Professional Documents
Culture Documents
Ssfjun01 I
Ssfjun01 I
Student Guide
Junos Operating System Highlights
Slide 1
Juniper Networks
Sales Education
© 2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Slide 2
JUNOS OPERATING
SYSTEM HIGHLIGHTS
© 2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Slide 3
Course Agenda
Introduction to Junos OS
The Junos OS CLI
The Junos CLI Rocks!
Routing with Junos
Junos OS adoption
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 3
Slide 4
Course Objectives
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 4
Slide 5
Introduction to Junos OS
© 2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Introduction to Junos OS
Junos is the network operating system that runs an increasing spectrum of the Juniper portfolio product,
ranging from switches, to routers, and to firewall products. This is what sets Juniper apart as a strategic
portfolio vendor.
Slide 6
Section Objectives
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 6
Slide 7
Introduction
The Junos operating system is a single network operating system
integrating routing, switching, security, and services
Junos OS delivers the power of one operating system to run
high-performance networking infrastructure
The Junos OS command-line interface offers specialized features
to save time for users and prevent downtime in the network
Juniper offers customers the training, tools, and services needed
to make the adoption of Junos OS simple and safe
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 7
Much of the value, the savings, and the streamlining of operations of our products and solutions are
delivered by the Junos operating system.
With the limited amount of time that you have to talk to customers and get their interest, it’s important to
understand how the operating system works, how customers use it, and how you can help to ease its
adoption into their own infrastructure. When we talk about Junos, we talk about the Junos advantage
offered by the Power of One operating system.
This course is designed to share with you the highlights of the Junos advantages, focusing on its key
differences and ease of operation that would aid to lower your customers operating costs. The course
provides operational and configurational commands, illustrating the power of Junos and its ease of use.
Slide 8
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net13
| 8
Juniper Networks has always thought differently about the network. Whereas our competitors have
trended towards a box-on-box, multiple operating system approach; Juniper sees that this leads to spiraling
layers of complexity in customer networks.
We have purposely driven our strategy to simplify the network through specific investment and new
development looking towards convergence. Over more than a decade Juniper has evolved Junos software
as a single, end-to-end, high-performance operating platform of the network to deliver routing, switching,
security, services and cloud. This approach in how we innovate is fundamentally different than our
competitors enabling our customers to build their networks and deliver new services in converged offerings
with simplicity of operations and reduced costs.
Slide 9
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 9
The legacy networking providers approach has been hardware oriented. Sell another box to fix another
problem. As these vendors acquire companies and add more products they are also adding more operating
systems, more proprietary software, more complexity, and more problems.
Complexity is their strategy! They’ll sell more boxes. The customer must pay for a lot of services and
support to integrate and make it all work.
But this puts the customer in a constant state of upgrading, testing, and maintaining. The operating systems
may need to be individually tailored, and it is unknown how changes, bugs, and upgrades on one box will
affect the others. More boxes get sold to attempt to fix problems, but complexity and cost increases, while
customer satisfaction decreases. The bottom line for customers? Chronic complexity management.
Slide 10
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 10
Junos provides a simpler approach with fewer issues. When talking about Junos to customers, partners,
etc., we need to think outside of the normal “box” conversation. The discussion needs to be more about
selling a solution rather than just another box. Junos software is changing the way we should be looking at
the whole network experience.
As we stated earlier, Junos is much more than an operating system; it is a simplified, common language that
provides a consistent user experience across multiple devices. With Junos you get consistent core
functionality that scales from the smallest to the largest device on the network.
It is based on open standards so it integrates seamlessly into the network, even with our competitors
products. Customers can move, over time, to a network with fewer problems and lower cost.
Slide 11
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 11
Rather than being about bottoms up deployment of boxes, migrating to the open platform approach of
Junos takes customers to a new way of network design. The layered, converged platform approach of
Juniper is about looking at the network as a whole from the top-down perspective of customer needs.
Providing a platform approach based on layers of silicon, system, and software, allows Juniper to deliver a
complete solution supporting many applications. With Juniper’s focus on innovation in software running on
silicon and systems layers built with the headroom capacity for innovation, customers can meet many new
requirements for new services delivery through the flexibility and lower costs of software changes alone.
Moreover, Juniper opens the door to third party innovation and integration by offering a set of Junos
software development kits to partners so they can release even more value from their network.
Slide 12
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 12
Multiple components of the Junos software platform give developers unmatched flexibility to create
dynamic applications that interact with the network from the client to the cloud.
- In the network, the open standards, open platform approach of the operating system inspires innovation.
-Junos Space is a programmable platform for developing and running applications across the network.
-And Junos Pulse is a multi-service network client that can be used on mobile devices such as notebooks,
netbooks, and smartphones. It too is a open, programmable, platform that simplifies the end user
experience.
-Running over these platform layers is a growing portfolio of Junos Ready Software applications developed
by Juniper and third-parties.
Slide 13
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 13
The foundational component of the Junos software platform is the Junos operating system. Running a single
operating system across devices makes the day-to-day operation of the network less complex. The IT staff
can focus on rolling out new deployments and maintaining the network, making better use of their time
and effort. With a steady release of new features and a modular architecture they have predictable
performance and the ability to streamline their tasks through automation. They can evolve their current
network infrastructure rather than adding box on top of box.
This provides a consistent user experience for the IT staff and lower costs for the customer.
Slide 14
Control Plane
Provides options for Routing
redundancy Engine
Packet
Data Plane
Forwarding
Engine
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 14
Let’s review some of the architecture highlights – what’s different in the design. From the beginning the
engineers decided to separate the functions of control and forwarding. Ask yourself a question – what do
routers do for living? They determine the path and then, once they know the next hop, they switch packets.
So, it makes complete logical sense to separate the function of path determination, or control, from the
function switching, or packet forwarding.
Think of control as the brains of the system. It’s really what runs the protocols. The forwarding is where the
packet handling happens. It’s the brawn of the system. It’s what’s responsible for the high throughput –
taking packets, inspecting them, and moving them on quickly down the network.
So, if you’re not a software engineer, why do you care about this? Well, the bottom line here is - dedicated
resources means high resiliency, which gives you that incredibly high availability that carriers rely on. So,
again, carrier class is what we’ve got.
Slide 15
Management
Control Plane
Interfaces
Module n
• Well-defined interfaces for
Routing
expansion of functions/
platforms ...
Kernel
Kernel
• Controls the modules
• Manages communication
between the modules and to the
PFE
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 15
A second design element to point out about the architecture is its modularity. Here we have a diagram of
the control plane and you see a group of modules responsible for different functions of the software –
whether it be management or routing – and each of these run as independent processes, all of which are
controlled by the underlying kernel.
We’ve got dedicated resources. Because of the modular nature of these resources, if there’s a problem, say,
in the routing module, it doesn’t disrupt anything going on in the management or interface modules. So,
small problems don’t become big ones, and that leads to really high availability and, when our engineers
want to add functionality, they do it in a modular fashion. We can roll out new features by building a new
module and putting it into this same model you see here.
Junos modular architecture allows customers to troubleshoot the problems much easier because they can
isolate what’s going on in the software quicker versus other systems that are just monolithic blocks of code
where it is very difficult to understand what’s going on.
