Configuring JunOS Static Default Routing

Core Knowledge

In smaller networks there may not be a need for dynamic routing such as a small remote office for example. Commonly offices like this may have an SRX100/120 or small office SRX platform in which a single ISP is used and BGP is just a figment of imagination.

In cases like this a single default route is only needed to ensure that traffic destined to network that is not locally found in the routing table is forwarded to. A default route functions as a catch all using the 0.0.0.0/0 network as its destination whereas the next-hop would be the ISP’s edge device which would have access to networks on the internet.

For the purposes of this lab lets imagine you have a small office outside of New York City. This office has 6 employee’s and a single business class internet connection via cable modem. The cable modem is configured in bridge mode so therefore you assign the static IP address on the ge-0/0/0 interface. By default the ge-0/0/0.0 interface is placed in the untrusted zone which makes things a little easier from a security configuration perspective.

To define a static default route you’ll need to execute the set routing-options static route 0.0.0.0/0 next-hop x.x.x.x whereas x.x.x.x is the ISP gateway address.

If you were to look at this using the show configuration command you would easily be able to identify the default static route as followed;

routing-options {
    static {
        route 0.0.0.0/0 next-hop 203.0.113.17;
    }
}

A default static route is in essence just a static route but uses the special destination network of 0.0.0.0/0 which represents all networks. Keep in mind that if you have longer match routes in the routing table than the router will still perform routing based on the longest match. Section 6 will go further into detail with static routing.

When looking at the routing table, the static route will be the very first route as shown below;

johnny5@vSRX_R1> show route

inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 00:02:53
                    > to 203.0.113.17 via ge-0/0/0.0
1.1.1.1/32         *[Direct/0] 03:51:17
                    > via lo0.0
203.0.113.16/30    *[Direct/0] 00:12:31
                    > via ge-0/0/0.0
203.0.113.18/32    *[Local/0] 00:12:31
                      Local via ge-0/0/0.0

johnny5@vSRX_R1> 

You can view additional details regarding the static default route by appending detail to the show route command as shown below;

johnny5@vSRX_R1> show route 0.0.0.0 detail 

inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
0.0.0.0/0 (1 entry, 1 announced)
        *Static Preference: 5
                Next hop type: Router, Next hop index: 549
                Address: 0x93483b8
                Next-hop reference count: 3
                Next hop: 203.0.113.17 via ge-0/0/0.0, selected
                State: 
                Age: 4:08 
                Task: RT
                Announcement bits (1): 0-KRT 
                AS path: I

johnny5@vSRX_R1> 

Now that you have a foundational understanding of how to configure and verify static default routing you should give it a try! Check out the lab topology and load the required initial configs before attempting the lab objectives.

Logical Lab Topology

The following logical topology is only used in lab 2-10. Keep in mind this is a logical topology only. To view the physical topology please check out the Junos Workbook Topology page.

Initial Configurations

Prior to starting this lab please zeroize all lab devices. Afterwards log in using the root account and start a CLI session and load the following initial configurations by copying and pasting them into the device console.

###################################### # R1 - JNCIA Workbook - Lab 2-10 # ###################################### # configure exclusive set system host-name vSRX_R1 set system root-authentication encrypted-password "$1$TsbgLcTl$CAcLcN0tBrmBXSC26PzPx0" set interfaces ge-0/0/0 unit 0 family inet address 203.0.113.18/30 set interfaces lo0 unit 0 family inet address 1.1.1.1/32 commit and-quit # ###################################### # R2 - JNCIA Workbook - Lab 2-10 # ###################################### # configure exclusive set system host-name vSRX_R2 set system root-authentication encrypted-password "$1$TsbgLcTl$CAcLcN0tBrmBXSC26PzPx0" set interfaces ge-0/0/0 unit 0 family inet address 203.0.113.17/30 set interfaces lo0 unit 0 family inet address 2.2.2.2/32 set interfaces lo0 unit 0 family inet address 4.2.2.2/32 set security zones security-zone untrust host-inbound-traffic system-services ping set security zones security-zone untrust interfaces ge-0/0/0.0 set security zones security-zone untrust interfaces lo0.0 set security policies from-zone untrust to-zone untrust policy default-permit match source-address any set security policies from-zone untrust to-zone untrust policy default-permit match destination-address any set security policies from-zone untrust to-zone untrust policy default-permit match application any set security policies from-zone untrust to-zone untrust policy default-permit then permit commit and-quit #

Lab Prerequisites

This lab can be performed on the following devices; J Series Router(s), EX Series Switch(s) or SRX and vSRX platforms.

You need to establish a console session to R1 and R2 and log into the device using the root account or a user account with super-user privileges.

Prior to attempting the lab load the initial configurations provided in the “Initial Configs” Tab.

Lab Objectives

To complete this lab you will perform the following objectives;

Before you Continue

It is recommended that you attempt to complete these lab objectives the first time without looking at the Lab Instruction section.

If you are a student preparing for the Juniper JNCIA Certification Exam than you are more likely to remember how to complete these objectives if you attempt to complete them the first time on your own with the use of the core knowledge section found in this lab. You should only resort to the Lab Instruction section to verify your work.

Lab Instruction

The following lab instruction is demonstrated on a Juniper Firefly vSRX running on VMWare Workstation 10.

• Verify that you’re able to ping the ISP gateway 203.0.113.17

root@vSRX_R1> ping 203.0.113.17 count 5
PING 203.0.113.17 (203.0.113.17): 56 data bytes
64 bytes from 203.0.113.17: icmp_seq=0 ttl=64 time=14.296 ms
64 bytes from 203.0.113.17: icmp_seq=1 ttl=64 time=10.067 ms
64 bytes from 203.0.113.17: icmp_seq=2 ttl=64 time=5.105 ms
64 bytes from 203.0.113.17: icmp_seq=3 ttl=64 time=5.103 ms

--- 203.0.113.17 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 5.103/8.643/14.296/3.842 ms

root@vSRX_R1> 

• Configure a default route on R1 with the next hop value of 203.0.113.17 and verify your config.

root@vSRX_R1> configure
Entering configuration mode

[edit]
root@vSRX_R1# set routing-options static route 0.0.0.0/0 next-hop 203.0.113.17

[edit]
root@vSRX_R1# show routing-options
static {
    route 0.0.0.0/0 next-hop 203.0.113.17;
}

[edit]
root@vSRX_R1# commit and-quit
commit complete
Exiting configuration mode

root@vSRX_R1> 

• Verify the default route in the routing table and by pinging the public IP address 4.2.2.2

root@vSRX_R1> show route 0.0.0.0

inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 00:24:35
                    > to 203.0.113.17 via ge-0/0/0.0

root@vSRX_R1> ping 4.2.2.2 count 4
PING 4.2.2.2 (4.2.2.2): 56 data bytes
64 bytes from 4.2.2.2: icmp_seq=0 ttl=64 time=9.421 ms
64 bytes from 4.2.2.2: icmp_seq=1 ttl=64 time=5.099 ms
64 bytes from 4.2.2.2: icmp_seq=2 ttl=64 time=10.106 ms
64 bytes from 4.2.2.2: icmp_seq=3 ttl=64 time=4.368 ms

--- 4.2.2.2 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 4.368/7.248/10.106/2.540 ms

root@vSRX_R1>