{"id":41,"date":"2015-09-24T11:46:21","date_gmt":"2015-09-24T03:46:21","guid":{"rendered":"https:\/\/networkingnotesblog.wordpress.com\/?p=41"},"modified":"2015-09-24T11:46:21","modified_gmt":"2015-09-24T03:46:21","slug":"learning-ospf-with-one-juniper-srx100-basic","status":"publish","type":"post","link":"http:\/\/notes4it.com\/?p=41","title":{"rendered":"Learning OSPF with one Juniper SRX100 (basic)"},"content":{"rendered":"

One of the beauties of Jumiper SRX is it has a heritage function from ScreenOS called “virtual router”. Unlike ScreenOS, Junos has the ability link virtual routers up with logical interfaces (lt-0\/0\/0). With these 2 features, Virtual routers could have their own route tables, could simulate several routers within a single box of SRX, and could run routing protocols between them. (I have tried with Cisco VRF, but it doesn’t work as expected.)
\n
\nFrom the official specification from Juniper, SRX 100 should only support 3 virtual routers. The secret here is SRX 100 h2 version could create up to 11 virtual routers, and all of them can run flawlessly. (Juniper s not selling any non SRX100 h2 from a year ago. So a single SRX could do the OSPF, OSPF v3, IS-IS and limited BGP training lab already.)
\nSince my SRX is my internet gateway with NAT, it runs with flow mode. But the VRs will be run as stateless mode by applying packet filter to avoid any policy restrictions blocking the OSPF talks and asymmetric flows between VRs. (If any questions regarding to this configuration, feel free to let me know. )<\/p>\n

\n

This post will focus on OSPF with IPv4 only. The topology for OSPF lab is listed as below. (This test bed is being used for Internet access and for my BGP labs too.)
\nThere will be 9 virtual routers and 3 VRs at the centre serve as backbone and ABR, other VRs will be connecting to the backbone VRs. (With enough creativity and skills, you could use this test bed to learn the characteristic and behaviors of different OSPF area types.)
\n\"OSPF_testbed\"<\/a>
\n <\/p>\n

\n

The OSPF lab for this time will be a simple flat layer with all routers placed in area 0. Putting everything in area 0 allows network administrators to handle their network easily without too much of the troubleshooting needs if the network does not have much of the changes frequently. However, it would not be a good practice if network is expending as all high and low end OSPF member routers require to consume have as much memories when they have to share the same size of route table amount each others.\u00a0 (We will talk about that in another post.)<\/p>\n

\n

Configuration:
\nI will describe the configuration for VR-001 as the example. Other similar VR configuration will simply be pasted below.<\/p>\n\n\n\n\n
VR-001 config:<\/strong><\/td>\n<\/tr>\n
set interfaces lo0 unit 1 family inet address 192.168.201.1\/32
\nset interfaces lo0 unit 1 family inet filter input VR-R001_inet-filter
\nset interfaces lt-0\/0\/0 unit 9 encapsulation ethernet\u00a0\u00a0\u00a0 \/\/ set this logical interface to emulate as a ethernet connection<\/span>
\nset interfaces lt-0\/0\/0 unit 9 peer-unit 10\u00a0\u00a0\u00a0\u00a0 \/\/ tell this logical interface where is the other end. In this case, lt-0\/0\/0.10 is the other end.<\/span><\/em>
