The World Seen By An OO Programmer

 

Eclipse + MySQL + GlassFish Plug-in + RMI Plug-in for Windows 7 64-bit 4/4

V. Install RMI Plug-in for Eclipse

1. Help -> Install New Software…

2. Restart Eclipse.

3. To make the “RMI Registry Control” button to appear: Window->Reset Perspective

4. Create a RMI Application Server. Click on drop-down menu of “Run” button: “Run Configurations…”

5. Testing remote method:

Eclipse + MySQL + GlassFish Plug-in + RMI Plug-in for Windows 7 64-bit 3/4

IV. OEPE (Oracle Enterprise Pack for Eclipse) Plug-in:

1. Goto Help -> Install New Software…

2. Click on “Add…”

3. After OEPE plugin installed. On the bottom of output tabs. Select “Servers”.

4. Start GlassFish Server:

5. Add mysql-connector-java-5.1.18 to “Source” of GlassFish Server

Eclipse + MySQL + GlassFish Plug-in + RMI Plug-in for Windows 7 64-bit 2/4

II. Install Eclipse:

1. Download eclipse-java-indigo-SR1-win32-x86_64

2. Download JDK 1.7: jdk-7u1-windows-x64.exe

3. Install Eclipse and execute JDK 1.7

4. Add JDK 1.7 in Eclipse library:

Windows -> Preferences

III. Add external JAR to a project:

1. Download: mysql-connector-java-5.1.18.zip

2. Add it into library:

In “Project Explorer”, right-click on a project -> Properties

Eclipse + MySQL + GlassFish Plug-in + RMI Plug-in for Windows 7 64-bit 1/4

I. MySQL installation:

1. Download MySQL Community Server 5.1:  mysql-connector-java-5.1.18.zip

2. Setup MySQL:

3. Execute MySQL:

 

Enable/Establish BGP

I. BGP Overview:

1. Path Vector EGP – used to exchange prefix information b/w ASs.

2. Uses TCP port 179 for transport:

a. Required underlying IGP
b. Network cannot route on BGP alone

II. Enabling BGP:

1. Enable the global process

router bgp [AS]

*Only one processes per router

2. Establish BGP Peerings

neighbor [address] remote-as [AS]

*Need to have ip reach-ability

III. Establishing BGP Peerings:

1. Two types of peers:

iBGP – member of the same AS
EBGP – members of different ASs

2. TCP 179 for transport

Normal TCP operations apply

3. Listen for address 1.2.3.4 starting a TCP session at port 179:

neighbor 1.2.3.4 remote-as 100

(router is doing “show ip route 1.2.3.4″, and do router recursion process to the interface – source of the BGP packet is from)

4. TCP server must agree on where the session is coming from. Need to know which one is TCP Client and which one is TCP Server.

5. TCP Client has the higher BGP router-id

6. If server doesn’t expect session it will refuse

7. Packet sourced from outgoing interface in the routing table

BGP update source

*If there are multiple links b/w BGP peers, you can use “bgp update source” to update the BGP source interface.

(15:00)

IV.

