly configured.

The remaining statements are explained separately.

NOTE: In Junos OS Release 9.0 and later, you cannot specify a

routing-instance name of default or include special characters within the
name of a routing instance.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Complete Routing Instances Configuration Statements on page 240

Documentation
• Example: Configuring E-LINE and E-LAN Services for a PBB Network on MX Series
Routers

• Junos OS Routing Policy Configuration Guide

routing-options

See routing-options

302 Copyright © 2011, Juniper Networks, Inc.

Chapter 9: Summary of Routing Instances Configuration Statements

vrf-export

Syntax vrf-export [ policy-names ];

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],

[edit routing-instances routing-instance-name]

Release Information Statement introduced before Junos OS Release 7.4.

Description Define which routes are exported from a local instance table—instance-name.inet.0—to
a remote PE router. Specify one or more policy names.

Default If the instance-type is vrf, vrf-export is a required statement. The default action is to
reject.

Options policy-names—Specify one or more policy names.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Secondary VRF Import and Export Policy on page 273
Documentation

vrf-import

Syntax vrf-import [ policy-names ];

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],

[edit routing-instances routing-instance-name]

Release Information Statement introduced before Junos OS Release 7.4.

Description How routes are imported into the local PE router’s VPN routing
table—instance-name.inet.0—from the remote PE router.

Default If the instance-type is vrf, vrf-import is a required statement. The default action is to
accept.

Options policy-names—Specify one or more policy names.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Secondary VRF Import and Export Policy on page 273
Documentation

Copyright © 2011, Juniper Networks, Inc. 303

Junos OS 11.4 Routing Protocols Configuration Guide

vlan-model

Syntax vlan-model one-to-one;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],

[edit routing-instances routing-instance-name]

Release Information Statement introduced in Junos OS Release 11.2.

Description Define the network VLAN model.

Options one-to-one—Specify that any received, dual-tagged VLAN packet triggers the provisioning
process in a Layer 2 Wholesale network. Using this option, the router learns VLAN
tags for each individual client. The router learns both the outer tag and inner tag of
the incoming packets, when the instance-role statement is defined as access, or the
outer VLAN tag only, when the instance-role statement is defined as nni.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Specifying the Instance Type for Routing Instances on page 266
Documentation
• Configuring Separate Access Routing Instances for Layer 2 Wholesale Service Retailers

• Configuring Separate NNI Routing Instances for Layer 2 Wholesale Service Retailers

• Junos OS Broadband Subscriber Management Solutions Guide

vrf-table-label

Syntax vrf-table-label;

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],

[edit routing-instances routing-instance-name]

Release Information Statement introduced before Junos OS Release 7.4.

Description Enable mapping of the inner label of a packet to a specific VRF, thereby allowing the
examination of the encapsulated IP header. All routes in the VRF configured with this
option are advertised with the label allocated per VRF.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring VRF Table Labels on page 283

Documentation

304 Copyright © 2011, Juniper Networks, Inc.

Chapter 9: Summary of Routing Instances Configuration Statements

vrf-target

Syntax vrf-target {
community;
import community;
export community;
}

Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],

[edit routing-instances routing-instance-name]

Release Information Statement introduced before Junos OS Release 7.4.

Description Configure a single policy for import and a single policy for export to replace the per-VRF
policies for every community.

Options community—Community name.

import—Specifies the allowed communities to accept from neighbors.

export—Specifies the allowed communities to send to neighbors.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring VRF Targets on page 283

Documentation

Copyright © 2011, Juniper Networks, Inc. 305

Junos OS 11.4 Routing Protocols Configuration Guide

306 Copyright © 2011, Juniper Networks, Inc.

PART 4

Multitopology Routing
• Introduction to Multitopology Routing on page 309
• Multitopology Routing Configuration Guidelines on page 313
• Summary of Multitopology Routing Configuration Statements on page 325

Copyright © 2011, Juniper Networks, Inc. 307

Junos OS 11.4 Routing Protocols Configuration Guide

308 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 10

Introduction to Multitopology Routing

Multitopology Routing Overview

Multitopology Routing enables you to configure class-based forwarding for different

types of traffic, such as voice, video, and data. Each type of traffic is defined by a topology
that is used to create a new routing table for that topology. Multitopology Routing provides
the ability to generate forwarding tables based on the resolved entries in the routing
tables for the custom topologies you create. In this way, packets of different classes can
be routed independently from one another.

This chapter discusses the following topics that provide background information about
Multitopology Routing:

• Routing Table Naming Conventions for Multitopology Routing on page 309

• Routing Protocol Support for Multitopology Routing on page 310
• Filter-Based Forwarding Support on page 310

Routing Table Naming Conventions for Multitopology Routing

Each routing protocol creates a routing table based on the topology name, the instance
name, and the purpose of the table. A routing table for each topology uses the following
format:

logical-system-name/routing-instance-name:topology-name.protocol.identifier

The routing instance string is included only if the instance is not the master. The logical
system string is included only if the logical system identifier has a value other than 0
(zero). Each routing table for a topology includes a colon (:) before the topology name
that also separates the routing-instance name from the topology name. protocol is the
protocol family, which can be inet or inet6. identifier is a positive integer that specifies
the instance of the routing table. Table 6 on page 309 shows specific examples of routing
tables for various topologies.

Table 6: Examples of Routing Tables for Custom Topologies

Name of Routing Table Description

:voice.inet.0 Master instance, voice topology, unicast IPv4 routes

Copyright © 2011, Juniper Networks, Inc. 309

Junos OS 11.4 Routing Protocols Configuration Guide

Table 6: Examples of Routing Tables for Custom Topologies (continued)

Name of Routing Table Description

:voice.inet6.0 Master instance, voice topology, unicast IPv6 routes

:voice.inet.3 Master instance, voice topology, ingress label-switched paths

(LSPs)

private_1/:voice.inet.0 Logical system private, voice topology, unicast IPv4 routes

customer-A:voice.inet.0 Virtual-router customer-A, voice topology, unicast IPV4 routes

customer-B:voice.inet.3 Virtual-router customer-B, voice topology, ingress LSPs

customer-A:voice.mpls.0 Virtual-router customer-A, voice topology, unicast

carrier-of-carriers IPV4 routes

Routing Protocol Support for Multitopology Routing

To run Multitopology Routing, you must configure IP routing. Multitopology Routing
supports OSPF version 2 (OSPFv2), static routes, and BGP. You must configure an interior
gateway protocol (IGP), such as OSPFv2 or static routing. Configure BGP to add routes
learned through BGP to the appropriate custom topologies.

OSPF in Multitopology Routing uses a single instance of OSPF to carry connectivity and
IP reachability information for different topologies. That information is used to calculate
shortest-path-first (SPF) trees and routing tables. OSPF in Multitopology Routing supports
protocol extensions that include metrics that correspond to different topologies for link
and prefix reachability information. The type-of-service (TOS) metric field is used to
advertise the topology-specific metric for links and prefixes belonging to that topology.
The TOS field is redefined as MT-ID in the payload of router, summary, and Type 5 and
Type 7 autonomous-system-external link-state advertisements (LSAs).

BGP in Multitopology Routing provides the ability to resolve BGP routes against configured
topologies. An inbound policy is used to select routes for inclusion in the appropriate
routing tables for the topologies.

NOTE: Multitopology Routing is also supported on logical systems and the

virtual router routing instance. No other routing instance type is supported
on Multitopology Routing. For more information about configuring routing
instances see, “Complete Routing Instances Configuration Statements” on
page 240. For more information about configure a virtual router instance, see
the Junos OS VPNs Configuration Guide.

Filter-Based Forwarding Support

By default, the ingress interface forwards traffic to the default topology for each
configured routing instance. Multitopology Routing supports filter-based forwarding,

310 Copyright © 2011, Juniper Networks, Inc.

Chapter 10: Introduction to Multitopology Routing

which enables you to match traffic on the ingress interface with a specific type of
forwarding class and then forward that traffic to the specified topology. You can further
define how traffic is handled for each forwarding class by configuring additional firewall
filters that match traffic for such values as the IP precedence field or the Differentiated
Services code point (DSCP).

Multitopology Routing Standards

Multitopology Routing is defined in the following document:

• RFC 4915, Multi-Topology (MT) Routing in OSPF

Copyright © 2011, Juniper Networks, Inc. 311

Junos OS 11.4 Routing Protocols Configuration Guide

312 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 11

Multitopology Routing Configuration

Guidelines

This chapter discusses the following tasks for configuring Multitopology Routing (MTR).

• Configuring Topologies on page 313

• Configuring Multitopology Routing in OSPF on page 314
• Configuring Multitopology Routing in Static Routes on page 320
• Configuring Multitopology Routing in BGP on page 321
• BGP Route Resolution in Multitopology Routing on page 321
• Configuring Filter-Based Forwarding for Multitopology Routing on page 321

Configuring Topologies

For Multitopology Routing to run on the router, you need to configure one or more
topologies. For each topology, you specify a string value, such as voice, that defines the
type of traffic, as well as an interface family, such as IPv4. In addition, a default topology
is automatically created. You can also enable a topology for IPv4 multicast traffic. Each
topology that you configure creates a new routing table and populates it with direct
routes from the topology. For more information about the naming conventions for routing
tables for topologies, see “Routing Table Naming Conventions for Multitopology Routing”
on page 309. To configure a custom topology, include the following statements at the
[edit routing options] hierarchy level:

[edit routing-options]
topologies {
family (inet | inet6) {
topology topology-name;
}
}

Include the family inet statement to specify IPv4 traffic. Include the family inet6 statement
to specify IPv6 traffic.

Include the topology topology-name statement to create a topology. For topology-name,

specify a name for the topology in the form of a string. Typically, you would specify a
name that describes the type of traffic, such as video. You can also specify ipv4-multicast

Copyright © 2011, Juniper Networks, Inc. 313

Junos OS 11.4 Routing Protocols Configuration Guide

to create a topology for IPv4 multicast traffic. A default topology is also automatically
created.

Configuring Multitopology Routing in OSPF

Multitopology Routing OSPF (MT-OSPF) enables you to define multiple topologies and
to configure topology-specific metrics for individual links as well as to exclude individual
links from specific topologies. As a result, you can use a single instance of OSPF to carry
connectivity and IP reachability information for different topologies. Information for
different topologies is used to calculate independent shortest-path-first (SPF) trees and
routing tables. For information about configuration tasks for MT-OSPF, see the following
sections:

• Configuring Topologies and SPF Options for MT-OSPF on page 314

• Configuring a Prefix Export Limit for MT-OSPF on page 316
• Configuring a Topology to Appear Overloaded on page 316
• Configuring Interface Properties for MT-OSPF on page 316
• Disabling MT-OSPF on OSPF Interfaces on page 317
• Disabling MT-OSPF on Virtual Links on page 317
• Advertising MPLS Label-Switched Paths into MT-OSPF on page 318
• Configuring Other MT-OSPF Properties on page 319

Configuring Topologies and SPF Options for MT-OSPF

Include the following statements to enable topologies for OSPF and to configure topology
identifiers. Any topologies you enable for OSPF must first be created under the [edit
routing-options] hierarchy level. The routes for each topology are added to the routing
table for the topology. For more information about the naming conventions for routing
tables for topologies, see “Routing Table Naming Conventions for Multitopology Routing”
on page 309.

The default topology is automatically created and has a topology identifier of 0 (zero),
which cannot be modified. The routes that correspond to the default topology are added
to the inet.0 routing table. You can, however, modify other parameters, such as
shortest-path first (SPF) options. In addition, you can specify a topology for IPv4 multicast
traffic. The topology for IPv4 multicast has a topology identifier of 1, which you cannot
modify. The routes corresponding to this topology are added to the inet.2 routing table.
You can also configure SPF options for each topology that override the default or globally
configured SPF values. Include the following statements to configure a topology for
OSPF and SPF options for the topology at the [edit protocols ospf] hierarchy level:

[edit protocols ospf]

topology (default | ipv4-multicast | name) {
topology-id number;
spf-options {
delay milliseconds;
holddown milliseconds;
rapid-runs number;
}

314 Copyright © 2011, Juniper Networks, Inc.

Chapter 11: Multitopology Routing Configuration Guidelines

For name, include the name of a topology that you configured under the [edit
routing-options] hierarchy level to create the topology.

Use ipv4-multicast for IPv4 multicast traffic. You must first enable this topology under
the [edit routing-options] hierarchy level.

topology-id number is the topology identifier. The range for topology-id number is from 32
through 127 for any topology you create, except for the default and IPv4 multicast
topologies. The identifier for those topologies is predefined and cannot be modified.

NOTE: Multitopology Routing is not currently supported for OSPF version 3

(OSPFv3).

You can configure SPF options for each topology. The values you configure for each of
the following options override the default or globally configured values.

• The delay in the time between the detection of a topology change and when the SPF
algorithm actually runs

• The maximum number of times that the SPF algorithm can run in succession before
the hold-down timer begins

• The time to hold down, or wait, before running another SPF calculation after the SPF
algorithm has run in succession the configured maximum number of times

To configure the SPF delay, include the delay statement when specifying the spf-options
statement:

delay milliseconds;

By default, the SPF algorithm runs 200 milliseconds after the detection of a topology
change. The range that you can configure is from 50 through 8000 milliseconds.

To configure the maximum number of times that the SPF algorithm can run in succession,
include the rapid-runs statement when specifying the spf-options statement:

rapid-runs number;

The default number of SPF calculations that can occur in succession is 3. The range that
you can configure is from 1 through 5. Each SPF algorithm is run after the configured SPF
delay. When the maximum number of SPF calculations occurs, the hold-down timer
begins. Any subsequent SPF calculation is not run until the hold-down timer expires.

To configure the SPF hold-down timer, include the holddown statement when specifying
the spf-options statement:

holddown milliseconds;

The default is 5000 milliseconds, and the range that you can configure is from 2000
through 20,000 milliseconds. Use the hold-down timer to hold down, or wait, before
running any subsequent SPF calculations after the SPF algorithm runs for the configured

Copyright © 2011, Juniper Networks, Inc. 315

Junos OS 11.4 Routing Protocols Configuration Guide

maximum number of times. If the network stabilizes during the hold-down period and
the SPF algorithm does not need to run again, the system reverts to the configured values
for the delay and rapid-runs statements.

Configuring a Prefix Export Limit for MT-OSPF

By default, each topology uses the globally configured value to determine the maximum
number of prefixes that can be exported into OSPF. You can override the globally
configured value for any configured topology. Include the prefix-export-limit number
statement at the [edit protocols ospf topology name] hierarchy level:

[edit protocols ospf]

topology (default | ipv4-multicast | name) {
prefix-export-limit number;
}

The number that you can configure for each topology is from 0 through 4,294,967,295.

Configuring a Topology to Appear Overloaded

You can configure a specific topology so that it appears to be overloaded. You might do
this when you want the topology to participate in OSPF routing but do not want it to be
used for transit traffic.

To mark a topology as overloaded, include the overload statement:

[edit protocols ospf]

topology (default | ipv4-multicast | name) {
overload;
}

Configuring Interface Properties for MT-OSPF

The default value of the topology metric is the same as the default metric value calculated
by OSPF or the value configured for the OSPF metric. You can configure a
topology-specific metric for an OSPF interface. To configure interfaces for MT-OSPF,
include the following statements at the [edit protocols ospf area area-id] hierarchy level:

interface interface-name {
metric metric;
topology (ipv4-multicast | name);
metric metric;
}
}

All OSPF interfaces have a cost, which is a routing metric that is used in the link-state
calculation. Routes with lower total path metrics are preferred over those with higher
path metrics. The default value for the OSPF metric for an interface is 1. You can modify
the default value for an OSPF interface and configure a topology-specific metric for that
interface. The topology-specific metric applies to routes advertised from the interface
that belong only to that topology. The range that you can configure is from 1
through 65,535.

You can also configure any interface that belongs to one or more topologies to advertise
the direct interface addresses without actually running OSPF on that interface. By default,

316 Copyright © 2011, Juniper Networks, Inc.

Chapter 11: Multitopology Routing Configuration Guidelines

OSPF must be configured on an interface in order for direct interface addresses to be

advertised as interior routes. Include the passive statement at the [edit protocols ospf
area area-id interface interface-name] hierarchy level:

[edit protocols ospf]

area area-id {
interface interface-name {
passive;
topology name;
}
}

NOTE: If you configure an interface with the passive statement, it applies to

all the topologies to which the interface belongs. You cannot configure an
interface as passive for only one specific topology and have it remain active
for any other topologies to which it belongs.

Disabling MT-OSPF on OSPF Interfaces

By default, all topologies configured for OSPF are enabled on all OSPF interfaces. You
can disable one or more configured topologies on an OSPF interface. To disable a
configured topology on an OSPF interface, include the disable statement at the [edit
protocols ospf area area-id interface interface-name topology name] hierarchy level:

[edit protocols ospf]

area area-id {
interface interface-name {
topology (ipv4-multicast | name) {
disable;
}
}
}

You cannot disable an interface in the default topology and have it remain active in any
other configured topologies.

NOTE: If you disable OSPF on an interface by including the disable statement

at the [edit protocols ospf area area-id interface interface-name] hierarchy level,
the interface is disabled for all topologies, including the default topology.

Disabling MT-OSPF on Virtual Links

By default, control packets sent to the remote end of a virtual link must be forwarded
using the default topology. In addition, the transit area path consists only of links that
are in the default topology. You can disable a virtual link for a configured topology, but
not for a default topology. Include the disable statement at the [edit protocols ospf area
area-id virtual-link neighbor-id router-id transit-area area-id topology name] hierarchy level:

[edit protocols ospf]

area area-id {

Copyright © 2011, Juniper Networks, Inc. 317

Junos OS 11.4 Routing Protocols Configuration Guide

virtual-link neighbor-id router-id transit-area area-id {

topology (ipv4-multicast | name) {
disable;
}
}
}

NOTE: If you disable the virtual link by including the disable statement at the
[edit protocols ospf area area-id virtual-link neighbor-id router-id transit-area
area-id] hierarchy level, you disable the virtual link for all topologies, including
the default topology. You cannot disable the virtual link only in the default
topology.

Advertising MPLS Label-Switched Paths into MT-OSPF

You can advertise label-switched paths (LSPs) into OSPFv2 as point-to-point links so
that all participating routers can take the LSP into account when performing SPF
calculations. By default, all topologies configured for OSPF are enabled on all MPLS
LSPs advertised into OSPF. You can override this behavior by disabling one or more
configured topologies on an MPLS LSP.

The LSP advertisement contains a local address (the from address of the LSP), a remote
address (the to address of the LSP), and a metric with the following precedence:

1. Use the LSP metric defined under OSPFv2.

2. Use the LSP metric configured under MPLS.

3. If you do not configure any of the above, use the default OSPFv2 metric of 1.

In addition, the default value of the topology-specific metric is the same as the default
metric calculated by OSPF or configured for the MPLS LSPs. You can also override this
value by configuring a specific metric for the topology. For more information about
configuring a topology-specific metric, see “Configuring Topologies” on page 313.

To disable a topology on LSPs and configure a label-switched path metric for OSPFv2,
include the following statements at the [edit protocols ospf] hierarchy level:

[edit protocols ospf]

area area-id {
label-switched-path name;
metric metric;
topology (ipv4-multicast | name) {
disable;
}
}
}

NOTE: You cannot disable an MPLS LSP in the default topology only and
have it remain enabled in other topologies.

318 Copyright © 2011, Juniper Networks, Inc.

Chapter 11: Multitopology Routing Configuration Guidelines

For more information about advertising LSPs, see the Junos OS MPLS Applications
Configuration Guide.

Configuring Other MT-OSPF Properties

You can also configure the following properties for all topologies in an instance. You
cannot configure the following properties for an individual topology:

• Disable not-so-stubby area (NSSA) support on an autonomous-system border router

(ASBR)

• Modify the preference value for OSPF internal routes

• Modify the default preference value for OSPF external routes

• Modify the reference-bandwidth value

• Enable graceful restart

To disable exporting Type 7 LSAs into LSAs, include the no-nssa-abr statement.

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

[edit protocols ospf]

no-nssa-abr;

By default, internal OSPF routes have a preference value of 10, and external OSPF routes
have a preference value of 150. To modify the preference values for all topologies, include
the preference statement (for internal routes) or the external-preference statement (for
external routes):

[edit protocols ospf]

external-preference preference;
preference preference;

For a complete list of hierarchy levels at which you can configure these statements, see
the statement summary sections for these statements.

You can configure a preference value of from 0 through 255 for each statement.

The reference bandwidth is used to calculate the default cost of a route using the following
formula:

cost = reference-bandwidth / bandwidth

The default value for the reference bandwidth is 100 Mbps (which you specify
as 100,000,000), which gives a metric of 1 for any bandwidth that is 100 Mbps or greater.
To modify the default value, include the reference-bandwidth statement:

[edit protocols ospf]

reference-bandwidth;

The range that you can specify is from 9,600 through 1,000,000,000,000.

For a complete list of hierarchy levels at which you can configure this statement, see the
statement summary section for this statement.

Copyright © 2011, Juniper Networks, Inc. 319

Junos OS 11.4 Routing Protocols Configuration Guide

NOTE: You can specify topology-specific metrics for routes advertised from
an interface. For more information, see “Configuring Topologies” on page 313.

Graceful restart enables a restarting router and its neighbors to continue forwarding
packets without disrupting network performance. Because neighboring routers assist in
the restart (these neighbors are called helper routers), the restarting router can quickly
resume full operation without recalculating algorithms.

Graceful restart is disabled by default. You can globally configure graceful restart for all
routing protocols at the [edit routing-options] hierarchy level. To configure graceful restart
parameters specifically for OSPF, include the graceful-restart statement at the [edit
protocols ospf] hierarchy level.

Related • Junos OS High Availability Configuration Guide

Documentation

Configuring Multitopology Routing in Static Routes

You can configure static routes to become installed in the routing table for any configured
topology. Include the rib routing-table-name statement at the [edit routing-options]
hierarchy level:

[edit routing-options]
rib routing-table-name {
static {
route destination-prefix {
next-hop;
}
static-options;
}
}
}

For routing-table-name, use the following format:

logical-system-name/routing-instance-name:topology-name.protocol.identifier. The routing
instance string is included only if the instance is not the master. The logical system string
is included only if the logical system identifier has a value other than 0 (zero). Each routing
table for a topology includes a colon (:) before the topology name that also separates
the routing instance name from the topology name. protocol is the protocol family, which
can be inet or inet6. identifier is a positive integer that specifies the instance of the routing
table. When you create a topology for an instance (master or virtual-router), a new routing
table is created within the instance for that topology. For more detailed information
about routing table naming conventions for Multitopology Routing, see “Routing Table
Naming Conventions for Multitopology Routing” on page 309.

For route destination-prefix, specify the destination of the route in the following way:
network/mask-length, where network is the network portion of the IP address and
mask-length is the destination prefix length. You can specify an IPv4 or IPv6 address.

320 Copyright © 2011, Juniper Networks, Inc.

Chapter 11: Multitopology Routing Configuration Guidelines

You can optionally specify how to reach the destination by including the next-hop
statement.

In addition, you can specify static-options, which defines additional information about
static routes that is included with the route when it is installed in the routing table. For
more information about specific static options you can optionally configure, see
“Configuring Static Route Options” on page 71.

Configuring Multitopology Routing in BGP

Multitopology Routing in BGP enables you to configure a community target identifier for
each type of traffic, or topology. The target community identifies the destination to which
the route is going. BGP uses these community target identifiers to have routes imported
into the routing tables for the specific topologies. The forwarding class then determines
which table to use to forward traffic.

To configure Multitopology Routing in BGP, include the community target identifier

statement at the [edit protocols bgp family (inet | inet6) unicast topology name] hierarchy
level:

[edit protocols bgp]

family (inet | inet6) {
unicast {
topology name {
community target identifier;
}
}
}

Multitopology Routing in BGP is also supported for BGP groups and BGP peers. To
configure for a BGP group, include the family (inet | inet6) unicast topology name
community target identifier statement at the [edit protocols bgp group group-name]
hierarchy level. To configure for a BGP peer, include the family (inet | inet6) unicast
topology name community target identifier statement at the [edit protocols bgp group
group-name neighbor address] hierarchy level.

BGP Route Resolution in Multitopology Routing

The default behavior is for the Junos OS to resolve BGP routes against the inet.0 and
inet.3 routing tables. By default, the secondary route points to the next hop of the primary
BGP route. This means that under the default behavior, BGP cannot perform secondary
route resolution. Multitopology Routing in BGP provides support for secondary routes to
resolve to an independent set of next hops.

When Multitopology Routing in BGP resolves a route against the inet.0 routing table, a
forwarding state is generated to match the topologies for which you configured a BGP
import policy.

Configuring Filter-Based Forwarding for Multitopology Routing

Each routing instance (master or virtual-router) supports one default topology to which
all forwarding classes are forwarded. For Multitopology Routing, you can configure a

Copyright © 2011, Juniper Networks, Inc. 321

Junos OS 11.4 Routing Protocols Configuration Guide

firewall filter on the ingress interface to match a specific forwarding class, such as
expedited forwarding, with a specific topology. The traffic that matches the specified
forwarding class is then added to the routing table for that topology.

To configure filter-based forwarding for Multitopology Routing, include the following

statements at the [edit firewall] hierarchy level:

[edit firewall]
family (inet | inet6) {
filter filter-name {
term term-name {
from {
forwarding-class (assured-forwarding | best-effort | expedited-forwarding |
network-control)
}
then {
(topology topology-name | routing-instance routing-instance-name topology
topology-name | logical-system logical-system-name topology topology-name
| logical-system logical-system-name routing-instance routing-instance-name
topology topology-name);
}
}
}
}

To configure the family address type, specify family inet to filter IPv4 packets or family
inet6 to filter IPv6 packets.

To configure the filter name, include the filter filter-name statement. The filter name can
contain letters, numbers, and hyphens (-) and can be up to 64 characters long. To include
spaces in the name, enclose the entire name in quotation marks (“ ”).

Each filter consists of one or more terms. To configure a term, include the term term-name
statement. The term name can contain letters, numbers, and hyphens (-) and can be up
to 255 characters long. To include spaces in the name, enclose the entire name in
quotation marks (“ ”). Each term name must be unique within a filter.

Include the forwarding-class class statement to define the forwarding class against which
to match the incoming packets. You can configure the following types of forwarding
classes: assured-forwarding, expedited-forwarding, best-effort, and network-control.

You can specify multiple terms in a filter, effectively chaining together a series of
match-action operations to apply to the packets on an interface. Firewall filter terms are
evaluated in the order in which you specify them in the configuration. To reorder terms,
use the configuration mode insert command. For example, the command insert term up
before term start places the term up before the term start.

Use the topology statement to specify that packets that match the specified forwarding
class be directed to the specified topology.

For a topology in the master instance, include the topology name statement, where name
is the name of the topology.

322 Copyright © 2011, Juniper Networks, Inc.

Chapter 11: Multitopology Routing Configuration Guidelines

For a topology in a nonmaster instance, include the routing-instance routing-instance-name

topology topology-name statement, where routing-instance-name is the name of the
routing instance and topology-name is the name of the topology.

For a topology in a nonmaster logical system, include the logical-system

logical-system-name topology topology-name statement, where logical-system-name is
the name of the logical system and topology-name is the name of the topology.

For a topology in a nonmaster instance within a nonmaster logical system, include the
logical-system logical-system-name routing-instance routing-instance-name topology
topology-name statement, where logical-system-name is the name of the logical system,
routing-instance-name is the name of the routing instance configured within the logical
system, and topology-name is the name of the topology.

You must apply the filter to an ingress interface. Include the following statements to
apply the filter to an interface:

[edit interfaces interface-name]

unit number {
family (inet | inet6) {
filter {
input filter-name {
}
}
}

Related • Junos OS Routing Policy Configuration Guide

Documentation

Copyright © 2011, Juniper Networks, Inc. 323

Junos OS 11.4 Routing Protocols Configuration Guide

324 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 12

Summary of Multitopology Routing

Configuration Statements

The following sections explain each of the Multitopology Routing configuration

statements. They are organized alphabetically.

Copyright © 2011, Juniper Networks, Inc. 325

Junos OS 11.4 Routing Protocols Configuration Guide

community

Syntax community {
target identifier;
}

Hierarchy Level [edit logical-systems logical-system-name protocols bgp family (inet | inet6) unicast topology
name],
[edit logical-systems logical-system-name protocols bgp group group-name family (inet |
inet6) unicast topology name],
[edit logical-systems logical-system-name protocols bgp group group-name neighbor address
family (inet | inet6) unicast topology name],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
bgp family (inet | inet6) unicast topology name],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
bgp group group-name family (inet | inet6) unicast topology name],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
bgp group group-name neighbor address family (inet | inet6) unicast topology name],
[edit protocols bgp family (inet | inet6) unicast topology name],
[edit protocols bgp group group-name family (inet | inet6) unicast topology name],
[edit protocols bgp group group-name neighbor address family (inet | inet6) unicast topology
name],
[edit routing-instances routing-instance-name protocols bgp family (inet | inet6) unicast
topology name],
[edit routing-instances routing-instance-name protocols bgp group group-name family (inet
| inet6) unicast topology name],
[edit routing-instances routing-instance-name protocols bgp group group-name neighbor
address family (inet | inet6) topology name]

Release Information Statement introduced in Junos OS Release 9.0.

Description Configure the community to identify the multitopology routes. BGP uses the target
community identifier to install the routes it learns in the appropriate Multitopology Routing
tables.

Options target identifier—Configure the destination to which the route is going.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Multitopology Routing in BGP on page 321

Documentation

326 Copyright © 2011, Juniper Networks, Inc.

Chapter 12: Summary of Multitopology Routing Configuration Statements

rib

Syntax rib routing-table-name {

static {
route destination-prefix {
next-hop;
}
static-options;
}
}

Hierarchy Level [edit logical-systems logical-system-name routing-options],

[edit logical-systems logical-system-name routing-instances routing-instance-name
routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement support for Multitopology Routing introduced in Junos OS Release 9.0.
Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure a static route to install routes in the routing table for a specific topology.

Options routing-table-name—Name of the routing table for a topology. Use the following format:
logical-system-name/routing-instance-name:topology-name.protocol.identifier. Include
the routing instance string only if the instance is not the master. The logical system
string is included only if the logical system identifier has a value other than 0 (zero).
Each routing table for a topology includes a colon (:) before the topology name.
protocol is the protocol family, which can be inet or inet6. identifier is the positive
integer that specifies the instance of the routing table. For example, to install IPv6
routes to the routing table for a topology named voice in the master instance, include
:voice.inet6.0.

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • static on page 223

Documentation
• Configuring Multitopology Routing in Static Routes on page 320

Copyright © 2011, Juniper Networks, Inc. 327

Junos OS 11.4 Routing Protocols Configuration Guide

topologies

Syntax topologies {
family (inet | inet6) {
topology topology-name;
}
}

Hierarchy Level [edit logical-systems logical-system-name routing-options],

[edit logical-systems logical-system-name routing-instances routing-instance-name
routing-options],
[edit routing-instances routing-instance-name routing-options],
[edit routing-options]

Release Information Statement introduced in Junos OS Release 9.0.

Description Configure a topology for Multitopology Routing. Each topology creates a new routing
table that is populated with direct routes from the topology.

Options family—Configure the type of family address type.

inet—IPv4

inet6—IPv6

The remaining statement is explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • topology on page 331

Documentation
• Configuring Topologies on page 313

328 Copyright © 2011, Juniper Networks, Inc.

Chapter 12: Summary of Multitopology Routing Configuration Statements

topology

• topology (Filter-Based Forwarding) on page 330

• topology (Multitopology Routing) on page 331
• topology (OSPF) on page 332
• topology (OSPF Interface) on page 333

Copyright © 2011, Juniper Networks, Inc. 329

Junos OS 11.4 Routing Protocols Configuration Guide

topology (Filter-Based Forwarding)

Syntax topology topology-name;

Hierarchy Level [edit firewall family (inet | inet6) filter filter-name term term-name then],
[edit firewall family (inet | inet6) filter filter-name term term-name then logical-system
logical-system-name],
[edit firewall family (inet | inet6) filter filter-name term term-name then logical-system
logical-system-name routing-instance routing-instance-name],
[edit firewall family (inet | inet6) filter filter-name term term-name then routing-instance
routing-instance-name]

Release Information Statement introduced in Junos OS Release 9.0.

Description Configure a topology for filter-based forwarding for Multitopology Routing. The firewall
filter you apply to the ingress interface is used to look up traffic against the configured
topology, and, if a route matches the conditions you configure for the term, the route is
accepted and added to the to the routing table for the specific topology.

There are multiple ways to configure a topology for filter-based forwarding, depending
on the type of instance or logical system you want to specify for the forwarding class.
See Options for more information.

NOTE: The options for logical system and routing instance precede the
topology statement with the then statement.

Options topology-name—Name of a topology against which you want to match traffic.

logical-system logical-system-name topology topology-name—For a nonmaster logical

system, specify the name of the logical system and a topology name configured for
a nonmaster logical system.

routing-instance routing-instance-name topology topology-name—For a nonmaster routing

instance, specify the name of the routing instance and a topology name configured
for a nonmaster routing instance.

logical-system logical-system-name routing-instance routing-instance-name topology

topology-name—For a nonmaster routing instance configured within a nonmaster
logical system, specify the name of the logical system, the name of the routing
instance, and a topology name configured for a nonmaster routing instance within
a nonmaster logical system.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Filter-Based Forwarding for Multitopology Routing on page 321

Documentation
• Junos OS Routing Policy Configuration Guide

330 Copyright © 2011, Juniper Networks, Inc.

Chapter 12: Summary of Multitopology Routing Configuration Statements

topology (Multitopology Routing)

Syntax topology topology-name;

Hierarchy Level [edit logical-systems logical-system-name routing-options topologies family (inet | inet6)],
[edit logical-systems logical-system-name routing-instances routing-instance-name
routing-options topologies family (inet | inet6)],
[edit routing-instances routing-instance-name routing-options topologies family (inet |
inet6)],
[edit routing-options topologies family (inet | inet6)]

Release Information Statement introduced in Junos OS Release 9.0.

Description Configure the name of a topology configured to run Multitopology Routing.

Options topology-name—Name of the topology. Include a string value that describes the type of
traffic, such as voice or video. For IPv4 multicast traffic, include ipv4-multicast as
the name.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • topologies on page 328

Documentation
• Configuring Topologies on page 313

Copyright © 2011, Juniper Networks, Inc. 331

Junos OS 11.4 Routing Protocols Configuration Guide

topology (OSPF)
Syntax topology (default | ipv4-multicast | name) {
topology-id number;
spf-options {
delay milliseconds;
holddown milliseconds;
rapid-runs number;
}
}

Hierarchy Level [edit logical-systems logical-system-name protocols ospf],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
ospf],
[edit protocols ospf],
[edit routing-instances routing-instance-name protocols ospf]

Release Information Statement introduced in Junos OS Release 9.0.

Statement introduced in Junos OS Release 11.3 for the QFX Series.

Description Enable a topology for OSPF Multitopology Routing. You must first configure one or more
topologies under the [edit routing-options] hierarchy level.

Options default—Name of the default topology. This topology is automatically created and all
routes that correspond to it are automatically added to the inet.0 routing table. You
can modify certain default parameters, such as for the shortest-path-first (SPF)
algorithm.

ipv4-multicast—Name of the topology for IPv4 multicast traffic.

name—Name of a topology you configured at the [edit routing-options] hierarchy level

to create a topology for a specific type of traffic, such as voice or video.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Topologies and SPF Options for MT-OSPF on page 314
Documentation

332 Copyright © 2011, Juniper Networks, Inc.

Chapter 12: Summary of Multitopology Routing Configuration Statements

topology (OSPF Interface)

Syntax topology (ipv4-multicast | name) {
metric metric;
}

Hierarchy Level [edit logical-systems logical-system-name protocols ospf area area-id interface
interface-name],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
ospf area area-id interface interface-name],
[edit protocols ospf area area-id interface interface-name],
[edit routing-instances routing-instance-name protocols ospf area area-id interface
interface-name]

Release Information Statement introduced in Junos OS Release 9.0.

Description Configure interface-specific properties for MT-OSPF, including topology-specific metric

values for an interface.

Default The default value of the topology metric is the same as the default metric value calculated
by OSPF or the value configured for the OSPF metric.

Options ipv4-multicast—Name of the topology for IPv4 multicast traffic.

name—Name of a topology created under the [edit routing-options] hierarchy level.

metric metric—Cost of a route from an OSPF interface. You can specify a metric value
for a topology that is different from the value specified for the interface.
Range: 1 through 65,535
Default: 1

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Interface Properties for MT-OSPF on page 316

Documentation

Copyright © 2011, Juniper Networks, Inc. 333

Junos OS 11.4 Routing Protocols Configuration Guide

topology-id

Syntax topology-id number;

Hierarchy Level [edit logical-systems logical-system-name protocols ospf topology name],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
ospf topology name],
[edit protocols ospf topology name],
[edit routing-instances routing-instance-name protocols ospf topology name]

Release Information Statement introduced in Junos OS Release 9.0.

Description Configure a topology identifier for a topology enabled for OSPF.

Default The default identifier for the default topology is 0, and the default identifier for the
topology for IPv4 multicast traffic is 1. These identifiers are predefined and cannot be
modified.

Options number—the integer value used to identify the topology.

Range: 32 through 127

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • topology on page 332

Documentation
• Configuring Topologies and SPF Options for MT-OSPF on page 314

334 Copyright © 2011, Juniper Networks, Inc.

PART 5

Interior Gateway Protocols

• Introduction to IS-IS on page 337
• IS-IS Configuration Guidelines on page 343
• Summary of IS-IS Configuration Statements on page 433
• Introduction to OSPF on page 493
• OSPF Configuration Guidelines on page 507
• Summary of OSPF Configuration Statements on page 749
• Introduction to RIP on page 835
• RIP Configuration Guidelines on page 839
• Summary of RIP Configuration Statements on page 867
• Introduction to RIPng on page 893
• RIPng Configuration Guidelines on page 895
• Summary of RIPng Configuration Statements on page 905
• Introduction to ICMP Router Discovery on page 921
• ICMP Router Discovery Configuration Guidelines on page 923
• Summary of ICMP Router Discovery Configuration Statements on page 927
• Introduction to Neighbor Discovery on page 939
• Neighbor Discovery Configuration Guidelines on page 941
• Summary of Neighbor Discovery Router Advertisement Configuration
Statements on page 949
• Secure Neighbor Discovery Configuration Guidelines on page 961
• Summary of Secure Neighbor Discovery Configuration Statements on page 965

Copyright © 2011, Juniper Networks, Inc. 335

Junos OS 11.4 Routing Protocols Configuration Guide

336 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 13

Introduction to IS-IS

This chapter discusses the following topics that provide background information about
IS-IS:

• IS-IS Overview on page 337

• IS-IS Extensions to Support Traffic Engineering on page 339
• IS-IS Extensions to Support Route Tagging on page 340
• IS-IS Standards on page 340

IS-IS Overview

IS-IS protocol is an interior gateway protocol (IGP) that uses link-state information to
make routing decisions.

IS-IS is a link-state IGP that uses the shortest path first (SPF) algorithm to determine
routes. IS-IS evaluates the topology changes and determines whether to perform a full
SPF recalculation or a partial route calculation (PRC). This protocol originally was
developed for routing International Organization for Standardization (ISO) Connectionless
Network Protocol (CLNP) packets.

NOTE: Because IS-IS uses ISO addresses, the configuration of IP version 6

(IPv6) and IP version 4 (IPv4) implementations of IS-IS is identical.

This section discusses the following topics:

• IS-IS Terminology on page 337

• ISO Network Addresses on page 338
• IS-IS Packets on page 339
• Persistent Route Reachability on page 339

IS-IS Terminology
An IS-IS network is a single autonomous system (AS), also called a routing domain, that
consists of end systems and intermediate systems. End systems are network entities that
send and receive packets. Intermediate systems send and receive packets and relay

Copyright © 2011, Juniper Networks, Inc. 337

Junos OS 11.4 Routing Protocols Configuration Guide

(forward) packets. (Intermediate system is the Open System Interconnection [OSI] term
for a router.) ISO packets are called network protocol data units (PDUs).

In IS-IS, a single AS can be divided into smaller groups called areas. Routing between
areas is organized hierarchically, allowing a domain to be administratively divided into
smaller areas. This organization is accomplished by configuring Level 1 and Level 2
intermediate systems. Level 1 systems route within an area; when the destination is
outside an area, they route toward a Level 2 system. Level 2 intermediate systems route
between areas and toward other ASs.

ISO Network Addresses

IS-IS uses ISO network addresses. Each address identifies a point of connection to the
network, such as a router interface, and is called a network service access point (NSAP).

IS-IS supports multiple NSAP addresses on the loopback (lo0) interface.

An end system can have multiple NSAP addresses, in which case the addresses differ
only by the last byte (called the n-selector). Each NSAP represents a service that is
available at that node. In addition to having multiple services, a single node can belong
to multiple areas.

Each network entity also has a special network address called a network entity title (NET).
Structurally, an NET is identical to an NSAP address but has an n-selector of 00. Most
end systems and intermediate systems have one NET. Intermediate systems that
participate in multiple areas can have multiple NETs.

The following ISO addresses illustrate the IS-IS address format:

49.0001.00a0.c96b.c490.00
49.0001.2081.9716.9018.00

The first portion of the address is the area number, which is a variable number from 1
through 13 bytes. The first byte of the area number (49) is the authority and format
indicator (AFI). The next bytes are the assigned domain (area) identifier, which can be
from 0 through 12 bytes. In the examples above, the area identifier is 0001.

The next six bytes form the system identifier. The system identifier can be any six bytes
that are unique throughout the entire domain. The system identifier commonly is the
media access control (MAC) address (as in the first example, 00a0.c96b.c490) or the
IP address expressed in binary-coded decimal (BCD) (as in the second example,
2081.9716.9018, which corresponds to IP address 208.197.169.18). The last byte (00) is
the n-selector.

NOTE: The system identifier cannot be 0000.0000.0000. All 0s is an illegal

setting and the adjacency is not formed with this setting.

To provide help with IS-IS debugging, the Junos OS supports dynamic mapping of ISO
system identifiers to the hostname. Each system can be configured with a hostname,
which allows the system identifier-to-hostname mapping to be carried in a dynamic
hostname type length value (TLV) in IS-IS link-state protocol data units (LSPs). This

338 Copyright © 2011, Juniper Networks, Inc.

Chapter 13: Introduction to IS-IS

permits ISs in the routing domain to learn about the ISO system identifier of a particular
IS.

IS-IS Packets
IS-IS uses the following protocol data units (PDUs) to exchange protocol information:

• IS-IS hello (IIH) PDUs—Broadcast to discover the identity of neighboring IS-IS systems
and to determine whether the neighbors are Level 1 or Level 2 intermediate systems.

• Link-state PDUs —Contain information about the state of adjacencies to neighboring

IS-IS systems. Link-state PDUs are flooded periodically throughout an area.

• Complete sequence number PDUs (CSNPs)—Contain a complete list of all link-state

PDUs in the IS-IS database. CSNPs are sent periodically on all links, and the receiving
systems use the information in the CSNP to update and synchronize their link-state
PDU databases. The designated router multicasts CSNPs on broadcast links in place
of sending explicit acknowledgments for each link-state PDU .

• Partial sequence number PDUs (PSNPs)—Multicast by a receiver when it detects that

it is missing an link-state PDU; that is, when its link-state PDU database is out of date.
The receiver sends a PSNP to the system that transmitted the CSNP, effectively
requesting that the missing link-state PDU be transmitted. That router, in turn, forwards
the missing link-state PDU to the requesting router.

Persistent Route Reachability

IPv4 and IPv6 route reachability information in IS-IS link-state PDUs is preserved when
you commit a configuration. IP prefixes are preserved to their original packet fragment
upon LSP regeneration.

IS-IS Extensions to Support Traffic Engineering

To help provide traffic engineering and MPLS with information about network topology
and loading, extensions have been added to the Junos OS implementation of IS-IS.
Specifically, IS-IS supports new TLVs that specify link attributes. These TLVs are included
in the IS-IS link-state PDUs. The link-attribute information is used to populate the traffic
engineering database, which is used by the Constrained Shortest Path First (CSPF)
algorithm to compute the paths that MPLS LSPs take. This path information is used by
RSVP to set up LSPs and reserve bandwidth for them.

NOTE: Whenever possible, use IS-IS IGP shortcuts instead of traffic

engineering shortcuts.

The traffic engineering extensions are defined in Internet draft draft-isis-traffic-traffic-02,

IS-IS Extensions for Traffic Engineering.

IS-IS IGP Shortcuts

In IS-IS, you can configure shortcuts, which allow IS-IS to use an LSP as the next hop as
if it were a subinterface from the ingress routing device to the egress routing device. The

Copyright © 2011, Juniper Networks, Inc. 339

Junos OS 11.4 Routing Protocols Configuration Guide

address specified on the to statement at the [edit protocols mpls label-switched-path

lsp-path-name] hierarchy level must match the router ID of the egress routing device for
the LSP to function as a direct link to the egress routing device and to be used as input
to IS-IS SPF calculations. When used in this way, LSPs are no different than Asynchronous
Transfer Mode (ATM) and Frame Relay virtual circuits (VCs), except that LSPs carry only
IPv4 traffic.

IS-IS Extensions to Support Route Tagging

To control the transmission of routes into IS-IS, or to control transmission of IS-IS routes
between different IS-IS levels, you can tag routes with certain attributes. IS-IS routes
can carry these attributes, which the routing policies can use to export and import routes
between different IS-IS levels. A sub-TLV to the IP prefix TLV is used to carry the tag or
attribute on the routes.

NOTE: Route tagging does not work when IS-IS traffic engineering is disabled.

IS-IS Standards

IS-IS is defined in the following documents:

• ISO 8473, Protocol for providing the connectionless-mode network services

• ISO 9542, End System to Intermediate System Routing Exchange Protocol for Use in
Conjunction with the Protocol for the Provision of the Connectionless-mode Network
Service

• ISO 10589, Intermediate System to Intermediate System Routing Exchange Protocol for
Use in Conjunction with the Protocol for the Provision of the Connectionless-mode
Network Service

• RFC 1195, Use of OSI IS-IS for Routing in TCP/IP and Dual Environments

• RFC 2973, IS-IS Mesh Groups

• RFC 3787, Recommendations for Interoperable IP Networks Using Intermediate System

to Intermediate System (IS-IS)

• RFC 5120, M-ISIS: Multi Topology (MT) Routing in Intermediate System to Intermediate
Systems (IS-ISs)

• RFC 5130, A Policy Control Mechanism in IS-IS Using Administrative Tags

• RFC 5286, Basic Specification for IP Fast Reroute: Loop-Free Alternates

• RFC 5301, Dynamic Hostname Exchange Mechanism for IS-IS

• RFC 5302, Domain-wide Prefix Distribution with Two-Level IS-IS

• RFC 5303, Three-Way Handshake for IS-IS Point-to-Point Adjacencies

• RFC 5304, IS-IS Cryptographic Authentication

• RFC 5305, IS-IS Extensions for Traffic Engineering

340 Copyright © 2011, Juniper Networks, Inc.

Chapter 13: Introduction to IS-IS

• RFC 5306, Restart Signaling for IS-IS

• RFC 5307, IS-IS Extensions in Support of Generalized Multi-Protocol Label Switching

(GMPLS)

• RFC 5308, Routing IPv6 with IS-IS

• RFC 5309, Point-to-Point Operation over LAN in Link State Routing Protocols

• Internet draft draft-ietf-bfd-base-09.txt, Bidirectional Forwarding Detection (except

for the transmission of echo packets)

• Internet draft draft-ietf-isis-wg-255adj-02.txt, Maintaining more than 255 circuits in

IS-IS

To access Internet RFCs and drafts, go to the Internet Engineering Task Force (IETF)
Web site at http://www.ietf.org.

Copyright © 2011, Juniper Networks, Inc. 341

Junos OS 11.4 Routing Protocols Configuration Guide

342 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 14

IS-IS Configuration Guidelines

This chapter discusses the following topics that provide information about configuring
IS-IS:

• Configuring IS-IS on page 344

• Minimum IS-IS Configuration on page 347
• Configuring IS-IS Authentication on page 347
• Hitless Authentication Key Rollover for IS-IS on page 349
• Configuring of Interface-Specific IS-IS Properties on page 355
• Configuring BFD for IS-IS on page 356
• Overview of BFD Authentication for IS-IS on page 364
• Configuring BFD Authentication for IS-IS on page 366
• Enabling Packet Checksum on IS-IS Interfaces on page 369
• Configuring the Transmission Frequency for CSNP Packets on IS-IS
Interfaces on page 369
• Configuring Synchronization Between LDP and IS-IS on page 369
• Configuring the Transmission Frequency for Link-State PDUs on IS-IS
Interfaces on page 370
• Configuring Mesh Groups of IS-IS Interfaces on page 370
• Configuring IS-IS Multicast Topology on page 371
• Configuring IS-IS IPv6 Unicast Topologies on page 387
• Configuring Point-to-Point Interfaces for IS-IS on page 387
• Configuring Levels on IS-IS Interfaces on page 388
• Configuring the Reference Bandwidth Used in IS-IS Metric Calculations on page 392
• Limiting the Number of Advertised IS-IS Areas on page 393
• Enabling Wide IS-IS Metrics for Traffic Engineering on page 393
• Configuring Preference Values for IS-IS Routes on page 393
• Limiting the Number of Prefixes Exported to IS-IS on page 394
• Configuring Link-State PDU Lifetime for IS-IS on page 394
• Advertising Label-Switched Paths into IS-IS on page 394

Copyright © 2011, Juniper Networks, Inc. 343

Junos OS 11.4 Routing Protocols Configuration Guide

• Configuring IS-IS to Make Routing Devices Appear Overloaded on page 395

• Configuring SPF Options for IS-IS on page 396
• Configuring Graceful Restart for IS-IS on page 397
• Configuring IS-IS for Multipoint Network Clouds on page 398
• Configuring IS-IS Traffic Engineering Attributes on page 398
• Enabling Authentication for IS-IS Without Network-Wide Deployment on page 401
• Configuring Quicker Advertisement of IS-IS Adjacency State Changes on page 401
• Enabling Padding of IS-IS Hello Packets on page 401
• Configuring CLNS for IS-IS on page 402
• Disabling IS-IS on page 405
• Disabling IPv4 Routing for IS-IS on page 405
• Disabling IPv6 Routing for IS-IS on page 405
• Applying Policies to Routes Exported to IS-IS on page 406
• Installing a Default Route to the Nearest Routing Device That Operates at Both IS-IS
Levels on page 408
• Configuring Loop-Free Alternate Routes for IS-IS on page 409
• Disabling Adjacency Down and Neighbor Down Notification in IS-IS and
OSPF on page 415
• Tracing IS-IS Protocol Traffic on page 416
• Example: Configuring IS-IS on Logical Systems Within the Same Router on page 419
• Example: Configuring an IS-IS Default Route Policy on Logical Systems on page 428

Configuring IS-IS

To configure IS-IS, you include the following statements in the configuration:

protocols {
isis {
clns-routing;
disable;
ignore-attached-bit;
graceful-restart {
disable;
helper-disable;
restart-duration seconds;
}
label-switched-path name level level metric metric;
level level-number {
authentication-key key;
authentication-key-chain key-chain-name;
authentication-type authentication;
external-preference preference;
no-csnp-authentication;
no-hello-authentication;
no-psnp-authentication;
preference preference;

344 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

prefix-export-limit number;
wide-metrics-only;
}
loose-authentication-check;
lsp-lifetime seconds;
max-areas seconds;
no-adjacency-holddown;
no-authentication-check;
no-ipv4-routing;
no-ipv6-routing;
overload {
advertise-high-metrics;
timeout seconds;
}
reference-bandwidth reference-bandwidth;
rib-group {
inet group-name;
inet6 group-name;
}
spf-options {
delay milliseconds;
holddown milliseconds;
rapid-runs number;
}
topologies {
ipv4-multicast;
ipv6-multicast;
ipv6-unicast;
}
traffic-engineering {
disable;
ignore-lsp-metrics;
family inet;
shortcuts {
multicast-rpf-routes;
}
}
family inet6;
shortcuts;
}
}
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
interface (all | interface-name) {
disable;
bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}

Copyright © 2011, Juniper Networks, Inc. 345

Junos OS 11.4 Routing Protocols Configuration Guide

minimum-interval milliseconds;
minimum-receive-interval milliseconds;
multiplier number;
no-adaptation;
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
version (1 | automatic);
}
checksum;
csnp-interval (seconds | disable);
hello-padding (adaptive | loose | strict);
ldp-synchronization {
disable;
hold-time seconds;
}
link-protection;
lsp-interval milliseconds;
mesh-group (value | blocked);
no-adjacency-holddown;
no-eligible-backup;
no-ipv4-multicast;
no-ipv6-multicast;
no-ipv6-unicast;
no-unicast-topology;
node-link-protection;
passive;
point-to-point;
level level-number {
disable;
hello-authentication-key key;
hello-authentication-key-chain key-chain-name;
hello-authentication-type authentication;
hello-interval seconds;
hold-time seconds;
ipv4-multicast-metric number;
ipv6-multicast-metric number;
ipv6-unicast-metric number;
metric metric;
passive;
priority number;
te-metric metric;
}
}
}
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

By default, IS-IS is enabled for Level 1 and Level 2 routers on all interfaces on which an
International Organization for Standardization (ISO) address is configured.