\nset interfaces lt-0\/0\/0 unit 9 family inet filter input VR-R001_inet-filter\u00a0\u00a0\u00a0\u00a0 \/\/ apply firewall filter to route all incoming packets arrives to this interface without creating any sessions.<\/em><\/span>
\nset interfaces lt-0\/0\/0 unit 9 family inet filter output VR-R001_inet-filter\u00a0\u00a0\u00a0\u00a0 \/\/ apply firewall filter to route all outgoing packets exist from this interface without creating any sessions.<\/span><\/em>
\nset interfaces lt-0\/0\/0 unit 9 family inet address 192.168.200.9\/30
\nset interfaces lt-0\/0\/0 unit 13 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 13 peer-unit 14
\nset interfaces lt-0\/0\/0 unit 13 family inet filter input VR-R001_inet-filter
\nset interfaces lt-0\/0\/0 unit 13 family inet filter output VR-R001_inet-filter
\nset interfaces lt-0\/0\/0 unit 13 family inet address 192.168.200.13\/30
\nset interfaces lt-0\/0\/0 unit 38 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 38 peer-unit 37
\nset interfaces lt-0\/0\/0 unit 38 family inet filter input VR-R001_inet-filter
\nset interfaces lt-0\/0\/0 unit 38 family inet filter output VR-R001_inet-filter
\nset interfaces lt-0\/0\/0 unit 38 family inet address 192.168.200.38\/30
\nset interfaces lt-0\/0\/0 unit 42 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 42 peer-unit 41
\nset interfaces lt-0\/0\/0 unit 42 family inet filter input VR-R001_inet-filter
\nset interfaces lt-0\/0\/0 unit 42 family inet filter output VR-R001_inet-filter
\nset interfaces lt-0\/0\/0 unit 42 family inet address 192.168.200.42\/30
\nset firewall family inet filter VR-R001_inet-filter interface-specific
\nset firewall family inet filter VR-R001_inet-filter term 99-packet_traffic then packet-mode\u00a0\u00a0\u00a0\u00a0 \/\/make all packets that hit this filter to route with stateless mode.<\/span><\/em>
\nset routing-instances VR-001 instance-type virtual-router\u00a0\u00a0\u00a0\u00a0\u00a0 \/\/ VR-001 is the name of the routing instance and we set this type of instance as a virtual router.<\/span><\/em>
\nset routing-instances VR-001 interface lt-0\/0\/0.9\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/\/assign an interface to this routing instance by putting the interface name under the routing instance. Unlike logical system, IP address will not be assigned under routing instance.<\/span><\/em>
\nset routing-instances VR-001 interface lt-0\/0\/0.13
\nset routing-instances VR-001 interface lt-0\/0\/0.38
\nset routing-instances VR-001 interface lt-0\/0\/0.42
\nset routing-instances VR-001 interface lo0.1\u00a0\u00a0\u00a0\u00a0 \/\/assign a loopback interface to this routing instance<\/span><\/em>
\nset routing-instances VR-001 routing-options router-id 192.168.201.1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/\/ assign a router-id to this routing instance to avoid OSPF ip address auto selection.<\/span><\/em>
\nset routing-instances VR-001 routing-options autonomous-system 65530\u00a0\u00a0\u00a0\u00a0\u00a0 \/\/ this testbed is assigned to a private AS of 65530, it is not required for OSPF lab, but i m using this testbed for BGP as well.<\/span><\/em>
\nset routing-instances VR-001 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.9 interface-type p2p\u00a0\u00a0\u00a0\u00a0 \/\/ Putting the VR-001 into the OSPF area 0 and assign the interface to form adjacency. The p2p is to<\/em><\/span> reduce the over head of DR election.
