Académique Documents
Professionnel Documents
Culture Documents
Student Guide
Slide 1
Juniper Networks
Sales Education
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
SSFJUN01-I
Slide 2
JUNOS OPERATING
SYSTEM HIGHLIGHTS
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
SSFJUN01-I
Slide 3
Course Agenda
Introduction to Junos OS
The Junos OS CLI
The Junos CLI Rocks!
Routing with Junos
Junos OS adoption
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 3
SSFJUN01-I
Slide 4
Course Objectives
Upon completing this course, you will be able to:
Describe the Junos OS command-line interface (CLI)
Demonstrate specialized features of the Junos CLI that
save time and avert downtime
Describe basics of routing using Junos OS
Discuss how to ease adoption of Junos OS
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 4
SSFJUN01-I
Slide 5
Introduction to Junos OS
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Introduction to Junos OS
Junos is the network operating system that runs an increasing spectrum of the Juniper portfolio product,
ranging from switches, to routers, and to firewall products. This is what sets Juniper apart as a strategic
portfolio vendor.
SSFJUN01-I
Slide 6
Section Objectives
After successfully completing this section, you will
be able to:
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 6
SSFJUN01-I
Slide 7
Introduction
The Junos operating system is a single network operating system
integrating routing, switching, security, and services
Junos OS delivers the power of one operating system to run
high-performance networking infrastructure
The Junos OS command-line interface offers specialized features
to save time for users and prevent downtime in the network
Juniper offers customers the training, tools, and services needed
to make the adoption of Junos OS simple and safe
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 7
Much of the value, the savings, and the streamlining of operations of our products and solutions are
delivered by the Junos operating system.
With the limited amount of time that you have to talk to customers and get their interest, its important to
understand how the operating system works, how customers use it, and how you can help to ease its
adoption into their own infrastructure. When we talk about Junos, we talk about the Junos advantage
offered by the Power of One operating system.
This course is designed to share with you the highlights of the Junos advantages, focusing on its key
differences and ease of operation that would aid to lower your customers operating costs. The course
provides operational and configurational commands, illustrating the power of Junos and its ease of use.
SSFJUN01-I
Slide 8
CONFIDENTIAL
SSFJUN01G
www.juniper.net13
| 8
Juniper Networks has always thought differently about the network. Whereas our competitors have
trended towards a box-on-box, multiple operating system approach; Juniper sees that this leads to spiraling
layers of complexity in customer networks.
We have purposely driven our strategy to simplify the network through specific investment and new
development looking towards convergence. Over more than a decade Juniper has evolved Junos software
as a single, end-to-end, high-performance operating platform of the network to deliver routing, switching,
security, services and cloud. This approach in how we innovate is fundamentally different than our
competitors enabling our customers to build their networks and deliver new services in converged offerings
with simplicity of operations and reduced costs.
SSFJUN01-I
Slide 9
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 9
The legacy networking providers approach has been hardware oriented. Sell another box to fix another
problem. As these vendors acquire companies and add more products they are also adding more operating
systems, more proprietary software, more complexity, and more problems.
Complexity is their strategy! Theyll sell more boxes. The customer must pay for a lot of services and
support to integrate and make it all work.
But this puts the customer in a constant state of upgrading, testing, and maintaining. The operating systems
may need to be individually tailored, and it is unknown how changes, bugs, and upgrades on one box will
affect the others. More boxes get sold to attempt to fix problems, but complexity and cost increases, while
customer satisfaction decreases. The bottom line for customers? Chronic complexity management.
SSFJUN01-I
10
Slide 10
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 10
Junos provides a simpler approach with fewer issues. When talking about Junos to customers, partners,
etc., we need to think outside of the normal box conversation. The discussion needs to be more about
selling a solution rather than just another box. Junos software is changing the way we should be looking at
the whole network experience.
As we stated earlier, Junos is much more than an operating system; it is a simplified, common language that
provides a consistent user experience across multiple devices. With Junos you get consistent core
functionality that scales from the smallest to the largest device on the network.
It is based on open standards so it integrates seamlessly into the network, even with our competitors
products. Customers can move, over time, to a network with fewer problems and lower cost.
SSFJUN01-I
11
Slide 11
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 11
SSFJUN01-I
12
Slide 12
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 12
Multiple components of the Junos software platform give developers unmatched flexibility to create
dynamic applications that interact with the network from the client to the cloud.
- In the network, the open standards, open platform approach of the operating system inspires innovation.
-Junos Space is a programmable platform for developing and running applications across the network.
-And Junos Pulse is a multi-service network client that can be used on mobile devices such as notebooks,
netbooks, and smartphones. It too is a open, programmable, platform that simplifies the end user
experience.
-Running over these platform layers is a growing portfolio of Junos Ready Software applications developed
by Juniper and third-parties.
SSFJUN01-I
13
Slide 13
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 13
The foundational component of the Junos software platform is the Junos operating system. Running a single
operating system across devices makes the day-to-day operation of the network less complex. The IT staff
can focus on rolling out new deployments and maintaining the network, making better use of their time
and effort. With a steady release of new features and a modular architecture they have predictable
performance and the ability to streamline their tasks through automation. They can evolve their current
network infrastructure rather than adding box on top of box.
This provides a consistent user experience for the IT staff and lower costs for the customer.
SSFJUN01-I
14
Slide 14
Data Plane
Control Plane
Enhances resiliency
Routing
Engine
Packet
Forwarding
Engine
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 14
Lets review some of the architecture highlights whats different in the design. From the beginning the
engineers decided to separate the functions of control and forwarding. Ask yourself a question what do
routers do for living? They determine the path and then, once they know the next hop, they switch packets.
So, it makes complete logical sense to separate the function of path determination, or control, from the
function switching, or packet forwarding.
Think of control as the brains of the system. Its really what runs the protocols. The forwarding is where the
packet handling happens. Its the brawn of the system. Its whats responsible for the high throughput
taking packets, inspecting them, and moving them on quickly down the network.
So, if youre not a software engineer, why do you care about this? Well, the bottom line here is - dedicated
resources means high resiliency, which gives you that incredibly high availability that carriers rely on. So,
again, carrier class is what weve got.
SSFJUN01-I
15
Slide 15
Kernel
...
Module n
Interfaces
Routing
Control Plane
Management
No overwrites
Kernel
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 15
A second design element to point out about the architecture is its modularity. Here we have a diagram of
the control plane and you see a group of modules responsible for different functions of the software
whether it be management or routing and each of these run as independent processes, all of which are
controlled by the underlying kernel.
Weve got dedicated resources. Because of the modular nature of these resources, if theres a problem, say,
in the routing module, it doesnt disrupt anything going on in the management or interface modules. So,
small problems dont become big ones, and that leads to really high availability and, when our engineers
want to add functionality, they do it in a modular fashion. We can roll out new features by building a new
module and putting it into this same model you see here.