Slide 16
Junos OS Services
Tailored services
flexibility Scripts
CLI NSM J-Web Toolkit
• Deep integration of new
functionality Open Management Interfaces
• Dedicated hardware in many
platforms Service
Management
App 1
Control Plane
Interfaces
Module n
Routing
...
• Create customized
service chains
Service
Open management and App 2
Services Interfaces
Services Plane
development Interfaces Kernel
• NETCONF/XML Service
• Partner development platform ...
App 3
Data Plane
Packet Forwarding
Service
App n
Physical Interfaces
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 16
Junos modularity permits very painless addition of two additional Junos design elements that are different.
First is a dedicated services plane in many platforms, such as the SRX Series Services Gateways. What this
means is that Juniper engineers are able to quickly introduce and integrate new service capabilities –
whether it be bringing intrusion prevention, or Antivirus – and have all of those services work together in
an integrated fashion. The next element to add is open management interfaces. Junos offers interfaces for
integrating both into our element management systems as well as some element management systems of
other vendors and other operational systems.
Slide 17
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 17
So when we talk about selling Junos, we must mention that most of Juniper’s devices in the tool belt run
Junos. So it makes it an extremely easy sell. When we sell into the Data Center, we should be asking
questions about the customers branch office devices, or vice versa. No matter where in the network we
need devices, Juniper has the solution to fit the need, whether it be routing, security, or switching, Juniper
can do it, oh yeah… and with the same operating system trans-versing from device to device. There is no
reason to learn separate operating systems as traditionally fed to network administrators for the past 40
years.
Slide 18
Section Summary
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 18
Slide 19
Submit
Submit Clear
Clear
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 19
Slide 20
b) Routers
c) WAN Acceleration
d) Firewall
Submit
Submit Clear
Clear
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 20
Junos OS runs an increasing spectrum of the Juniper Networks portfolio, including which three of the
following?
Slide 21
© 2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Slide 22
Section Objectives
After completing this section, you will be able to:
• Introduce the Junos OS CLI
• Understand the difference between operational mode and
configuration mode
• Navigate the command hierarchy
• Use command-line shortcuts and get help
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 22
Slide 23
1. Command-line interface
• Available from the console interface
• RJ-45 RS-232 @ 9600 Bps, 8/1/N (not configurable)
• Available by using Telnet and SSH
• Requires network interface and related service configuration
• Dedicated Ethernet management port on M Series routers
(fxp0) and EX Series switches (me0)
• All J Series network ports support management access and transit
traffic
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 23
The command-line interface (CLI) is the software interface used to access the device. One big differentiator
of Junos CLI from other CLIs in the market place is that Junos provides a rich set of new tools and
safeguards that can help your customers to efficiently manage their networks and maintain high uptime.
The material discussed in these slides is generally applicable to any device run by Junos.
You can access the CLI through either a console connection, through an out-of-band network interface, or
in-band through the network. By default, only the console connection is available for use. All other
connection methods require explicit configuration in the device.
Another option of operating and configuring a Junos device is J-Web, a powerful web-based management
interface available on Junos devices. J-Web lets you perform the actions available in the command-line
interface. It provides practical tools to monitor, configure, troubleshoot, and manage your device.
Generally to use J-Web, the user has to either manually enable http via the CLI, or through the LCD panel
externally to launch J-Web (by default J-Web is only set up on the J Series).
Additionally customers can manage platforms run by Junos with Juniper management products including
NSM.
Slide 24
CLI Login
password
Default CLI prompt
mike@jnpr1>
shows:
username
device host name
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 24
To access the interface you need to connect and log in. These instructions assume that your device has
already been configured with your user name and password.
If you’re using a brand-new device rather than one that’s already been configured with your user name and
password, you log in as root and press enter as your password.
We use the convention of showing user input into the CLI in blue bold font
Slide 25
CLI Modes
Operational mode
• Monitor and manage device operations
mike@jnpr1>
The > character
identifies operational
mode
Configuration mode
• Configure the device and its interfaces
[edit]
mike@jnpr1# The # character
identifies configuration
mode
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 25
•The Junos CLI organizes its commands into two groups, known as modes:
•Operational mode is for managing and monitoring device operations. For example, monitor the status of
the device interfaces, check chassis alarms, and upgrade and downgrade the device's operating system.
•Configuration mode is for configuring the device and its interfaces. This includes configuring the
management console with its network settings, setting up user accounts for access to the device, specifying
the security measures used to protect the device and the network, and setting up routing and switching
protocols.
•The prompt following the device name indicates the mode as shown on the slide.
Slide 26
2nd Level
Nodes ... ... ...
3rd Level ... ... ... ...
Nodes
... ... ... ...
... ... ... ...
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 26
The Junos CLI structures the activities of each mode into hierarchies. The hierarchy of each mode is made
up of cascading branches of related functions commonly used together.
The structured hierarchy of the command-line interface is among the first of many preferred differences
that new users discover about the Junos CLI. By logically grouping activities, the Junos CLI provides a
regular, consistent syntax helpful in knowing where you are at, finding what you want, quickly moving
around the interface, and efficiently entering commands. The hierarchy of commands just makes
everything a lot easier in both learning and then using the Junos CLI. New users regularly comment on just
how logical the command-line is.
Slide 27
The slide shows common administrative tasks completed in operational mode. Junos provides an extensive
set of on-board instrumentation capabilities for gathering critical operational status, statistics, and other
information. These tools deliver advance notification of issues and speed problem-solving during events.
As part of your configuration setup you can specify the types of events to track, the event severity, the files
in which to store the data, among other options. You can then access this information in operational mode.
Juniper devices come with sufficient processing power to collect and store critical operational data,
including SNMP management, system logging, and traceoptions (or debugging) that help you to understand
how the box operates in normal conditions and where, when, and why changes occur.
Slide 28
top
Less Specific
clear configure file help monitor set show etc.
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 28
When you first log in to the CLI, the command-line interface is at the top level of the CLI's operational
mode.
This slide shows a view of the CLI's tree structure from the top of the operational mode, with an example of
its cascading hierarchy through the show command. The show command is one of the most commonly
used because it displays information ranging from interfaces (show interface) to hardware (show
chassis) to protocols (show ospf neighbor).
For the student with experience using IOS, a basic difference of Junos is that it does not use the keyword IP.
So, many of the show commands you already know work if you drop this part of the command. For
example, the IOS command show ip route simply becomes show route in Junos.
Slide 29
Specifying Output
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 29
The show command includes other arguments to modify the output. This slide displays the available
arguments for the show interfaces command for the fe-1/1/1 Fast Ethernet interface. The
question mark (“?”) helps you to complete commands, enabling you to navigate through the command
hierarchy without referencing a CLI manual. In fact, question mark is your best friend while operating or
configuring a Junos running device.
You can add these options to adjust the output listings to what you need.
Slide 30
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 30
This slide illustrates the results of adding the keywords brief and terse to the show interfaces
command.
Slide 31
mike@jnpr1> configure
Entering configuration mode
[edit]
mike@jnpr1#
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 31
As you monitor and configure a device, you need to switch between the operational mode and
configuration mode. When you change to configuration mode the command prompt changes from “>” to
“#”.
