In this activity, you will complete the following objectives.



Similar documents
Network Configuration Example

Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES

Network Configuration Example

JNCIA-Junos Study Guide Part 2

Implementation Guide. Juniper Networks SRX Series Services Gateways/ Websense V10000 G2 appliance. v7.6

ProteusElite:HowTo Proteus Networks Proteus Elite:HowTo Page 1

Tutorial: Options for Blackhole and Discard Routing. Joseph M. Soricelli Wayne Gustavus NANOG 32, Reston, Virginia

JUNOS Secure BGP Template

Network Configuration Example

Network Configuration Example

CLOS IP FABRICS WITH QFX5100 SWITCHES

Implementing L3 at the Data Center Access Layer on Juniper Networks Infrastructure

USING MX SERIES AS A SERVER LOAD BALANCER

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

F-SECURE MESSAGING SECURITY GATEWAY

Application Note: Securing BGP on Juniper Routers

Junos OS. Traffic Sampling, Forwarding, and Monitoring Feature Guide for Routing Devices. Release Published:

Juniper Exam JN0-343 Juniper Networks Certified Internet Specialist (JNCIS-ENT) Version: 10.1 [ Total Questions: 498 ]

I've applied for a goipv6 account and received my password via but I cannot log into my account. What should I do?

Network Configuration Example

Lab Load Balancing Across Multiple Paths

Application Note: Securing BGP on Juniper Routers

Network Configuration Example

Vocia MS-1 Network Considerations for VoIP. Vocia MS-1 and Network Port Configuration. VoIP Network Switch. Control Network Switch

F-Secure Messaging Security Gateway. Deployment Guide

Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL:

Lab Configuring Access Policies and DMZ Settings

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

JNCIE Juniper Networks Certified Internet Expert

Lab Diagramming External Traffic Flows

CheckPoint Software Technologies LTD. How to Configure Firewall-1 With Connect Control

Layer 3 Redundancy with HSRP By Sunset Learning Instructor Andrew Stibbards

DSL-G604T Install Guides

Load Balancing. Published: Copyright 2013, Juniper Networks, Inc.

Chapter 33 BGP Configuration Guidelines

How To Understand and Configure Your Network for IntraVUE

Setting Up Scan to SMB on TaskALFA series MFP s.

Configuring a customer owned router to function as a switch with Ultra TV

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Understanding Windows Server 2003 Networking p. 1 The OSI Model p. 2 Protocol Stacks p. 4 Communication between Stacks p. 13 Microsoft's Network

Anycast Rou,ng: Local Delivery. Tom Daly, CTO h<p://dyn.com Up,me is the Bo<om Line

Network Configuration Example

Basic Network Configuration

Junos Switching Basics

Lab PC Network TCP/IP Configuration

REAL-TIME PERFORMANCE MONITORING ON JUNIPER NETWORKS DEVICES

Network Configuration Example

Solution Guide. Software as a Service. Modified: Copyright 2015, Juniper Networks, Inc.

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Basic Configuration Examples for BGP

Part A:Background/Preparation

Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure

Load Balancing. Published: Copyright 2014, Juniper Networks, Inc.

Creating a VPN with overlapping subnets

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Cloud CPE Centralized Deployment Model

Using VDOMs to host two FortiOS instances on a single FortiGate unit

Implementation Guide NEW NETWORK PLATFORM ARCHITECTURE: WAN. Internet Edge

Connect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above.

Application Note. Stateful Firewall, IPS or IDS Load- Balancing

Network Probe User Guide

Introduction...3. Scope...3. Design Considerations...3. Hardware Requirements...3. Software Requirements...3. Description and Deployment Scenario...

CET442L Lab #2. IP Configuration and Network Traffic Analysis Lab

Firewall Examples. Using a firewall to control traffic in networks

Monitoring and Troubleshooting BGP Neighbor Sessions

Configuring MassTransit Server to listen on ports less than 1024 using WaterRoof on Macintosh Workstations

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Laboratory Exercises VII: Network Firewalls

This chapter describes how to set up and manage VPN service in Mac OS X Server.