346 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

Minimum IS-IS Configuration

For IS-IS to run on the routing device, you must enable IS-IS on the routing device,
configure a network entity title (NET) on one of the routing device’s interfaces (preferably
the loopback interface, lo0), and configure the ISO family on all interfaces on which you
want IS-IS to run. When you enable IS-IS, Level 1 and Level 2 are enabled by default. The
following is the minimum IS-IS configuration. In the address statement, address is the
NET:

interfaces {
lo0 {
unit logical-unit-number {
family iso {
address address;
}
}
}
interface-type-fpc/pic/port {
unit logical-unit-number {
family iso;
}
}
}
protocols {
isis {
interface all;
}
}

NOTE: To create the IS-IS interface, you must also configure IS-IS at the [edit
protocols isis interface interface-name] hierarchy level. If you want the Junos
OS to create IS-IS interfaces automatically, include the interface all option
at the [edit protocols isis] hierarchy level.

Configuring IS-IS Authentication

All IS-IS protocol exchanges can be authenticated to guarantee that only trusted routing
devices participate in the autonomous system (AS) routing. By default, IS-IS
authentication is disabled on the routing device.

To configure IS-IS authentication, you must define an authentication password and

specify the authentication type.

You can configure one of the following authentication methods:

• Simple authentication—Uses a text password that is included in the transmitted packet.

The receiving routing device uses an authentication key (password) to verify the packet.
Simple authentication is included for compatibility with existing IS-IS implementations.
However, we recommend that you do not use this authentication method because it
is insecure (the text can be “sniffed”).

Copyright © 2011, Juniper Networks, Inc. 347

Junos OS 11.4 Routing Protocols Configuration Guide

CAUTION: A simple password that exceeds 254 characters is truncated.

• HMAC-MD5 authentication—Uses an iterated cryptographic hash function. The receiving

routing device uses an authentication key (password) to verify the packet.

You can also configure more fine-grained authentication for hello packets. To do this,
see “Configuring Authentication for IS-IS Hello Packets” on page 390.

To enable authentication and specify an authentication method, include the

authentication-type statement, specifying the simple or md5 authentication type:

authentication-type authentication;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

To configure a password, include the authentication-key statement. The authentication

password for all routing devices in a domain must be the same.

authentication-key key;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

To configure hitless authentication key rollover, include the authentication-key-chain

statement.

The password can contain up to 255 characters. If you include spaces, enclose all
characters in quotation marks (“ ”).

If you are using the Junos OS IS-IS software with another implementation of IS-IS, the
other implementation must be configured to use the same password for the domain, the
area, and all interfaces that are shared with a Junos implementation.

Authentication of hello packets, partial sequence number PDU (PSNP), and complete
sequence number PDU (CSNP) may be suppressed to enable interoperability with the
routing software of different vendors. Different vendors handle authentication in various
ways, and suppressing authentication for different PDU types may be the simplest way
to allow compatibility within the same network.

To configure IS-IS to generate authenticated packets, but not to check the authentication
on received packets, include the no-authentication-check statement:

no-authentication-check;

To suppress authentication of IS-IS hello packets, include the no-hello-authentication

statement:

no-hello-authentication;

To suppress authentication of PSNP packets, include the no-psnp-authentication

statement:

348 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

no-psnp-authentication;

To suppress authentication of CSNP packets, include the no-csnp-authentication

statement:

no-csnp-authentication;

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

NOTE: The authentication and the no-authentication statements must be

configured at the same hierarchy level. Configuring authentication at the
interface hierarchy level and configuring no-authentication at the isis hierarchy
level has no effect.

Hitless Authentication Key Rollover for IS-IS

• Overview of Hitless Authentication Key Rollover for IS-IS on page 349

• Example: Configuring Hitless Authentication Key Rollover for IS-IS on page 350

Overview of Hitless Authentication Key Rollover for IS-IS

IS-IS protocol exchanges can be authenticated to guarantee that only trusted routing
devices participate in routing. By default, authentication is disabled. The authentication
algorithm creates an encoded checksum that is included in the transmitted packet. The
receiving routing device uses an authentication key (password) to verify the packet’s
checksum.

If you configure authentication for all peers, each peer in that group inherits the group’s
authentication.

You can update authentication keys without resetting any IS-IS neighbor sessions. This
is referred to as hitless authentication key rollover.

Hitless authentication key rollover uses authentication keychains, which consist of the
authentication keys that are being updated. The keychain includes multiple keys. Each
key in the keychain has a unique start time. At the next key’s start time, a rollover occurs
from the current key to the next key, and the next key becomes the current key.

You can choose the algorithm through which authentication is established. You can
configure MD5 or SHA-1 authentication. You associate a keychain and the authentication
algorithm with an IS-IS neighboring session. Each key contains an identifier and a secret
password.

The sending peer chooses the active key based on the system time and the start times
of the keys in the keychain. The receiving peer determines the key with which it
authenticates based on the incoming key identifier.

You can configure either RFC 5304-based encoding or RFC 5310-based encoding for the
IS-IS protocol transmission encoding format.

Copyright © 2011, Juniper Networks, Inc. 349

Junos OS 11.4 Routing Protocols Configuration Guide

Related • Example: Configuring Hitless Authentication Key Rollover for IS-IS on page 350
Documentation

Example: Configuring Hitless Authentication Key Rollover for IS-IS

This example shows how to configure hitless authentication key rollover for IS-IS.

• Requirements on page 350

• Overview on page 350
• Configuration on page 351
• Verification on page 354

Requirements

No special configuration beyond device initialization is required before configuring hitless

authentication key rollover for IS-IS.

Overview

Authentication guarantees that only trusted routers participate in routing updates. This
keychain authentication method is referred to as hitless because the keys roll over from
one to the next without resetting any peering sessions or interrupting the routing protocol.
Junos OS supports both RFC 5304, IS-IS Cryptographic Authentication and RFC 5310,
IS-IS Generic Cryptographic Authentication.

This example includes the following statements for configuring the keychain:

• algorithm—For each key in the keychain, you can specify an encryption algorithm. The
algorithm can be SHA-1 or MD-5.

• key—A keychain can have multiple keys. Each key within a keychain must be identified
by a unique integer value. The range of valid identifier values is from 0 through 63.

• key-chain—For each keychain, you must specify a name. This example defines two
keychains: base-key-global and base-key-inter.

• options—For each key in the keychain, you can specify the encoding for the message
authentication code:isis-enhanced or basic. The basic (RFC 5304) operation is enabled
by default.

When you configure the isis-enhanced option, Junos OS sends RFC 5310-encoded
routing protocol packets and accepts both RFC 5304-encoded and RFC 5310-encoded
routing protocol packets that are received from other devices.

When you configure basic (or do not include the options statement in the key
configuration) Junos OS sends and receives RFC 5304-encoded routing protocols
packets, and drops 5310-encoded routing protocol packets that are received from
other devices.

Because this setting is for IS-IS only, the TCP and the BFD protocol ignore the encoding
option configured in the key.

350 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

• secret—For each key in the keychain, you must set a secret password. This password
can be entered in either encrypted or plain text format in the secret statement. It is
always displayed in encrypted format.

• start-time—Each key must specify a start time in UTC format. Control gets passed
from one key to the next. When a configured start time arrives (based on the routing
device’s clock), the key with that start time becomes active. Start times are specified
in the local time zone for a routing device and must be unique within the key chain.

You can apply a keychain globally to all interfaces or more granularly to specific interfaces.

This example includes the following statements for applying the keychain to all interfaces
or to particular interfaces:

• authentication-key-chain—Enables you to apply a keychain at the global IS-IS level for

all Level 1 or all Level 2 interfaces.

• hello-authentication-key-chain—Enables you to apply a keychain at the individual IS-IS

interface level. The interface configuration overrides the global configuration.

Figure 7 on page 351 shows the topology used in the example.

Figure 7: Hitless Authentication Key Rollover for IS-IS

{ ISIS Level 1 } { ISIS Level 2 }
B
R1 FE/GE/XE R0 FE/GE/XE R2

A A C A B

SONET

FE/GE/XE R3
g040568

This example shows the configuration for Router R0.

Configuration

CLI Quick To quickly configure the hitless authentication key rollover for IS-IS, copy the following
Configuration commands and paste the commands into the CLI.

[edit]
set interfaces ge-0/0/0 unit 0 description "interface A"
set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.1/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family inet6 address fe80::200:f8ff:fe21:67cf/128
set interfaces ge-0/0/1 unit 0 description "interface B"
set interfaces ge-0/0/1 unit 0 family inet address 10.0.0.5/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet6 address 10FB::C:ABC:1F0C:44DA/128
set interfaces ge-0/0/2 unit 0 description "interface C"
set interfaces ge-0/0/2 unit 0 family inet address 10.0.0.9/30
set interfaces ge-0/0/2 unit 0 family iso
set interfaces ge-0/0/2 unit 0 family inet6 address ff06::c3/128

Copyright © 2011, Juniper Networks, Inc. 351

Junos OS 11.4 Routing Protocols Configuration Guide

set security authentication-key-chains key-chain base-key-global key 63 secret

"$9$jfkqfTQnCpBDiCt"
set security authentication-key-chains key-chain base-key-global key 63 start-time
"2011-8-6.06:54:00-0700"
set security authentication-key-chains key-chain base-key-global key 63 algorithm
hmac-sha-1
set security authentication-key-chains key-chain base-key-global key 63 options
isis-enhanced
set security authentication-key-chains key-chain base-key-inter key 0 secret
"$9$8sgx7Vws4ZDkWLGD"
set security authentication-key-chains key-chain base-key-inter key 0 start-time
"2011-8-6.06:54:00-0700"
set security authentication-key-chains key-chain base-key-inter key 0 algorithm md5
set security authentication-key-chains key-chain base-key-inter key 0 options basic
set protocols isis level 1 authentication-key-chain base-key-global
set protocols isis interface ge-0/0/0.0 level 1 hello-authentication-key-chain
base-key-inter

Step-by-Step To configure hitless authentication key rollover for IS-IS:

Procedure
1. Configure Router R0’s interfaces.

[edit]
user@host# edit interfaces ge-0/0/0 unit 0
[edit interfaces ge-0/0/0 unit 0]
user@host# set description "interface A"
user@host# set family inet address 10.0.0.1/30
user@host# set family iso
user@host# set family inet6 address fe80::200:f8ff:fe21:67cf/128
user@host# exit
[edit]
user@host# edit interfaces ge-0/0/1 unit 0
[edit interfaces ge-0/0/1 unit 0]
user@host# set interfaces ge-0/0/1 unit 0 description "interface B"
user@host# set interfaces ge-0/0/1 unit 0 family inet address 10.0.0.5/30
user@host# set interfaces ge-0/0/1 unit 0 family iso
user@host# set interfaces ge-0/0/1 unit 0 family inet6 address
10FB::C:ABC:1F0C:44DA/128
user@host# exit
[edit]
user@host# edit interfaces ge-0/0/2 unit 0
[edit interfaces ge-0/0/2 unit 0]
user@host# set description "interface C"
user@host# set family inet address 10.0.0.9/30
user@host# set interfaces ge-0/0/2 unit 0 family iso
user@host# set interfaces ge-0/0/2 unit 0 family inet6 address ff06::c3/128
user@host# exit

2. Configure one or more authentication keys.

[edit]
user@host# edit security authentication-key-chains key-chain base-key-global
[edit security authentication-key-chains key-chain base-key-global]
user@host# set key 63 secret "$9$jfkqfTQnCpBDiCt"
user@host# set key 63 start-time "2011-8-6.06:54:00-0700"
user@host# set key 63 algorithm hmac-sha-1

352 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

user@host# set key 63 options isis-enhanced

user@host# exit
[edit]
user@host# edit security authentication-key-chains key-chain base-key-inter
[edit security authentication-key-chains key-chain base-key-inter]
user@host# set key 0 secret "$9$8sgx7Vws4ZDkWLGD"
user@host# set key 0 start-time "2011-8-6.06:54:00-0700"
user@host# set key 0 algorithm md5
user@host# set key 0 options basic
user@host# exit

3. Apply the base-key-global keychain to all Level 1 IS-IS interfaces on Router R0.

[edit]
user@host# edit protocols isis level 1
[edit protocols isis level 1]
set authentication-key-chain base-key-global
user@host# exit

4. Apply the base-key-inter keychain to the ge-0/0/0.0 interface on Router R0.

[edit]
user@host# edit protocols isis interface ge-0/0/0.0 level 1
[edit protocols isis interface ge-0/0/0.0 level 1]
set hello-authentication-key-chain base-key-inter
user@host# exit

5. If you are done configuring the device, commit the configuration.

[edit]
user@host# commit

Results Confirm your configuration by entering the show interfaces, show protocols, and show
security commands.

user@host# show interfaces

ge-0/0/0 {
unit 0 {
description "interface A";
family inet {
address 10.0.0.1/30;
}
family iso;
family inet6 {
address fe80::200:f8ff:fe21:67cf/128;
}
}
}
ge-0/0/1 {
unit 0 {
description "interface B";
family inet {
address 10.0.0.5/30;
}
family iso;
family inet6 {
address 10FB::C:ABC:1F0C:44DA/128;

Copyright © 2011, Juniper Networks, Inc. 353

Junos OS 11.4 Routing Protocols Configuration Guide

}
}
}
ge-0/0/2 {
unit 0 {
description "interface C";
family inet {
address 10.0.0.9/30;
}
family iso;
family inet6 {
address ff06::c3/128;
}
}
}

user@host# show protocols

isis {
level 1 authentication-key-chain base-key-global;
interface ge-0/0/0.0 {
level 1 hello-authentication-key-chain base-key-inter;
}
}

user@host# show security

authentication-key-chains {
key-chain base-key-global {
key 63 {
secret "$9$jfkqfTQnCpBDiCt"; ## SECRET-DATA
start-time "2011-8-6.06:54:00-0700";
algorithm hmac-sha-1;
options isis-enhanced;
}
}
key-chain base-key-inter {
key 0 {
secret "$9$8sgx7Vws4ZDkWLGD"; ## SECRET-DATA
start-time "2011-8-6.06:54:00-0700";
algorithm md5;
options basic;
}
}
}

Verification

To verify the configuration, run the following commands:

• show isis authentication

• show security keychain

Related • Overview of Hitless Authentication Key Rollover for IS-IS on page 349
Documentation

354 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

Configuring of Interface-Specific IS-IS Properties

You can configure interface-specific IS-IS properties by including the interface statement.

interface (all | interface-name) {

disable;
bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
multiplier number;
version (1 | automatic);
}
checksum;
csnp-interval (seconds | disable);
ldp-synchronization {
disable;
hold-time seconds;
}
lsp-interval milliseconds;
mesh-group (value | blocked);
no-ipv4-multicast;
no-ipv6-multicast;
no-ipv6-unicast;
no-unicast-topology;
passive;
point-to-point;
level level-number {
disable;
hello-authentication-type authentication;
hello-authentication-key key;
hello-authentication-key-chain key-chain-name;
hello-interval seconds;
hold-time seconds;
ipv4-multicast-metric number;
ipv6-multicast-metric number;
ipv6-unicast-metric number;
metric metric;
passive;
priority number;
te-metric metric;
}
}

Copyright © 2011, Juniper Networks, Inc. 355

Junos OS 11.4 Routing Protocols Configuration Guide

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

For interface-name, specify the full interface name, including the physical and logical
address components. To configure all interfaces, specify the interface name as all.

For more information about configuring IS-IS interface properties, see the following
topics:

• Configuring BFD for IS-IS on page 356

• Overview of BFD Authentication for IS-IS on page 364

• Configuring BFD Authentication for IS-IS on page 366

• Enabling Packet Checksum on IS-IS Interfaces on page 369

• Configuring the Transmission Frequency for CSNP Packets on IS-IS Interfaces on

page 369

• Configuring Synchronization Between LDP and IS-IS on page 369

• Configuring the Transmission Frequency for Link-State PDUs on IS-IS Interfaces on

page 370

• Configuring Mesh Groups of IS-IS Interfaces on page 370

• Configuring IS-IS Multicast Topology on page 371

• Configuring IS-IS IPv6 Unicast Topologies on page 387

• Configuring Point-to-Point Interfaces for IS-IS on page 387

• Configuring Levels on IS-IS Interfaces on page 388

Configuring BFD for IS-IS

• Overview of Configuring BFD for IS-IS on page 356

• Example: Configuring BFD for IS-IS on page 358

Overview of Configuring BFD for IS-IS

The BFD failure detection timers are adaptive and can be adjusted to be faster or slower.
For example, the timers can adapt to a higher value if the adjacency fails, or a neighbor
can negotiate a higher value for a timer than the configured value. The timers adapt to
a higher value when a BFD session flap occurs more than three times in a span of 15
seconds. A back-off algorithm increases the receive (RX) interval by two if the local BFD
instance is the reason for the session flap. The transmission (TX) interval is increased by
two if the remote BFD instance is the reason for the session flap.

356 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

You can use the clear bfd adaptation command to return BFD interval timers to their
configured values. The clear bfd adaptation command is hitless, meaning that the
command does not affect traffic flow on the IS-IS routing device.

NOTE: BFD for IS-IS on an IPv6-only interface is not supported. However, if

the interface is dual-stacked (both IPv4 and IPv6 are configured), then you
can configure BFD as a client on the IPv4 IS-IS session.

To detect failures in the network, the following set of statements are used in the
configuration.

Table 7: Configuring BFD for IS-IS

Statement Description

bfd-liveness-detection Enable failure detection.

minimum-interval Specify the minimum transmit and receive intervals for failure detection.
milliseconds
This value represents the minimum interval at which the local router transmits hellos packets as
well as the minimum interval at which the router expects to receive a reply from a neighbor with
which it has established a BFD session. You can configure a number from 1 through
255,000 milliseconds. You can also specify the minimum transmit and receive intervals separately.

NOTE: BFD is an intensive protocol that consumes system resources. Specifying a minimum interval
for BFD less than 100 ms for Routing Engine-based sessions and 10 ms for distributed BFD sessions
can cause undesired BFD flapping.

Depending on your network environment, these additional recommendations might apply:

• For large-scale network deployments with a large number of BFD sessions, specify a minimum
interval of 300 ms for Routing Engine-based sessions and 100 ms for distributed BFD sessions.
• For very large-scale network deployments with a large number of BFD sessions, please contact
Juniper Networks customer support for more information.
• For BFD sessions to remain up during a Routing Engine switchover event when nonstop active
routing (NSR) is configured, specify a minimum interval of 2500 ms for Routing Engine-based
sessions. For distributed BFD sessions with NSR configured, the minimum interval
recommendations are unchanged and depend only on your network deployment.

minimum-receive-interval Specify only the minimum receive interval for failure detection.
milliseconds
This value represents the minimum interval at which the local router expects to receive a reply
from a neighbor with which it has established a BFD session. You can configure a number from 1
through 255,000 milliseconds.

multiplier number Specify the number of hello packets not received by the neighbor that causes the originating
interface to be declared down.

The default is 3, and you can configure a value from 1 through 225.

Copyright © 2011, Juniper Networks, Inc. 357

Junos OS 11.4 Routing Protocols Configuration Guide

Table 7: Configuring BFD for IS-IS (continued)

Statement Description

no-adaptation Disable BFD adaptation.

In Junos OS Release 9.0 and later, you can specify that the BFD sessions not adapt to changing
network conditions.

NOTE: We recommend that you not disable BFD adaptation unless it is preferable not to have
BFD adaptation enabled in your network.

threshold • Specify the threshold for the adaptation of the detection time.
When the BFD session detection time adapts to a value equal to or greater than the threshold,
a single trap and a system log message are sent.
• Specify the threshold for the transmit interval.

NOTE: The threshold value must be greater than the minimum transmit interval multiplied by the
multiplier number.

transmit-interval Specify the minimum transmit interval for failure detection.

minimum-interval
This value represents the minimum interval at which the local routing device transmits hello packets
to the neighbor with which it has established a BFD session. You can configure a value from 1
through 255,000 milliseconds.

version Specify the BFD version used for detection.

The default is to have the version detected automatically.

NOTE: You can trace BFD operations by including the traceoptions statement
at the [edit protocols bfd] hierarchy level.

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Example: Configuring BFD for IS-IS

This example describes how to configure the Bidirectional Forwarding Detection (BFD)
protocol to detect failures in an IS-IS network.

• Requirements on page 358

• Overview on page 359
• Configuration on page 359
• Verification on page 362

Requirements

Before you begin, configure IS-IS on both routers. See “Minimum IS-IS Configuration” on
page 347 for information about the required IS-IS configuration.

This example uses the following hardware and software components:

358 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

• Junos OS Release 7.3 or later

• M Series, MX Series, and T Series routers

Overview

This example shows two routers connected to each other. A loopback interface is
configured on each router. IS-IS and BFD protocols are configured on both routers.

Figure 8 on page 359 shows the sample network.

Figure 8: Configuring BFD on IS-IS

Configuration

Router R1

set protocols isis interface so-0/0/0 bfd-liveness-detection detection-time threshold 5

set protocols isis interface so-0/0/0 bfd-liveness-detection minimum-interval 2
set protocols isis interface so-0/0/0 bfd-liveness-detection minimum-receive-interval 1
set protocols isis interface so-0/0/0 bfd-liveness-detection no-adaptation
set protocols isis interface so-0/0/0 bfd-liveness-detection transmit-interval threshold 3
set protocols isis interface so-0/0/0 bfd-liveness-detection transmit-interval
minimum-interval 1
set protocols isis interface so-0/0/0 bfd-liveness-detection multiplier 2
set protocols isis interface so-0/0/0 bfd-liveness-detection version automatic

Router R2

set protocols isis interface so-0/0/0 bfd-liveness-detection detection-time threshold 6

set protocols isis interface so-0/0/0 bfd-liveness-detection minimum-interval 3
set protocols isis interface so-0/0/0 bfd-liveness-detection minimum-receive-interval 1
set protocols isis interface so-0/0/0 bfd-liveness-detection no-adaptation
set protocols isis interface so-0/0/0 bfd-liveness-detection transmit-interval threshold 4
set protocols isis interface so-0/0/0 bfd-liveness-detection transmit-interval
minimum-interval 1
set protocols isis interface so-0/0/0 bfd-liveness-detection multiplier 2
set protocols isis interface so-0/0/0 bfd-liveness-detection version automatic

Copyright © 2011, Juniper Networks, Inc. 359

Junos OS 11.4 Routing Protocols Configuration Guide

Step-by-Step The following example requires you to navigate various levels in the configuration
Procedure hierarchy. For information about navigating the CLI, see the Junos OS CLI User Guide.

NOTE: To simply configure BFD for IS-IS, only the minimum-interval statement
is required. The BFD protocol selects default parameters for all the other
configuration statements when you use the bfd-liveness-detection statement
without specifying any parameters.

NOTE: You can change parameters at any time without stopping or restarting
the existing session. BFD automatically adjusts to the new parameter value.
However, no changes to BFD parameters take place until the values
resynchronize with each BFD peer.

To configure BFD for IS-IS on Routers R1 and R2:

1. Enable BFD failure detection for IS-IS.

[edit protocols isis]

user@R1# set interface so-0/0/0 bfd-liveness-detection

[edit protocols isis]

user@R2# set interface so-0/0/0 bfd-liveness-detection

2. Configure the threshold for the adaptation of the detection time, which must be
greater than the multiplier number multiplied by the minimum interval.

[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

user@R1# set detection-time threshold 5

[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

user@R2# set detection-time threshold 6

3. Configure the minimum transmit and receive intervals for failure detection.

[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

user@R1# set minimum-interval 2

[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

user@R2# set minimum-interval 3

4. Configure only the minimum receive interval for failure detection.

[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

user@R1# set minimum-receive-interval 1

[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

user@R2# set minimum-receive-interval 1

5. Disable BFD adaptation.

[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

user@R1# set no-adaptation

[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

360 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

user@R2# set no-adaptation

6. Configure the threshold for the transmit interval, which must be greater than the
minimum transmit interval.

[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

user@R1# set transmit-interval threshold 3

[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

user@R2# set transmit-interval threshold 4

7. Configure the minimum transmit interval for failure detection.

[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

user@R1# set transmit-interval minimum-interval 1

[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

user@R2# set transmit-interval minimum-interval 1

8. Configure the multiplier number, which is the number of hello packets not received
by the neighbor that causes the originating interface to be declared down.

[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

user@R1# set multiplier 2

[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

user@R2# set multiplier 2

9. Configure the BFD version used for detection.

The default is to have the version detected automatically.

[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

user@R1# set version automatic

[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

user@R2# set version automatic

Results Confirm your configuration by issuing the show protocols isis interface command.

user@R1# show protocols isis interface so-0/0/0

bfd-liveness-detection {
version automatic;
minimum-interval 2;
minimum-receive-interval 1;
multiplier 2;
no-adaptation;
transmit-interval {
minimum-interval 1;
threshold 3;
}
detection-time {
threshold 5;
}
}
...

user@R2# show protocols isis interface so-0/0/0

bfd-liveness-detection {
version automatic;

Copyright © 2011, Juniper Networks, Inc. 361

Junos OS 11.4 Routing Protocols Configuration Guide

minimum-interval 3;
minimum-receive-interval 1;
multiplier 2;
no-adaptation;
transmit-interval {
minimum-interval 1;
threshold 4;
}
detection-time {
threshold 6;
}
}
...

Verification

Confirm that the configuration is working properly.

• Verifying the Connection Between Routers R1 and R2 on page 362

• Verifying That IS-IS Is Configured on page 362
• Verifying That BFD Is configured on page 363

Verifying the Connection Between Routers R1 and R2

Purpose Make sure that the Routers R1 and R2 are connected to each other.

Action Ping the other router to check the connectivity between the two routers as per the network
topology.

user@R1> ping 10.0.0.2

PING 10.0.0.2 (10.0.0.2): 56 data bytes

64 bytes from 10.0.0.2: icmp_seq=0 ttl=64 time=1.367 ms
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=1.662 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=1.291 ms
^C
--- 10.0.0.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.291/1.440/1.662/0.160 ms

user@R2> ping 10.0.0.1

PING 10.0.0.1 (10.0.0.1): 56 data bytes

64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=1.287 ms
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=1.310 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=1.289 ms
^C
--- 10.0.0.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.287/1.295/1.310/0.010 ms

Meaning Routers R1 and R2 are connected to each other.

Verifying That IS-IS Is Configured

Purpose Make sure that the IS-IS instance is running on both routers.

362 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

Action Use the show isis database statement to check if IS-IS instance is running on both routers,
R1 and R2.

user@R1> show isis database

IS-IS level 1 link-state database:

LSP ID Sequence Checksum Lifetime Attributes
R1.00-00 0x4a571 0x30c5 1195 L1 L2
R2.00-00 0x4a586 0x4b7e 1195 L1 L2
R2.02-00 0x330ca1 0x3492 1196 L1 L2
3 LSPs

IS-IS level 2 link-state database:

LSP ID Sequence Checksum Lifetime Attributes
R1.00-00 0x4a856 0x5db0 1194 L1 L2
R2.00-00 0x4a89d 0x149b 1194 L1 L2
R2.02-00 0x1fb2ff 0xd302 1194 L1 L2
3 LSPs

user@R2> show isis database

IS-IS level 1 link-state database:

LSP ID Sequence Checksum Lifetime Attributes
R1.00-00 0x4b707 0xcc80 1195 L1 L2
R2.00-00 0x4b71b 0xeb37 1198 L1 L2
R2.02-00 0x33c2ce 0xb52d 1198 L1 L2
3 LSPs

IS-IS level 2 link-state database:

LSP ID Sequence Checksum Lifetime Attributes
R1.00-00 0x4b9f2 0xee70 1192 L1 L2
R2.00-00 0x4ba41 0x9862 1197 L1 L2
R2.02-00 0x3 0x6242 1198 L1 L2
3 LSPs

Meaning IS-IS is configured on both routers, R1 and R2.

Verifying That BFD Is configured

Purpose Make sure that the BFD instance is running on both routers, R1 and R2.

Action Use the show bfd session detail statement to check if BFD instance is running on the
routers.

user@R1> show bfd session detail

Detect Transmit
Address State Interface Time Interval Multiplier
10.0.0.2 Up so-0/0/0 2.000 1.000 2
Client ISIS R2, TX interval 0.001, RX interval 0.001
Client ISIS R1, TX interval 0.001, RX interval 0.001
Session down time 00:00:00, previous up time 00:00:15
Local diagnostic NbrSignal, remote diagnostic NbrSignal
Remote state AdminDown, version 1
Router 3, routing table index 17

1 sessions, 2 clients
Cumulative transmit rate 1.0 pps, cumulative receive rate 1.0 pps

user@R2> show bfd session detail

Copyright © 2011, Juniper Networks, Inc. 363

Junos OS 11.4 Routing Protocols Configuration Guide

Detect Transmit
Address State Interface Time Interval Multiplier
10.0.0.1 Up so-0/0/0 2.000 1.000 2
Client ISIS R2, TX interval 0.001, RX interval 0.001
Session down time 00:00:00, previous up time 00:00:05
Local diagnostic NbrSignal, remote diagnostic NbrSignal
Remote state AdminDown, version 1
Router 2, routing table index 15

1 sessions, 1 clients
Cumulative transmit rate 1.0 pps, cumulative receive rate 1.0 pps

Meaning BFD is configured on Routers R1 and R2 for detecting failures in the IS-IS network.

Overview of BFD Authentication for IS-IS

BFD enables rapid detection of communication failures between adjacent systems. By

default, authentication for BFD sessions is disabled. However, when running BFD over
Network Layer protocols, the risk of service attacks can be significant. We strongly
recommend using authentication if you are running BFD over multiple hops or through
insecure tunnels. Beginning with Junos OS Release 9.6, the Junos OS supports
authentication for BFD sessions running over IS-IS. BFD authentication is only supported
in the domestic image and is not available in the export image.

You authenticate BFD sessions by specifying an authentication algorithm and keychain,

and then associating that configuration information with a security authentication
keychain using the keychain name.

The following sections describe the supported authentication algorithms, security

keychains, and level of authentication that can be configured:

• BFD Authentication Algorithms on page 364

• Security Authentication Keychains on page 365
• Strict Versus Loose Authentication on page 365

BFD Authentication Algorithms

Junos OS supports the following algorithms for BFD authentication:

• simple-password—Plain-text password. One to 16 bytes of plain text are used to

authenticate the BFD session. One or more passwords may be configured. This method
is the least secure and should be used only when BFD sessions are not subject to packet
interception.

364 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

• meticulous-keyed-md5—Meticulous keyed Message Digest 5 hash algorithm. This

• meticulous-keyed-sha-1—Meticulous keyed Secure Hash Algorithm I. This method

NOTE: Nonstop active routing (NSR) is not supported with

meticulous-keyed-md5 and meticulous-keyed-sha-1 authentication
algorithms. BFD sessions using these algorithms may go down after a
switchover.

Security Authentication Keychains

BFD allows multiple clients per session, and each client can have its own keychain and
algorithm defined. To avoid confusion, we recommend specifying only one security
authentication keychain.

Strict Versus Loose Authentication

Related • Configuring BFD Authentication for IS-IS on page 366

Documentation
• bfd-liveness-detection on page 437 statement

Copyright © 2011, Juniper Networks, Inc. 365

Junos OS 11.4 Routing Protocols Configuration Guide

• authentication-key-chains statement in the Junos OS System Basics Configuration Guide

• show bfd session command in the Junos OS Routing Protocols and Policies Command
Reference

• Configuring BFD for IS-IS on page 356

Configuring BFD Authentication for IS-IS

Beginning with Junos OS Release 9.6, you can configure authentication for BFD sessions
running over IS-IS. Routing instances are also supported. Only three steps are needed to
configure authentication on a BFD session:

1. Specify the BFD authentication algorithm for the IS-IS protocol.

2. Associate the authentication keychain with the IS-IS protocol.

3. Configure the related security authentication keychain.

The following sections provide instructions for configuring and viewing BFD authentication
on IS-IS:

• Configuring BFD Authentication Parameters on page 366

• Viewing Authentication Information for BFD Sessions on page 367

Configuring BFD Authentication Parameters

To configure BFD authentication:

1. Specify the algorithm (keyed-md5, keyed-sha-1, meticulous-keyed-md5,

meticulous-keyed-sha-1, or simple-password) to use for BFD authentication on an
IS-IS route or routing instance.

[edit]
user@host# set protocols isis interface if1-isis bfd-liveness-detection authentication
algorithm keyed-sha-1

NOTE: Nonstop active routing (NSR) is not supported with

meticulous-keyed-md5 and meticulous-keyed-sha-1 authentication
algorithms. BFD sessions using these algorithms may go down after a
switchover.

2. Specify the keychain to be used to associate BFD sessions on the specified IS-IS route
or routing instance with the unique security authentication keychain attributes. This
should match the keychain name configured at the [edit security authentication
key-chains] hierarchy level.

[edit]
user@host# set protocols isis interface if1-isis bfd-liveness-detection authentication
keychain bfd-isis

366 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

NOTE: The algorithm and keychain must be configured on both ends of

the BFD session, and they must match. Any mismatch in configuration
prevents the BFD session from being created.

3. Specify the unique security authentication information for BFD sessions:

• The matching key-chain-name as specified in step 2.

• At least one key, a unique integer between 0 and 63. Creating multiple keys allows
multiple clients to use the BFD session.

• The secret-data used to allow access to the session.

• The time at which the authentication key becomes active, yyyy-mm-dd.hh:mm:ss.

[edit security]
user@host# authentication-key-chains key-chain bfd-sr4 key 53 secret
$9$ggaJDmPQ6/tJgF/AtREVsyPsnCtUHm start-time 2009-06-14.10:00:00

4. (Optional) Specify loose authentication checking if you are transitioning from

nonauthenticated sessions to authenticated sessions.

[edit]
user@host> set protocols isis interface if1-isis bfd-liveness-detection authentication
loose-check

5. (Optional) View your configuration using the show bfd session detail or show bfd
session extensive command.

6. Repeat these steps to configure the other end of the BFD session.

NOTE: BFD authentication is only supported in the domestic image and is

not available in the export image.

Viewing Authentication Information for BFD Sessions

You can view the existing BFD authentication configuration using the show bfd session
detail and show bfd session extensive commands.

The following example shows BFD authentication configured for the if1-isis interface. It
specifies the keyed SHA-1 authentication algorithm and a keychain name of bfd-isis. The
authentication keychain is configured with two keys. Key 1 contains the secret data
“$9$ggaJDmPQ6/tJgF/AtREVsyPsnCtUHm” and a start time of June 1, 2009, at 9:46:02
AM PST. Key 2 contains the secret data “$9$a5jiKW9l.reP38ny.TszF2/9” and a start time
of June 1, 2009, at 3:29:20 PM PST.

[edit protocols isis]

interface if1-isis {
bfd-liveness-detection {
authentication {
algorithm keyed-sha-1;

Copyright © 2011, Juniper Networks, Inc. 367

Junos OS 11.4 Routing Protocols Configuration Guide

key-chain bfd-isis;
}
}
}
[edit security]
authentication key-chains {
key-chain bfd-isis {
key 1 {
secret “$9$ggaJDmPQ6/tJgF/AtREVsyPsnCtUHm”;
start-time “2009-6-1.09:46:02 -0700”;
}
key 2 {
secret “$9$a5jiKW9l.reP38ny.TszF2/9”;
start-time “2009-6-1.15:29:20 -0700”;
}
}
}

show bfd sessions user@host# show bfd session detail

detail
Detect Transmit
Address State Interface Time Interval Multiplier
10.9.1.29 Up ge-4/0/0.0 0.600 0.200 3
Client ISIS L2, TX interval 0.200, RX interval 0.200, multiplier 3, Authenticate

Session up time 3d 00:34, previous down time 00:00:01

Local diagnostic NbrSignal, remote diagnostic AdminDown
Remote state Up, version 1

1 sessions, 1 clients
Cumulative transmit rate 10.0 pps, cumulative receive rate 10.0 pps

show bfd sessions user@host# show bfd session extensive

extensive Detect Transmit
Address State Interface Time Interval Multiplier
10.9.1.29 Up ge-4/0/0.0 0.600 0.200 3
Client ISIS L2, TX interval 0.200, RX interval 0.200, multiplier 3, Authenticate

keychain bfd-isis, algo keyed-sha-1, mode strict

Session up time 00:04:42
Local diagnostic None, remote diagnostic NbrSignal
Remote state Up, version 1
Replicated
Min async interval 0.300, min slow interval 1.000
Adaptive async TX interval 0.300, RX interval 0.300
Local min TX interval 0.300, minimum RX interval 0.300, multiplier 3
Remote min TX interval 0.300, min RX interval 0.300, multiplier 3
Local discriminator 2, remote discriminator 2
Echo mode disabled/inactive
Authentication enabled/active, keychain bfd-isis, algo keyed-sha-1, mode strict

368 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

1 sessions, 1 clients

Cumulative transmit rate 10.0 pps, cumulative receive rate 10.0 pps

Related • Overview of BFD Authentication for IS-IS on page 364

Documentation
• bfd-liveness-detection on page 437

• authentication-key-chains statement in the Junos OS System Basics Configuration Guide

• show bfd session command in the Junos OS Routing Protocols and Policies Command
Reference

• Configuring BFD for IS-IS on page 356

Enabling Packet Checksum on IS-IS Interfaces

You can enable checksum for packets on a per-interface basis. To enable checksum,
include the checksum statement:

checksum;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Configuring the Transmission Frequency for CSNP Packets on IS-IS Interfaces

By default, IS-IS sends complete sequence number (CSN) packets periodically. If the
routing device is the designated router on a LAN, IS-IS sends CSN packets every
10 seconds. If the routing device is on a point-to-point interface, it sends CSN packets
every 5 seconds. You might want to modify the default interval to protect against link-state
PDU (LSP) flooding.

To modify the CSNP interval, include the csnp-interval statement:

csnp-interval seconds;

The time can range from 1 through 65,535 seconds.

To configure the interface not to send any CSN packets, specify the disable option:

csnp-interval disable;

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Configuring Synchronization Between LDP and IS-IS

LDP distributes labels in non-traffic-engineered applications. Labels are distributed along

the best path determined by IS-IS. If the synchronization between LDP and IS-IS is lost,
the label-switched path (LSP) goes down. Therefore, LDP and IS-IS synchronization is
beneficial. When LDP is not fully operational on a given link (a session is not established

Copyright © 2011, Juniper Networks, Inc. 369

Junos OS 11.4 Routing Protocols Configuration Guide

and labels are not exchanged), IS-IS advertises the link with the maximum cost metric.
The link is not preferred but remains in the network topology.

LDP synchronization is supported only on point-to-point interfaces and LAN interfaces

configured as point-to-point interfaces under IS-IS. LDP synchronization is not supported
during graceful restart.

To advertise the maximum cost metric until LDP is operational for LDP synchronization,
include the ldp-synchronization statement:

ldp-synchronization {
disable;
hold-time seconds;
}

To disable synchronization, include the disable statement. To configure the time period
to advertise the maximum cost metric for a link that is not fully operational, include the
hold-time statement.

NOTE: When an interface has been in the holddown state for more than
three minutes, a system log message with a warning level is sent. This
message appears in both the messages file and the trace file.

For a list of hierarchy levels at which you can include these statements, see the statement
summary section for these statements.

Configuring the Transmission Frequency for Link-State PDUs on IS-IS Interfaces

By default, the routing device sends one link-state PDU packet out an interface every
100 milliseconds. To modify this interval, include the lsp-interval statement:

lsp-interval milliseconds;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

To disable the transmission of all link-state PDU packets, set the interval to 0.

Configuring Mesh Groups of IS-IS Interfaces

A mesh group is a set of routing devices that are fully connected; that is, they have a fully
meshed topology. When link-state PDU packets are being flooded throughout an area,
each router within a mesh group receives only a single copy of an link-state PDU packet
instead of receiving one copy from each neighbor, thus minimizing the overhead associated
with the flooding of link-state PDU packets.

To create a mesh group and designate that an interface is part of the group, assign a
mesh-group number to all the routing device interfaces in the group:

mesh-group value;

370 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

To prevent an interface in the mesh group from flooding link-state PDUs, configure
blocking on that interface:

mesh-group blocked;

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Configuring IS-IS Multicast Topology

• IS-IS Multicast Topologies Overview on page 371

• Example: Configuring IS-IS Multicast Topology on page 372

IS-IS Multicast Topologies Overview

Most multicast routing protocols perform a reverse-path forwarding (RPF) check on the
source of multicast data packets. If a packet comes in on the interface that is used to
send data to the source, the packet is accepted and forwarded to one or more
downstream interfaces. Otherwise, the packet is discarded and a notification is sent to
the multicast routing protocol running on the interface.

In certain instances, the unicast routing table used for the RPF check is also the table
used for forwarding unicast data packets. Thus, unicast and multicast routing are
congruent. In other cases, where it is preferred that multicast routing be independent of
unicast routing, the multicast routing protocols are configured to perform the RPF check
using an alternate unicast routing table inet.2.

You can configure IS-IS to calculate an alternate IPv4 multicast topology, in addition to
the normal IPv4 unicast topology, and add the corresponding routes to inet.2. The IS-IS
interface metrics for the multicast topology can be configured independently of the
unicast metrics. You can also selectively disable interfaces from participating in the
multicast topology while continuing to participate in the regular unicast topology. This
lets you exercise control over the paths that multicast data takes through a network so
that it is independent of unicast data paths. You can also configure IS-IS to calculate an
alternate IPv6 multicast topology, in addition to the normal IPv6 unicast topology.

NOTE: IS-IS only starts advertising the routes when the interface routes are
in inet.2.

Table 8 on page 371 lists the various IPv4 statements you can use to configure IS-IS
multicast topologies.

Table 8: IPv4 Statements

Statement Description

ipv4-multicast Enables an alternate IPv4 multicast topology.

ipv4-multicast-metric number Configures the multicast metric for an alternate IPv4 multicast topology.

Copyright © 2011, Juniper Networks, Inc. 371

Junos OS 11.4 Routing Protocols Configuration Guide

Table 8: IPv4 Statements (continued)

Statement Description

no-ipv4-multicast Excludes an interface from the IPv4 multicast topology.

no-unicast-topology Excludes an interface from the IPv4 unicast topologies.

Table 9 on page 372 lists the various IPv6 statements you can use to configure IS-IS
multicast topologies.

Table 9: IPv6 Statements

Statement Description

ipv6-multicast Enables an alternate IPv6 multicast topology.

ipv6-multicast-metric number Configures the multicast metric for an alternate IPv6 multicast topology.

ipv6-unicast-metric number Configures the unicast metric for an alternate IPv6 multicast topology.

no-ipv6-multicast Excludes an interface from the IPv6 multicast topology.

no-ipv6-unicast Excludes an interface from the IPv6 unicast topologies.

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Example: Configuring IS-IS Multicast Topology

This example shows how to configure multicast topology for an IS-IS network.

• Requirements on page 372

• Overview on page 373
• Configuration on page 373
• Verification on page 378

Requirements

Before you begin, configure IS-IS on all routers. See “Minimum IS-IS Configuration” on
page 347 for information about the required IS-IS configuration.

This example uses the following hardware and software components:

• Junos OS Release 7.3 or later

• M Series, MX Series, and T Series routers

372 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

Overview

This example shows an IS-IS multicast topology configuration. Three routers are
connected to each other. A loopback interface is configured on each router.

Figure 9 on page 373 shows the sample network.

Figure 9: Configuring IS-IS Multicast Topology

Configuration

Router R1

set protocols isis traceoptions file isis size 5m world-readable

set protocols isis traceoptions flag error
set protocols isis topologies ipv4-multicast
set protocols isis interface so-0/0/0 level 1 metric 15
set protocols isis interface so-0/0/0 level 1 ipv4-multicast-metric 18
set protocols isis interface so-0/0/0 level 2 metric 20
set protocols isis interface so-0/0/0 level 2 ipv4-multicast-metric 14
set protocols isis interface so-1/0/0 level 1 metric 13
set protocols isis interface so-1/0/0 level 1 ipv4-multicast-metric 12
set protocols isis interface so-1/0/0 level 2 metric 29
set protocols isis interface so-1/0/0 level 2 ipv4-multicast-metric 23
set protocols isis interface so-0/0/1 no-ipv4-multicast
set protocols isis interface so-0/0/1 level 1 metric 14

Copyright © 2011, Juniper Networks, Inc. 373

Junos OS 11.4 Routing Protocols Configuration Guide

set protocols isis interface so-0/0/1 level 2 metric 23

set protocols isis interface fxp0.0 disable

Router R2

set protocols isis traceoptions file isis size 5m world-readable

set protocols isis traceoptions flag error
set protocols isis topologies ipv4-multicast
set protocols isis interface so-0/0/0 level 1 metric 13
set protocols isis interface so-0/0/0 level 1 ipv4-multicast-metric 12
set protocols isis interface so-0/0/0 level 2 metric 29
set protocols isis interface so-0/0/0 level 2 ipv4-multicast-metric 23
set protocols isis interface so-1/0/0 level 1 metric 14
set protocols isis interface so-1/0/0 level 1 ipv4-multicast-metric 18
set protocols isis interface so-1/0/0 level 2 metric 32
set protocols isis interface so-1/0/0 level 2 ipv4-multicast-metric 26
set protocols isis interface so-0/0/1 no-ipv4-multicast
set protocols isis interface so-0/0/1 no-ipv6-unicast
set protocols isis interface so-0/0/1 level 1 metric 17
set protocols isis interface so-0/0/1 level 2 metric 26
set protocols isis interface fxp0.0 disable

Router R3

set protocols isis traceoptions file isis size 5m world-readable

set protocols isis traceoptions flag error
set protocols isis topologies ipv4-multicast
set protocols isis interface so-0/0/0 level 1 metric 19
set protocols isis interface so-0/0/0 level 1 ipv4-multicast-metric 11
set protocols isis interface so-0/0/0 level 2 metric 27
set protocols isis interface so-0/0/0 level 2 ipv4-multicast-metric 21
set protocols isis interface so-1/0/0 level 1 metric 16
set protocols isis interface so-1/0/0 level 1 ipv4-multicast-metric 26
set protocols isis interface so-1/0/0 level 2 metric 30
set protocols isis interface so-1/0/0 level 2 ipv4-multicast-metric 20
set protocols isis interface so-0/0/1 no-ipv4-multicast
set protocols isis interface so-0/0/1 level 1 metric 20
set protocols isis interface so-0/0/1 level 2 metric 29
set protocols isis interface fxp0.0 disable

The following example requires you to navigate various levels in the configuration
hierarchy. For information about navigating the CLI, see the Junos OS CLI User Guide.

To configure IS-IS multicast topologies:

1. Enable the multicast topology for IS-IS by using the ipv4-multicast statement.

Routers R1, R2, and R3

[edit protocols isis]

user@host# set traceoptions file isis size 5m world-readable
user@host# set traceoptions flag error
user@host# set topologies ipv4-multicast

2. Enable multicast metrics on the first sonet Interface by using the ipv4-multicast-metric
statement.

Router R1

374 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

[edit protocols isis interface so-0/0/0 ]

user@R1# set level 1 metric 15
user@R1# set level 1 ipv4-multicast-metric 18
user@R1# set level 2 metric 20
user@R1# set level 2 ipv4-multicast-metric 14

Router R2

[edit protocols isis interface so-0/0/0]

user@R2# set level 1 metric 13
user@R2# set level 1 ipv4-multicast-metric 12
user@R2# set level 2 metric 29
user@R2# set level 2 ipv4-multicast-metric 23

Router R3

[edit protocols isis interface so-0/0/0]

user@R3# set level 1 metric 19
user@R3# set level 1 ipv4-multicast-metric 11
user@R3# set level 2 metric 27
user@R3# set level 2 ipv4-multicast-metric 21

3. Enable multicast metrics on a second sonet Interface by using the ipv4-multicast-metric

statement.

Router R1

[edit protocols isis interface so-1/0/0]

user@R1# set level 1 metric 13
user@R1# set level 1 ipv4-multicast-metric 12
user@R1# set level 2 metric 29
user@R1# set level 2 ipv4-multicast-metric 23

Router R2

[edit protocols isis interface so-1/0/0]

user@R2# set level 1 metric 14
user@R2# set level 1 ipv4-multicast-metric 18
user@R2# set level 2 metric 32
user@R2# set level 2 ipv4-multicast-metric 26

Router R3

[edit protocols isis interface so-1/0/0]

user@R3# set level 1 metric 16
user@R3# set level 1 ipv4-multicast-metric 26
user@R3# set level 2 metric 30
user@R3# set level 2 ipv4-multicast-metric 20

4. Disable IPv4 multicast topology on a third sonet interface by using the

no-ipv4-multicast statement.

Router R1

[edit protocols isis interface so-0/0/1]

user@R1# set no-ipv4-multicast
user@R1# set level 1 metric 14
user@R1# set level 2 metric 23

Router R2

Copyright © 2011, Juniper Networks, Inc. 375

Junos OS 11.4 Routing Protocols Configuration Guide

[edit protocols isis interface so-0/0/1]

user@R2# set no-ipv4-multicast
user@R2# set level 1 metric 17
user@R2# set level 2 metric 26

Router R3

[edit protocols isis interface so-0/0/1]

user@R3# set no-ipv4-multicast
user@R3# set level 1 metric 20
user@R3# set level 2 metric 29

5. Disable the out-of-band management port, fxp0.

Routers R1, R2, and R3

[edit protocols isis]

user@host# set interface fxp0.0 disable

6. If you are done configuring the routers, commit the configuration.

Routers R1, R2, and R3

[edit]
user@host# commit

Results Confirm your configuration by using the show protocols isis statement.

Router R1

user@R1# show protocols isis

traceoptions {
file isis size 5m world-readable;
flag error;
}
topologies ipv4-multicast;
interface so-0/0/0 {
level 1 {
metric 15;
ipv4-multicast-metric 18;
}
level 2 {
metric 20;
ipv4-multicast-metric 14;
}
}
interface so-1/0/0 {
level 1 {
metric 15;
ipv4-multicast-metric 17;
}
level 2 {
metric 31;
ipv4-multicast-metric 22;
}
}
interface fxp0.0 {
disable;
}

Router R2

376 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

user@R2# show protocols isis

traceoptions {
file isis size 5m world-readable;
flag error;
}
topologies ipv4-multicast;
interface so-0/0/0 {
level 1 {
metric 13;
ipv4-multicast-metric 12;
}
level 2 {
metric 29;
ipv4-multicast-metric 23;
}
}
interface so-1/0/0 {
level 1 {
metric 14;
ipv4-multicast-metric 18;
}
level 2 {
metric 32;
ipv4-multicast-metric 26;
}
}
interface fxp0.0 {
disable;
}

Router R3

user@R3# show protocols isis

traceoptions {
file isis size 5m world-readable;
flag error;
}
topologies ipv4-multicast;
interface so-0/0/0 {
level 1 {
metric 19;
ipv4-multicast-metric 11;
}
level 2 {
metric 27;
ipv4-multicast-metric 21;
}
}
interface so-1/0/0 {
level 1 {
metric 16;
ipv4-multicast-metric 26;
}
level 2 {
metric 30;
ipv4-multicast-metric 20;
}
}
interface fxp0.0 {

Copyright © 2011, Juniper Networks, Inc. 377

Junos OS 11.4 Routing Protocols Configuration Guide

disable;
}

Verification

Confirm that the configuration is working properly.

• Verifying the Connection Between Routers R1, R2, and R3 on page 378
• Verifying That IS-IS Is Configured on page 379
• Verifying the Configured Multicast Metric Values on page 381
• Verifying the Configuration of Multicast Topology on page 382

Verifying the Connection Between Routers R1, R2, and R3

Purpose Make sure that Routers R1, R2, and R3 are connected to each other.