•To switch from operational mode to configuration mode, issue the configure command.
•The [edit] banner shows your location at the top level of the configuration hierarchy.
•To exit back to operational mode, you issue the exit command.
Slide 32
top
Less Specific
access chassis groups interfaces services system etc.
Configuration mode has a hierarchical structure logically grouping related configuration statements. This
structure eases configuration set up, review, and changes by allowing you to more readily find and view
related statements. The slide illustrates a portion of the configuration tree, with nodes such as system
and interfaces at the 2nd level of the hierarchy.
The configuration statement hierarchy includes two types of statements:
•container statements: which contain other statements, that is they have subordinate configuration levels.
Each container statement represents a configuration stanza, which could include other configuration
stanzas. A configuration stanza is represented by the content between curly brackets (“{“ and “}”).
•leaf statements: which do not contain other statements, that is they are at the end of a particular
hierarchical path. Each leaf statement is located within a configuration stanza.
Slide 33
The command-line interface displays the hierarchy of the configuration mode through specific syntax:
• Indicating hierarchy by indenting each subordinate level
• In this example, services is a subordinate of system, and ftp is a subordinate to
services.
• Indicating container statements by open and close curly brackets.
• In the example, system and services are cascading container statements.
• Indicating leaf statements with a semicolon.
• In the example, ftp; is a leaf statement.
Also, speaking of configuration stanzas, system is a configuration stanza and so is services.
Slide 34
Hierarchy Flexibility
View from the top of configuration mode
[edit]
system {
services {
ftp;
}
}
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 34
The flexibility to work at a specific sublevel or stanza in the hierarchy is helpful when users want to focus on
just a small portion of the configuration.
•For example, the two configuration statements shown for the FTP service are equal. In the first, you are
looking at the statement from the root level of the hierarchy; and so the ftp; statement is shown in this
listing within the system and services container statements.
•In the second example, you are viewing the ftp; statement from deeper level within the hierarchy.
When you are in deeper levels of the hierarchy, the [edit] banner displays the entire hierarchical path.
Here, the banner [edit system services] indicates a place of the hierarchy lying within
services at the 3rd level, within system at the 2nd level, and within the root - first level.
In this 2nd example, as you are deeper within the hierarchy. Whenever you view the configuration, the
command-line only displays the ftp; statement.
To determine where you are in the configuration hierarchy refer to the configuration command banner
before entering configuration commands. While you can edit the configuration from the root directory,
often it is easier to navigate to the area within the configuration you are changing prior to adding and
removing commands.
Slide 35
The edit, up, top, and exit commands let you navigate the configuration tree.
•Use the edit command to jump to a specific location within the candidate configuration. The
configuration mode banner changes to indicate your new location in the hierarchy. You must know the full
hierarchical path. If you navigate to a hierarchy location that doesn’t exist in your configuration yet, the CLI
will create the hierarchy level.
•The up command allows you to move up levels in the hierarchy. By default, you move one level. You can
add a number after the command to specify how many levels to move up.
•The top command takes you to the first hierarchy level.
•The exit command returns you to the hierarchy location prior to the last edit command. If you exit this
command from the top level of the configuration hierarchy, you exit configuration mode.
The organized structure of the command hierarchy eases movement from one level to another within the
Junos CLI.
Slide 36
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 36
Fortunately for new (and experienced) users, the Junos CLI includes lots of shortcuts and ways to get help.
Both configuration mode and operational mode offer options to shorten keystrokes. All standard Unix
keyboard shortcuts are available to you when you are logged on to the Junos device. It may take a few days
for these to become second nature; however, once you have the muscle memory, these keys can save you
lots of typing time.
The command-line interface stores every entered command in its command history. At any command
prompt the up and down arrow keys let you scroll through this history. Re-use commands that you
previously entered, or modify them as needed. Keyboard sequences can save you much time, for example,
when you are configuring similar items on the device, or you are repeating operational commands, such as
when you are debugging an issue.
Slide 37
Possible completions:
igmp Show Internet Group Management Protocol
ike Show Interface Key Exchange Information
interfaces Show Interface Information
ipsec Show IP Security Information
isis Show Intermediate System-to Intermediate
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 37
The CLI provides command completion to further speed your typing in both modes. Command completion
automatically finishes partially typed commands, filenames, and user names, so you don’t need to recall
the exact syntax of the desired input string. Command completion is a big help to new users, easing their
transition to the new command-line interface.
The spacebar completes most CLI commands. The tab key not only completes CLI commands, but also
filenames and user-defined variables such as policy names, community names, and IP addresses. When the
completion of the command or argument is ambiguous, hitting space or tab lists the possible completions.
Slide 38
Getting Help
[edit system]
mike@jnpr1# set s?
Possible completions:
saved-core-context Save context information for core files
saved-core-files Number of saved core files per executable (1..64)
> services System services
> static-host-mapping Static hostname database mapping
> syslog System logging facility
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 38
Query the command-line with the ? character at any level of the operational or configuration hierarchies
for a list of available commands and a short description of each. Typing a partial command and the ?
provides a list of all the valid ways to complete your command, as shown in this example. Using the ? in
either of these ways is known as context-sensitive help in Junos lingo. For commands that require a
filename as an argument, the question mark lists the files in the working directory. You can consider ? to
be your best friend while navigating through Junos CLI.
Slide 39
More Help
help apropos
• Displays help about a text string contained in a statement
or command name
help reference
• Provides assistance with configuration syntax by
displaying summary information for the statement
help syslog
• Displays information on specific syslog events
help tip
• Provides random tips for using the CLI
help topic
• Displays usage guidelines for configuration statements
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 39
When you want more information than provided by context-sensitive help, you can turn to the Junos
technical documentation on your device through the help commands. Juniper loads it on new devices and
includes it as a part of new upgrade builds. When requesting help, follow each of these help commands
with the string or topic for which you're seeking information.
The help files are divided into major categories. You can access these files in operational mode. Use:
•help apropos to display help about a text string contained in a statement or command name
•help reference to provide assistance with configuration syntax by displaying summary information
for the statement
•help syslog to display information on specific syslog events
•help tip to provide random tips for using the CLI
•help topic to display usage guidelines for configuration statements
Slide 40
Logging out
mike@jnpr1> exit
logout
Connection closed by foreign host.
$
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 40
When it's time to take a break, you must be in operational mode to log out completely from the device. So,
if you are in configuration mode use the exit configuration-mode command to enter operational
mode. Then, you can completely exit the CLI by entering the exit command in this mode.
Slide 41
https://virtuallabs.juniper.net/
Click here to
continue
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 1
Slide 42
Section Summary
In this section, you have learned how to:
• Introduced the Junos OS CLI
• Described the differences between operational mode and
configuration mode
• Navigated the command hierarchy
• Used command-line shortcuts and get help
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 42
Slide 43
b) } character
c) > character
d) ~ character
Submit
Submit Clear
Clear
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 43
Slide 44
b) # character
c) * character
d) } character
Submit
Submit Clear
Clear
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 44
Slide 45
Submit
Submit Clear
Clear
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 45
Slide 46
b) configure
c) confmode
d) switch
Submit
Submit Clear
Clear
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 46
Which command do you used to switch from operational mode to configuration mode?
