Juniper

JunOS runs networking process on FreeBSD called Daemon.

Internally, junos equipments are separated between a Routing Engine (RE) and a Packet Forwarding
Engine (PFE). RE and PFE are linked internally with a int link (expo)

Transit traffic is managed by the PFE, RE creates the Routing table and Forwarding table and send a copy
to the PFE. When traffic arrived from an egress interface, the PFE immedeatly decides where to send it.

Junos version:

19.2X3

19.2 – major release

X – security based releases (firewalls)

3 – build number

20.0F1

20.0 – major release

F - feature (new functionality has been introduced)

20.4R2.

20.4 – major releases

R – bug fixed released, no new release (common naming)

Restore a device to factory defaut:

Request system zeroize

The first time you start a Juniper products, you will first enter the FreeBSD OS prompt.

After typing CLI, you get in the JunOS command line.

JunOS has 2 modes: Operational and Config.

JunOS base config:

Set root password: In config,

set system root-authentication plain-text-password

commit

Create user account:

Juniper Models:

SRX – Juniper firewalls

There have been several occasions where network engineers have installed an SRX appliance with the
firewall disabled into an enterprise network.

EX – Juniper Enterprise Switches

QFX – Juniper Data center Switches (offer lower speed and lower latency)

MX – Juniper Routers

ACX – Juniper Router for Backhaul, telco networks

CTP – Juniper Routers used for E1,T1 or serial links using TDM

PTX – Juniper Routers used for MPLS, specially designed to be the P Router into the MPLS network
Identify Daemons / Processes
lists the daemons/network en\ gineer you need to be aware of, their full name, and a description of their purpose:

Command to see daemons/processes:

root@ACME-HQ-SRX-01> show system processes

Restart process / daemon on JUNOS

The restart command allows an engineer to restart the individual daemons.

root@ACME-HQ-SRX-01> restart routing ?

Possible completions:
<[Enter]> Execute this command
gracefully Gracefully restart the process
immediately Immediately restart (SIGKILL) the process
soft Soft reset (SIGHUP) the process
| Pipe through a command

Configure Exclusive and Configure Private

Enter Config mode in Junos:

root@Router1t> configure

or

To make sure that another one doesn’t make changes to the config at the same time:
root@Router1> configure exclusive
warning: uncommitted changes will be discarded on exit
Entering configuration mode

EDIT INTERFACES:

root@Router1# edit interfaces ge-0/0/2 unit 0

[edit interfaces ge-0/0/2 unit 0]
root@Router1# set family inet address 10.10.14.1/24
[edit interfaces ge-0/0/2 unit 0]
root@Router1# set family inet6 address 2001:db8:0:14::1/64
[edit interfaces ge-0/0/2 unit 0]
root@Router1# top

root@Router1>show interfaces | match set

Rollback command

Use to rollback to an older configuration in case you messed up something in the actual
candidate configuration.

Junos can save up to 50 rollbacks ordered by date/time.

root@Router1#roolback 0,1

Rescue configuration

jcluser@vMX-addr-0> request system configuration rescue save

jcluser@vMX-addr-0>rollback rescue

jcluser@vMX-addr-0>show system configuration rescue

Juniper Routing:

Canditate configuration >>>>>>> Active configuration

The Routing Engine creates the Forwarding Table and it sends a copy to the Forwarding Engine.

The Routing engine is looking at the Destination prefixes/subnets and the Next-hop addresses .
The Forwarding Engine is looking at the Destination prefixes/subnets, next-hop addresses and
the exiting interfaces.

Junos selects routes based on :

Most specific subnet (similar cu longest match on Cisco)

Route preference (similar cu Administrative distance on Juniper)

RP:

Directly Connected = 0
Static = 5
OSPF = 10
IS-IS = 15
RIP = 100
BGP = 170

Routing Instances

If you are a SP and you need a way to separate traffic from multiple customers, you need to
implement routing instances.

The router needs routing instance to separate each customer routing tables from each other.
(to prevent a customer to access another customer network)

You can add a static router or enable ospf only to a customer routing instance and it will stay
only there.

OSPF:

1. Router ID – must be unique

The router-id is set if it is explicitly configured, otherwise it is selected based on the highest
addressed loopback (if present) or highest ip address on an interface.

2. Hello Packets

When OSPF is enabled, the router starts sending Hello Packets to 224.0.0.5 to form addjeaces.

3. Area ID

4. Timers

Hello packet every 10 sec, dead timer is 40 sec.

5. Area types

Stub areas, Totally stub, NSSA.

OSPF Reference bandwidth

Reference bandwidth
Interface bandwitdth =

10,000
= 10
1,000

By defalt, the refference bandwidth is 100 on routers.

What can be a reason which OSPF neighbors get stuck in Exstart or Exchange state?

There is a MTU mismatch between OSPF neighbors.

Route Policies:

Route policies are similar to Route Redistribution on Cisco, but on Junos they are called R
policies.

Decide what route can be redistribute to other routing protocols, for exemple, exporting IS-IS
route into OSPF.

2 categories:

Import policies

Export policies

Configure Route policies:

Export isis routes into OSPF

edit policy-options

set policy-statement isis-to-ospf from protocol isis

set policy-statement isis-to-ospf then accept

---→

edit protocol ospf

set export isis-to-ospf

Export OSPF routes into ISIS

edit policy-options

set policy-statement ospf-to-isis from protocol ospf

set policy statement ospf-to-isis then accept

---→

edit protocol isis

set export ospf-to-isis

Also if you need to export/import some specific routes, you can create a prefix list.

Junos Firewall Policies

Similar to ACL to other vendors.

Firewall action types:

- accept
- discard
- reject
Create a QoS / policying filter for a fw filter to use QoS in case the bandwidth is exceeded.

In case the traffic has 100 Mbps it will use Assured Forwarding class.

If it exceeds 100 Mbps, it will use Best Effort Class.

Create a policer first, to configure the limit of bandwidth.

edit firewall

set policer [name of the policer] if-exceeding bandwidth-limit 100m

set policer [name of the policer] then forwarding-class best-effort

then the filter:

edit family inet filter [name of the filter]

set term 1 then forwarding-class assured-forwarding

set term 1 then policer [name of the policer]

Operate and maintain JUNOS

show system - things that happen in the software / OS

show system connections – checks the ports udp/tcp ESTABLISHED or LISTENING

show system statistics – check traffic for tcp, udp, icmp, igmp, mpls, arp etc.

show system storage – check storage of the OS

show chassis – things that happen in the hardware

show chassis environment

show chassis hardware – shows you the piece of hardware installed

show virtual-chassis – see the master node or child node in the chassis

show chassis fpc – checks the connection between the Routing engine and the Forwarding
Engine