Action Ping the other two routers from any router, to check the connectivity between the three
routers as per the network topology.

user@R1> ping 10.0.3.9

PING 10.0.3.9 (10.0.3.9): 56 data bytes

64 bytes from 10.0.3.9: icmp_seq=0 ttl=64 time=1.299 ms
64 bytes from 10.0.3.9: icmp_seq=1 ttl=64 time=52.304 ms
64 bytes from 10.0.3.9: icmp_seq=2 ttl=64 time=1.271 ms
64 bytes from 10.0.3.9: icmp_seq=3 ttl=64 time=1.343 ms
64 bytes from 10.0.3.9: icmp_seq=4 ttl=64 time=1.434 ms
64 bytes from 10.0.3.9: icmp_seq=5 ttl=64 time=1.306 ms
^C
--- 10.0.3.9 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.271/9.826/52.304/18.997 ms

user@R1> ping 10.0.3.10

PING 10.0.3.10 (10.0.3.10): 56 data bytes

64 bytes from 10.0.3.10: icmp_seq=0 ttl=64 time=1.431 ms
64 bytes from 10.0.3.10: icmp_seq=1 ttl=64 time=1.296 ms
64 bytes from 10.0.3.10: icmp_seq=2 ttl=64 time=1.887 ms
^C
--- 10.0.3.10 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.296/1.538/1.887/0.253 ms

user@R2> ping 10.0.2.9

PING 10.0.2.9 (10.0.2.9): 56 data bytes

64 bytes from 10.0.2.9: icmp_seq=0 ttl=64 time=1.365 ms
64 bytes from 10.0.2.9: icmp_seq=1 ttl=64 time=1.813 ms
64 bytes from 10.0.2.9: icmp_seq=2 ttl=64 time=1.290 ms
^C
--- 10.0.2.9 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.290/1.489/1.813/0.231 ms

user@R2> ping 10.0.2.10

378 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

PING 10.0.2.10 (10.0.2.10): 56 data bytes

64 bytes from 10.0.2.10: icmp_seq=0 ttl=63 time=1.318 ms
64 bytes from 10.0.2.10: icmp_seq=1 ttl=63 time=1.394 ms
64 bytes from 10.0.2.10: icmp_seq=2 ttl=63 time=1.366 ms
64 bytes from 10.0.2.10: icmp_seq=3 ttl=63 time=1.305 ms
^C
--- 10.0.2.10 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.305/1.346/1.394/0.036 ms

user@R3> ping 10.0.1.10

PING 10.0.1.10 (10.0.1.10): 56 data bytes

64 bytes from 10.0.1.10: icmp_seq=0 ttl=63 time=1.316 ms
64 bytes from 10.0.1.10: icmp_seq=1 ttl=63 time=1.418 ms
64 bytes from 10.0.1.10: icmp_seq=2 ttl=63 time=1.277 ms
^C
--- 10.0.1.10 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.277/1.337/1.418/0.059 ms

user@R3> ping 10.0.1.9

PING 10.0.1.9 (10.0.1.9): 56 data bytes

64 bytes from 10.0.1.9: icmp_seq=0 ttl=64 time=1.381 ms
64 bytes from 10.0.1.9: icmp_seq=1 ttl=64 time=1.499 ms
64 bytes from 10.0.1.9: icmp_seq=2 ttl=64 time=1.300 ms
64 bytes from 10.0.1.9: icmp_seq=3 ttl=64 time=1.397 ms
^C
--- 10.0.1.9 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.300/1.394/1.499/0.071 ms

Meaning Routers R1, R2, and R3 have a peer relationship with each other.

Verifying That IS-IS Is Configured

Purpose Make sure that the IS-IS instance is running on Routers R1, R2, and R3, and that they are
adjacent to each other.

Action Use the show isis adjacency detail statement to check the adjacency between the routers.

Router R1

user@R1> show isis adjacency detail

R2
Interface: so-0/0/0, Level: 1, State: Up, Expires in 8 secs
Priority: 64, Up/Down transitions: 1, Last transition: 2d 19:23:59 ago
Circuit type: 3, Speaks: IP, MAC address: 0:1b:c0:86:54:bd
Topologies: IPV4-Multicast
Restart capable: Yes, Adjacency advertisement: Advertise
LAN id: R2.02, IP addresses: 10.0.1.10

R2
Interface: so-0/0/0, Level: 2, State: Up, Expires in 8 secs
Priority: 64, Up/Down transitions: 1, Last transition: 2d 19:23:58 ago
Circuit type: 3, Speaks: IP, MAC address: 0:1b:c0:86:54:bd

Copyright © 2011, Juniper Networks, Inc. 379

Junos OS 11.4 Routing Protocols Configuration Guide

Topologies: IPV4-Multicast
Restart capable: Yes, Adjacency advertisement: Advertise
LAN id: R2.02, IP addresses: 10.0.1.10

R3
Interface: so-1/0/0, Level: 1, State: Up, Expires in 7 secs
Priority: 64, Up/Down transitions: 1, Last transition: 2d 19:24:20 ago
Circuit type: 3, Speaks: IP, MAC address: 0:1b:c0:86:54:bd
Topologies: IPV4-Multicast
Restart capable: Yes, Adjacency advertisement: Advertise
LAN id: R3.02, IP addresses: 10.0.2.10

R3
Interface: so-1/0/0, Level: 2, State: Up, Expires in 6 secs
Priority: 64, Up/Down transitions: 1, Last transition: 2d 19:24:20 ago
Circuit type: 3, Speaks: IP, MAC address: 0:1b:c0:86:54:bd
Topologies: IPV4-Multicast
Restart capable: Yes, Adjacency advertisement: Advertise
LAN id: R3.02, IP addresses: 10.0.2.10

Router R2

user@R2> show isis adjacency detail

R1
Interface: so-0/0/0, Level: 1, State: Up, Expires in 20 secs
Priority: 64, Up/Down transitions: 1, Last transition: 2d 19:27:50 ago
Circuit type: 3, Speaks: IP, MAC address: 0:1b:c0:86:54:bc
Topologies: IPV4-Multicast
Restart capable: Yes, Adjacency advertisement: Advertise
LAN id: R2.02, IP addresses: 10.0.1.9

R1
Interface: so-0/0/0, Level: 2, State: Up, Expires in 26 secs
Priority: 64, Up/Down transitions: 1, Last transition: 2d 19:27:50 ago
Circuit type: 3, Speaks: IP, MAC address: 0:1b:c0:86:54:bc
Topologies: IPV4-Multicast
Restart capable: Yes, Adjacency advertisement: Advertise
LAN id: R2.02, IP addresses: 10.0.1.9

R3
Interface: so-1/0/0, Level: 1, State: Up, Expires in 8 secs
Priority: 64, Up/Down transitions: 1, Last transition: 2d 19:27:22 ago
Circuit type: 3, Speaks: IP, MAC address: 0:1b:c0:86:54:bd
Topologies: IPV4-Multicast
Restart capable: Yes, Adjacency advertisement: Advertise
LAN id: R3.03, IP addresses: 10.0.3.10

R3
Interface: so-1/0/0, Level: 2, State: Up, Expires in 8 secs
Priority: 64, Up/Down transitions: 1, Last transition: 2d 19:27:22 ago
Circuit type: 3, Speaks: IP, MAC address: 0:1b:c0:86:54:bd
Topologies: IPV4-Multicast
Restart capable: Yes, Adjacency advertisement: Advertise
LAN id: R3.03, IP addresses: 10.0.3.10

Router R3

user@R3> show isis adjacency detail

R2
Interface: so-0/0/0, Level: 1, State: Up, Expires in 18 secs

380 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

Priority: 64, Up/Down transitions: 1, Last transition: 2d 19:33:09 ago

Circuit type: 3, Speaks: IP, MAC address: 0:1b:c0:86:54:bc
Topologies: IPV4-Multicast
Restart capable: Yes, Adjacency advertisement: Advertise
LAN id: R3.03, IP addresses: 10.0.3.9

R2
Interface: so-0/0/0, Level: 2, State: Up, Expires in 22 secs
Priority: 64, Up/Down transitions: 1, Last transition: 2d 19:33:09 ago
Circuit type: 3, Speaks: IP, MAC address: 0:1b:c0:86:54:bc
Topologies: IPV4-Multicast
Restart capable: Yes, Adjacency advertisement: Advertise
LAN id: R3.03, IP addresses: 10.0.3.9

R1
Interface: so-1/0/0, Level: 1, State: Up, Expires in 21 secs
Priority: 64, Up/Down transitions: 1, Last transition: 2d 19:33:59 ago
Circuit type: 3, Speaks: IP, MAC address: 0:1b:c0:86:54:bc
Topologies: IPV4-Multicast
Restart capable: Yes, Adjacency advertisement: Advertise
LAN id: R3.02, IP addresses: 10.0.2.9

R1
Interface: so-1/0/0, Level: 2, State: Up, Expires in 19 secs
Priority: 64, Up/Down transitions: 1, Last transition: 2d 19:33:59 ago
Circuit type: 3, Speaks: IP, MAC address: 0:1b:c0:86:54:bc
Topologies: IPV4-Multicast
Restart capable: Yes, Adjacency advertisement: Advertise
LAN id: R3.02, IP addresses: 10.0.2.9

Meaning IS-IS is configured on Routers R1, R2, and R3 and they are adjacent to each other.

Verifying the Configured Multicast Metric Values

Purpose Make sure that the SPF calculations are accurate as per the configured multicast metric
values on Routers R1, R2, and R3.

Action Use the show isis spf results statement to check the SPF calculations for the network.

Router R1

user@R1> show isis spf results

...
IPV4 Multicast IS-IS level 1 SPF results:
Node Metric Interface NH Via SNPA
R3.03 28 so-1/0/0 IPV4 R3 0:1b:c0:86:54:bd
R2.00 18 so-0/0/0 IPV4 R2 0:1b:c0:86:54:bd
R3.00 17 so-1/0/0 IPV4 R3 0:1b:c0:86:54:bd
R1.00 0
4 nodes

IPV4 Multicast IS-IS level 2 SPF results:

Node Metric Interface NH Via SNPA
R3.03 40 so-0/0/0 IPV4 R2 0:1b:c0:86:54:bd
R3.00 22 so-1/0/0 IPV4 R3 0:1b:c0:86:54:bd
R2.00 14 so-0/0/0 IPV4 R2 0:1b:c0:86:54:bd
R1.00 0
4 nodes

Copyright © 2011, Juniper Networks, Inc. 381

Junos OS 11.4 Routing Protocols Configuration Guide

Router R2

user@R2> show isis spf results

...
IPV4 Multicast IS-IS level 1 SPF results:
Node Metric Interface NH Via SNPA
R3.02 29 so-0/0/0 IPV4 R1 0:1b:c0:86:54:bc
R3.00 18 so-1/0/0 IPV4 R3 0:1b:c0:86:54:bd
R1.00 12 so-0/0/0 IPV4 R1 0:1b:c0:86:54:bc
R2.02 12
R2.00 0
5 nodes

IPV4 Multicast IS-IS level 2 SPF results:

Node Metric Interface NH Via SNPA
R3.02 45 so-0/0/0 IPV4 R1 0:1b:c0:86:54:bc
R3.00 26 so-1/0/0 IPV4 R3 0:1b:c0:86:54:bd
R1.00 23 so-0/0/0 IPV4 R1 0:1b:c0:86:54:bc
R2.02 23
R2.00 0
5 nodes

Router R3

user@R3> show isis spf results

...
IPV4 Multicast IS-IS level 1 SPF results:
Node Metric Interface NH Via SNPA
R3.02 26
R1.00 23 so-0/0/0 IPV4 R2 0:1b:c0:86:54:bc
R2.02 23 so-0/0/0 IPV4 R2 0:1b:c0:86:54:bc
R2.00 11 so-0/0/0 IPV4 R2 0:1b:c0:86:54:bc
R3.03 11
R3.00 0
6 nodes

IPV4 Multicast IS-IS level 2 SPF results:

Node Metric Interface NH Via SNPA
R2.02 34 so-1/0/0 IPV4 R1 0:1b:c0:86:54:bc
R2.00 21 so-0/0/0 IPV4 R2 0:1b:c0:86:54:bc
R3.03 21
R1.00 20 so-1/0/0 IPV4 R1 0:1b:c0:86:54:bc
R3.02 20
R3.00 0
6 nodes

Meaning The configured multicast metric values are used in SPF calculations for the IS-IS network.

Verifying the Configuration of Multicast Topology

Purpose Make sure that multicast topology is configured on Routers R1, R2, and R3.

Action Use the show isis database detail statement to verify the multicast topology configuration
on the routers.

Router R1

user@R1> show isis database detail

IS-IS level 1 link-state database:

382 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

R1.00-00 Sequence: 0x142, Checksum: 0xd07, Lifetime: 663 secs

IPV4 Unicast IS neighbor: R2.02 Metric: 15
IPV4 Unicast IS neighbor: R3.02 Metric: 15
IPV4 Multicast IS neighbor: R2.02 Metric: 18
IPV4 Multicast IS neighbor: R3.02 Metric: 17
IP IPV4 Unicast prefix: 10.0.1.8/30 Metric: 15 Internal Up
IP IPV4 Unicast prefix: 10.0.2.8/30 Metric: 15 Internal Up

R2.00-00 Sequence: 0x13f, Checksum: 0xf02b, Lifetime: 883 secs

IPV4 Unicast IS neighbor: R2.02 Metric: 13
IPV4 Unicast IS neighbor: R3.03 Metric: 14
IPV4 Multicast IS neighbor: R2.02 Metric: 12
IPV4 Multicast IS neighbor: R3.03 Metric: 18
IP IPV4 Unicast prefix: 10.0.1.8/30 Metric: 13 Internal Up
IP IPV4 Unicast prefix: 10.0.3.8/30 Metric: 14 Internal Up

R2.02-00 Sequence: 0x13c, Checksum: 0x57e2, Lifetime: 913 secs

IPV4 Unicast IS neighbor: R1.00 Metric: 0
IPV4 Unicast IS neighbor: R2.00 Metric: 0

R3.00-00 Sequence: 0x13c, Checksum: 0xc8de, Lifetime: 488 secs

IPV4 Unicast IS neighbor: R3.02 Metric: 16
IPV4 Unicast IS neighbor: R3.03 Metric: 19
IPV4 Multicast IS neighbor: R3.02 Metric: 26
IPV4 Multicast IS neighbor: R3.03 Metric: 11
IP IPV4 Unicast prefix: 10.0.2.8/30 Metric: 16 Internal Up
IP IPV4 Unicast prefix: 10.0.3.8/30 Metric: 19 Internal Up

R3.02-00 Sequence: 0x139, Checksum: 0xfb0e, Lifetime: 625 secs

IPV4 Unicast IS neighbor: R1.00 Metric: 0
IPV4 Unicast IS neighbor: R3.00 Metric: 0

R3.03-00 Sequence: 0x138, Checksum: 0xad56, Lifetime: 714 secs

IPV4 Unicast IS neighbor: R2.00 Metric: 0
IPV4 Unicast IS neighbor: R3.00 Metric: 0

IS-IS level 2 link-state database:

R1.00-00 Sequence: 0x142, Checksum: 0x2c7c, Lifetime: 816 secs

IPV4 Unicast IS neighbor: R2.02 Metric: 20
IPV4 Unicast IS neighbor: R3.02 Metric: 31
IPV4 Multicast IS neighbor: R2.02 Metric: 14
IPV4 Multicast IS neighbor: R3.02 Metric: 22
IP IPV4 Unicast prefix: 10.0.1.8/30 Metric: 20 Internal Up
IP IPV4 Unicast prefix: 10.0.2.8/30 Metric: 31 Internal Up
IP IPV4 Unicast prefix: 10.0.3.8/30 Metric: 29 Internal Up

R2.00-00 Sequence: 0x13f, Checksum: 0x4826, Lifetime: 966 secs

IPV4 Unicast IS neighbor: R2.02 Metric: 29
IPV4 Unicast IS neighbor: R3.03 Metric: 32
IPV4 Multicast IS neighbor: R2.02 Metric: 23
IPV4 Multicast IS neighbor: R3.03 Metric: 26
IP IPV4 Unicast prefix: 10.0.1.8/30 Metric: 29 Internal Up
IP IPV4 Unicast prefix: 10.0.2.8/30 Metric: 28 Internal Up
IP IPV4 Unicast prefix: 10.0.3.8/30 Metric: 32 Internal Up

R2.02-00 Sequence: 0x13c, Checksum: 0x57e2, Lifetime: 966 secs

IPV4 Unicast IS neighbor: R1.00 Metric: 0
IPV4 Unicast IS neighbor: R2.00 Metric: 0

Copyright © 2011, Juniper Networks, Inc. 383

Junos OS 11.4 Routing Protocols Configuration Guide

R3.00-00 Sequence: 0x13d, Checksum: 0x1b19, Lifetime: 805 secs

IPV4 Unicast IS neighbor: R3.02 Metric: 30
IPV4 Unicast IS neighbor: R3.03 Metric: 27
IPV4 Multicast IS neighbor: R3.02 Metric: 20
IPV4 Multicast IS neighbor: R3.03 Metric: 21
IP IPV4 Unicast prefix: 10.0.1.8/30 Metric: 31 Internal Up
IP IPV4 Unicast prefix: 10.0.2.8/30 Metric: 30 Internal Up
IP IPV4 Unicast prefix: 10.0.3.8/30 Metric: 27 Internal Up

R3.02-00 Sequence: 0x139, Checksum: 0xfb0e, Lifetime: 844 secs

IPV4 Unicast IS neighbor: R1.00 Metric: 0
IPV4 Unicast IS neighbor: R3.00 Metric: 0

R3.03-00 Sequence: 0x139, Checksum: 0xab57, Lifetime: 844 secs

IPV4 Unicast IS neighbor: R2.00 Metric: 0
IPV4 Unicast IS neighbor: R3.00 Metric: 0

Router R2

user@R2> show isis database detail

IS-IS level 1 link-state database:

R1.00-00 Sequence: 0x142, Checksum: 0xd07, Lifetime: 524 secs

R2.00-00 Sequence: 0x13f, Checksum: 0xf02b, Lifetime: 748 secs

R2.02-00 Sequence: 0x13c, Checksum: 0x57e2, Lifetime: 777 secs

IPV4 Unicast IS neighbor: R1.00 Metric: 0
IPV4 Unicast IS neighbor: R2.00 Metric: 0

R3.00-00 Sequence: 0x13d, Checksum: 0xc6df, Lifetime: 1102 secs

R3.02-00 Sequence: 0x139, Checksum: 0xfb0e, Lifetime: 488 secs

IPV4 Unicast IS neighbor: R1.00 Metric: 0
IPV4 Unicast IS neighbor: R3.00 Metric: 0

R3.03-00 Sequence: 0x138, Checksum: 0xad56, Lifetime: 577 secs

IPV4 Unicast IS neighbor: R2.00 Metric: 0
IPV4 Unicast IS neighbor: R3.00 Metric: 0

IS-IS level 2 link-state database:

R1.00-00 Sequence: 0x142, Checksum: 0x2c7c, Lifetime: 676 secs

384 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

IPV4 Unicast IS neighbor: R2.02 Metric: 20

IPV4 Unicast IS neighbor: R3.02 Metric: 31
IPV4 Multicast IS neighbor: R2.02 Metric: 14
IPV4 Multicast IS neighbor: R3.02 Metric: 22
IP IPV4 Unicast prefix: 10.0.1.8/30 Metric: 20 Internal Up
IP IPV4 Unicast prefix: 10.0.2.8/30 Metric: 31 Internal Up
IP IPV4 Unicast prefix: 10.0.3.8/30 Metric: 29 Internal Up

R2.00-00 Sequence: 0x13f, Checksum: 0x4826, Lifetime: 831 secs

R2.02-00 Sequence: 0x13c, Checksum: 0x57e2, Lifetime: 831 secs

IPV4 Unicast IS neighbor: R1.00 Metric: 0
IPV4 Unicast IS neighbor: R2.00 Metric: 0

R3.00-00 Sequence: 0x13d, Checksum: 0x1b19, Lifetime: 667 secs

R3.02-00 Sequence: 0x139, Checksum: 0xfb0e, Lifetime: 707 secs

IPV4 Unicast IS neighbor: R1.00 Metric: 0
IPV4 Unicast IS neighbor: R3.00 Metric: 0

R3.03-00 Sequence: 0x139, Checksum: 0xab57, Lifetime: 707 secs

IPV4 Unicast IS neighbor: R2.00 Metric: 0
IPV4 Unicast IS neighbor: R3.00 Metric: 0

Router R3

user@R3> show isis database detail

IS-IS level 1 link-state database:

R1.00-00 Sequence: 0x143, Checksum: 0xb08, Lifetime: 1155 secs

R2.00-00 Sequence: 0x13f, Checksum: 0xf02b, Lifetime: 687 secs

R2.02-00 Sequence: 0x13c, Checksum: 0x57e2, Lifetime: 716 secs

IPV4 Unicast IS neighbor: R1.00 Metric: 0

Copyright © 2011, Juniper Networks, Inc. 385

Junos OS 11.4 Routing Protocols Configuration Guide

IPV4 Unicast IS neighbor: R2.00 Metric: 0

R3.00-00 Sequence: 0x13d, Checksum: 0xc6df, Lifetime: 1044 secs

R3.02-00 Sequence: 0x139, Checksum: 0xfb0e, Lifetime: 430 secs

IPV4 Unicast IS neighbor: R1.00 Metric: 0
IPV4 Unicast IS neighbor: R3.00 Metric: 0

R3.03-00 Sequence: 0x138, Checksum: 0xad56, Lifetime: 519 secs

IPV4 Unicast IS neighbor: R2.00 Metric: 0
IPV4 Unicast IS neighbor: R3.00 Metric: 0

IS-IS level 2 link-state database:

R1.00-00 Sequence: 0x142, Checksum: 0x2c7c, Lifetime: 617 secs

R2.00-00 Sequence: 0x13f, Checksum: 0x4826, Lifetime: 769 secs

R2.02-00 Sequence: 0x13c, Checksum: 0x57e2, Lifetime: 769 secs

IPV4 Unicast IS neighbor: R1.00 Metric: 0
IPV4 Unicast IS neighbor: R2.00 Metric: 0

R3.00-00 Sequence: 0x13d, Checksum: 0x1b19, Lifetime: 610 secs

R3.02-00 Sequence: 0x139, Checksum: 0xfb0e, Lifetime: 649 secs

IPV4 Unicast IS neighbor: R1.00 Metric: 0
IPV4 Unicast IS neighbor: R3.00 Metric: 0

R3.03-00 Sequence: 0x139, Checksum: 0xab57, Lifetime: 649 secs

IPV4 Unicast IS neighbor: R2.00 Metric: 0
IPV4 Unicast IS neighbor: R3.00 Metric: 0

Meaning Multicast topology is configured on routers R1, R2, and R3.

386 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

Configuring IS-IS IPv6 Unicast Topologies

You can configure IS-IS to calculate an alternate IPv6 unicast topology, in addition to
the normal IPv4 unicast topology, and add the corresponding routes to inet6.0. The IS-IS
interface metrics for the IPv4 topology can be configured independently of the IPv6
metrics. You can also selectively disable interfaces from participating in the IPv6 topology
while continuing to participate in the IPv4 topology. This lets you exercise control over
the paths that unicast data takes through a network.

To enable an alternate IPv6 unicast topology for IS-IS, include the ipv6-unicast statement:

isis {
topologies {
ipv6-unicast;
}
}

To configure a metric for an alternate IPv6 unicast topology, include the

ipv6-unicast-metric statement:

isis {
interface interface-name {
level level-number {
ipv6-unicast-metric number;
}
}
}

To exclude an interface from the IPv6 unicast topologies for IS-IS, include the
no-ipv6-unicast statement:

isis {
interface interface-name {
no-ipv6-unicast;
}
}

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Configuring Point-to-Point Interfaces for IS-IS

You can use the point-to-point statement to configure a LAN interface to act like a
point-to-point interface for IS-IS. You do not need an unnumbered LAN interface, and it
has no effect if configured on an interface that is already point-to-point.

The point-to-point statement affects only IS-IS protocol procedures on that interface;
all other protocols continue to treat the interface as a LAN interface. Only two IS-IS
routing devices can be connected to the LAN interface and both must be configured as
point-to-point.

To configure a point-to-point IS-IS interface, include the point-to-point statement:

point-to-point;

Copyright © 2011, Juniper Networks, Inc. 387

Junos OS 11.4 Routing Protocols Configuration Guide

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Configuring Levels on IS-IS Interfaces

You can administratively divide a single AS into smaller groups called areas. You configure
each routing device interface to be in an area. Any interface can be in any area. The area
address applies to the entire routing device; you cannot specify one interface to be in one
area and another interface in a different area. In order to route between areas you must
have two adjacent Level 2 routers that communicate with each other.

Level 1 routers can only route within their IS-IS area. To send traffic outside their area,
Level 1 routers must send packets to the nearest intra-area Level 2 router. A routing device
can be a Level 1 router, a Level 2 router, or both. You specify the router level on a
per-interface basis, and a routing device becomes adjacent with other routing devices
on the same level on that link only.

You can configure one Level 1 routing process and one Level 2 routing process on each
interface, and you can configure the two levels differently.

To configure an area, include the level statement:

level level-number {
disable;
hello-authentication-key key;
hello-authentication-key-chain key-chain-name;
hello-authentication-type authentication;
hello-interval seconds;
hold-time seconds;
ipv4-multicast-metric number;
ipv6-multicast-metric number;
ipv6-unicast-metric number;
metric metric;
passive;
priority number;
te-metric metric;
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

The statements within the level statement allow you to perform the following tasks when
configuring the following optional level-specific properties:

• Disabling IS-IS at a Level on IS-IS Interfaces on page 389

• Advertising Interface Addresses Without Running IS-IS on page 389
• Configuring Authentication for IS-IS Hello Packets on page 390
• Configuring the Transmission Frequency for IS-IS Hello Packets on page 390
• Configuring the Delay Before IS-IS Neighbors Mark the Routing Device as
Down on page 391
• Configuring the Metric Value for IS-IS Routes on page 391

388 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

• Configuring the IS-IS Metric Value Used for Traffic Engineering on page 391
• Configuring the Designated Router Priority for IS-IS on page 391
• Advertising Interface Addresses Without Running IS-IS on page 392

Disabling IS-IS at a Level on IS-IS Interfaces

By default, IS-IS is enabled for IS-IS areas on all enabled interfaces on which the ISO
protocol family is enabled (at the [edit interfaces interface unit logical-unit-number]
hierarchy level). To disable IS-IS at any particular level on an interface, include the disable
statement:

disable;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Enabling IS-IS on an interface (by including the interface statement at the [edit protocols
isis] hierarchy level), disabling it (by including the disable statement), and not actually
having IS-IS run on an interface (by including the passive statement) are mutually
exclusive states.

Example: Disabling IS-IS at a Level

On SONET/SDH interface so-0/0/0, enable IS-IS for Level 1 only. With this configuration,
tracing messages periodically indicate that IS-IS is creating Level 2 link-state PDUs.
However, because IS-IS for Level 2 is disabled, these link-state PDUs are never distributed
to neighboring routers.

protocols {
isis {
traceoptions {
file isis size 1m files 10;
flag spf;
flag lsp;
flag error;
}
interface so-0/0/0 {
level 2 {
disable;
}
}
}
}

Advertising Interface Addresses Without Running IS-IS

By default, IS-IS must be configured on an interface or a level for direct interface addresses
to be advertised into that level. To advertise the direct interface addresses without
actually running IS-IS on that interface or level, include the passive statement:

passive;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Copyright © 2011, Juniper Networks, Inc. 389

Junos OS 11.4 Routing Protocols Configuration Guide

Enabling IS-IS on an interface (by including the interface statement at the [edit protocols
isis] hierarchy level), disabling it (by including the interface disable statement), and not
actually having IS-IS run on an interface (by including the passive statement) are mutually
exclusive states.

NOTE: If neither passive mode nor family ISO are configured on the IS-IS
interface, then the routing device treats the interface as not being operational
and no direct IPv4/IPv6 routes are exported into IS-IS.

Configuring Authentication for IS-IS Hello Packets

You can configure authentication for a given IS-IS level on an interface. On a point-to-point
link, if you enable hello authentication for both IS-IS levels, the password configured for
Level 1 is used for both levels.

CAUTION: If no authentication is configured for Level 1 on a point-to-point

link with both levels enabled, the hello packets are sent without any password,
regardless of the Level 2 authentication configurations.

By default, hello authentication is not configured on an interface. However, if IS-IS

authentication is configured, the hello packets are authenticated using the IS-IS
authentication type and password.

To enable hello authentication for an IS-IS level on an interface and define the password,
include the hello-authentication-type and hello-authentication-key statements. To
configure hitless authentication key rollover, include the hello-authentication-key-chain
statement:

hello-authentication-type (md5 | simple);

hello-authentication-key password;
hello-authentication-key-chain key-chain-name;

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Configuring the Transmission Frequency for IS-IS Hello Packets

Routing devices send hello packets at a fixed interval on all interfaces to establish and
maintain neighbor relationships. This interval is advertised in the hello interval field in the
hello packet. By default, a designated intersystem (DIS) router sends hello packets every
3 seconds, and a non-DIS router sends hello packets every 9 seconds.

To modify how often the routing device sends hello packets out of an interface, include
the hello-interval statement:

hello-interval seconds;

The hello interval range is from 1 through 20,000 seconds.

390 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

You can send out hello packets in sub-second intervals. To send out hello packets every
333 milliseconds, set the hello-interval value to 1.

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Configuring the Delay Before IS-IS Neighbors Mark the Routing Device as Down
The hold time specifies how long a neighbor should consider this routing device to be
operative without receiving another hello packet. If the neighbor does not receive a hello
packet from this routing device within the hold time, it marks the routing device as being
unavailable. The default hold-time value is three times the default hello interval: 9 seconds
for a DIS router and 27 seconds for a non-DIS router.

To modify the hold-time value on the local routing device, include the hold-time statement:

hold-time seconds;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Configuring the Metric Value for IS-IS Routes

All IS-IS routes have a cost, which is a routing metric that is used in the IS-IS link-state
calculation. The cost is an arbitrary, dimensionless integer that can be from 1 through 63,
24
or from 1 through 16,777,215 (2 – 1) if you are using wide metrics. The default metric
value is 10 (with the exception of the lo0 interface, which has a default metric of 0). To
modify the default value, include the metric statement:

metric metric;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

For more information about IS-IS interface metrics, see “Configuring the Reference
Bandwidth Used in IS-IS Metric Calculations” on page 392.

Configuring the IS-IS Metric Value Used for Traffic Engineering

When traffic engineering is enabled on the routing device, you can configure an IS-IS
metric that is used exclusively for traffic engineering. The traffic engineering metric is
used for information injected into the traffic engineering database. Its value does not
affect normal IS-IS forwarding.

To modify the default value, include the te-metric statement:

te-metric metric;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Configuring the Designated Router Priority for IS-IS

A routing device advertises its priority to become a designated router in its hello packets.
On all multiaccess networks, IS-IS uses the advertised priorities to elect a designated

Copyright © 2011, Juniper Networks, Inc. 391

Junos OS 11.4 Routing Protocols Configuration Guide

router for the network. This routing device is responsible for sending network link-state
advertisements, which describe all the routing devices attached to the network. These
advertisements are flooded throughout a single area.

The priority value is meaningful only on a multiaccess network. It has no meaning on a

point-to-point interface.

A routing device’s priority for becoming the designated router is indicated by an arbitrary
number from 0 through 127; routing devices with a higher value are more likely to become
the designated router. By default, routing devices have a priority value of 64.

To modify the interface’s priority value, include the priority statement:

priority number;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Advertising Interface Addresses Without Running IS-IS

The routing device can advertise the direct interface addresses on an interface or on a
sub-level of the interface without actually running IS-IS on that interface or at that level.
This occurs in passive mode.

To enable an interface as passive, include the passive statement:

passive;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Configuring the Reference Bandwidth Used in IS-IS Metric Calculations

All IS-IS interfaces have a cost, which is a routing metric that is used in the IS-IS link-state
calculation. Routes with lower total path metrics are preferred over those with higher
path metrics. When there are several equal-cost routes to a destination, traffic is
distributed equally among them.

The cost of a route is described by a single dimensionless metric that is determined using
the following formula:

cost = reference-bandwidth/bandwidth

To modify the reference bandwidth, include the reference-bandwidth statement:

reference-bandwidth reference-bandwidth;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

reference-bandwidth is the reference bandwidth. If the reference bandwidth is not

configured, all interfaces have a default metric of 10 (with the exception of the lo0
interface, which has a default metric of 0).

392 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

For example, if you set the reference bandwidth to 1 Gbps (that is, reference-bandwidth
is set to 1,000,000,000), a 100-Mbps interface has a default metric of 10.

For more information about IS-IS route metrics, see “Configuring the Metric Value for
IS-IS Routes” on page 391.

Limiting the Number of Advertised IS-IS Areas

By default, IS-IS advertises a maximum of three areas in the IS-IS hello (IIH) PDUs and
link-state PDUs. To advertise more than three ISO network addresses for a router, include
the max-areas statement:

max-areas number;

The range that you can configure is from 3 through 36, and the default is 3. This value is
included in the Maximum Address Area field of the IS-IS common PDU header included
in all outgoing PDUs.

NOTE: The maximum number areas you can advertise is restricted to 36 to

ensure that the IIH PDUs have enough space to include other type, length,
and value (TLV) fields, such as the Authentication and IPv4 and IPv6 Interface
Address TLVs.

For a list of hierarchy levels at which you an configure this statement, see the statement
summary section for this statement.

Enabling Wide IS-IS Metrics for Traffic Engineering

Normally, IS-IS metrics can have values up to 63, and IS-IS generates two type length
values (TLVs), one for an IS-IS adjacency and the second for an IP prefix. To allow IS-IS
to support traffic engineering, a second pair of TLVs has been added to IS-IS, one for IP
prefixes and the second for IS-IS adjacency and traffic engineering information. With
24
these TLVs, IS-IS metrics can have values up to 16,777,215 (2 – 1).

By default, the Junos OS supports the sending and receiving of wide metrics. The Junos
OS allows a maximum metric value of 63 and generates both pairs of TLVs. To configure
IS-IS to generate only the new pair of TLVs and thus to allow the wider range of metric
values, include the wide-metrics-only statement:

wide-metrics-only;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Configuring Preference Values for IS-IS Routes

Route preferences are used to select which route is installed in the forwarding table when
several protocols calculate routes to the same destination. The route with the lowest
preference value is selected. For more information about route preferences, see “Route
Preferences Overview” on page 6.

Copyright © 2011, Juniper Networks, Inc. 393

Junos OS 11.4 Routing Protocols Configuration Guide

By default, Level 1 IS-IS internal routes have a preference value of 15, Level 2 IS-IS internal
routes have a preference of 18, Level 1 IS-IS external routes have a preference of 160, and
Level 2 external routes have a preference of 165. To change the preference values, include
the preference statement (for internal routes) or the external-preference statement:

external-preference preference;
preference preference;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.
32
The preference value can range from 0 through 4,294,967,295 (2 – 1).

Limiting the Number of Prefixes Exported to IS-IS

By default, there is no limit to the number of prefixes that can be exported into IS-IS. To
configure a limit to the number of prefixes that can be exported into IS-IS, include the
prefix-export-limit statement:

prefix-export-limit number;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

You can specify a number range from 0 through 4,294,967,295.

Configuring Link-State PDU Lifetime for IS-IS

By default, link-state PDUs are maintained in network databases for 1200 seconds
(20 minutes) before being considered invalid. This length of time, called the LSP lifetime,
normally is sufficient to guarantee that link-state PDUs never expire.

To modify the link-state PDU lifetime, include the lsp-lifetime statement:

lsp-lifetime seconds;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

The time can range from 350 through 65,535 seconds.

The link-state PDU refresh interval is derived from the link-state PDU lifetime and is equal
to the lifetime minus 317 seconds.

Advertising Label-Switched Paths into IS-IS

You can advertise label-switched paths into IS-IS as point-to-point links, and the
label-switched paths can be used in SPF calculations. The advertisement contains a
local address (the from address of the label-switched path), a remote address (the to
address of the label-switched path), and a metric with the following precedence:

• Use the label-switched path metric defined under IS-IS.

• Use the label-switched path metric configured for the label-switched path under MPLS.

394 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

• If you do not configure any of the above, use the default IS-IS metric of 10.

To advertise label-switched paths, include the label-switched-path statement, with a

specified level and metric:

label-switched-path name level level metric metric;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

NOTE: Before a single-hop label-switched path between a multiaccess link

can be announced as up and used in SPF calculations, you must configure a
label-switched path in both directions between two label-switched routers.

Related • Junos OS MPLS Applications Configuration Guide

Documentation

Configuring IS-IS to Make Routing Devices Appear Overloaded

If the time elapsed after the IS-IS instance is enabled is less than the specified timeout,
overload mode is set.

You configure or disable overload mode in IS-IS with or without a timeout. Without a
timeout, overload mode is set until it is explicitly deleted from the configuration. With a
timeout, overload mode is set if the time elapsed since the IS-IS instance started is less
than the specified timeout.

A timer is started for the difference between the timeout and the time elapsed since the
instance started. When the timer expires, overload mode is cleared. In overload mode,
the routing device IS-IS advertisements are originated with the overload bit set. This
causes the transit traffic to avoid the overloaded routing device and take paths around
the routing device. However, the overloaded routing device’s own links are still accessible.

In overload mode, the routing device advertisement is originated with all the transit routing
device links (except stub) set to a metric of 0xFFFF. The stub routing device links are
advertised with the actual cost of the interfaces corresponding to the stub. This causes
the transit traffic to avoid the overloaded routing device and take paths around the routing
device. However, the overloaded routing device’s own links are still accessible.

You can configure the local routing device so that it appears to be overloaded. You might
want to do this when you want the routing device to participate in IS-IS routing, but do
not want it to be used for transit traffic. (Note that traffic to immediately attached
interfaces continues to transit the routing device.) To mark the routing device as
overloaded, include the overload statement:

overload {
advertise-high-metrics;
allow-route-leaking;
timeout seconds;
}

Copyright © 2011, Juniper Networks, Inc. 395

Junos OS 11.4 Routing Protocols Configuration Guide

To advertise maximum link metrics in network layer reachability information (NLRI)

instead of setting the overload bit, include the advertise-high-metrics option when
specifying the overload statement:

advertise-high-metrics;

When you configure the advertise-high-metrics option, the routing device in overload
mode stops passing (leaking) route information into the network. So, an L1-L2 router in
overload mode stops passing route information between L1 and L2 levels and clears its
attached bit when the advertise-high-metrics option is configured.

To allow route information to pass (leak) into the network when the routing device is in
overload mode, include the allow-route-leaking option when specifying the overload
statement:

allow-route-leaking;

NOTE: The allow-route-leaking option will not work if the routing device is in
dynamic overload mode. Dynamic overload can occur if the device has
exceeded its resource limits, such as the prefix limit.

To specify the number of seconds at which overload is reset, include the timeout option
when specifying the overload statement:

overload timeout seconds;

The time can range from 60 through 1800 seconds.

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Configuring SPF Options for IS-IS

You can configure the following shortest-path-first (SPF) options:

• The delay in the time between the detection of a topology change and when the SPF
algorithm actually runs.

• The maximum number of times that the SPF algorithm can run in succession before
the hold-down timer begins.

• The time to hold down, or wait, before running another SPF calculation after the SPF
algorithm has run in succession the configured maximum number of times.

To configure SPF options, include the spf-options statement:

spf-options {
delay milliseconds;
holddown milliseconds;
rapid-runs number;
}

396 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

To configure the SPF delay, include the delay statement when specifying the spf-options
statement:

delay milliseconds;

By default, the SPF algorithm runs 200 milliseconds after the detection of a topology
change. The range that you can configure is from 50 through 1000 milliseconds.

To configure the maximum number of times that the SPF algorithm can run in succession,
include the rapid-runs statement when specifying the spf-options statement:

rapid-runs number;

To configure the SPF hold-down timer, include the holddown statement when specifying
the spf-options statement:

holddown milliseconds;

The default is 5000 milliseconds, and the range that you can configure is from 2000
through 10,000 milliseconds. Use the hold-down timer to hold down, or wait, before
running any subsequent SPF calculations after the SPF algorithm runs for the configured
maximum number of times. If the network stabilizes during the hold-down period and
the SPF algorithm does not need to run again, the system reverts to the configured values
for the delay and rapid-runs statements.

Configuring Graceful Restart for IS-IS

Graceful restart allows a routing device to restart with minimal effects to the network,
and is enabled globally for all routing protocols at the [edit routing-options] hierarchy
level. When graceful restart for IS-IS is enabled, the restarting routing device is not
removed from the network topology during the restart period. The adjacencies are
reestablished after restart is complete.

You can configure graceful restart parameters specifically for IS-IS. To do this, include
the graceful-restart statement:

graceful-restart {
helper-disable;
restart-duration seconds;
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

To disable graceful restart for IS-IS, specify the disable statement. Helper mode is enabled
by default. To disable the graceful restart helper capability, specify the helper-disable
statement. To configure a time period for complete restart, specify the restart-duration
statement. You can specify a number between 1 and 3600. The default value is
90 seconds.

Copyright © 2011, Juniper Networks, Inc. 397

Junos OS 11.4 Routing Protocols Configuration Guide

Configuring IS-IS for Multipoint Network Clouds

IS-IS does not support multipoint configurations. Therefore, when configuring Frame
Relay or Asynchronous Transfer Mode (ATM) networks, you must configure them as
collections of point-to-point links, not as multipoint clouds.

Configuring IS-IS Traffic Engineering Attributes

You can configure the following IS-IS traffic engineering attributes:

• Configuring IS-IS to Use IGP Shortcuts on page 398

• Configuring IS-IS to Ignore the Metric of RSVP Label-Switched Paths on page 399
• Disabling IS-IS Support for Traffic Engineering on page 400
• Installing IPv4 Routes into the Multicast Routing Table on page 400
• Configuring IS-IS to Use Protocol Preference to Determine the Traffic Engineering
Database Credibility Value on page 400
When configuring traffic engineering support, you can also configure IS-IS to use metric
values greater than 63, as described in “Enabling Wide IS-IS Metrics for Traffic Engineering”
on page 393.

Configuring IS-IS to Use IGP Shortcuts

IS-IS always performs SPF calculations to determine next hops. For prefixes reachable
through a particular next hop, IS-IS places that next hop for that prefix in the inet.0 routing
table. In addition, for routers running MPLS, IS-IS installs the prefix for IPv4 routes in the
inet.3 routing table as well. The inet.3 table, which is present on the ingress router, contains
the host address of each MPLS label-switched path (LSP) egress router. BGP uses this
routing table to resolve next-hop addresses.

If you enable IS-IS traffic engineering shortcuts and if there is a label-switched path to
a point along the path to that prefix, IS-IS installs the prefix in the inet.3 routing table and
uses the LSP as a next hop. The net result is that for BGP egress routers for which there
is no LSP, BGP automatically uses an LSP along the path to reach the egress router.

In Junos OS Release 9.3 and later, IS-IS traffic engineering shortcuts support IPv6 routes.
LSPs to be used for shortcuts continue to be signaled using IPv4. However, by default,
shortcut routes calculated through IPv6 routes are added to the inet6.3 routing table.
The default behavior is for only BGP to use LSPs in its calculations. If you configure MPLS
so that both BGP and interior gateway protocols use LSPs for forwarding traffic, shortcut
routes calculated through IPv6 are added to the inet6.0 routing table. IS-IS ensures that
the IPv6 routes running over the IPv4 MPLS LSP are correctly de-encapsulated at the
tunnel egress by pushing an extra IPv6 explicit null label between the IPv6 payload and
the IPv4 transport label.

RSVP LSPs with a higher preference than IS-IS routes are not considered during the
computation of traffic engineering shortcuts.

398 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

To configure IS-IS so that it uses label-switched paths as shortcuts when installing

information in the inet.3 or inet6.3 routing table, include the following statements:

traffic-engineering {
family inet {
shortcuts;
}
}
family inet6 {
shortcuts;
}
}

For IPv4 traffic, include the inet statement. For IPv6 traffic, include the inet6 statement.

To ignore the metric of RSVP LSPs in shortcut decisions, include the ignore-lsp-metrics
statement:

traffic-engineering {
ignore-lsp-metrics;
}

This option avoids mutual dependency between IS-IS and RSVP, eliminating the time
period when the RSVP metric used for shortcuts is not up to date.

For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Because the inet.3 routing table is present only on ingress routers, you can configure LSP
shortcuts only on these routers.

For more information about configuring LSPs and MPLS, see the Junos OS MPLS
Applications Configuration Guide.

Configuring IS-IS to Ignore the Metric of RSVP Label-Switched Paths

You can configure IS-IS to ignore the metric of RSVP label-switched paths (LSPs) when
LDP tunneling is enabled. If you are using the RSVP for traffic engineering, you can run
LDP simultaneously to eliminate the distribution of external routes in the core. The LSPs
established by LDP are tunneled through the LSPs established by RSVP. LDP effectively
treats the traffic-engineered LSPs as single hops. Ignoring the metric of RSVP LSPs avoids
mutual dependency between IS-IS and RSVP, eliminating the time period when the RSVP
metric used for tunneling traffic is not up to date.

To configure IS-IS to ignore the metric of RSVP LSPs, include the ignore-lsp-metrics
statement:

traffic-engineering {
ignore-lsp-metrics;
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Copyright © 2011, Juniper Networks, Inc. 399

Junos OS 11.4 Routing Protocols Configuration Guide

For more information about configuring LSPs and MPLS, see the Junos OS MPLS
Applications Configuration Guide.

Disabling IS-IS Support for Traffic Engineering

By default, IS-IS supports traffic engineering by exchanging basic information with the
traffic engineering database. To disable this support, and to disable IS-IS shortcuts if
they are configured, include the disable statement:

traffic-engineering {
disable;
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Installing IPv4 Routes into the Multicast Routing Table

You can install unicast IPv4 routes into the multicast routing table (inet.2) for multicast
reverse-path forwarding (RPF) checks.

To install routes into the multicast routing table for RPF checks, include the
multicast-rpf-routes statement:

traffic-engineering {
family inet {
shortcuts {
multicast-rpf-routes;
}
}
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

NOTE: Traffic engineering shortcuts must be enabled.

NOTE: IPv4 multicast topology must not be enabled.

NOTE: LSPs must not be advertised into IS-IS.

Configuring IS-IS to Use Protocol Preference to Determine the Traffic Engineering Database
Credibility Value
By default, the Junos OS prefers IS-IS routes in the traffic engineering database over
other IGP routes even if the routes of another IGP are configured with a lower, that is,
more preferred, preference value. The traffic engineering database assigns a credibility
value to each IGP and prefers the routes of the IGP with the highest credibility value. In
Junos OS Release 9.4 and later, you can configure IS-IS to take protocol preference into

400 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

account to determine the traffic engineering database credibility value. When protocol
preference is used to determine the credibility value, IS-IS routes are not automatically
preferred by the traffic engineering database, depending on your configuration. For
example, OSPF routes have a default preference value of 10, while IS-IS Level 1 routes
have a default preference value of 15. When protocol preference is enabled, the credibility
value is determined by deducting the protocol preference value from a base value of 512.
Using default protocol preference values, OSPF has a credibility value of 502, while IS-IS
has a credibility value of 497. Because the traffic engineering database prefers IGP routes
with the highest credibility value, OSPF routes are now preferred.

NOTE: This feature is also supported for OSPFv2. For more information, see
“Example: Enabling OSPF Traffic Engineering Support” on page 650.

To configure IS-IS to use the configured protocol preference for IGP routes to determine
the traffic engineering database credibility value, include the credibility-protocol-preference
statement at the [edit protocols isis traffic-engineering] hierarchy level:

[edit protocols isis]

traffic-engineering {
credibility-protocol-preference;
}

Enabling Authentication for IS-IS Without Network-Wide Deployment

To allow the use of authentication without requiring network-wide deployment, include

the loose-authentication-check statement:

loose-authentication-check;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Configuring Quicker Advertisement of IS-IS Adjacency State Changes

A hold-down timer delays the advertising of adjacencies by waiting until a time period
has elapsed before labeling adjacencies in the up state. You can disable this hold-down
timer, which labels adjacencies up faster. However, disabling the hold-down timer creates
more frequent link-state PDU updates and SPF computation.

To disable the adjacency hold-down timer, include the no-adjacency-holddown statement:

no-adjacency-holddown;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Enabling Padding of IS-IS Hello Packets

You can configure padding on hello packets to accommodate asymmetrical maximum

transfer units (MTUs) from different routing devices. This help prevents a premature

Copyright © 2011, Juniper Networks, Inc. 401

Junos OS 11.4 Routing Protocols Configuration Guide

adjacency UP state when one routing device’s MTU does not meet the requirements to
establish the adjacency.

As an OSI Layer 2 protocol, IS-IS does not support data fragmentation. Therefore,
maximum packet sizes must be established and supported between two routers. During
adjacency establishment, the IS-IS protocol makes sure that the link supports a packet
size of 1,492 bytes by padding outgoing hello packets up to the maximum packet size of
1,492 bytes.

To configure padding for hello packets, include the hello-padding statement:

hello-padding (adaptive | loose | strict);

There are three types of hello padding:

• Adaptive padding. On point-to-point connections, the hello packets are padded from
the initial detection of a new neighbor until the neighbor verifies the adjacency as Up
in the adjacency state TLV. If the neighbor does not support the adjacency state TLV,
then padding continues. On LAN connections, padding starts from the initial detection
of a new neighbor until there is at least one active adjacency on the interface. Adaptive
padding has more overhead than loose padding and is able to detect MTU asymmetry
from one side of the connection. This one-sided detection may result in generation of
extra LSPs that are flooded throughout the network. Specify the adaptive option to
configure enough padding to establish an adjacency to neighbors.

• Loose padding (the default). The hello packet is padded from the initial detection of
a new neighbor until the adjacency transitions to the Up state. Loose padding may not
be able to detect certain situations such as asymmetrical MTUs between the routing
devices. Specify the loose option to configure enough padding to initialize an adjacency
to neighbors.

• Strict padding. Padding is done on all interface types and for all adjacency states, and
is continuous. Strict padding has the most overhead. The advantage is that strict
padding detects MTU issues on both sides of a link. Specify the strict option to configure
padding to allow all adjacency states with neighbors.

For a list of hierarchy levels at which you can include this statement, see the statement
summary sections for this statement.

Configuring CLNS for IS-IS

Connectionless Network Services (CLNS) is a Layer 3 protocol, similar to IP version 4

(IPv4). CLNS uses network service access points (NSAPs) to address end systems and
intermediate systems.

You can use IS-IS as the IGP to carry ISO CLNS routes through a network.

NOTE: CLNS is supported on J Series Services Routers and MX Series routers

only.

To enable IS-IS to exchange CLNS routes, include the clns-routing statement:

402 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

clns-routing;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

You can configure a pure CLNS network by disabling IPv4 and IPv6 for IS-IS.

To disable IPv4, include the no-ipv4-routing statement:

no-ipv4-routing;

To disable IPv6, include the no-ipv6-routing statement:

no-ipv6-routing;

For a list of hierarchy levels at which you can include these statements, see the statement
summary section for these statements.

You can export BGP routes into Layer 2 IS-IS by configuring an export policy and applying
the policy to IS-IS. You can export BGP routes from a specific VRF instance into IS-IS by
configuring and applying an export policy at the [edit routing-instance instance-name
protocols isis] hierarchy level. ES-IS routes from one routing instance cannot be exported
into a Layer 1 IS-IS area of another routing instance.

To configure an export policy to export BGP routes into IS-IS, include the policy-statement
statement:

policy-statement policy-name {
from {
protocol bgp;
family iso;
}
then {
accept;
}
}

To apply an export policy, include the export statement at the [edit protocols isis] hierarchy
level:

export policy-name;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for these statements.

For more information on policy configuration, see the Junos OS Routing Policy Configuration
Guide.

You can also export routes from protocols other than BGP into IS-IS. ES-IS routes are
exported to IS-IS by default. You can export ES-IS routes into IS-IS by configuring a
routing policy.

Example: Configuring CLNS for IS-IS

Configure a routing policy to accept CLNS routes:

policy-options {

Copyright © 2011, Juniper Networks, Inc. 403

Junos OS 11.4 Routing Protocols Configuration Guide

policy-statement dist-bgp {
from {
protocol bgp;
family iso;
}
then accept;
}
policy-statement dist-static {
from {
protocol static;
family iso;
}
then accept;
}
}

Configure CLNS for IS-IS:

protocols {
isis {
traceoptions {
file isis size 5m world-readable;
flag error;
}
export dist-static;
no-ipv6-routing;
no-ipv4-routing;
clns-routing;
interface fe-0/0/1.0;
interface t1-0/2/1.0;
interface fxp0.0 {
disable;
}
interface lo0.0;
}
}

Configure a routing instance that supports CLNS routes:

routing-instances {
aaaa {
instance-type vrf;
interface lo0.1;
interface t1-3/0/0.0;
interface fe-5/0/1.0;
route-distinguisher 10.245.245.1:1;
vrf-target target:11111:1;
protocols {
isis {
export dist-bgp;
no-ipv4-routing;
no-ipv6-routing;
clns-routing;
interface all;
}
}
}

404 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

Disabling IS-IS

To disable IS-IS on the routing device without removing the IS-IS configuration statements
from the configuration, include the disable statement:

isis {
disable;
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

To reenable IS-IS, remove the disable statement from the configuration:

[edit protocols]
user@host# delete isis disable
[edit protocols]
user@host# show
isis;

Disabling IPv4 Routing for IS-IS

You can disable IP version 4 (IPv4) routing for IS-IS. Disabling IPv4 routing results in the
following:

• Routing device does not advertise the NLPID for IPv4 in Junos OS 0th link-state PDU
fragment.