Slide 47
© 2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
The Junos CLI includes functionality not found in legacy network operating systems, such as Cisco’s IOS. For
example, did you know that the Junos CLI has some special features for protecting the network from
configuration errors and mistakes? Sound helpful? Many of these features came from the inspiration and
ideas of early Junos users who demanded a safer way to set up and make changes to their device
configurations.
This section introduces you to the ground breaking and specialized features of the Junos CLI. These are the
reasons why so many users say that Junos saves them time (often lots of it), reduces repetitive tasks, and
helps them to avoid very costly mistakes. In other words … to enthusiastically agree that “the Junos CLI
rocks!”
Slide 48
Section Objectives
After completing this section, you will be able to:
• Present and demonstrate the Junos OS configuration
process and its multiple safeguards
• Highlight the advantages of operating devices run by
Junos OS
• Discuss features of the Junos OS CLI to automate
operations
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 48
Slide 49
commit
candidate validated active
Load configuration configuration configuration
commit
confirmed
commit commit
scripts validations
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 49
The presented graphic outlines the basic steps to configure a Junos run device. Do you notice anything
different from most other network operating systems? Foremost: configuration changes in Junos do not
become active until you are ready. The Junos approach provides multiple safety nets that can save
engineers hours of troubleshooting on those bad days when configuration updates can go horribly
wrong potentially resulting in network collapses.
Once they understand these safety nets, new users of Junos typically come to see the Junos CLI as much
more user-friendly than other systems that have line-by-line entry and instant activation of
configuration changes. Have you ever had to make line-by-line changes in other systems, knowing that
you were creating intermediate risks, such as removing a firewall on an interface? Perhaps you have
entered a single-line change that created unwanted or unexpected results that you could not easily
revert.
The Junos CLI protects you from these and other configuration headaches.
To operate a device Junos uses the active configuration file. When a user changes a configuration file,
he/she works with the candidate configuration file, which is different from the active one. In order for
configuration changes to take place, the user must commit the candidate configuration file.
Slide 50
1 2 3
commit
candidate validated active
rollback
Load
configuration configuration configuration
commit
confirmed 1
commit commit
scripts validations 49
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 50
So what are the basic sets of the multi-stage Junos configuration process? Let’s examine it in more details.
First: enter changes in the candidate configuration
The candidate configuration is a copy of the active configuration. You can enter configuration changes to the candidate
through the CLI via cut and paste, load or merge a text file with the updated configuration changes, or enter the changes by
hand through the CLI interface. After making all your candidate changes, you can review your work, including comparing the
candidate to the active running file.
Second: commit you changes, sending off a copy of the candidate to become the active configuration
Before finalizing the changeover, the software checks for certain statements within the candidate and performs other
context validations. If the device includes pre-loaded commit scripts, these scripts will also check and possibly correct errors
within the candidate configuration.
Third: the candidate becomes the active configuration
The candidate configuration becomes the active configuration and the device places the previous active configuration into
an archive of up to 49 of the past active configurations, which you can access through the rollback command.
We’ll explore explore each of these steps further in this section.
Slide 51
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 51
To enter configuration mode, Junos provides several options. These options give users different ways to
manage who is making changes and when.
If users enter configuration mode with the base command: configure, as discussed in the prior section,
then they are in standard configuration mode. Standard mode allows any number of users to edit the
candidate configuration simultaneously, and changes made by a single user are visibly shared by all users,
any of whom will activate all changes if they enter a commit command.
Alternatively, Junos offers the options to configure private or configure exclusive. These
prevent one user from inadvertently activating another users changes before they are ready.
In private mode, the device keeps a separate candidate copy holding only the changes by the private user.
In exclusive mode, the command-line locks all other users out of configuration mode until the exclusive
user closes the exclusive state.
These two configuration options are very handy when multiple users can change the candidate
configuration of a device.
Slide 52
show Command
List the complete candidate from List a specific subset of the
the top of configuration mode candidate configuration from a
deeper level of the hierarchy
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 52
Initially, before any changes are entered, the candidate configuration is the same as the active running
configuration of the device.
To display the candidate configuration, use the show command in configuration mode. When entered from
the top of the configuration hierarchy, the CLI displays the entire candidate configuration, as shown in the
abbreviated listing of the example on the left.
Deeper in the hierarchy, the show command displays the configuration from the current hierarchy level
and below, as show in the example on the right.
Note: You may have noticed that configuration mode uses the show command in a different way than
operational mode. The commands of each mode are independent of each other, and so the show
command represents different actions in each.
Slide 53
set Command
From the top of configuration mode
[edit]
mike@jnpr1# set system services finger
mike@jnpr1# set system services ftp
mike@jnpr1# set system services ssh
mike@jnpr1# set system services telnet
[edit]
system {
services {
finger;
ftp;
Either ssh;
adds telnet;
From a sublevel }
}
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 53
You can create or change the candidate configuration by entering a series of commands, including those to
add and remove configuration statements. The set command inserts a statement and values into the
candidate configuration.
While you can edit the candidate from the root directory, as shown in the top example, often it is easier to
navigate to the area within the configuration you are changing prior to adding and removing commands.
This is shown in the second example where changes are entered in the [edit system services]
sublevel of the hierarchy.
Either approach adds the same lines, shown on the right.
Slide 54
delete Command
Remove a statement along with any subordinate
statements
• Deleting a statement effectively returns the affected
device, protocol, or service to an unconfigured state
• Deleting a container statement removes everything under
that level of the hierarchy
[edit]
mike@jnpr1# delete system services
[edit]
system {
Now }
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 54
Slide 55
compare Configurations
Display the differences between the candidate and
active configuration
• Options to show any two configurations
[edit system services]
mike@jnpr1# show | compare
- ssh;
+ telnet;
- web-management {
- http {
- port 8080;
- }
- }
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 55
Have you ever entered changes to a configuration and then wanted to review them?
The compare command provides a convenient way to display the configured differences (and only these
differences) between the candidate configuration file and the active running configuration of the device (or
any other configurations you might choose). The CLI indicates new lines in the candidate with a plus (+) sign
and those removed with a minus (-) sign. In this example, the user has enabled telnet within system
services and also removed ssh and web-management.
Slide 56
commit check
Check that the device will accept your candidate
• Validates the logic and completeness of the candidate
without activating the changes
[edit]
mike@jnpr1# commit check
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 56
The CLI also provides a command to check that the system can process your candidate configuration. The
commit check command validates the logic and completeness of the candidate semantics without
activating any changes. These are the same validations which run when you commit a candidate. If the
system finds a problem in the candidate configuration, it lets you know, as the example above.
Slide 57
commit
Activates the candidate to become the running
configuration of the device
• If the validation checks find any errors, you must fix these
before the candidate can become the active file
•Add
[edit]Bullets
mike@jnpr1# commit
error: Policy error: Policy my-policy referenced but not defined
error: BGP: export list not applied
error: configuration check-out failed
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 57
The candidate file is only the proposed configuration, and your device does not use any of this
configuration until you issue a commit command. After you have entered all desired changes, and you
have double checked your work, you are ready to activate your candidate as the active running
configuration.
