juniper qualified-next-hop, route preference, default route and longest-prefix-match rule are the topics related to juniper static routing concept that we have discussed in the previous section and we will configure in this section.
we will also see the difference between juniper routing table and forwarding table in this section
Static Routing Topology Review and Changes
In the section “16. Preparing Junos Routing laboratory”, we have already prepared a laboratory for the static routing configuration.
Two juniper devices, vSRX1 and vSRX2 are connected to each other through ge-0/0/0 with IP address subnet 10.10.10.0/24. Each device has a loopback address. IP addresses 172.16.1.1 in vSRX1 and 172.16.2.1 in vSRX2.
To establish the connectivity between these two loopback addresses we have to create a static route in both vSRX1 and vSRX2 pointing to each other.
But before that, we will add a new link between two vSRXs through ge-0/0/1 with IP address subnet 20.20.20.0/24 so we can configure all scenarios related to juniper static routing including qualified-next-hop, route preference, longest-prefix-match and default route.
To add a new link, we have to give an IP address to ge-0/0/1 in both vSRX1 and vSRX2 and also add the interface ge-0/0/1 in trust zone. If you remember, we have added all interfaces in trust zone so they can communicate with each other without creating any access policy.
!!! vSRX1
set interfaces ge-0/0/1 unit 0 family inet address 20.20.20.1/24
set security zones security-zone trust interfaces ge-0/0/1 host-inbound-traffic system-services all
!!! vSRX2
set interfaces ge-0/0/1 unit 0 family inet address 20.20.20.2/24
set security zones security-zone trust interfaces ge-0/0/1 host-inbound-traffic system-services all
rayka@vSRX1# run ping 10.10.10.2
PING 10.10.10.2 (10.10.10.2): 56 data bytes
64 bytes from 10.10.10.2: icmp_seq=0 ttl=64 time=2.496 ms
64 bytes from 10.10.10.2: icmp_seq=1 ttl=64 time=1.640 ms
^C
--- 10.10.10.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.640/2.068/2.496/0.428 ms
[edit]
rayka@vSRX1# run ping 20.20.20.2
PING 20.20.20.2 (20.20.20.2): 56 data bytes
64 bytes from 20.20.20.2: icmp_seq=0 ttl=64 time=2.012 ms
64 bytes from 20.20.20.2: icmp_seq=1 ttl=64 time=1.985 ms
^C
--- 20.20.20.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.985/1.998/2.012/0.014 ms
[edit]
rayka@vSRX1#
Juniper Static Routing Configuration
For the first example, we give simple static routes for two loopback addresses 172.16.1.1/32 and 172.16.2.1/32 in vSRX1 and vSRX2, through the link above, so they can communicate with each other.
!!! vSRX1
[edit]
rayka@vSRX1# set routing-options static route 172.16.2.1/32 next-hop 10.10.10.2
[edit]
rayka@vSRX1# commit
commit complete
!!! vSRX2
[edit]
rayka@vSRX2# set routing-options static route 172.16.1.1/32 next-hop 10.10.10.1
[edit]
rayka@vSRX2# commit
commit complete
!!! vSRX1
rayka@vSRX1# run ping 172.16.2.1 source 172.16.1.1
PING 172.16.2.1 (172.16.2.1): 56 data bytes
64 bytes from 172.16.2.1: icmp_seq=0 ttl=64 time=3.682 ms
64 bytes from 172.16.2.1: icmp_seq=1 ttl=64 time=1.466 ms
64 bytes from 172.16.2.1: icmp_seq=2 ttl=64 time=1.380 ms
^C
--- 172.16.2.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.380/2.176/3.682/1.065 ms
[edit]
rayka@vSRX1#
Configure and TEST longest-prefix-match
As the next example , we configure and test longest-prefix-match rule or the rule of most specific route that we have discussed in previous section.
For this scenario, we create new routes in vSRX1 and vSRX2, but this time, for the subnet /24 and through the link below. We have already created routes for the subnet /32 through above link.
Now it is expected that traffic be routed through the above link, we can check it with “show route” operational command.
!!! vSRX1
[edit]
rayka@vSRX1# set routing-options static route 172.16.2.0/24 next-hop 20.20.20.2
[edit]
rayka@vSRX1# commit
commit complete
[edit]
rayka@vSRX1#
!!! vSRX2
[edit]
rayka@vSRX2# set routing-options static route 172.16.1.0/24 next-hop 20.20.20.1
[edit]
rayka@vSRX2# commit
commit complete
[edit]
rayka@vSRX2#
!!! vSRX1
[edit]
rayka@vSRX1# run show route 172.16.2.1
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.2.1/32 *[Static/5] 00:06:56
> to 10.10.10.2 via ge-0/0/0.0
[edit]
rayka@vSRX1#
juniper qualified-next-hop and route preference
In the next step, we are going to configure and test juniper qualified-next-hop and route preference concept that we have discussed about it in the previous section.