How To Create A Virtual Private Cloud In A Lab On Ec2 (Vpn)

Junos OS for EX Series Ethernet Switches

Cisco To Juniper. Thomas Mangin Exa Networks LINX 51

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

Teldat Router. ARP Proxy

Juniper Networks EVPN Implementation for Next-Generation Data Center Architectures

Lab 2 - Basic Router Configuration

Passive Flow Monitoring

Understanding Route Redistribution & Filtering

Setting up Scan to

Lab Load Balancing Across Multiple Paths Instructor Version 2500

Skills Assessment Student Training Exam

Chapter 15: Advanced Networks

Lab Diagramming Intranet Traffic Flows

Real-Time Performance Monitoring on

Configuration of a Load-Balanced and Fail-Over Merak Cluster using Windows Server 2003 Network Load Balancing

BASIC ANALYSIS OF TCP/IP NETWORKS

Lab - Configure a Windows 7 Firewall

ASA/PIX: Load balancing between two ISP - options

Smart Management for Robust Carrier Network Health & Reduced TCO. Colby Barth, Distinguished Engineer, Juniper Networks

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

VXOA AMI on Amazon Web Services

Step-by-Step Guide for Setting Up IPv6 in a Test Lab

Extending the range of a wireless network by using mesh topology

SSVP SIP School VoIP Professional Certification

Advanced BGP Policy. Advanced Topics

Chapter 2 Lab 2-2, Configuring EtherChannel Instructor Version

Transcription:

Lab 3-1: JIR Lab Guide Load Balancing and Filter-Based Forwarding In this activity, you will complete the following objectives. Part 1: Configure load balancing. Part 2: Configure filter based forwarding. Page 1

Part 1: Configure load balancing Step 1.1 Reload the LAB2-1 configuration. This will remove all configured routes from your device. admin@srxp# load override JIR.LAB21 load complete Step 1.2 Go to your DMZ-P, add an additional IP addresses to NIC (Local Area Connection): Leave the original address unchanged. IP address: 172.16.P.10 255.255.255.0 Default gateway: 172.16.P.1 Add additional IP as below: 172.26.26.P 255.255.255.0 Open an IE browser and browser to the newly added address to make sure you see the DMZ-P web page displayed. Step 1.3 Configure equal cost static routes for both RA and Master routing instances. admin@srxp# edit routing-instances RA routing-options [edit routing-instances RA routing-options] admin@srxp# set static route 172.26.26.0/24 next-hop 192.168.P.1 [edit routing-instances RA routing-options] admin@srxp# set static route 172.26.26.0/24 next-hop 172.16.P.10 [edit routing-instances RA routing-options] Page 2

admin@srxp# set static route 10.0.P.0/24 next-hop 172.16.1P.1 JIR Lab Guide [edit routing-instances RA routing-options] admin@srxp# set static route 10.0.P.0/24 next-hop 172.16.2P.1 [edit routing-instances RA routing-options] admin@srxp# edit routing-options admin@srxp# set static route 0.0.0.0/0 next-hop 172.16.1P.2 admin@srxp# set static route 0.0.0.0/0 next-hop 172.16.2P.2 admin@srxp# run show route protocol static table RA.inet.0 RA.inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.0.P.0/24 *[Static/5] 00:01:14 > to 172.16.1P.1 via lt-0/0/0.2 to 172.16.2P.1 via lt-0/0/0.4 172.26.26.0/24 *[Static/5] 00:01:14 to 192.168.P.1 via ge-0/0/2.0 > to 172.16.P.10 via ge-0/0/3.0 admin@srxp# run show route protocol static table inet.0 inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Static/5] 00:01:23 to 172.16.1P.2 via lt-0/0/0.1 > to 172.16.2P.2 via lt-0/0/0.3 Page 3

