Networking

Last Updated: 3/17/26 Table of Contents Networking Fundamentals Junos OS Fundamentals User Interfaces Configuration Basics Operational Monitoring and Maintenance Routing Fundamentals Routing Policy and Firewall Filters Glossary Networking Fundamentals Function of routers and switches Routers use l3 information to forward packets between networks Switches use l2 info to forward packets on the lan Ethernet networks Major concept here is Mac addresses Physical address made up of 48 bits and displayed using hexadecimal format Broadcast address is ffff.ffff.ffff Uses mac addresses to forward ethernet frame Ethernet header + trailing checksum ...

Broadcom Switch Chipset Families Broadcom dominates merchant silicon for data center and carrier switching. Their three main ASIC families, Tomahawk, Trident, and Jericho, each make different tradeoffs between bandwidth, feature depth, and buffer size. Most Arista, Cisco Nexus, and Juniper QFX/PTX platforms run one of these under the hood. 1. Tomahawk Series Design philosophy: Maximum port density and throughput at the cost of feature depth. These chips use cut-through forwarding, carry shallow on-chip buffers (~50–100 MB), and support little to no L3 routing table depth. The trade-off is intentional; at spine and AI fabric scale, you want wire-rate forwarding with predictable low latency, not a large TCAM. ...

Form Factor Speed Lanes (Elec) Modulation Connector Types Approx. Intro SFP+ 10 Gbps 1 x 10G NRZ LC Duplex, RJ45 2006 SFP28 25 Gbps 1 x 25G NRZ LC Duplex 2014 SFP56 50 Gbps 1 x 50G PAM4 LC Duplex 2019 SFP-DD 100 Gbps 2 x 50G PAM4 LC Duplex 2019/20 QSFP+ 40 Gbps 4 x 10G NRZ MPO-12, LC 2012 QSFP28 100 Gbps 4 x 25G NRZ MPO-12, LC 2014 QSFP56 200 Gbps 4 x 50G PAM4 MPO-12, LC 2019 QSFP-DD 400G / 800G 8 x 50/100G PAM4 MPO-16, LC, CS 2017/21 OSFP 400G / 800G 8 x 50/100G PAM4 MPO-12/16, LC 2019 OSFP1600 1.6 Tbps 8 x 200G PAM4 MPO, Dual LC 2024/25

OSPF (Open Shortest Path First) OSPF is a link-state interior gateway protocol (IGP). Each router floods Link-State Advertisements (LSAs) describing its interfaces and neighbors. Every router builds an identical Link-State Database (LSDB) and runs the Dijkstra SPF algorithm to compute the shortest path tree. OSPF runs directly over IP (protocol 89) and uses multicast for efficiency. Default route preferences in Junos: OSPF Internal routes: 10 OSPF AS External routes: 150 Terms LSDB (Link-State Database) - The topological database. Within a single area, all routers must have an identical LSDB. SPF (Shortest Path First) - The Dijkstra algorithm each router runs against the LSDB to compute best paths. Router ID (RID) - A 32-bit identifier unique to each OSPF router. Junos selects the RID in this order: explicitly configured → highest active loopback IP → highest physical interface IP. Best practice is to configure it explicitly. ABR (Area Border Router) - A router with interfaces in multiple OSPF areas. Generates Type 3 (Summary) LSAs between areas. ASBR (AS Boundary Router) - A router that redistributes routes from outside OSPF into the OSPF domain. Generates Type 5 LSAs. Backbone Router - Any router with at least one interface in Area 0. Internal Router - All interfaces are in the same single area. Remember, best practice to explicitly configure the router-id. See below: ...

IP Tunnels Tunnels encapsulate one protocol inside another, creating a virtual point-to-point link across a network that wouldn’t otherwise carry that traffic. The encapsulating network is called the underlay; the encapsulated traffic and the logical topology it creates is called the overlay. Both GRE and IP-IP are stateless — they hold no session state and provide no encryption or reliability guarantees. Common use cases: Carry IPv6 traffic across an IPv4-only core (6in4) Carry IPv4 traffic across an IPv6-only core (4in6) Extend IGP adjacencies across a WAN that doesn’t support multicast Tunnel MPLS across a non-MPLS network Bridge Layer 2 domains across a routed network Tunnel Concepts Underlay vs Overlay: ...