Junos modular architecture allows customers to troubleshoot the problems much easier because they can
isolate whats going on in the software quicker versus other systems that are just monolithic blocks of code
where it is very difficult to understand whats going on.
SSFJUN01-I
16
Slide 16
Junos OS Services
Tailored services
flexibility
NSM
J-Web
Data Plane
Packet Forwarding
Physical Interfaces
SSFJUN01G
Service
App 2
Service
App 3
...
Services Plane
Services Interfaces
Kernel
CONFIDENTIAL
Service
App 1
Module n
Interfaces
Routing
...
NETCONF/XML
Partner development platform
Toolkit
Scripts
CLI
Control Plane
Service
App n
www.juniper.net | 16
Junos modularity permits very painless addition of two additional Junos design elements that are different.
First is a dedicated services plane in many platforms, such as the SRX Series Services Gateways. What this
means is that Juniper engineers are able to quickly introduce and integrate new service capabilities
whether it be bringing intrusion prevention, or Antivirus and have all of those services work together in
an integrated fashion. The next element to add is open management interfaces. Junos offers interfaces for
integrating both into our element management systems as well as some element management systems of
other vendors and other operational systems.
SSFJUN01-I
17
Slide 17
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 17
So when we talk about selling Junos, we must mention that most of Junipers devices in the tool belt run
Junos. So it makes it an extremely easy sell. When we sell into the Data Center, we should be asking
questions about the customers branch office devices, or vice versa. No matter where in the network we
need devices, Juniper has the solution to fit the need, whether it be routing, security, or switching, Juniper
can do it, oh yeah and with the same operating system trans-versing from device to device. There is no
reason to learn separate operating systems as traditionally fed to network administrators for the past 40
years.
SSFJUN01-I
18
Slide 18
Section Summary
In this section, we:
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 18
SSFJUN01-I
19
Slide 19
Submit
Submit
CONFIDENTIAL
SSFJUN01G
Clear
Clear
www.juniper.net | 19
SSFJUN01-I
20
Slide 20
Switches
b)
Routers
c)
WAN Acceleration
d)
Firewall
Submit
Submit
CONFIDENTIAL
SSFJUN01G
Clear
Clear
www.juniper.net | 20
SSFJUN01-I
21
Slide 21
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
SSFJUN01-I
22
Slide 22
Section Objectives
After completing this section, you will be able to:
Introduce the Junos OS CLI
Understand the difference between operational mode and
configuration mode
Navigate the command hierarchy
Use command-line shortcuts and get help
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 22
SSFJUN01-I
23
Slide 23
A Web-based GUI
Perform actions available in
the command-line interface
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 23
The command-line interface (CLI) is the software interface used to access the device. One big differentiator
of Junos CLI from other CLIs in the market place is that Junos provides a rich set of new tools and
safeguards that can help your customers to efficiently manage their networks and maintain high uptime.
The material discussed in these slides is generally applicable to any device run by Junos.
You can access the CLI through either a console connection, through an out-of-band network interface, or
in-band through the network. By default, only the console connection is available for use. All other
connection methods require explicit configuration in the device.
Another option of operating and configuring a Junos device is J-Web, a powerful web-based management
interface available on Junos devices. J-Web lets you perform the actions available in the command-line
interface. It provides practical tools to monitor, configure, troubleshoot, and manage your device.
Generally to use J-Web, the user has to either manually enable http via the CLI, or through the LCD panel
externally to launch J-Web (by default J-Web is only set up on the J Series).
Additionally customers can manage platforms run by Junos with Juniper management products including
NSM.
SSFJUN01-I
24
Slide 24
CLI Login
Log in with your
username and
password
Default CLI prompt
shows:
username
device host name
user: mike
password: *******
mike@jnpr1>
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 24
To access the interface you need to connect and log in. These instructions assume that your device has
already been configured with your user name and password.
If youre using a brand-new device rather than one thats already been configured with your user name and
password, you log in as root and press enter as your password.
We use the convention of showing user input into the CLI in blue bold font
SSFJUN01-I
25
Slide 25
CLI Modes
Operational mode
Monitor and manage device operations
The > character
identifies operational
mode
mike@jnpr1>
Configuration mode
Configure the device and its interfaces
[edit]
The # character
identifies configuration
mode
mike@jnpr1#
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 25
The Junos CLI organizes its commands into two groups, known as modes:
Operational mode is for managing and monitoring device operations. For example, monitor the status of
the device interfaces, check chassis alarms, and upgrade and downgrade the device's operating system.
Configuration mode is for configuring the device and its interfaces. This includes configuring the
management console with its network settings, setting up user accounts for access to the device, specifying
the security measures used to protect the device and the network, and setting up routing and switching
protocols.
The prompt following the device name indicates the mode as shown on the slide.
SSFJUN01-I
26
Slide 26
Know where you are at, find what you want, quickly
move around the interface, efficiently enter
commands
Top Level
Node
...
2nd Level
Nodes
3rd Level
Nodes
...
...
...
...
...
...
...
...
...
...
...
CONFIDENTIAL
...
...
...
SSFJUN01G
www.juniper.net | 26
The Junos CLI structures the activities of each mode into hierarchies. The hierarchy of each mode is made
up of cascading branches of related functions commonly used together.
The structured hierarchy of the command-line interface is among the first of many preferred differences
that new users discover about the Junos CLI. By logically grouping activities, the Junos CLI provides a
regular, consistent syntax helpful in knowing where you are at, finding what you want, quickly moving
around the interface, and efficiently entering commands. The hierarchy of commands just makes
everything a lot easier in both learning and then using the Junos CLI. New users regularly comment on just
how logical the command-line is.
SSFJUN01-I
27
Slide 27
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 27
The slide shows common administrative tasks completed in operational mode. Junos provides an extensive
set of on-board instrumentation capabilities for gathering critical operational status, statistics, and other
information. These tools deliver advance notification of issues and speed problem-solving during events.
As part of your configuration setup you can specify the types of events to track, the event severity, the files
in which to store the data, among other options. You can then access this information in operational mode.
Juniper devices come with sufficient processing power to collect and store critical operational data,
including SNMP management, system logging, and traceoptions (or debugging) that help you to understand
how the box operates in normal conditions and where, when, and why changes occur.
SSFJUN01-I
28
Slide 28
top
Less Specific
clear configure file
CONFIDENTIAL
More Specific
SSFJUN01G
www.juniper.net | 28
When you first log in to the CLI, the command-line interface is at the top level of the CLI's operational
mode.
This slide shows a view of the CLI's tree structure from the top of the operational mode, with an example of
its cascading hierarchy through the show command. The show command is one of the most commonly
used because it displays information ranging from interfaces (show interface) to hardware (show
chassis) to protocols (show ospf neighbor).