Decision of BGP Path Selection on IOS and JUNOS

BGP Path Selection Process Decision Steps	IOS	JUNOS
Next-Hop accessible/resolvable (mandatory attribute)	By default, the NEXT-HOP is changed for EBGP and is unchanged for iBGP.   The NEXT-HOP identifies the EBGP speaker in the adjoining AS, and IGP will not carry this route, thereby leading to an unreachable next hop.
Synchronization	BGP process expects the IGP to have a copy of each route before that route can be advertised by BGP. This is why disabling synchronization is the 1st step in IOS configuration.	NONE.
Weight (Influences OUTBOUND traffic, but apply on inbound).	This is Cisco proprietary parameter given to a route on a particular router and is used only within that router. The weight is never given to other routers.   *Default weight = 0, except for locally sourced routes which get a default weight = 32,768. The maximum weight is 65,535. *Weight value => the higher the better.	NONE.
Local Preference (Influences OUTBOUND traffic, but apply on inbound). (discretionary attribute)	Local preferences are shared among iBGP routers, but they are NOT shared with external BGP routers.   *Default Local_PREF = 100. *Local_PREF value => the higher the better.
Self-Originated	BGP routes prefer routes that originate inside their own AS. That is, to choose the route that originated with BGP on this router.
AS Path (Influences INBOUND traffic, but apply on outbound). (mandatory attribute)	By default, BGP discards any route advertisement that contains its local AS number in the AS path to prevent routing loop. For routes that originate outside of the AS, BGP will prefer the one with the shortest path.
Origin. (mandatory attribute)   ORIGIN has 3 values: 0 = IGP, 1 = EGP, 2 = Incomplete	BGP selects IGP routes in preference to EGP, and EGP in preference to INCOMPLETE routes. An INCOMPLETE route is one that is injected into BGP via redistribution. *Origin value => the lower the better.
MED (Influences INBOUND traffic, but apply on outbound). (nontransitive attribute)   Use MED to tell your ISPs which of several entrances to your network they should use. You should use MED values ONLY IF you are multihomed to a single provider. MED values are ONLY propagated to adjacent ASes, so routers that are further downstream don’t see them at all.	MED is used by the local AS to influence the routing decisions in an adjacent AS for traffic that is inbound to the local AS. BGP selects the route with the lowest MED value. MED actually leaves your AS and tells your neighbor routers which link we want them to talk to.   *Default MED = 0. *MED value => the lower the better
	MED is used ONLY if both routes are received from the same AS, or if the command “bgp always-compare-med” has been enabled.   With “bgp always-compare-med” enabled, BGP will compare MED values even if they come from different ASes, although to reach this step the AS_PATHs must have the same length. You should use this command throughout the AS or you risk creating routing loops.
External   BGP prefer the paths learned using EBGP over paths learned using iBGP to eliminate loops.	EBGP AD = 20 is lower than other IGP because it should go out of the AS instead of staying in AS.   iBGP AD = 200 is higher than other IGP because if it¡¯s an internal route, it should use internal IGP.		BGP default protocol preference = 170
IGP Cost   BGP prefers paths with the lowest IGP metric.	a. Make sure disabling synchronization.   b. Choose the routes with the lowest IGP administrative distance.		a. Examine route tables inet.0 and inet.3 for the BGP next hop, and then install the physical next hop for the route with the better preference.   b. For preference ties, install the physical next hop found in inet.3. c. For preference ties within the same route table, install the physical next hop where the greater number of equal-cost paths exists.
eBGP Peering/Ages of the routes	BGP will look at the ages of the routes and use the oldest route to particular destination for stability.
Router ID	A router’s ID is the IP address assigned to the loopback interface or the highest IP address on an active interface at boot time.   *Router ID => the lower the better

JUNOS Default Policies

LS protocol (Link-State protocol): OSPF and ISIS

1. LS default policy:

a. default import policy:

1) accept all routes learned through LS protocol

2) for OSPF, filter external routes from being installed into the route table.

b. default export policy:

1) reject everything

2) for OSPF, LSA flooding is not affected by export policy. The advertisement of local interfaces are enabled to run OSPF, the readvertisement (flooding) of LSAs received fro other routers.

2. RIP default policy:

a. default import policy: accept all received RIP routes that pass a sanity check

b. default export policy: advertise no routes

*You’ll need to create and apply a custom export policy to readvertise RIP learned and direct routes for interfaces running RIP to other RIP speakers.

3. BGP default policy:

a. default import policy: accept all received BGP routes that pass a sanity check

b. default export policy: readvertise all learned BGP routes to all BGP speakers

IOS ADs vs JUNOS Preferences

Source	IOS administrative distance	JUNOS protocol preference	Purpose
Local	0	0	Local IP of the interface
Connected Interface	0	0	Subnet corresponding to the directly connected interface
System Routes		4
Static	1	5	Static routes
RSVP		7	Routes learned from the Resource Reservation Protocol used in MPLS
LDF		8
LDP		9	Routes learned from the Label Distribution Protocol used in MPLS
OSPF internal route		10	OSPF internal routes such as interfaces that are running OSPF
IS-IS Level 1 internal route		15	IS-IS Level 1 internal routes such as interfaces that are running ISIS
IS-IS Level 2 internal route		18	IS-IS Level 2 internal routes such as interfaces that are running ISIS
EBGP	20
Redirects		30	Routes from ICMP redirect
Kernel		40	Routes learned via route socket from kernel
SNMP		50	Routes installed by NMS through the SNMP
Router discovery		55	Routes installed by ICMP Router Discovery
Internal EIGRP	90		Cisco proprietary routing protocol
RIP		100	Routes from Routing Information Protocol (IPv4)
RIPng		100	Routes from Routing Information Protocol (IPv6)
IGRP	100		Internal Gateway Routing Protocol
PIM		105	Routes from Protocol Independent Multicast
DVMRP		110	Routes from Distance Vector Multicast
OSPF	110
IS-IS	115
RIP	120		Routes from Routing Information Protocol
Aggregate		130	Aggregate and generated routes
EGP	140		Routes from Exterior Gateway Protocol
OSPF AS external routes		150	Routes from OSPF that have been redistributed into OSPF
ODR	160		On Demand Routing
IS-IS Level 1 external route		160	Routes from IS-IS Level 1 that have been redistributed into ISIS
IS-IS Level 2 external route		165	Routes from IS-IS Level 2 that have been redistributed into ISIS
BGP		170	Routes from BGP
MSDP		175
External EIGRP	170
iBGP	200
Unknown	255	255