We already have routes for loopback addresses with /32 subnet through above link. Therefore the traffic between two loopback interfaces is forwarded through above link.
We will create another routes for exactly the same /32 subnets but through the below link.
We prefer that the traffic between these two loopback addresses be routed through the link above and, if it fails, switched to the link below.
To do that, the new routes must be created with higher preference value which has lower priority and the next-hop must also be configured as qualified-next-hop.
!!! vSRX1
[edit]
rayka@vSRX1# set routing-options static route 172.16.2.1/32 qualified-next-hop 20.20.20.2 preference 10
[edit]
rayka@vSRX1# commit
commit complete
[edit]
rayka@vSRX1#
!!! vSRX2
[edit]
rayka@vSRX2# set routing-options static route 172.16.1.1/32 qualified-next-hop 20.20.20.1 preference 10
[edit]
rayka@vSRX2# commit
commit complete
Then we can check the forwarding table to make sure that traffic will be forwarded through above link with the command “show route forwarding-table destination”.
[edit]
rayka@vSRX1# run show route forwarding-table destination 172.16.2.1
Routing table: default.inet
Internet:
Destination Type RtRef Next hop Type Index NhRef Netif
172.16.2.1/32 user 0 10.10.10.2 ucst 564 3 ge-0/0/0.0
....
As you can see traffic between loopback addresses are forwarded through the link above.
juniper routing table vs forwarding table
Now that we have created two routes for exactly the same /32 subnets , we can check juniper routing table and the difference with forwarding table as we have discussed in the previous section.
With “show route” command with check the routing table and with the command “show route forwarding-table destination”, we can check the forwarding table.
!!! vSRX1
[edit]
rayka@vSRX1# run show route 172.16.2.1
inet.0: 10 destinations, 11 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.2.1/32 *[Static/5] 00:10:48
> to 10.10.10.2 via ge-0/0/0.0
[Static/10] 00:01:29
> to 20.20.20.2 via ge-0/0/1.0
[edit]
rayka@vSRX1# run show route forwarding-table destination 172.16.2.1
Routing table: default.inet
Internet:
Destination Type RtRef Next hop Type Index NhRef Netif
172.16.2.1/32 user 0 10.10.10.2 ucst 564 3 ge-0/0/0.0
....
As the result shows, all routes, independent of being best or not are stored in routing table but only the best routes are kept in forwarding table.
In our example, both routes through above and below links are in the routing table, but only route through the above link is in the forwarding table. And when the above link fails, then the route through the below link will be stored in the forwarding table.
juniper default static route
In the last step, just to test the default route concept which is discussed in the previous section, I want to delete all created static routes in vSRX1 and replace them with default route.
We add a default route to forward all traffic through the above link and a second default route with higher preference value (lower priority) and qualified-next-hop through the below link .
When we delete static routes, the connectivity between loopback interfaces will be disrupted. With adding default routes, the connectivity will be restored again.
[edit]
rayka@vSRX1# run show configuration | display set | match static
set routing-options static route 172.16.2.1/32 next-hop 10.10.10.2
set routing-options static route 172.16.2.1/32 qualified-next-hop 20.20.20.2 preference 10
set routing-options static route 172.16.2.0/24 next-hop 20.20.20.2
[edit]
rayka@vSRX1# delete routing-options static route 172.16.2.1/32
[edit]
rayka@vSRX1# delete routing-options static route 172.16.2.0/24 next-hop 20.20.20.2
[edit]
rayka@vSRX1# commit
commit complete
[edit]
rayka@vSRX1# run ping 172.16.2.1 source 172.16.1.1
PING 172.16.2.1 (172.16.2.1): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 172.16.2.1 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
[edit]
rayka@vSRX1# set routing-options static route 0.0.0.0/0 next-hop 10.10.10.2
[edit]
rayka@vSRX1# set routing-options static route 0.0.0.0/0 qualified-next-hop 20.20.20.2 preference 10
[edit]
rayka@vSRX1# commit
commit complete
[edit]
rayka@vSRX1# run ping 172.16.2.1 source 172.16.1.1
PING 172.16.2.1 (172.16.2.1): 56 data bytes
64 bytes from 172.16.2.1: icmp_seq=0 ttl=64 time=2.292 ms
64 bytes from 172.16.2.1: icmp_seq=1 ttl=64 time=1.473 ms
64 bytes from 172.16.2.1: icmp_seq=2 ttl=64 time=1.506 ms
^C
--- 172.16.2.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.473/1.757/2.292/0.379 ms
[edit]
rayka@vSRX1#