Route Explorer - Juniper Networks...included in the Public Library “Route Explorer Enabled...
Transcript of Route Explorer - Juniper Networks...included in the Public Library “Route Explorer Enabled...
Route Explorer
Packet Design, Copyright © 2012 2
Route Explorer
Contents Product Description .......................................................................................................................................... 3
Route Explorer .............................................................................................................................................. 3
VPN Explorer ................................................................................................................................................ 3
MPLS WAN ................................................................................................................................................... 3
Technical Documentation ................................................................................................................................ 4
Support ............................................................................................................................................................. 5
Telephone Support ....................................................................................................................................... 5
E-‐mail Support .............................................................................................................................................. 5
Third-‐Party Application EULA ........................................................................................................................... 5
Adding the Image into the Network Topology vmm file .................................................................................. 6
Creating The Route Explorer Startup Configuration file ................................................................................... 7
Sample Route Explorer Startup Configuration file ........................................................................................... 7
Register to Access Route Explorer .................................................................................................................... 9
Starting Configuration Guide .......................................................................................................................... 11
Setting Up a Simple Recording Hierarchy ....................................................................................................... 12
Configuring Route Recorders ......................................................................................................................... 12
Enabling Recording for IS-‐IS ....................................................................................................................... 13
Enabling Recording for BGP ........................................................................................................................ 15
Configuring the BGP Peering ...................................................................................................................... 16
Accessing the Route Explorer GUI .................................................................................................................. 17
Route Explorer Features ................................................................................................................................. 19
Data Paths .................................................................................................................................................. 20
Network Status Reports ............................................................................................................................. 20
Network Stability Reports .......................................................................................................................... 22
Network History ......................................................................................................................................... 23
Route Explorer Enabled Junosphere Topology Demonstration Information ................................................. 25
Packet Design, Copyright © 2012 3
Product Description Route Explorer allows users to visualize, monitor, and analyze the virtual network created by Junosphere. Following is a brief description of the Route Explorer product suite.
Route Explorer Route Explorer peers with routers and listens to routing protocols to create an accurate model of IP networks. Route Explorer continuously receives and records all network events. These events can later be replayed to recreate the precise network state at any point of time in history for forensic analysis. Route Explorer computes all possible traffic paths, allowing users to be aware of the exact data path for any application through the network at any time. Route Explorer provides real-‐time visibility into the dynamic routing operation of the entire network, enabling fast identification and resolution of network problems that are hard to diagnose, and giving network engineers the ability to easily and accurately model planned changes.
• Network-wide visualization and monitoring: Allows real-time visualization of the Layer-3 network and dynamic tracking of network events for proactive problem detection.
• Full forensic history (record/rewind) and analysis: Speeds mean-time-to-repair by providing network condition analysis and impacted path isolation.
• Highly accurate modeling and what-if analysis: Reduces network configuration errors, minimizes change risk, and mitigates critical network failures for disaster recovery planning.
• Supported IP networks: BGP, OSPF, ISIS, EIGRP, and Static
VPN Explorer VPN Explorer extends the Route Explorer functionality to Layer 3 MPLS VPNs. VPN Explorer dynamically tracks all VPN routing information and provides a real-‐time, per-‐customer view of VPN routing topology, reachability between VPN customer sites, and potential VPN privacy violations.
MPLS WAN MPLS WAN extends the Route Explorer functionality to enterprises that outsource their WAN services. MPLS WAN proactively identifies changes to inter-‐site reachability that impacts network services, quickly isolates affected sites, and diagnoses the root-‐cause of common network problems. It also ensures that the service provider is delivering quality service as per the service-‐level agreement (SLA).
Packet Design, Copyright © 2012 4
Technical Documentation The following technical documentation for Route Explorer is found in the online help within the GUI:
• The Route Explorer User Guide describes in detail Route Explorer features and functionality, including network monitoring and visualization, network-wide analysis, topology diagnostics, and network modeling.
•The Route Explorer Administrator’s Guide describes how to configure and maintain Route Explorer products.
Packet Design, Copyright © 2012 5
Support Packet Design, Inc., provides the technical support for the Route Explorer products.
Telephone Support Packet Design provides one number to call (1-‐408-‐490-‐1050) for support regardless of product or location. Calls are redirected to the appropriate support center in the U.S. Telephone support is available 8:00 AM to 8:00 PM Eastern Time (United States), Monday through Friday.