Basic Config of JUNOS

17. The loop argument to the autonomous-system statement allows you to configure tolerance for occurrences of the local ASN in received route updates. It indicates a BGP routing loop and results in the related route being discarded. The default setting of 1 will reject any route with 1 instance of the local AS number. That is, the route with a single instance of the local ASN should be discarded. To support reception of routes with a single instance of the local ASN, specify a loop value of 2.

jc@Junos# set routing-options autonomous-system loops 3

Tolerates as many as 2 instances of the local AS number in received route updates.

16. Martian routes:

jc@Junos> show route martians table inet.0

inet.0:
0.0.0.0/0 exact -- allowed
0.0.0.0/8 orlonger -- disallowed
127.0.0.0/8 orlonger -- disallowed
128.0.0.0/16 orlonger -- disallowed
191.255.0.0/16 orlonger -- disallowed
192.0.0.0/24 orlonger -- disallowed
223.255.255.0/24 orlonger -- disallowed
240.0.0.0/4 orlonger -- disallowed

15. Security:

a. SSH:

jc@Junos> set system services ss

b. Direct broadcast msgs:

Junos doesn’t forwared these msgs to prevent DoS, which are datagrams with a destination address of an IP subnetwork broadcast address.

c. Martian addresses:

Martian addresses are host or network addresses about which all routing information is ignored.

(1) In IPv4: 0.0.0.0/8, 127.0.0.0/8, 128.0.0.0/16, 191.255.0.0/16, 192.0.0.0/24, 223.255.255.0/24, 240.0.0.0/4

(2) In IPv6: the loopback address, the reserved and unassigned prefixes from RFC 2373, and the link-local unicast prefix are the default martian addresses

d. Who’s logged in:

jc@Junos> show system users
jc@Junos> request system logout mike
jc@Junos> request message user mike message "End router session now!"
jc@Junos> request message all message "End router session now!"

e. Who’s configuring:

jc@Junos# status
Users currently editing the configuration:
  fred terminal p0 (pid 13329) on since 2008-03-23 15:15:12 UTC

f. Ensure no one else can modify the router while u’re editing:

jc@Junos# configure exclusive

14. IS-IS:

a. IS-IS runs directly on the data link layer (Layer 2). As a result, each interface that runs IS-IS doesn’t need an IP address to exchange IS-IS information.

b. It was developed as part of the OSI network protocols and not part of TCP/IP, thus IS-IS doesn’t use IP addresses.

c. IS-IS addresses are called NETs (Network Entity Titles). NETs can be 8~20 bytes long, but are generally 10 bytes long:

d. All the routers within an area exchange their network topology information in IS-IS LSPs, and run the SPF calculation to keep their link-state database identical.

e. Routers within an area can send summaries of their routes to other areas in the IS-IS network.

f. Two types of routers:

(1) Level 1 systems: When they receive traffic destined for somewhere outside the area, they send the packet toward a Level 2 system.

(2) Level 2 systems:

(2.1) Route traffic b/w 2 IS-IS areas.
(2.2) They route traffic to other ASs.

g. Configure IS-IS:

jc@Junos> set interfaces ge-1/0/0 unit 0 family iso
jc@Junos> set protocols isis interface ge-1/0/0.0

e. Monitor IS-IS:

jc@Junos> show isis database
jc@Junos> show isis adjacency => displays the neighbors 
jc@Junos> show ospf interface 
jc@Junos> show ospf route
jc@Junos> show route protocol isi

13. OSPF:

a. Link-state protocols run a SPF algorithm to create a database of the network’s topology to determine the best path to a destination.

b. Each router goes through the following process to discover the network topology and determine the best path to each destination:

1) OSPF creates LSAs which describe the network topology that the router has in its link-state database.

2) The router floods the LSAs to all routers in the domain.

3) When the router receives LSAs from other routers, it adds the information to its link-state database.