Step 1.4 Configure policy statement and enable load-balancing to 172.26.26.0 subnet. admin@srxp# edit policy-options policy-statement POLICY:LB [edit policy-options policy-statement POLICY:LB] admin@srxp# set term 1 from protocol static route-filter 172.26.26.0/24 exact [edit policy-options policy-statement POLICY:LB] admin@srxp# set term 1 then load-balance per-packet [edit policy-options policy-statement POLICY:LB] admin@srxp# show term 1 { from { protocol static; route-filter 172.26.26.0/24 exact; then { load-balance per-packet; [edit policy-options policy-statement POLICY:LB] admin@srxp# edit routing-options forwarding-table [edit routing-options forwarding-table] admin@srxp# set export POLICY:LB [edit routing-options forwarding-table] Step 1.4 Verify and test the load balancing static route. Page 4

How to verify the load balancing from the forwarding-table? [edit routing-options forwarding-table] admin@srxp# run show route table RA.inet.0 find 172.26 172.26.26.0/24 *[Static/5] 00:09:08 to 192.168.P.1 via ge-0/0/2.0 > to 172.16.P.10 via ge-0/0/3.0 192.168.P.0/24 *[Direct/0] 1d 03:30:18 > via ge-0/0/2.0 192.168.P.2/32 *[Local/0] 1d 03:30:18 Local via ge-0/0/2.0 [edit routing-options forwarding-table] admin@srxp# run show route forwarding-table find 172.26 172.26.26.0/24 user 0 ulst 262142 2 192.168.P.1 ucst 564 2 ge-0/0/2.0 172.16.P.10 ucst 569 3 ge-0/0/3.0 192.168.P.0/24 intf 0 rslv 563 1 ge-0/0/2.0 192.168.P.0/32 dest 0 192.168.P.0 recv 561 1 ge-0/0/2.0 192.168.P.1/32 dest 0 0:1e:13:35:dc:a8 ucst 564 2 ge-0/0/2.0 192.168.P.2/32 intf 0 192.168.P.2 locl 562 2 192.168.P.2/32 dest 0 192.168.P.2 locl 562 2 192.168.P.255/32 dest 0 192.168.P.255 bcst 560 1 ge-0/0/2.0 224.0.0.0/4 perm 0 mdsc 543 1 224.0.0.1/32 perm 0 224.0.0.1 mcst 539 1 255.255.255.255/32 perm 0 bcst 540 1 Go to your INSIDE-PA. Open 4~5 of your IE browser and make each of them browse to 172.26.26.P Can you see different web page displayed on each browser window? What it the cause for this result? Step 1.5 Enable load-balancing the traffic flow based on both layer-3 and layer-4 information. [edit routing-options forwarding-table] admin@srxp# edit forwarding-options [edit forwarding-options] Page 5

admin@srxp# set hash-key family inet layer-3 [edit forwarding-options] admin@srxp# set hash-key family inet layer-4 [edit forwarding-options] Go to your INSIDE-PA. Do the same test as in previous step. Can you see different web page displayed on each browser window? What is the cause for this result? Part 2: Configure Filter-Based Forwarding Step 2.1 Create two additional routing-instances and static routes as below: 1. Routing Instance PATH1 -> Takes 172.16.1P.2 as next-hop to 172.26.26.0 subnet. 2. Routing Instance PATH2 -> Takes 172.16.2P.2 as next-hop to 172.26.26.0 subnet. 3. Create rib-group GROUP-FBF [edit forwarding-options] edit routing-instances PATH1 [edit routing-instances PATH1] admin@srxp# set instance-type forwarding routing-options static route 172.26.26.P/32 next-hop 172.16.1P.2 [edit routing-instances PATH1] edit routing-instances PATH2 [edit routing-instances PATH2] admin@srxp# set instance-type forwarding routing-options static route 172.26.26.P/32 next-hop 172.16.2P.2 [edit routing-instances PATH2] Page 6