• Routing device does not advertise any IPv4 prefixes in Junos OS link-state PDUs.

• Routing device does not advertise the NLPID for IPv4 in Junos OS hello packets.

• Routing device does not advertise any IPv4 addresses in Junos OS hello packets.

• Routing device does not calculate any IPv4 routes.

To disable IPv4 routing on the routing device, include the no-ipv4-routing statement:

isis {
no-ipv4-routing;
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

To reenable IS-IS, remove the no-ipv4-routing statement from the configuration:

[edit protocols]
user@host# delete isis no-ipv4-routing

Disabling IPv6 Routing for IS-IS

You can disable IP version 6 (IPv6) routing for IS-IS. Disabling IPv6 routing results in the
following:

Copyright © 2011, Juniper Networks, Inc. 405

Junos OS 11.4 Routing Protocols Configuration Guide

• Routing device does not advertise the NLPID for IPv6 in Junos OS 0th link-state PDU
fragment.

• Routing device does not advertise any IPv6 prefixes in Junos OS link-state PDUs.

• Routing device does not advertise the NLPID for IPv6 in Junos OS hello packets.

• Routing device does not advertise any IPv6 addresses in Junos OS hello packets.

• Routing device does not calculate any IPv6 routes.

To disable IPv6 routing on the routing device, include the no-ipv6-routing statement:

isis {
no-ipv6-routing;
}

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

To re-enable IS-IS, remove the disable statement from the configuration:

[edit protocols]
user@host# delete isis no-ipv6-routing

Applying Policies to Routes Exported to IS-IS

All routing protocols store the routes that they learn in the routing table. The routing table
uses this collected route information to determine the active routes to destinations. The
routing table then installs the active routes into its forwarding table and exports them
into the routing protocols. It is these exported routes that the protocols advertise.

For each protocol, you control which routes the protocol stores in the routing table and
which routes the routing table exports into the protocol from the routing table by defining
a routing policy for that protocol. For information about defining routing policy, see the
Junos OS Routing Policy Configuration Guide.

To apply routing policies that affect how the routing protocol process (rpd) exports
routes into IS-IS, include the export statement:

export [ policy-names ];

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

NOTE: For IS-IS, you cannot apply routing policies that affect how routes are
imported into the routing table; doing so with a link-state protocol can easily
lead to an inconsistent topology database.

Examples: Configuring IS-IS Routing Policy

Define a policy that allows only host routes from USC (128.125.0.0/16), and apply the
policy to routes exported from the routing table into IS-IS:

406 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

policy-options {
policy-statement usc-hosts-only {
term first {
from {
route-filter 128.125.0.0/16 upto /31;
}
then reject;
}
then accept;
}
}
protocols {
isis {
export usc-hosts-only;
}
}

Define a policy that takes BGP routes from the Edu community and places them into
IS-IS with a metric of 14. Apply the policy to routes exported from the routing table into
IS-IS:

protocols {
isis {
export edu-to-isis;
}
}
policy-options {
community Edu members 666:5;
policy-statement edu-to-isis {
from {
protocol bgp;
community Edu;
}
to protocol isis;
then metric 14;
}
}

Define a policy that rejects all IS-IS Level 1 routes so that none are exported into IS-IS:

policy-options {
policy-statement level1 {
term first {
from level 1;
then reject;
}
then accept;
}
}
protocols {
isis {
export level1;
interface fxp0;
}
}

Define a routing policy to export IS-IS Level 1 internal-only routes into Level 2:

Copyright © 2011, Juniper Networks, Inc. 407

Junos OS 11.4 Routing Protocols Configuration Guide

[edit]
protocols {
isis {
export L1-L2;
}
}
policy-statement L1-L2 {
term one {
from {
level 1;
external;
}
then reject;
}
term two {
from level 1;
to level 2;
then accept;
}
}

Define a routing policy to export IS-IS Level 2 routes into Level 1:

[edit]
protocols {
isis {
export L2-L1;
}
}
policy-statement L2-L1 {
term one {
from level 2;
to level 1;
then accept;
}
}

Installing a Default Route to the Nearest Routing Device That Operates at Both IS-IS
Levels

When a routing device that operates as both a Level 1 and Level 2 router (Router B)
determines that it can reach at least one area other than its own (for example, in Area
Y), it sets the ATTACHED bit in its Level LSP. Thereafter, the Level 1 router (Router A)
introduces a default route pointing to the nearest attached routing device that operates
as both a Level 1 and Level 2 router (Router B). See Figure 10 on page 409.

408 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

Figure 10: Install Default Route to Nearest Routing Device That Operates
at Both
Level 1 and Level 2

Configuring Loop-Free Alternate Routes for IS-IS

In Junos OS Release 9.5 and later, support for IS-IS loop-free alternate routes enables
IP fast-reroute capability for IS-IS. The Junos OS precomputes loop-free backup routes
for all IS-IS routes. These backup routes are preinstalled in the Packet Forwarding Engine,
which performs a local repair and implements the backup path when the link for a primary
next hop for a particular route is no longer available. With local repair, the Packet
Forwarding Engine can correct a path failure before it receives recomputed paths from
the Routing Engine. Local repair reduces the amount of time needed to reroute traffic to
less than 50 milliseconds. In contrast, global repair can take up to 800 milliseconds to
compute a new route. Local repair and global repair are thus complementary. Local repair
enables traffic to continue to be routed using a backup path until global repair is able to
calculate a new route.

A loop-free path is one that does not forward traffic back through the routing device to
reach a given destination. That is, a neighbor whose shortest path to the destination
traverses the routing device is not used as a backup route to that destination. To determine
loop-free alternate paths for IS-IS routes, the Junos OS runs shortest-path-first (SPF)
calculations on each one-hop neighbor. You can enable support for alternate loop-free
routes on any IS-IS interface. Because it is common practice to enable LDP on an interface
for which IS-IS is already enabled, this feature also provides support for LDP
label-switched paths (LSPs).

NOTE: If you enable support for alternate loop-free routes on an interface

configured for both LDP and IS-IS, you can use the traceroute command to
trace the active path to the primary next hop.

Copyright © 2011, Juniper Networks, Inc. 409

Junos OS 11.4 Routing Protocols Configuration Guide

The level of backup coverage available through IS-IS routes depends on the actual
network topology and is typically less than 100 percent for all destinations on any given
routing device. You can extend backup coverage to include RSVP LSP paths.

The Junos OS provides two mechanisms for route redundancy for IS-IS through alternate
loop-free routes: link protection and node-link protection. When you enable link protection
or node-link protection on an IS-IS interface, the Junos OS creates an alternate path to
the primary next hop for all destination routes that traverse a protected interface. Link
protection offers per-link traffic protection. Use link protection when you assume that
only a single link might become unavailable but that the neighboring node on the primary
path would still be available through another interface.

Node-link protection establishes an alternate path through a different routing device

altogether. Use node-link protection when you assume that access to a node is lost when
a link is no longer available. As a result, the Junos OS calculates a backup path that avoids
the primary next-hop routing device. In Junos OS Release 9.4 and earlier, only the RSVP
protocol supports Packet Forwarding Engine local repair and fast reroute as well as link
protection and node protection.

In Figure 11 on page 410, Case 1 shows how link protection allows source Router A to switch
to Link B when the primary next hop Link A to destination Router C fails. However, if
Router B fails, Link B also fails, and the protected Link A is lost. If node-link protection is
enabled, Router A is able to switch to Link D on Router D and bypass the failed Router B
altogether. As shown in Case 2, with node-link protection enabled, Router A has a
node-link protection alternate path available through Router D to destination Router C.
That means that if Router B fails, Router A can still reach Router C because the path from
Router A to Link D remains available as an alternate backup path.

Figure 11: Link Protection and Node-Link Protection Comparison for IS-IS
Routes

Case 1 Node-link protection alternate path

D
Link D Link E

Link A
X
A B C
Link C
Link B
Link protection alternate path
X

Case 2 Node-link protection alternate path

D
Link D Link E

Link A
X
A B C
Link C
Link B
g017299

410 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

The Junos OS implementation of support for loop-free alternate paths for IS-IS routes
is based on the following standards:

• Internet draft draft-ietf-rtgwg-ipfrr-spec-base-12.txt, Basic Specification for IP

Fast-Reroute: Loop-free Alternates

• Internet draft draft-ietf-rtgwg-ipfrr-framework-06.txt, IP Fast Reroute Framework

This section discusses the following topics:

• Configuring Link Protection for IS-IS on page 411

• Configuring Node-Link Protection for IS-IS on page 411
• Excluding an IS-IS Interface as a Backup for Protected Interfaces on page 412
• Configuring RSVP Label-Switched Paths as Backup Paths for IS-IS on page 412
• Using Operational Mode Commands to Monitor Protected IS-IS Routes on page 413
• Example: Configuring Node-Link Protection for IS-IS Routes on page 413

Configuring Link Protection for IS-IS

You can configure link protection on any interface for which IS-IS is enabled. When you
enable link protection, the Junos OS creates an alternate path to the primary next hop
for all destination routes that traverse a protected interface. Link protection assumes
that only a single link becomes unavailable but that the neighboring node would still be
available through another interface.

NOTE: You must also configure a per-packet load-balancing routing policy

to ensure that the routing protocol process installs all the next hops for a
given route in the routing table. For more information, see “Configuring
Per-Packet Load Balancing” on page 128.

To enable link protection, include the link-protection statement at the [edit protocols isis
interface interface-name] hierarchy level:

[edit]
protocols {
isis {
interface interface-name:
link-protection;
}
}
}

Configuring Node-Link Protection for IS-IS

You can configure node-link protection on any interface for which IS-IS is enabled.
Node-link protection establishes an alternate path through a different routing device
altogether for all destination routes that traverse a protected interface. Node-link
protection assumes that the entire routing device, or node, has failed. The Junos OS
therefore calculates a backup path that avoids the primary next-hop routing device.

Copyright © 2011, Juniper Networks, Inc. 411

Junos OS 11.4 Routing Protocols Configuration Guide

NOTE: You must also configure a per-packet load-balancing routing policy

to ensure that the routing protocol process installs all the next hops for a
given route in the routing table. For more information, see “Configuring
Per-Packet Load Balancing” on page 128.

To enable node-link protection, include the node-link-protection statement at the [edit

protocols isis interface interface-name] hierarchy level:

[edit]
protocols {
isis {
interface interface-name:
node-link-protection;
}
}
}

Excluding an IS-IS Interface as a Backup for Protected Interfaces

By default, all IS-IS interfaces that belong to the master instance or a specific routing
instance are eligible as backup interfaces for protected interfaces. You can specify that
any IS-IS interface be excluded from functioning as a backup interface to protected
interfaces. To exclude an IS-IS interface as a backup interface, include the
no-eligible-backup statement at the [edit protocols isis interface interface-name] hierarchy
level:

[edit]
protocols {
isis {
interface interface-name {
no-eligible-backup;
}
}
}

Configuring RSVP Label-Switched Paths as Backup Paths for IS-IS

Relying on the shortest-path first (SPF) calculation of backup paths for one-hop neighbors
might result in less than 100 percent backup coverage for a specific network topology.
You can enhance coverage of IS-IS and LDP label-switched paths (LSPs) by configuring
RSVP LSPs as backup paths. To configure a specific RSVP LSP as a backup path, include
the backup statement at the [edit protocols mpls label-switched-path lsp-name] hierarchy
level:

[edit]
protocols {
mpls {
label-switched-path lsp-name {
backup;
to ip-address;
}
}

412 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

When configuring an LSP, you must specify the IP address of the egress routing device
with the to statement. For detailed information about configuring LSPs and RSVP, see
the Junos OS MPLS Applications Configuration Guide.

Using Operational Mode Commands to Monitor Protected IS-IS Routes

You can issue operational mode commands that provide more details about your
link-protected and node-link-protected IS-IS routes. The following guidelines explain
the type of information available from the output of each command:

• show isis backup label-switched-path—Displays which MPLS LSPs have been designated
as backup paths and the current status of those LSPs.

• show isis backup spf results—Displays SPF calculations for each neighbor for a given
destination. Indicates whether a specific interface or node has been designated as a
backup path and why. Use the no-coverage option to display only those nodes that do
not have backup coverage.

• show isis backup coverage—Displays the percentage of nodes and prefixes for each
type of address family that are protected.

• show isis interface detail—Displays the type of protection (link or node-link) applied
to each protected interface.

For more detailed information about these commands, see the Junos OS Routing Protocols
and Policies Command Reference.

Example: Configuring Node-Link Protection for IS-IS Routes

In this example, all the logical interfaces on the router are enabled for IS-IS level 2, LDP,
and RSVP. Node-link protection is enabled on all the interfaces, which means that if the
primary next hop for any destination that traverses the interfaces becomes unavailable,
the Junos OS uses a backup link that avoids the next-hop router altogether if necessary.

You also need to configure a routing policy that requires all traffic to use per-packet load
balancing in order to enable Packet Forwarding Engine local repair. With local repair, the
Packet Forwarding Engine can correct a path failure and implement a backup loop-free
alternate route before it receives recomputed paths from the Routing Engine.

Configure the interfaces. Enable IS-IS and MPLS. In this example, the interfaces are also
enabled for both IPv4 and IPv6 traffic.

[edit interfaces]
ge-2/0/0 {
unit 0 {
family inet {
address 11.14.0.1/30;
}
family iso;
family inet6;
family mpls;
}
}

Copyright © 2011, Juniper Networks, Inc. 413

Junos OS 11.4 Routing Protocols Configuration Guide

ge-2/0/1 {
unit 0 {
family inet {
address 11.14.1.1/30;
}
family iso;
family inet6;
family mpls;
}
}

so-3/0/1 {
unit 0 {
family inet {
address 11.16.1.1/30;
}
family iso;
family inet6;
family mpls;
}
}

so-3/0/2 {
unit 0 {
family inet {
address 11.16.0.1/30;
}
family iso;
family inet6;
family mpls;
}
}

so-6/0/0 {
unit 0 {
family inet {
address 11.12.0.1/30;
}
family iso;
family inet6;
family mpls;
}
}

Configure the IS-IS interfaces for Level 2 only, and configure MPLS to use both RSVP and
LDP label-switched paths (LSPs). Enable IS-IS node-link protection, which also
automatically extends backup coverage to all LDP LSPs.

[edit protocols]
rsvp {
interface all;
interface fxp0.0 {
disable;
}
}
mpls {
interface all;

414 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

interface fxp0.0 {
disable;
}
}
isis {
interface all {
node-link-protection; # Enable node-link protection on all IS-IS interfaces.
# Protection is automatically extended to all LDP LSPs.
level 2 metric 10;
level 1 disable;
}
interface fxp0.0 {
disable;
}
interface lo0.0 {
level 2 metric 0;
}
}
ldp {
deaggregate; # Enable forwarding equivalence class deaggregation, which results in
faster global convergence.
interface all;
interface fxp0.0 {
disable;
}
}

To enable Packet Forwarding Engine local repair, establish a policy that forces the routing
protocol process to install all the next hops for a given route. This policy ensures that the
backup route is installed in the forwarding table used by the Packet Forwarding Engine
to forward traffic to a given destination. After this policy is configured, export it to the
forwarding table of the local routerwith the export statement at the [edit routing-options
forwarding-table] hierarchy level.

[edit policy-options]
policy-statement ecmp {
term 1 {
then {
load-balance per-packet;
}
}
}

[edit routing-options]
forwarding-table {
export ecmp;
}

Disabling Adjacency Down and Neighbor Down Notification in IS-IS and OSPF

Whenever IS-IS is deactivated, the IS-IS adjacencies are brought down. IS-IS signals to
RSVP to bring down any RSVP neighbors associated with the IS-IS adjacencies, and this
further causes the associated LSPs signaled by RSVP to go down as well.

Copyright © 2011, Juniper Networks, Inc. 415

Junos OS 11.4 Routing Protocols Configuration Guide

A similar process occurs whenever OSPF is deactivated. The OSPF neighbors are brought
down. OSPF signals to RSVP to bring down any of the RSVP neighbors associated with
the OSPF neighbors, and this further causes the associated LSPs signaled by RSVP to
go down as well.

If you need to migrate from IS-IS to OSPF or from OSPF to IS-IS, the IGP notification to
RSVP for an adjacency or neighbor down event needs to be ignored. Using the
no-adjacency-down-notification or no-neighbor-down-notification statements, you can
disable IS-IS adjacency down notification or OSPF neighbor down notification,
respectively, until the migration is complete. The network administrator is responsible
for configuring the statements before the migration, and then removing them from the
configuration afterward, so that IGP notification can function normally.

To disable adjacency down notification in IS-IS, include the

no-adjacency-down-notification statement:

no-adjacency-down-notification;

You can include this statement at the following hierarchy levels:

• [edit protocols isis interface interface-name]

• [edit logical-systems logical-system-name protocols isis interface interface-name]

To disable neighbor down notification in OSPF, include the no-neighbor-down-notification

statement:

no-neighbor-down-notification;

You can include this statement at the following hierarchy levels:

• [edit protocols ospf area area-id interface interface-name]

• [edit logical-systems logical-system-name protocols ospf area area-id interface

interface-name]

Tracing IS-IS Protocol Traffic

You can trace various types of IS-IS protocol traffic to help debug IS-IS protocol issues.
To trace IS-IS protocol traffic include the traceoptions statement at the [edit protocols
isis] hierarchy level:

traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}

You can specify the following IS-IS protocol-specific trace options using the flag
statement:

• csn—Complete sequence number PDU (CSNP) packets

• error—Errored packets

• graceful-restart—Graceful restart operations

416 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

• hello—Hello packets

• ldp-synchronization—Synchronization between IS-IS and LDP

• lsp—Link-state PDU packets

• lsp-generation—Link-state PDU generation packets

• nsr-synchronization—NSR synchronization events

• packets—All IS-IS protocol packets

• psn—Partial sequence number PDU (PSNP) packets

• spf—Shortest-path-first (SPF) calculations

You can optionally specify one or more of the following flag modifiers:

• detail—Detailed trace information

• receive—Packets being received

• send—Packets being transmitted

NOTE: Use the flag modifier detail with caution as this may cause the CPU
to become very busy.

Global tracing options are inherited from the configuration set by the traceoptions
statement at the [edit routing-options] hierarchy level. You can override the following
global trace options for the IS-IS protocol using the traceoptions flag statement included
at the [edit protocols isis] hierarchy level:

• all—All tracing operations

• general—All normal operations and routing table changes (a combination of the normal
and route trace operations)

• normal—Normal events

• policy—Policy processing

• route—Routing information

• state—State transitions

• task—Routing protocol task processing

• timer—Routing protocol timer processing

NOTE: Use the trace flag all with caution as this may cause the CPU to
become very busy.

Copyright © 2011, Juniper Networks, Inc. 417

Junos OS 11.4 Routing Protocols Configuration Guide

Examples: Tracing IS-IS Protocol Traffic

A common configuration traces SPF calculations, LSP calculations, normal protocol
operations, and errors in protocol operation:

[edit]
protocols {
isis {
traceoptions {
file isis-log size 1m files 10;
flag spf;
flag lsp;
flag error;
flag normal;
}
}
}

Trace only unusual or abnormal operations to the file routing-log, and trace detailed
information about all IS-IS packets to the file isis-log:

[edit]
routing-options {
traceoptions {
file routing-log;
}
}
protocols {
isis {
traceoptions {
file isis-log size 10k files 5;
flag csn detail;
flag hello detail;
flag lsp detail;
flag psn detail;
}
}
}

Perform detailed tracing of mesh-group flooding:

[edit]
protocols {
isis {
traceoptions {
file isis-log;
flag lsp detail;
}
}
}

IS-IS LSP packets that contain errors are discarded by default. To log these errors, specify
the error tracing operation:

[edit]
protocols {

418 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

isis {
traceoptions {
file isis-log;
flag error;
}
}
}

Related • traceoptions on page 489 statement

Documentation
• For more information about tracing and global tracing options, see Tracing Global
Routing Protocol Operations on page 138.

Example: Configuring IS-IS on Logical Systems Within the Same Router

This example shows how to configure an IS-IS network by using multiple logical systems
that are running on a single physical router. The logical systems are connected by logical
tunnel interfaces.

• Requirements on page 419

• Overview on page 419
• Configuration on page 420
• Verification on page 425

Requirements
You must connect the logical systems by using logical tunnel (lt) interfaces. See Example:
Connecting Logical Systems Within the Same Router Using Logical Tunnel Interfaces.

Overview
This example shows an IS-IS configuration with three logical systems running on one
physical router. Each logical system has its own routing table. The configuration enables
the protocol on all logical tunnel interfaces that participate in the IS-IS domain.

Figure 12 on page 420 shows the sample network.

Copyright © 2011, Juniper Networks, Inc. 419

Junos OS 11.4 Routing Protocols Configuration Guide

Figure 12: IS-IS on Logical Systems

Configuration
CLI Quick To quickly configure this example, copy the following commands, paste them into a text
Configuration file, remove any line breaks, change any details necessary to match your network
configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy
level.

set logical-systems LS1 interfaces lt-0/1/0 unit 2 description LS1->LS2

set logical-systems LS1 interfaces lt-0/1/0 unit 2 encapsulation ethernet
set logical-systems LS1 interfaces lt-0/1/0 unit 2 peer-unit 1
set logical-systems LS1 interfaces lt-0/1/0 unit 2 family inet address 10.0.0.1/30
set logical-systems LS1 interfaces lt-0/1/0 unit 2 family iso
set logical-systems LS1 interfaces lt-0/1/0 unit 0 description LS1->LS3
set logical-systems LS1 interfaces lt-0/1/0 unit 0 encapsulation ethernet
set logical-systems LS1 interfaces lt-0/1/0 unit 0 peer-unit 5
set logical-systems LS1 interfaces lt-0/1/0 unit 0 family inet address 10.0.1.2/30
set logical-systems LS1 interfaces lt-0/1/0 unit 0 family iso
set logical-systems LS1 interfaces lo0 unit 1 family iso address 49.0001.1720.1600.1001.00
set logical-systems LS1 protocols isis interface lt-0/1/0.0
set logical-systems LS1 protocols isis interface lt-0/1/0.2
set logical-systems LS1 protocols isis interface lo0.1 passive
set logical-systems LS2 interfaces lt-0/1/0 unit 1 description LS2->LS1
set logical-systems LS2 interfaces lt-0/1/0 unit 1 encapsulation ethernet
set logical-systems LS2 interfaces lt-0/1/0 unit 1 peer-unit 2
set logical-systems LS2 interfaces lt-0/1/0 unit 1 family inet address 10.0.0.2/30
set logical-systems LS2 interfaces lt-0/1/0 unit 1 family iso
set logical-systems LS2 interfaces lt-0/1/0 unit 4 description LS2->LS3
set logical-systems LS2 interfaces lt-0/1/0 unit 4 encapsulation ethernet
set logical-systems LS2 interfaces lt-0/1/0 unit 4 peer-unit 3
set logical-systems LS2 interfaces lt-0/1/0 unit 4 family inet address 10.0.2.2/30
set logical-systems LS2 interfaces lt-0/1/0 unit 4 family iso

420 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

set logical-systems LS2 interfaces lo0 unit 2 family iso address

49.0001.1720.1600.2002.00
set logical-systems LS2 protocols isis interface lt-0/1/0.1
set logical-systems LS2 protocols isis interface lt-0/1/0.4
set logical-systems LS2 protocols isis interface lo0.2 passive
set logical-systems LS3 interfaces lt-0/1/0 unit 3 description LS3->LS2
set logical-systems LS3 interfaces lt-0/1/0 unit 3 encapsulation ethernet
set logical-systems LS3 interfaces lt-0/1/0 unit 3 peer-unit 4
set logical-systems LS3 interfaces lt-0/1/0 unit 3 family inet address 10.0.2.1/30
set logical-systems LS3 interfaces lt-0/1/0 unit 3 family iso
set logical-systems LS3 interfaces lt-0/1/0 unit 5 description LS3->LS1
set logical-systems LS3 interfaces lt-0/1/0 unit 5 encapsulation ethernet
set logical-systems LS3 interfaces lt-0/1/0 unit 5 peer-unit 0
set logical-systems LS3 interfaces lt-0/1/0 unit 5 family inet address 10.0.1.1/30
set logical-systems LS3 interfaces lt-0/1/0 unit 5 family iso
set logical-systems LS3 interfaces lo0 unit 3 family iso address 49.0001.1234.1600.2231.00
set logical-systems LS3 protocols isis interface lt-0/1/0.5
set logical-systems LS3 protocols isis interface lt-0/1/0.3
set logical-systems LS3 protocols isis interface lo0.3 passive

Step-by-Step The following example requires you to navigate various levels in the configuration
Procedure hierarchy. For information about navigating the CLI, see Using the CLI Editor in
Configuration Mode in the Junos OS CLI User Guide.

To configure IS-IS on logical systems:

1. Configure the logical tunnel interface on Logical System LS1 connecting to Logical
System LS2.

[edit logical-systems LS1]

user@host# set interfaces lt-0/1/0 unit 2 description LS1->LS2
user@host# set interfaces lt-0/1/0 unit 2 encapsulation ethernet
user@host# set interfaces lt-0/1/0 unit 2 peer-unit 1
user@host# set interfaces lt-0/1/0 unit 2 family inet address 10.0.0.1/30
user@host# set interfaces lt-0/1/0 unit 2 family iso

2. Configure the logical tunnel interface on Logical System LS1 connecting to Logical
System LS3.

[edit logical-systems LS1]

user@host# set interfaces lt-0/1/0 unit 0 description LS1->LS3
user@host# set interfaces lt-0/1/0 unit 0 encapsulation ethernet
user@host# set interfaces lt-0/1/0 unit 0 peer-unit 5
user@host# set interfaces lt-0/1/0 unit 0 family inet address 10.0.1.2/30
user@host# set interfaces lt-0/1/0 unit 0 family iso

3. Configure the logical tunnel interface on Logical System LS2 connecting to Logical
System LS1.

[edit logical-systems LS2]

user@host# set interfaces lt-0/1/0 unit 1 description LS2->LS1
user@host# set interfaces lt-0/1/0 unit 1 encapsulation ethernet
user@host# set interfaces lt-0/1/0 unit 1 peer-unit 2
user@host# set interfaces lt-0/1/0 unit 1 family inet address 10.0.0.2/30
user@host# set interfaces lt-0/1/0 unit 1 family iso

Copyright © 2011, Juniper Networks, Inc. 421

Junos OS 11.4 Routing Protocols Configuration Guide

4. Configure the logical tunnel interface on Logical System LS2 connecting to Logical
System LS3.

[edit logical-systems LS2]

user@host# set interfaces lt-0/1/0 unit 4 description LS2->LS3
user@host# set interfaces lt-0/1/0 unit 4 encapsulation ethernet
user@host# set interfaces lt-0/1/0 unit 4 peer-unit 3
user@host# set interfaces lt-0/1/0 unit 4 family inet address 10.0.2.2/30
user@host# set interfaces lt-0/1/0 unit 4 family iso

5. Configure the logical tunnel interface on Logical System LS3 connecting to Logical
System LS2.

[edit logical-systems LS3]

user@host# set interfaces lt-0/1/0 unit 3 description LS3->LS2
user@host# set interfaces lt-0/1/0 unit 3 encapsulation ethernet
user@host# set interfaces lt-0/1/0 unit 3 peer-unit 4
user@host# set interfaces lt-0/1/0 unit 3 family inet address 10.0.2.1/30
user@host# set interfaces lt-0/1/0 unit 3 family iso

6. Configure the logical tunnel interface on Logical System LS3 connecting to Logical
System LS1.

[edit logical-systems LS3]

user@host# set interfaces lt-0/1/0 unit 5 description LS3->LS1
user@host# set interfaces lt-0/1/0 unit 5 encapsulation ethernet
user@host# set interfaces lt-0/1/0 unit 5 peer-unit 0
user@host# set interfaces lt-0/1/0 unit 5 family inet address 10.0.1.1/30
user@host# set interfaces lt-0/1/0 unit 5 family iso

7. Configure the ISO address on the loopback interface for the three logical systems.

[edit logical-systems LS1]

user@host# set interfaces lo0 unit 1 family iso address 49.0001.1720.1600.1001.00
user@host# set protocols isis interface lo0.1 passive

[edit logical-systems LS2]

user@host# set interfaces lo0 unit 2 family iso address 49.0001.1720.1600.2002.00
user@host# set protocols isis interface lo0.2 passive

[edit logical-systems LS3]

user@host# set interfaces lo0 unit 3 family iso address 49.0001.1234.1600.2231.00
user@host# set protocols isis interface lo0.3 passive

8. Configure IS-IS on all the interfaces.

[edit logical-systems LS1 protocols isis]

user@host# set interface lt-0/1/0.0
user@host# set interface lt-0/1/0.2

[edit logical-systems LS2 protocols isis]

user@host# set interface lt-0/1/0.1
user@host# set interface lt-0/1/0.4

[edit logical-systems LS3 protocols isis]

user@host# set interface lt-0/1/0.5
user@host# set interface lt-0/1/0.3

9. If you are done configuring the device, commit the configuration.

[edit]

422 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

user@host# commit

Results Confirm your configuration by issuing the show logical-systems command.

user@host# show logical-systems

LS1 {
interfaces {
lt-0/1/0 {
unit 0 {
description LS1->LS3;
encapsulation ethernet;
peer-unit 5;
family inet {
address 10.0.1.2/30;
}
family iso;
}
unit 2 {
description LS1->LS2;
encapsulation ethernet;
peer-unit 1;
family inet {
address 10.0.0.1/30;
}
family iso;
}
}
lo0 {
unit 1 {
family iso {
address 49.0001.1720.1600.1001.00;
}
}
}
}
protocols {
isis {
interface lt-0/1/0.0;
interface lt-0/1/0.2;
interface lo0.1 {
passive;
}
}
}
}
LS2 {
interfaces {
lt-0/1/0 {
unit 1 {
description LS2->LS1;
encapsulation ethernet;
peer-unit 2;
family inet {
address 10.0.0.2/30;
}
family iso;
}
unit 4 {
description LS2->LS3;
encapsulation ethernet;
peer-unit 3;

Copyright © 2011, Juniper Networks, Inc. 423

Junos OS 11.4 Routing Protocols Configuration Guide

family inet {
address 10.0.2.2/30;
}
family iso;
}
}
lo0 {
unit 2 {
family iso {
address 49.0001.1720.1600.2002.00;
}
}
}
}
protocols {
isis {
interface lt-0/1/0.1;
interface lt-0/1/0.4;
interface lo0.2 {
passive;
}

}
}
}
LS3 {
interfaces {
lt-0/1/0 {
unit 3 {
description LS3->LS2;
encapsulation ethernet;
peer-unit 4;
family inet {
address 10.0.2.1/30;
}
family iso;
}
unit 5 {
description LS3->LS1;
encapsulation ethernet;
peer-unit 0;
family inet {
address 10.0.1.1/30;
}
family iso;
}
}
lo0 {
unit 3 {
family iso {
address 49.0001.1234.1600.2231.00;
}
}
}
}
protocols {
isis {
interface lt-0/1/0.3;
interface lt-0/1/0.5;
interface lo0.3 {
passive;

424 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

}
}
}
}

Verification
Confirm that the configuration is working properly.

• Verifying That the Logical Systems Are Up on page 425

• Verifying Connectivity Between the Logical Systems on page 425

Verifying That the Logical Systems Are Up

Purpose Make sure that the interfaces are properly configured.

Action user@host> show interfaces terse

Interface Admin Link Proto Local Remote
...
lt-0/1/0 up up
lt-0/1/0.0 up up inet 10.0.1.2/30
iso
lt-0/1/0.1 up up inet 10.0.0.2/30
iso
lt-0/1/0.2 up up inet 10.0.0.1/30
iso
lt-0/1/0.3 up up inet 10.0.2.1/30
iso
lt-0/1/0.4 up up inet 10.0.2.2/30
iso
lt-0/1/0.5 up up inet 10.0.1.1/30
iso
...

Verifying Connectivity Between the Logical Systems

Purpose Make sure that the IS-IS adjacencies are established by checking the logical system
routing entries and by pinging the logical systems.

Action user@host> show route logical-system LS1

inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.0.0/30 *[Direct/0] 3w0d 01:37:52

> via lt-0/1/0.2
10.0.0.1/32 *[Local/0] 3w0d 01:37:52
Local via lt-0/1/0.2
10.0.1.0/30 *[Direct/0] 3w0d 01:37:52
> via lt-0/1/0.0
10.0.1.2/32 *[Local/0] 3w0d 01:37:52
Local via lt-0/1/0.0
10.0.2.0/30 *[IS-IS/15] 3w0d 01:37:13, metric 20
> to 10.0.1.1 via lt-0/1/0.0
to 10.0.0.2 via lt-0/1/0.2

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

Copyright © 2011, Juniper Networks, Inc. 425

Junos OS 11.4 Routing Protocols Configuration Guide

49.0001.1720.1600.1001/72
*[Direct/0] 3w0d 01:37:52
> via lo0.1

user@host> show route logical-system LS2

inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.0.0/30 *[Direct/0] 3w0d 01:38:01

> via lt-0/1/0.1
10.0.0.2/32 *[Local/0] 3w0d 01:38:01
Local via lt-0/1/0.1
10.0.1.0/30 *[IS-IS/15] 3w0d 01:37:01, metric 20
to 10.0.0.1 via lt-0/1/0.1
> to 10.0.2.1 via lt-0/1/0.4
10.0.2.0/30 *[Direct/0] 3w0d 01:38:01
> via lt-0/1/0.4
10.0.2.2/32 *[Local/0] 3w0d 01:38:01
Local via lt-0/1/0.4

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

49.0001.1720.1600.2002/72
*[Direct/0] 3w0d 01:38:01
> via lo0.2

user@host> show route logical-system LS3

inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.0.0/30 *[IS-IS/15] 3w0d 01:37:10, metric 20

to 10.0.2.2 via lt-0/1/0.3
> to 10.0.1.2 via lt-0/1/0.5
10.0.1.0/30 *[Direct/0] 3w0d 01:38:10
> via lt-0/1/0.5
10.0.1.1/32 *[Local/0] 3w0d 01:38:11
Local via lt-0/1/0.5
10.0.2.0/30 *[Direct/0] 3w0d 01:38:11
> via lt-0/1/0.3
10.0.2.1/32 *[Local/0] 3w0d 01:38:11
Local via lt-0/1/0.3

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

49.0001.1234.1600.2231/72
*[Direct/0] 3w0d 01:38:11
> via lo0.3

From LS1, Ping LS3 user@host> set cli logical-system LS1

user@host:LS1> ping 10.0.2.1

PING 10.0.2.1 (10.0.2.1): 56 data bytes
64 bytes from 10.0.2.1: icmp_seq=0 ttl=63 time=1.264 ms
64 bytes from 10.0.2.1: icmp_seq=1 ttl=63 time=1.189 ms
64 bytes from 10.0.2.1: icmp_seq=2 ttl=63 time=1.165 ms
^C
--- 10.0.2.1 ping statistics ---

426 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

3 packets transmitted, 3 packets received, 0% packet loss

round-trip min/avg/max/stddev = 1.165/1.206/1.264/0.042 ms

From LS3, Ping LS1 user@host> set cli logical-system LS3

user@host:LS3> ping 10.0.0.1

PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=0 ttl=63 time=1.254 ms
64 bytes from 10.0.0.1: icmp_seq=1 ttl=63 time=1.210 ms
^C
--- 10.0.0.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.210/1.232/1.254/0.022 ms

From LS1, Ping LS2 user@host> set cli logical-system LS1

user@host:LS1> ping 10.0.2.2

PING 10.0.2.2 (10.0.2.2): 56 data bytes
64 bytes from 10.0.2.2: icmp_seq=0 ttl=64 time=1.240 ms
64 bytes from 10.0.2.2: icmp_seq=1 ttl=64 time=1.204 ms
64 bytes from 10.0.2.2: icmp_seq=2 ttl=64 time=1.217 ms
^C
--- 10.0.2.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.204/1.220/1.240/0.015 ms

From LS2, Ping LS1 user@host> set cli logical-system LS2

user@host:LS2> ping 10.0.1.2

PING 10.0.1.2 (10.0.1.2): 56 data bytes
64 bytes from 10.0.1.2: icmp_seq=0 ttl=64 time=1.308 ms
64 bytes from 10.0.1.2: icmp_seq=1 ttl=64 time=1.235 ms
^C
--- 10.0.1.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.235/1.272/1.308/0.037 ms

From LS2, Ping LS3 user@host> set cli logical-system LS2

user@host:LS2> ping 10.0.1.1

PING 10.0.1.1 (10.0.1.1): 56 data bytes
64 bytes from 10.0.1.1: icmp_seq=0 ttl=64 time=1.253 ms
64 bytes from 10.0.1.1: icmp_seq=1 ttl=64 time=1.194 ms
64 bytes from 10.0.1.1: icmp_seq=2 ttl=64 time=1.212 ms
64 bytes from 10.0.1.1: icmp_seq=3 ttl=64 time=1.221 ms
64 bytes from 10.0.1.1: icmp_seq=4 ttl=64 time=1.195 ms
^C
--- 10.0.1.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.194/1.215/1.253/0.022 ms

From LS3, Ping LS2 user@host> set cli logical-system LS3

user@host:LS3> ping 10.0.0.2

PING 10.0.0.2 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: icmp_seq=0 ttl=64 time=1.240 ms
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=1.217 ms
^C
--- 10.0.0.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.217/1.228/1.240/0.012 ms

Copyright © 2011, Juniper Networks, Inc. 427

Junos OS 11.4 Routing Protocols Configuration Guide

Related • Example: Creating an Interface on a Logical System

Documentation
• Example: Connecting Logical Systems Within the Same Router Using Logical Tunnel
Interfaces

Example: Configuring an IS-IS Default Route Policy on Logical Systems

This example shows logical systems configured on a single physical router and explains
how to configure a default route on one logical system.

• Requirements on page 428

• Overview on page 428
• Configuration on page 429
• Verification on page 431

Requirements
Before you begin:

• Connect the logical systems by using logical tunnel (lt) interfaces. See Example:
Connecting Logical Systems Within the Same Router Using Logical Tunnel Interfaces.

• Enable IS-IS on the interfaces. See “Example: Configuring IS-IS on Logical Systems
Within the Same Router” on page 419.

Overview
This example shows a logical system redistributing a default route to other logical systems.
All logical systems are running IS-IS. A common reason for a default route is to provide
a path for sending traffic destined outside the IS-IS domain.

In this example, the default route is not used for forwarding traffic. The no-install
statement prevents the route from being installed in the forwarding table of Logical
System LS3. If you configure a route so it is not installed in the forwarding table, the route
is still eligible to be exported from the routing table to other protocols. The discard
statement silently drops packets without notice.

Figure 13 on page 429 shows the sample network.

428 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

Figure 13: IS-IS with a Default Route to an ISP

set logical-systems LS3 routing-options static route 0.0.0.0/0 discard

set logical-systems LS3 routing-options static route 0.0.0.0/0 no-install
set logical-systems LS3 policy-options policy-statement isis-default from protocol static
set logical-systems LS3 policy-options policy-statement isis-default from route-filter
0.0.0.0/0 exact
set logical-systems LS3 policy-options policy-statement isis-default then accept
set logical-systems LS3 protocols isis export isis-default

To configure an IS-IS default route policy on logical systems:

1. Configure the default route on Logical System LS3.

[edit logical-systems LS3 routing-options]

user@host# set static route 0.0.0.0/0 discard
user@host# set static route 0.0.0.0/0 no-install

2. Configure the default route policy on Logical System LS3.

[edit logical-systems LS3 policy-options]

user@host# set policy-statement isis-default from protocol static
user@host# set policy-statement isis-default from route-filter 0.0.0.0/0 exact
user@host# set policy-statement isis-default then accept

Copyright © 2011, Juniper Networks, Inc. 429

Junos OS 11.4 Routing Protocols Configuration Guide

3. Apply the export policy to IS-IS on Logical System LS3.

[edit logical-systems LS3 protocols isis]

user@host# set export isis-default

4. If you are done configuring the device, commit the configuration.

[edit]
user@host# commit

Results Confirm your configuration by issuing the show logical-systems LS3 command.

user@host# show logical-systems LS3

LS3 {
interfaces {
lt-1/2/0 {
unit 3 {
description LS3->LS2;
encapsulation ethernet;
peer-unit 4;
family inet {
address 10.0.2.1/30;
}
family iso;
}
unit 5 {
description LS3->LS1;
encapsulation ethernet;
peer-unit 0;
family inet {
address 10.0.1.1/30;
}
family iso;
}
}
lo0 {
unit 3 {
family iso {
address 49.0001.1234.1600.2231.00;
}
}
}
}
protocols {
isis {
export isis-default;
interface lt-1/2/0.3;
interface lt-1/2/0.5;
interface lo0.3 {
passive;
}
}
}
policy-options {
policy-statement isis-default {
from {
protocol static;
route-filter 0.0.0.0/0 exact;
}
then accept;
}

430 Copyright © 2011, Juniper Networks, Inc.

Chapter 14: IS-IS Configuration Guidelines

}
routing-options {
static {
route 0.0.0.0/0 {
discard;
no-install;
}
}
}
}

Verification
Confirm that the configuration is working properly.

Verifying That the Static Route Is Redistributed

Purpose Make sure that the IS-IS policy is working by checking the routing tables.

Action user@host> show route logical-system LS3

inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Static/5] 00:00:45

Discard
10.0.0.0/30 *[IS-IS/15] 1w0d 10:14:14, metric 20
to 10.0.2.2 via lt-1/2/0.3
> to 10.0.1.2 via lt-1/2/0.5
10.0.1.0/30 *[Direct/0] 1w0d 10:15:18
> via lt-1/2/0.5
10.0.1.1/32 *[Local/0] 1w0d 10:15:18
Local via lt-1/2/0.5
10.0.2.0/30 *[Direct/0] 1w0d 10:15:18
> via lt-1/2/0.3
10.0.2.1/32 *[Local/0] 1w0d 10:15:18
Local via lt-1/2/0.3

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

49.0001.1234.1600.2231/72
*[Direct/0] 1w0d 10:17:19
> via lo0.3

user@host> show route logical-system LS2

inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[IS-IS/160] 00:01:38, metric 10

> to 10.0.2.1 via lt-1/2/0.4
10.0.0.0/30 *[Direct/0] 1w0d 10:16:11
> via lt-1/2/0.1
10.0.0.2/32 *[Local/0] 1w0d 10:16:11
Local via lt-1/2/0.1
10.0.1.0/30 *[IS-IS/15] 1w0d 10:15:07, metric 20
> to 10.0.0.1 via lt-1/2/0.1
to 10.0.2.1 via lt-1/2/0.4
10.0.2.0/30 *[Direct/0] 1w0d 10:16:11
> via lt-1/2/0.4
10.0.2.2/32 *[Local/0] 1w0d 10:16:11

Copyright © 2011, Juniper Networks, Inc. 431

Junos OS 11.4 Routing Protocols Configuration Guide

Local via lt-1/2/0.4

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

49.0001.1720.1600.2002/72
*[Direct/0] 1w0d 10:18:12
> via lo0.2

user@host> show route logical-system LS1

inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[IS-IS/160] 00:02:01, metric 10

> to 10.0.1.1 via lt-1/2/0.0
10.0.0.0/30 *[Direct/0] 1w0d 10:16:34
> via lt-1/2/0.2
10.0.0.1/32 *[Local/0] 1w0d 10:16:34
Local via lt-1/2/0.2
10.0.1.0/30 *[Direct/0] 1w0d 10:16:34
> via lt-1/2/0.0
10.0.1.2/32 *[Local/0] 1w0d 10:16:34
Local via lt-1/2/0.0
10.0.2.0/30 *[IS-IS/15] 1w0d 10:15:55, metric 20
to 10.0.1.1 via lt-1/2/0.0
> to 10.0.0.2 via lt-1/2/0.2

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

49.0001.1720.1600.1001/72
*[Direct/0] 1w0d 10:18:35
> via lo0.1

Meaning The routing table on Logical System LS3 contains the default 0.0.0.0/0 route from
protocol Static. The routing tables on Logical System LS1 and Logical System LS2 contain
the default 0.0.0.0/0 route from protocol IS-IS. If Logical System LS1 and Logical System
LS2 receive packets destined for networks not specified in their routing tables, those
packets will be sent to Logical System LS3 for further processing. This configuration
assumes that Logical System LS3 has a connection to an ISP or another external network.

Related • Example: Creating an Interface on a Logical System

Documentation

432 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 15

Summary of IS-IS Configuration

Statements

The following sections explain each of the IS-IS configuration statements. The statements
are organized alphabetically.

Copyright © 2011, Juniper Networks, Inc. 433

Junos OS 11.4 Routing Protocols Configuration Guide

authentication-key

Syntax authentication-key key;

Hierarchy Level [edit logical-systems logical-system-name protocols isislevel level-number],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis level level-number],
[edit protocols isis level level-number],
[edit routing-instances routing-instance-name protocols isis level level-number]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Authentication key (password). Neighboring routing devices use the password to verify
the authenticity of packets sent from this interface. For the key to work, you also must
include the authentication-type statement.

All routing devices must use the same password. If you are using the Junos OS IS-IS
software with another implementation of IS-IS, the other implementation must be
configured to use the same password for the domain, the area, and all interfaces adjacent
to the Juniper Networks routing device.

Default If you do not include this statement and the authentication-type statement, IS-IS
authentication is disabled.

Options key—Authentication password. The password can be up to 1024 characters long.

Characters can include any ASCII strings. If you include spaces, enclose all characters
in quotation marks (“ ”).

CAUTION: A simple password for authentication is truncated if it exceeds

254 characters.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring IS-IS Authentication on page 347

Documentation

434 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

authentication-key-chain

Syntax authentication-key-chain key-chain-name;

Hierarchy Level [edit logical-systems name protocols isis level level-number],

[edit logical-systems name routing-instances instance-name protocols isis level level-number],
[edit protocols isis level level-number],
[edit routing-instances instance-name protocols isis level level-number]

Release Information Statement introduced in Junos OS Release 11.2.

Description Apply and enable an authentication keychain to the routing device.

Options key-chain—Authentication keychain name. It can be up to 126 characters. Characters can

include any ASCII strings. If you include spaces, enclose all characters in quotation
marks (“ ”).

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Example: Configuring Hitless Authentication Key Rollover for IS-IS on page 350
Documentation
• Overview of Hitless Authentication Key Rollover for IS-IS on page 349

Copyright © 2011, Juniper Networks, Inc. 435

Junos OS 11.4 Routing Protocols Configuration Guide

authentication-type

Syntax authentication-type authentication;

Hierarchy Level [edit logical-systems logical-system-name protocols isis level level-number],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Enable authentication and specify the authentication scheme for IS-IS. If you enable
authentication, you must specify a password by including the authentication-key
statement.

Default If you do not include this statement and the authentication-key statement, IS-IS
authentication is disabled.

Options authentication—Authentication scheme:

• md5—Use HMAC authentication in combination with MD5. HMAC-MD5 authentication

is defined in RFC 2104, HMAC: Keyed-Hashing for Message Authentication.

• simple—Use a simple password for authentication. The password is included in the

transmitted packet, making this method of authentication relatively insecure. We
recommend that you not use this authentication method.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • authentication-key on page 434

Documentation
• no-authentication-check on page 472

• Configuring IS-IS Authentication on page 347

436 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

bfd-liveness-detection

Syntax bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
no-adaptation;
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
multiplier number;
version (1 | automatic);
}

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis interface interface-name],
[edit protocols isis interface interface-name],
[edit routing-instances routing-instance-name protocols isis interface interface-name]

Release Information Statement introduced before Junos OS Release 7.4.

Description Configure bidirectional failure detection timers and authentication.

Options authentication algorithm algorithm-name —Configure the algorithm used to authenticate

the specified BFD session: simple-password, keyed-md5, keyed-sha-1,
meticulous-keyed-md5, meticulous-keyed-sha-1.

authentication key-chain key-chain-name—Associate a security key with the specified

authentication loose-check—(Optional) Configure loose authentication checking on the

BFD session. Use only for transitional periods when authentication may not be
configured at both ends of the BFD session.

Copyright © 2011, Juniper Networks, Inc. 437

Junos OS 11.4 Routing Protocols Configuration Guide

detection-time threshold milliseconds—Configure a threshold. When the BFD session

detection time adapts to a value equal to or greater than the threshold, a single trap
and a single system log message are sent.

minimum-interval milliseconds—Configure the minimum intervals at which the local

routing device transmits a hello packet and then expects to receive a reply from the
neighbor with which it has established a BFD session.
Range: 1 through 255,000

minimum-receive-interval milliseconds—Configure only the minimum interval at which

the local routing device expects to receive a reply from a neighbor with which it has
established a BFD session.
Range: 1 through 255,000

multiplier number—Configure the number of hello packets not received by a neighbor

that causes the originating interface to be declared down.
Range: 1 through 255
Default: 3

no-adaptation—Specify that BFD sessions not adapt to changing network conditions.

We recommend that you not disable BFD adaptation unless it is preferable not to
have BFD adaptation enabled in your network.

transmit-interval threshold milliseconds—Configure a threshold. When the BFD session

transmit-interval minimum-interval milliseconds—Configure only the minimum interval

at which the routing device sends hello packets to a neighbor with which it has
established a BFD session.
Range: 1 through 255,000

version—Specify the BFD version to detect.

Range: 1 (BFD version 1), or automatic (autodetection)
Default: automatic

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring BFD for IS-IS on page 356

Documentation
• Configuring BFD Authentication for IS-IS on page 366

438 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

checksum

Syntax checksum;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Enable checksum for packets on this interface. The checksum cannot be enabled with
MD5 hello authentication on the same interface.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Enabling Packet Checksum on IS-IS Interfaces on page 369

Documentation

clns-routing

Syntax clns-routing;

Hierarchy Level [edit protocols isis],

[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Description Enable IS-IS to exchange CLNS routes.

NOTE: CLNS is supported on J Series Services Routers and MX Series routers

only.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring CLNS for IS-IS on page 402

Documentation

Copyright © 2011, Juniper Networks, Inc. 439

Junos OS 11.4 Routing Protocols Configuration Guide

csnp-interval

Syntax csnp-interval (seconds | disable);

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure the interval between complete sequence number (CSN) packets on a LAN
interface.

Options disable—Do not send CSN packets on this interface.

seconds—Number of seconds between the sending of CSN packets.

Range: 1 through 65,535 seconds
Default: 10 seconds

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring the Transmission Frequency for CSNP Packets on IS-IS Interfaces on
Documentation page 369

440 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

disable

See the following sections:

• disable (IS-IS) on page 442

• disable (LDP Synchronization) on page 443

Copyright © 2011, Juniper Networks, Inc. 441

Junos OS 11.4 Routing Protocols Configuration Guide

disable (IS-IS)
Syntax disable;

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name protocols isis interface interface-name],
[edit logical-systems logical-system-name protocols isis interface interface-namelevel
level-number],
[edit logical-systems logical-system-name protocols isis traffic-engineering],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis interface interface-name],
[edit logical-systems logical-system-name routing-instances routing-instance-name
protocols isis interface interface-name level level-number],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis traffic-engineering],
[edit protocols isis],
[edit protocols isis interface interface-name],
[edit protocols isis interface interface-name level level-number],
[edit protocols isis traffic-engineering],
[edit routing-instances routing-instance-name protocols isis],
[edit routing-instances routing-instance-name protocols isis interface interface-name],
[edit routing-instances routing-instance-name protocols isis interface interface-name level
level-number],
[edit routing-instances routing-instance-name protocols isis traffic-engineering]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Disable IS-IS on the routing device, on an interface, or on a level. At the [edit protocols
isis traffic-engineering] hierarchy level, disable IS-IS support for traffic engineering.

Enabling IS-IS on an interface (by including the interface statement at the [edit protocols
isis] or the [edit routing-instances routing-instance-name protocols isis] hierarchy level),
disabling it (by including the disable statement), and not actually having IS-IS run on an
interface (by including the passive statement) are mutually exclusive states.

Default IS-IS is enabled for Level 1 and Level 2 routers on all interfaces on which an International
Organization for Standardization (ISO) protocol family is enabled.

IS-IS support for traffic engineering is enabled.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • IS-IS Overview on page 337

Documentation
• Disabling IS-IS Support for Traffic Engineering on page 400

• Disabling IS-IS on page 405

442 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

disable (LDP Synchronization)

Syntax disable;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

Release Information Statement introduced in Junos OS Release 7.5.

Description Disable LDP for IS-IS.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Synchronization Between LDP and IS-IS on page 369

Documentation

export

Syntax export [ policy-names ];

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Apply one or more policies to routes being exported from the routing table into IS-IS.

