Professional Documents
Culture Documents
Martin Brown
NETWORK SECURITY ENGINEER
@martinbrown2k
Our Lab Environment
ge-0/0/2 ge-0/0/3
‘SRX-04’
ge-0/0/0 ge-0/0/1
fe-0/0/7 fe-0/0/7
fe-0/0/0 fe-0/0/0
SRX-01 SRX-02
Our New Lab Environment
ge-0/0/0 ge-0/0/2
fe-0/0/1 ge-0/0/3
SRX-03
fe-0/0/7
SRX-01 ‘SRX-04’
192.168.100.0/24
192.168.150.0/24
fe-0/0/0 SRX-02 ge-0/0/1 192.168.200.0/24
192.168.250.0/24
fe-0/0/0 fe-0/0/1
fe-0/0/7
Expected Traffic Flow
ge-0/0/0 ge-0/0/2
fe-0/0/1 ge-0/0/3
SRX-03
fe-0/0/7
SRX-01 ‘SRX-04’
192.168.100.0/24
192.168.150.0/24
fe-0/0/0 SRX-02 ge-0/0/1 192.168.200.0/24
192.168.250.0/24
fe-0/0/0 fe-0/0/1
fe-0/0/7
Actual Traffic Flow
ge-0/0/0 ge-0/0/2
fe-0/0/1 ge-0/0/3
SRX-03
fe-0/0/7
SRX-01 ‘SRX-04’
192.168.100.0/24
192.168.150.0/24
fe-0/0/0 SRX-02 ge-0/0/1 192.168.200.0/24
192.168.250.0/24
fe-0/0/0 fe-0/0/1
fe-0/0/7
Reference Bandwidth
ge-0/0/0 ge-0/0/2
fe-0/0/1 ge-0/0/3
SRX-03
fe-0/0/7
SRX-01 ‘SRX-04’
192.168.100.0/24
192.168.150.0/24
fe-0/0/0 SRX-02 ge-0/0/1 192.168.200.0/24
192.168.250.0/24
fe-0/0/0 fe-0/0/1
fe-0/0/7
Temporary Desired Traffic Flow
ge-0/0/0 ge-0/0/2
fe-0/0/1 ge-0/0/3
SRX-03
fe-0/0/7
SRX-01 ‘SRX-04’
192.168.100.0/24
192.168.150.0/24
fe-0/0/0 SRX-02 ge-0/0/1 192.168.200.0/24
192.168.250.0/24
fe-0/0/0 fe-0/0/1
fe-0/0/7
Interface Metric
ge-0/0/0 ge-0/0/2
fe-0/0/1 ge-0/0/3
SRX-03
fe-0/0/7
SRX-01 ‘SRX-04’
192.168.100.0/24
192.168.150.0/24
fe-0/0/0 SRX-02 ge-0/0/1 192.168.200.0/24
192.168.250.0/24
fe-0/0/0 fe-0/0/1
fe-0/0/7
Change Reported Metric
On SRX-03
- Set the cost of ge-0/0/0.0 to 1000
ge-0/0/0 ge-0/0/2
fe-0/0/1 ge-0/0/3
SRX-03
fe-0/0/7
SRX-01 ‘SRX-04’
192.168.100.0/24
192.168.150.0/24
fe-0/0/0 SRX-02 ge-0/0/1 192.168.200.0/24
192.168.250.0/24
fe-0/0/0 fe-0/0/1
fe-0/0/7
Our Lab Environment
ge-0/0/0 ge-0/0/2
fe-0/0/1 ge-0/0/3
SRX-03
fe-0/0/7
SRX-01 ‘SRX-04’
192.168.100.0/24
192.168.150.0/24
fe-0/0/0 SRX-02 ge-0/0/1 192.168.200.0/24
192.168.250.0/24
fe-0/0/0 fe-0/0/1
fe-0/0/7
Our Lab Environment
Area 0 SRX-03 ‘SRX-04’
ge-0/0/2
ge-0/0/0 ge-0/0/3
fe-0/0/1
192.168.100.0/24
fe-0/0/7 SRX-01 192.168.150.0/24
192.168.200.0/24
Area 1 192.168.250.0/24
SRX-02
fe-0/0/0
fe-0/0/0
fe-0/0/7
Subnet Allocation
Corporate IP addressing is strategic
Subnets are not allocated at random
Most companies use subnets from a range
- 10.0.0.0/24 to 10.100.100.0/24
- 192.168.1.0/24 to 192.168.200.0/24
172.16.64.0/24
172.16.32.0/24 to
to 172.16.127.0/24
172.16.63.0/24
Building C
Building B
Corporate IP Addressing
192.168.0.0/21
172.16.0.0/19
Branch Office
Building A
172.16.64.0/18
172.16.32.0/19
Building C
Building B
Configure Area Summarization
ACME want to optimize the LSDB
Routes into area 1 should be summarized
Partial summarization of SRX-04’s routes
On SRX-01 summarize the subnets:
- 192.168.150.0/24
- 192.168.200.0/24
- 192.168.250.0/24
Extensive includes:
- When route was installed
- Age timer
- Metric
OSPF “Show” Commands
“show ospf interfaces”
Lists OSPF AS interfaces
Also Includes:
- Area ID
- DR
- BDR
- State
Extensive details:
- Timers
- MTU
- Cost
OSPF “Show” Commands
“show ospf route”
Lists subnet information along with:
- Path type
- Route type
- Metric
- Next-hop
- Exit interface
Extensive adds:
- Origin area
- Originating router
OSPF “Show” Commands