To activate the candidate configuration, enter the commit command.
Before actually activating the candidate configuration, Junos checks basic syntax and semantics. For
example, the software makes sure that a policy has been defined before it is referenced. If any syntax or
semantic problems are found, the commit command returns an error.
You must fix all mistakes before the candidate (or any part of the candidate) can become active.
The commit complete message tells you that the new configuration is up and running on the device.
Slide 58
Commit confirmed
Automate rollback in remote devices
• Commit a candidate configuration for a limited time
[edit]
mike@jnpr1# commit confirmed
commit confirmed will be automatically rolled back in 10
minutes unless confirmed commit complete
Are you among those of us who have made the mistake of adding security to a remote box, only to discover
the new firewall locked you out of the very interface that you were using to access the device? Do you have
a story about the time you accidently isolated a remote box and then had to jump in the car and drive two-
and-a-half hours in the middle of the night just to reset it? The commit confirmed command can
prevent costly configuration mistakes by automatically rolling back problematic configurations.
The commit confirmed command commits a candidate configuration for 10 minutes. Then if you don't
follow up with a second commit, the device automatically rolls back to the previous configuration. You can
use the commit confirmed command anytime you want a safety net against potential configuration
problems.
If you do not confirm the configuration by entering a second commit command, the CLI will roll back the
device to the previous active configuration at the end of the 10 minutes (or other interval you specify). In
this way, if you have accidently isolated the device, you simply need to wait for the roll back instead of
agonizing over how you are going to otherwise undo your mistake.
Slide 59
Rollback
Use rollback (or rollback 0 ) to reset the candidate
configuration to the currently active configuration
• rollback 1 loads the previously active configuration
• rollback n loads the nth previous active configuration
• rollback rescue loads the previously created rescue
file
rollback only modifies the candidate configuration
• Don’t forget to commit the changes!
[edit]
mike@host# rollback
load complete
[edit]
mike@host# commit
commit complete
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 59
Whenever you commit the candidate as the new active configuration, Junos automatically saves a copy of
the replaced active file. As you store each newly replaced configuration, all the prior configuration files
move back one version number further in the configuration archive. Each device can store up to 50 of the
most recently active versions. This number includes the current active configuration (also known as rollback
0).
You can access this configuration archive using the rollback command to restore your candidate
configuration. Reset your candidate to match the active running configuration by entering rollback or
rollback 0.
Return to the most recently previous configuration file using the rollback 1 command, or add any
other number between 2 and 49 to go back to an even older version of the configuration.
The rollback command loads the requested archive as the candidate file. You can also create a rescue
configuration of a known working configuration so that you can rollback to it when all else fails.
If you want to use the rollback file immediately, first make sure it's what you want by using the show
command, and then activate it with the commit command. That last bit was important. Don’t forget … to
complete a rollback for the active configuration of the device, you must also commit it.
This automatic backup mechanism lets you return quickly to a previous configuration for immediate use or
for fast updates.
Slide 60
[edit]
mike@jnpr1# edit interfaces fe-3/0/0 unit 0
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 60
Unlike other systems Junos lets you prepare for an installation before actually installing the hardware. The
software simply ignores any parts of the running configuration which are irrelevant to the existing
hardware installation. Whenever the hardware becomes available, the newly added section of the
configuration then becomes active.
The option to set up a configuration prior to hardware install is quite useful, especially when the person
installing the hardware is different than the person configuring the device, a common occurrence for
remote boxes. Here is a configuration for fe-3/0/0, which will be installed tomorrow.
Sometimes you want to prepare configuration changes for activation at a specific time, such as during a
maintenance window. The commit at command provides this option.
You can also make configuration changes and mark them as inactive until you are ready to use them by
using the deactivate command.
Slide 61
[edit interfaces]
mike@jnpr1# delete se-0/0/1 unit 0 family inet address 10.0.22.1/24
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 61
A typical configuration includes many similar elements named and defined by the user, such as interface
names, policy statements, and firewall filters. The Junos CLI includes commands to duplicate and quickly
change the configurations of these user-defined variables.
The copy command duplicates a configuration statement along with all the subordinate statements
configured underneath it. In using the command, you copy the configuration associated with one user-
defined element to a new, similarly configured element. You then modify that second element with any
needed changes.
The rename command is a convenient shortcut when you need to alter the value of a user-defined
variable—such as policy names, filter names, IP addresses—or to change the name of a user-defined
element.
The example on this slide illustrates a very useful technique for configuring similar interfaces, where only IP
addresses are different. First, you create identical configuration of se-0/0/1 based on the se-0/0/2
interface. Then, you change the ip address of the newly created se-0/0/1 interface by deleting the ip
address of the copied se-0/0/2 interface and setting the ip address for the se-0/0/1 interface, which is
10.0.36.2/24. Also, you can use the rename command to change the ip address of the newly created
interface, thereby achieving the same result, as indicated on this slide.
Slide 62
Powerful | Pipe
Filter output in both operational and configuration
mode
Sends output of one command as input to another
Examples:
• Use to redirect output of a command to a file
• Useful for re-using sections of configurations across
many devices
mike@jnpr1> request support information | save <filename>
Wrote 1143 lines of output to ’filename‘
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 62
The pipe | character lets you filter output in both operational and configuration modes. Pipe makes it
possible to display specific information in a single command step, sending the output of one command as
input to another, or redirecting the output to a file. The output of the command to the left of the pipe
symbol serves as input to the command or file to the right of the pipe.
The first example shown on the slide creates a file that stores the output of the request support
information command of the operational mode by piping its output to a filename.
In the second, | count counts the number of lines in the output.
Many more examples for using pipe are available in the Junos technical documentation and other reference
resources.
Slide 63
Run is Cool
Issue operational mode commands while in
configuration mode
[edit]
mike@jnpr1# run show interfaces
Physical interface: fe-4/0/2, Enabled, Physical link is Up
Interface index: 137, SNMP ifIndex: 29
Link-level type: Ethernet, MTU: 1514, Speed: 100mbps,
Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled
Device flags : Present Running
Interface flags: SNMP-Traps 16384
Link flags : 4
CoS queues : 8 supported
<. . .>
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 63
The run command lets you issue CLI operational mode commands while in configuration mode. Just add
the keyword run before any operational mode command that you want to execute while you are inside the
configuration mode.
For example, entering the run show interfaces command displays the output as if show
interfaces had been entered from operational mode. Here we show an abbreviated listing of the
output.
Slide 64
Real-time Performance
Monitoring (RPM)
• Active probes to monitor performance
• Per-destination and application basis
Flow accounting
• cflowd and rich filtering
• Active monitoring, passive monitoring,
port mirroring
Health monitor
• Extends the Remote Network
Monitoring (RMON) alarm
infrastructure with minimum user
configuration
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 64
Juniper devices provide extensive on-board instrumentation that enables customers to proactively gather
status information. Self-monitoring allows continuous feedback and lets administrators capture network-
wide down to highly granular perspectives on the operations of the network. Junos-based platforms come
with sufficient processing power to collect and store critical operational data that help you to understand
how a device operates in normal conditions and where, when, and why changes occur.