4) The router runs the Dijkstra SPF calculation to determine the shortest path to each destination in the domain. The result of the calculation is the destination address and the next hop.  OSPF places this information in its OSPF routing database. Each router performs the SPF calculation independently, all routers end up with identical link-state databases thought the routers may have different next hops for the destination.

5) When changes occur in the domain, this information is transmitted in LSAs, and all the OSPF routers rerun the SPF calculation and update their link-state database.

c. As an OSPF network gets larger, one of the challenges is keeping all the link-state statements on all routers in sync. => divide it into smaller areas

1) Each area has the same properties: All the routers within the area exchange their network topology information in LSAs, and this smaller group of routers run the SPF calculation to keep their link-state databases identical.

2) ABRs – run 2 SPF calculations, maintain 2 link-state databases, pass route information between the 2 areas but summarize it before sending it into the neighboring area.

Summarization improves the overall stability of the OSPF network.

3) ASBRs – are responsible to advertise externally learned routes into the OSPF administrative domains.

4) All routers in the OSPF backbone must be physically connected to each other. If any routers aren’t physically contiguous, they must be connected by an OSPF virtual link so that they appear to be contiguous.

5) Area ID 0 is normally written as the 32-bit value 0.0.0.0.

6) Stub areas — receive only summarized routing information about other areas within the OSPF domain, and don’t receive any information about external OSPF routes. => Stub areas can’t connect to external networks.

7) NSSAs – can connect to external networks.

d. Configure OSPF:

[edit protocols]
jc@Junos# set ospf area 0.0.0.0 interface ge-1/3/0.0 authentication md5 123456

e. Monitor OSPF:

jc@Junos> show ospf database
jc@Junos> show ospf database summary
jc@Junos> show ospf database brief
jc@Junos> show ospf database router
jc@Junos> show ospf interface
jc@Junos> show ospf neighbor
jc@Junos> show ospf route
jc@Junos> show ospf overview
jc@Junos> show route protocol ospf

12. RIP:

[edit protocols]
jc@Junos# set rip group fred-group neighbor ge-0/0/1.0

a. All RIP neighbors needs to be part of a group with group keyword. (i.e. fred-group)

jc@Junos> show rip neighbor
                     Source      Destination   Send   Receive   In
Neighbor     State   Address     Address       Mode   Mode     Met
--------     -----   -------     -----------   ----   -------  ---
ge-0/0/1.0      Up 10.0.29.2    224.0.0.9     mcast   both      1

b. The last column reports the inbound metric, which is how many hops will be added to received routes.

11. Default Route Preferences:

How Route is Learned	Default Route Preference
Directly connected router or network	0
Configured static routes	5
MPLS	7
LDP (Label Distribution Protocol)	9
OSPF internal routes	10
IS-IS Level 1 internal routes	15
IS-IS Level 2 internal routes	18
SNMP	50
RIP	100
PIM	105
DVMRP	110
Aggregate	130
OSPF external routes	150
IS-IS Level 1 external routes	160
IS-IS Level 2 external routes	165
BGP	170
MSDP	175

a. LDP – MPLS-specific protocol that LSRs can use to exchange information about the labels for each FEC so that they can assign the correct labels to each of their forwarding paths.

1) LSR (Label Switching Router) — a networking device that can run the MPLS protocols

2) LSP (Lable Switched Path) — the end-to-end, unidirectional path established through the MPLS network

3) FEC (Forward Equivalency Class) — the set of IP packets assigned to a particular path and identified by its label

10. Routing Table:

Routing Table	Description
inet.0	Default table for IPv4 unicast routes, including configured static routes, RIP, OSPF, IS-IS, and BGP.
inet.1	Multicast forwarding cache, used by DVMRP and PIM
inet.3	Stores paths and label information for traffic engineering (MPLS)
inet.6.0	Default table for IPv6 unicast routes
iso.0	ISO routes for IS-IS
mpls.0	Next hops for MPLS label-switched paths (LSPs)

jc@Junos> show route
inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

2.0.0.0/24         *[Direct/0] 9w3d 17:41:54
                    > via ge-0/0/2.0
2.0.0.120/32       *[Local/0] 9w3d 17:41:57
                      Local via ge-0/0/2.0
10.5.0.0/16        *[Static/5] 9w3d 17:41:56
                    > to 10.93.15.254 via fxp0.0
10.10.0.0/16       *[Static/5] 9w3d 17:41:56
                    > to 10.93.15.254 via fxp0.0
10.93.4.52/32      *[Direct/0] 9w3d 17:43:44
                    > via lo0.0
                    [Static/5] 9w3d 17:43:44