For the student with experience using IOS, a basic difference of Junos is that it does not use the keyword IP.
So, many of the show commands you already know work if you drop this part of the command. For
example, the IOS command show ip route simply becomes show route in Junos.
SSFJUN01-I
29
Slide 29
Specifying Output
mike@jnpr1> show interfaces fe-1/1/1 ?
Possible completions:
<[Enter]>
Execute this command
brief
Display brief output
descriptions
Display interface description strings
detail
Display detailed output
extensive
Display extensive output
media
Display media information
snmp-index
SNMP index of interface
statistics
Display statistics and detailed output
terse
Display terse output
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 29
The show command includes other arguments to modify the output. This slide displays the available
arguments for the show interfaces command for the fe-1/1/1 Fast Ethernet interface. The
question mark (?) helps you to complete commands, enabling you to navigate through the command
hierarchy without referencing a CLI manual. In fact, question mark is your best friend while operating or
configuring a Junos running device.
You can add these options to adjust the output listings to what you need.
SSFJUN01-I
30
Slide 30
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 30
This slide illustrates the results of adding the keywords brief and terse to the show interfaces
command.
SSFJUN01-I
31
Slide 31
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 31
As you monitor and configure a device, you need to switch between the operational mode and
configuration mode. When you change to configuration mode the command prompt changes from > to
#.
To switch from operational mode to configuration mode, issue the configure command.
The [edit] banner shows your location at the top level of the configuration hierarchy.
To exit back to operational mode, you issue the exit command.
SSFJUN01-I
32
Slide 32
Less Specific
access chassis groups interfaces services system etc.
finger
ftp
netconf
ssh
telnet
etc.
More Specific
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 32
Configuration mode has a hierarchical structure logically grouping related configuration statements. This
structure eases configuration set up, review, and changes by allowing you to more readily find and view
related statements. The slide illustrates a portion of the configuration tree, with nodes such as system
and interfaces at the 2nd level of the hierarchy.
The configuration statement hierarchy includes two types of statements:
container statements: which contain other statements, that is they have subordinate configuration levels.
Each container statement represents a configuration stanza, which could include other configuration
stanzas. A configuration stanza is represented by the content between curly brackets ({ and }).
leaf statements: which do not contain other statements, that is they are at the end of a particular
hierarchical path. Each leaf statement is located within a configuration stanza.
SSFJUN01-I
33
Slide 33
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 33
The command-line interface displays the hierarchy of the configuration mode through specific syntax:
Indicating hierarchy by indenting each subordinate level
In this example, services is a subordinate of system, and ftp is a subordinate to
services.
Indicating container statements by open and close curly brackets.
In the example, system and services are cascading container statements.
Indicating leaf statements with a semicolon.
In the example, ftp; is a leaf statement.
Also, speaking of configuration stanzas, system is a configuration stanza and so is services.
SSFJUN01-I
34
Slide 34
Hierarchy Flexibility
View from the top of configuration mode
[edit]
system {
services {
ftp;
}
}
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 34
The flexibility to work at a specific sublevel or stanza in the hierarchy is helpful when users want to focus on
just a small portion of the configuration.
For example, the two configuration statements shown for the FTP service are equal. In the first, you are
looking at the statement from the root level of the hierarchy; and so the ftp; statement is shown in this
listing within the system and services container statements.
In the second example, you are viewing the ftp; statement from deeper level within the hierarchy.
When you are in deeper levels of the hierarchy, the [edit] banner displays the entire hierarchical path.
Here, the banner [edit system services] indicates a place of the hierarchy lying within
services at the 3rd level, within system at the 2nd level, and within the root - first level.
In this 2nd example, as you are deeper within the hierarchy. Whenever you view the configuration, the
command-line only displays the ftp; statement.
To determine where you are in the configuration hierarchy refer to the configuration command banner
before entering configuration commands. While you can edit the configuration from the root directory,
often it is easier to navigate to the area within the configuration you are changing prior to adding and
removing commands.
SSFJUN01-I
35
Slide 35
up
Move up one level in the hierarchy
To move up multiple levels, add an optional count
top
Move to the top level in the hierarchy
exit
Leave the current level of the configuration hierarchy,
returning to the level prior to the last edit command
If you enter exit from the top level of the configuration
hierarchy, you exit configuration mode
2011 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 35
The edit, up, top, and exit commands let you navigate the configuration tree.
Use the edit command to jump to a specific location within the candidate configuration. The
configuration mode banner changes to indicate your new location in the hierarchy. You must know the full
hierarchical path. If you navigate to a hierarchy location that doesnt exist in your configuration yet, the CLI
will create the hierarchy level.
The up command allows you to move up levels in the hierarchy. By default, you move one level. You can
add a number after the command to specify how many levels to move up.
The top command takes you to the first hierarchy level.
The exit command returns you to the hierarchy location prior to the last edit command. If you exit this
command from the top level of the configuration hierarchy, you exit configuration mode.
The organized structure of the command hierarchy eases movement from one level to another within the
Junos CLI.
SSFJUN01-I
36
Slide 36
Up arrow or Ctrl+p
Go to beginning of line
Ctrl+a
Go to end of line
Ctrl+e
Ctrl+b
Ctrl+f
Esc+f
Esc+b
Ctrl+d
Esc+d
Esc+backspace
Ctrl+k
Ctrl+u
Ctrl+y
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 36
Fortunately for new (and experienced) users, the Junos CLI includes lots of shortcuts and ways to get help.
Both configuration mode and operational mode offer options to shorten keystrokes. All standard Unix
keyboard shortcuts are available to you when you are logged on to the Junos device. It may take a few days
for these to become second nature; however, once you have the muscle memory, these keys can save you
lots of typing time.
The command-line interface stores every entered command in its command history. At any command
prompt the up and down arrow keys let you scroll through this history. Re-use commands that you
previously entered, or modify them as needed. Keyboard sequences can save you much time, for example,
when you are configuring similar items on the device, or you are repeating operational commands, such as
when you are debugging an issue.
SSFJUN01-I
37
Slide 37
[edit]
mike@jnpr1# show i<space>
i is ambiguous
Possible completions:
igmp
Show
ike
Show
interfaces
Show
ipsec
Show
isis
Show
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 37
The CLI provides command completion to further speed your typing in both modes. Command completion
automatically finishes partially typed commands, filenames, and user names, so you dont need to recall
the exact syntax of the desired input string. Command completion is a big help to new users, easing their
transition to the new command-line interface.
The spacebar completes most CLI commands. The tab key not only completes CLI commands, but also
filenames and user-defined variables such as policy names, community names, and IP addresses. When the
completion of the command or argument is ambiguous, hitting space or tab lists the possible completions.
SSFJUN01-I
38
Slide 38
Getting Help
[edit system]
mike@jnpr1# set s?
