CAPÍTULO II – DIAGNÓSTICO DEL ESTADO ACTUAL Y DISEÑO DEL MODELO PARA LA MEJORA DE
2.2. D IAGNÓSTICO DE LA MEJORA DE PROCESO EN LA INGENIERÍA DE SOFTWARE EN LA EMPRESA S OFTEL
The editors received quite a ew tips about groups and are elated to se e so many users enjoy using the eature. Conguration groups are
indeed powerul, but we ound that most o the groups examples submitted could be improved in some way. So, instead o inserting our pithy comments throughout several groups tips, we’ve combined the best tips with some o our own best pract ices to produce a little primer on groups. It’s a template that you can useully apply to various
network administration scenarios.
C
Conguration groups are a great way to apply common conguration to multiple parts o the conguration. The interface-rangeeature allows you to perorm some o the same tasks or interace congura-tion, but thegroupseature may still be the most appropriate way to handle some interace conguration, and it is the only way (sho rt oJunos Automation scripts) to apply common settings to pieces o the conguration other than interaces.
One o the big dierences between theinterface-rangecommand and conguration groups is that theinterface-range command will
actually result in the interace being congured, even i the interace is not separately listed in the conguration. On the other hand, a
conguration group with a match condition only applies to things that are already congured. So, a conguration group that applies to
ge-0/0/*will only aect an interace that has a name beginning with
ge-0/0/and that is already listed in the conguration. On the other hand, an interace-range command that applies to ge-0/0/0 through ge-0/0/23 will actually congure those 24 interaces as i you had individually congured them. You can see this using theshow config-uration | display inheritance command. Thereore, i you want to congure a large number o interaces, you may want to use the
interface-rangeconguration. On the other hand, i you want to dene some deault conguration that will apply to interaces that you congure individually, a conguration group is probably more
appropriate.
For those who are curious, you can mix interface-rangecommands and conguration groups. The sotware expandsinterface-range
commands rst, and then it applies the statements rom conguration groups to matching interaces.
You dene conguration groups in the [edit groups] hierarchy. You can have multiple groups. Each group has a name. You can congure the router to apply one or more groups at various levels o the ration. Unless you congure the router to apply a group to the congu-ration, that conguration group will have no eect.
groups { BFD_BGP {
protocols { bgp {
group <*> {
neighbor <10.100.1.*> { bfd-liveness-detection {
minimum-interval 300;
26 DayOne:JunosTips,Techniques,andTemplates2011
multiplier 3;
} } } } } }
INTERFACE_DEFAULTS { interfaces {
<*-*> {
unit <*> {
family mpls;
family iso;
} } } }
DEFAULT_SYSTEM_SETTINGS { system {
services { ssh;
telnet;
} } } }
You can congure conguration groups with or without match conditions. I you do not use match conditions (such as shown here with theDEFAULT_SYSTEM_SETTINGSgroup), Junos will simply merge the conguration rom the group into the conguration when you apply the group to a level o the conguration hierarchy.
When you do use match conditions (as in the two preceding examples) and you apply the groups to a level o the hierarchy, the sotware
examines that level o the hierarchy (as well as everything underneath it) or matching conguration entries. When it nds a match, it applies the listed conguration.
You can use angle brackets to dene matches based on wildcards. An asterisk (*) matches any zero or more characters and a question mark (?) matches a single character. (This is similar to the way a DOS or UNIX shell deals with wildcard matches.)
You can also use character classes. Here, you place a list o characters within square brackets. Junos nds a match i any o those characters exist in the string it is examining. For example, < [afgxc]e*> matches
any interace name that begins with ae, e, ge, xe, or ce. You can also speciy a range o characters or numbers (such as [A-Za-z0-9]that would match any alphanumeric character).
You can only match on user-dened strings. (For example, theunit
keyword is not a user-dened string, but the number that ollows it is a user-dened string. Likewise, theaddress keyword is not a user-dened string, but the address itsel is a user-de ned string.) It is important to note that the match conditions in angle brackets must exactly match the entire user-de ned string. You can use the asterisk to match those parts o the string that are unimportant or your purposes.
Here is an example o using matches in a group. Note that the group matches any interace name with a dash (which excludes the xp 0, me0, vme, and similar interaces).
On its surace, this seems like a good tip, because it automatically excludes the management interaces. However, note that it also
excludes Aggregated Ethernet (ae) interaces, which may not be what you want. A better solution may be to use the apply-groups-except
statement in the management interace conguration. This tells Junos not to apply that group to that interace, even i the g roup is applied at a higher level o the hierarchy.
Also, note that the group matches the unit number with *. This matches absolutely any string (and, certainly, any unit number):
groups {
INTERFACE_DEFAULTS { interfaces {
<*-*> {
unit <*> {
family mpls;
family iso;
} } } } }
Here is another example o groups. In this case, it looks at IP address-es. BFD parameters are applied to all BGP neighbors that have an IP address beginning with10.100.1. :
groups { BFD_BGP {
protocols { bgp {
28 DayOne:JunosTips,Techniques,andTemplates2011
group <*> {
neighbor <10.100.1.*> {
bfd-liveness-detection { minimum-interval 300;
multiplier 3;
} } } } } } }
Now let’s extend the previous example and only apply the BFD parameters to any BGP group that starts with the nameCUST_GOLD_. Junos will only apply these BFD parameters to BGP neighbors with an
IP address beginning with10.100.1.and which are in a group with a name that begins withCUST_GOLD_:
groups { BFD_BGP {
protocols { bgp {
group <CUST_GOLD_*> { neighbor <10.100.1.*> {
bfd-liveness-detection { minimum-interval 300;
multiplier 3;
} } } } } } }
This is only a small introduction to these wildcard expressions. It is worth noting that this type o match is also used elsewhere. For example, theinterface-rangecommand will take a similar kind o
wildcard match. Also, you can use these wildcard matches to select interace names in theshow interfacesCLI command. The only big dierence is that the angle-brackets (< >) are only used to surround matches in the [edit groups] conguration hierarchy; elsewhere, you just use the text o the match (or example,show interfaces ge-0/0/*).
