Blogs

How To: Simulate multiple routers on a single SRX100 to lab test OSPF or ISIS

By Loup2 posted 04-26-2016 09:31

  

Overview

Use routing instances to simulate two routers on a single SRX100 device to provide a lab environment to test routing protocols.

 

Description


Here is a sample configuration used to simulate two routers on a single SRX100.

 

IMG_2664.JPG

 

Notes on this configuration:

 

 

  • The virtual topology drawing below is also  inside the configuration so you can easily see your "testbed".
  • Ports fe-0/0/0 and fe-0/0/1 have to be externally looped (connected together) as shown in the image above.
  • Two "virtual routers" routing instances named R1 and R2 are interconnected.
  • OSPF and ISIS protocols are configured and announcing loopback routes.
  • SRX is configured in packet mode so it is used like a router and is not doing any flow inspection.

 

 Virtual Topology

 

************************   Lab SRX100  ***********************
*                                                            *
*               Protocols OSPF and ISIS active               *
*                                                            *
*   _____________________________________________________    *
*  |                                                     |   *
*  | lo0.0:  1.1.1.1/32               lo0.1: 2.2.2.2.2   |   *
*  |     __________                      ___________     |   *
*  |    |          |                    |           |    |   *
*  |    |          | fe-0/0/0  fe-0/0/1 |           |    |   *
*  |    |   ri R1  |--------------------|   ri R2   |    |   *
*  |    |          |.1   10.0.0.0/30  .2|           |    |   *
*  |    |          |                    |           |    |   *
*  |     __________                      ___________     |   *
*  |                                                     |   *
*   _____________________________________________________    *
*                                                            *
**************************************************************

Example Configuration

 

Here is the simple config and you can connect with a simple login lab password lab (simple ;-))

 