High Availability Junos provides a layered HA architecture. Link aggregation handles physical link redundancy. Graceful Restart, GRES, and NSR handle control plane failures at increasing levels of sophistication. BFD accelerates failure detection for all routing protocols. Understanding which technology does what — and what each one requires — is the core exam objective for this topic. Link Aggregation Groups (LAG / LACP) LAG bundles multiple physical interfaces into a single logical ae (aggregated Ethernet) interface, providing both redundancy and increased bandwidth. IEEE standard 802.3ad — not to be confused with 802.1ad (Q-in-Q). ...

IPv6 IPv6 was designed to solve IPv4 address exhaustion while simplifying the protocol. The header is fixed-length and streamlined, broadcast is eliminated in favor of multicast, and address configuration can be fully automatic. For service providers, the most exam-relevant areas are address types, NDP, autoconfiguration, and how routing protocols (OSPF, IS-IS) extend to support IPv6. IPv4 vs IPv6 Key Differences Feature IPv4 IPv6 Address size 32 bits 128 bits Header size Variable (20–60 bytes) Fixed 40 bytes Header checksum Yes No (relies on L4) Fragmentation Routers and source Source only Broadcast Yes No — replaced by multicast Address resolution ARP NDP (ICMPv6) Autoconfiguration DHCP only SLAAC + DHCPv6 IPsec Optional Built into extension header framework IPv6 Header The base IPv6 header is always exactly 40 bytes. It is simpler than IPv4 — no checksum, no options field, and no fragmentation fields (those are handled by extension headers when needed). ...

IS-IS IS-IS (Intermediate System to Intermediate System) is a link-state routing protocol used primarily in service provider networks. Like OSPF, it uses the Dijkstra SPF algorithm to compute shortest paths, but runs natively over CLNS rather than IP, making it protocol-agnostic and well-suited for multi-protocol environments. Terms ES (End System) - A host that originates and receives packets. ES-to-ES communication is host-to-host. IS (Intermediate System) - A router that forwards packets. IS-IS describes routing between intermediate systems. CLNS/CLNP - IS-IS runs natively over the Connectionless Network Service (CLNS) using CLNP, not IP. This is a key distinction from OSPF. NSAP (Network Service Access Point) - The addressing scheme IS-IS uses instead of IP addresses. NET (Network Entity Title) - The IS-IS address configured on a router. Format: Area ID . System ID . NSEL Example: 49.0001.1921.6800.1001.00 49.0001 — Area ID 1921.6800.1001 — System ID (6 bytes, often derived from an IP like 192.168.1.1) 00 — NSEL (always 00 for a router) System ID - 6-byte unique identifier for a router within an area (similar to OSPF Router ID). NSEL (N-Selector) - The last byte of a NET, always 00 for routers. L1 router - Routes only within its area; sends traffic to unknown destinations toward the nearest L1/L2 router. L2 router - Routes between areas and toward other ASes. L1/L2 router - Does both; this is the Junos default. Link-State Database Runs the Dijkstra SPF algorithm. L1 and L2 maintain separate LSDBs — SPF is run independently for each level. Each router originates its own LSP and floods it throughout its level. LSDB synchronization is handled by CSNPs (full sync) and PSNPs (fill gaps). IS-IS Protocol Data Units (PDUs) IIH (IS-IS Hello) - Used to discover neighbors and maintain adjacencies. Contains the router’s identity, capabilities, and configured area. L1 LAN IIH: Sent by Level 1 routers on multi-access networks (like Ethernet). L2 LAN IIH: Sent by Level 2 routers on multi-access networks. P2P IIH: A single format used for point-to-point links, regardless of level. LSP (Link State PDU) - Carries the actual routing information, including connected neighbors, configured prefixes, and metric costs. Each LSP has a sequence number, checksum, and remaining lifetime. L1 LSP: Contains routing information for the local area. L2 LSP: Contains backbone routing information. CSNP (Complete Sequence Number PDU) - Contains a complete list of all LSPs in a router’s LSDB. Used to ensure every router in the area has a consistent view of the network. L1 CSNP: Summarizes the Level 1 LSDB. L2 CSNP: Summarizes the Level 2 LSDB. On LAN segments, the DIS sends these periodically. On point-to-point links, they are typically sent only when the link first comes up. PSNP (Partial Sequence Number PDU) - Used to request missing LSPs or acknowledge receipt of specific LSPs. Unlike CSNPs, they only reference a subset of LSPs. L1 PSNP / L2 PSNP: Used to fill gaps after a CSNP reveals a missing LSP, or as an explicit ACK on point-to-point links. Type, Length, Value (TLVs) TLVs are the data structures embedded inside LSPs that carry routing information. Key TLVs to know for JNCIS-SP: ...