Possible completions:
saved-core-context
saved-core-files
> services
> static-host-mapping
> syslog
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 38
Query the command-line with the ? character at any level of the operational or configuration hierarchies
for a list of available commands and a short description of each. Typing a partial command and the ?
provides a list of all the valid ways to complete your command, as shown in this example. Using the ? in
either of these ways is known as context-sensitive help in Junos lingo. For commands that require a
filename as an argument, the question mark lists the files in the working directory. You can consider ? to
be your best friend while navigating through Junos CLI.
SSFJUN01-I
39
Slide 39
More Help
help apropos
Displays help about a text string contained in a statement
or command name
help reference
Provides assistance with configuration syntax by
displaying summary information for the statement
help syslog
Displays information on specific syslog events
help tip
Provides random tips for using the CLI
help topic
Displays usage guidelines for configuration statements
2011 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 39
When you want more information than provided by context-sensitive help, you can turn to the Junos
technical documentation on your device through the help commands. Juniper loads it on new devices and
includes it as a part of new upgrade builds. When requesting help, follow each of these help commands
with the string or topic for which you're seeking information.
The help files are divided into major categories. You can access these files in operational mode. Use:
help apropos to display help about a text string contained in a statement or command name
help reference to provide assistance with configuration syntax by displaying summary information
for the statement
help syslog to display information on specific syslog events
help tip to provide random tips for using the CLI
help topic to display usage guidelines for configuration statements
SSFJUN01-I
40
Slide 40
Logging out
mike@jnpr1> exit
logout
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 40
When it's time to take a break, you must be in operational mode to log out completely from the device. So,
if you are in configuration mode use the exit configuration-mode command to enter operational
mode. Then, you can completely exit the CLI by entering the exit command in this mode.
SSFJUN01-I
41
Slide 41
https://virtuallabs.juniper.net/
Click here to
continue
2011 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 1
SSFJUN01-I
42
Slide 42
Section Summary
In this section, you have learned how to:
Introduced the Junos OS CLI
Described the differences between operational mode and
configuration mode
Navigated the command hierarchy
Used command-line shortcuts and get help
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 42
SSFJUN01-I
43
Slide 43
# character
b)
} character
c)
> character
d)
~ character
Submit
Submit
CONFIDENTIAL
SSFJUN01G
Clear
Clear
www.juniper.net | 43
SSFJUN01-I
44
Slide 44
> character
b)
# character
c)
* character
d)
} character
Submit
Submit
CONFIDENTIAL
SSFJUN01G
Clear
Clear
www.juniper.net | 44
SSFJUN01-I
45
Slide 45
b)
c)
d)
Submit
Submit
CONFIDENTIAL
SSFJUN01G
Clear
Clear
www.juniper.net | 45
SSFJUN01-I
46
Slide 46
exit
b)
configure
c)
confmode
d)
switch
Submit
Submit
CONFIDENTIAL
SSFJUN01G
Clear
Clear
www.juniper.net | 46
SSFJUN01-I
47
Slide 47
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
The Junos CLI includes functionality not found in legacy network operating systems, such as Ciscos IOS. For
example, did you know that the Junos CLI has some special features for protecting the network from
configuration errors and mistakes? Sound helpful? Many of these features came from the inspiration and
ideas of early Junos users who demanded a safer way to set up and make changes to their device
configurations.
This section introduces you to the ground breaking and specialized features of the Junos CLI. These are the
reasons why so many users say that Junos saves them time (often lots of it), reduces repetitive tasks, and
helps them to avoid very costly mistakes. In other words to enthusiastically agree that the Junos CLI
rocks!
SSFJUN01-I
48
Slide 48
Section Objectives
After completing this section, you will be able to:
Present and demonstrate the Junos OS configuration
process and its multiple safeguards
Highlight the advantages of operating devices run by
Junos OS
Discuss features of the Junos OS CLI to automate
operations
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 48
SSFJUN01-I
49
Slide 49
validated
configuration
candidate
Load configuration
commit
confirmed
commit
scripts
active
configuration
commit
validations
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 49
The presented graphic outlines the basic steps to configure a Junos run device. Do you notice anything
different from most other network operating systems? Foremost: configuration changes in Junos do not
become active until you are ready. The Junos approach provides multiple safety nets that can save
engineers hours of troubleshooting on those bad days when configuration updates can go horribly
wrong potentially resulting in network collapses.
Once they understand these safety nets, new users of Junos typically come to see the Junos CLI as much
more user-friendly than other systems that have line-by-line entry and instant activation of
configuration changes. Have you ever had to make line-by-line changes in other systems, knowing that
you were creating intermediate risks, such as removing a firewall on an interface? Perhaps you have
entered a single-line change that created unwanted or unexpected results that you could not easily
revert.
The Junos CLI protects you from these and other configuration headaches.
To operate a device Junos uses the active configuration file. When a user changes a configuration file,
he/she works with the candidate configuration file, which is different from the active one. In order for
configuration changes to take place, the user must commit the candidate configuration file.
SSFJUN01-I
50
Slide 50
commit
candidate
configuration
commit
confirmed
validated
configuration
commit
scripts
commit
validations
active
configuration
1
rollback
Load
49
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 50
So what are the basic sets of the multi-stage Junos configuration process? Lets examine it in more details.
First: enter changes in the candidate configuration
The candidate configuration is a copy of the active configuration. You can enter configuration changes to the candidate
through the CLI via cut and paste, load or merge a text file with the updated configuration changes, or enter the changes by
hand through the CLI interface. After making all your candidate changes, you can review your work, including comparing the
candidate to the active running file.
Second: commit you changes, sending off a copy of the candidate to become the active configuration
Before finalizing the changeover, the software checks for certain statements within the candidate and performs other
context validations. If the device includes pre-loaded commit scripts, these scripts will also check and possibly correct errors
within the candidate configuration.
Third: the candidate becomes the active configuration
The candidate configuration becomes the active configuration and the device places the previous active configuration into
an archive of up to 49 of the past active configurations, which you can access through the rollback command.
Well explore explore each of these steps further in this section.
SSFJUN01-I
51
Slide 51
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 51
To enter configuration mode, Junos provides several options. These options give users different ways to
manage who is making changes and when.
If users enter configuration mode with the base command: configure, as discussed in the prior section,
then they are in standard configuration mode. Standard mode allows any number of users to edit the
candidate configuration simultaneously, and changes made by a single user are visibly shared by all users,
any of whom will activate all changes if they enter a commit command.
Alternatively, Junos offers the options to configure private or configure exclusive. These
prevent one user from inadvertently activating another users changes before they are ready.
In private mode, the device keeps a separate candidate copy holding only the changes by the private user.
In exclusive mode, the command-line locks all other users out of configuration mode until the exclusive
user closes the exclusive state.