__juniper_private1__.inet.0: 14 destinations, 14 routes (8 active, 0 holddown, 6 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.0.0/8         *[Direct/0] 9w3d 17:43:44
                    > via fxp1.0
10.0.0.1/32        *[Local/0] 9w3d 17:41:57
                      Local

__juniper_private1__.inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

fe80::/64         *[Direct/0] 9w3d 17:43:44
                    > via fxp1.0
fe80::200:ff:fe00:4/128
                  *[Local/0] 9w3d 17:41:57
                     Local via fxp1.0

a. hold-down state — it occurs before a route is removed from the routing table

b. hidden state — it a result of a plicy that you’ve configured on the router a problem with the route

9. Static Route:

[edit routing-options]
jc@Junos# set static route 192.168.1.1 next-hop 10.1.0.1

8. Interface:

[edit]
jc@Junos# set interfaces ge-1/2/0 unit 0 family inet address 192.168.10.40/24
jc@Junos# set ge1-1/3/0 unit 0 family inet6 address::2/64
jc@Junos# set ge-1/3/0 unit 0 family iso

a. four levels:

physical interface — unit – family – protocol family

1) unit is a logical interface

2) at least one family on each logical itnerface

3) at least one protocol family on each logical interface to allow it to receive and transmit protocol traffic

b. common protocols on interfaces:

1) inet – for IPv4

2) inet6 – for IPv6

3) iso – for the interfaces that need to support CLNS, which is the ISO network layer service protocol that is used by IS-IS.

4) mpls

7. Traceoptions:

[edit]
jc@Junos# set protocols ospf traceoptions file ospf.log
jc@Junos# set protocols ospf traceoptions flag all
jc@Junos# set security traceoptions flag policy-manager
jc@Junos# set security traceoptions flag general
jc@Junos# set routing-options traceoptions file trace-events world-readable
jc@Junos# set routing-options traceoptions flag all

6. Syslog:

[edit system]
jc@Junos# set syslog file ?
Possible completions:
 <file-name>          Name of file in which to log data
 cli-commands         Name of file in which to log data
 emergency            Name of file in which to log data
 firewall             Name of file in which to log data
 messages             Name of file in which to log data

[edit system]
jc@Junos# set syslog file messages any notice
jc@Junos# set syslog file messages authorization info
jc@Junos# set syslog file cli-commands interactive-commands any
jc@Junos# set syslog file emergency any emergency
jc@Junos# set syslog file firewall firewall notice

Types of Logging Events	Logging Se verity Levels
any	notice
Any router event	General router operational events of more interest than “info”
authorization	info
Authentication and authorization attempts	General router operation
interactive-commands	any
Commands typed at the command-line interface or by a JUNOScript client application	All events
any	emergency
	Errors that cause the router to stop operating
firewall	notice
Packet filtering performed by firewall filters

5.RADIUS:

[edit system]
jc@Junos# set radius-server 192.168.10.1 port 1812 secret 123456
jc@Junos# set radius-server 192.168.10.1 timeout 1
jc@Junos# set radius-server 192.168.10.1 retry 1
jc@Junos# set radius-server 192.168.10.1 source-address 192.168.200.2

[edit system]
jc@Junos# show
radius-server {
    192.168.10.1 {
        port 1812;
        secret "$9$SZQUk.fTz6Ct5TcyevLX"; ## SECRET-DATA
        timeout 1;
        retry 1;
        source-address 192.168.200.2;
    }
}

[edit system]
jc@Junos# set authentication-order [ radius password ]

4.  Junos encrypts all passwords and marks them as ## SECRET-DATA. It allows you to hide the fact that a password is even present in the configuration.

[edit system login]
jc@Junos# show | except SECRET-DATA
class operation {
idle-timeout 0;
permissions all;
}
user operation {
full-name "Operation Team";
uid 2000;
class operation;
authentication {
}
}
user jc {
uid 2005;
class operation;
}

3. User Acct:

jc@Junos# set user jc class super-user
jc@Junos# set user jc authentication plain-text-password

2. Banner:

jc@Junos# set system login message "--------------------\nWARNING: Unauthorized access prohibited. --------------------\n"
jc@Junos# set system announcement "Network maintenance announcement."

1. Keyboard shortcuts:

Ctrl+a — move to beginning of command line

Ctrl+e — move to end of command line

Ctrl+k — delete all text from cursor to end of command line

Esc+b — move back one word

Esc+f — move forward one word

Esc+d — delete the word after the cursor

Esc+Backspace — delete the word before the cursor