Options policy-names—Name of one or more policies.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Applying Policies to Routes Exported to IS-IS on page 406

Documentation
• Junos OS Routing Policy Configuration Guide

Copyright © 2011, Juniper Networks, Inc. 443

Junos OS 11.4 Routing Protocols Configuration Guide

external-preference

Syntax external-preference preference;

Hierarchy Level [edit logical-systems logical-system-name protocols isis level level-number],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure the preference of external routes.

Options preference—Preference value.

32
Range: 0 through 4,294,967,295 (2 – 1)
Default: 15 (for Level 1 internal routes), 18 (for Level 2 internal routes), 160 (for Level 1
external routes), 165 (for Level 2 external routes)

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • preference on page 480

Documentation
• Configuring Preference Values for IS-IS Routes on page 393

444 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

family

Syntax family inet {

shortcuts {
multicast-rpf-routes;
}
}
family inet6 {
shortcuts;
}

Hierarchy Level [edit logical-systems logical-system-name protocols isis level],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis level]
[edit protocols isis level],
[edit routing-instances routing-instance-name protocols isis level],

Release Information Statement introduced in Junos OS Release 9.3.

Description Configure the address family for traffic engineering IS-IS interior gateway protocol (IGP)
shortcuts. Support for IPv6 for IGP shortcuts introduced in Junos OS Release 9.3.

Options inet—IPv4 address family

inet6—IPv6 address family

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring IS-IS Traffic Engineering Attributes on page 398

Documentation

Copyright © 2011, Juniper Networks, Inc. 445

Junos OS 11.4 Routing Protocols Configuration Guide

graceful-restart

Syntax graceful-restart {
disable;
helper-disable;
restart-duration seconds;
}

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure graceful restart for IS-IS.

Options disable—Disable graceful restart.

helper-disable—Disable graceful restart helper capability. Helper mode is enabled by

default.

restart-duration seconds—Configure the time period for the restart to last, in seconds.
Range: 30 through 300 seconds
Default: 30 seconds

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Graceful Restart on page 132

Documentation
• Configuring Graceful Restart for IS-IS on page 397

446 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

hello-authentication-key

Syntax hello-authentication-key password;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-namelevel

number],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis interface interface-name level number],
[edit protocols isis interface interface-name level number],
[edit routing-instances routing-instance-name protocols isis interface interface-name level
number]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure an authentication key (password) for hello packets. Neighboring routing devices
use the password to verify the authenticity of packets sent from an interface. For the key
to work, you also must include the hello-authentication-type statement.

Default By default, hello authentication is not configured on an interface. However, if IS-IS

authentication is configured, the hello packets are authenticated using the IS-IS
authentication type and password.

Options password—Authentication password. The password can be up to 255 characters.

Characters can include any ASCII strings. If you include spaces, enclose all characters
in quotation marks (“ ”).

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • authentication-key on page 434

Documentation
• authentication-type on page 436

• hello-authentication-type on page 449

• Configuring Authentication for IS-IS Hello Packets on page 390

Copyright © 2011, Juniper Networks, Inc. 447

Junos OS 11.4 Routing Protocols Configuration Guide

hello-authentication-key-chain

Syntax hello-authentication-key-chain key-chain-name;

Hierarchy Level [edit logical-systems name protocols isis interface interface-name level level-number],
[edit logical-systems name routing-instances instance-name protocols isis interface
interface-name level level-number],
[edit protocols isis interface interface-name level level-number],
[edit routing-instances instance-name protocols isis interface interface-name level
level-number]

Release Information Statement introduced in Junos OS Release 11.2.

Description Apply and enable an authentication keychain to the IS-IS interface.

Options key-chain-name—Authentication keychain name. It can be up to 126 characters. Characters

can include any ASCII strings. If you include spaces, enclose all characters in quotation
marks (“ ”).

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Example: Configuring Hitless Authentication Key Rollover for IS-IS on page 350
Documentation
• Overview of Hitless Authentication Key Rollover for IS-IS on page 349

448 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

hello-authentication-type

Syntax hello-authentication-type (md5 | simple);

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name level
number],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis interface interface-name level number],
[edit protocols isis interface interface-name level number],
[edit routing-instances routing-instance-name protocols isis interface interface-name level
number]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Enable authentication on an interface for hello packets. If you enable authentication on
hello packets, you must specify a password by including the hello-authentication-key
statement.

Default By default, hello authentication is not configured on an interface. However, if IS-IS

authentication is configured, the hello packets are authenticated using the IS-IS
authentication type and password.

Options md5—Specifies Message Digest 5 as the packet verification type.

simple—Specifies simple authentication as the packet verification type.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • authentication-key on page 434

Documentation
• authentication-type on page 436

• hello-authentication-key on page 447

• Configuring Authentication for IS-IS Hello Packets on page 390

Copyright © 2011, Juniper Networks, Inc. 449

Junos OS 11.4 Routing Protocols Configuration Guide

hello-interval

Syntax hello-interval seconds;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name level
level-number],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis interface interface-name level level-number],
[edit protocols isis interface interface-name level level-number],
[edit routing-instances routing-instance-name protocols isis interface interface-name level
level-number]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Frequency with which the routing device sends hello packets out of an interface,
in seconds.

Options seconds—Frequency of transmission for hello packets.

Range: 1 through 20,000 seconds
Default: 3 seconds (for designated intersystem [DIS] routers), 9 seconds (for non-DIS
routers)

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • hold-time on page 453

Documentation
• Configuring the Transmission Frequency for IS-IS Hello Packets on page 390

450 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

hello-padding

Syntax hello-padding (adaptive | loose | strict);

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

Release Information Statement introduced in Junos OS Release 8.0.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure padding on hello packets to accommodate asymmetrical maximum transfer

units (MTUs) from different hosts.

Options adaptive—Configure padding until state of neighbor adjacency is up.

loose—Configure padding until state of adjacency is initialized.

strict—Configure padding for all adjacency states.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Enabling Padding of IS-IS Hello Packets on page 401

Documentation

Copyright © 2011, Juniper Networks, Inc. 451

Junos OS 11.4 Routing Protocols Configuration Guide

hold-time

See the following sections:

• hold-time (IS-IS) on page 452

• hold-time (LDP Synchronization) on page 453

hold-time (IS-IS)
Syntax hold-time seconds;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-namelevel

level-number],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis interface interface-name level level-number],
[edit protocols isis interface interface-name level level-number],
[edit routing-instances routing-instance-name protocols isis interface interface-name level
level-number]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Set the length of time a neighbor considers this router to be operative (up) after receiving
a hello packet. If the neighbor does not receiver another hello packet within the specified
time, it marks this routing device as inoperative (down). The hold time itself is advertised
in the hello packets.

Options seconds—Hold-time value, in seconds.

Range: 3 through 65,535 seconds, or 1 to send out hello packets every 333 milliseconds
Default: 9 seconds (for DIS routers), 27 seconds (for non-DIS routers; three times the
default hello interval)

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • hello-interval on page 450

Documentation
• Configuring the Delay Before IS-IS Neighbors Mark the Routing Device as Down on
page 391

452 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

hold-time (LDP Synchronization)

Syntax hold-time seconds;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name

ldp-synchronization],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis interface interface-name ldp-synchronization],
[edit protocols isis interface interface-name ldp-synchronization],
[edit routing-instances routing-instance-name protocols isis interface interface-name
ldp-synchronization]

Release Information Statement introduced in Junos OS Release 7.5.

Description Configure the time period to advertise the maximum cost metric for a link that is not fully
operational.

Options seconds—Hold-time value, in seconds.

Range: 1 through 65,535 seconds
Default: Infinity

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Synchronization Between LDP and IS-IS on page 369

Documentation

Copyright © 2011, Juniper Networks, Inc. 453

Junos OS 11.4 Routing Protocols Configuration Guide

ignore-attached-bit

Syntax ignore-attached-bit;

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Ignore the attached bit on IS-IS Level 1 routers. Configuring this statement allows the
routing device to ignore the attached bit on incoming Level 1 LSPs. If the attached bit is
ignored, no default route, which points to the routing device which has set the attached
bit, is installed.

Default The ignore-attached-bit statement is disabled by default.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring IS-IS on page 344

Documentation

ignore-lsp-metrics

Syntax ignore-lsp-metrics;

Hierarchy Level [edit logical-systems logical-system-name protocols isis traffic-engineering],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis traffic-engineering],
[edit protocols isis traffic-engineering],
[edit routing-instances routing-instance-name protocols isis traffic-engineering]

Release Information Statement introduced in Junos OS Release 8.0.

Description Ignore the metrics for RSVP label-switched paths in IS-IS traffic engineering shortcut
calculations or when you configure LDP over RSVP label-switched paths.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • shortcuts on page 485

Documentation
• Configuring IS-IS to Use IGP Shortcuts on page 398

• Junos OS MPLS Applications Configuration Guide

454 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

interface

Syntax interface (all | interface-name) {

disable;
bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
transmit-interval {
threshold milliseconds;
minimum-interval milliseconds;
}
multiplier number;
}
checksum;
csnp-interval (seconds | disable);
hello-padding (adaptive | loose | strict);
ldp-synchronization {
disable;
hold-time seconds;
}
lsp-interval milliseconds;
mesh-group (value | blocked);
no-adjacency-holddown;
no-ipv4-multicast;
no-ipv6-multicast;
no-ipv6-unicast;
no-unicast-topology;
passive;
point-to-point;
level level-number {
disable;
hello-authentication-key key;
hello-authentication-key-chain key-chain-name;
hello-authentication-type authentication;
hello-interval seconds;
hold-time seconds;
ipv4-multicast-metric number;
ipv6-multicast-metric number;
ipv6-unicast-metric number;
metric metric;
passive;
priority number;
te-metric metric;
}
}

Copyright © 2011, Juniper Networks, Inc. 455

Junos OS 11.4 Routing Protocols Configuration Guide

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure interface-specific IS-IS properties. To configure more than one interface, include
the interface statement multiple times.

Options all—Have the Junos OS create IS-IS interfaces automatically.

interface-name—Name of an interface. Specify the full interface name, including the

physical and logical address components.

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring of Interface-Specific IS-IS Properties on page 355

Documentation

ipv4-multicast

Syntax ipv4-multicast;

Hierarchy Level [edit logical-systems logical-system-name protocols isis topologies],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis topologies],
[edit protocols isis topologies],
[edit routing-instances routing-instance-name protocols isis topologies]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure alternate IPv4 multicast topologies.

Default Multicast topologies are disabled.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring IS-IS Multicast Topology on page 371

Documentation

456 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

ipv4-multicast-metric

Syntax ipv4-multicast-metric metric;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-namelevel

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Specify the multicast topology metric value for the level.

Options metric—Metric value.

Range: 0 through 16,777,215

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring IS-IS Multicast Topology on page 371

Documentation

ipv6-multicast

Syntax ipv6-multicast;

Hierarchy Level [edit logical-systems logical-system-name protocols isis topologies],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure alternate IPv6 multicast topologies.

Default Multicast topologies are disabled.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring IS-IS Multicast Topology on page 371

Documentation

Copyright © 2011, Juniper Networks, Inc. 457

Junos OS 11.4 Routing Protocols Configuration Guide

ipv6-multicast-metric

Syntax ipv6-multicast-metric metric;

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Specify the IPv6 alternate multicast topology metric value for the level.

Options metric—Metric value.

Range: 0 through 16,777,215

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring IS-IS Multicast Topology on page 371

Documentation

ipv6-unicast

Syntax ipv6-unicast;

Hierarchy Level [edit logical-systems logical-system-name protocols isis topologies],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure alternate IPv6 unicast topologies.

Default IPv6 unicast topologies are disabled.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring IS-IS IPv6 Unicast Topologies on page 387

Documentation

458 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

ipv6-unicast-metric

Syntax ipv6-unicast-metric metric;

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Specify the IPv6 unicast topology metric value for the level.

Options metric—Metric value.

Range: 0 through 16,777,215

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring IS-IS IPv6 Unicast Topologies on page 387

Documentation

Copyright © 2011, Juniper Networks, Inc. 459

Junos OS 11.4 Routing Protocols Configuration Guide

isis

Syntax isis { ... }

Hierarchy Level [edit logical-systems logical-system-name protocols],

[edit logical-systems logical-system-name routing-instances routing-instance-name
protocols],
[edit protocols],
[edit routing-instances routing-instance-name protocols]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Enable IS-IS routing on the routing device or for a routing instance.

The isis statement is the one statement you must include in the configuration to run IS-IS
on the routing device or in a routing instance.

Default IS-IS is disabled on the routing device.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Minimum IS-IS Configuration on page 347

Documentation

460 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

label-switched-path

Syntax label-switched-path name level level-number metric metric;

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Description Advertise LSPs into IS-IS as point-to-point links. The LSP is advertised in the appropriate
IS-IS levels as a point-to-point link and contains a local address and a remote address.

Options name—Identifies the LSP.

level-number—IS-IS level number.

Values: 1 or 2

metric—Metric value.
Range: 1 through 63, or 1 through 16,777,215 (if you have configured wide metrics)
Default: 0 (for lo0), 10 (for all other interfaces)

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Advertising Label-Switched Paths into IS-IS on page 394

Documentation

Copyright © 2011, Juniper Networks, Inc. 461

Junos OS 11.4 Routing Protocols Configuration Guide

-synchronization

Syntax ldp-synchronization {
disable;
hold-time seconds;
}

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

Release Information Statement introduced in Junos OS Release 7.5.

Description Enable synchronization by advertising the maximum cost metric until LDP is operational
on the link.

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Example: Configuring Synchronization Between LDP and IGPs on page 583
Documentation

462 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

level

See the following sections:

• level (Global IS-IS) on page 463

• level (IS-IS Interfaces) on page 464

level (Global IS-IS)

Syntax level level-number {
authentication-key key;
authentication-key-chain key-chain-name;
authentication-type type;
external-preference preference;
no-csnp-authentication;
no-hello-authentication;
no-psnp-authentication;
preference preference;
wide-metrics-only;
}

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure the global-level properties.

Options level-number—IS-IS level number.

Values: 1 or 2

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Preference Values for IS-IS Routes on page 393

Documentation

Copyright © 2011, Juniper Networks, Inc. 463

Junos OS 11.4 Routing Protocols Configuration Guide

level (IS-IS Interfaces)

Syntax level level-number {
level (IS-IS Interfaces);
hello-authentication-key key;
hello-authentication-key-chain key-chain-name;
hello-authentication-type authentication;
hello-interval seconds;
hold-time seconds;
ipv4-multicast-metric number;
ipv6-unicast-metric number;
metric metric;
passive;
priority number;
te-metric metric;
}

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure the IS-IS level. You can configure one instance of Level 1 routing and one
instance of Level 2 routing on each interface, and you can configure the two levels
differently.

Options level-number—IS-IS level number.

Values: 1 or 2
Default: The routing device operates as both a Level 1 and Level 2 router.

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Levels on IS-IS Interfaces on page 388

Documentation

464 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

link-protection

Syntax link-protection;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

Release Information Statement introduced in Junos OS Release 9.5.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Enable link protection on the specified IS-IS interface. The Junos OS creates a backup
loop-free alternate path to the primary next hop for all destination routes that traverse
the protected interface.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • node-link-protection on page 477

Documentation
• Configuring Link Protection for IS-IS on page 411

loose-authentication-check

Syntax loose-authentication-check;

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Allow the use of MD5 authentication without requiring network-wide deployment.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Enabling Authentication for IS-IS Without Network-Wide Deployment on page 401
Documentation

Copyright © 2011, Juniper Networks, Inc. 465

Junos OS 11.4 Routing Protocols Configuration Guide

lsp-interval

Syntax lsp-interval milliseconds;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure the link-state PDU interval time.

Options milliseconds—Number of milliseconds between the sending of link-state PDUs. Specifying

a value of 0 blocks all link-state PDU transmission.
Range: 0 through 1000 milliseconds
Default: 100 milliseconds

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring the Transmission Frequency for Link-State PDUs on IS-IS Interfaces on
Documentation page 370

466 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

lsp-lifetime

Syntax lsp-lifetime seconds;

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Specify how long a link-state PDU originating from the routing device should persist in
the network. The routing device sends link-state PDUs often enough so that the link-state
PDU lifetime never expires.

Options seconds—link-state PDU lifetime, in seconds.

Range: 350 through 65,535 seconds
Default: 1200 seconds

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Link-State PDU Lifetime for IS-IS on page 394

Documentation

Copyright © 2011, Juniper Networks, Inc. 467

Junos OS 11.4 Routing Protocols Configuration Guide

max-areas

Syntax max-areas number;

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis]
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced in Junos OS Release 8.1.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Modify the maximum number of IS-IS areas advertised.

Options number—Maximum number of areas to include in the IS-IS hello (IIH) PDUs and link-state
PDUs.
Range: 3 through 36
Default: 3

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Limiting the Number of Advertised IS-IS Areas on page 393

Documentation

468 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

mesh-group

Syntax mesh-group (blocked | value);

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure an interface to be part of a mesh group, which is a set of fully connected nodes.

Options blocked—Configure the interface so that it does not flood link-state PDU packets.

value—Number that identifies the mesh group.

32
Range: 1 through 4,294,967,295 (2 – 1; 32 bits are allocated to identify a mesh group)

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Mesh Groups of IS-IS Interfaces on page 370

Documentation

Copyright © 2011, Juniper Networks, Inc. 469

Junos OS 11.4 Routing Protocols Configuration Guide

metric

Syntax metric metric;

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Specify the metric value for the level.

Options metric—Metric value.

Range: 1 through 63, or 1 through 16,777,215 (if you have configured wide metrics)
Default: 10 (for all interfaces except lo0), 0 (for the lo0 interface)

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • te-metric on page 487

Documentation
• wide-metrics-only on page 492

• Configuring the Metric Value for IS-IS Routes on page 391

multicast-rpf-routes

Syntax multicast-rpf-routes;

Hierarchy Level [edit logical-systems logical-system-name protocols isis traffic-engineering family inet
shortcuts],
[edit logical-systems logical-system-name routing-instances traffic-engineering family inet
shortcuts],
[edit protocols isis traffic-engineering family inet shortcuts],
[edit routing-instances routing-instance-name protocols isis traffic-engineering family inet
shortcuts]

Release Information Statement introduced in Junos OS Release 9.3.

Description Install IPv4 routes into the multicast routing table for RPF checks.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Installing IPv4 Routes into the Multicast Routing Table on page 400
Documentation

470 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

no-adjacency-down-notification

Syntax no-adjacency-down-notification;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

[edit protocols isis interface interface-name]

Release Information Statement introduced in Junos OS Release 8.0.

Description Disable adjacency down notification for IS-IS to allow for migration from IS-IS to OSPF
without disruption of the RSVP neighbors and associated RSVP-signaled LSPs.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Disabling Adjacency Down and Neighbor Down Notification in IS-IS and OSPF on
Documentation page 415

no-adjacency-holddown

Syntax no-adjacency-holddown;

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced in Junos OS Release 8.0.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Disable the hold-down timer for IS-IS adjacencies.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Quicker Advertisement of IS-IS Adjacency State Changes on page 401
Documentation

Copyright © 2011, Juniper Networks, Inc. 471

Junos OS 11.4 Routing Protocols Configuration Guide

no-authentication-check

Syntax no-authentication-check;

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Generate authenticated packets and check the authentication on received packets, but
do not reject packets that cannot be authenticated.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • csnp-interval on page 440

Documentation
• hello-authentication-type on page 449

• Configuring IS-IS Authentication on page 347

no-csnp-authentication

Syntax no-csnp-authentication;

Hierarchy Level [edit logical-systems logical-system-name protocols isis level level-number],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Suppress authentication check on complete sequence number PDU (CSNP) packets.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • csnp-interval on page 440

Documentation
• Configuring IS-IS Authentication on page 347

472 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

no-eligible-backup

Syntax no-eligible-backup;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

Release Information Statement introduced in Junos OS Release 9.5.

Statement introduced in Junos OS Release 9.5 for EX Series switches.

Description Exclude the specified interface as a backup interface for IS-IS interfaces on which link
protection or node-link protection is enabled.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • link-protection on page 465

Documentation
• node-link-protection on page 477

• Excluding an IS-IS Interface as a Backup for Protected Interfaces on page 412

no-hello-authentication

Syntax no-hello-authentication;

Hierarchy Level [edit logical-systems logical-system-name protocols isis level level-number],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Suppress authentication check on complete sequence number hello packets.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • hello-authentication-type on page 449

Documentation
• Configuring IS-IS Authentication on page 347

Copyright © 2011, Juniper Networks, Inc. 473

Junos OS 11.4 Routing Protocols Configuration Guide

no-ipv4-multicast

Syntax no-ipv4-multicast;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Exclude an interface from the IPv4 multicast topologies.

Default Multicast topologies are disabled.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring IS-IS Multicast Topology on page 371

Documentation

no-ipv4-routing

Syntax no-ipv4-routing;

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Disable IP version 4 (IPv4) routing.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Disabling IPv4 Routing for IS-IS on page 405

Documentation

474 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

no-ipv6-multicast

Syntax no-ipv6-multicast;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Exclude an interface from the IPv6 multicast topologies.

Default Multicast topologies are disabled.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring IS-IS Multicast Topology on page 371

Documentation

no-ipv6-routing

Syntax no-ipv6-routing;

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Disable IP version 6 (IPv6) routing.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Disabling IPv6 Routing for IS-IS on page 405

Documentation

Copyright © 2011, Juniper Networks, Inc. 475

Junos OS 11.4 Routing Protocols Configuration Guide

no-ipv6-unicast

Syntax no-ipv6-unicast;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Exclude an interface from the IPv6 unicast topologies.

Default IPv6 unicast topologies are disabled.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring IS-IS IPv6 Unicast Topologies on page 387

Documentation

no-psnp-authentication

Syntax no-psnp-authentication;

Hierarchy Level [edit logical-systems logical-system-name protocols isis level level-number],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Suppress authentication check on partial sequence number PDU (PSNP) packets.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring IS-IS Authentication on page 347

Documentation

476 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

no-unicast-topology

Syntax no-unicast-topology;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Exclude an interface from the IPv4 unicast topologies.

Default IPv4 unicast topologies are disabled.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring IS-IS Multicast Topology on page 371

Documentation

node-link-protection

Syntax node-ink-protection;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

[edit logical-routers logical-router-name routing-instances routing-instance-name protocols
isis interface interface-name],
[edit protocols isis interface interface-name],
[edit routing-instances routing-instance-name protocols isis interface interface-name]

Release Information Statement introduced in Junos OS Release 9.5.

Statement introduced in Junos OS Release 9.5 for EX Series switches.

Description Enable node-link protection on the specified IS-IS interface. The Junos OS creates an
alternate loop-free path to the primary next hop for all destination routes that traverse
a protected interface. This alternate path avoids the primary next-hop routing device
altogether and establishes a path through a different routing device.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • link-protection on page 465

Documentation
• Configuring Node-Link Protection for IS-IS on page 411

Copyright © 2011, Juniper Networks, Inc. 477

Junos OS 11.4 Routing Protocols Configuration Guide

overload

Syntax overload {
advertise-high-metrics;
allow-route-leaking;
timeout seconds;
}

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure the local routing device so that it appears to be overloaded. You might want
to do this when you want the routing device to participate in IS-IS routing, but do not
want it to be used for transit traffic. Note that traffic to immediately attached interfaces
continues to transit the routing device. You can also advertise maximum link metrics in
network layer reachability information (NLRI) instead of setting the overload bit.

NOTE: If the time elapsed after the IS-IS instance is enabled is less than the
specified timeout, overload mode is set.

Options advertise-high-metrics—Advertise maximum link metrics in NLRIs instead of setting the

overload bit.
Default: With advertise-high-metrics configured, the routing device in overload mode
stops leaking route information into the network.

allow-route-leaking—Enable leaking of route information into the network even if the

overload bit is set.

timeout seconds—Number of seconds at which the overloading is reset.

Default: 0 seconds
Range: 60 through 1800 seconds

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

478 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

Related • Configuring IS-IS to Make Routing Devices Appear Overloaded on page 395
Documentation

passive

Syntax passive;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

[edit logical-systems logical-system-name protocols isis interface interface-name level
level-number],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis interface interface-name],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis interface interface-name level level-number],
[edit protocols isis interface interface-name],
[edit protocols isis interface interface-name level level-number],
[edit routing-instances routing-instance-name protocols isis interface interface-name],
[edit routing-instances routing-instance-name protocols isis interface interface-name level
level-number]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Advertise the direct interface addresses on an interface or into a level on the interface
without actually running IS-IS on that interface or level.

This statement effectively prevents IS-IS from running on the interface. To enable IS-IS
on an interface, include the interface statement at the [edit protocols isis] or the [edit
routing-instances routing-instance-name protocols isis] hierarchy level. To disable it,
include the disable statement at those hierarchy levels. The three states are mutually
exclusive.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • disable on page 443

Documentation
• Advertising Interface Addresses Without Running IS-IS on page 389

Copyright © 2011, Juniper Networks, Inc. 479

Junos OS 11.4 Routing Protocols Configuration Guide

point-to-point

Syntax point-to-point;

Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure an IS-IS interface to behave like a point-to-point connection.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring Point-to-Point Interfaces for IS-IS on page 387

Documentation

preference

Syntax preference preference;

Hierarchy Level [edit logical-systems logical-system-name protocols isis level level-number],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure the preference of internal routes.

Options preference—Preference value.

32
Range: 0 through 4,294,967,295 (2 – 1)
Default: 15 (for Level 1 internal routes), 18 (for Level 2 internal routes), 160 (for Level 1
external routes), 165 (for Level 2 external routes)

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • external-preference on page 444

Documentation
• Configuring Preference Values for IS-IS Routes on page 393

480 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

prefix-export-limit

Syntax prefix-export-limit number;

Hierarchy Level [edit logical-systems logical-system-name protocols isis level level-number],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure a limit to the number of prefixes exported into IS-IS.

Options number—Prefix limit.

32
Range: 0 through 4,294,967,295 (2 – 1)

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Limiting the Number of Prefixes Exported to IS-IS on page 394

Documentation

Copyright © 2011, Juniper Networks, Inc. 481

Junos OS 11.4 Routing Protocols Configuration Guide

priority

Syntax priority number;

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description The interface’s priority for becoming the designated router. The interface with the highest
priority value becomes that level’s designated router.

The priority value is meaningful only on a multiaccess network. It has no meaning on a

point-to-point interface.

Options number—Priority value.

Range: 0 through 127
Default: 64

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring the Designated Router Priority for IS-IS on page 391
Documentation

482 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

reference-bandwidth

Syntax reference-bandwidth reference-bandwidth;

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Set the reference bandwidth used in calculating the default interface cost. The cost is
calculated using the following formula:

cost = reference-bandwidth/bandwidth

Options reference-bandwidth—Reference bandwidth, in megabits per second.

Default: 10 Mbps
Range: 9600 through 1,000,000,000,000 Mbps

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring the Reference Bandwidth Used in IS-IS Metric Calculations on page 392
Documentation

Copyright © 2011, Juniper Networks, Inc. 483

Junos OS 11.4 Routing Protocols Configuration Guide

rib-group

Syntax rib-group {
inet group-name;
inet6 group-name;
}

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Install routes learned from IS-IS routing instances into routing tables in the IS-IS routing
table group. You can install IPv4 routes or IPv6 routes.

Support for IPv6 routing table groups in IS-IS enables IPv6 routes that are learned from
IS-IS routing instances to be installed into other routing tables defined in an IS-IS routing
table group.

Options group-name—Name of the routing table group.

inet—Install IPv4 IS-IS routes.

inet6—Install IPv6 IS-IS routes.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Creating Routing Table Groups on page 123

Documentation
• Configuring How Interface Routes Are Imported into Routing Tables on page 125

• Understanding Multiprotocol BGP on page 1190

484 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

shortcuts

Syntax shortcuts {
multicast-rpf-routes;
}

Hierarchy Level [edit logical-systems logical-system-name protocols isis traffic-engineering family (inet |
inet6)],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis traffic-engineering family (inet | inet6)],
[edit protocols isis traffic-engineering family (inet | inet6)],
[edit routing-instances routing-instance-name protocols isis traffic-engineering family (inet
| inet6)]

Release Information Statement introduced before Junos OS Release 7.4.

The family statement and support for IPv6 routes for IS-IS traffic engineering shortcuts
introduced in Junos OS Release 9.3.

Description Configure IS-IS to use MPLS label-switched paths (LSPs) as next hops if possible when
installing routing information into the inet.3 or inet6.3 routing table.

The remaining statement is explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring IS-IS Traffic Engineering Attributes on page 398

Documentation

Copyright © 2011, Juniper Networks, Inc. 485

Junos OS 11.4 Routing Protocols Configuration Guide

spf-options

Syntax spf-options {
delay milliseconds;
holddown milliseconds;
rapid-runs number;
}

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced in Junos OS Release 8.5.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure options for running the shortest-path-first (SPF) algorithm. You can configure
a delay for when to run the SPF algorithm after a network topology change is detected,
the maximum number of times the SPF algorithm can run in succession, and a holddown
interval after SPF algorithm runs the maximum number of times.

Options delay milliseconds—Time interval between the detection of a topology change and when
the SPF algorithm runs.
Range: 50 through 1000 milliseconds
Default: 200 milliseconds

holddown milliseconds—Time interval to hold down, or wait before a subsequent SPF

algorithm runs after the SPF algorithm has run the configured maximum number of
times in succession.
Range: 2000 through 10,000 milliseconds
Default: 5000 milliseconds

rapid-runs number—Maximum number of times the SPF algorithm can run in succession.
After the maximum is reached, the holddown interval begins.
Range: 1 through 5
Default: 3

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring SPF Options for IS-IS on page 396

Documentation

486 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

te-metric

Syntax te-metric metric;

Release Information Statement introduced before Junos OS Release 7.4.

Description Metric value used by traffic engineering for information injected into the traffic engineering
database. The value of the traffic engineering metric does not affect normal IS-IS
forwarding.

Options metric—Metric value.

Range: 1 through 16,777,215
Default: Value of the IGP metric

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • metric on page 470

Documentation
• wide-metrics-only on page 492

• Configuring the Metric Value for IS-IS Routes on page 391

Copyright © 2011, Juniper Networks, Inc. 487

Junos OS 11.4 Routing Protocols Configuration Guide

topologies

Syntax topologies {
ipv4-multicast;
ipv6-multicast;
ipv6-unicast;
}

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure alternate IS-IS topologies.

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • Configuring IS-IS Multicast Topology on page 371

Documentation

488 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

traceoptions

Syntax traceoptions {
file name <size size> <files number> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure IS-IS protocol-level tracing options. To specify more than one tracing operation,
include multiple flag statements.

Default The default IS-IS protocol-level tracing options are those inherited from the routing
protocols traceoptions statement included at the [edit routing-options] hierarchy level.

Options disable—(Optional) Disable the tracing operation. You can use this option to disable a
single operation when you have defined a broad group of tracing operations, such
as all.

file name—Name of the file to receive the output of the tracing operation. Enclose the
name within quotation marks (“ ”). All files are placed in the directory /var/log. We
recommend that you place IS-IS tracing output in the file isis-log.

If you specify a maximum number of files, you also must specify a maximum file size with
the size option.
Range: 2 through 1000 files
Default: 10 files

flag flag—Tracing operation to perform. To specify more than one flag, include multiple
flag statements.

IS-IS Protocol-Specific Tracing Flags

• csn—Complete sequence number PDU (CSNP) packets

• error—Errored IS-IS packets

• graceful-restart—Graceful restart operation

• hello—Hello packets

Copyright © 2011, Juniper Networks, Inc. 489

Junos OS 11.4 Routing Protocols Configuration Guide

• ldp-synchronization—Synchronization between IS-IS and LDP

• lsp—Link-state PDU packets

• lsp-generation—Link-state PDU generation packets

• packets—All IS-IS protocol packets

• psn—Partial sequence number PDU (PSNP) packets

• spf—Shortest-path-first calculations

Global Tracing Flags

• all—All tracing operations

• general—A combination of the normal and route trace operations

• normal—All normal operations, including adjacency changes

Default: If you do not specify this option, only unusual or abnormal operations are traced.

• policy—Policy operations and actions

• route—Routing table changes

• state—State transitions

• task—Routing protocol task processing

• timer—Routing protocol timer processing

flag-modifier—(Optional) Modifier for the tracing flag. You can specify one or more of
these modifiers:

• detail—Detailed trace information

• receive—Packets being received

• send—Packets being transmitted

no-world-readable—(Optional) Prevent any user from reading the log file.

size size—(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes (MB),
or gigabytes (GB). When a trace file named trace-file reaches this size, it is renamed
trace-file.0. When the trace-file again reaches its maximum size, trace-file.0 is renamed
trace-file.1 and trace-file is renamed trace-file.0. This renaming scheme continues
until the maximum number of trace files is reached. Then, the oldest trace file is
overwritten.
Note that if you specify a maximum file size, you also must specify a maximum
number of trace files with the files option.
Syntax: xk to specify KB, xm to specify MB, or xg to specify GB
Range: 10 KB through the maximum file size supported on your system
Default: 128 KB

world-readable—(Optional) Allow any user to read the log file.

490 Copyright © 2011, Juniper Networks, Inc.

Chapter 15: Summary of IS-IS Configuration Statements

Required Privilege routing and trace—To view this statement in the configuration.
Level routing-control and trace-control—To add this statement to the configuration.

Related • Tracing IS-IS Protocol Traffic on page 416

Documentation

traffic-engineering

Syntax traffic-engineering {
credibility-protocol-preference;
disable;
family inet;
shortcuts {
multicast-rpf-routes;
}
}
family inet6 {
shortcuts;
}
}

Hierarchy Level [edit logical-systems logical-system-name protocols isis],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]

Release Information Statement introduced before Junos OS Release 7.4.

Support for the family statement introduced in Junos OS Release 9.3.
credibility-protocol-preference statement introduced in Junos OS Release 9.4.

Description Configure traffic engineering properties for IS-IS.

Default IS-IS traffic engineering support is enabled.

Options credibility-protocol-preference—Specify for IS-IS to use the configured protocol preference

for IGP routes to determine the traffic engineering database credibility value. By
default, the traffic engineering database prefers IS-IS routes even when the routes
of another IGP are configured with a lower, that is, more preferred, preference value.
Use this statement to override this default behavior.

The remaining statements are explained separately.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • traffic-engineering on page 828

Documentation
• Configuring IS-IS Traffic Engineering Attributes on page 398

Copyright © 2011, Juniper Networks, Inc. 491

Junos OS 11.4 Routing Protocols Configuration Guide

wide-metrics-only

Syntax wide-metrics-only;

Hierarchy Level [edit logical-systems logical-system-name protocols isis level level-number],

Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Description Configure IS-IS to generate metric values greater than 63 on a per IS-IS level basis.

Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Related • te-metric on page 487

Documentation
• Enabling Wide IS-IS Metrics for Traffic Engineering on page 393

492 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 16

Introduction to OSPF

This chapter discusses the following topics that provide background information about
OSPF:

• OSPF Overview on page 494

• OSPF Areas and Router Functionality Overview on page 498
• Packets Overview on page 500
• OSPF External Metrics Overview on page 503
• OSPF Routing Policy Overview on page 503
• Supported OSPF and OSPFv3 Standards on page 504

Copyright © 2011, Juniper Networks, Inc. 493

Junos OS 11.4 Routing Protocols Configuration Guide

OSPF Overview

OSPF is an interior gateway protocol (IGP) that routes packets within a single autonomous
system (AS). OSPF uses link-state information to make routing decisions, making route
calculations using the shortest-path-first (SPF) algorithm (also referred to as the Dijkstra
algorithm). Each router running OSPF floods link-state advertisements throughout the
AS or area that contain information about that router’s attached interfaces and routing
metrics. Each router uses the information in these link-state advertisements to calculate
the least cost path to each network and create a routing table for the protocol.

Junos OS supports OSPF version 2 (OSPFv2) and OSPF version 3 (OSPFv3), including
virtual links, stub areas, and for OSPFv2, authentication. Junos OS does not support
type-of-service (ToS) routing.

OSPF was designed for the Transmission Control Protocol/Internet Protocol (TCP/IP)
environment and as a result explicitly supports IP subnetting and the tagging of externally
derived routing information. OSPF also provides for the authentication of routing updates.

OSPF routes IP packets based solely on the destination IP address contained in the IP
packet header. OSPF quickly detects topological changes, such as when router interfaces
become unavailable, and calculates new loop-free routes quickly and with a minimum
of routing overhead traffic.

An OSPF AS can consist of a single area, or it can be subdivided into multiple areas. In a
single-area OSPF network topology, each router maintains a database that describes
the topology of the AS. Link-state information for each router is flooded throughout the
AS. In a multiarea OSPF topology, each router maintains a database that describes the
topology of its area, and link-state information for each router is flooded throughout that
area. All routers maintain summarized topologies of other areas within an AS. Within
each area, OSPF routers have identical topological databases. When the AS or area
topology changes, OSPF ensures that the contents of all routers’ topological databases
converge quickly.

All OSPFv2 protocol exchanges can be authenticated. OSPFv3 relies on IPsec to provide
this functionality. This means that only trusted routers can participate in the AS’s routing.
A variety of authentication schemes can be used. A single authentication scheme is
configured for each area, which enables some areas to use stricter authentication than
others.

Externally derived routing data (for example, routes learned from BGP) is passed
transparently throughout the AS. This externally derived data is kept separate from the
OSPF link-state data. Each external route can be tagged by the advertising router, enabling
the passing of additional information between routers on the boundaries of the AS.

NOTE: By default, Junos OS is compatible with RFC 1583, OSPF Version 2. In

Junos OS Release 8.5 and later, you can disable compatibility with RFC 1583
by including the no-rfc-1583 statement. For more information, see “Example:
Disabling OSPFv2 Compatibility with RFC 1583” on page 538.

494 Copyright © 2011, Juniper Networks, Inc.

Chapter 16: Introduction to OSPF

This topic describes the following information:

• OSPF Default Route Preference Values on page 495

• OSPF Routing Algorithm on page 495
• OSPF Three-Way Handshake on page 496
• OSPF Version 3 on page 497

OSPF Default Route Preference Values

The Junos OS routing protocol process assigns a default preference value to each route
that the routing table receives. The default value depends on the source of the route.
The preference value is from 0 through 4,294,967,295 (232 – 1), with a lower value
indicating a more preferred route. Table 10 on page 495 lists the default preference values
for OSPF.

Table 10: Default Route Preference Values for OSPF

How Route Is Learned Default Preference Statement to Modify Default Preference

OSPF internal route 10 OSPF preference

OSPF AS external routes 150 OSPF external-preference

OSPF Routing Algorithm

OSPF uses the shortest-path-first (SPF) algorithm, also referred to as the Dijkstra
algorithm, to determine the route to each destination. All routing devices in an area run
this algorithm in parallel, storing the results in their individual topological databases.
Routing devices with interfaces to multiple areas run multiple copies of the algorithm.
This section provides a brief summary of how the SPF algorithm works.

When a routing device starts, it initializes OSPF and waits for indications from lower-level
protocols that the router interfaces are functional. The routing device then uses the OSPF
hello protocol to acquire neighbors, by sending hello packets to its neighbors and receiving
their hello packets.

On broadcast or nonbroadcast multiaccess networks (physical networks that support

the attachment of more than two routing devices), the OSPF hello protocol elects a
designated router for the network. This routing device is responsible for sending link-state
advertisements (LSAs) that describe the network, which reduces the amount of network
traffic and the size of the routing devices’ topological databases.

The routing device then attempts to form adjacencies with some of its newly acquired
neighbors. (On multiaccess networks, only the designated router and backup designated
router form adjacencies with other routing devices.) Adjacencies determine the distribution
of routing protocol packets. Routing protocol packets are sent and received only on
adjacencies, and topological database updates are sent only along adjacencies. When
adjacencies have been established, pairs of adjacent routers synchronize their topological
databases.

Copyright © 2011, Juniper Networks, Inc. 495

Junos OS 11.4 Routing Protocols Configuration Guide

A routing device sends LSA packets to advertise its state periodically and when its state
changes. These packets include information about the routing device’s adjacencies,
which allows detection of nonoperational routing devices.

Using a reliable algorithm, the routing device floods LSAs throughout the area, which
ensures that all routing devices in an area have exactly the same topological database.
Each routing device uses the information in its topological database to calculate a
shortest-path tree, with itself as the root. The routing device then uses this tree to route
network traffic.

The description of the SPF algorithm up to this point has explained how the algorithm
works within a single area (intra-area routing). For internal routers to be able to route to
destinations outside the area (interarea routing), the area border routers must inject
additional routing information into the area. Because the area border routers are
connected to the backbone, they have access to complete topological data about the
backbone. The area border routers use this information to calculate paths to all
destinations outside its area and then advertise these paths to the area’s internal routers.

Autonomous system (AS) boundary routers flood information about external autonomous
systems throughout the AS, except to stub areas. Area border routers are responsible
for advertising the paths to all AS boundary routers.

OSPF Three-Way Handshake

OSPF creates a topology map by flooding LSAs across OSPF-enabled links. LSAs
announce the presence of OSPF-enabled interfaces to adjacent OSPF interfaces. The
exchange of LSAs establishes bidirectional connectivity between all adjacent OSPF
interfaces (neighbors) using a three-way handshake, as shown in Figure 14 on page 496.

Figure 14: OSPF Three-Way Handshake

In Figure 14 on page 496, Router A sends hello packets out all its OSPF-enabled interfaces
when it comes online. Router B receives the packet, which establishes that Router B can
receive traffic from Router A. Router B generates a response to Router A to acknowledge
receipt of the hello packet. When Router A receives the response, it establishes that
Router B can receive traffic from Router A. Router A then generates a final response
packet to inform Router B that Router A can receive traffic from Router B. This three-way
handshake ensures bidirectional connectivity.

As new neighbors are added to the network or existing neighbors lose connectivity, the
adjacencies in the topology map are modified accordingly through the exchange (or
absence) of LSAs. These LSAs advertise only the incremental changes in the network,
which helps minimize the amount of OSPF traffic on the network. The adjacencies are
shared and used to create the network topology in the topological database.

496 Copyright © 2011, Juniper Networks, Inc.

Chapter 16: Introduction to OSPF

OSPF Version 3
OSPFv3 is a modified version of OSPF that supports IP version 6 (IPv6) addressing.
OSPFv3 differs from OSPFv2 in the following ways:

• All neighbor ID information is based on a 32-bit router ID.

• The protocol runs per link rather than per subnet.

• Router and network link-state advertisements (LSAs) do not carry prefix information.

• Two new LSA types are included: link-LSA and intra-area-prefix-LSA.

• Flooding scopes are as follows:

• Link-local

• Area

• AS

• Link-local addresses are used for all neighbor exchanges except virtual links.

• Authentication is removed. The IPv6 authentication header relies on the IP layer.

• The packet format has changed as follows:

• Version number 2 is now version number 3.

• The db option field has been expanded to 24 bits.

• Authentication information has been removed.

• Hello messages do not have address information.

• Two new option bits are included: R and V6.

• Type 3 summary LSAs have been renamed inter-area-prefix-LSAs.

• Type 4 summary LSAs have been renamed inter-area-router-LSAs.

Related • Understanding OSPF Areas and Backbone Areas on page 513

Documentation
• OSPF Configuration Overview on page 508

• Junos OS OSPF Version 3 for IPv6 Feature Guide

Copyright © 2011, Juniper Networks, Inc. 497

Junos OS 11.4 Routing Protocols Configuration Guide

OSPF Areas and Router Functionality Overview

In OSPF, a single autonomous system (AS) can be divided into smaller groups called
areas. This reduces the number of link-state advertisements (LSAs) and other OSPF
overhead traffic sent on the network, and it reduces the size of the topology database
that each router must maintain. The routing devices that participate in OSPF routing
perform one or more functions based on their location in the network.

This topic describes the following OSPF area types and routing device functions:

• Areas on page 498

• Area Border Routers on page 498
• Backbone Areas on page 498
• AS Boundary Routers on page 499
• Backbone Router on page 499
• Internal Router on page 499
• Stub Areas on page 499
• Not-So-Stubby Areas on page 500
• Transit Areas on page 500

Areas
An area is a set of networks and hosts within an AS that have been administratively
grouped together. We recommend that you configure an area as a collection of contiguous
IP subnetted networks. Routing devices that are wholly within an area are called internal
routers. All interfaces on internal routers are directly connected to networks within the
area.

The topology of an area is hidden from the rest of the AS, thus significantly reducing
routing traffic in the AS. Also, routing within the area is determined only by the area’s
topology, providing the area with some protection from bad routing data.

All routing devices within an area have identical topology databases.

Area Border Routers

Routing devices that belong to more than one area and connect one or more OSPF areas
to the backbone area are called area border routers (ABRs). At least one interface is within
the backbone while another interface is in another area. ABRs also maintain a separate
topological database for each area to which they are connected.

Backbone Areas
An OSPF backbone area consists of all networks in area ID 0.0.0.0, their attached routing
devices, and all ABRs. The backbone itself does not have any ABRs. The backbone
distributes routing information between areas. The backbone is simply another area, so
the terminology and rules of areas apply: a routing device that is directly connected to

498 Copyright © 2011, Juniper Networks, Inc.

Chapter 16: Introduction to OSPF

the backbone is an internal router on the backbone, and the backbone’s topology is
hidden from the other areas in the AS.

The routing devices that make up the backbone must be physically contiguous. If they
are not, you must configure virtual links to create the appearance of backbone connectivity.
You can create virtual links between any two ABRs that have an interface to a common
nonbackbone area. OSPF treats two routing devices joined by a virtual link as if they were
connected to an unnumbered point-to-point network.

AS Boundary Routers
Routing devices that exchange routing information with routing devices in non-OSPF
networks are called AS boundary routers. They advertise externally learned routes
throughout the OSPF AS. Depending on the location of the AS boundary router in the
network, it can be an ABR, a backbone router, or an internal router (with the exception
of stub areas). Internal routers within a stub area cannot be an AS boundary router
because stub areas cannot contain any Type 5 LSAs.

Routing devices within the area where the AS boundary router resides know the path to
that AS boundary router. Any routing device outside the area only knows the path to the
nearest ABR that is in the same area where the AS boundary router resides.

Backbone Router
Backbone routers are routing devices that have one or more interfaces connected to the
OSPF backbone area (area ID 0.0.0.0).

Internal Router
Routing devices that connect to only one OSPF area are called internal routers. All
interfaces on internal routers are directly connected to networks within a single area.

Stub Areas
Stub areas are areas through which or into which AS external advertisements are not
flooded. You might want to create stub areas when much of the topological database
consists of AS external advertisements. Doing so reduces the size of the topological
databases and therefore the amount of memory required on the internal routers in the
stub area.

Routing devices within a stub area rely on the default routes originated by the area’s ABR
to reach external AS destinations. You must configure the default-metric option on the
ABR before it advertises a default route. Once configured, the ABR advertises a default
route in place of the external routes that are not being advertised within the stub area,
so that routing devices in the stub area can reach destinations outside the area.

The following restrictions apply to stub areas: you cannot create a virtual link through a
stub area, a stub area cannot contain an AS boundary router, the backbone cannot be a
stub area, and you cannot configure an area as both a stub area and a not-so-stubby
area.

Copyright © 2011, Juniper Networks, Inc. 499

Junos OS 11.4 Routing Protocols Configuration Guide

Not-So-Stubby Areas
An OSPF stub area has no external routes in it, so you cannot redistribute from another
protocol into a stub area. A not-so-stubby area (NSSA) allows external routes to be
flooded within the area. These routes are then leaked into other areas. However, external
routes from other areas still do not enter the NSSA.

The following restriction applies to NSSAs: you cannot configure an area as both a stub
area and an NSSA.

Transit Areas
Transit areas are used to pass traffic from one adjacent area to the backbone (or to
another area if the backbone is more than two hops away from an area). The traffic does
not originate in, nor is it destined for, the transit area.

Related • OSPF Overview on page 494

Documentation
• Packets Overview on page 500

• OSPF Configuration Overview on page 508

• Understanding OSPF Areas and Backbone Areas on page 513

• Understanding OSPF Stub Areas, Totally Stubby Areas, and Not-So-Stubby Areas on
page 522

Packets Overview

There are several types of link-state advertisement (LSA) packets.

This topic describes the following information:

• OSPF Packet Header on page 500

• Hello Packets on page 501
• Database Description Packets on page 501
• Link-State Request Packets on page 501
• Link-State Update Packets on page 502
• Link-State Acknowledgment Packets on page 502
• Link-State Advertisement Packet Types on page 502

OSPF Packet Header

All OSPFv2 packets have a common 24-byte header, and OSPFv3 packets have a common
16-byte header, that contains all information necessary to determine whether OSPF
should accept the packet. The header consists of the following fields:

• Version number—The current OSPF version number. This can be either 2 or 3.

• Type—Type of OSPF packet.

500 Copyright © 2011, Juniper Networks, Inc.

Chapter 16: Introduction to OSPF

• Packet length—Length of the packet, in bytes, including the header.

• Router ID—IP address of the router from which the packet originated.

• Area ID—Identifier of the area in which the packet is traveling. Each OSPF packet is
associated with a single area. Packets traveling over a virtual link are labeled with the
backbone area ID, 0.0.0.0. .

• Checksum—Fletcher checksum.

• Authentication—(OSPFv2 only) Authentication scheme and authentication information.

• Instance ID—(OSPFv3 only) Identifier used when there are multiple OSPFv3 realms
configured on a link.

Hello Packets
Routers periodically send hello packets on all interfaces, including virtual links, to establish
and maintain neighbor relationships. Hello packets are multicast on physical networks
that have a multicast or broadcast capability, which enables dynamic discovery of
neighboring routers. (On nonbroadcast networks, dynamic neighbor discovery is not
possible, so you must configure all neighbors statically as described in “Example:
Configuring an OSPFv2 Interface on a Nonbroadcast Multiaccess Network” on page 543.)

Hello packets consist of the OSPF header plus the following fields:

• Network mask—(OSPFv2 only) Network mask associated with the interface.

• Hello interval—How often the router sends hello packets. All routers on a shared network
must use the same hello interval.

• Options—Optional capabilities of the router.

• Router priority—The router’s priority to become the designated router.

• Router dead interval—How long the router waits without receiving any OSPF packets
from a router before declaring that router to be down. All routers on a shared network
must use the same router dead interval.

• Designated router—IP address of the designated router.

• Backup designated router—IP address of the backup designated router.

• Neighbor—IP addresses of the routers from which valid hello packets have been received
within the time specified by the router dead interval.

Database Description Packets

When initializing an adjacency, OSPF exchanges database description packets, which
describe the contents of the topological database. These packets consist of the OSPF
header, packet sequence number, and the link-state advertisement’s header.

Link-State Request Packets

When a router detects that portions of its topological database are out of date, it sends
a link-state request packet to a neighbor requesting a precise instance of the database.

Copyright © 2011, Juniper Networks, Inc. 501

Junos OS 11.4 Routing Protocols Configuration Guide

These packets consist of the OSPF header plus fields that uniquely identify the database
information that the router is seeking.

Link-State Update Packets

Link-state update packets carry one or more link-state advertisements one hop farther
from their origin. The router multicasts (floods) these packets on physical networks that
support multicast or broadcast mode. The router acknowledges all link-state update
packets and, if retransmission is necessary, sends the retransmitted advertisements
unicast.

Link-state update packets consist of the OSPF header plus the following fields:

• Number of advertisements—Number of link-state advertisements included in this

packet.

• Link-state advertisements—The link-state advertisements themselves.

Link-State Acknowledgment Packets

The router sends link-state acknowledgment packets in response to link-state update
packets to verify that the update packets have been received successfully. A single
acknowledgment packet can include responses to multiple update packets.

Link-state acknowledgment packets consist of the OSPF header plus the link-state
advertisement header.

Link-State Advertisement Packet Types

Link-state request, link-state update, and link-state acknowledgment packets are used
to reliably flood link-state advertisement packets. OSPF sends the following types of
link-state advertisements:

• Router link advertisements—Are sent by all routers to describe the state and cost of
the router’s links to the area. These link-state advertisements are flooded throughout
a single area only.

• Network link advertisements—Are sent by designated routers to describe all the routers
attached to the network. These link-state advertisements are flooded throughout a
single area only.

• Summary link advertisements—Are sent by area border routers to describe the routes
that they know about in other areas. There are two types of summary link
advertisements: those used when the destination is an IP network, and those used
when the destination is an AS boundary router. Summary link advertisements describe
interarea routes, that is, routes to destinations outside the area but within the AS. These
link-state advertisements are flooded throughout the advertisement’s associated
areas.

• AS external link advertisement—Are sent by AS boundary routers to describe external

routes that they know about. These link-state advertisements are flooded throughout
the AS (except for stub areas).