edit routing-options JIR Lab Guide admin@srxp# set interface-routes rib-group GROUP-FBF admin@srxp# set rib-groups GROUP-FBF import-rib [inet.0 PATH1.inet.0 PATH2.inet.0] Step 2.2 Verify the interface routes in the newly created routing instance. By checking routing instance PATH1, which next-hop and interface will be taken to forward traffic to 172.26.26.P? By checking routing instance PATH2, which next-hop and interface will be taken to forward traffic to 172.26.26.P? admin@srxp# run show route 172.26.26.P table PATH1.inet.0 PATH1.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 172.26.26.P/32 *[Static/5] 00:03:14 > to 172.16.1P.2 via lt-0/0/0.1 admin@srxp# run show route 172.26.26.P table PATH2.inet.0 PATH2.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 172.26.26.P/32 *[Static/5] 00:03:28 > to 172.16.2P.2 via lt-0/0/0.3 Step 2.3 Page 7

Create a firewall policy to match and forward traffic based on objectives as below: 1. Traffic from INSIDE-PA(10.0.P.10), forward using PATH1 routing instance. 2. Traffic from INSIDE-PB(10.0.P.11), forward using PATH2 routing instance. 3. Apply the firewall policy in the interface receiving traffics. admin@srxp# edit firewall family inet filter FILTER:FBF admin@srxp# set term 1 from source-address 10.0.P.10/32 admin@srxp# set term 1 then routing-instance PATH1 admin@srxp# set term 2 from source-address 10.0.P.11/32 admin@srxp# set term 2 then routing-instance PATH2 edit interfaces ge-0/0/5 unit 0 family inet [edit interfaces ge-0/0/5 unit 0 family inet] admin@srxp# set filter input FILTER:FBF [edit interfaces ge-0/0/5 unit 0 family inet] Step 2.5 Go to your INSIDE-PA and INSIDE-PB, verify the routing path by using command tracert d 172.26.26.P. INSIDE-PA should take the two paths in turn as following: 10.0.1.1 172.16.1P.2 172.26.26.P Or Page 8

10.0.1.1 172.16.1P.2 192.168.P.1 172.26.26.P JIR Lab Guide INSIDE-PB should take the two paths in turn as following: 10.0.1.1 172.16.2P.2 172.26.26.P Or 10.0.1.1 172.16.2P.2 192.168.P.1 172.26.26.P Go to your INSIDE-PB. Change the IP address from 10.0.P.11 to 10.0.P.20. Leave the default gateway as 10.0.P.1 unchanged. Open a new browser windows and access to http://172.26.26.p You should not see any web page displayed Why can t you browse to 172.26.26.P? How to fix the problem? Step 2.6 Modify the firewall policy to accept traffic with other source address. [edit interfaces ge-0/0/5 unit 0 family inet] admin@srxp# edit firewall family inet filter FILTER:FBF admin@srxp# show term 1 { from { source-address { 10.0.P.10/32; then { Page 9

routing-instance PATH1; term 2 { from { source-address { 10.0.P.11/32; then { routing-instance PATH2; admin@srxp# set term 3 then accept Your INSIDE-PB should be able to browse to 172.26.26.P. After the testing, change the IP address to the original address (10.0.P.11 255.255.255.0) Step 2.6 Save the current configuration to admin s home directory. admin@srxp# save JIR.LAB31 Wrote 30 lines of configuration to 'JIR.LAB31' admin@srxp# run file list /cf/var/home/admin/:.ssh/ JIR.LAB21 JIR.LAB22 JIR.LAB23 JIR.LAB31 By saving your current configuration, you are able to rollback at anytime. For Example: Page 10

admin@srxp# load override JIR.LAB31 load complete JIR Lab Guide Tell your instructor that you have completed this lab. Page 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information