These two configuration options are very handy when multiple users can change the candidate
configuration of a device.
SSFJUN01-I
52
Slide 52
show Command
List the complete candidate from
the top of configuration mode
[edit]
mike@juniper1# show
version "9.2R1.3";
groups
{
re0 {
system {
jnpr1-name jnpr1;
}
}
}
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 52
Initially, before any changes are entered, the candidate configuration is the same as the active running
configuration of the device.
To display the candidate configuration, use the show command in configuration mode. When entered from
the top of the configuration hierarchy, the CLI displays the entire candidate configuration, as shown in the
abbreviated listing of the example on the left.
Deeper in the hierarchy, the show command displays the configuration from the current hierarchy level
and below, as show in the example on the right.
Note: You may have noticed that configuration mode uses the show command in a different way than
operational mode. The commands of each mode are independent of each other, and so the show
command represents different actions in each.
SSFJUN01-I
53
Slide 53
set Command
From the top of configuration mode
[edit]
mike@jnpr1#
mike@jnpr1#
mike@jnpr1#
mike@jnpr1#
set
set
set
set
system
system
system
system
services
services
services
services
finger
ftp
ssh
telnet
Either
adds
From a sublevel
[edit]
system {
services {
finger;
ftp;
ssh;
telnet;
}
}
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 53
You can create or change the candidate configuration by entering a series of commands, including those to
add and remove configuration statements. The set command inserts a statement and values into the
candidate configuration.
While you can edit the candidate from the root directory, as shown in the top example, often it is easier to
navigate to the area within the configuration you are changing prior to adding and removing commands.
This is shown in the second example where changes are entered in the [edit system services]
sublevel of the hierarchy.
Either approach adds the same lines, shown on the right.
SSFJUN01-I
54
Slide 54
delete Command
Remove a statement along with any subordinate
statements
Deleting a statement effectively returns the affected
device, protocol, or service to an unconfigured state
Deleting a container statement removes everything under
that level of the hierarchy
[edit]
mike@jnpr1# delete system services
Now
CONFIDENTIAL
[edit]
system {
}
SSFJUN01G
www.juniper.net | 54
SSFJUN01-I
55
Slide 55
compare Configurations
Display the differences between the candidate and
active configuration
Options to show any two configurations
[edit system services]
mike@jnpr1# show | compare
- ssh;
+ telnet;
- web-management {
http {
port 8080;
}
- }
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 55
Have you ever entered changes to a configuration and then wanted to review them?
The compare command provides a convenient way to display the configured differences (and only these
differences) between the candidate configuration file and the active running configuration of the device (or
any other configurations you might choose). The CLI indicates new lines in the candidate with a plus (+) sign
and those removed with a minus (-) sign. In this example, the user has enabled telnet within system
services and also removed ssh and web-management.
SSFJUN01-I
56
Slide 56
commit check
Check that the device will accept your candidate
Validates the logic and completeness of the candidate
without activating the changes
[edit]
mike@jnpr1# commit check
[edit interfaces lo0 unit 0 family inet]
'address 192.168.69.1/24'
Loopback addresses' prefix must be 32 bits
error: configuration check-out failed
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 56
The CLI also provides a command to check that the system can process your candidate configuration. The
commit check command validates the logic and completeness of the candidate semantics without
activating any changes. These are the same validations which run when you commit a candidate. If the
system finds a problem in the candidate configuration, it lets you know, as the example above.
SSFJUN01-I
57
Slide 57
commit
Activates the candidate to become the running
configuration of the device
If the validation checks find any errors, you must fix these
before the candidate can become the active file
[edit]Bullets
Add
mike@jnpr1# commit
error: Policy error: Policy my-policy referenced but not defined
error: BGP: export list not applied
error: configuration check-out failed
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 57
The candidate file is only the proposed configuration, and your device does not use any of this
configuration until you issue a commit command. After you have entered all desired changes, and you
have double checked your work, you are ready to activate your candidate as the active running
configuration.
To activate the candidate configuration, enter the commit command.
Before actually activating the candidate configuration, Junos checks basic syntax and semantics. For
example, the software makes sure that a policy has been defined before it is referenced. If any syntax or
semantic problems are found, the commit command returns an error.
You must fix all mistakes before the candidate (or any part of the candidate) can become active.
The commit complete message tells you that the new configuration is up and running on the device.
SSFJUN01-I
58
Slide 58
Commit confirmed
Automate rollback in remote devices
Commit a candidate configuration for a limited time
[edit]
mike@jnpr1# commit confirmed
commit confirmed will be automatically rolled back in 10
minutes unless confirmed commit complete
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 58
Are you among those of us who have made the mistake of adding security to a remote box, only to discover
the new firewall locked you out of the very interface that you were using to access the device? Do you have
a story about the time you accidently isolated a remote box and then had to jump in the car and drive twoand-a-half hours in the middle of the night just to reset it? The commit confirmed command can
prevent costly configuration mistakes by automatically rolling back problematic configurations.
The commit confirmed command commits a candidate configuration for 10 minutes. Then if you don't
follow up with a second commit, the device automatically rolls back to the previous configuration. You can
use the commit confirmed command anytime you want a safety net against potential configuration
problems.
If you do not confirm the configuration by entering a second commit command, the CLI will roll back the
device to the previous active configuration at the end of the 10 minutes (or other interval you specify). In
this way, if you have accidently isolated the device, you simply need to wait for the roll back instead of
agonizing over how you are going to otherwise undo your mistake.
SSFJUN01-I
59
Slide 59
Rollback
Use rollback (or rollback 0 ) to reset the candidate
configuration to the currently active configuration
rollback 1 loads the previously active configuration
rollback n loads the nth previous active configuration
rollback rescue loads the previously created rescue
file
rollback only modifies the candidate configuration
Dont forget to commit the changes!
[edit]
mike@host# rollback
load complete
[edit]
mike@host# commit
commit complete
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 59
Whenever you commit the candidate as the new active configuration, Junos automatically saves a copy of
the replaced active file. As you store each newly replaced configuration, all the prior configuration files
move back one version number further in the configuration archive. Each device can store up to 50 of the
most recently active versions. This number includes the current active configuration (also known as rollback
0).
You can access this configuration archive using the rollback command to restore your candidate
configuration. Reset your candidate to match the active running configuration by entering rollback or
rollback 0.
Return to the most recently previous configuration file using the rollback 1 command, or add any
other number between 2 and 49 to go back to an even older version of the configuration.
The rollback command loads the requested archive as the candidate file. You can also create a rescue
configuration of a known working configuration so that you can rollback to it when all else fails.
If you want to use the rollback file immediately, first make sure it's what you want by using the show
command, and then activate it with the commit command. That last bit was important. Dont forget to
complete a rollback for the active configuration of the device, you must also commit it.