TEST_Alain_Packet_based (ttyu0)
login: lab

Password:
--- JUNOS 12.1X46-D40.2 built 2015-09-26 02:25:28 UTC

lab@TEST_Alain_Packet_based> show configuration | display set
set version 12.1X46-D40.2
set system host-name TEST_Alain_Packet_based
set system root-authentication encrypted-password "$1$isoTjyzw$e2SRs1o.iSmwh53rw56hV0"
set system login message "\n\n************************   Lab SRX100  ***********************\n*                                                            *\n*               Protocols OSPF and ISIS active               *\n*                                                            *\n*   _____________________________________________________    *\n*  |                                                     |   *\n*  | lo0.0:  1.1.1.1/32               lo0.1: 2.2.2.2.2   |   *\n*  |     __________                      ___________     |   *\n*  |    |          |                    |           |    |   *\n*  |    |          | fe-0/0/0  fe-0/0/1 |           |    |   *\n*  |    |   ri R1  |--------------------|   ri R2   |    |   *\n*  |    |          |.1   10.0.0.0/30  .2|           |    |   *\n*  |    |          |                    |           |    |   *\n*  |     __________                      ___________     |   *\n*  |                                                     |   *\n*   _____________________________________________________    *\n*                                                            *\n**************************************************************\n\n\n"
set system login user Alain uid 2007
set system login user Alain class super-user
set system login user Alain authentication encrypted-password "$1$O3AUyBug$LGm57Ec/QX6SDQIABqam8."
set system login user lab uid 2000     
set system login user lab class super-user
set system login user lab authentication encrypted-password "$1$s95t$az6TXbMwo4FChdBEp/06d1"
set system services ftp
set system services ssh
set system services telnet
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.1/30
set interfaces fe-0/0/0 unit 0 family iso
set interfaces fe-0/0/0 unit 0 family inet6
set interfaces fe-0/0/1 unit 0 family inet address 10.0.0.2/30
set interfaces fe-0/0/1 unit 0 family iso
set interfaces fe-0/0/1 unit 0 family inet6
set interfaces fe-0/0/2 vlan-tagging
set interfaces fe-0/0/2 unit 0 vlan-id 0
set interfaces fe-0/0/2 unit 0 family inet address 192.168.0.1/30
set interfaces fe-0/0/2 unit 1 vlan-id 1
set interfaces fe-0/0/2 unit 1 family inet address 24.0.0.1/30
set interfaces fe-0/0/3 vlan-tagging
set interfaces fe-0/0/3 unit 0 vlan-id 0
set interfaces fe-0/0/3 unit 0 family inet address 192.168.0.2/30
set interfaces fe-0/0/3 unit 1 vlan-id 1
set interfaces fe-0/0/3 unit 1 family inet address 24.0.0.2/30
set interfaces fe-0/0/5 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/6 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/7 unit 0 family inet filter input ICMP
deactivate interfaces fe-0/0/7 unit 0 family inet filter
set interfaces fe-0/0/7 unit 0 family inet dhcp-client
set interfaces lo0 unit 0 family inet address 1.1.1.1/32
set interfaces lo0 unit 0 family iso address 49.0000.0010.0100.1001.00
set interfaces lo0 unit 1 family inet address 2.2.2.2/32
set interfaces lo0 unit 1 family iso address 49.0000.0020.0200.2002.00
set interfaces lo0 unit 2 family inet address 10.0.0.1/32
set interfaces lo0 unit 3 family inet address 10.0.0.2/32
set interfaces lo0 unit 4 family inet address 36.0.0.1/32
set interfaces vlan unit 0 family inet address 192.168.1.1/24
set protocols stp
set policy-options policy-statement EXPLOOP from protocol direct
set policy-options policy-statement EXPLOOP from route-filter 36.0.0.1/32 exact
set policy-options policy-statement EXPLOOP then accept
set policy-options policy-statement NHS term 1 from protocol direct
set policy-options policy-statement NHS term 1 then accept
set policy-options policy-statement NHS term 2 then next-hop self
set security forwarding-options family inet6 mode packet-based
set security forwarding-options family mpls mode packet-based
set firewall filter ICMP term ICMP from protocol icmp
set firewall filter ICMP term ICMP from icmp-type echo-request
set firewall filter ICMP term ICMP then count ICMP_entrant
set firewall filter ICMP term ICMP then discard
set firewall filter ICMP term ELSE then count Le_RESTE
set firewall filter ICMP term ELSE then accept
set routing-instances R1 instance-type virtual-router
set routing-instances R1 interface fe-0/0/0.0
set routing-instances R1 interface lo0.0
set routing-instances R1 protocols ospf area 0.0.0.0 interface fe-0/0/0.0
set routing-instances R1 protocols ospf area 0.0.0.0 interface lo0.0 passive
set routing-instances R1 protocols isis interface fe-0/0/0.0 level 1 disable
set routing-instances R1 protocols isis interface lo0.0
set routing-instances R2 instance-type virtual-router
set routing-instances R2 interface fe-0/0/1.0
set routing-instances R2 interface lo0.1
set routing-instances R2 protocols ospf area 0.0.0.0 interface lo0.1 passive
set routing-instances R2 protocols ospf area 0.0.0.0 interface fe-0/0/1.0
set routing-instances R2 protocols isis interface fe-0/0/1.0 level 1 disable
set routing-instances R2 protocols isis interface lo0.1
set routing-instances RB1 instance-type virtual-router
set routing-instances RB1 interface fe-0/0/2.0
set routing-instances RB1 interface lo0.2
set routing-instances RB1 routing-options static route 10.0.0.2/32 next-hop 192.168.0.2
set routing-instances RB1 routing-options autonomous-system 65000
set routing-instances RB1 protocols bgp group INTERNE type internal
set routing-instances RB1 protocols bgp group INTERNE local-address 10.0.0.1
set routing-instances RB1 protocols bgp group INTERNE neighbor 10.0.0.2
set routing-instances RB2 instance-type virtual-router
set routing-instances RB2 interface fe-0/0/2.1
set routing-instances RB2 interface fe-0/0/3.0
set routing-instances RB2 interface lo0.3
set routing-instances RB2 routing-options static route 10.0.0.1/32 next-hop 192.168.0.1
set routing-instances RB2 routing-options autonomous-system 65000
set routing-instances RB2 protocols bgp group INTERNE type internal
set routing-instances RB2 protocols bgp group INTERNE local-address 10.0.0.2
set routing-instances RB2 protocols bgp group INTERNE export NHS
set routing-instances RB2 protocols bgp group INTERNE neighbor 10.0.0.1
set routing-instances RB2 protocols bgp group EXTERNE type external
set routing-instances RB2 protocols bgp group EXTERNE neighbor 24.0.0.2 peer-as 65001
set routing-instances RB3 instance-type virtual-router
set routing-instances RB3 interface fe-0/0/3.1
set routing-instances RB3 interface lo0.4
set routing-instances RB3 routing-options autonomous-system 65001
set routing-instances RB3 protocols bgp group EXTERNE type external
set routing-instances RB3 protocols bgp group EXTERNE export EXPLOOP
set routing-instances RB3 protocols bgp group EXTERNE neighbor 24.0.0.1 peer-as 65000
set vlans vlan-trust vlan-id 3
set vlans vlan-trust l3-interface vlan.0

 

Notes

If you have a look at routing instances RB1, RB2, and RB3 connected via ports fe-0/0/2 and fe-0/0/3, there are three more routers running IBGP and eBGP to check how next-hop self option works.

 

Post any questions in the comments if you need some help on this simple way to do some labs.

 


#ebgp
#VirtualRouters
#How-To
#JuniperSRX