502 Copyright © 2011, Juniper Networks, Inc.

Chapter 16: Introduction to OSPF

Each link-state advertisement type describes a portion of the OSPF routing domain. All
link-state advertisements are flooded throughout the AS.

Each link-state advertisement packet begins with a common 20-byte header.

Related • OSPF Overview on page 494

Documentation
• OSPF Areas and Router Functionality Overview on page 498

• OSPF Configuration Overview on page 508

• OSPF Designated Router Overview on page 509

• Understanding OSPFv2 Authentication on page 586

• OSPF Timers Overview on page 609

OSPF External Metrics Overview

When OSPF exports route information from external autonomous systems (ASs), it
includes a cost, or external metric, in the route. There are two types of external metrics:
Type 1 and Type 2. The difference between the two metrics is how OSPF calculates the
cost of the route. Type 1 external metrics are equivalent to the link-state metric, where
the cost is equal to the sum of the internal costs plus the external cost. Type 2 external
metrics use only the external cost assigned by the AS boundary router. By default, OSPF
uses the Type 2 external metric.

OSPF Routing Policy Overview

All routing protocols store their routing information in the routing table. The routing table
uses this collected route information to determine the active routes to destinations. The
routing table then installs the active routes into its forwarding table and also exports
them back into the routing protocols. It is these exported routes that the protocols
advertise.

OSPF has a set of default rules that determine which routes it places in the routing table
and advertises from the routing table. The default rules for all routing protocols are known
as the default routing policy. The default routing policy is always present. You can further
control which routes the protocol stores in the routing table and which routes the routing
table exports into the protocol by defining a routing policy for that protocol. A routing
policy has a major impact on the flow of routing information or packets within or through
the device. The match conditions and actions allow you to configure a customized policy
to fit your needs. A user-defined routing policy preempts the default routing policy.

To create a routing policy, you must define the policy and apply it. You define the policy
by specifying the criteria that a route must match and the actions to perform if a match
occurs. You then apply the policy to OSPF.

Default OSPF Routing Policy

OSPF is a link-state protocol that exchanges routes between systems within an
autonomous system (AS). All devices within an AS must share the same link-state

Copyright © 2011, Juniper Networks, Inc. 503

Junos OS 11.4 Routing Protocols Configuration Guide

database, which includes routes to reachable prefixes and the metrics associated with
the prefixes. The default import policy for OSPF is to accept all learned routes and import
them into the routing table. The default export policy for OSPF is to reject everything.
OSPF does not actually export its internally learned routes (the directly connected routes
on interfaces that are running the protocol). OSPF uses link-state advertisement (LSA)
flooding to advertise both local routes and learned routes, and LSA flooding is not affected
by the export policy.

Related • Understanding OSPF Routing Policy on page 679

Documentation
• Creating Routing Policies in the Junos OS Routing Policy Configuration Guide

• Configuring a Routing Policy in the Junos OS Routing Policy Configuration Guide

Supported OSPF and OSPFv3 Standards

The Junos OS substantially supports the following RFCs and Internet drafts, which define
standards for OSPF and OSPF version 3 (OSPFv3).

• RFC 1583, OSPF Version 2

• RFC 1793, Extending OSPF to Support Demand Circuits

• RFC 2328, OSPF Version 2

• RFC 2370, The OSPF Opaque LSA Option

Support is provided by the update-threshold configuration statement at the [edit

protocols rsvp interface interface-name ] hierarchy level.

• RFC 2740, OSPF for IPv6

• RFC 3101, The OSPF Not-So-Stubby Area (NSSA) Option

• RFC 3623, Graceful OSPF Restart

• RFC 3630, Traffic Engineering (TE) Extensions to OSPF Version 2

• RFC 4203, OSPF Extensions in Support of Generalized Multi-Protocol [sic] Label Switching
(GMPLS)

Only interface switching is supported.

• RFC 4552, Authentication/Confidentiality for OSPFv3

• RFC 4576, Using a Link State Advertisement (LSA) Options Bit to Prevent Looping in
BGP/MPLS IP Virtual Private Networks (VPNs)

• RFC 4577, OSPF as the Provider/Customer Edge Protocol for BGP/MPLS IP Virtual Private
Networks (VPNs)

• RFC 4811, OSPF Out-of-Band Link State Database (LSDB) Resynchronization

• RFC 4812, OSPF Restart Signaling

• RFC 4813, OSPF Link-Local Signaling

• RFC 4915, Multi-Topology (MT) Routing in OSPF

504 Copyright © 2011, Juniper Networks, Inc.

Chapter 16: Introduction to OSPF

• RFC 5185, OSPF Multi-Area Adjacency

• RFC 5286, Basic Specification for IP Fast Reroute: Loop-Free Alternates

• Internet draft draft-ietf-ospf-af-alt-10.txt, Support of address families in OSPFv3

• Internet draft draft-katz-ward-bfd-02.txt, Bidirectional Forwarding Detection

Transmission of echo packets is not supported.

The following RFCs and Internet drafts do not define standards, but provide information
about OSPF and related technologies. The IETF classifies them as “Informational.”

• RFC 3137, OSPF Stub Router Advertisement

• RFC 3509, Alternative Implementations of OSPF Area Border Routers

• RFC 5309, Point-to-Point Operation over LAN in Link State Routing Protocols

Related • Supported IPv6 Standards

Documentation
• OSPF Features in the Junos OS

• Accessing Standards Documents on the Internet

Copyright © 2011, Juniper Networks, Inc. 505

Junos OS 11.4 Routing Protocols Configuration Guide

506 Copyright © 2011, Juniper Networks, Inc.

CHAPTER 17

OSPF Configuration Guidelines

This chapter describes the following tasks for configuring OSPF:

• OSPF Configuration Overview on page 508

• Examples: Configuring OSPF Designated Routers on page 509
• Examples: Configuring OSPF Areas on page 512
• Examples: Configuring OSPF Stub and Not-So-Stubby Areas on page 522
• Example: Configuring OSPF Multiarea Adjacency on page 533
• Example: Disabling OSPFv2 Compatibility with RFC 1583 on page 538
• Examples: Configuring OSPF Interfaces on page 539
• Example: Configuring Multiple Address Families for OSPFv3 on page 554
• Examples: Configuring OSPF Route Summarization on page 558
• Examples: Configuring OSPF Traffic Control on page 566
• Example: Configuring OSPF Overload Mode on page 576
• Example: Configuring the OSPF Routing Algorithm on page 580
• Example: Configuring Synchronization Between LDP and IGPs on page 583
• Examples: Configuring OSPF Authentication on page 586
• Example: Configuring OSPF Routing Instances on page 601
• Example: Configuring OSPF Timers on page 609
• Example: Configuring BFD for OSPF on page 615
• Example: Configuring BFD Authentication for OSPF on page 621
• Examples: Configuring Graceful Restart for OSPF on page 626
• Examples: Configuring Loop-Free Alternate Routes for OSPF on page 641
• Examples: Configuring OSPF Traffic Engineering on page 648
• Example: Configuring OSPF Passive Traffic Engineering Mode on page 656
• Example: Advertising Label-Switched Paths into OSPFv2 on page 659
• Example: Configuring OSPFv2 Sham Links on page 670
• Example: Configuring OSPF Database Protection on page 677
• Examples: Configuring OSPF Routing Policy on page 679
• Examples: Configuring Routing Policy for Network Summaries on page 695

Copyright © 2011, Juniper Networks, Inc. 507

Junos OS 11.4 Routing Protocols Configuration Guide

• Examples: Configuring OSPF and Logical Systems on page 712

• Example: Configuring OSPF Trace Options on page 737
• Verifying an OSPF Configuration on page 744

OSPF Configuration Overview

To activate OSPF on a network, you must enable the protocol on all interfaces within
the network on which OSPF traffic is to travel. To enable OSPF, you must configure one
or more interfaces on the device within an OSPF area. Once the interfaces are configured,
OSPF link-state advertisements (LSAs) are transmitted on all OSPF-enabled interfaces,
and the network topology is shared throughout the network.

To complete the minimum device configuration for a node in an OSPF network involves:

1. Configuring the device interfaces

See the Junos OS Network Interfaces Configuration Guide.

2. Configuring the router identifiers for the devices in your OSPF network

3. Creating the backbone area (area 0) for your OSPF network and adding the appropriate
interfaces to the area

NOTE: Once you complete this step, OSPF begins sending LSAs. No
additional configuration is required to enable OSPF traffic on the network.

You can further define your OSPF network depending on your network requirements.
Some optional configurations involve:

• Adding additional areas to your network and configure area border routers (ABRs)

• Enabling dial-on-demand routing backup on the OSPF-enabled interface to configure

OSPF across a demand circuit such as an ISDN link. (You must have already configured
an ISDN interface.) Because demand circuits do not pass all traffic required to maintain
an OSPF adjacency (hello packets, for example), you configure dial-on-demand routing
so individual nodes in an OSPF network can maintain adjacencies despite the lack of
LSA exchanges.

• Reducing the amount of memory that the nodes use to maintain the topology database
by configuring stub and not-so-stubby areas

• Ensuring that only trusted routing devices participate in the autonomous systems’
routing by enabling authentication

• Controlling the flow of traffic across the network by configuring path metrics and route
selection

When describing how to configure OSPF, the following terms are used as follows:

• OSPF refers to both OSPF version 2 (OSPFv2) and OSPF version 3 (OSPFv3)

• OSPFv2 refers to OSPF version 2

508 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

• OSPFv3 refers to OSPF version 3

Examples: Configuring OSPF Designated Routers

• OSPF Designated Router Overview on page 509

• Example: Configuring an OSPF Router Identifier on page 510
• Example: Controlling OSPF Designated Router Election on page 511

OSPF Designated Router Overview

Large LANs that have many routing devices and therefore many OSPF adjacencies can
produce heavy control-packet traffic as link-state advertisements (LSAs) are flooded
across the network. To alleviate the potential traffic problem, OSPF uses designated
routers on all multiaccess networks (broadcast and nonbroadcast multiaccess [NBMA]
networks types). Rather than broadcasting LSAs to all their OSPF neighbors, the routing
devices send their LSAs to the designated router. Each multiaccess network has a
designated router, which performs two main functions:

• Originate network link advertisements on behalf of the network.

• Establish adjacencies with all routing devices on the network, thus participating in the
synchronizing of the link-state databases.

In LANs, the election of the designated router takes place when the OSPF network is
initially established. When the first OSPF links are active, the routing device with the
highest router identifier (defined by the router-id configuration value, which is typically
the IP address of the routing device, or the loopback address) is elected the designated
router. The routing device with the second highest router identifier is elected the backup
designated router. If the designated router fails or loses connectivity, the backup
designated router assumes its role and a new backup designated router election takes
place between all the routers in the OSPF network.

OSPF uses the router identifier for two main purposes: to elect a designated router, unless
you manually specify a priority value, and to identify the routing device from which a
packet is originated. At designated router election, the router priorities are evaluated first,
and the routing device with the highest priority is elected designated router. If router
priorities tie, the routing device with the highest router identifier, which is typically the
routing device’s IP address, is chosen as the designated router. If you do not configure a
router identifier, the IP address of the first interface to come online is used. This is usually
the loopback interface. Otherwise, the first hardware interface with an IP address is used.

At least one routing device on each logical IP network or subnet must be eligible to be
the designated router for OSPFv2. At least one routing device on each logical link must
be eligible to be the designated router for OSPFv3.

By default, routing devices have a priority of 128. A priority of 0 marks the routing device
as ineligible to become the designated router. A priority of 1 means the routing device
has the least chance of becoming a designated router. A priority of 255 means the routing
device is always the designated router.

Copyright © 2011, Juniper Networks, Inc. 509

Junos OS 11.4 Routing Protocols Configuration Guide

Example: Configuring an OSPF Router Identifier

This example shows how to configure an OSPF router identifier.

• Requirements on page 510

• Overview on page 510
• Configuration on page 510
• Verification on page 511

Requirements

Before you begin:

• Identify the interfaces on the routing device that will participate in OSPF. You must
enable OSPF on all interfaces within the network on which OSPF traffic is to travel.

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

Overview

In this example, you configure the OSPF router identifier by setting its router ID value to
the IP address of the device, which is 177.162.4.24.

NOTE: We strongly recommended that you configure the router identifier

under the [edit routing-options] hierarchy level to avoid unpredictable behavior
if the interface address on a loopback interface changes.

Configuration

CLI Quick To quickly configure an OSPF router identifier, copy the following command and paste
Configuration it into the CLI.

[edit]
set routing-options router-id 177.162.4.24

Step-by-Step To configure an OSPF router identifier:

Procedure
1. Configure the OSPF router identifier by entering the [router-id] configuration value.

[edit]
user@host# set routing-options router-id 177.162.4.24

2. If you are done configuring the device, commit the configuration.

[edit]
user@host# commit

Results Confirm your configuration by entering the show routing-options router-id command. If
the output does not display the intended configuration, repeat the instructions in this
example to correct the configuration.

510 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

user@host# show routing-options router-id

router-id 177.162.4.24;

Verification

After you configure the router ID and activate OSPF on the routing device, the router ID
is referenced by multiple OSPF operational mode commands that you can use to monitor
and troubleshoot the OSPF protocol. The router ID fields are clearly marked in the output.

Example: Controlling OSPF Designated Router Election

This example shows how to control OSPF designated router election.

• Requirements on page 511

• Overview on page 511
• Configuration on page 511
• Verification on page 512

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

Overview

This example shows how to control OSPF designated router election. Within the example,
you set the OSPF interface to ge-/0/0/1 and the device priority to 200. The higher the
priority value, the greater likelihood the routing device will become the designated router.

Configuration

CLI Quick To quickly configure an OSPF designated router election, copy the following command
Configuration and paste it into the CLI.

[edit]
set protocols ospf area 0.0.0.3 interface ge-0/0/1 priority 200

Step-by-Step To control OSPF designated router election:

Procedure
1. Configure an OSPF interface and specify the device priority.

NOTE: To specify an OSPFv3 interface, include the ospf3 statement at

the [edit protocols] hierarchy level.

Copyright © 2011, Juniper Networks, Inc. 511

Junos OS 11.4 Routing Protocols Configuration Guide

[edit]
user@host# set protocols ospf area 0.0.0.3 interface ge-0/0/1 priority 200

2. If you are done configuring the device, commit the configuration.

[edit]
user@host# commit

Results Confirm your configuration by entering the show protocols ospf command. If the output
does not display the intended configuration, repeat the instructions in this example to
correct the configuration.

user@host# show protocols ospf

area 0.0.0.3 {
interface ge-0/0/1.0 {
priority 200;
}
}

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

Verification

Confirm that the configuration is working properly.

• Verifying the Designated Router Election on page 512

Verifying the Designated Router Election

Purpose Based on the priority you configured for a specific OSPF interface, you can confirm the
address of the area’s designated router. The DR ID, DR, or DR-ID field displays the address
of the area’s designated router. The BDR ID, BDR, or BDR-ID field displays the address
of the backup designated router.

Action From operational mode, enter the show ospf interface and the show ospf neighbor
commands for OSPFv2, and enter the show ospf3 interface and the show ospf3 neighbor
commands for OSPFv3.

Related • OSPF Areas and Router Functionality Overview on page 498

Documentation
• OSPF Configuration Overview on page 508

Examples: Configuring OSPF Areas

• Understanding OSPF Areas and Backbone Areas on page 513

• Example: Configuring a Single-Area OSPF Network on page 514
• Example: Configuring a Multiarea OSPF Network on page 516
• Example: Configuring OSPF Virtual Links on page 519

512 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

Understanding OSPF Areas and Backbone Areas

OSPF networks in an autonomous system (AS) are administratively grouped into areas.
Each area within an AS operates like an independent network and has a unique 32-bit
area ID, which functions similar to a network address. Within an area, the topology
database contains only information about the area, link-state advertisements (LSAs)
are flooded only to nodes within the area, and routes are computed only within the area.
The topology of an area is hidden from the rest of the AS, thus significantly reducing
routing traffic in the AS. Subnetworks are divided into other areas, which are connected
to form the whole of the main network. Routing devices that are wholly within an area
are called internal routers. All interfaces on internal routers are directly connected to
networks within the area.

The central area of an AS, called the backbone area, has a special function and is always
assigned the area ID 0.0.0.0. (Within a simple, single-area network, this is also the ID of
the area.) Area IDs are unique numeric identifiers, in dotted decimal notation, but they
are not IP addresses. Area IDs need only be unique within an AS. All other networks or
areas in the AS must be directly connected to the backbone area by a routing device that
has interfaces in more than one area. These connecting routing devices are called area
border routers (ABRs). Figure 15 on page 513 shows an OSPF topology of three areas
connected by two ABRs.

Figure 15: Multiarea OSPF Topology

Because all areas are adjacent to the backbone area, OSPF routers send all traffic not
destined for their own area through the backbone area. The ABRs in the backbone area
are then responsible for transmitting the traffic through the appropriate ABR to the
destination area. The ABRs summarize the link-state records of each area and advertise
destination address summaries to neighboring areas. The advertisements contain the
ID of the area in which each destination lies, so that packets are routed to the appropriate
ABR. For example, in the OSPF areas shown in Figure 15 on page 513, packets sent from
Router A to Router C are automatically routed through ABR B.

Copyright © 2011, Juniper Networks, Inc. 513

Junos OS 11.4 Routing Protocols Configuration Guide

Junos OS supports active backbone detection. Active backbone detection is implemented

to verify that ABRs are connected to the backbone. If the connection to the backbone
area is lost, then the routing device’s default metric is not advertised, effectively rerouting
traffic through another ABR with a valid connection to the backbone. Active backbone
detection enables transit through an ABR with no active backbone connection. An ABR
advertises to other routing devices that it is an ABR even if the connection to the backbone
is down, so that the neighbors can consider it for interarea routes.

An OSPF restriction requires all areas to be directly connected to the backbone area so
that packets can be properly routed. All packets are routed first to the backbone area by
default. Packets that are destined for an area other than the backbone area are then
routed to the appropriate ABR and on to the remote host within the destination area.

In large networks with many areas, in which direct connectivity between all areas and
the backbone area is physically difficult or impossible, you can configure virtual links to
connect noncontiguous areas. Virtual links use a transit area that contains two or more
ABRs to pass network traffic from one adjacent area to another. For example, Figure 16
on page 514 shows a virtual link between a noncontiguous area and the backbone area
through an area connected to both.

Figure 16: OSPF Topology with a Virtual Link

g015011
Area 0.0.0.0 Virtual lin k Area 0.0.0.3
Area 0.0.0.2

In the topology shown in Figure 16 on page 514, a virtual link is established between
area 0.0.0.3 and the backbone area through area 0.0.0.2. All outbound traffic destined
for other areas is routed through area 0.0.0.2 to the backbone area and then to the
appropriate ABR. All inbound traffic destined for area 0.0.0.3 is routed to the backbone
area and then through area 0.0.0.2.

Example: Configuring a Single-Area OSPF Network

This example shows how to configure a single-area OSPF network.

• Requirements on page 514

• Overview on page 515
• Configuration on page 515
• Verification on page 516

Requirements

Before you begin:

514 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

Overview

To activate OSPF on a network, you must enable the OSPF protocol on all interfaces
within the network on which OSPF traffic is to travel. To enable OSPF, you must configure
one or more interfaces on the device within an OSPF area. Once the interfaces are
configured, OSPF LSAs are transmitted on all OSPF-enabled interfaces, and the network
topology is shared throughout the network.

In an autonomous system (AS), the backbone area is always assigned area ID 0.0.0.0
(within a simple, single-area network, this is also the ID of the area). Area IDs are unique
numeric identifiers, in dotted decimal notation. Area IDs need only be unique within an
AS. All other networks or areas in the AS must be directly connected to the backbone
area by area border routers that have interfaces in more than one area. You must also
create a backbone area if your network consists of multiple areas. In this example, you
create the backbone area and add interfaces, such as ge-0/0/0, as needed to the OSPF
area.

To use OSPF on the device, you must configure at least one OSPF area, such as the one
shown in Figure 17 on page 515.

Figure 17: Typical Single-Area OSPF Network Topology

Configuration

CLI Quick To quickly configure a single-area OSPF network, copy the following command and paste
Configuration it into the CLI. You repeat this configuration for all interfaces that are part of the OSPF
area.

[edit]
set protocols ospf area 0.0.0.0 interface ge-0/0/0

Copyright © 2011, Juniper Networks, Inc. 515

Junos OS 11.4 Routing Protocols Configuration Guide

Step-by-Step To configure a single-area OSPF network:

Procedure
1. Configure the single-area OSPF network by specifying the area ID and associated
interface.

NOTE: For a single-area OSPFv3 network, include the ospf3 statement

at the [edit protocols] hierarchy level.

[edit]
user@host# set protocols ospf area 0.0.0.0 interface ge-0/0/0

2. If you are done configuring the device, commit the configuration.

[edit]
user@host# commit

user@host# show protocols ospf

area 0.0.0.0 {
interface ge-0/0/0.0;
}

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

Verification

Confirm that the configuration is working properly.

• Verifying the Interfaces in the Area on page 516

Verifying the Interfaces in the Area

Purpose Verify that the interface for OSPF or OSPFv3 has been configured for the appropriate
area. Confirm that the Area field displays the value that you configured.

Action From operational mode, enter the show ospf interface command for OSPFv2, and enter
the show ospf3 interface command for OSPFv3.

Example: Configuring a Multiarea OSPF Network

This example shows how to configure a multiarea OSPF network. To reduce traffic and
topology maintenance for the devices in an OSPF autonomous system (AS), you can
group the OSPF-enabled routing devices into multiple areas.

• Requirements on page 517

• Overview on page 517

516 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

• Configuration on page 518

• Verification on page 518

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

• Configure a single-area OSPF network. See “Example: Configuring a Single-Area OSPF

Network” on page 514.

Overview

Each OSPF area consists of routing devices configured with the same area number. In
Figure 18 on page 517, Router B resides in the backbone area of the AS. The backbone
area is always assigned area ID 0.0.0.0. (All area IDs must be unique within an AS.) All
other networks or areas in the AS must be directly connected to the backbone area by
a router that has interfaces in more than one area. In this example, these area border
routers are A, C, D, and E. You create an additional area (area 2) and assign it unique area
ID 0.0.0.2, and then add interface ge-0/0/0 to the OSPF area.

To reduce traffic and topology maintenance for the devices in an OSPF AS, you can group
them into multiple areas as shown in Figure 18 on page 517.

Figure 18: Typical Multiarea OSPF Network Topology

Copyright © 2011, Juniper Networks, Inc. 517

Junos OS 11.4 Routing Protocols Configuration Guide

Configuration

CLI Quick To quickly configure a multiarea OSPF network, copy the following command and paste
Configuration it into the CLI. You repeat this configuration for all interfaces that are part of the OSPF
area.

[edit]
set protocols ospf area 0.0.0.2 interface ge-0/0/0

Step-by-Step To configure a multiarea OSPF network:

Procedure
1. Configure an additional area for your OSPF network.

NOTE: For a multiarea OSPFv3 network, include the ospf3 statement

at the [edit protocols] hierarchy level.

[edit]
user@host# set protocols ospf area 0.0.0.2 interface ge-0/0/0

2. If you are done configuring the device, commit the configuration.

[edit]
user@host# commit

user@host# show protocols ospf

area 0.0.0.2 {
interface ge-0/0/0.0;
}

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

Verification

Confirm that the configuration is working properly.

• Verifying the Interfaces in the Area on page 518

Verifying the Interfaces in the Area

Purpose Verify that the interface for OSPF or OSPFv3 has been configured for the appropriate
area. Confirm that the Area field displays the value that you configured.

Action From operational mode, enter the show ospf interface command for OSPFv2, and enter
the show ospf3 interface command for OSPFv3.

518 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

Example: Configuring OSPF Virtual Links

This example shows how to configure an OSPF virtual link to connect noncontiguous
areas.

• Requirements on page 519

• Overview on page 519
• Configuration on page 520
• Verification on page 522

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure a single-area OSPF network. See “Example: Configuring a Single-Area OSPF

Network” on page 514.

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Overview

If any routing device on the backbone is not physically connected to the backbone, you
must establish a virtual connection between that routing device and the backbone to
connect the noncontiguous areas.

To configure an OSPF virtual link through an area, you specify the router ID (IP address)
of the routing devices at each end of the virtual link. These routing devices must be area
border routers (ABRs), with one that is physically connected to the backbone. You cannot
configure virtual links through stub areas. You must also specify the number of the area
through which the virtual link transits (also known as the transit area). You apply these
settings to the backbone area (defined by the area 0.0.0.0) configuration on the ABRs
that are part of the virtual link.

In this example, Device R1 and Device R2 are the routing devices at each end of the virtual
link, with Device R1 physically connected to the backbone, as shown in Figure 19 on
page 520. You configure the following virtual link settings:

• neighbor-id—Specifies the IP address of the routing device at the other end of the virtual
link. In this example, Device R1 has a router ID of 192.168.0.5, and Device R2 has a router
ID of 192.168.0.3.

• transit-area—Specifies the area identifier through which the virtual link transits. In this
example, area 0.0.0.3 is not connected to the backbone, so you configure a virtual link
session between area 0.0.0.3 and the backbone area through area 0.0.0.2. Area 0.0.0.2
is the transit area.

Copyright © 2011, Juniper Networks, Inc. 519

Junos OS 11.4 Routing Protocols Configuration Guide

Figure 19: OSPF Virtual Link

R1 Virtual link R2

g040876
Area 0.0.0.0 Area 0.0.0.2 Area 0.0.0.3

Configuration

CLI Quick • To quickly configure an OSPF virtual link on the local routing device (Device R1), copy
Configuration the following commands and paste them into the CLI.

NOTE: You must configure both routing devices that are part of the virtual
link and specify the applicable neighbor ID on each routing device.

[edit]
set routing-options router-id 192.168.0.5
set protocols ospf area 0.0.0.0 virtual-link neighbor-id 192.168.0.3 transit-area 0.0.0.2

• To quickly configure an OSPF virtual link on the remote routing device (Device R2),
copy the following commands and paste them into the CLI.

[edit]
set routing-options router-id 192.168.0.3
set protocols ospf area 0.0.0.0 virtual-link neighbor-id 192.168.0.5 transit-area 0.0.0.2

Step-by-Step To configure an OSPF virtual link on the local routing device (Device R1):
Procedure
1. Configure the router ID.

[edit]
user@R1# set routing-options router-id 192.168.0.5

2. Enter OSPF configuration mode and specify OSPF area 0.0.0.0.

NOTE: For an OSPFv3 virtual link, include the ospf3 statement at the
[edit protocols] hierarchy level.

[edit]
user@R1# edit protocols ospf area 0.0.0.0

3. Configure an OSPF virtual link and specify the transit area 0.0.0.2.
This routing device must be an ABR that is physically connected to the backbone.

[edit protocols ospf area 0.0.0.0]

520 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

user@R1# set virtual-link neighbor-id 192.168.0.3 transit-area 0.0.0.2

4. If you are done configuring the device, commit the configuration.

[edit protocols ospf area 0.0.0.0]

user@R1# commit

Step-by-Step To configure an OSPF virtual link on the remote ABR (Device R2, the routing device at
Procedure the other end of the link):

1. Configure the router ID.

[edit]
user@R2# set routing-options router-id 192.168.0.3

2. Enter OSPF configuration mode and specify OSPF area 0.0.0.0.

NOTE: For an OSPFv3 virtual link, include the ospf3 statement at the
[edit protocols] hierarchy level.

[edit]
user@R2# edit protocols ospf area 0.0.0.0

3. Configure an OSPF virtual link on the remote ABR and specify the transit area 0.0.0.2.
This routing device is not physically connected to the backbone.

[edit protocols ospf area 0.0.0.0]

user@R2# set virtual-link neighbor-id 192.168.0.5 transit-area 0.0.0.2

4. If you are done configuring the device, commit the configuration.

[edit protocols ospf area 0.0.0.0]

user@R2# commit

Results Confirm your configuration by entering the show routing-options and the show protocols
ospf commands. If the output does not display the intended configuration, repeat the
instructions in this example to correct the configuration.

Configuration on the local routing device (Device R1):

user@R1#: show routing-options

router-id 192.168.0.5;

user@R1# show protocols ospf

area 0.0.0.0 {
virtual-link neighbor-id 192.168.0.3 transit-area 0.0.0.2;
}

Configuration on the remote ABR (Device R2):

user@R2#: show routing-options

router-id 192.168.0.3;

user@R2# show protocols ospf

area 0.0.0.0 {
virtual-link neighbor-id 192.168.0.5 transit-area 0.0.0.2;

Copyright © 2011, Juniper Networks, Inc. 521

Junos OS 11.4 Routing Protocols Configuration Guide

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

Verification

Confirm that the configuration is working properly.

• Verifying Entries in the Link-State Database on page 522

• Verifying OSPF Interface Status and Configuration on page 522

Verifying Entries in the Link-State Database

Purpose Verify that the entries in the OSPFv2 or OSPFv3 link-state database display. The Router
field in the OSPFv2 output displays LSA information, including the type of link. If configured
as a virtual link, the Type is Virtual. For each router link, the Type field in the OSPFv3
output displays the type of interface. If configured as a virtual link, the Type is Virtual.

Action From operational mode, enter the show ospf database detail command for OSPFv2, and
enter the show ospf3 database detail command for OSPFv3.

Verifying OSPF Interface Status and Configuration

Purpose Verify that the OSPFv2 or OSPFv3 interface is configured and status displays. The Type
field displays the type of interface. If the interface is configured as part of a virtual link,
the Type is Virtual.

Action From operational mode, enter the show ospf interface detail command for OSPFv2, and
enter the show ospf3 interface detail command for OSPFv3.

Related • OSPF Areas and Router Functionality Overview on page 498

Documentation
• OSPF Configuration Overview on page 508

Examples: Configuring OSPF Stub and Not-So-Stubby Areas

• Understanding OSPF Stub Areas, Totally Stubby Areas, and Not-So-Stubby

Areas on page 522
• Example: Configuring OSPF Stub and Totally Stubby Areas on page 524
• Example: Configuring OSPF Not-So-Stubby Areas on page 528

Understanding OSPF Stub Areas, Totally Stubby Areas, and Not-So-Stubby Areas
Figure 20 on page 523 shows an autonomous system (AS) across which many external
routes are advertised. If external routes make up a significant portion of a topology
database, you can suppress the advertisements in areas that do not have links outside
the network. By doing so, you can reduce the amount of memory the nodes use to maintain
the topology database and free it for other uses.

522 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

Figure 20: OSPF AS Network with Stub Areas and NSSAs

Area 0.0.0.0

Static customer routes

192.112.67.14
192.112.67.29
...

Area 0.0.0.3 Area 0.0.0:4

g015012
To control the advertisement of external routes into an area, OSPF uses stub areas. By
designating an area border router (ABR) interface to the area as a stub interface, you
suppress external route advertisements through the ABR. Instead, the ABR advertises a
default route (through itself) in place of the external routes and generates network
summary (Type 3) link-state advertisements (LSAs). Packets destined for external routes
are automatically sent to the ABR, which acts as a gateway for outbound traffic and
routes the traffic appropriately.

NOTE: You must explicitly configure the ABR to generate a default route
when attached to a stub or not-so-stubby-area (NSSA). To inject a default
route with a specified metric value into the area, you must configure the
default-metric option and specify a metric value.

For example, area 0.0.0.3 in Figure 20 on page 523 is not directly connected to the outside
network. All outbound traffic is routed through the ABR to the backbone and then to the
destination addresses. By designating area 0.0.0.3 as a stub area, you reduce the size of
the topology database for that area by limiting the route entries to only those routes
internal to the area.

A stub area that only allows routes internal to the area and restricts Type 3 LSAs from
entering the stub area is often called a totally stubby area. You can convert area 0.0.0.3
to a totally stubby area by configuring the ABR to only advertise and allow the default
route to enter into the area. External routes and destinations to other areas are no longer
summarized or allowed into a totally stubby area.

NOTE: If you incorrectly configure a totally stubby area, you might encounter
network connectivity issues. You should have advanced knowledge of OSPF
and understand your network environment before configuring totally stubby
areas.

Copyright © 2011, Juniper Networks, Inc. 523

Junos OS 11.4 Routing Protocols Configuration Guide

Similar to area 0.0.0.3 in Figure 20 on page 523, area 0.0.0.4 has no external connections.
However, area 0.0.0.4 has static customer routes that are not internal OSPF routes. You
can limit the external route advertisements to the area and advertise the static customer
routes by designating the area an NSSA. In an NSSA, the AS boundary router generates
NSSA external (Type 7) LSAs and floods them into the NSSA, where they are contained.
Type 7 LSAs allow an NSSA to support the presence of AS boundary routers and their
corresponding external routing information. The ABR converts Type 7 LSAs into AS
external (Type 5 ) LSAs and leaks them to the other areas, but external routes from other
areas are not advertised within the NSSA.

Example: Configuring OSPF Stub and Totally Stubby Areas

This example shows how to configure an OSPF stub area and a totally stubby area to
control the advertisement of external routes into an area.

• Requirements on page 524

• Overview on page 524
• Configuration on page 526
• Verification on page 527

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Overview

The backbone area, which is 0 in Figure 21 on page 526, has a special function and is always
assigned the area ID 0.0.0.0. Area IDs are unique numeric identifiers, in dotted decimal
notation. Area IDs need only be unique within an autonomous system (AS). All other
networks or areas (such as 3, 7, and 9) in the AS must be directly connected to the
backbone area by area border routers (ABRs) that have interfaces in more than one area.

Stub areas are areas through which or into which OSPF does not flood AS external
link-state advertisements (Type 5 LSAs). You might create stub areas when much of
the topology database consists of AS external advertisements and you want to minimize
the size of the topology databases on the internal routers in the stub area.

The following restrictions apply to stub areas:

• You cannot create a virtual link through a stub area.

• A stub area cannot contain an AS boundary router.

524 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

• You cannot configure the backbone as a stub area.

• You cannot configure an area as both a stub area and an not-so-stubby area (NSSA).

In this example, you configure each routing device in area 7 (area ID 0.0.0.7) as a stub
router and some additional settings on the ABR:

• stub—Specifies that this area become a stub area and not be flooded with Type 5
LSAs. You must include the stub statement on all routing devices that are in area 7
because this area has no external connections.

• default-metric—Configures the ABR to generate a default route with a specified metric

into the stub area. This default route enables packet forwarding from the stub area to
external destinations. You configure this option only on the ABR. The ABR does not
automatically generate a default route when attached to a stub. You must explicitly
configure this option to generate a default route.

• no-summaries—(Optional) Prevents the ABR from advertising summary routes into

the stub area by converting the stub area into a totally stubby area. If configured in
combination with the default-metric statement, a totally stubby area only allows routes
internal to the area and advertises the default route into the area. External routes and
destinations to other areas are no longer summarized or allowed into a totally stubby
area. Only the ABR requires this additional configuration because it is the only routing
device within the totally stubby area that creates Type 3 LSAs used to receive and
send traffic from outside of the area.

NOTE:
In Junos OS Release 8.5 and later, the following applies:

• A router-identifier interface that is not configured to run OSPF is no longer

advertised as a stub network in OSPF LSAs.

• OSPF advertises a local route with a prefix length of 32 as a stub link if the
loopback interface is configured with a prefix length other than 32. OSPF
also advertises the direct route with the configured mask length, as in earlier
releases.

Copyright © 2011, Juniper Networks, Inc. 525

Junos OS 11.4 Routing Protocols Configuration Guide

Figure 21: OSPF Network Topology with Stub Areas and NSSAs

Area 0 Area 3

g01503 0
0.0.0.7
0.0.0.9
Customer static routes

192.168.47.5
192.168.47.6
Area 7 ...
(Stub) Area 9
(NSSA) Customer network

Configuration

CLI Quick • To quickly configure an OSPF stub area, copy the following command and paste it into
Configuration the CLI. You must configure all routing devices that are part of the stub area.

[edit]
set protocols ospf area 0.0.0.7 stub

• To quickly configure the ABR to inject a default route into the area, copy the following
command and paste it into the CLI. You apply this configuration only on the ABR.

[edit]
set protocols ospf area 0.0.0.7 stub default-metric 10

• (Optional) To quickly configure the ABR to restrict all summary advertisements and
allow only internal routes and default route advertisements into the area, copy the
following command and paste it into the CLI. You apply this configuration only on the
ABR.

[edit]
set protocols ospf area 0.0.0.7 stub no-summaries

Step-by-Step To configure OSPF stub areas:

Procedure
1. On all routing devices in the area, configure an OSPF stub area.

NOTE: To specify an OSPFv3 stub area, include the ospf3 statement at

the [edit protocols] hierarchy level.

[edit]
user@host# set protocols ospf area 0.0.0.7 stub

2. On the ABR, inject a default route into the area.

526 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

[edit]
user@host# set protocols ospf area 0.0.0.7 stub default-metric 10

3. (Optional) On the ABR, restrict summary LSAs from entering the area. This step
converts the stub area into a totally stubby area.

[edit]
user@host# set protocols ospf area 0.0.0.7 stub no-summaries

4. If you are done configuring the devices, commit the configuration.

[edit]
user@host# commit

Configuration on all routing devices:

user@host# show protocols ospf

area 0.0.0.7 {
stub;
}

Configuration on the ABR (the output also includes the optional setting):

user@host# show protocols ospf

area 0.0.0.7 {
stub default-metric 10 no-summaries;
}

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

Verification

Confirm that the configuration is working properly.

• Verifying the Interfaces in the Area on page 527

• Verifying the Type of OSPF Area on page 527

Verifying the Interfaces in the Area

Purpose Verify that the interface for OSPF has been configured for the appropriate area. Confirm
that the output includes Stub as the type of OSPF area.

Action From operational mode, enter the show ospf interface detail command for OSPFv2, and
enter the show ospf3 interface detail command for OSPFv3.

Verifying the Type of OSPF Area

Purpose Verify that the OSPF area is a stub area. Confirm that the output displays Normal Stub
as the Stub type.

Copyright © 2011, Juniper Networks, Inc. 527

Junos OS 11.4 Routing Protocols Configuration Guide

Action From operational mode, enter the show ospf overview command for OSPFv2, and enter
the show ospf3 overview command for OSPFv3.

Example: Configuring OSPF Not-So-Stubby Areas

This example shows how to configure an OSPF not-so-stubby area (NSSA) to control
the advertisement of external routes into an area.

• Requirements on page 528

• Overview on page 528
• Configuration on page 530
• Verification on page 532

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Overview

The backbone area, which is 0 in Figure 22 on page 530, has a special function and is always
assigned the area ID 0.0.0.0. Area IDs are unique numeric identifiers, in dotted decimal
notation. Area IDs need only be unique within an AS. All other networks or areas (such
as 3, 7, and 9) in the AS must be directly connected to the backbone area by ABRs that
have interfaces in more than one area.

An OSPF stub area has no external routes, so you cannot redistribute routes from another
protocol into a stub area. OSPF NSSAs allow external routes to be flooded within the
area.

In addition, you might have a situation when exporting Type 7 LSAs into the NSSA is
unnecessary. When an AS boundary router is also an ABR with an NSSA attached, Type
7 LSAs are exported into the NSSA by default. If the ABR is attached to multiple NSSAs,
a separate Type 7 LSA is exported into each NSSA by default. During route redistribution,
this routing device generates both Type 5 LSAs and Type 7 LSAs. You can disable exporting
Type 7 LSAs into the NSSA.

NOTE: The following restriction applies to NSSAs: You cannot configure an

area as both a stub area and an NSSA.

528 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

You configure each routing device in area 9 (area ID 0.0.0.9) with the following setting:

• nssa—Specifies an OSPF NSSA. You must include the nssa statement on all routing
devices in area 9 because this area only has external connections to static routes.

You also configure the ABR in area 9 with the following additional settings:

• no-summaries—Prevents the ABR from advertising summary routes into the NSSA. If
configured in combination with the default-metric statement, the NSSA only allows
routes internal to the area and advertises the default route into the area. External
routes and destinations to other areas are no longer summarized or allowed into the
NSSA. Only the ABR requires this additional configuration because it is the only routing
device within the NSSA that creates Type 3 LSAs used to receive and send traffic from
outside the area.

• default-lsa—Configures the ABR to generate a default route into the NSSA. In this
example, you configure the following:

• default-metric—Specifies that the ABR generate a default route with a specified

metric into the NSSA. This default route enables packet forwarding from the NSSA
to external destinations. You configure this option only on the ABR. The ABR does
not automatically generate a default route when attached to an NSSA. You must
explicitly configure this option for the ABR to generate a default route.

• metric-type—(Optional) Specifies the external metric type for the default LSA, which
can be either Type 1 or Type 2. When OSPF exports route information from external
ASs, it includes a cost, or external metric, in the route. The difference between the
two metrics is how OSPF calculates the cost of the route. Type 1 external metrics
are equivalent to the link-state metric, where the cost is equal to the sum of the
internal costs plus the external cost. Type 2 external metrics use only the external
cost assigned by the AS boundary router. By default, OSPF uses the Type 2 external
metric.

• type-7—(Optional) Floods Type 7 default LSAs into the NSSA if the no-summaries
statement is configured. By default, when the no-summaries statement is configured,
a Type 3 LSA is injected into NSSAs for Junos OS release 5.0 and later. To support
backward compatibility with earlier Junos OS releases, include the type-7 statement.

The second example also shows the optional configuration required to disable exporting
Type 7 LSAs into the NSSA by including the no-nssa-abr statement on the routing device
that performs the functions of both an ABR and an AS boundary router.

Copyright © 2011, Juniper Networks, Inc. 529

Junos OS 11.4 Routing Protocols Configuration Guide

Figure 22: OSPF Network Topology with Stub Areas and NSSAs

Area 0 Area 3

g01503 0
0.0.0.7
0.0.0.9
Customer static routes

192.168.47.5
192.168.47.6
Area 7 ...
(Stub) Area 9
(NSSA) Customer network

Configuration

• Configuring Routing Devices to Participate in a Not-So-Stubby-Area on page 530

• Disabling the Export of Type 7 Link State Advertisements into Not-So-Stubby
Areas on page 532

Configuring Routing Devices to Participate in a Not-So-Stubby-Area

CLI Quick To quickly configure an OSPF NSSA, copy the following command and paste it into the
Configuration CLI. You must configure all routing devices that are part of the NSSA.

[edit]
set protocols ospf area 0.0.0.9 nssa

To quickly configure an ABR that participates in an OSPF NSSA, copy the following
commands and paste them into the CLI.

[edit]
set protocols ospf area 0.0.0.9 nssa default-lsa default-metric 10
set protocols ospf area 0.0.0.9 nssa default-lsa metric-type 1
set protocols ospf area 0.0.0.9 nssa default-lsa type-7
set protocols ospf area 0.0.0.9 nssa no-summaries

Step-by-Step To configure OSPF NSSAs:

Procedure
1. On all routing devices in the area, configure an OSPF NSSA.

NOTE: To specify an OSPFv3 NSSA area, include the ospf3 statement

at the [edit protocols] hierarchy level.

[edit]
user@host# set protocols ospf area 0.0.0.9 nssa

530 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

2. On the ABR, enter OSPF configuration mode and specify the NSSA area 0.0.0.9
that you already created.

[edit ]
user@host# edit protocols ospf area 0.0.0.9 nssa

3. On the ABR, inject a default route into the area.

[edit protocols ospf area 0.0.0.9 nssa]

user@host# set default-lsa default-metric 10

4. (Optional) On the ABR, specify the external metric type for the default route.

[edit protocols ospf area 0.0.0.9 nssa]

user@host# set default-lsa metric-type 1

5. (Optional) On the ABR, specify the flooding of Type 7 LSAs.

[edit protocols ospf area 0.0.0.9 nssa]

user@host# set default-lsa type-7

6. On the ABR, restrict summary LSAs from entering the area.

[edit protocols ospf area 0.0.0.9 nssa]

user@host# set no-summaries

7. If you are done configuring the devices, commit the configuration.

[edit protocols ospf area 0.0.0.9 nssa]

user@host# commit

Configuration on all routing devices in the area:

user@host# show protocols ospf

area 0.0.0.9 {
nssa;
}

Configuration on the ABR. The output also includes the optional metric-type and type-7
statements.

user@host# show protocols ospf

area 0.0.0.9 {
nssa {
default-lsa {
default-metric 10;
metric-type 1;
type-7;
}
no-summaries;
}
}

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

Copyright © 2011, Juniper Networks, Inc. 531

Junos OS 11.4 Routing Protocols Configuration Guide

Disabling the Export of Type 7 Link State Advertisements into Not-So-Stubby Areas

CLI Quick To quickly disable exporting Type 7 LSAs into the NSSA, copy the following command
Configuration and paste it into the CLI. You configure this setting on an AS boundary router that is also
an ABR with an NSSA area attached.

[edit]
set protocols ospf no-nssa-abr

Step-by-Step You can configure this setting if you have an AS boundary router that is also an ABR with
Procedure an NSSA area attached.

1. Disable exporting Type 7 LSAs into the NSSA.

NOTE: To specify OSPFv3, include the ospf3 statement at the [edit

protocols] hierarchy level.

[edit]
user@host# set protocols ospf no-nssa-abr

2. If you are done configuring the device, commit the configuration.

[edit]
user@host# commit

user@host# show protocols ospf

no-nssa-abr;

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

Verification

Confirm that the configuration is working properly.

• Verifying the Interfaces in the Area on page 532

• Verifying the Type of OSPF Area on page 533
• Verifying the Type of LSAs on page 533

Verifying the Interfaces in the Area

Purpose Verify that the interface for OSPF has been configured for the appropriate area. Confirm
that the output includes Stub NSSA as the type of OSPF area.

Action From operational mode, enter the show ospf interface detail command for OSPFv2, and
enter the show ospf3 interface detail command for OSPFv3.

532 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

Verifying the Type of OSPF Area

Purpose Verify that the OSPF area is a stub area. Confirm that the output displays Not so Stubby
Stub as the Stub type.

Action From operational mode, enter the show ospf overview command for OSPFv2, and enter
the show ospf3 overview command for OSPFv3.

Verifying the Type of LSAs

Purpose Verify the type of LSAs that are in the area. If you disabled exporting Type 7 LSAs into an
NSSA, confirm that the Type field does not include NSSA as a type of LSA.

Action From operational mode, enter the show ospf overview command for OSPFv2, and enter
the show ospf3 overview command for OSPFv3.

Related • OSPF Areas and Router Functionality Overview on page 498

Documentation
• OSPF Configuration Overview on page 508

Example: Configuring OSPF Multiarea Adjacency

• Multiarea Adjacency for OSPF on page 533

• Example: Configuring Multiarea Adjacency for OSPF on page 534

Multiarea Adjacency for OSPF

By default, a single interface can belong to only one OSPF area. However, in some
situations, you might want to configure an interface to belong to more than one area.
Doing so allows the corresponding link to be considered an intra-area link in multiple
areas and to be preferred over other higher-cost intra-area paths. For example, you can
configure an interface to belong to multiple areas with a high-speed backbone link
between two area border routers (ABRs) so you can create multiarea adjacencies that
belong to different areas.

In Junos OS Release 9.2 and later, you can configure a logical interface to belong to more
than one OSPFv2 area. Support for OSPFv3 was introduced in Junos OS Release 9.4. As
defined in RFC 5185, OSPF Multi-Area Adjacency, the ABRs establish multiple adjacencies
belonging to different areas over the same logical interface. Each multiarea adjacency
is announced as a point-to-point unnumbered link in the configured area by the routers
connected to the link. For each area, one of the logical interfaces is treated as primary,
and the remaining interfaces that are configured for the area are designated as secondary.

Any logical interface not configured as a secondary interface for an area is treated as the
primary interface for that area. A logical interface can be configured as primary interface
only for one area. For any other area for which you configure the interface, you must
configure it as a secondary interface.

Copyright © 2011, Juniper Networks, Inc. 533

Junos OS 11.4 Routing Protocols Configuration Guide

Example: Configuring Multiarea Adjacency for OSPF

This example shows how to configure multiarea adjacency for OSPF.

• Requirements on page 534

• Overview on page 534
• Configuration on page 535
• Verification on page 537

Requirements

Before you begin, plan your multiarea OSPF network. See “Example: Configuring a
Multiarea OSPF Network” on page 516.

Overview

By default, a single interface can belong to only one OSPF area. You can configure a
single interface to belong in multiple OSPF areas. Doing so allows the corresponding link
to be considered an intra-area link in multiple areas and to be preferred over other
higher-cost intra-area paths. When configuring a secondary interface, consider the
following:

• For OSPFv2, you cannot configure point-to-multipoint and nonbroadcast multiaccess

(NBMA) network interfaces as a secondary interface because secondary interfaces
are treated as a point-to-point unnumbered link.

• Secondary interfaces are supported for LAN interfaces (the primary interface can be
a LAN interface, but any secondary interfaces are treated as point-to-point unnumbered
links over the LAN). In this scenario, you must ensure that there are only two routing
devices on the LAN or that there are only two routing devices on the LAN that have
secondary interfaces configured for a specific OSPF area.

• Since the purpose of a secondary interface is to advertise a topological path through

an OSPF area, you cannot configure a secondary interface or a primary interface with
one or more secondary interfaces to be passive. Passive interfaces advertise their
address, but do not run the OSPF protocol (adjacencies are not formed and hello
packets are not generated).

• Any logical interface not configured as a secondary interface for an area is treated as
a primary interface for that area. A logical interface can be configured as the primary
interface only for one area. For any other area for which you configure the interface,
you must configure it as a secondary interface.

• You cannot configure the secondary statement with the interface all statement.

• You cannot configure a secondary interface by its IP address.

In this example, you configure an interface to be in two areas, creating a multiarea

adjacency with a link between two ABRs: ABR R1 and ABR R2. On each ABR, area 0.0.0.1
contains the primary interface and is the primary link between the ABRs, and area 0.0.0.2
contains the secondary logical interface, which you configure by including the secondary

534 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

statement. You configure interface so-0/0/0 on ABR R1 and interface so-1/0/0 on ABR
R2.

Configuration

CLI Quick To quickly configure a secondary logical interface for an OSPF area, copy the following
Configuration commands and paste them into the CLI.

Configuration on ABR R1:

[edit]
set interfaces so-0/0/0 unit 0 family inet address 192.168.8.45/30
set routing-options router-id 10.255.0.1
set protocols ospf area 0.0.0.1 interface so-0/0/0
set protocols ospf area 0.0.0.2 interface so-0/0/0 secondary

Configuration on ABR R2:

[edit]
set interfaces so-1/0/0 unit 0 family inet address 192.168.8.37/30
set routing-options router-id 10.255.0.2
set protocols ospf area 0.0.0.1 interface so-1/0/0
set protocols ospf area 0.0.0.2 interface so-1/0/0 secondary

Step-by-Step To configure a secondary logical interface:

Procedure
1. Configure the device interfaces.

NOTE: For OSPFv3, on each interface specify the inet6 address family
and include the IPv6 address.

[edit]
user@R1# set interfaces so-0/0/0 unit 0 family inet address 192.168.8.45/30

[edit]
user@R2# set interfaces so-1/0/0 unit 0 family inet address 192.168.8.37/30

2. Configure the router identifier.

[edit]
user@R1# set routing-options router-id 10.255.0.1

[edit]
user@R2# set routing-options router-id 10.255.0.2

3. On each ABR, configure the primary interface for the OSPF area.

NOTE: For OSPFv3, include the ospf3 statement at the [edit protocols]
hierarchy level.

[edit]
user@R1# set protocols ospf 0.0.0.1 interface so-0/0/0

Copyright © 2011, Juniper Networks, Inc. 535

Junos OS 11.4 Routing Protocols Configuration Guide

[edit ]
user@R2# set protocols ospf 0.0.0.2 interface so-1/0/0

4. On each ABR, configure the secondary interface for the OSPF area.

[edit ]
user@R1# set protocols ospf area 0.0.0.1 so-0/0/0 secondary

[edit ]
user@R2# set protocols ospf area 0.0.0.2 so-1/0/0 secondary

5. If you are done configuring the devices, commit the configuration.

[edit protocols ospf area 0.0.0.1 ]

user@host# commit

Results Confirm your configuration by entering the show interfaces, show routing-options, and
the show protocols ospf commands. If the output does not display the intended
configuration, repeat the instructions in this example to correct the configuration.

Configuration on ABR R1:

user@R1# show interfaces

so-0/0/0 {
unit 0 {
family inet {
address 192.168.8.45/30;
}
}
}

user@R1# show routing-options

router-id 10.255.0.1;

user@R1# show protocols ospf

area 0.0.0.1 {
interface so-0/0/0.0;
}
area 0.0.0.2 {
interface so-0/0/0.0 {
secondary;
}
}

Configuration on ABR R2:

user@R2# show interfaces

so-0/0/0 {
unit 0 {
family inet {
address 192.168.8.37/30;
}
}
}

user@R2# show routing-options

router-id 10.255.0.2;

user@R2# show protocols ospf

536 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

area 0.0.0.1 {
interface so-1/0/0.0;
}
area 0.0.0.2 {
interface so-1/0/0.0 {
secondary;
}
}

Verification

Confirm that the configuration is working properly.