\nset routing-instances VR-001 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.13 interface-type p2p
\nset routing-instances VR-001 protocols ospf area 0.0.0.0 interface lo0.1 passive \u00a0 \/\/putting the loopback interface into passive because loopback does not have any adjacency.<\/span><\/em>
\nset routing-instances VR-001 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.38 interface-type p2p
\nset routing-instances VR-001 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.42 interface-type p2p
\nset security zones security-zone VR-001-untrust host-inbound-traffic system-services all\u00a0\u00a0 \/\/host inbound are set to allow all as i dont want to have any troubleshoot for the labbed.<\/span><\/em>
\nset security zones security-zone VR-001-untrust host-inbound-traffic protocols all
\nset security zones security-zone VR-001-untrust interfaces lt-0\/0\/0.38\u00a0\u00a0\u00a0\u00a0 \/\/ assign the interfaces to this security zone of VR-001-untrust since i will sometimes switch back and fore from packet mode and flow mode.<\/span><\/em>
\nset security zones security-zone VR-001-untrust interfaces lt-0\/0\/0.42
\nset security zones security-zone VR-001-untrust interfaces lt-0\/0\/0.13
\nset security zones security-zone VR-001-untrust interfaces lt-0\/0\/0.9
\nset security zones security-zone VR-001-untrust interfaces lo0.1<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n\n\n\n\n
VR-002 config:<\/strong><\/td>\n<\/tr>\n
set interfaces lt-0\/0\/0 unit 10 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 10 peer-unit 9
\nset interfaces lt-0\/0\/0 unit 10 family inet filter input VR-R002_inet-filter
\nset interfaces lt-0\/0\/0 unit 10 family inet filter output VR-R002_inet-filter
\nset interfaces lt-0\/0\/0 unit 10 family inet address 192.168.200.10\/30
\nset interfaces lt-0\/0\/0 unit 17 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 17 peer-unit 18
\nset interfaces lt-0\/0\/0 unit 17 family inet filter input VR-R002_inet-filter
\nset interfaces lt-0\/0\/0 unit 17 family inet filter output VR-R002_inet-filter
\nset interfaces lt-0\/0\/0 unit 17 family inet address 192.168.200.17\/30
\nset interfaces lt-0\/0\/0 unit 29 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 29 peer-unit 30
\nset interfaces lt-0\/0\/0 unit 29 family inet filter input VR-R002_inet-filter
\nset interfaces lt-0\/0\/0 unit 29 family inet filter output VR-R002_inet-filter
\nset interfaces lt-0\/0\/0 unit 29 family inet address 192.168.200.29\/30
\nset interfaces lt-0\/0\/0 unit 34 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 34 peer-unit 33
\nset interfaces lt-0\/0\/0 unit 34 family inet filter input VR-R002_inet-filter
\nset interfaces lt-0\/0\/0 unit 34 family inet filter output VR-R002_inet-filter
\nset interfaces lt-0\/0\/0 unit 34 family inet address 192.168.200.34\/30
\nset interfaces lo0 unit 2 family inet filter input VR-R002_inet-filter
\nset interfaces lo0 unit 2 family inet filter output VR-R002_inet-filter
\nset interfaces lo0 unit 2 family inet address 192.168.201.2\/32
\nset firewall family inet filter VR-R002_inet-filter term 99-packet_traffic then packet-mode
\nset routing-instances VR-002 instance-type virtual-router
\nset routing-instances VR-002 interface lt-0\/0\/0.10
\nset routing-instances VR-002 interface lt-0\/0\/0.17
\nset routing-instances VR-002 interface lt-0\/0\/0.29
\nset routing-instances VR-002 interface lt-0\/0\/0.34
\nset routing-instances VR-002 interface lo0.2
\nset routing-instances VR-002 routing-options router-id 192.168.201.2
\nset routing-instances VR-002 routing-options autonomous-system 65530
\nset routing-instances VR-002 protocols ospf area 0.0.0.0 interface lo0.2 passive
\nset routing-instances VR-002 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.10 interface-type p2p
\nset routing-instances VR-002 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.17 interface-type p2p
\nset routing-instances VR-002 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.29 interface-type p2p