This automatic backup mechanism lets you return quickly to a previous configuration for immediate use or
for fast updates.
SSFJUN01-I
60
Slide 60
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 60
Unlike other systems Junos lets you prepare for an installation before actually installing the hardware. The
software simply ignores any parts of the running configuration which are irrelevant to the existing
hardware installation. Whenever the hardware becomes available, the newly added section of the
configuration then becomes active.
The option to set up a configuration prior to hardware install is quite useful, especially when the person
installing the hardware is different than the person configuring the device, a common occurrence for
remote boxes. Here is a configuration for fe-3/0/0, which will be installed tomorrow.
Sometimes you want to prepare configuration changes for activation at a specific time, such as during a
maintenance window. The commit at command provides this option.
You can also make configuration changes and mark them as inactive until you are ready to use them by
using the deactivate command.
SSFJUN01-I
61
Slide 61
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 61
A typical configuration includes many similar elements named and defined by the user, such as interface
names, policy statements, and firewall filters. The Junos CLI includes commands to duplicate and quickly
change the configurations of these user-defined variables.
The copy command duplicates a configuration statement along with all the subordinate statements
configured underneath it. In using the command, you copy the configuration associated with one userdefined element to a new, similarly configured element. You then modify that second element with any
needed changes.
The rename command is a convenient shortcut when you need to alter the value of a user-defined
variablesuch as policy names, filter names, IP addressesor to change the name of a user-defined
element.
The example on this slide illustrates a very useful technique for configuring similar interfaces, where only IP
addresses are different. First, you create identical configuration of se-0/0/1 based on the se-0/0/2
interface. Then, you change the ip address of the newly created se-0/0/1 interface by deleting the ip
address of the copied se-0/0/2 interface and setting the ip address for the se-0/0/1 interface, which is
10.0.36.2/24. Also, you can use the rename command to change the ip address of the newly created
interface, thereby achieving the same result, as indicated on this slide.
SSFJUN01-I
62
Slide 62
Powerful | Pipe
Filter output in both operational and configuration
mode
Sends output of one command as input to another
Examples:
Use to redirect output of a command to a file
Useful for re-using sections of configurations across
many devices
mike@jnpr1> request support information | save <filename>
Wrote 1143 lines of output to filename
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 62
The pipe | character lets you filter output in both operational and configuration modes. Pipe makes it
possible to display specific information in a single command step, sending the output of one command as
input to another, or redirecting the output to a file. The output of the command to the left of the pipe
symbol serves as input to the command or file to the right of the pipe.
The first example shown on the slide creates a file that stores the output of the request support
information command of the operational mode by piping its output to a filename.
In the second, | count counts the number of lines in the output.
Many more examples for using pipe are available in the Junos technical documentation and other reference
resources.
SSFJUN01-I
63
Slide 63
Run is Cool
Issue operational mode commands while in
configuration mode
[edit]
mike@jnpr1# run show interfaces
Physical interface: fe-4/0/2, Enabled, Physical link is Up
Interface index: 137, SNMP ifIndex: 29
Link-level type: Ethernet, MTU: 1514, Speed: 100mbps,
Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled
Device flags : Present Running
Interface flags: SNMP-Traps 16384
Link flags
: 4
CoS queues
: 8 supported
<. . .>
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 63
The run command lets you issue CLI operational mode commands while in configuration mode. Just add
the keyword run before any operational mode command that you want to execute while you are inside the
configuration mode.
For example, entering the run show interfaces command displays the output as if show
interfaces had been entered from operational mode. Here we show an abbreviated listing of the
output.
SSFJUN01-I
64
Slide 64
Flow accounting
cflowd and rich filtering
Active monitoring, passive monitoring,
port mirroring
Health monitor
Extends the Remote Network
Monitoring (RMON) alarm
infrastructure with minimum user
configuration
2011 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 64
Juniper devices provide extensive on-board instrumentation that enables customers to proactively gather
status information. Self-monitoring allows continuous feedback and lets administrators capture networkwide down to highly granular perspectives on the operations of the network. Junos-based platforms come
with sufficient processing power to collect and store critical operational data that help you to understand
how a device operates in normal conditions and where, when, and why changes occur.
Available tools for automating network monitoring include:
Real-time performance monitoring: Measures the performance of traffic as it travels between network
devices. The RPM probes can collect round-trip time minimums, averages, maximums, jitter, and other
data on both a per-destination and application basis.
Flow accounting: Provides a method for collecting traffic flow statistics, enabling operations teams to
track link utilization for capacity planning, security analysis, fault isolation, internal billing, and more.
You can gather statistics on an individual physical device, logical device, interface, or subinterface.
Health monitor: Notifies your network management system (NMS) when something requires attention.
Health monitor extends the Remote Network Monitoring (RMON) alarm infrastructure of Junos with
minimum user configuration requirements, by providing predefined monitoring of the operating system
processes and device hardware, for example: file system usage, CPU usage, and memory usage.
SSFJUN01-I
65
Slide 65
Trace logging
(traceoptions) to flag
events specific to
operations
Protocol operations
SNMP operations
Other device operations
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 65
The logging and tracing operations of Junos allow administrators to find out about events that occur in the
device normal operations, as well as error conditions. You can use the following tools to discover, trace,
and analyze the sequence of events leading to network or device issues for fast resolution.
System logging: Generates system log messages (syslog messages) for recording events that occur on
the device, including hardware and within the processes of the operating system. A few examples,
among the thousands that we can cite: an interface starting up, login failure, or hardware failure
conditions.
Trace logging (also called traceoptions): Provides a wide range of variables for observing network
and system events specific to operations, such as protocol operations. Note that traceoptions is
similar to the debug function in IOS. Examples of trace logging include BGP state changes, graceful
restart events, and even tracking SNMP operations and statistics. Trace logging is a valuable tool when
you need to find out whats going on in your device.
SSFJUN01-I
66
Slide 66
Open to Innovation
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 66
Junos Automation allows power control on-box while also allowing flexible integration to off-box systems.
With the Junos approach to an open network architecture, Juniper can offer a common interface set across
all platforms. Providing a horizontal platform approach of silicon, system, and software, allows Juniper to
deliver a complete solution supporting many applications. Juniper delivers access to third party innovation
and integration by offering a Junos software development kit to partners so they can release even more
value from their network applications.
SSFJUN01-I
67
Slide 67
CLI
scripts
Operations-mode automation
Build custom operational commands
Automate remediation steps/guidance
Custom notifications, further diagnosis, or
corrective actions
Correlate specific events and perform a
set of actions
Junos
management
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 67
Junos command automation is available in configuration and operation modes. In the configuration mode
command automation prevents configuration errors and enforces compliance to pre-defined policies and
procedures. In the operations mode command automation allows you customize operational commands,
and automate custom-defined notifications, diagnosis, or corrective actions, correlating specific events and
actions.