• Verifying the Secondary Interface on page 537

• Verifying the Interfaces in the Area on page 537
• Verifying Neighbor Adjacencies on page 537

Verifying the Secondary Interface

Purpose Verify that the secondary interface appears for the configured area. The Secondary field
displays if the interface is configured as a secondary interface. The output might also
show the same interface listed in multiple areas.

Action From operational mode, enter the show ospf interface detail command for OSPFv2, and
enter the show ospf3 interface detail command for OSPFv3.

Verifying the Interfaces in the Area

Purpose Verify the interfaces configured for the specified area.

Action From operational mode, enter the show ospf interface area area-id command for OSPFv2,
and enter the show ospf3 interface area area-id command for OSPFv3..

Verifying Neighbor Adjacencies

Purpose Verify the primary and secondary neighbor adjacencies. The Secondary field displays if
the neighbor is on a secondary interface.

Action From operational mode, enter the show ospf neighbor detail command for OSPFv2, and
enter the show ospf3 neighbor detail command for OSPFv3.

Related • OSPF Areas and Router Functionality Overview on page 498

Documentation
• Understanding OSPF Areas and Backbone Areas on page 513

• OSPF Configuration Overview on page 508

Copyright © 2011, Juniper Networks, Inc. 537

Junos OS 11.4 Routing Protocols Configuration Guide

Example: Disabling OSPFv2 Compatibility with RFC 1583

• OSPFv2 Compatibility with RFC 1583 Overview on page 538

• Example: Disabling OSPFv2 Compatibility with RFC 1583 on page 538

OSPFv2 Compatibility with RFC 1583 Overview

By default, the Junos OS implementation of OSPFv2 is compatible with RFC 1583, OSPF
Version 2. This means that Junos OS maintains a single best route to an autonomous
system (AS) boundary router in the OSPF routing table, rather than multiple intra-AS
paths, if they are available. You can now disable compatibility with RFC 1583. It is
preferable to do so when the same external destination is advertised by AS boundary
routers that belong to different OSPF areas. When you disable compatibility with RFC
1583, the OSPF routing table maintains the multiple intra-AS paths that are available,
which the router uses to calculate AS external routes as defined in RFC 2328, OSPF
Version 2. Being able to use multiple available paths to calculate an AS external route
can prevent routing loops.

Example: Disabling OSPFv2 Compatibility with RFC 1583

This example shows how to disable OSPFv2 compatibility with RFC 1583 on the routing
device.

• Requirements on page 538

• Overview on page 538
• Configuration on page 538
• Verification on page 539

Requirements

No special configuration beyond device initialization is required before disabling OSPFv2

compatibility with RFC 1583.

Overview

The introduction of RFC 2328 changed the method used to calculate the routes in an
OSPF network. By default, the Junos OS implementation of OSPFv2 is compatible with
RFC 1583, so OSPF uses the minimum cost to determine the route to any of the networks
within the specified range. When you disable RFC 1583 compatibility, OSPF uses the
maximum cost to determine the route to any of the networks within the specified range.
To minimize the potential for routing loops, configure the same RFC compatibility on all
OSPF devices in an OSPF domain.

Configuration

CLI Quick To quickly disable OSPFv2 compatibility with RFC 1583, copy the following command
Configuration and paste it into the CLI. You configure this setting on all devices that are part of the
OSPF domain.

[edit]
set protocols ospf no-rfc-1583

538 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

Step-by-Step To disable OSPFv2 compatibility with RFC 1583:

Procedure
1. Disable RFC 1583.

[edit]
user@host# set protocols ospf no-rfc-1583

2. If you are done configuring the device, commit the configuration.

[edit]
user@host# commit

NOTE: Repeat this configuration on each routing device that participates

in an OSPF routing domain.

user@host# show protocols ospf

no-rfc-1583;

Verification

Confirm that the configuration is working properly.

Verifying the OSPF Routes

Purpose Verify that the OSPF routing table maintains the intra-AS paths with the largest metric,
which the router uses to calculate AS external routes.

Action From operational mode, enter the show ospf route detail command.

Related • OSPF Overview on page 494

Documentation
• OSPF Configuration Overview on page 508

Examples: Configuring OSPF Interfaces

• About OSPF Interfaces on page 540

• Example: Configuring an Interface on a Broadcast or Point-to-Point Network on page 541
• Example: Configuring an OSPFv2 Interface on a Nonbroadcast Multiaccess
Network on page 543
• Example: Configuring an OSPFv2 Interface on a Point-to-Multipoint Network on page 546
• Example: Configuring OSPF Demand Circuits on page 547
• Example: Configuring a Passive OSPF Interface on page 550
• Example: Configuring OSPFv2 Peer interfaces on page 552

Copyright © 2011, Juniper Networks, Inc. 539

Junos OS 11.4 Routing Protocols Configuration Guide

About OSPF Interfaces

To activate OSPF on a network, you must enable the OSPF protocol on one or more
interfaces on each device within the network on which traffic is to travel. How you
configure the interface depends on whether the interface is connected to a broadcast
or point-to-point network, a point-to-multipoint network, a nonbroadcast multiaccess
(NBMA) network, or across a demand circuit.

• A broadcast interface behaves as if the routing device is connected to a LAN.

• A point-to-point interface provides a connection between a single source and a single

destination (there is only one OSPF adjacency).

• A point-to-multipoint interface provides a connection between a single source and

multiple destinations.

• An NBMA interface behaves in a similar fashion to a point-to-multipoint interface, but

you might configure an NBMA interface to interoperate with other equipment.

• A demand circuit is a connection on which you can limit traffic based on user
agreements. The demand circuit can limit bandwidth or access time based on
agreements between the provider and user.

You can also configure an OSPF interface to be passive, to operate in passive traffic
engineering mode, or to be a peer interface.

• A passive interface advertises its address, but does not run the OSPF protocol
(adjacencies are not formed and hello packets are not generated).

• An interface operating in OSPF passive traffic engineering mode floods link address
information within the autonomous system (AS) and makes it available for traffic
engineering calculations.

• A peer interface can be configured for OSPFv2 routing devices. A peer interface is
required for Generalized MPLS (GMPLS) to transport traffic engineering information
through a link separate from the control channel. You establish this separate link by
configuring a peer interface. The peer interface name must match the Link Management
Protocol (LMP) peer name. A peer interface is optional for a hierarchy of RSVP
label-switched paths (LSPs). After you configure the forwarding adjacency, you can
configure OSPFv2 to advertise the traffic engineering properties of a forwarding
adjacency to a specific peer.

Point-to-point interfaces differ from multipoint in that only one OSPF adjacency is
possible. (A LAN, for instance, can have multiple addresses and can run OSPF on each
subnet simultaneously.) As such, when you configure a numbered point-to-point interface
to OSPF by name, multiple OSPF interfaces are created. One, which is unnumbered, is
the interface on which the protocol is run. An additional OSPF interface is created for
each address configured on the interface, if any, which is automatically marked as passive.

For OSPFv3, one OSPF-specific interface must be created per interface name configured
under OSPFv3. OSPFv3 does not allow interfaces to be configured by IP address.

540 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

Enabling OSPF on an interface (by including the interface statement), disabling it (by
including the disable statement), and not actually having OSPF run on an interface (by
including the passive statement) are mutually exclusive states.

NOTE: When you configure OSPFv2 on an interface, you must also include
the family inet statement at the [edit interfaces interface-name unit
logical-unit-number] hierarchy level. When you configure OSPFv3 on an
interface, you must also include the family inet6 statement at the [edit
interfaces interface-name unit logical-unit-number] hierarchy level. In Junos OS
Release 9.2 and later, you can configure OSPFv3 to support address families
other than unicast IPv6.

Example: Configuring an Interface on a Broadcast or Point-to-Point Network

This example shows how to configure an OSPF interface on a broadcast or point-to-point
network.

• Requirements on page 541

• Overview on page 541
• Configuration on page 542
• Verification on page 543

Requirements

Before you begin:

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Overview

If the interface on which you are configuring OSPF supports broadcast mode (such as a
LAN), or if the interface supports point-to-point mode (such as a PPP interface or a
point-to-point logical interface on Frame Relay), you specify the interface by including
the IP address or the interface name for OSPFv2, or only the interface name for OSPFv3.
In Junos OS Release 9.3 and later, an OSPF point-to-point interface can be an Ethernet
interface without a subnet. If you configure an interface on a broadcast network,
designated router and backup designated router election is performed.

NOTE: Using both the interface name and the IP address of the same interface
produces an invalid configuration.

Copyright © 2011, Juniper Networks, Inc. 541

Junos OS 11.4 Routing Protocols Configuration Guide

In this example, you configure interface ge-0/2/0 as an OSPFv2 interface in OSPF area
0.0.0.1.

Configuration

CLI Quick To quickly configure an OSPF interface on a broadcast or point-to-point network, copy
Configuration the following commands and paste them into the CLI.

[edit]
set interfaces ge-0/2/0 unit 0 family inet address 10.0.0.1
set protocols ospf area 0.0.0.1 interface ge-0/2/0

Step-by-Step To configure an OSPF interface on a broadcast or point-to-point network:

Procedure
1. Configure the interface.

NOTE: For an OSPFv3 interface, specify an IPv6 address.

[edit]
user@host# set interfaces ge-0/2/0 unit 0 family inet address 10.0.0.1

2. Create an OSPF area.

NOTE: For an OSPFv3 interface, include the ospf3 statement at the

[edit protocols] hierarchy level.

[edit]
user@host# edit protocols ospf area 0.0.0.1

3. Assign the interface to the area.

[edit protocols ospf area 0.0.0.1 ]

user@host# set interface ge-0/2/0

4. If you are done configuring the device, commit the configuration.

[edit protocols ospf area 0.0.0.1 ]

user@host# commit

Results Confirm your configuration by entering the show interfaces and the show protocols ospf
commands. If the output does not display the intended configuration, repeat the
instructions in this example to correct the configuration.

user@host# show interfaces

ge-0/2/0 {
unit 0 {
family inet {
address 10.0.0.1/32;
}
}
}

542 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

user@host# show protocols ospf

area 0.0.0.1 {
interface ge-0/2/0.0;
}

To confirm your OSPFv3 configuration, enter the show interfaces and the show protocols
ospf3 commands.

Verification

Confirm that the configuration is working properly.

Verifying the OSPF Interface

Purpose Verify the interface configuration. Depending on your deployment, the Type field might
display LAN or P2P.

Action From operational mode, enter the show ospf interface detail command for OSPFv2, and
enter the show ospf3 interface detail command for OSPFv3.

Example: Configuring an OSPFv2 Interface on a Nonbroadcast Multiaccess Network

This example shows how to configure an OSPFv2 interface on a nonbroadcast multiaccess
(NBMA) network.

• Requirements on page 543

• Overview on page 543
• Configuration on page 544
• Verification on page 545

Requirements

Before you begin:

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511.

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Overview

When you configure OSPFv2 on an NBMA network, you can use nonbroadcast mode
rather than point-to-multipoint mode. Using this mode offers no advantages over
point-to-multipoint mode, but it has more disadvantages than point-to-multipoint mode.
Nevertheless, you might occasionally find it necessary to configure nonbroadcast mode
to interoperate with other equipment. Because there is no autodiscovery mechanism,
you must configure each neighbor.

Copyright © 2011, Juniper Networks, Inc. 543

Junos OS 11.4 Routing Protocols Configuration Guide

Nonbroadcast mode treats the NBMA network as a partially connected LAN, electing
designated and backup designated routers. All routing devices must have a direct
connection to both the designated and backup designated routers, or unpredictable
results occur.

When you configure the interface, specify either the IP address or the interface name.
Using both the IP address and the interface name produces an invalid configuration. For
nonbroadcast interfaces, specify the IP address of the nonbroadcast interface as the
interface name.

In this example, you configure the Asynchronous Transfer Mode (ATM) interface at-0/1/0
as an OSPFv2 interface in OSPF area 0.0.0.1, and you and specify the following settings:

• interface-type nbma—Sets the interface to run in NBMA mode. You must explicitly
configure the interface to run in NBMA mode.

• neighbor address <eligible>—Specifies the IP address of the neighboring device. OSPF

routing devices normally discover their neighbors dynamically by listening to the
broadcast or multicast hello packets on the network. Because an NBMA network does
not support broadcast (or multicast), the device cannot discover its neighbors
dynamically, so you must configure all the neighbors statically. To configure multiple
neighbors, include multiple neighbor statements. If you want the neighbor to be a
designated router, include the eligible keyword.

• poll-interval—Specifies the length of time, in seconds, before the routing device sends
hello packets out of the interface before it establishes adjacency with a neighbor.
Routing devices send hello packets for a longer interval on nonbroadcast networks to
minimize the bandwidth required on slow WAN links. The range is from 1 through 255
seconds. By default, the device sends hello packets out the interface every 120 seconds
before it establishes adjacency with a neighbor.

Once the routing device detects an active neighbor, the hello packet interval changes
from the time specified in the poll-interval statement to the time specified in the
hello-interval statement.

Configuration

CLI Quick To quickly configure an OSPFv2 interface on an NBMA network, copy the following
Configuration commands and paste them into the CLI.

[edit]
set interfaces at-0/1/0 unit 0 family inet address 192.0.2.1
set protocols ospf area 0.0.0.1 interface at-0/1/0.0 interface-type nbma
set protocols ospf area 0.0.0.1 interface at-0/1/0.0 neighbor 192.0.2.2 eligible
set protocols ospf area 0.0.0.1 interface at-0/1/0.0 poll-interval 130

Step-by-Step To configure an OSPFv2 interface on an NBMA network:

Procedure
1. Configure the interface.

[edit]
user@host# set interfaces at-0/1/0 unit 0 family inet address 192.0.2.1

2. Create an OSPF area.

544 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

[edit]
user@host# edit protocols ospf area 0.0.0.1

3. Assign the interface to the area.

In this example, include the eligible keyword to allow the neighbor to be a designated
router.

[edit protocols ospf area 0.0.0.1 ]

user@host# set interface at-0/1/0 interface-type nbma neighbor 192.0.2.2 eligible

4. Configure the poll interval.

[edit protocols ospf area 0.0.0.1 ]

user@host# set interface at-0/1/0 poll-interval 130

5. If you are done configuring the device, commit the configuration.

[edit protocols ospf area 0.0.0.1 ]

user@host# commit

user@host# show interfaces

at-0/1/0 {
unit 0 {
family inet {
address 192.0.2.1/32;
}
}
}

user@host# show protocols ospf

area 0.0.0.1 {
interface at-0/1/0.0 {
interface-type nbma;
neighbor 192.0.2.2 eligible;
poll-interval 130;
}
}

Verification

Confirm that the configuration is working properly.

Verifying the OSPF Interface

Purpose Verify the interface configuration. Confirm that the Type field displays NBMA.

Action From operational mode, enter the show ospf interface detail command.

Copyright © 2011, Juniper Networks, Inc. 545

Junos OS 11.4 Routing Protocols Configuration Guide

Example: Configuring an OSPFv2 Interface on a Point-to-Multipoint Network

This example shows how to configure an OSPFv2 interface on a point-to-multipoint
network.

• Requirements on page 546

• Overview on page 546
• Configuration on page 546
• Verification on page 547

Requirements

Before you begin:

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Overview

When you configure OSPFv2 on a nonbroadcast multiaccess (NBMA) network, such as

a multipoint Asynchronous Transfer Mode (ATM) or Frame Relay, OSPFv2 operates by
default in point-to-multipoint mode. In this mode, OSPFv2 treats the network as a set
of point-to-point links. Because there is no autodiscovery mechanism, you must configure
each neighbor.

When you configure the interface, specify either the IP address or the interface name.
Using both the IP address and the interface name produces an invalid configuration.

In this example, you configure ATM interface at-0/1/0 as an OSPFv2 interface in OSPF
area 0.0.0.1, and you and specify 192.0.2.1 as the neighbor’s IP address.

Configuration

CLI Quick To quickly configure an OSPFv2 interface on a point-to-multipoint network, copy the
Configuration following commands and paste them into the CLI.

[edit]
set interfaces at-0/1/0 unit 0 family inet address 192.0.2.2
set protocols ospf area 0.0.0.1 interface at-0/1/0 neighbor 192.0.2.1

Step-by-Step To configure an OSPFv2 interface on a point-to-multipoint network:

Procedure
1. Configure the interface.

[edit]
user@host# set interfaces at-0/1/0 unit 0 family inet address 192.0.2.2

2. Create an OSPF area.

546 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

[edit]
user@host# edit protocols ospf area 0.0.0.1

3. Assign the interface to the area and specify the neighbor.

[edit protocols ospf area 0.0.0.1]

user@host# set interface at-0/1/0 neighbor 192.0.2.1

To configure multiple neighbors, include a neighbor statement for each neighbor.

4. If you are done configuring the device, commit the configuration.

[edit protocols ospf area 0.0.0.1]

user@host# commit

user@host# show interfaces

at-0/1/0 {
unit 0 {
family inet {
address 192.0.2.2/32;
}
}
}

user@host# show protocols ospf

area 0.0.0.1 {
interface at-0/1/0.0 {
neighbor 192.0.2.1;
}
}

Verification

Confirm that the configuration is working properly.

Verifying the OSPF Interface

Purpose Verify the interface configuration. Confirm that the Type field displays P2MP.

Action From operational mode, enter the show ospf interface detail command.

Example: Configuring OSPF Demand Circuits

This example shows how to configure an OSPF demand circuit interface.

• Requirements on page 548

• Overview on page 548
• Configuration on page 549
• Verification on page 550

Copyright © 2011, Juniper Networks, Inc. 547

Junos OS 11.4 Routing Protocols Configuration Guide

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

NOTE: If you are using OSPF demand circuits over an ISDN link, you must
configure an ISDN interface and enable dial-on-demand routing. See the
Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Configure a single-area OSPF network. See “Example: Configuring a Single-Area OSPF

Network” on page 514.

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Overview

OSPF sends periodic hello packets to establish and maintain neighbor adjacencies and
uses link-state advertisements (LSAs) to make routing calculations and decisions. OSPF
support for demand circuits is defined in RFC 1793, Extending OSPF to Support Demand
Circuits, and suppresses the periodic hello packets and LSAs. A demand circuit is a
connection on which you can limit traffic based on user agreements. The demand circuit
can limit bandwidth or access time based on agreements between the provider and user.

You configure demand circuits on an OSPF interface. When the interface becomes a
demand circuit, all hello packets and LSAs are suppressed as soon as OSPF
synchronization is achieved. LSAs have a DoNotAge bit that stops the LSA from aging
and prevents periodic updates from being sent. Hello packets and LSAs are sent and
received on a demand-circuit interface only when there is a change in the network
topology. This reduces the amount of traffic through the OSPF interface.

Consider the following when configuring OSPF demand circuits:

• Periodic hellos are only suppressed on point-to-point and point-to-multipoint interfaces.

If you configure demand circuits on an OSPF broadcast network or on an OSPF
nonbroadcast multiaccess (NBMA) network, periodic hello packets are still sent.

• Demand circuit support on an OSPF point-to-multipoint interface resembles that for

point-to-point interfaces. If you configure a point-to-multipoint interface as a demand
circuit, the device negotiates hello suppression separately on each interface that is
part of the point-to-multipoint network.

This example assumes that you have a point-to-point connection between two devices
using SONET/SDH interfaces. A demand-circuit interface automatically negotiates the
demand-circuit connection with its OSPF neighbor. If the neighbor does not support
demand circuits, then no demand circuit connection is established.

548 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

In this example, you configure OSPF interface so-0/1/0 in OSPF area 0.0.0.1 as a demand
circuit.

Configuration

CLI Quick To quickly configure an OSPF demand circuit interface, copy the following command
Configuration and paste it into the CLI. You must configure both neighboring interfaces for OSPF demand
circuits for the connection to be established.

[edit]
set protocols ospf area 0.0.0.1 interface so-0/1/0 demand-circuit

Step-by-Step To configure an OSPF demand circuit interface on one neighboring interface:

Procedure
1. Create an OSPF area.

NOTE: For OSPFv3, include the ospf3 statement at the [edit protocols]
hierarchy level.

[edit ]
user@host# edit protocols ospf area 0.0.0.1

2. Configure the neighboring interface as a demand circuit.

[edit protocols ospf area 0.0.0.1]

user@host# set interface so-0/1/0 demand-circuit

3. If you are done configuring the device, commit the configuration.

[edit protocols ospf area 0.0.0.1]

user@host# commit

NOTE: Repeat this entire configuration on the other neighboring

interface.

user@host# show protocols

ospf {
area 0.0.0.1 {
interface so-0/1/0.0 {
demand-circuit;
}
}
}

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

Copyright © 2011, Juniper Networks, Inc. 549

Junos OS 11.4 Routing Protocols Configuration Guide

Verification

Confirm that the configuration is working properly.

Verifying the Status of Neighboring Interfaces

Purpose Verify information about the neighboring interface. When the neighbor is configured for
demand circuits, a DC flag displays.

Action From operational mode, enter the show ospf neighbor detail command for OSPFv2, and
enter the show ospf3 neighbor detail command for OSPFv3.

Example: Configuring a Passive OSPF Interface

This example shows how to configure a passive OSPF interface. A passive OSPF interface
advertises its address but does not run the OSPF protocol.

• Requirements on page 550

• Overview on page 550
• Configuration on page 551
• Verification on page 552

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Configure a single-area OSPF network. See “Example: Configuring a Single-Area OSPF

Network” on page 514.

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Overview

By default, OSPF must be configured on an interface for direct interface addresses to be

advertised as interior routes. To advertise the direct interface addresses without actually
running OSPF on that interface (adjacencies are not formed and hello packets are not
generated), you configure that interface as a passive interface.

550 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

NOTE: If you do not want to see notifications for state changes in a passive
OSPF interface, you can disable the OSPF traps for the interface by including
the no-interface-state-traps statement. The no-interface-state-traps statement
is supported only for OSPFv2.

In this example, you configure interface ge-0/2/0 as a passive OSPF interface in area
0.0.0.1 by including the passive statement.

Configuration

CLI Quick To quickly configure a passive OSPF interface, copy the following command and paste
Configuration it into the CLI.

[edit]
set protocols ospf area 0.0.0.1 interface ge-0/2/0 passive

Step-by-Step To configure a passive OSPF interface:

Procedure
1. Create an OSPF area.

NOTE: For an OSPFv3 interface, include the ospf3 statement at the

[edit protocols] hierarchy level.

[edit]
user@host# edit protocols ospf area 0.0.0.1

2. Configure the passive interface.

[edit protocols ospf area 0.0.0.1 ]

user@host# set interface ge-0/2/0 passive

3. If you are done configuring the device, commit the configuration.

[edit protocols ospf area 0.0.0.1]

user@host# commit

user@host# show protocols ospf

area 0.0.0.1 {
interface ge-0/2/0.0 {
passive;
}
}

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

Copyright © 2011, Juniper Networks, Inc. 551

Junos OS 11.4 Routing Protocols Configuration Guide

Verification

Confirm that the configuration is working properly.

Verifying the Status of OSPF Interfaces

Purpose Verify the status of the OSPF interface. If the interface is passive, the Adj count field is 0
because no adjacencies have been formed. Next to this field, you might also see the word
Passive.

Action From operational mode, enter the show ospf interface detail command for OSPFv2, and
enter the show ospf3 interface detail command for OSPFv3.

Example: Configuring OSPFv2 Peer interfaces

This example shows how to configure an OSPFv2 peer interface.

• Requirements on page 552

• Overview on page 552
• Configuration on page 553
• Verification on page 553

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Configure a single-area OSPF network. See “Example: Configuring a Single-Area OSPF

Network” on page 514.

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

• Configure Generalized MPLS per your network requirements. See LMP Configuration
Overview in the Junos OS MPLS Applications Configuration Guide.

Overview

You can configure an OSPFv2 peer interface for many reasons, including when you
configure Generalized MPLS (GMPLS). This example configures a peer interface for
GMPLS. GMPLS requires traffic engineering information to be transported through a link
separate from the control channel. You establish this separate link by configuring a peer
interface. The OSPFv2 peer interface name must match the Link Management Protocol
(LMP) peer name. You configure GMPLS and the LMP settings separately from OSPF.

This example assumes that GMPLS and the LMP peer named oxc1 are already configured,
and you need to configure the OSPFv2 peer interface in area 0.0.0.0.

552 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

Configuration

CLI Quick To quickly configure an OSPFv2 peer interface, copy the following command and paste
Configuration it into the CLI.

[edit]
set protocols ospf area 0.0.0.0 peer-interface oxc1

Step-by-Step To configure a peer OSPFv2 interface used by the LMP:

Procedure
1. Create an OSPF area.

[edit]
user@host# edit protocols ospf area 0.0.0.0

2. Configure the peer interface.

[edit protocols ospf area 0.0.0.0]

user@host# set peer-interface oxc1

3. If you are done configuring the device, commit the configuration.

[edit protocols ospf area 0.0.0.0]

user@host# commit

user@host# show protocols ospf

area 0.0.0.0 {
peer-interface oxc1;
}

Verification

Confirm that the configuration is working properly.

Verifying the Configured OSPFv2 Peer

Purpose Verify the status of the OSPFv2 peer. When an OSPFv2 peer is configured for GMPLS,
the Peer Name field displays the name of the LMP peer that you created for GMPLS,
which is also the configured OSPFv2 peer.

Action From operational mode, enter the show link-management command.

Related • OSPF Overview on page 494

Documentation
• OSPF Configuration Overview on page 508

Copyright © 2011, Juniper Networks, Inc. 553

Junos OS 11.4 Routing Protocols Configuration Guide

Example: Configuring Multiple Address Families for OSPFv3

• Understanding Multiple Address Families for OSPFv3 on page 554

• Example: Configuring Multiple Address Families for OSPFv3 on page 554

Understanding Multiple Address Families for OSPFv3

By default, OSPFv3 supports only unicast IPv6 routes. In Junos OS Release 9.2 and later,
you can configure OSPFv3 to support multiple address families, including IPv4 unicast,
IPv4 multicast, and IPv6 multicast. This mutliple address family support allows OSPFv3
to support both IPv6 and IPv4 nodes. Junos OS maps each address family to a separate
realm as defined in Internet draft draft-ietf-ospf-af-alt-06.txt, Support for Address Families
in OSPFv3. Each realm maintains a separate set of neighbors and link-state database.

When you configure multiple address families for OSPFv3, there is a new instance ID
field that allows multiple OSPFv3 protocol instances per link. This allows a single link to
belong to multiple areas.

You configure each realm independently. We recommend that you configure an area
and at least one interface for each realm.

These are the default import and export routing tables for each of the four address
families:

• IPv6 unicast: inet6.0

• IPv6 multicast: inet6.2

• IPv4 unicast: inet.0

• IPv4 multicast: inet.2

With the exception of virtual links, all configurations supported for the default IPv6 unicast
family are supported for the address families that have to be configured as realms.

Example: Configuring Multiple Address Families for OSPFv3

This example shows how to configure multiple address families for OSPFv3.

• Requirements on page 554

• Overview on page 555
• Configuration on page 556
• Verification on page 557

Requirements

Before you begin:

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

554 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

• Configure a single-area OSPF network. See “Example: Configuring a Single-Area OSPF

Network” on page 514.

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Overview

By default, OSPFv3 supports unicast IPv6 routes, but you can configure OSPFv3 to
support multiple address families. To support an address family other than unicast IPv6,
you configure a realm that allows OSPFv3 to advertise IPv4 unicast, IPv4 multicast, or
IPv6 multicast routes. Junos OS then maps each address family that you configure to a
separate realm with its own set of neighbors and link-state database.

NOTE: By default, LDP synchronization is only supported for OSPFv2. If you

configure an IPv4 unicast or IPv4 multicast realm, you can also configure LDP
synchronization. Since LDP synchronization is only supported for IPv4, this
support is only available for OSPFv3 if you configure an IPv4 realm.

When configuring OSPFv3 to support multiple address families, consider the following:

• You configure each realm independently. We recommend that you configure an area
and at least one interface for each realm.

• OSPFv3 uses IPv6 link-local addresses as the source of hello packets and next hop
calculations. As such, you must enable IPv6 on the link regardless of the additional
realm you configure.

Figure 23 on page 556 shows a connection between Routers R0 and R1. In this example,
you configure interface fe-0/1/0 on Router R0 in area 0 to advertise IPv4 unicast routes,
in addition to the default unicast IPv6 routes in area 1, by including the realm ipv4-unicast
statement. Depending on your network requirements, you can also advertise IPv4
multicast routes by including the realm-ipv4-multicast statement, and you can advertise
IPv6 multicast routes by including the realm-ipv6-multicast statement.

Copyright © 2011, Juniper Networks, Inc. 555

Junos OS 11.4 Routing Protocols Configuration Guide

Figure 23: IPv4 Unicast Realm

Area 1 R1

IPv4 Unicast Realm

fe-0/1/0

Area 0 R2 R0

Area 2 R3

g040877
Configuration

CLI Quick The following example requires you to navigate various levels in the configuration
Configuration hierarchy. For information about navigating the CLI, see Modifying the Junos OS
Configuration in Junos OS CLI, Release 11.4.

To quickly configure multiple address families for OSPFv3, copy the following commands
and paste them into the CLI.

[edit]
set interfaces fe-0/1/0 unit 0 family inet address 11.1.2.1/24
set interfaces fe-0/1/0 unit 0 family inet6
set protocols ospf3 area 0.0.0.0 interface fe-0/1/0
set protocols ospf3 realm ipv4-unicast area 0.0.0.0 interface fe-0/1/0

Step-by-Step To configure multiple address families for OSPFv3:

Procedure
1. Configure the device interface participating in OSPFv3.

[edit]
user@host# set interfaces fe-0/1/0 unit 0 family inet address 11.1.2.1/24
user@host# set interfaces fe-0/1/0 unit 0 family inet6

2. Enter OSPFv3 configuration mode.

[edit ]
user@host# edit protocols ospf3

3. Add the interface you configured to the OSPFv3 area.

[edit protocols ospf3 ]

user@host# set area 0.0.0.0 interface fe-0/1/0

4. Configure an IPv4 unicast realm. This allows OSPFv3 to support both IPv4 unicast
and IPv6 unicast routes.

[edit protocols ospf3 ]

user@host# set realm ipv4-unicast area 0.0.0.0 interface fe-0/1/0

556 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

5. If you are done configuring the device, commit the configuration.

[edit protocols ospf3 ]

user@host# commit

NOTE: Repeat this entire configuration on the neighboring device that

is part of the realm.

user@host# show interfaces

fe-0/1/0 {
unit 0 {
family inet {
address 11.1.2.1/24;
}
family inet6;
}
}

user@host# show protocols ospf3

realm ipv4-unicast {
area 0.0.0.0 {
interface fe-0/1/0.0;
}
}
area 0.0.0.0 {
interface fe-0/1/0.0;
}

Verification

Confirm that the configuration is working properly.

• Verifying the Link-State Database on page 557

• Verifying the Status of OSPFv3 Interfaces with Multiple Address Families on page 557

Verifying the Link-State Database

Purpose Verify the status of the link-state database for the configured realm, or address family.

Action From operational mode, enter the show ospf3 database realm ipv4-unicast command.

Verifying the Status of OSPFv3 Interfaces with Multiple Address Families

Purpose Verify the status of the interface for the specified OSPFv3 realm, or address family.

Action From operational mode, enter the show ospf3 interface realm ipv4-unicast command.

Copyright © 2011, Juniper Networks, Inc. 557

Junos OS 11.4 Routing Protocols Configuration Guide

Related • OSPF Overview on page 494

Documentation
• OSPF Configuration Overview on page 508

Examples: Configuring OSPF Route Summarization

• Understanding OSPF Route Summarization on page 558

• Example: Summarizing Ranges of Routes in OSPF Link-State Advertisements on page 558
• Example: Limiting the Number of Prefixes Exported to OSPF on page 563
• Configuring OSPF Refresh and Flooding Reduction in Stable Topologies on page 565

Understanding OSPF Route Summarization

Area border routers (ABRs) send summary link advertisements to describe the routes to
other areas. Depending on the number of destinations, an area can get flooded with a
large number of link-state records, which can utilize routing device resources. To minimize
the number of advertisements that are flooded into an area, you can configure the ABR
to coalesce, or summarize, a range of IP addresses and send reachability information
about these addresses in a single link-state advertisement (LSA). You can summarize
one or more ranges of IP addresses, where all routes that match the specified area range
are filtered at the area boundary, and the summary is advertised in their place.

For an OSPF area, you can summarize and filter intra-area prefixes. All routes that match
the specified area range are filtered at the area boundary, and the summary is advertised
in their place. For an OSPF not-so-stubby area (NSSA), you can only coalesce or filter
NSSA external (Type 7) LSAs before they are translated into AS external (Type 5) LSAs
and enter the backbone area. All external routes learned within the area that do not fall
into the range of one of the prefixes are advertised individually to other areas.

In addition, you can also limit the number of prefixes (routes) that are exported into
OSPF. By setting a user-defined maximum number of prefixes, you prevent the routing
device from flooding an excessive number of routes into an area.

Example: Summarizing Ranges of Routes in OSPF Link-State Advertisements

This example shows how to summarize routes sent into the backbone area.

• Requirements on page 558

• Overview on page 559
• Configuration on page 560
• Verification on page 563

Requirements

Before you begin:

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

558 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

• Configure a static route. See “Examples: Configuring Static Routes” on page 93 in the
Junos OS Routing Protocols Configuration Guide.

Overview

You can summarize a range of IP addresses to minimize the size of the backbone router’s
link-state database. All routes that match the specified area range are filtered at the
area boundary, and the summary is advertised in their place.

Figure 24 on page 559 shows the topology used in this example. R5 is the ABR between
area 0.0.0.4 and the backbone. The networks in area 0.0.0.4 are 10.0.8.4/30, 10.0.8.0/30,
and 10.0.8.8/30, which can be summarized as 10.0.8.0/23. R3 is the ABR between NSSA
area 0.0.0.3 and the backbone. The networks in area 0.0.0.3 are 10.0.4.4/30, 10.0.4.0/30,
and 10.0.4.12/30, which can be summarized as 10.0.4.0/22. Area 0.0.0.3 also contains
external static route 3.0.0.0.8 that you will prevent from flooding throughout the network.

Figure 24: Summarizing Ranges of Routes in OSPF

Backbone

Area 0.0.0.0

Static Route
3.0.0.8
10.0.2.4/30 10.0.2.8/30
NSSA Stub

R3 R5
10.0.2.0/30
10.0.4.12/30 10.0.8.4/30

R1 R6
10.0.4.0/30 10.0.8.8/30

10.0.4.4/30 10.0.8.0/30

R2 R7
g040889

Area 0.0.0.3 Area 0.0.0.4

In this example, you configure the ABRs for route summarization by including the following
settings:

• area-range—For an area, summarizes a range of IP addresses when sending summary

intra-area link advertisements. For an NSSA, summarizes a range of IP addresses when
sending NSSA link-state advertisements (Type 7 LSAs). The specified prefixes are
used to aggregate external routes learned within the area when the routes are advertised
to other areas.

Copyright © 2011, Juniper Networks, Inc. 559

Junos OS 11.4 Routing Protocols Configuration Guide

• network/mask-length—Indicates the summarized IP address range and the number of

significant bits in the network mask.

• restrict—On the NSSA ABR, prevents the configured summary from being advertised.
In this example, we do not want to flood the external route outside of area 0.0.0.3.

Configuration

CLI Quick • To quickly configure route summarization for an OSPF area, copy the following
Configuration commands and paste them into the CLI. The following is the configuration on ABR R5:

[edit]
set interfaces fe-0/0/1 unit 0 family inet address 10.0.8.3
set interfaces fe-0/0/2 unit 0 family inet address 10.0.8.4
set interfaces fe-0/0/0 unit 0 family inet address 10.0.2.3
set interfaces fe-0/0/4 unit 0 family inet address 10.0.2.5
set protocols ospf area 0.0.0.4 stub
set protocols ospf area 0.0.0.4 interface fe-0/0/1
set protocols ospf area 0.0.0.4 interface fe-0/0/2
set protocols ospf area 0.0.0.0 interface fe-0/0/0
set protocols ospf area 0.0.0.0 interface fe-0/0/4
set protocols ospf area 0.0.0.4 area-range 10.0.8.0/23

• To quickly configure route summarization for an OSPF NSSA, copy the following
commands and paste them into the CLI. The following is the configuration on ABR R3:

[edit]
set interfaces fe-0/0/1 unit 0 family inet address 10.0.4.10
set interfaces fe-0/0/2 unit 0 family inet address 10.0.4.1
set interfaces fe-0/0/0 unit 0 family inet address 10.0.2.1
set interfaces fe-0/0/4 unit 0 family inet address 10.0.2.7
set protocols ospf area 0.0.0.3 interface fe-0/0/1
set protocols ospf area 0.0.0.3 interface fe-0/0/2
set protocols ospf area 0.0.0.0 interface fe-0/0/0
set protocols ospf area 0.0.0.0 interface fe-0/0/4
set protocols ospf area 0.0.0.3 area-range 10.0.4.0/22
set protocols ospf area 0.0.0.3 nssa
set protocols ospf area 0.0.0.3 nssa area-range 3.0.0.0/8 restrict

Step-by-Step To summarize routes sent to the backbone area:

Procedure
1. Configure the interfaces.

NOTE: For OSPFv3, include IPv6 addresses.

[edit]
user@R5# set interfaces fe-0/0/1 unit 0 family inet address 10.0.8.3
user@R5# set interfaces fe-0/0/2 unit 0 family inet address 10.0.8.4
user@R5# set interfaces fe-0/0/0 unit 0 family inet address 10.0.2.3
user@R5# set interfaces fe-0/0/4 unit 0 family inet address 10.0.2.5

[edit]
user@R3# set interfaces fe-0/0/1 unit 0 family inet address 10.0.4.10

560 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

user@R3# set interfaces fe-0/0/2 unit 0 family inet address 10.0.4.1

user@R3# set interfaces fe-0/0/0 unit 0 family inet address 10.0.2.1
user@R3# set interfaces fe-0/0/4 unit 0 family inet address 10.0.2.7

2. Configure the type of OSPF area.

NOTE: For OSPFv3, include the ospf3 statement at the [edit protocols]
hierarchy level.

[edit]
user@R5# set protocols ospf area 0.0.0.4 stub

[edit]
user@R3# set protocols ospf area 0.0.0.3 nssa

3. Assign the interfaces to the OSPF areas.

user@R5# set protocols ospf area 0.0.0.4 interface fe-0/0/1

user@R5# set protocols ospf area 0.0.0.4 interface fe-0/0/2
user@R5# set protocols ospf area 0.0.0.0 interface fe-0/0/0
user@R5# set protocols ospf area 0.0.0.0 interface fe-0/0/4

user@R3# set protocols ospf area 0.0.0.3 interface fe-0/0/1

user@R3# set protocols ospf area 0.0.0.3 interface fe-0/0/2
user@R3# set protocols ospf area 0.0.0.0 interface fe-0/0/0
user@R3# set protocols ospf area 0.0.0.0 interface fe-0/0/4

4. Summarize the routes that are flooded into the backbone.

[edit]
user@R5# set protocols ospf area 0.0.0.4 area-range 10.0.8.0/23

[edit]
user@R3# set protocols ospf area 0.0.0.3 area-range 10.0.4.0/22

5. On ABR R3, restrict the external static route from leaving area 0.0.0.3.

[edit]
user@R3# set protocols ospf area 0.0.0.3 nssa area-range 3.0.0.0/8 restrict

6. If you are done configuring the devices, commit the configuration.

[edit]
user@host# commit

Configuration on ABR R5:

user@R5# show interfaces

fe-0/0/0 {
unit 0 {
family inet {
address 10.0.2.3/32;
}

Copyright © 2011, Juniper Networks, Inc. 561

Junos OS 11.4 Routing Protocols Configuration Guide

}
}
fe-0/0/1 {
unit 0 {
family inet {
address 10.0.8.3/32;
}
}
}
fe-0/0/2 {
unit 0 {
family inet {
address 10.0.8.4/32;
}
}
}
fe-0/0/4 {
unit 0 {
family inet {
address 10.0.2.5/32;
}
}
}

user@R5# show protocols ospf

area 0.0.0.0 {
interface fe-0/0/0.0;
interface fe-0/0/4.0;
}
area 0.0.0.4 {
stub;
area-range 10.0.8.0/23;
interface fe-0/0/1.0;
interface fe-0/0/2.0;
}

Configuration on ABR R3:

user@R3# show interfaces

fe-0/0/0 {
unit 0 {
family inet {
address 10.0.2.1/32;
}
}
}
fe-0/0/1 {
unit 0 {
family inet {
address 10.0.4.10/32;
}
}
}
fe-0/0/2 {
unit 0 {
family inet {
address 10.0.4.1/32;

562 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

}
}
}
fe-0/0/4 {
unit 0 {
family inet {
address 10.0.2.7/32;
}
}
}

user@R3t# show protocols ospf

area 0.0.0.0 {
interface fe-0/0/0.0;
interface fe-0/0/4.0;
}
area 0.0.0.3 {
nssa {
area-range 3.0.0.0/8 restrict;
}
area-range 10.0.4.0/22;
interface fe-0/0/1.0;
interface fe-0/0/2.0;
}

To confirm your OSPFv3 configuration, enter the show interfaces and show protocols
ospf3 commands.

Verification

Confirm that the configuration is working properly.

Verifying the Summarized Route

Purpose Verify that the routes you configured for route summarization are being aggregated by
the ABRs before the routes enter the backbone area. Confirm route summarization by
checking the entries of the OSPF link-state database for the routing devices in the
backbone.

Action From operational mode, enter the show ospf database command for OSPFv2, and enter
the show ospf3 database command for OSPFv3.

Example: Limiting the Number of Prefixes Exported to OSPF

This example shows how to limit the number of prefixes exported to OSPF.

• Requirements on page 564

• Overview on page 564
• Configuration on page 564
• Verification on page 565

Copyright © 2011, Juniper Networks, Inc. 563

Junos OS 11.4 Routing Protocols Configuration Guide

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

• Configure a single-area OSPF network. See “Example: Configuring a Single-Area OSPF

Network” on page 514.

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Overview

By default, there is no limit to the number of prefixes (routes) that can be exported into
OSPF. By allowing any number of routes to be exported into OSPF, the routing device
can become overwhelmed and potentially flood an excessive number of routes into an
area.

You can limit the number of routes exported into OSPF to minimize the load on the routing
device and prevent this potential problem. If the routing device exceeds the configured
prefix export value, the routing device purges the external prefixes and enters into an
overload state. This state ensures that the routing device is not overwhelmed as it
attempts to process routing information. The prefix export limit number can be a value
from 0 through 4,294,967,295.

In this example, you configure a prefix export limit of 100,000 by including the
prefix-export-limit statement.

Configuration

CLI Quick To quickly limit the number of prefixes exported to OSPF, copy the following command
Configuration and paste it into the CLI.

[edit]
set protocols ospf prefix-export-limit 100000

Step-by-Step To limit the number of prefixes exported to OSPF:

Procedure
1. Configure the prefix export limit value.

NOTE: For OSPFv3, include the ospf3 statement at the [edit protocols]
hierarchy level.

[edit]
user@host# set protocols ospf prefix-export-limit 100000

564 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

2. If you are done configuring the device, commit the configuration.

[edit]
user@host# commit

user@host# show protocols ospf

prefix-export-limit 100000;

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

Verification

Confirm that the configuration is working properly.

Verifying the Prefix Export Limit

Purpose Verify the prefix export counter that displays the number or routes exported into OSPF.

Action From operational mode, enter the show ospf overview command for OSPFv2, and enter
the show ospf3 overview command for OSPFv3.

Configuring OSPF Refresh and Flooding Reduction in Stable Topologies

The OSPF standard requires that every link-state advertisement (LSA) be refreshed
every 30 minutes. The Juniper implementation refreshes LSAs every 50 minutes. By
default, any LSA that is not refreshed expires after 60 minutes. This requirement can
result in traffic overhead that makes it difficult to scale OSPF networks. You can override
the default behavior by specifying that the DoNotAge bit be set in self-originated LSAs
when they are initially sent by the router or switch. Any LSA with the DoNotAge bit set is
reflooded only when a change occurs in the LSA. This feature thus reduces protocol
traffic overhead while permitting any changed LSAs to be flooded immediately. Routers
or switches enabled for flood reduction continue to send hello packets to their neighbors
and to age self-originated LSAs in their databases.

The Juniper implementation of OSPF refresh and flooding reduction is based on RFC 4136,
OSPF Refresh and Flooding Reduction in Stable Topologies. However, the Juniper
implementation does not include the forced-flooding interval defined in the RFC. Not
implementing the forced-flooding interval ensures that LSAs with the DoNotAge bit set
are reflooded only when a change occurs.

This feature is supported for the following:

• OSPFv2 and OSPFv3 interfaces

• OSPFv3 realms

• OSPFv2 and OSPFv3 virtual links

• OSPFv2 sham links

Copyright © 2011, Juniper Networks, Inc. 565

Junos OS 11.4 Routing Protocols Configuration Guide

• OSPFv2 peer interfaces

• All routing instances supported by OSPF

• Logical systems

To configure flooding reduction for an OSPF interface, include the flood-reduction

statement at the [edit protocols (ospf | ospf3) area area-id interface interface-id] hierarchy
level.

NOTE: If you configure flooding reduction for an interface configured as a

demand circuit, the LSAs are not initially flooded, but sent only when their
content has changed. Hello packets and LSAs are sent and received on a
demand-circuit interface only when a change occurs in the network topology.

In the following example, the OSPF interface so-0/0/1.0 is configured for flooding
reduction. As a result, all the LSAs generated by the routes that traverse the specified
interface have the DoNotAge bit set when they are initially flooded, and LSAs are refreshed
only when a change occurs.

[edit]
protocols ospf {
area 0.0.0.0 {
interface so-0/0/1.0 {
flood-reduction;
}
interface lo0.0;
interface so-0/0/0.0;
}
}

Related • OSPF Overview on page 494

Documentation
• OSPF Configuration Overview on page 508

Examples: Configuring OSPF Traffic Control

• Understanding OSPF Traffic Control on page 566

• Example: Controlling the Cost of Individual OSPF Network Segments on page 568
• Example: Dynamically Adjusting OSPF Interface Metrics Based on Bandwidth on page 572
• Example: Controlling OSPF Route Preferences on page 574

Understanding OSPF Traffic Control

Once a topology is shared across the network, OSPF uses the topology to route packets
between network nodes. Each path between neighbors is assigned a cost based on the
throughput, round-trip time, and reliability of the link. The sum of the costs across a
particular path between hosts determines the overall cost of the path. Packets are then
routed along the shortest path using the shortest-path-first (SPF) algorithm. If multiple
equal-cost paths exist between a source and destination address, OSPF routes packets

566 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

along each path alternately, in round-robin fashion. Routes with lower total path metrics
are preferred over those with higher path metrics.

You can use the following methods to control OSPF traffic:

• Control the cost of individual OSPF network segments

• Dynamically adjust OSPF interface metrics based on bandwidth

• Control OSPF route selection

Controlling the Cost of Individual OSPF Network Segments

OSPF uses the following formula to determine the cost of a route:

cost = reference-bandwidth / interface bandwidth

You can modify the reference-bandwidth value, which is used to calculate the default
interface cost. The interface bandwidth value is not user-configurable and refers to the
actual bandwidth of the physical interface.

To control the flow of packets across the network, OSPF allows you to manually assign
a cost (or metric) to a particular path segment. When you specify a metric for a specific
OSPF interface, that value is used to determine the cost of routes advertised from that
interface. For example, if all routers in the OSPF network use default metric values, and
you increase the metric on one interface to 5, all paths through that interface have a
calculated metric higher than the default and are not preferred.

NOTE: Any value you configure for the metric overrides the default behavior
of using the reference-bandwidth value to calculate the route cost for that
interface.

Dynamically Adjusting OSPF Interface Metrics Based on Bandwidth

You can specify a set of bandwidth threshold values and associated metric values for
an OSPF interface or for a topology on an OSPF interface. When the bandwidth of an
interface changes, the Junos OS automatically sets the interface metric to the value
associated with the appropriate bandwidth threshold value. Junos OS uses the smallest
configured bandwidth threshold value that is equal to or greater than the actual interface
bandwidth to determine the metric value. If the interface bandwidth is greater than any
of the configured bandwidth threshold values, the metric value configured for the interface
is used instead of any of the bandwidth-based metric values configured. The ability to
recalculate the metric for an interface when its bandwidth changes is especially useful
for aggregate interfaces.

Copyright © 2011, Juniper Networks, Inc. 567

Junos OS 11.4 Routing Protocols Configuration Guide

NOTE: You must also configure a metric for the interface when you enable
bandwidth-based metrics.

Controlling OSPF Route Preferences

You can control the flow of packets through the network using route preferences. Route
preferences are used to select which route is installed in the forwarding table when
several protocols calculate routes to the same destination. The route with the lowest
preference value is selected.

By default, internal OSPF routes have a preference value of 10, and external OSPF routes
have a preference value of 150. Although the default settings are appropriate for most
environments, you might want to modify the default settings if all of the routing devices
in your OSPF network use the default preference values, or if you are planning to migrate
from OSPF to a different interior gateway protocol (IGP). If all of the devices use the
default route preference values, you can change the route preferences to ensure that
the path through a particular device is selected for the forwarding table any time multiple
equal-cost paths to a destination exist. When migrating from OSPF to a different IGP,
modifying the route preferences allows you to perform the migration in a controlled
manner.

Example: Controlling the Cost of Individual OSPF Network Segments

This example shows how to control the cost of individual OSPF network segments.

• Requirements on page 568

• Overview on page 568
• Configuration on page 570
• Verification on page 571

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

• Configure a single-area OSPF network. See “Example: Configuring a Single-Area OSPF

Network” on page 514.

Overview

All OSPF interfaces have a cost, which is a routing metric that is used in the link-state
calculation. Routes with lower total path metrics are preferred to those with higher path
metrics. In this example, we explore how to control the cost of OSPF network segments.

568 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

By default, OSPF assigns a default cost metric of 1 to any link faster than 100 Mbps, and
a default cost metric of 0 to the loopback interface (lo0). No bandwidth is associated
with the loopback interface. This means that all interfaces faster than 100 Mbps have
the same default cost metric of 1. If multiple equal-cost paths exist between a source
and destination address, OSPF routes packets along each path alternately, in round-robin
fashion.

Having the same default metric might not be a problem if all of the interfaces are running
at the same speed. If the interfaces operate at different speeds, you might notice that
traffic is not routed over the fastest interface because OSPF equally routes packets
across the different interfaces. For example, if your routing device has Fast Ethernet and
Gigabit Ethernet interfaces running OSPF, each of these interfaces have a default cost
metric of 1.

In the first example, you set the reference bandwidth to 10g (10 Gbps, as denoted by
10,000,000,000 bits) by including the reference-bandwidth statement. With this
configuration, OSPF assigns the Fast Ethernet interface a default metric of 100, and the
Gigabit Ethernet interface a metric of 10. Since the Gigabit Ethernet interface has the
lowest metric, OSPF selects it when routing packets. The range is 9600 through
1,000,000,000,000 bits.

Figure 25 on page 569 shows three routing devices in area 0.0.0.0 and assumes that the
link between Device R2 and Device R3 is congested with other traffic. You can also control
the flow of packets across the network by manually assigning a metric to a particular
path segment. Any value you configure for the metric overrides the default behavior of
using the reference-bandwidth value to calculate the route cost for that interface. To
prevent the traffic from Device R3 going directly to Device R2, you adjust the metric on
the interface on Device R3 that connects with Device R1 so that all traffic goes through
Device R1.

In the second example, you set the metric to 5 on interface fe-1/0/1 on Device R3 that
connects with Device R1 by including the metric statement. The range is 1 through 65,535.

Figure 25: OSPF Metric Configuration

fe-0/0/1 fe-0/0/1
R1 R2

fe-1/0/0
fe-1/0/1

Congested
fe-1/0/1 link

fe-1/0/0
R3 Area 0.0.0.0
g040888

Copyright © 2011, Juniper Networks, Inc. 569

Junos OS 11.4 Routing Protocols Configuration Guide

Configuration

• Configuring the Reference Bandwidth on page 570

• Configuring a Metric for a Specific OSPF Interface on page 571

Configuring the Reference Bandwidth

CLI Quick To quickly configure the reference bandwidth, copy the following command and paste
Configuration it into the CLI.

[edit]
set protocols ospf reference-bandwidth 10g

Step-by-Step To configure the reference bandwidth:

Procedure
1. Configure the reference bandwidth to calculate the default interface cost.

NOTE: To specify OSPFv3, include the ospf3 statement at the [edit

protocols] hierarchy level.