E-‐mail Support Packet Design offers 24-‐hour, Monday through Friday e-‐mail requests at the following e-‐mail: rex-‐[email protected]. When using this method to contact support, please include the following information for prompt service:
• Product name and version number • Service request number if this is a continuation of an existing request (in the e-mail subject line) • Company name, contact's name, and phone number • Brief description of the problem
Third-‐Party Application EULA Legal Notice: This product is a third-party application provided by a third-party entity, Packet Design, Inc. (“third party”). When you access the product, you may be required to leave the Juniper website, go to a third-party website, and register directly with the third party. By using or registering to use any of these products, you acknowledge and agree with this notice. Your use of the third-party product will be governed by the third-party’s end user license agreement (EULA). The third-party’s use of your data will be governed by its privacy policy. You should review the third-party’s terms carefully; and if you do not agree with the terms, do not use this product.
PACKET DESIGN PROVIDES THIS PRODUCT FOR USE ON JUNOSPHERE ON AN “AS IS” BASIS, WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION THE WARRANTIES THAT IT IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PRODUCT IS BORNE BY YOU. PACKET DESIGN IS NOT RESPONSIBLE FOR ANY LIABILITY ARISING OUT OF CONTENT PROVIDED BY YOU, THIRD-PARTY ENTITY PROVIDING THE PRODUCT OR A THIRD PARTY THAT IS ACCESSED THROUGH THE PRODUCT AND/OR ANY MATERIAL LINKED THROUGH SUCH CONTENT.
Packet Design, Copyright © 2012 6
Adding the Image into the Network Topology vmm file To incorporate the latest Route Explorer software into your topology, the tpoplogy.vmm file will need the Route Explorer instance incorporated into the file. There are a few statements known to the Junosphere product to allow Route Explorer to be added to your topology with a minimal amount of steps. Use the REX_LATEST and REXx_MGMT macros to ensure your Route Explorer is running the latest release of software and is accessible through the management network. REX_LATEST resolves into the latest version of the Route Explorer image. The REXx_MGMT macros define the management interfaces for the REX virtual machines. There are five macros to allow you to incorporate up to five instances of the REX software in your topology with up to five physical interfaces. The following is an example of how to include two Route Explorer virtual machines in your topology using the first two REXx_MGMT macros: // Route Explorer Instance 1 //
vm "REX1" { hostname "REX1"; REX_LATEST REX1_MGMT interface "em1" { bridge "private14"; }; /* eth1 10.0.2.11/29 OSPF Area 0 */ interface "em2" { bridge "private6"; }; /* eth2 10.0.4.19/29 OSPF Area 1 */ interface "em3" { bridge "private11"; }; /* eth3 10.0.2.27/29 OSPF Area 2*/ interface "em4" { bridge "private18"; }; /* Built-in-2 10.0.8.15/29 ISIS L1 */ install "ENV(HOME)/active/configset/rex1.conf" "/system/rex.conf";
}; // Route Explorer Instance 2 //
vm "REX2" { hostname "REX2"; REX_LATEST REX2_MGMT interface "em1" { bridge "private10"; }; /* eth1 10.0.12.21/29 OSPF Area 3 */ interface "em2" { bridge "private11"; }; /* eth2 10.0.1.27/29 OSPF Area 4 */ interface "em3" { bridge "private12"; }; /* eth3 10.0.8.11/29 OSPF Area 6 */ interface "em4" { bridge "private18"; }; /* Built-in-2 10.0.5.19/29 LSIS L1/L2 */ install "ENV(HOME)/active/configset/rex2.conf" "/system/rex.conf";
}; • Hostname “rex1”: rex1 is the name of this virtual machine. You can call it anything you like. • REX_LATEST: This macro will get the latest REX release. Do not change this. • REX1_MGMT: This macro installs the correct license and other configurations. • Interface “em1” {bridge “private0” ; }; This is the interface that is used by Route Explorer to monitor/probe
your network. • install "ENV(HOME)/active/configset/rex1.conf" "/system/rex.conf"; This is the configuration file that
defines the parameters for each of the interfaces monitor/probe the network. (Examples below) You can include up to five Route Explorer virtual machines in your topology using the REX1_MGMT, REX2_MGMT, REX3_MGMT, REX4_MGMT, and REX5_MGMT macros. You can have up to 5 interfaces (em1 to em5). These can be used to monitor different parts of the network. The interface such as em1 will match the Route Explorer interface called eth1 and so on, the last “em” entry will be as the “Built-in Port 2” interface. Also the bridge “private (number)” should match the private bridge used between the two routers in the area or areas to monitor. Once the Route Explorer virtual machines are running, you can point your browser to https://10.233.x.x (where 10.233.x.x is the IP address of the management port) for user registration and access to the product. The management is obtained through the Junosphere web interface under the active topology section. Locate the Route Explorer (listed as REX1 or REXn), scroll over to find the IP address of the management interface.