\nset routing-instances VR-002 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.34 interface-type p2p
\nset security zones security-zone VR-002-untrust host-inbound-traffic system-services all
\nset security zones security-zone VR-002-untrust host-inbound-traffic protocols all
\nset security zones security-zone VR-002-untrust interfaces lt-0\/0\/0.10
\nset security zones security-zone VR-002-untrust interfaces lt-0\/0\/0.17
\nset security zones security-zone VR-002-untrust interfaces lt-0\/0\/0.29
\nset security zones security-zone VR-002-untrust interfaces lt-0\/0\/0.34
\nset security zones security-zone VR-002-untrust interfaces lo0.2<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n\n\n\n\n
VR-003 config:<\/strong><\/td>\n<\/tr>\n
set interfaces lt-0\/0\/0 unit 14 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 14 peer-unit 13
\nset interfaces lt-0\/0\/0 unit 14 family inet filter input VR-R003_inet-filter
\nset interfaces lt-0\/0\/0 unit 14 family inet filter output VR-R003_inet-filter
\nset interfaces lt-0\/0\/0 unit 14 family inet address 192.168.200.14\/30
\nset interfaces lt-0\/0\/0 unit 18 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 18 peer-unit 17
\nset interfaces lt-0\/0\/0 unit 18 family inet filter input VR-R003_inet-filter
\nset interfaces lt-0\/0\/0 unit 18 family inet filter output VR-R003_inet-filter
\nset interfaces lt-0\/0\/0 unit 18 family inet address 192.168.200.18\/30
\nset interfaces lt-0\/0\/0 unit 21 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 21 peer-unit 22
\nset interfaces lt-0\/0\/0 unit 21 family inet filter input VR-R003_inet-filter
\nset interfaces lt-0\/0\/0 unit 21 family inet filter output VR-R003_inet-filter
\nset interfaces lt-0\/0\/0 unit 21 family inet address 192.168.200.21\/30
\nset interfaces lt-0\/0\/0 unit 25 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 25 peer-unit 26
\nset interfaces lt-0\/0\/0 unit 25 family inet filter input VR-R003_inet-filter
\nset interfaces lt-0\/0\/0 unit 25 family inet filter output VR-R003_inet-filter
\nset interfaces lt-0\/0\/0 unit 25 family inet address 192.168.200.25\/30
\nset interfaces lo0 unit 3 family inet filter input VR-R003_inet-filter
\nset interfaces lo0 unit 3 family inet address 192.168.201.3\/32
\nset firewall family inet filter VR-R003_inet-filter term 99-packet_traffic then packet-mode
\nset routing-instances VR-003 instance-type virtual-router
\nset routing-instances VR-003 interface lt-0\/0\/0.14
\nset routing-instances VR-003 interface lt-0\/0\/0.18
\nset routing-instances VR-003 interface lt-0\/0\/0.21
\nset routing-instances VR-003 interface lt-0\/0\/0.25
\nset routing-instances VR-003 interface lo0.3
\nset routing-instances VR-003 routing-options router-id 192.168.201.3
\nset routing-instances VR-003 routing-options autonomous-system 65530
\nset routing-instances VR-003 protocols ospf area 0.0.0.0 interface lo0.3 passive
\nset routing-instances VR-003 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.14 interface-type p2p
\nset routing-instances VR-003 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.18 interface-type p2p
\nset routing-instances VR-003 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.21 interface-type p2p
\nset routing-instances VR-003 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.25 interface-type p2p
\nset security zones security-zone VR-003-untrust host-inbound-traffic system-services all
\nset security zones security-zone VR-003-untrust host-inbound-traffic protocols all
\nset security zones security-zone VR-003-untrust interfaces lt-0\/0\/0.14
\nset security zones security-zone VR-003-untrust interfaces lt-0\/0\/0.18
\nset security zones security-zone VR-003-untrust interfaces lt-0\/0\/0.25
\nset security zones security-zone VR-003-untrust interfaces lt-0\/0\/0.21
\nset security zones security-zone VR-003-untrust interfaces lo0.3
\nset security zones security-zone VR-003-untrust interfaces lt-0\/0\/0.48<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n\n\n\n\n
VR-011 config:<\/strong><\/td>\n<\/tr>\n