Once you have dened the groups and applied them at the appropriate hierarchy levels, you can use thedisplay inheritancepipe command to show the way the conguration looks with the group commands applied.
The display inheritancepipe command has a ew side-eects. It also expands interace ranges, it does not show conguration groups or interace ranges themselves, and it also hides any piece o the congu-ration marked as inactive. Even i you are not using groups, it can be a good way to exclude deactivated congurations rom the con gura-tion display.
Here is an example o using groups to perorm a specic thing, namely addingfamily mplsto every unit on any transit interace (but notfxp0,
me0,vme, or any other interace without a dash):
groups { mpls {
interfaces {
<*-*> {
unit <*> {
family mpls;
} } } } }
apply-groups [ mpls ];
interfaces { ge-0/0/3 {
unit 0 {
family inet {
address 172.18.2.2/30;
} } }
ge-0/0/4 {
vlan-tagging;
unit 102 { vlan-id 102;
family inet {
address 172.20.102.1/24;
} }
unit 202 { vlan-id 202;
family inet {
address 172.20.202.1/24;
} } } }
[edit]
lab@srxA-2# show interfaces | display inheritance
30 DayOne:JunosTips,Techniques,andTemplates2011
## 'mpls' was inherited from group 'mpls'
##
## 'mpls' was inherited from group 'mpls'
##
## 'mpls' was inherited from group 'mpls'
##
family mpls;
} }
In this next example, Junos sets the VRRP priority to 200 on any VRRP group congured or any unit numbered 500-599. It will also set the VRRP priority to 50 on any VRRP group congured or any unit numbered 600-699. You might use such a conguration in a load-balancing situation where one router is supposed to be the primary VRRP router or one set o VLANs and the backup VRRP router or another set o VLANs:
groups {
priority 200;
} } } }
unit <6??> { family inet {
address <*> {
vrrp-group <*> { priority 50;
} } } } } } } }
Now, let’s apply BFD to OSPF interaces. This conguration applies dierent settings or WAN and LAN interaces, based on the interace name: <[fgxca]e> matches any transit Ethernet interace, and <*>
matches any interace. When a piece o conguration matches multiple match conditions in a group, the values rom the rst-matched section override conficting values rom later matches. In this example, that means that or Ethernet interaces, the values rom the rst interace specication will override the second one. Non-Ethernet interaces should only match the second interace specication, so they will inherit those values:
groups {
BFD_OSPF { protocols {
ospf {
area <*> {
interface "<[fgxca]e*>" { bfd-liveness-detection {
minimum-interval 50;
multiplier 3;
} }
interface <*> {
bfd-liveness-detection { minimum-interval 300;
multiplier 3;
} } } } }
32
root@srxA-1# show srxA-1# show protocols ospf| diprotocols ospf| displsplay inheritanceay inheritance ar
## 'bfd-liveness-detection' was iveness-detection' was inherited froinherited from grom group 'BFD_OSPF'up 'BFD_OSPF'
#
### bfd-l
bfd-liveness-detection iveness-detection {{
#
###
## '50
## '50' wa' was inherited fros inherited from grom group 'BFD_OSPFup 'BFD_OSPF''
#
### minimu
minimum-interval 50m-interval 50;;
#
###
## '3
## '3' wa' was inherited fros inherited from grom group 'BFD_OSPFup 'BFD_OSPF''
#
## 'bfd-liveness-detection' was iveness-detection' was inherited froinherited from grom group 'BFD_OSPF'up 'BFD_OSPF'
#
### bfd-l
bfd-liveness-detection iveness-detection {{
#
###
## '300
## '300' wa' was inherited fros inherited from groum group 'BFD_OSPFp 'BFD_OSPF''
#
### minimu
minimum-interval m-interval 300;300;
#
###
## '3
## '3' wa' was inherited fros inherited from grom group 'BFD_OSPFup 'BFD_OSPF''
#
While this has been a whirlwind tour through Junos conguhas been a whirlwind tour through Junos conguratiorationn groups, mostly because our ed
groups, mostly because our editor in chie was literally pacing outsideitor in chie was literally pacing outside our lab door demanding the nal manuscript
our lab door demanding the nal manuscript, you , you can see that theycan see that they are powerul when used corre
are powerul when used correctly. Tctly. To get maximum beneo get maximum benet romt rom groups, you need to understand the match conditions. A
groups, you need to understand the match conditions. Also, don’lso, don’tt
orget to use the
orget to use thedispldisplay inheritanay inheritancecepipe command beore youpipe command beore you commit in order to veriy that the groups are applied as you e commit in order to veriy that the groups are applied as you expecxpectt beore you commit the changes. BTW:
beore you commit the changes. BTW:Day One: Confguring JunosDay One: Confguring Junos Basics
Basicshas a good introduction on groups: wwhas a good introduction on groups: www.w.juniper.net/dayone.juniper.net/dayone.