Packet Design, Copyright © 2012 7
Creating The Route Explorer Startup Configuration file To incorporate the Route Explorer instance is configured to allow the user to quickly access the Web Administration interface and begin creating recording instances for the protocols in the network a rexn.conf file can be used to pre-configure the interface information and static routes if necessary. The static routes are sometimes used to ensure BGP TCP connections can be established between the BGP speaking routers and the Route Explorer instances. Please see the included .Route Explorer Enabled Junosphere Topology Demonstration Information presentation below (also included in the Public Library “Route Explorer Enabled Topology for Junosphere” file set within the Junosphere Bank.
• For each monitor/probe interface you have you add “eth(n)” to the IFS line. If you have one interface you would just add eth1, for two interfaces you would have “eth1 eth2”
• For each monitor/probe interface you have you need to add the IP address and the subnet mask of that interface using the following information:
• HOSTNAME: this should be the name of the virtual machine.juniper.net. • ROUTES: is a list of unique names for the static routes incorporated into the startup configuration for the
Route Explorer instance. • DEST_<route- unique-name>: is the network or host identifier to route to for the named static route. • NETMASK_<route- unique-name>: is the subnet information identifier for the named static route • GATEWAY_<route- unique-name>: is the gateway information identifier for the named static route • Do NOT change the DEFAULT_GATEWAY or DNS1 and DNS2 lines:
Sample Route Explorer Startup Configuration file Sample rex1.conf file for the management interface plus one monitoring interface zero static routes: IFS = eth1 IPADDR_ETH1 = 10.0.2.11 IPMASK_ETH1 = 255.255.255.248 HOSTNAME = rex1.juniper.net DEFAULT_GATEWAY = 10.233.255.254 DNS1 = 8.8.8.8 DNS2 = 8.8.8.8 BGPASN = 65412
Packet Design, Copyright © 2012 8
Sample rex1.conf file for the management interface plus two monitoring interfaces one static route: IFS = eth1 eth2 IPADDR_ETH1 = 10.0.2.11 IPMASK_ETH1 = 255.255.255.248 IPADDR_ETH2 = 10.0.4.19 IPMASK_ETH2 = 255.255.255.248 HOSTNAME = rex1.juniper.net DEFAULT_GATEWAY = 10.233.255.254 ROUTES = BGPAS65412 DEST_BGPAS65412 = 10.0.255.0 NETMASK_BGPAS65412 = 255.255.255.0 GATEWAY_BGPAS65412 = 10.0.2.9 DNS1 = 8.8.8.8 DNS2 = 8.8.8.8 BGPASN = 65412 Sample rex1.conf file for the management interface plus four monitoring interfaces two static routes: IFS = eth1 eth2 eth3 eth4 IPADDR_ETH1 = 10.0.2.11 IPMASK_ETH1 = 255.255.255.248 IPADDR_ETH2 = 10.0.4.19 IPMASK_ETH2 = 255.255.255.248 IPADDR_ETH3 = 10.0.2.27 IPMASK_ETH3 = 255.255.255.248 IPADDR_ETH4 = 10.0.8.15 IPMASK_ETH4 = 255.255.255.248 HOSTNAME = rex1.juniper.net DEFAULT_GATEWAY = 10.233.255.254 ROUTES = BGPAS65412 BGPAS65050 DEST_BGPAS65412 = 10.0.255.0 NETMASK_BGPAS65412 = 255.255.255.0 GATEWAY_BGPAS65412 = 10.0.2.9 DEST_BGPAS65050 = 10.0.5.0 NETMASK_BGPAS65050 = 255.255.255.0 GATEWAY_BGPAS65050 = 10.0.4.9 DNS1 = 8.8.8.8 DNS2 = 8.8.8.8 BGPASN = 65412
Packet Design, Copyright © 2012 9
Register to Access Route Explorer First time users will need to register with Packet Design Inc. to obtain a user name and password. Upon completion of registration, a username and password will be sent to the email address given as part of the registration process (see below). Step 1: First time users need to click on the Register button and accept the privacy disclaimer notice by clicking on the “OK”. The privacy disclaimer notice is a “pop-up” window; therefore you will have to configure your browser to allow pop-up windows.