set interfaces lt-0\/0\/0 unit 37 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 37 peer-unit 38
\nset interfaces lt-0\/0\/0 unit 37 family inet filter input VR-R011_inet-filter
\nset interfaces lt-0\/0\/0 unit 37 family inet filter output VR-R011_inet-filter
\nset interfaces lt-0\/0\/0 unit 37 family inet address 192.168.200.37\/30
\nset interfaces lo0 unit 11 family inet filter input VR-R011_inet-filter
\nset interfaces lo0 unit 11 family inet filter output VR-R011_inet-filter
\nset interfaces lo0 unit 11 family inet address 192.168.201.11\/32
\nset firewall family inet filter VR-R011_inet-filter term 99-packet_traffic then packet-mode
\nset routing-instances VR-011 instance-type virtual-router
\nset routing-instances VR-011 interface lt-0\/0\/0.37
\nset routing-instances VR-011 interface lo0.11
\nset routing-instances VR-011 routing-options router-id 192.168.201.11
\nset routing-instances VR-011 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.37 interface-type p2p
\nset routing-instances VR-011 protocols ospf area 0.0.0.0 interface lo0.11 passive
\nset security zones security-zone VR-011-untrust host-inbound-traffic system-services all
\nset security zones security-zone VR-011-untrust host-inbound-traffic protocols all
\nset security zones security-zone VR-011-untrust interfaces lt-0\/0\/0.37
\nset security zones security-zone VR-011-untrust interfaces lo0.11<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n\n\n\n\n
VR-012 config:<\/strong><\/td>\n<\/tr>\n
set interfaces lo0 unit 12 family inet filter input VR-R012_inet-filter
\nset interfaces lo0 unit 12 family inet filter output VR-R012_inet-filter
\nset interfaces lo0 unit 12 family inet address 192.168.201.12\/32
\nset interfaces lt-0\/0\/0 unit 41 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 41 peer-unit 42
\nset interfaces lt-0\/0\/0 unit 41 family inet filter input VR-R012_inet-filter
\nset interfaces lt-0\/0\/0 unit 41 family inet filter output VR-R012_inet-filter
\nset interfaces lt-0\/0\/0 unit 41 family inet address 192.168.200.41\/30
\nset firewall family inet filter VR-R012_inet-filter term 99-packet_traffic then packet-mode
\nset routing-instances VR-012 instance-type virtual-router
\nset routing-instances VR-012 interface lt-0\/0\/0.41
\nset routing-instances VR-012 interface lo0.12
\nset routing-instances VR-012 routing-options router-id 192.168.201.12
\nset routing-instances VR-012 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.41 interface-type p2p
\nset routing-instances VR-012 protocols ospf area 0.0.0.0 interface lo0.12 passive
\nset security zones security-zone VR-012-untrust host-inbound-traffic system-services all
\nset security zones security-zone VR-012-untrust host-inbound-traffic protocols all
\nset security zones security-zone VR-012-untrust interfaces lt-0\/0\/0.41
\nset security zones security-zone VR-012-untrust interfaces lo0.12<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n\n\n\n\n
VR-021 config:<\/strong><\/td>\n<\/tr>\n
set interfaces lo0 unit 21 family inet filter output VR-R021_inet-filter
\nset interfaces lo0 unit 21 family inet address 192.168.201.21\/32
\nset interfaces lt-0\/0\/0 unit 41 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 41 peer-unit 42
\nset interfaces lt-0\/0\/0 unit 41 family inet filter input VR-R012_inet-filter
\nset interfaces lt-0\/0\/0 unit 41 family inet filter output VR-R012_inet-filter
\nset interfaces lt-0\/0\/0 unit 41 family inet address 192.168.200.41\/30
\nset firewall family inet filter VR-R021_inet-filter term 99-packet_traffic then packet-mode
\nset routing-instances VR-021 instance-type virtual-router
\nset routing-instances VR-021 interface lt-0\/0\/0.30
\nset routing-instances VR-021 interface lo0.21
\nset routing-instances VR-021 routing-options router-id 192.168.201.21
\nset routing-instances VR-021 protocols ospf area 0.0.0.0 interface lo0.21 passive
\nset routing-instances VR-021 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.30 interface-type p2p
\nset security zones security-zone VR-021-untrust host-inbound-traffic system-services all