[edit]
user@host# set protocols ospf reference-bandwidth 10g

TIP: As a shortcut in this example, you enter 10g to specify 10 Gbps

reference bandwidth. Whether you enter 10g or 10000000000, the
output of show protocols ospf command displays 10 Gbps as 10g, not
10000000000.

2. If you are done configuring the device, commit the configuration.

[edit]
user@host# commit

NOTE: Repeat this entire configuration on all routing devices in a shared

network.

user@host# show protocols ospf

reference-bandwidth 10g;

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

570 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

Configuring a Metric for a Specific OSPF Interface

CLI Quick To quickly configure a metric for a specific OSPF interface, copy the following command
Configuration and paste it into the CLI.

[edit]
set protocols ospf area 0.0.0.0 interface fe-1/0/1 metric 5

Step-by-Step To configure the metric for a specific OSPF interface:

Procedure
1. Create an OSPF area.

NOTE: To specify OSPFv3, include the ospf3 statement at the [edit

protocols] hierarchy level.

[edit]
user@host# edit protocols ospf area 0.0.0.0

2. Configure the metric of the OSPF network segment.

[edit protocols ospf area 0.0.0.0 ]

user@host# set interface fe-1/0/1 metric 5

3. If you are done configuring the device, commit the configuration.

[edit protocols ospf area 0.0.0.0 ]

user@host# commit

user@host# show protocols ospf

area 0.0.0.0 {
interface fe-1/0/1.0 {
metric 5;
}
}

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

Verification

Confirm that the configuration is working properly.

• Verifying the Configured Metric on page 571

• Verifying the Route on page 572

Verifying the Configured Metric

Purpose Verify the metric setting on the interface. Confirm that the Cost field displays the
interface’s configured metric (cost). When choosing paths to a destination, OSPF uses
the path with the lowest cost.

Copyright © 2011, Juniper Networks, Inc. 571

Junos OS 11.4 Routing Protocols Configuration Guide

Action From operational mode, enter the show ospf interface detail command for OSPFv2, and
enter the show ospf3 interface detail command for OSPFv3.

Verifying the Route

Purpose When choosing paths to a destination, OSPF uses the path with the lowest total cost.
Confirm that OSPF is using the appropriate path.

Action From operational mode, enter the show route command.

Example: Dynamically Adjusting OSPF Interface Metrics Based on Bandwidth

This example shows how to dynamically adjust OSPF interface metrics based on
bandwidth.

• Requirements on page 572

• Overview on page 572
• Configuration on page 573
• Verification on page 574

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

• Configure a single-area OSPF network. See “Example: Configuring a Single-Area OSPF

Network” on page 514.

Overview

You can specify a set of bandwidth threshold values and associated metric values for
an OSPF interface. When the bandwidth of an interface changes, the Junos OS
automatically sets the interface metric to the value associated with the appropriate
bandwidth threshold value. When you configure bandwidth-based metric values, you
typically configure multiple bandwidth and metric values.

In this example, you configure OSPF interface ae0 for bandwidth-based metrics by
including the bandwidth-based-metrics statement and the following settings:

• bandwidth—Specifies the bandwidth threshold in bits per second. The range is 9600
through 1,000,000,000,000,000.

• metric—Specifies the metric value to associate with a specific bandwidth value. The
range is 1 through 65,535.

572 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

Configuration

CLI Quick To quickly configure bandwidth threshold values and associated metric values for an
Configuration OSPF interface, copy the following commands, remove any line breaks, and then paste
the commands into the CLI.

[edit]
set protocols ospf area 0.0.0.0 interface ae0.0 metric 5
set protocols ospf area 0.0.0.0 interface ae0.0 bandwidth-based-metrics bandwidth 1g
metric 60
set protocols ospf area 0.0.0.0 interface ae0.0 bandwidth-based-metrics bandwidth 10g
metric 50

To configure the metric for a specific OSPF interface:

1. Create an OSPF area.

NOTE: To specify OSPFv3, include the ospf3 statement at the [edit

protocols] hierarchy level.

[edit]
user@host# edit protocols ospf area 0.0.0.0

2. Configure the metric of the OSPF network segment.

[edit protocols ospf area 0.0.0.0 ]

user@host# set interface ae0 metric 5

3. Configure the bandwidth threshold values and associated metric values.

[edit protocols ospf area 0.0.0.0 ]

user@host# set interface ae0.0 bandwidth-based-metrics bandwidth 1g metric 60
user@host# set interface ae0.0 bandwidth-based-metrics bandwidth 10g metric 50

4. If you are done configuring the device, commit the configuration.

[edit protocols ospf area 0.0.0.0 ]

user@host# commit

user@host# show protocols ospf

area 0.0.0.0 {
interface ae0.0 {
bandwidth-based-metrics {
bandwidth 1g metric 60;
bandwidth 10g metric 50;
}
metric 5;
}
}

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

Copyright © 2011, Juniper Networks, Inc. 573

Junos OS 11.4 Routing Protocols Configuration Guide

Verification

Confirm that the configuration is working properly.

Verifying the Configured Metric

Action From operational mode, enter the show ospf interface detail command for OSPFv2, and
enter the show ospf3 interface detail command for OSPFv3.

Example: Controlling OSPF Route Preferences

This example shows how to control OSPF route selection in the forwarding table. This
example also shows how you might control route selection if you are migrating from
OSPF to another IGP.

• Requirements on page 574

• Overview on page 574
• Configuration on page 575
• Verification on page 576

Requirements

This example assumes that OSPF is properly configured and running in your network,
and you want to control route selection because you are planning to migrate from OSPF
to a different IGP.

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the IGP that you want to migrate to. See the Junos OS Routing Protocols
Configuration Guide.

Overview

By default, internal OSPF routes have a preference value of 10, and external OSPF routes
have a preference value of 150. You might want to modify this setting if you are planning
to migrate from OSPF to a different IGP. Modifying the route preferences enables you to
perform the migration in a controlled manner.

This example makes the following assumptions:

• OSPF is already running in your network.

• You want to migrate from OSPF to IS-IS.

574 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

• You configured IS-IS per your network requirements and confirmed it is working properly.

In this example, you increase the OSPF route preference values to make them less
preferred than IS-IS routes by specifying 168 for internal OSPF routes and 169 for external
OSPF routes. IS-IS internal routes have a preference of either 15 (for Level1) or 18 (for
Level 2), and external routes have a preference of 160 (for Level 1) or 165 (for Level 2).
In general, it is preferred to leave the new protocol at its default settings to minimize
complexities and simplify any future addition of routing devices to the network. To modify
the OSPF route preference values, configure the following settings:

• preference—Specifies the route preference for internal OSPF routes. By default, internal
32
OSPF routes have a value of 10. The range is from 0 through 4,294967,295 (2 – 1).

• external-preference—Specifies the route preference for external OSPF routes. By default,

external OSPF routes have a value of 150. The range is from 0 through 4,294967,295
32
(2 – 1).

Configuration

CLI Quick To quickly configure the OSPF route preference values, copy the following command
Configuration and paste it into the CLI.

[edit]
set protocols ospf preference 168 external-preference 169

To configure route selection:

1. Enter OSPF configuration mode and set the external and internal routing preferences.

NOTE: To specify OSPFv3, include the ospf3 statement at the [edit

protocols] hierarchy level.

[edit]
user@host# set protocols ospf preference 168 external-preference 169

2. If you are done configuring the device, commit the configuration.

[edit]
user@host# commit

user@host# show protocols ospf

preference 168;
external-preference 169;

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

Copyright © 2011, Juniper Networks, Inc. 575

Junos OS 11.4 Routing Protocols Configuration Guide

Verification

Confirm that the configuration is working properly.

• Verifying the Route on page 576

Verifying the Route

Purpose Verify that the IGP is using the appropriate route. After the new IGP becomes the preferred
protocol (in this example, IS-IS), you should monitor the network for any issues. After
you confirm that the new IGP is working properly, you can remove the OSPF configuration
from the routing device by entering the delete ospf command at the [edit protocols]
hierarchy level.

Action From operational mode, enter the show route command.

Related • OSPF Overview on page 494

Documentation
• OSPF Configuration Overview on page 508

Example: Configuring OSPF Overload Mode

• OSPF Overload Function Overview on page 576

• Example: Configuring OSPF to Make Routing Devices Appear Overloaded on page 577

OSPF Overload Function Overview

If the time elapsed after the OSPF instance is enabled is less than the specified timeout,
overload mode is set.

You can configure the local routing device so that it appears to be overloaded. An
overloaded routing device determines it is unable to handle any more OSPF transit traffic,
which results in sending OSPF transit traffic to other routing devices. OSPF traffic to
directly attached interfaces continues to reach the routing device. You might configure
overload mode for many reasons, including:

• If you want the routing device to participate in OSPF routing, but do not want it to be
used for transit traffic. This could include a routing device that is connected to the
network for analysis purposes, but is not considered part of the production network,
such as network management routing devices.

• If you are performing maintenance on a routing device in a production network. You

can move traffic off that routing device so network services are not interrupted during
your maintenance window.

You configure or disable overload mode in OSPF with or without a timeout. Without a
timeout, overload mode is set until it is explicitly deleted from the configuration. With a
timeout, overload mode is set if the time elapsed since the OSPF instance started is less
than the specified timeout.

576 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

A timer is started for the difference between the timeout and the time elapsed since the
instance started. When the timer expires, overload mode is cleared. In overload mode,
the router link-state advertisement (LSA) is originated with all the transit router links
(except stub) set to a metric of 0xFFFF. The stub router links are advertised with the
actual cost of the interfaces corresponding to the stub. This causes the transit traffic to
avoid the overloaded routing device and to take paths around the routing device. However,
the overloaded routing device’s own links are still accessible.

NOTE: The routing device can also dynamically enter the overload state,
regardless of configuring the device to appear overloaded. For example, if
the routing device exceeds the configured OSPF prefix limit, the routing device
purges the external prefixes and enters into an overload state. You can limit
the number of routes exported into OSPF to minimize the load on the routing
device and prevent this potential problem.

Example: Configuring OSPF to Make Routing Devices Appear Overloaded

This example shows how to configure a routing device running OSPF to appear to be
overloaded.

• Requirements on page 577

• Overview on page 577
• Configuration on page 578
• Verification on page 579

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

• Configure a single-area OSPF network. See “Example: Configuring a Single-Area OSPF

Network” on page 514.

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Overview

You can configure a local routing device running OSPF to appear to be overloaded, which
allows the local routing device to participate in OSPF routing, but not for transit traffic.
When configured, the transit interface metrics are set to the maximum value of 65535.

Copyright © 2011, Juniper Networks, Inc. 577

Junos OS 11.4 Routing Protocols Configuration Guide

This example includes the following settings:

• overload—Configures the local routing device so it appears to be overloaded. You might

configure this if you want the routing device to participate in OSPF routing, but do not
want it to be used for transit traffic, or you are performing maintenance on a routing
device in a production network.

• timeout seconds—(Optional) Specifies the number of seconds at which the overload

is reset. If no timeout interval is specified, the routing device remains in the overload
state until the overload statement is deleted or a timeout is set. In this example, you
configure 60 seconds as the amount of time the routing device remains in the overload
state. By default, the timeout interval is 0 seconds (this value is not configured). The
range is from 60 through 1800 seconds.

Configuration

CLI Quick To quickly configure a local routing device to appear as overloaded, copy the following
Configuration command and paste it into the CLI.

[edit]
set protocols ospf overload timeout 60

Step-by-Step To configure a local routing device to appear overloaded:

Procedure
1. Enter OSPF configuration mode.

NOTE: To specify OSPFv3, include the ospf3 statement at the [edit

protocols] hierarchy level.

[edit]
user@host edit protocols ospf

2. Configure the local routing device to be overloaded.

[edit protocols ospf]

user@host set overload

3. (Optional) Configure the number of seconds at which overload is reset.

[edit protocols ospf]

user@host set overload timeout 60

4. If you are done configuring the device, commit the configuration.

[edit protocols ospf]

user@host# commit

user@host# show protocols ospf

overload timeout 60;

578 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

Verification

Confirm that the configuration is working properly.

• Verifying Traffic Has Moved Off Devices on page 579

• Verifying Transit Interface Metrics on page 579
• Verifying the Overload Configuration on page 579
• Verifying the Viable Next Hop on page 579

Verifying Traffic Has Moved Off Devices

Purpose Verify that the traffic has moved off the upstream devices.

Action From operational mode, enter the show interfaces detail command.

Verifying Transit Interface Metrics

Purpose Verify that the transit interface metrics are set to the maximum value of 65535 on the
downstream neighboring device.

Action From operational mode, enter the show ospf database router detail advertising-router
address command for OSPFv2, and enter the show ospf3 database router detail
advertising-router address command for OSPFv3.

Verifying the Overload Configuration

Purpose Verify that overload is configured by reviewing the Configured overload field. If the overload
timer is also configured, this field also displays the time that remains before it is set to
expire.

Action From operational mode, enter the show ospf overview command for OSPFv2, and the
show ospf3 overview command for OSPFv3.

Verifying the Viable Next Hop

Purpose Verify the viable next hop configuration on the upstream neighboring device. If the
neighboring device is overloaded, it is not used for transit traffic and is not displayed in
the output.

Action From operational mode, enter the show route address command.

Related • OSPF Overview on page 494

Documentation
• OSPF Configuration Overview on page 508

Copyright © 2011, Juniper Networks, Inc. 579

Junos OS 11.4 Routing Protocols Configuration Guide

Example: Configuring the OSPF Routing Algorithm

• Understanding the SPF Algorithm Options for OSPF on page 580

• Example: Configuring SPF Algorithm Options for OSPF on page 580

Understanding the SPF Algorithm Options for OSPF

OSPF uses the shortest-path-first (SPF) algorithm, also referred to as the Dijkstra
algorithm, to determine the route to reach each destination. The SPF algorithm describes
how OSPF determines the route to reach each destination, and the SPF options control
the timers that dictate when the SPF algorithm runs. Depending on your network
environment and requirements, you might want to modify the SPF options. For example,
consider a large-scale environment with a large number of devices flooding link-state
advertisements (LSAs) through out the area. In this environment, it is possible to receive
a large number of LSAs to process, which can consume memory resources. By configuring
the SPF options, you continue to adapt to the changing network topology, but you can
minimize the amount of memory resources being used by the devices to run the SPF
algorithm.

You can configure the following SPF options:

• The delay in the time between the detection of a topology change and when the SPF
algorithm actually runs.

• The maximum number of times that the SPF algorithm can run in succession before
the hold-down timer begins.

• The time to hold down, or wait, before running another SPF calculation after the SPF
algorithm has run in succession the configured number of times.

Example: Configuring SPF Algorithm Options for OSPF

This example shows how to configure the SPF algorithm options. The SPF options control
the timers that dictate when the SPF algorithm runs.

• Requirements on page 580

• Overview on page 581
• Configuration on page 581
• Verification on page 582

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

580 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

• Configure a single-area OSPF network. See “Example: Configuring a Single-Area OSPF

Network” on page 514.

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Overview

OSPF uses the SPF algorithm to determine the route to reach each destination. All routing
devices in an area run this algorithm in parallel, storing the results in their individual
topology databases. Routing devices with interfaces to multiple areas run multiple copies
of the algorithm. The SPF options control the timers used by the SPF algorithm.

Before you modify any of the default settings, you should have a good understanding of
your network environment and requirements.

This example shows how to configure the options for running the SPF algorithm. You
include the spf-options statement and the following options:

• delay—Configures the amount of time (in milliseconds) between the detection of a

topology and when the SPF actually runs. When you modify the delay timer, consider
your requirements for network reconvergence. For example, you want to specify a timer
value that can help you identify abnormalities in the network, but allow a stable network
to reconverge quickly. By default, the SPF algorithm runs 200 milliseconds after the
detection of a topology. The range is from 50 through 8000 milliseconds.

• rapid-runs—Configures the maximum number of times that the SPF algorithm can run
in succession before the hold-down timer begins. By default, the number of SPF
calculations that can occur in succession is 3. The range is from 1 through 5. Each SPF
algorithm is run after the configured SPF delay. When the maximum number of SPF
calculations occurs, the hold-down timer begins. Any subsequent SPF calculation is
not run until the hold-down timer expires.

• holddown—Configures the time to hold down, or wait, before running another SPF
calculation after the SPF algorithm has run in succession the configured maximum
number of times. By default, the hold down time is 5000 milliseconds. The range is
from 2000 through 20,000 milliseconds. If the network stabilizes during the holddown
period and the SPF algorithm does not need to run again, the system reverts to the
configured values for the delay and rapid-runs statements.

Configuration

CLI Quick To quickly configure the SPF options, copy the following commands and paste them into
Configuration the CLI.

[edit]
set protocols ospf spf-options delay 210
set protocols ospf spf-options rapid-runs 4
set protocols ospf spf-options holddown 5050

Step-by-Step To configure the SPF options:

Procedure
1. Enter OSPF configuration mode.

Copyright © 2011, Juniper Networks, Inc. 581

Junos OS 11.4 Routing Protocols Configuration Guide

NOTE: To specify OSPFv3, include the ospf3 statement at the [edit

protocols] hierarchy level.

[edit]
user@host# edit protocols ospf

2. Configure the SPF delay time.

[edit protocols ospf]

user@host# set spf-options delay 210

3. Configure the maximum number of times that the SPF algorithm can run in
succession.

[edit protocols ospf]

user@host# set spf-options rapid-runs 4

4. Configure the SPF hold-down timer.

[edit protocols ospf]

user@host# set spf-options holddown 5050

5. If you are done configuring the device, commit the configuration.

[edit protocols ospf]

user@host# commit

user@host# show protocols ospf

spf-options {
delay 210;
holddown 5050;
rapid-runs 4;
}

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

Verification

Confirm that the configuration is working properly.

Verifying SPF Options

Purpose Verify that SPF is operating per your network requirements. Review the SPF delay field,
the SPF holddown field, and the SPF rapid runs fields.

Action From operational mode, enter the show ospf overview command for OSPFv2, and enter
the show ospf3 overview command for OSPFv3.

582 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

Related • OSPF Overview on page 494

Documentation
• OSPF Configuration Overview on page 508

Example: Configuring Synchronization Between LDP and IGPs

• Synchronization Between LDP and IGPs Overview on page 583

• Example: Configuring Synchronization Between LDP and IGPs on page 583

Synchronization Between LDP and IGPs Overview

LDP is a protocol for distributing labels in non-traffic-engineered applications. Labels
are distributed along the best path determined by the interior gateway protocol (IGP).
If synchronization between LDP and the IGP is not maintained, the label-switch path
(LSP) goes down. When LDP is not fully operational on a given link (a session is not
established and labels are not exchanged), the IGP advertises the link with the maximum
cost metric. The link is not preferred but remains in the network topology.

LDP synchronization is supported only on active point-to-point interfaces and LAN

interfaces configured as point-to-point under the IGP. LDP synchronization is not
supported during graceful restart.

Example: Configuring Synchronization Between LDP and IGPs

This example shows how to configure synchronization between LDP and OSPFv2.

• Requirements on page 583

• Overview on page 584
• Configuration on page 584
• Verification on page 586

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

• Configure a single-area OSPF network. See “Example: Configuring a Single-Area OSPF

Network” on page 514.

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Copyright © 2011, Juniper Networks, Inc. 583

Junos OS 11.4 Routing Protocols Configuration Guide

Overview

In this example, configure synchronization between LDP and OSPFv2 by performing the
following tasks:

• Enable LDP on interface so-1/0/3, which is a member of OSPF area 0.0.0.0, by including
the ldp statement at the [edit protocols] hierarchy level. You can configure one or more
interfaces. By default, LDP is disabled on the routing device.

• Enable LDP synchronization by including the ldp-synchronization statement at the [edit

protocols ospf area area-id interface interface-name] hierarchy level. This statement
enables LDP synchronization by advertising the maximum cost metric until LDP is
operational on the link.

• Configure the amount of time (in seconds) the routing device advertises the maximum
cost metric for a link that is not fully operational by including the hold-time statement
at the [edit protocols ospf area area-id interface interface-name ldp-synchronization]
hierarchy level. If you do not configure the hold-time statement, the hold-time value
defaults to infinity. The range is from 1 through 65,535 seconds. In this example,
configure 10 seconds for the hold-time interval.

This example also shows how to disable synchronization between LDP and OSPFv2 by
including the disable statement at the [edit protocols ospf area area-id interface
interface-name ldp-synchronization] hierarchy level.

Configuration

• Enabling Synchronization Between LDP and OSPFv2 on page 584

• Disabling Synchronization Between LDP and OSPFv2 on page 585

Enabling Synchronization Between LDP and OSPFv2

To quickly enable synchronization between LDP and OSPFv2, copy the following
commands, remove any line breaks, and then paste them into the CLI.

[edit]
set protocols ldp interface so-1/0/3
set protocols ospf area 0.0.0.0 interface so-1/0/3 ldp-syncrhonization hold-time 10

Step-by-Step To enable synchronization between LDP and OSPFv2:

Procedure
1. Enable LDP on the interface.

[edit]
user@host# set protocols ldp interface so-1/0/3

2. Configure LDP synchronization and optionally configure a time period of 10 seconds

to advertise the maximum cost metric for a link that is not fully operational.

[edit ]
user@host# edit protocols ospf area 0.0.0.0 interface so-1/0/3 ldp-synchronization

584 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

3. Configure a time period of 10 seconds to advertise the maximum cost metric for a
link that is not fully operational.

[edit protocols ospf area 0.0.0.0 interface so-1/0/3 ldp-synchronization ]

user@host# set hold-time 10

4. If you are done configuring the device, commit the configuration.

[edit protocols ospf area 0.0.0.0 interface so-1/0/3 ldp-synchronization ]

user@host# commit

Results Confirm your configuration by entering the show protocols ldp and show protocols ospf
commands. If the output does not display the intended configuration, repeat the
instructions in this example to correct the configuration.

user@host# show protocols ldp

interface so-1/0/3.0;

user@host# show protocols ospf

area 0.0.0.0 {
interface so-1/0/3.0 {
ldp-synchronization {
hold-time 10;
}
}
}

Disabling Synchronization Between LDP and OSPFv2

CLI Quick To quickly disable synchronization between LDP and OSPFv2, copy the following
Configuration command and paste it into the CLI.

[edit]
set protocols ospf area 0.0.0.0 interface so-1/0/3 ldp-synchronization disable

Step-by-Step To disable synchronization between LDP and OSPF:

Procedure
1. Disable synchronization by including the disable statement.

[edit ]
user@host# set protocols ospf area 0.0.0.0 interface so-1/0/3 ldp-synchronization
disable

2. If you are done configuring the device, commit the configuration.

[edit]
user@host# commit

user@host# show protocols ospf

area 0.0.0.0 {
interface so-1/0/3.0 {
ldp-synchronization {
disable;

Copyright © 2011, Juniper Networks, Inc. 585

Junos OS 11.4 Routing Protocols Configuration Guide

}
}
}

Verification

Confirm that the configuration is working properly.

Verifying the LDP Synchronization State of the Interface

Purpose Verify the current state of LDP synchronization on the interface. The LDP sync state
displays information related to the current state, and the config holdtime field displays
the configured hold-time interval.

Action From operational mode, enter the show ospf interface extensive command.

Related • OSPF Configuration Overview on page 508

Documentation
• About OSPF Interfaces on page 540

Examples: Configuring OSPF Authentication

• Understanding OSPFv2 Authentication on page 586

• Understanding OSPFv3 Authentication on page 587
• Example: Configuring Simple Authentication for OSPFv2 Exchanges on page 588
• Example: Configuring MD5 Authentication for OSPFv2 Exchanges on page 590
• Example: Configuring a Transition of MD5 Keys on an OSPFv2 Interface on page 592
• Example: Configuring IPsec Authentication for an OSPF Interface on page 595

Understanding OSPFv2 Authentication

All OSPFv2 protocol exchanges can be authenticated to guarantee that only trusted
routing devices participate in the autonomous system’s routing. By default, OSPFv2
authentication is disabled.

NOTE: OSPFv3 does not have a built-in authentication method and relies
on IP Security (IPSec) to provide this functionality.

You can enable the following authentication types:

• Simple authentication—Authenticates by using a plain-text password that is included

in the transmitted packet. The receiving routing device uses an authentication key
(password) to verify the packet.

• MD5 authentication—Authenticates by using an encoded MD5 checksum that is included

in the transmitted packet. The receiving routing device uses an authentication key
(password) to verify the packet.

586 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

You define an MD5 key for each interface. If MD5 is enabled on an interface, that
interface accepts routing updates only if MD5 authentication succeeds. Otherwise,
updates are rejected. The routing device only accepts OSPFv2 packets sent using the
same key identifier (ID) that is defined for that interface.

• IPsec authentication (beginning with Junos OS Release 8.3)—Authenticates OSPFv2

interfaces, the remote endpoint of a sham link, and the OSPFv2 virtual link by using
manual security associations (SAs) to ensure that a packet’s contents are secure
between the routing devices. You configure the actual IPsec authentication separately.

NOTE: You can configure IPsec authentication together with either MD5
or simple authentication.

The following restrictions apply to IPsec authentication for OSPFv2:

• Dynamic IKE SAs are not supported.

• Only IPsec transport mode is supported. Tunnel mode is not supported.

• Because only bidirectional manual SAs are supported, all OSPFv2 peers must be
configured with the same IPsec SA. You configure a manual bidirectional SA at the
[edit security ipsec] hierarchy level.

• You must configure the same IPsec SA for all virtual links with the same remote
endpoint address, for all neighbors on OSPF nonbroadcast multiaccess (NBMA) or
point-to-multipoint links, and for every subnet that is part of a broadcast link.

• OSPFv2 peer interfaces are not supported.

Because OSPF performs authentication at the area level, all routing devices within the
area must have the same authentication and corresponding password (key) configured.
For MD5 authentication to work, both the receiving and transmitting routing devices must
have the same MD5 key. In addition, a simple password and MD5 key are mutually
exclusive. You can configure only one simple password, but multiple MD5 keys.

As part of your security measures, you can change MD5 keys. You can do this by configuring
multiple MD5 keys, each with a unique key ID, and setting the date and time to switch to
the new key. Each unique MD5 key has a unique ID. The ID is used by the receiver of the
OSPF packet to determine which key to use for authentication. The key ID, which is
required for MD5 authentication, specifies the identifier associated with the MD5 key.

Understanding OSPFv3 Authentication

OSPFv3 does not have a built-in authentication method and relies on IPsec to provide
this functionality. OSPFv3 uses the IP authentication header (AH) and the IP Encapsulating
Security Payload (ESP) portions of the IPsec Protocol to authenticate routing information.
You can secure specific OSPFv3 interfaces and protect OSPFv3 virtual links.

Use ESP with NULL encryption to provide authentication to the OSPFv3 protocol headers
only. Use AH to provide authentication to the OSPFv3 protocol headers, portions of the

Copyright © 2011, Juniper Networks, Inc. 587

Junos OS 11.4 Routing Protocols Configuration Guide

IPv6 header, and portions of the extension headers. Use ESP with non-NULL encryption
for full confidentiality. You configure the actual IPsec authentication separately.

The following restrictions apply to IPsec authentication for OSPFv3:

• Dynamic IKE SAs are not supported.

• Only IPsec transport mode is supported. Tunnel mode is not supported.

• Because only bidirectional manual SAs are supported, all OSPFv3 peers must be
configured with the same IPsec SA. You configure a manual bidirectional SA at the
[edit security ipsec] hierarchy level.

• You must configure the same IPsec SA for all virtual links with the same remote endpoint
address.

Example: Configuring Simple Authentication for OSPFv2 Exchanges

This example shows how to enable simple authentication for OSPFv2 exchanges.

• Requirements on page 588

• Overview on page 588
• Configuration on page 589
• Verification on page 590

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

• Configure a single-area OSPF network. See “Example: Configuring a Single-Area OSPF

Network” on page 514.

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Overview

Simple authentication uses a plain-text password that is included in the transmitted

packet. The receiving routing device uses an authentication key (password) to verify the
packet. Plain-text passwords are not encrypted and might be subject to packet
interception. This method is the least secure and should only be used if network security
is not your goal.

You can configure only one simple authentication key (password) on the routing device.
The simple key can be from 1 through 8 characters and can include ASCII strings. If you
include spaces, enclose all characters in quotation marks (“ “).

588 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

In this example, you specify OSPFv2 interface so-0/1/0 in area 0.0.0.0, set the
authentication type to simple-password, and define the key as PssWd4.

Configuration

CLI Quick To quickly configure simple authentication, copy the following command, removing any
Configuration line breaks, and then paste the command into the CLI. You must configure all routing
devices within the area with the same authentication and corresponding password.

[edit]
set protocols ospf area 0.0.0.0 interface so-0/1/0 authentication simple-password PssWd4

Step-by-Step To enable simple authentication for OSPFv2 exchanges:

Procedure
1. Create an OSPF area.

[edit]
user@host# edit protocols ospf area 0.0.0.0

2. Specify the interface.

[edit protocols ospf area 0.0.0.0]

user@host# edit interface so-0/1/0

3. Set the authentication type and the password.

[edit protocols ospf area 0.0.0.0 interface so-0/1/0.0]

user@host# set authentication simple-password PssWd4

4. If you are done configuring the device, commit the configuration.

[edit protocols ospf area 0.0.0.0 interface so-0/1/0.0]

user@host# commit

NOTE: Repeat this entire configuration on all peer OSPFv2 routing

devices in the area.

NOTE: After you configure the password, you do not see the password itself.
The output displays the encrypted form of the password you configured.

user@host# show protocols ospf

area 0.0.0.0 {
interface so-0/1/0.0 {
authentication {
simple-password "$9$-3dY4ZUHm5FevX-db2g"; ## SECRET-DATA
}
}

Copyright © 2011, Juniper Networks, Inc. 589

Junos OS 11.4 Routing Protocols Configuration Guide

Verification

Confirm that the configuration is working properly.

• Verifying the Configured Authentication Method on page 590

Verifying the Configured Authentication Method

Purpose Verify that the authentication method for sending and receiving OSPF protocol packets
is configured. The Authentication Type field displays Password when configured for
simple authentication.

Action From operational mode, enter the show ospf interface and the show ospf overview
commands.

Example: Configuring MD5 Authentication for OSPFv2 Exchanges

This example shows how to enable MD5 authentication for OSPFv2 exchanges.

• Requirements on page 590

• Overview on page 590
• Configuration on page 591
• Verification on page 592

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

• Configure a single-area OSPF network. See “Example: Configuring a Single-Area OSPF

Network” on page 514.

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Overview

MD5 authentication uses an encoded MD5 checksum that is included in the transmitted
packet. The receiving routing device uses an authentication key (password) to verify the
packet.

You define an MD5 key for each interface. If MD5 is enabled on an interface, that interface
accepts routing updates only if MD5 authentication succeeds. Otherwise, updates are

590 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

rejected. The routing device only accepts OSPFv2 packets sent using the same key
identifier (ID) that is defined for that interface.

In this example, you create the backbone area (area 0.0.0.0), specify OSPFv2 interface
so-0/2/0, set the authentication type to md5, and then define the authentication key ID
as 5 and the password as PssWd8.

Configuration

CLI Quick To quickly configure MD5 authentication, copy the following command and paste it into
Configuration the CLI.

[edit]
set protocols ospf area 0.0.0.0 interface so-0/2/0 authentication md5 5 key PssWd8

Step-by-Step To enable MD5 authentication for OSPFv2 exchanges:

Procedure
1. Create an OSPF area.

[edit]
user@host# edit protocols ospf area 0.0.0.0

2. Specify the interface.

[edit protocols ospf area 0.0.0.0]

user@host# edit interface so-0/2/0

3. Configure MD5 authentication and set a key ID and an authentication password.

[edit protocols ospf area 0.0.0.0 interface s0-0/2/0.0]

user@host# set authentication md5 5 key PssWd8

4. If you are done configuring the device, commit the configuration.

[edit protocols ospf area 0.0.0.0 interface s0-0/2/0.0]

user@host# commit

NOTE: Repeat this entire configuration on all peer OSPFv2 routing

devices.

NOTE: After you configure the password, you do not see the password itself.
The output displays the encrypted form of the password you configured.

user@host# show protocols ospf

area 0.0.0.0 {
interface so-0/2/0.0 {
authentication {

Copyright © 2011, Juniper Networks, Inc. 591

Junos OS 11.4 Routing Protocols Configuration Guide

md5 5 key "$9$pXXhuIhreWx-wQF9puBEh"; ## SECRET-DATA

}
}
}

Verification

Confirm that the configuration is working properly.

Verifying the Configured Authentication Method

Purpose Verify that the authentication method for sending and receiving OSPF protocol packets
is configured. When configured for MD5 authentication, the Authentication Type field
displays MD5, the Active key ID field displays the unique number you entered that identifies
the MD5 key, and the Start time field displays the date as Start time 1970 Jan 01 00:00:00
PST. Do not be alarmed by this start time. This is the default start time that the routing
device displays if the MD5 key is effective immediately.

Action From operational mode, enter the show ospf interface and the show ospf overview
commands.

Example: Configuring a Transition of MD5 Keys on an OSPFv2 Interface

This example shows how to configure a transition of MD5 keys on an OSPFv2 interface.

• Requirements on page 592

• Overview on page 592
• Configuration on page 593
• Verification on page 595

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

• Configure a single-area OSPF network. See “Example: Configuring a Single-Area OSPF

Network” on page 514.

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Overview

MD5 authentication uses an encoded MD5 checksum that is included in the transmitted
packet. For MD5 authentication to work, both the receiving and transmitting routing
devices must have the same MD5 key.

592 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

You define an MD5 key for each interface. If MD5 is enabled on an interface, that interface
accepts routing updates only if MD5 authentication succeeds. Otherwise, updates are
rejected. The routing device only accepts OSPFv2 packets sent using the same key
identifier (ID) that is defined for that interface.

For increased security, you can configure multiple MD5 keys, each with a unique key ID,
and set the date and time to switch to a new key. The receiver of the OSPF packet uses
the ID to determine which key to use for authentication.

In this example, you configure new keys to take effect at 12:01 AM on the first day of the
next three months on OSPFv2 interface fe-0/0/1 in the backbone area (area 0.0.0.0),
and you configure the following MD5 authentication settings:

• md5—Specifies the MD5 authentication key ID. The key ID can be set to any value
between 0 and 255, with a default value of 0. The routing device only accepts OSPFv2
packets sent using the same key ID that is defined for that interface.

• key—Specifies the MD5 key. Each key can be a value from 1 through 16 characters long.
Characters can include ASCII strings. If you include spaces, enclose all characters in
quotation marks (“ “).

• start-time—Specifies the time to start using the MD5 key. This option enables you to
configure a smooth transition mechanism for multiple keys. The start time is relevant
for transmission but not for receiving OSPF packets.

NOTE: You must set the same passwords and transition dates and times on
all devices in the area so that OSPFv2 adjacencies remain active.

Configuration

CLI Quick To quickly configure multiple MD5 keys on an OSPFv2 interface, copy the following
Configuration commands, remove any line breaks, and then paste the commands into the CLI.

[edit]
set protocols ospf area 0.0.0.0 interface fe-0/1/0 authentication md5 1 key $2010HaL
set protocols ospf area 0.0.0.0 interface fe-0/1/0 authentication md5 2 key NeWpsswdFEB
start-time 2011-02-01.00:01
set protocols ospf area 0.0.0.0 interface fe-0/1/0 authentication md5 3 key NeWpsswdMAR
start-time 2011-03-01.00:01
set protocols ospf area 0.0.0.0 interface fe-0/1/0 authentication md5 4 key NeWpsswdAPR
start-time 2011-04-01.00:01

Step-by-Step To configure multiple MD5 keys on an OSPFv2 interface:

Procedure
1. Create an OSPF area.

[edit]
user@host# edit protocols ospf area 0.0.0.0

2. Specify the interface.

[edit protocols ospf area 0.0.0.0]

user@host# edit interface fe-0/1/0

Copyright © 2011, Juniper Networks, Inc. 593

Junos OS 11.4 Routing Protocols Configuration Guide

3. Configure MD5 authentication and set an authentication password and key ID.

[edit protocols ospf area 0.0.0.0 interface fe-0/1/0.0]

user@host# set authentication md5 1 key $2010HaL

4. Configure a new key to take effect at 12:01 AM on the first day of February, March,
and April.

You configure a new authentication password and key ID for each month.

a. For the month of February, enter the following:

[edit protocols ospf area 0.0.0.0 interface fe-0/1/0.0]

user@host# set authentication md5 2 key NeWpsswdFEB start-time
2011-02-01.00:01

b. For the month of March, enter the following:

[edit protocols ospf area 0.0.0.0 interface fe-0/1/0.0]

user@host# set authentication md5 3 key NeWpsswdMAR start-time
2011-03-01.00:01

c. For the month of April, enter the following:

[edit protocols ospf area 0.0.0.0 interface fe-0/1/0.0]

user@host# set authentication md5 4 key NeWpsswdAPR start-time
2011-04-01.00:01

5. If you are done configuring the device, commit the configuration.

[edit protocols ospf area 0.0.0.0 interface fe-0/1/0.0]

user@host# commit

NOTE: Repeat this entire configuration on all peer OSPFv2 routing

devices.

NOTE: After you configure the password, you do not see the password itself.
The output displays the encrypted form of the password you configured.

user@host# show protocols ospf

area 0.0.0.0 {
interface fe-0/1/0.0 {
authentication {
md5 1 key "$9$wzs24JGDjk.2gfTQ3CAp0B1hy"; ## SECRET-DATA
md5 2 key "$9$Q9gz39t1IcML7EcwgJZq.RhSylMN-b4oZDi" start-time
"2011-2-1.00:01:00 -0800"; ## SECRET-DATA
md5 3 key "$9$zjo2nCpIRSWXNhSs4ZG.mEcyreW2gaZGjCt" start-time
"2011-3-1.00:01:00 -0800"; ## SECRET-DATA

594 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

md5 4 key "$9$fQn90OReML1Rds4oiHBIEhSevMLXNVqm" start-time

"2011-4-1.00:01:00 -0700"; ## SECRET-DATA
}
}
}

Verification

Confirm that the configuration is working properly.

Verifying the Configured Authentication Method

Purpose Verify that the authentication method for sending and receiving OSPF protocol packets
is configured. When configured for MD5 authentication with a transition of keys, the Auth
type field displays MD5, the Active key ID field displays the unique number you entered
that identifies the MD5 key, and the Start time field displays the time at which the routing
device starts using an MD5 key to authenticate OSPF packets transmitted on the interface
you configured.

Action From operational mode, enter the show ospf interface and the show ospf overview
commands.

Example: Configuring IPsec Authentication for an OSPF Interface

This example shows how to enable IP Security (IPsec) authentication for an OSPF
interface.

• Requirements on page 595

• Overview on page 596
• Configuration on page 597
• Verification on page 600

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

• Configure a single-area OSPF network. See “Example: Configuring a Single-Area OSPF

Network” on page 514.

• Configure a multiarea OSPF network. See “Example: Configuring a Multiarea OSPF

Network” on page 516.

Copyright © 2011, Juniper Networks, Inc. 595

Junos OS 11.4 Routing Protocols Configuration Guide

Overview

You can use IPsec authentication for both OSPFv2 and OSPFv3. You configure the actual
IPsec authentication separately and apply it to the applicable OSPF configuration.

OSPFv2

Beginning with Junos OS Release 8.3, you can use IPsec authentication to authenticate
OSPFv2 interfaces, the remote endpoint of a sham link, and the OSPFv2 virtual link by
using manual security associations (SAs) to ensure that a packet’s contents are secure
between the routing devices.

NOTE: You can configure IPsec authentication together with either MD5 or
simple authentication.

To enable IPsec authentication, do one of the following:

• For an OSPFv2 interface, include the ipsec-sa name statement for a specific interface:

interface interface-name ipsec-sa name;

• For a remote sham link, include the ispec-sa name statement for the remote end point
of the sham link:

sham-link-remote address ipsec-sa name;

NOTE: If a Layer 3 VPN configuration has multiple sham links with the
same remote endpoint IP address, you must configure the same IPsec
security association for all the remote endpoints. You configure a
Layer 3 VPN at the [edit routing-instances routing-instance-name
instance-type] hierarchy level. For more information about Layer 3 VPNs,
see the Junos OS VPNs Configuration Guide.

• For a virtual link, include the ipsec-sa name statement for a specific virtual link:

virtual-link neighbor-id router-id transit-area area-id ipsec-sa name;

OSPFv3

OSPFv3 does not have a built-in authentication method and relies on IPsec to provide
this functionality. You use IPsec authentication to secure OSPFv3 interfaces and protect
OSPFv3 virtual links by using manual SAs to ensure that a packet’s contents are secure
between the routing devices.

To apply authentication, do one of the following:

• For an OSPFv3 interface, include the ipsec-sa name statement for a specific interface:

interface interface-name ipsec-sa name;

• For a virtual link, include the ipsec-sa name statement for a specific virtual link:

596 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

virtual-link neighbor-id router-id transit-area area-id ipsec-sa name;

Tasks to Complete for Both OSPFv2 and OSPFv3

In this example, you perform the following tasks:

1. Configure IPsec authentication. To do this, define a manual SA named sa1 and specify
the processing direction, the protocol used to protect IP traffic, the security parameter
index (SPI), and the authentication algorithm and key.

a. Configure the following option at the [edit security ipsec security-association

sa-name mode] hierarchy level:

transport—Specifies transport mode. This mode protects traffic when the

communication endpoint and the cryptographic endpoint are the same. The data
portion of the IP packet is encrypted, but the IP header is not.

b. Configure the following option at the [edit security ipsec security-association

sa-name manual direction] hierarchy level:

bidirectional—Defines the direction of IPsec processing. By specifying bidrectional,

the same algorithms, keys, and security paramater index (SPI) values you configure
are used in both directions.

c. Configure the following options at the [edit security ipsec security-association

sa-name manual direction bidirectional] hierarchy level:

protocol—Defines the IPsec protocol used by the manual SA to protect IP traffic.

You can specify either the authentication header (AH) or the Encapsulating Security
Payload (ESP). If you specify AH, which you do in this example, you cannot configure
encryption.

spi—Configures the SPI for the manual SA. An SPI is an arbitrary value that uniquely
identifies which SA to use at the receiving host. The sending host uses the SPI to
identify and select which SA to use to secure every packet. The receiving host uses
the SPI to identify and select the encryption algorithm and key used to decrypt
packets. In this example, you specify 256.

authentication—Configures the authentication algorithm and key. The algorithm

option specifies the hash algorithm that authenticates packet data. In this example,
you specify hmac-md5-96, which produces a 128-bit digest. The key option indicates
the type of authentication key. In this example, you specify ascii-text-key, which is
16 ASCII characters for the hmac-md5-96 algorithm.

2. Enable IPsec authentication on OSPF interface so-0/2/0.0 in the backbone area (area
0.0.0.0) by including the name of the manual SA sa1 that you configured at the [edit
security ipsec] hierarchy level.

Configuration

• Configuring Security Associations on page 598

• Enabling IPsec Authentication for an OSPF Interface on page 599

Copyright © 2011, Juniper Networks, Inc. 597

Junos OS 11.4 Routing Protocols Configuration Guide

Configuring Security Associations

CLI Quick To quickly configure a manual SA to be used for IPsec authentication on an OSPF
Configuration interface, copy the following commands, remove any line breaks, and then paste the
commands into the CLI.

[edit]
set security ipsec security-association sa1
set security ipsec security-association sa1 mode transport
set security ipsec security-association sa1 manual direction bidirectional
set security ipsec security-association sa1 manual direction bidirectional protocol ah
set security ipsec security-association sa1 manual direction bidirectional spi 256
set security ipsec security-association sa1 manual direction bidirectional authentication
algorithm hmac-md5-96 key ascii-text 123456789012abc

Step-by-Step To configure a manual SA to be used on an OSPF interface:

Procedure
1. Specify a name for the SA.

[edit]
user@host# edit security ipsec security-association sa1

2. Specify the mode of the SA.

[edit security ipsec security-association sa1 ]

user@host# set mode transport

3. Configure the direction of the manual SA.

[edit security ipsec security-association sa1 ]

user@host# set manual direction bidirectional

4. Configure the IPsec protocol to use.

[edit security ipsec security-association sa1 ]

user@host# set manual direction bidirectional protocol ah

5. Configure the value of the SPI.

[edit security ipsec security-association sa1 ]

user@host# set manual direction bidirectional spi 256

6. Configure the authentication algorithm and key.

[edit security ipsec security-association sa1 ]

user@host# set manual direction bidirectional authentication algorithm
hmac-md5-96 key ascii-text 123456789012abc

7. If you are done configuring the device, commit the configuration.

[edit security ipsec security-association sa1 ]

user@host# commit

NOTE: Repeat this entire configuration on all peer OSPF routing devices.

598 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

Results Confirm your configuration by entering the show security ipsec command. If the output
does not display the intended configuration, repeat the instructions in this example to
correct the configuration.

NOTE: After you configure the password, you do not see the password itself.
The output displays the encrypted form of the password you configured.

user@host# show security ipsec

security-association sa1 {
mode transport;
manual {
direction bidirectional {
protocol ah;
spi 256;
authentication {
algorithm hmac-md5-96;
key ascii-text "$9$AP5Hp1RcylMLxSygoZUHk1REhKMVwY2oJx7jHq.zF69A0OR";
## SECRET-DATA
}
}
}
}

Enabling IPsec Authentication for an OSPF Interface

CLI Quick To quickly apply a manual SA used for IPsec authentication to an OSPF interface, copy
Configuration the following command and paste it into the CLI.

[edit]
set protocols ospf area 0.0.0.0 interface so-0/2/0 ipsec-sa sa1

Step-by-Step To enable IPsec authentication for an OSPF interface:

Procedure
1. Create an OSPF area.

NOTE: To specify OSPFv3, include the ospf3 statement at the [edit

protocols] hierarchy level.

[edit]
user@host# edit protocols ospf area 0.0.0.0

2. Specify the interface.

[edit protocols ospf area 0.0.0.0]

user@host# edit interface so-0/2/0

3. Apply the IPsec manual SA.

[edit protocols ospf area 0.0.0.0 interface so-0/2/0.0]

user@host# set ipsec-sa sa1

Copyright © 2011, Juniper Networks, Inc. 599

Junos OS 11.4 Routing Protocols Configuration Guide

4. If you are done configuring the device, commit the configuration.

[edit protocols ospf area 0.0.0.0 interface so-0/2/0.0]

user@host# commit

NOTE: Repeat this entire configuration on all peer OSPF routing devices.

user@host# show protocols ospf

area 0.0.0.0 {
interface so-0/2/0.0 {
ipsec-sa sa1;
}
}

To confirm your OSPFv3 configuration, enter the show protocols ospf3 command.

Verification

Confirm that the configuration is working properly.

• Verifying the IPsec Security Association Settings on page 600

• Verifying the IPsec Security Association on the OSPF Interface on page 600

Verifying the IPsec Security Association Settings

Purpose Verify the configured IPsec security association settings. Verify the following information:

• The Security association field displays the name of the configured security association.

• The SPI field displays the value you configured.

• The Mode field displays transport mode.

• The Type field displays manual as the type of security association.

Action From operational mode, enter the show ipsec security-associations command.

Verifying the IPsec Security Association on the OSPF Interface

Purpose Verify that the IPsec security association that you configured has been applied to the
OSPF interface. Confirm that the IPSec SA name field displays the name of the configured
IPsec security association.

Action From operational mode, enter the show ospf interface detail command for OSPFv2, and
enter the show ospf3 interface detail command for OSPFv3.

600 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

Related • OSPF Overview on page 494

Documentation
• OSPF Configuration Overview on page 508

Example: Configuring OSPF Routing Instances

• Introduction to Routing Instances for OSPF on page 601

• Configuring OSPF Routing Table Groups on page 602
• Example: Configuring Multiple Routing Instances of OSPF on page 603

Introduction to Routing Instances for OSPF

A routing instance is a collection of routing tables, interfaces, and routing protocol
parameters. The set of interfaces belongs to the routing tables, and the OSPF routing
protocol parameters control the information in the routing tables. You can further install
routes learned from OSPF routing instances into routing tables in the OSPF routing table
group.

NOTE: The default routing instance, master, refers to the main inet.0 routing
table. The master routing instance is reserved and cannot be specified as a
routing instance.

You can configure the following types of routing instances:

• OSPFv2—Forwarding, Layer 2 virtual private network (VPN), nonforwarding, VPN

routing and forwarding (VRF), virtual router, and virtual private LAN service (VPLS).

• OSPFv3—Nonforwarding, VRF, and virtual router.

You can also configure multiple routing instances of OSPF.

Minimum Routing-Instance Configuration for OSPFv2

To configure a routing instance for OSPFv2, you must include at least the following
statements in the configuration:

Copyright © 2011, Juniper Networks, Inc. 601

Junos OS 11.4 Routing Protocols Configuration Guide

ospf {
... ospf-configuration ...
}
}
}
}

NOTE: You can configure a logical interface under only one routing instance.

Minimum Routing-Instance Configuration for OSPFv3

To configure a routing instance for OSPFv3, you must include at least the following
statements in the configuration:

NOTE: You can configure a logical interface under only one routing instance.

Multiple Routing Instances of OSPF

Multiple instances of OSPF are used for Layer 3 VPN implementations. The multiple
instances of OSPF keep routing information for different VPNs separate. The VRF instance
advertises routes from the customer edge (CE) router to the provider edge (PE) router
and advertises routes from the PE router to the CE router. Each VPN receives only routing
information belonging to that VPN.

You can create multiple instances of OSPF by including statements at the following
hierarchy levels:

• [edit routing-instances routing-instance-name (ospf | ospf3)]

• [edit logical-systems logical-system-name routing-instances routing-instance-name

(ospf | ospf3)]

Configuring OSPF Routing Table Groups

To install routes learned from OSPF routing instances into routing tables in the OSPF
routing table group, include the rib-group statement:

602 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

rib-group group-name;

For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.

Example: Configuring Multiple Routing Instances of OSPF

This example shows how to configure multiple routing instances of OSPF.

• Requirements on page 603

• Overview on page 603
• Configuration on page 605
• Verification on page 609

Requirements

Before you begin:

• Configure the device interfaces. See the Junos OS Network Interfaces Configuration Guide.

• Configure the router identifiers for the devices in your OSPF network. See “Example:
Configuring an OSPF Router Identifier” on page 510.

• Control OSPF designated router election. See “Example: Controlling OSPF Designated
Router Election” on page 511

Overview

When you configure multiple routing instances of OSPF, we recommend that you perform
the following tasks:

2. Configure an OSPFv2 or OSPFv3 routing instance for each additional OSPFv2 or

OSPFv3 routing entity, configuring the following:

• Interfaces

• Routing options

• OSPF protocol statements belonging to that entity

• Routing table group

3. Configure a routing table group to install routes from the default route table, inet.0,
into a routing instance’s route table.

4. Configure a routing table group to install routes from a routing instance into the default
route table, inet.0.

Copyright © 2011, Juniper Networks, Inc. 603

Junos OS 11.4 Routing Protocols Configuration Guide

NOTE: Nonforwarding routing instances do not have forwarding tables

that correspond to their routing tables.

5. Create an export policy to export routes with a specific tag, and use that tag to export
routes back into the instances. For more information, see the Junos OS Routing Policy
Configuration Guide.

Figure 5 on page 258 shows how you can use multiple routing instances of OSPFv2 or
OSPFv3 to segregate prefixes within a large network. The network consists of three
administrative entities: voice-policy, other-policy, and the default routing instance. Each
entity is composed of several geographically separate sites that are connected by the
backbone and managed by the backbone entity.

Figure 26: Configuration for Multiple Routing Instances

Site A Site B

4 6

voice-policy other-policy

so-2/2/2.0 so-5/2/2.0
Backbone
1 3
so-4/2/2.0 so-3/2/2.0

7 5

other-policy voice-policy g040730

Site C Site D

When Device 1 runs the OSPFv2 or OSPFv3 instances, the following occur:

• Routes from the default instance routing table are placed in the voice-policy and
other-policy instance routing tables.

• Routes from the voice-policy routing instance are placed in the default instance routing
table.

604 Copyright © 2011, Juniper Networks, Inc.

Chapter 17: OSPF Configuration Guidelines

• Routes from the other-policy routing instance are placed in the default instance routing
table.

• Routes from the voice-policy routing instance do not enter the other-policy instance
routing table.

• Routes from the other-policy routing instance do not enter the voice-policy instance
routing table.

Configuration

CLI Quick To quickly configure multiple routing instances of OSPF, copy the following commands,
Configuration remove any line breaks, and then paste the commands into the CLI.

Configuration on Device 1:

Configuration on Device 3:

Step-by-Step To configure multiple routing instances of OSPF:

Procedure
1. Configure the routing instances for voice-policy and other-policy.

NOTE: To specify OSPFv3, include the ospf3 statement at the [edit

routing-instances protocols] hierarchy level.

Copyright © 2011, Juniper Networks, Inc. 605