SSFJUN01-I
68
Slide 68
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 68
In summary, the Junos CLI offers multiple specialized features that are not found in many other network
operating systems.
In configuration mode:
configure private and configure exclusive let engineers manage who is changing the
device and when.
The commit model lets engineers enter configuration changes in a candidate file. The approach provides
multiple safety nets that can prevent configuration problems and save hours of troubleshooting.
The compare command lets engineers review their changes, looking for any last-minute typos or
omissions, by comparing two different configurations, yet again providing safety nets ensuring maximum
network availability.
rollback restores the rescue or any of the prior 50 configurations.
Preconfigure a device before hardware install or specify a time for changes to become active.
A rich set of text editing tools saves engineers lots of typing, including the power of the copy and
rename commands to repurpose existing configuration elements.
Commit scripts to customize validation of configurations and define time-saving macros.
In operational mode, the highlights include:
Powerful monitoring and diagnostic tools that engineers can use without harming device performance.
Various scripts and event policies to automate event detection and troubleshooting as well as restoration
to normal operations.
SSFJUN01-I
69
Slide 69
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 2
SSFJUN01-I
70
Slide 70
Section Objectives
In this section, we:
Presented and demonstrated the Junos configuration
process and its multiple safeguards
Highlighted the advantages of operating devices run by
Junos
Discussed features of the Junos CLI to automate
operations
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 70
SSFJUN01-I
71
Slide 71
True
b)
False
Submit
Submit
CONFIDENTIAL
SSFJUN01G
Clear
Clear
www.juniper.net | 71
SSFJUN01-I
72
Slide 72
b)
c)
d)
Submit
Submit
CONFIDENTIAL
SSFJUN01G
Clear
Clear
www.juniper.net | 72
SSFJUN01-I
73
Slide 73
b)
c)
d)
CONFIDENTIAL
SSFJUN01G
Clear
Clear
www.juniper.net | 73
SSFJUN01-I
74
Slide 74
True
b)
False
Submit
Submit
CONFIDENTIAL
SSFJUN01G
Clear
Clear
www.juniper.net | 74
SSFJUN01-I
75
Slide 75
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Junos supports various standards-based routing protocols. This section provides a quick overview of basic
routing, and the differences between static and dynamic routing.
SSFJUN01-I
76
Slide 76
Section Objectives
In this section, you will:
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 76
SSFJUN01-I
77
Slide 77
What Is Routing?
The process of moving data between Layer 3
networks
Server
B
Server
A
Internet
User A
=
Router
=
User B
Switch
Data center
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 77
SSFJUN01-I
78
Slide 78
Components of Routing
For a device to communicate with another device in
a remote network, the following requirements exist:
End-to-end communications path
Routing information on participating Layer 3 devices
Internet
User A
=
Router
=
User B
Switch
Data center
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 78
Routing Components
You must consider several components and other aspects to effectively implement routing between remote
networks. However, you can classify the various components and considerations into two primary
requirementsend-to-end communications path and ensuring all Layer 3 devices within the
communications path have the required routing information.
In the example shown on the slide, you can see that a physical path exists between the highlighted
networks and the Internet. As long as the physical path is configured and functioning correctly, the first
requirement is satisfied.
For the second requirement, all Layer 3 devices participating in the communications path must have the
necessary routing information. The devices within the user and data center networks must have the proper
gateway configured (the router that connects to those networks as well as the Internet). The gateway
device must determine the proper next hop for each destination prefix for transit traffic it receives. Devices
running Junos Software use the forwarding table, which is a subset of information found in the route table,
to make this determination. We discuss the route and forwarding tables next.
SSFJUN01-I
79
Slide 79
Routing
protocol
databases
Other routing
information
sources
OSPF
Routing
table
Forwarding
table
Direct Static
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 79
SSFJUN01-I
80
Slide 80
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 80
The following is a summary of the common predefined routing tables you might see on a device running
Junos OS :
inet.0: Used for IPv4 unicast routes;
inet.1: Used for the multicast forwarding cache;
inet.2: Used for MBGP routes to provide reverse path forwarding (RPF) checks;
inet.3: Used for MPLS path information;
inet.4: Used for MSDP route entries;
inet6.0: Used for IPv6 unicast routes; and
mpls.0: Used for MPLS next hops.
SSFJUN01-I
81
Slide 81
Route Preference
Ranks routes received from different sources
Primary criterion for selecting the active route
Used as a tiebreaker when same destination prefix is
available through multiple sources
Route Preference Values
Default preference
Direct
Local
Static
OSPF internal
RIP
OSPF AS external
BGP (both EBGP and IBGP)
0
0
5
10
100
150
170
CONFIDENTIAL
More Preferred
Less Preferred
SSFJUN01G
www.juniper.net | 81
SSFJUN01-I
82
Slide 82
172.18.25.0/30
172.18.25.1/32
172.29.30.0/24
172.29.30.1/32
*[Static/5] 00:10:24
Route source and
> to 172.29.30.253 via ge-0/0/10.0 preference
[OSPF/10] 00:03:38, metric 2
> to 172.18.25.2 via ge-0/0/13.0
*[Direct/0] 00:11:05
> via ge-0/0/13.0
*[Local/0] 00:11:05
Local via ge-0/0/13.0
*[Direct/0] 00:11:05
> via ge-0/0/10.0
*[Local/0] 00:11:05
Asterisk (*) indicates that
Local via ge-0/0/10.0
the route is selected as
active
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 82
SSFJUN01-I
83
Slide 83
Routing
protocol
databases
OSPF
Routing
Table
Other routing
information
sources
DirectStatic
CONFIDENTIAL
Forwarding
Table
SSFJUN01G
www.juniper.net | 83
SSFJUN01-I
84
Slide 84
FT
Packets out
Packets in
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 84
SSFJUN01-I
85
Slide 85
cust-A.inet.0
cust-A.inet6.0
ge-0/0/3.0
ge-0/0/4.0
lo0.1
Default Route
OSPF
CONFIDENTIAL
cust-B.inet.0
cust-B.inet6.0
ge-1/0/0.0
ge-1/0/1.0
lo0.2
Default Route
OSPF
SSFJUN01G
www.juniper.net | 85
SSFJUN01-I
86
Slide 86
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 86
SSFJUN01-I
87
Slide 87
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 87
SSFJUN01-I
88
Slide 88
Configuration Example
Routing instance configuration example:
[edit routing-instances new-instance]
Routing instance name is useruser@host# show
defined
instance-type virtual-router;
Routing instance type
interface ge-0/0/0.0;
Define interfaces under the [edit
interface ge-0/0/1.0;
interfaces] hierarchy and reference
interface lo0.1;
them under the routing instance
routing-options {
static {
route 0.0.0.0/0 next-hop 172.26.25.1;
}
}
protocols {
ospf {
area 0.0.0.0 {
interface ge-0/0/0.0;
interface ge-0/0/1.0;
interface lo0.1;
}
}
}
2011 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 88
SSFJUN01-I
89
Slide 89
*[Static/5] 02:06:18
> to 172.26.25.1 via ge-0/0/0.0
*[Direct/0] 02:06:18
> via ge-0/0/1.0
*[Local/0] 02:06:18
Local via ge-0/0/1.0
*[Direct/0] 02:06:18
> via ge-0/0/0.0
*[Local/0] 02:06:18
Local via ge-0/0/0.0
*[Direct/0] 02:06:18
> via lo0.1
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 89
SSFJUN01-I
90
Slide 90
Remote
--> 0/0
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 90
SSFJUN01-I
91
Slide 91
Static Routes
Manually configured routes added to routing table
Defined under [edit routing-options] hierarchy
ge-0/0/1
.1
.2
.1
Internet
172.30.25.0/30
192.168.63.14
user@host> show route 192.168.63.14
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0
*[Static/5] 01:09:34
> to 172.30.25.1 via ge-0/0/1.0
CONFIDENTIAL
Default static
route
SSFJUN01G
www.juniper.net | 91
Static Routes
Static routes are used in a networking environment for multiple purposes, including a default route for the
autonomous system (AS) and as routes to customer networks. Unlike dynamic routing protocols, you
manually configure the routing information provided by static routes on each router or multilayer switch in
the network. All configuration for static routes occurs at the [edit routing-options] level of the hierarchy.