Layer 2 Bridging and VLANs Service provider networks often need to deliver Layer 2 connectivity between geographically separated customer sites. Junos implements this using bridge domains, which define the L2 forwarding boundaries, and 802.1ad (Q-in-Q) to tunnel customer VLAN spaces across the provider network without overlap. Terms Bridge Domain — a Layer 2 forwarding domain. Like a VLAN. It defines which interfaces share the same broadcast domain and MAC table. EVC (Ethernet Virtual Connection) — the L2 service sold by a SP to a customer. It defines the endpoints of a Layer 2 circuit. C-Tag (Customer Tag) — the inner 802.1q tag. Any VLAN 1–4094 from the customer’s space. S-Tag (Service Tag) — the outer 802.1ad tag. Assigned by the SP to identify the customer. Encapsulates all of that customer’s C-Tags. PBN (Provider Bridge Network) — the entire SP Layer 2 fabric. PEB (Provider Edge Bridge) — the SP edge device. Pushes/pops S-Tags on customer-facing ports. S-VLAN Bridge — an interior SP device that only examines and switches based on the S-Tag. Customer ports — PEB ports facing the customer. S-Tags are applied or removed here. Network ports — interior SP ports that carry double-tagged frames without modification. IRB (Integrated Routing and Bridging) — a logical interface that gives a bridge domain an IP address, enabling the router to act as the default gateway for hosts in that domain. 802.1q The standard VLAN tagging protocol. Inserts a 4-byte tag into the Ethernet frame. ...

MPLS (Multiprotocol Label Switching) MPLS is a forwarding mechanism that uses short, fixed-length labels to make packet-forwarding decisions instead of performing a full IP lookup at every hop. Labels are applied at the ingress of an MPLS domain and stripped at the egress, with each transit router performing only a label swap — making forwarding fast and enabling traffic engineering, VPNs, and QoS capabilities. Terms LSR (Label Switching Router) - Any router participating in MPLS forwarding. Performs label actions push, swap, or pop. LSP (Label Switched Path) - The unidirectional path a labeled packet takes from ingress to egress LSR. FEC (Forwarding Equivalence Class) - A group of packets that receive identical forwarding treatment and are assigned the same label at ingress. The ingress router decides the FEC assignment; downstream routers just label-switch. Ingress LSR - The first router in an LSP. Classifies traffic into FECs and pushes labels. Egress LSR - The last router in an LSP. Removes the label and forwards the original packet. Transit LSR (P router) - An interior provider router. Swaps labels and forwards without examining the inner IP header. PE (Provider Edge) - ISP router at the edge of the MPLS domain that interfaces with customer equipment. Performs label push/pop for customer traffic. CE (Customer Edge) - Customer device that connects to the PE. Not aware of MPLS. LIB (Label Information Base) - The full table of all label bindings a router has received. Not all entries are actively used for forwarding. LFIB (Label Forwarding Information Base) - The active subset of the LIB used for actual forwarding decisions. This is what the data plane uses. TED (Traffic Engineering Database) - Populated by IGP TE extensions; stores link-state info (bandwidth, admin groups) used by CSPF to calculate constrained paths. MBB (Make-before-Break) - Default Junos behavior where the new LSP is fully signaled and verified before traffic is switched over from the old path. Label Operations Operation Description Push Add a new label to the top of the label stack. Done by the ingress LSR. Swap Replace the top label with a new one. Done by transit LSRs. Pop Remove the top label from the stack. Done by the egress LSR or the penultimate hop. MPLS Label Structure Each MPLS label is a 32-bit field inserted between the Layer 2 and Layer 3 headers (sometimes called a “shim header”). Multiple labels can be stacked. ...