Figure 1: Registration and Login Page for Route Explorer
Step 2: Read and accept the privacy disclaimer notice by clicking “OK”. If you click “Cancel”, you will return to the Login Page.
Figure 2: Privacy Disclaimer Notice; Click "OK" to Accept
Step 3: When you click “OK” in Step 2, your browser will be redirected to the Registration page at Packet Design Inc. Fill out information requested in the form (see below) and click “Submit”. Since the username and password will be emailed to you, please ensure that the you provide a valid email address.
Packet Design, Copyright © 2012 10
Figure 3: User Registration Page at Packet Design Inc.
Step 4: Logging into Route Explorer Using the username and password, the user can log into Route Explorer and start the configuration process. You can also use a VNC client at 10.233.x.x:2 (where 10.233.x.x is the IP address of the management port) and use same username and password combination.
Packet Design, Copyright © 2012 11
Figure 4: Login Page for Route Explorer
For more information on using Route Explorer, refer to “Starting Configuration Guide.”
Starting Configuration Guide This section illustrates the essential steps required for a user to configure Route Explorer recorders, launch the Route Explorer, and navigate through few important reports. For a more complex network or for detailed description of the feature set, refer to the Route Explorer’s Administrator’s Guide and User Guides.
Packet Design, Copyright © 2012 12
Setting Up a Simple Recording Hierarchy These steps describe how to set up a very simple recording hierarchy. Instructions for creating more complicated recording setups (for more complex networks) can be found in the “Configuration and Management” section of the Route Explorer Administrator’s Guide.
1. In the Web UI, click Recorder Configuration on the top navigation bar. 2. Click Networks. 3. Move the cursor to Add and select Administrative Domain. 4. Enter a name for the administrative domain (it must consist solely of alphanumeric
characters, with an alphabetic character first).
Figure 5-‐ Selecting the Recorder Configuration
Figure 6: Name the topology
Configuring Route Recorders A routing protocol instance must be configured for each domain. This section gives instructions on setting up a very simple configuration consisting of one IS-‐IS domain and one BGP domain.
Packet Design, Copyright © 2012 13
Enabling Recording for IS-‐IS This section describes how to enable recording for a single IS-‐IS domain. Note that configuration for OSPF is very similar. Instructions for using advanced features of IGP protocol recording, such as IS-‐IS or OSPF authentication, can be found in the “Configuration and Management” section of the Route Explorer Administrator’s Guide.
1. Click on the name of the administrative domain added above. 2. Move the cursor to Add and select ISIS. 3. From the Not Active list, select the interface to use for recording IS-‐IS. 4. Click the button with a left-‐pointing arrow (<) to make the interface active. 5. Click Save to save all the changes. 6. Click Start Recording to begin IS-‐IS recording.
Figure 7-‐ Adding the Protocol
Packet Design, Copyright © 2012 14
Figure 8 -‐ Record IS-‐IS
Figure 9-‐ Review Established Adjacency
Adjacency established
Packet Design, Copyright © 2012 15
Enabling Recording for BGP This section describes how to enable recording over a single BGP (IBGP) peering. Instructions on more complex BGP configurations can be found in the “Configuration and Management” section of the REX Administrators Guide.
1. Click on the name of the administrative domain added above. 2. Move the cursor to Add and select BGP. 3. Enter the BGP IP address in the BGP Id box (if needed). 4. Enter the autonomous system number in the AS box. 5. From the Interface drop-‐down menu, select the physical interface to be used. 6. In the Peers section of the screen, click Add to add a BGP peer. 7. Enter the IP address of the BGP peer. 8. Click Save to save changes. 9. Click Start Recording to begin BGP recording.