Available tools for automating network monitoring include:
• Real-time performance monitoring: Measures the performance of traffic as it travels between network
devices. The RPM probes can collect round-trip time minimums, averages, maximums, jitter, and other
data on both a per-destination and application basis.
• Flow accounting: Provides a method for collecting traffic flow statistics, enabling operations teams to
track link utilization for capacity planning, security analysis, fault isolation, internal billing, and more.
You can gather statistics on an individual physical device, logical device, interface, or subinterface.
• Health monitor: Notifies your network management system (NMS) when something requires attention.
Health monitor extends the Remote Network Monitoring (RMON) alarm infrastructure of Junos with
minimum user configuration requirements, by providing predefined monitoring of the operating system
processes and device hardware, for example: file system usage, CPU usage, and memory usage.
Slide 65
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 65
The logging and tracing operations of Junos allow administrators to find out about events that occur in the
device — normal operations, as well as error conditions. You can use the following tools to discover, trace,
and analyze the sequence of events leading to network or device issues for fast resolution.
• System logging: Generates system log messages (syslog messages) for recording events that occur on
the device, including hardware and within the processes of the operating system. A few examples,
among the thousands that we can cite: an interface starting up, login failure, or hardware failure
conditions.
• Trace logging (also called traceoptions): Provides a wide range of variables for observing network
and system events specific to operations, such as protocol operations. Note that traceoptions is
similar to the debug function in IOS. Examples of trace logging include BGP state changes, graceful
restart events, and even tracking SNMP operations and statistics. Trace logging is a valuable tool when
you need to find out what’s going on in your device.
Slide 66
Open to Innovation
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 66
Junos Automation allows power control on-box while also allowing flexible integration to off-box systems.
With the Junos approach to an open network architecture, Juniper can offer a common interface set across
all platforms. Providing a horizontal platform approach of silicon, system, and software, allows Juniper to
deliver a complete solution supporting many applications. Juniper delivers access to third party innovation
and integration by offering a Junos software development kit to partners so they can release even more
value from their network applications.
Slide 67
Configuration-mode automation
• Prevent errors and enforce compliance to CLI
policies and procedures
• Accept, reject, modify, or generate a
message scripts
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 67
Junos command automation is available in configuration and operation modes. In the configuration mode
command automation prevents configuration errors and enforces compliance to pre-defined policies and
procedures. In the operations mode command automation allows you customize operational commands,
and automate custom-defined notifications, diagnosis, or corrective actions, correlating specific events and
actions.
Slide 68
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 68
In summary, the Junos CLI offers multiple specialized features that are not found in many other network
operating systems.
In configuration mode:
•configure private and configure exclusive let engineers manage who is changing the
device and when.
•The commit model lets engineers enter configuration changes in a candidate file. The approach provides
multiple safety nets that can prevent configuration problems and save hours of troubleshooting.
•The compare command lets engineers review their changes, looking for any last-minute typos or
omissions, by comparing two different configurations, yet again providing safety nets ensuring maximum
network availability.
•rollback restores the rescue or any of the prior 50 configurations.
•Preconfigure a device before hardware install or specify a time for changes to become active.
•A rich set of text editing tools saves engineers lots of typing, including the power of the copy and
rename commands to repurpose existing configuration elements.
•Commit scripts to customize validation of configurations and define time-saving macros.
In operational mode, the highlights include:
•Powerful monitoring and diagnostic tools that engineers can use without harming device performance.
•Various scripts and event policies to automate event detection and troubleshooting as well as restoration
to normal operations.
Slide 69
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 2
Slide 70
Section Objectives
In this section, we:
• Presented and demonstrated the Junos configuration
process and its multiple safeguards
• Highlighted the advantages of operating devices run by
Junos
• Discussed features of the Junos CLI to automate
operations
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 70
Slide 71
b) False
Submit
Submit Clear
Clear
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 71
True or False: As soon as you edit the configuration file and press “Enter” the changes are implemented on
your device.
Slide 72
Submit
Submit Clear
Clear
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 72
Slide 73
Submit
Submit Clear
Clear
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 73
Slide 74
b) False
Submit
Submit Clear
Clear
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 74
True or False: Junos-based platforms come with sufficient processing power to collect and store critical
operational data.
Slide 75
© 2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Junos supports various standards-based routing protocols. This section provides a quick overview of basic
routing, and the differences between static and dynamic routing.
Slide 76
Section Objectives
In this section, you will:
• Compare and contrast routing and forwarding tables
• Describe routing instances
• Describe static routing and its configuration using Junos OS
• Describe dynamic routing
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 76
Slide 77
What Is Routing?
The process of moving data between Layer 3
networks
Server Server
A B
Internet
User A
=
Router
=
User B Switch
Data center
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 77
Slide 78
Components of Routing
For a device to communicate with another device in
a remote network, the following requirements exist:
• End-to-end communications path
• Routing information on participating Layer 3 devices
Internet
User A
=
Router
=
User B Switch
Data center
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 78
Routing Components
You must consider several components and other aspects to effectively implement routing between remote
networks. However, you can classify the various components and considerations into two primary
requirements—end-to-end communications path and ensuring all Layer 3 devices within the
communications path have the required routing information.
In the example shown on the slide, you can see that a physical path exists between the highlighted
networks and the Internet. As long as the physical path is configured and functioning correctly, the first
requirement is satisfied.
For the second requirement, all Layer 3 devices participating in the communications path must have the
necessary routing information. The devices within the user and data center networks must have the proper
gateway configured (the router that connects to those networks as well as the Internet). The gateway
device must determine the proper next hop for each destination prefix for transit traffic it receives. Devices
running Junos Software use the forwarding table, which is a subset of information found in the route table,
to make this determination. We discuss the route and forwarding tables next.
Slide 79
Routing
protocol OSPF
databases
Routing Forwarding
table table
Other routing
information Direct Static
sources
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 79
Slide 80
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 80
The following is a summary of the common predefined routing tables you might see on a device running
Junos OS :
inet.0: Used for IPv4 unicast routes;
inet.1: Used for the multicast forwarding cache;
inet.2: Used for MBGP routes to provide reverse path forwarding (RPF) checks;
inet.3: Used for MPLS path information;
inet.4: Used for MSDP route entries;
inet6.0: Used for IPv6 unicast routes; and
mpls.0: Used for MPLS next hops.
Slide 81
Route Preference
Ranks routes received from different sources
Primary criterion for selecting the active route
• Used as a tiebreaker when same destination prefix is
available through multiple sources
Route Preference Values
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 81
Slide 82
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 82
The slide shows the use of the show route command, which displays all route entries in the routing
table. As identified on the slide, all active routes are marked with an asterisk (*) next to the selected entry.
Each route entry displays the source from which the device learned the route, along with the route
preference for that source.
The show route command displays a summary of active, holddown, and hidden routes. Active routes
are the routes the system uses to forward traffic. Holddown routes are routes that are in a pending state
before the system declares them as inactive. Hidden routes are routes that the system cannot use for
reasons such as an invalid next hop and route policy.
You can filter the generated output by destination prefix, protocol type, and other distinguishing attributes.