\nset security zones security-zone VR-021-untrust host-inbound-traffic protocols all
\nset security zones security-zone VR-021-untrust interfaces lo0.21
\nset security zones security-zone VR-021-untrust interfaces lt-0\/0\/0.30<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n\n\n\n\n
VR-022 config:<\/strong><\/td>\n<\/tr>\n
set interfaces lo0 unit 22 family inet filter input VR-R022_inet-filter
\nset interfaces lo0 unit 22 family inet filter output VR-R022_inet-filter
\nset interfaces lo0 unit 22 family inet address 192.168.201.22\/32
\nset interfaces lt-0\/0\/0 unit 33 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 33 peer-unit 34
\nset interfaces lt-0\/0\/0 unit 33 family inet filter input VR-R022_inet-filter
\nset interfaces lt-0\/0\/0 unit 33 family inet filter output VR-R022_inet-filter
\nset interfaces lt-0\/0\/0 unit 33 family inet address 192.168.200.33\/30
\nset firewall family inet filter VR-R022_inet-filter term 99-packet_traffic then packet-mode
\nset routing-instances VR-022 instance-type virtual-router
\nset routing-instances VR-022 interface lt-0\/0\/0.33
\nset routing-instances VR-022 interface lo0.22
\nset routing-instances VR-022 routing-options router-id 192.168.201.22
\nset routing-instances VR-022 protocols ospf area 0.0.0.0 interface lo0.22 passive
\nset routing-instances VR-022 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.33 interface-type p2p
\nset security zones security-zone VR-022-untrust host-inbound-traffic system-services all
\nset security zones security-zone VR-022-untrust host-inbound-traffic protocols all
\nset security zones security-zone VR-022-untrust interfaces lt-0\/0\/0.33
\nset security zones security-zone VR-022-untrust interfaces lo0.22<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n\n\n\n\n
VR-031 config:<\/strong><\/td>\n<\/tr>\n
set interfaces lo0 unit 31 family inet filter input VR-R031_inet-filter
\nset interfaces lo0 unit 31 family inet filter output VR-R031_inet-filter
\nset interfaces lo0 unit 31 family inet address 192.168.201.31\/32
\nset interfaces lt-0\/0\/0 unit 26 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 26 peer-unit 25
\nset interfaces lt-0\/0\/0 unit 26 family inet filter input VR-R031_inet-filter
\nset interfaces lt-0\/0\/0 unit 26 family inet filter output VR-R031_inet-filter
\nset interfaces lt-0\/0\/0 unit 26 family inet address 192.168.200.26\/30
\nset firewall family inet filter VR-R031_inet-filter term 99-packet_traffic then packet-mode
\nset routing-instances VR-031 instance-type virtual-router
\nset routing-instances VR-031 interface lt-0\/0\/0.26
\nset routing-instances VR-031 interface lo0.31
\nset routing-instances VR-031 routing-options router-id 192.168.201.31
\nset routing-instances VR-031 protocols ospf area 0.0.0.0 interface lo0.31 passive
\nset routing-instances VR-031 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.26 interface-type p2p
\nset security zones security-zone VR-031-untrust host-inbound-traffic system-services all
\nset security zones security-zone VR-031-untrust host-inbound-traffic protocols all
\nset security zones security-zone VR-031-untrust interfaces lt-0\/0\/0.26
\nset security zones security-zone VR-031-untrust interfaces lo0.31<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n\n\n\n\n
VR-032 config:<\/strong><\/td>\n<\/tr>\n
set interfaces lo0 unit 32 family inet filter input VR-R032_inet-filter
\nset interfaces lo0 unit 32 family inet filter output VR-R032_inet-filter
\nset interfaces lo0 unit 32 family inet address 192.168.201.32\/32
\nset interfaces lt-0\/0\/0 unit 22 encapsulation ethernet
\nset interfaces lt-0\/0\/0 unit 22 peer-unit 21
\nset interfaces lt-0\/0\/0 unit 22 family inet filter input VR-R032_inet-filter
\nset interfaces lt-0\/0\/0 unit 22 family inet filter output VR-R032_inet-filter
\nset interfaces lt-0\/0\/0 unit 22 family inet address 192.168.200.22\/30
\nset firewall family inet filter VR-R032_inet-filter term 99-packet_traffic then packet-mode