Figure 10 -‐ Recording a Single BGP Peering
Packet Design, Copyright © 2012 16
Configuring the BGP Peering The following is a sample configuration snippet to be added to the corresponding router in order to establish BGP peering with REX: protocols{ bgp { group REFLECTOR { peer-as 10458; local-as 69; neighbor 192.168.69.71 { multihop; } } group REX { type internal; cluster 0.0.0.1; neighbor 8.8.8.100; } }
Packet Design, Copyright © 2012 17
Accessing the Route Explorer GUI Access to the Route Explorer topology map and reports is provided via a GUI that is accessible using the VNC remote access protocol.
1. With a VNC client, start a VNC session to display 9 on the IP address of the Route Explorer instance.
Several options for display resolution and sharing are available; choose one of several different display numbers. These are described in more detail in the “Administration” section of the Administrator’s Guide.
You can verify that the VNC connection is enabled by logging into the Route Explorer web portal and enabling VNC in the “Administration” tab.
Figure 11: Enable VNC for GUI Access
Note: You may download the latest version of VNC at http://www.realvnc.com
2. Enter the username and password provided to you during the registration process
3. On the Topology menu, select Open. The resulting dialog shows the top-‐level domain configured previously.
4. Select the domain name and click OK.
Enable VNC Display 9
Packet Design, Copyright © 2012 18
Figure 12 -‐ Starting a VNC Session
Start a VNC Session to the IP address of the Route Explorer
Under ‘Topology’, select ‘Open’
Packet Design, Copyright © 2012 19
Route Explorer Features This section is a brief introduction to few key Route Explorer features. See the Route Explorer User Guide for detailed documentation on the complete Route Explorer feature set. Use the Topology menu to select and view the desired network topology.
Figure 13 -‐ Viewing the Network Topology
Open topology presents a Layer 3 map of the virtual network created in Junosphere and being monitored by Route Explorer. The map is interactive and customizable; refer to the Layout and View menu items. A variety of reports can be obtained from Route Explorer that provides detailed information of the current and historical state of the network. Following is a description of a few sample reports.
Packet Design, Copyright © 2012 20
Data Paths You can easily trace the data path between any two routers in the network by using the Find Paths feature under the Tools menu or by selecting the source and destination routers directly on the map.
Figure 14 -‐ The Find Path Feature
Figure 15 -‐ The Network Summary
Network Status Reports Network status reports provide the status of the network elements, including router links and prefixes. Information across protocols (such as IS-IS and BGP) is consolidated into a single view. Route Explorer maintains a baseline of key information that allows users to quickly identify deviations.
Packet Design, Copyright © 2012 21
Figure 16 -‐ Viewing the Status Report
List of status reports for IP networks
Multiprotocol prefix information including IGP & BGP protocols
Packet Design, Copyright © 2012 22
Network Stability Reports Stability reports track the activity of network devices and highlight those that are least stable. An example is a list of prefixes that flapped most in the selected time interval.
Figure 17 -‐ Viewing Network Stability Reports
Router churn that includes all router, link and prefix events
Network stability reports
Packet Design, Copyright © 2012 23
Network History Route Explorer maintains a history of all network events collected by the routers to enable forensic analysis. History Navigator in Route Explorer allows users to navigate time and re-create the precise network state at a point of time in the history or at the time of a network incident.
Figure 18 -‐ Viewing the Network History
1. History Navigator showing graph of routing events over time
3. Select interval to see routing events
2. Click to view Events table
Packet Design, Copyright © 2012 24
Figure 19 -‐ Viewing the List of Routing Events
List of routing events in selected interval
Packet Design, Copyright © 2012 25
Route Explorer Enabled Junosphere Topology Demonstration Information
Packet Design, Copyright © 2012 26
Packet Design, Copyright © 2012 27
Packet Design, Copyright © 2012 28
Packet Design, Copyright © 2012 29
Packet Design, Copyright © 2012 30
Packet Design, Copyright © 2012 31
Packet Design, Copyright © 2012 32
Packet Design, Copyright © 2012 33
Packet Design, Copyright © 2012 34
Packet Design, Copyright © 2012 35
Packet Design, Copyright © 2012 36
Packet Design, Copyright © 2012 37
Packet Design, Copyright © 2012 38
Packet Design, Copyright © 2012 39
Packet Design, Copyright © 2012 40
Packet Design, Copyright © 2012 41
Packet Design, Copyright © 2012 42