The following sample capture illustrates the use of the protocol filtering option:
user@host> show route protocol ospf
Slide 83
Routing OSPF
protocol
databases
Routing Forwarding
Table Table
Other routing DirectStatic
information
sources
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 83
Slide 84
Forwarding plane
FT
Packets in Packets out
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 84
Slide 85
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 85
Slide 86
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 86
Slide 87
Slide 88
Configuration Example
Routing instance configuration example:
[edit routing-instances new-instance] Routing instance name is user-
user@host# show defined
instance-type virtual-router; Routing instance type
interface ge-0/0/0.0;
interface ge-0/0/1.0; Define interfaces under the [edit
interface lo0.1; interfaces] hierarchy and reference
routing-options { them under the routing instance
static {
route 0.0.0.0/0 next-hop 172.26.25.1;
}
}
protocols {
ospf {
area 0.0.0.0 {
interface ge-0/0/0.0;
interface ge-0/0/1.0;
interface lo0.1;
}
}
}
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 88
Slide 89
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 89
Slide 90
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 90
Slide 91
Static Routes
Manually configured routes added to routing table
• Defined under [edit routing-options] hierarchy
Require a valid next hop
• Typically the IP address of a directly connected device;
other options exist such as the bit bucket (discard or
reject)
ge-0/0/1
Network A
172.29.100.0/24 .1 .2 .1 Internet
172.30.25.0/30
192.168.63.14
user@host> show route 192.168.63.14
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 91
Static Routes
Static routes are used in a networking environment for multiple purposes, including a default route for the
autonomous system (AS) and as routes to customer networks. Unlike dynamic routing protocols, you
manually configure the routing information provided by static routes on each router or multilayer switch in
the network. All configuration for static routes occurs at the [edit routing-options] level of the hierarchy.
Next Hop Required
Static routes must have a valid next-hop defined. Often that next-hop value is the IP address of the
neighboring router headed toward the ultimate destination. On point-to-point interfaces, you can specify
the egress interface name rather than the IP address of the remote device. Another possibility is that the
next-hop value is the bit bucket. This phrase is analogous to dropping the packet off the network. Within
Junos Software, the way to represent the dropping of packets is with the keywords reject or discard.
Both options drop the packet from the network. The difference between them is in the action the device
running Junos Software takes after the drop action. If you specify reject as the next-hop value, the
system sends an ICMP message (the network unreachable message) back to the source of the IP packet. If
you specify discard as the next-hop value, the system does not send back an ICMP message; the system
drops the packet silently.
By default, the next-hop IP address of static routes configured in Junos Software must be reachable using a
direct route. Unlike with software from other vendors, Junos Software does not perform recursive lookups
of next hops by default.
Static routes remain in the routing table until you remove them or until they become inactive. One possible
scenario in which a static route becomes inactive is when the IP address used as the next hop becomes
unreachable.
Slide 92
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 92
Slide 93
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 93
Slide 94
[edit routing-options]
user@Host-A# show Indirect next
static { hop
route 172.20.3.0/24 {
next-hop 172.25.1.6;
resolve; resolve option required
}
}
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 94
Slide 95
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 95
Slide 96
Dynamic Routing
Method of dynamically learning routing information
Dynamic routing has the following benefits:
• Lower administrative overhead
• Increased network availability
• Greater network scalability
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 96
Dynamic Routing
Static routing is ideal in small networks where only a few routes exist or in networks where absolute control
of routing is required. However, static routing has certain drawbacks that might make it cumbersome and
hard to manage in large environments where growth and change are constant. For large networks or
networks that change regularly, dynamic routing might be the best option.
With dynamic routing, you simply configure the network interfaces to participate in a routing protocol.
Devices running routing protocols can dynamically learn routing information from each other. When a
device adds or removes routing information for a participating device, all other devices automatically
update.
Benefits of Dynamic Routing
Dynamic routing resolves many of the limitations and drawbacks of static routing. Some of the general
benefits of dynamic routing include:
Lower administrative overhead: The device learns routing information automatically, which eliminates the
need for manual route definition;
Increased network availability: During failure situations, dynamic routing can reroute traffic around the
failure automatically (the ability to react to failures when they occur can provide increased network
uptime); and
Greater network scalability: The device easily manages network growth by dynamically learning routes and
calculating the best paths through a network.
Slide 97
IGP
IBGP
AS 64512 AS 65535
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 97
Slide 98
AS 64512
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 98
OSPF Protocol
OSPF is a link-state routing protocol designed for use within an AS. OSPF is an IGP. Link-state protocols allow
for faster reconvergence, support larger internetworks, and are less susceptible to bad routing information
than distance-vector protocols. It is common to refer to distance-vector protocols learning as “learning by
rumor”, where a router learns about prefixes from neighboring routers’ perspectives. Routers using link-
state routing protocols learn network topology by “propaganda”, where they learn the topology from all
the routers directly.
Devices running OSPF send out information about their network links and the state of those links to other
routers in the AS. This information transmits reliably to all other routers in the AS by means of link-state
advertisements (LSAs). The other routers receive this information, and each router stores it locally. This
total set of information now contains all possible links in the network.
In addition to flooding LSAs and discovering neighbors, a third major task of the link-state routing protocol
is establishing the link-state database. The link-state (or topological) database stores the LSAs as a series of
records. The important information for the shortest path determination process is the advertising router’s
ID, its attached networks and neighboring routers, and the cost associated with those networks or
neighbors.
OSPF uses the shortest-path-first (SPF) algorithm (also called the Dijkstra algorithm) to calculate the
shortest paths to all destinations. It does this calculation by calculating a tree of shortest paths
incrementally and picking the best candidate from that tree.
OSPF uses areas to allow for a hierarchical organization and facilitate scalability. An OSPF area is a logical
group of routers. The software can summarize the routing information from an OSPF area and the device
can pass it to the rest of the network. Areas can reduce the size of the link-state database on an individual
router. Each OSPF router maintains a separate link-state database for each area to which it is connected.
The link-state database for a given area is identical for all participating routers within that area.
To ensure correct routing knowledge and connectivity, OSPF maintains a special area called the backbone
area. OSPF designates the backbone area as Area 0.0.0.0. All other OSPF areas must connect themselves to
the backbone for connectivity. All data traffic between OSPF areas must transit the backbone.
Slide 99
.9 .6
Host-C
lo0: 192.168.100.3/32 .1
172.20.3.0/24
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 99
Slide 100
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 100
Slide 101
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 101
Slide 102
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 102
Slide 103
https://virtuallabs.juniper.net/
Click here to
continue
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 3
Slide 104
Section Objectives
In this section, we:
• Compared and contrast routing and forwarding tables;
• Described routing instances;
• Described static routing and its configuration using Junos;
• Described dynamic routing.
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 104
Slide 105
c) Destination table
d) Routing table
Submit
Submit Clear
Clear
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 105
Slide 106
Submit
Submit Clear
Clear
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 106
Slide 107
Junos OS Adoption
© 2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Adoption of any new product or technology initially requires some effort; however, Juniper’s customers
have consistently found the initial short-term activities of Junos adoption to be far outweighed by the long-
term benefits. This section introduces the interoperability features and migration tools available to Juniper
customers to make the move to Junos simple and safe.