\nset routing-instances VR-032 instance-type virtual-router
\nset routing-instances VR-032 interface lt-0\/0\/0.22
\nset routing-instances VR-032 interface lo0.32
\nset routing-instances VR-032 routing-options router-id 192.168.201.32
\nset routing-instances VR-032 protocols ospf area 0.0.0.0 interface lt-0\/0\/0.22 interface-type p2p
\nset routing-instances VR-032 protocols ospf area 0.0.0.0 interface lo0.32 passive
\nset security zones security-zone VR-032-untrust host-inbound-traffic system-services all
\nset security zones security-zone VR-032-untrust host-inbound-traffic protocols all
\nset security zones security-zone VR-032-untrust interfaces lo0.32
\nset security zones security-zone VR-032-untrust interfaces lt-0\/0\/0.22<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\n

A trimmed OSPF datebase report from VR-001. It shows all of the virtual routers are in the OSPF area 0.<\/p>\n\n\n\n\n
[edit]
\nawong@SRX100# run show ospf database instance VR-001<\/td>\n<\/tr>\n
\n
OSPF database, Area 0.0.0.0\n Type\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ID\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Adv Rtr\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Seq\u00a0\u00a0\u00a0\u00a0\u00a0 Age\u00a0 Opt\u00a0 Cksum\u00a0 Len\n Router\u00a0 *192.168.201.1\u00a0\u00a0\u00a0 192.168.201.1\u00a0\u00a0\u00a0 0x80000004\u00a0\u00a0 320\u00a0 0x22 0x6f9f 180\n Router\u00a0\u00a0 192.168.201.2\u00a0\u00a0\u00a0 192.168.201.2\u00a0\u00a0\u00a0 0x80000004\u00a0\u00a0 321\u00a0 0x22 0xec0f 180\n Router\u00a0\u00a0 192.168.201.3\u00a0\u00a0\u00a0 192.168.201.3\u00a0\u00a0\u00a0 0x80000004\u00a0\u00a0 320\u00a0 0x22 0xd018 180\n Summary *192.168.201.11\u00a0\u00a0 192.168.201.1\u00a0\u00a0\u00a0 0x80000001\u00a0\u00a0 315\u00a0 0x22 0x3198\u00a0 28\n Summary *192.168.201.12\u00a0\u00a0 192.168.201.1\u00a0\u00a0\u00a0 0x80000001\u00a0\u00a0 315\u00a0 0x22 0x27a1\u00a0 28\n Summary\u00a0 192.168.201.21\u00a0\u00a0 192.168.201.2\u00a0\u00a0\u00a0 0x80000001\u00a0\u00a0 320\u00a0 0x22 0xc6f7\u00a0 28\n Summary\u00a0 192.168.201.22\u00a0\u00a0 192.168.201.2\u00a0\u00a0\u00a0 0x80000001\u00a0\u00a0 320\u00a0 0x22 0xbc01\u00a0 28\n Summary\u00a0 192.168.201.31\u00a0\u00a0 192.168.201.3\u00a0\u00a0\u00a0 0x80000001\u00a0\u00a0 316\u00a0 0x22 0x5c57\u00a0 28\n Summary\u00a0 192.168.201.32\u00a0\u00a0 192.168.201.3\u00a0\u00a0\u00a0 0x80000001\u00a0\u00a0 320\u00a0 0x22 0x5260\u00a0 28\n<\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
[edit]<\/p>\n
\n
Summary:
\nThe configuration above (in my case) should have enough virtual routers to create a test bed for OSPF. Later on there will be some more post about putting VRs into different types of ospf area, such as stub, NSSA, and totally stub at the test bed.
\nHope this post could give out an idea to those who is low on budget of setting up a home lab for learning, regardless of using VM. Please share it out if you like this post.
\n <\/p>\n","protected":false},"excerpt":{"rendered":"
One of the beauties of Jumiper SRX is it has a heritage function from ScreenOS called “virtual router”. Unlike ScreenOS, Junos has the ability link virtual routers up with logical interfaces (lt-0\/0\/0). With these 2 features, Virtual routers could have their own route tables, could simulate several routers within a single box of SRX, and […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[94,169],"class_list":["post-41","post","type-post","status-publish","format-standard","hentry","category-networking","tag-junos-en","tag-srx-en"],"_links":{"self":[{"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/posts\/41","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=41"}],"version-history":[{"count":0,"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/posts\/41\/revisions"}],"wp:attachment":[{"href":"http:\/\/notes4it.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=41"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=41"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=41"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}