Slide 108
Section Objectives
In this section, you will be able to:
• Discuss how Junos OS interoperates with other devices
and integrates to other systems
• Present ways in which Juniper eases Junos OS adoption
for new customers
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 108
Slide 109
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 109
Do any of your customers have only one vendor in their network? For the most part, probably not. Just as
most of your customers likely have multiple vendors for servers, storage, and other IT systems, it’s good
practice to use multiple vendors in the network, as overall, an organization is likely to get better solutions
for lower costs. So how Junos interoperates and integrates into existing infrastructure is essential.
Juniper engineers have long been involved in building open standards for interoperability in industry
organizations. For example, Junos developers have been at the forefront of defining and implementing
MPLS applications, next-generation multicast VPN architectures, and high-availability features such as non-
stop active routing and in-service software upgrades. Junos protocols engineers authored or co-authored
more than 20 IETF drafts in 2008 alone.
Junos OS supports hundreds of networking protocols — standards such as spanning tree, LLDP, OSPF, BGP,
IPv6, and MPLS, to name just a few. Nonetheless, the practicalities of interoperability require that Juniper
goes beyond simply implementing the standards. For example, filling in gaps in cases of differences in
interpretation or where de-facto standards are used.
This practical approach is necessary to support the thousands of customers of Junos. Interoperability
between Juniper and other large networking vendors has been proven several times over, in the best
possible way, with live network implementations in the largest networks over the past decade.
Slide 110
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 110
A few organizations may still be running proprietary or legacy protocols within their network. In these
cases, the customer will either have to transition to modern standards or adopt one of the available
methods of supporting these protocols over a standards-based infrastructure. For example, there are
various approaches to simultaneously running EIGRP and OSPF in legacy routers to support a long term
transition to OSPF. By moving to open standards, organizations benefit from the collective innovation of the
industry; open standards generally offer a broader set of capabilities than protocols developed exclusively
by one vendor.
Slide 111
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 111
Operations teams use tens, sometimes hundreds, of different tools to manage their networks, for examples
tools for inventory, configuration, provisioning, monitoring, and managing faults. Many are home grown
while others are purchased from one of the many independent software vendors who develop network
management products. Juniper works in close partnership with these vendors to integrate management of
Junos into their solutions.
Juniper streamlines integration of partner and customer systems by providing a number of open, standard
interfaces in Junos. In addition to the CLI, standardized system logging messages, SNMP interfaces, and on-
board instrumentation systems, Junos also provides an XML (eXtensible Markup Language) interface. All
these open options let network management tools interact with Junos in a reliable and predictable way.
For customers who want to use Juniper element management, Juniper provides its Network and Security
Manager (NSM), a powerful, centralized management solution that controls the entire device life cycle
across the broad portfolio of Juniper’s enterprise platforms, including firewall/IPSec VPN, Secure Access
(SSL), Infranet Controller, the J Series, M Series, and MX Series routing platforms and EX Series switches.
Slide 112
Operations Automation
Save Time: write custom
commands & automate
diagnostics
Event Automation
Speed Resolution:
Gather/correlate events and
automate response
Config Automation
Avoid Errors: Simplify
& enforce best practices
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 112
With Junos, we characterize Junos Automation with efficiency. Whether it be operations, event correlation,
or configuration, Junos will save time through automation that runs directly on the Junos device. We also
feature Juniper care with Service automation allowing a Juniper service team to work directly with
customers to maintain specific levels of incident response management. As explained earlier as well, we
offer Junos Space which through this platform we offer a programmable platform for developing and
running applications across the network.
Slide 113
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 113
Are your customers migrating from Cisco to Juniper? Ease the transition with the I2J tool, a configuration
translator that converts Cisco IOS software configurations to Junos software configurations. Automatic
access to the tool at https://i2j.juniper.net/release/index.jsp is provided at no charge to JNASC Support
Managers, JNASC Support Providers, Premier Accounts, and all support contract customers.
Training on the Juniper I2J translator can be found by using the link :
http://www.juniper.net/us/en/training/elearning/ios_junos/content/index.html
And additional conversion tools can be found using the link at the bottom of this slide: https://migration-
tools.juniper.net/tools/index.jsp
Slide 114
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 114
So how do we get started with Junos? There is always training and certifications available from new user
Juniper Associate (JNCIA) Introduction to Junos curriculum, to expert level certifications (JNCIE). We also
offer a fast track program for those who are already familiar with other vendors products. This program will
offer the student discounts and time savings in certifying on the Junos OS. We also offer several books
including Day One downloads for eReaders as well as .PDF formats, and a full technical library of books
from the publisher O’Reilly.
Slide 115
Section Summary
In this section, we:
• Discussed how Junos OS interoperates with other devices
and integrates to other systems
• Presented ways in which Juniper eases Junos adoption for
new customers
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 115
Slide 116
Submit
Submit Clear
Clear
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 116
Slide 117
Course Summary
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 117
Slide 118
Additional Resources
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 118
For additional resources or to contact the Juniper Networks eLearning team, click the links on the screen.
Slide 119
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 119
You have reached the end of this Juniper eLearning module. You should now return to your Juniper
Learning Center to take the Practice Test and the Student Survey. The test will allow you to gauge your
knowledge of the material covered in this course. The survey will allow you to give feedback on the quality
and usefulness of the course.
Slide 120
© 2011 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01G www.juniper.net | 120
Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen,
and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries.
Junose is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks,
or registered service marks are the property of their respective owners. Juniper Networks reserves the right
to change, modify, transfer or otherwise revise this publication without notice.
Slide 121
CONFIDENTIAL
Corp orat e and Sales Head q uart ers APAC Head q uart ers EMEA Head q uart ers Copyright 20 10 Junip er Net w orks, Inc.
Al l right s reserved. Junip er Net w orks,
Junip er Net w orks, Inc. Junip er Net w orks ( Hong Kong) Junip er Net w orks Ireland t he Junip er Net w orks logo, Junos,
119 4 Nort h Mat hild a Avenue 26 / F, Cit yp laza One Airsid e Business Park Net Screen, and ScreenOS are regist ered
Sunnyvale, CA 9 4 0 8 9 USA 1111 King’s Road Sw ord s, Count y Dub l in, Ireland t rad em arks of Junip er Net w orks, Inc. in
Phone: 8 8 8 .JUNIPER Taikoo Shing, Hong Kong Phone: 35.31.8 9 0 3.6 0 0 t he Unit ed St at es and ot her count ries.
( 8 8 8 .58 6 .4737) Phone: 8 52.2332.36 36 EMEA Sales: 0 0 8 0 0 .4 58 6 .4737 Al l ot her t rad em arks, service m arks,
or 4 0 8 .74 5.20 0 0 Fax: 8 52.2574 .78 0 3 Fax: 35.31.8 9 0 3.6 0 1 regist ered m arks, or regist ered service
Fax: 4 0 8 .74 5.210 0 m arks are t he p rop ert y of t heir
w w w.junip er.net resp ect ive ow ners. Junip er Net w orks
assum es no resp onsib il it y f or any
inaccuracies in t his d ocum ent . Junip er
Net w orks reserves t he right t o change,
m od if y, t ransf er, or ot herw ise revise t his
p ub l icat ion w it hout not ice.