Next Hop Required
Static routes must have a valid next-hop defined. Often that next-hop value is the IP address of the
neighboring router headed toward the ultimate destination. On point-to-point interfaces, you can specify
the egress interface name rather than the IP address of the remote device. Another possibility is that the
next-hop value is the bit bucket. This phrase is analogous to dropping the packet off the network. Within
Junos Software, the way to represent the dropping of packets is with the keywords reject or discard.
Both options drop the packet from the network. The difference between them is in the action the device
running Junos Software takes after the drop action. If you specify reject as the next-hop value, the
system sends an ICMP message (the network unreachable message) back to the source of the IP packet. If
you specify discard as the next-hop value, the system does not send back an ICMP message; the system
drops the packet silently.
By default, the next-hop IP address of static routes configured in Junos Software must be reachable using a
direct route. Unlike with software from other vendors, Junos Software does not perform recursive lookups
of next hops by default.
Static routes remain in the routing table until you remove them or until they become inactive. One possible
scenario in which a static route becomes inactive is when the IP address used as the next hop becomes
unreachable.
SSFJUN01-I
92
SSFJUN01-I
93
Slide 92
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 92
SSFJUN01-I
94
Slide 93
Default static
route
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 93
SSFJUN01-I
95
Slide 94
Host-B
.2
172.25.1.0/30
[edit routing-options]
user@Host-A# show
static {
route 172.20.3.0/24 {
next-hop 172.25.1.6;
resolve;
}
}
2011 Juniper Networks, Inc. All rights reserved.
.5
.6
Host-C
.1
172.25.1.4/30
172.20.3.0/24
Indirect next
hop
resolve option required
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 94
SSFJUN01-I
96
Slide 95
Network A
172.29.100.0/24
.1
.2
primary
.1
.6
secondary
.5
Internet
se-1/0/0
172.30.25.4/30
[edit routing-options]
user@host# show
static {
route 0.0.0.0/0 {
next-hop 172.30.25.1;
qualified-next-hop 172.30.25.5 {
preference 7;
}
}
}
2011 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
www.juniper.net | 95
SSFJUN01-I
97
Slide 96
Dynamic Routing
Method of dynamically learning routing information
Dynamic routing has the following benefits:
Lower administrative overhead
Increased network availability
Greater network scalability
Static routing
Dynamic routing
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 96
Dynamic Routing
Static routing is ideal in small networks where only a few routes exist or in networks where absolute control
of routing is required. However, static routing has certain drawbacks that might make it cumbersome and
hard to manage in large environments where growth and change are constant. For large networks or
networks that change regularly, dynamic routing might be the best option.
With dynamic routing, you simply configure the network interfaces to participate in a routing protocol.
Devices running routing protocols can dynamically learn routing information from each other. When a
device adds or removes routing information for a participating device, all other devices automatically
update.
Benefits of Dynamic Routing
Dynamic routing resolves many of the limitations and drawbacks of static routing. Some of the general
benefits of dynamic routing include:
Lower administrative overhead: The device learns routing information automatically, which eliminates the
need for manual route definition;
Increased network availability: During failure situations, dynamic routing can reroute traffic around the
failure automatically (the ability to react to failures when they occur can provide increased network
uptime); and
Greater network scalability: The device easily manages network growth by dynamically learning routes and
calculating the best paths through a network.
SSFJUN01-I
98
Slide 97
AS 64512
IGP
IGP
IBGP
CONFIDENTIAL
AS 65535
SSFJUN01G
www.juniper.net | 97
SSFJUN01-I
99
Slide 98
Area 0.0.0.1
Area 0.0.0.0
CONFIDENTIAL
Area 0.0.0.2
SSFJUN01G
www.juniper.net | 98
OSPF Protocol
OSPF is a link-state routing protocol designed for use within an AS. OSPF is an IGP. Link-state protocols allow
for faster reconvergence, support larger internetworks, and are less susceptible to bad routing information
than distance-vector protocols. It is common to refer to distance-vector protocols learning as learning by
rumor, where a router learns about prefixes from neighboring routers perspectives. Routers using linkstate routing protocols learn network topology by propaganda, where they learn the topology from all
the routers directly.
Devices running OSPF send out information about their network links and the state of those links to other
routers in the AS. This information transmits reliably to all other routers in the AS by means of link-state
advertisements (LSAs). The other routers receive this information, and each router stores it locally. This
total set of information now contains all possible links in the network.
In addition to flooding LSAs and discovering neighbors, a third major task of the link-state routing protocol
is establishing the link-state database. The link-state (or topological) database stores the LSAs as a series of
records. The important information for the shortest path determination process is the advertising routers
ID, its attached networks and neighboring routers, and the cost associated with those networks or
neighbors.
OSPF uses the shortest-path-first (SPF) algorithm (also called the Dijkstra algorithm) to calculate the
shortest paths to all destinations. It does this calculation by calculating a tree of shortest paths
incrementally and picking the best candidate from that tree.
OSPF uses areas to allow for a hierarchical organization and facilitate scalability. An OSPF area is a logical
group of routers. The software can summarize the routing information from an OSPF area and the device
can pass it to the rest of the network. Areas can reduce the size of the link-state database on an individual
router. Each OSPF router maintains a separate link-state database for each area to which it is connected.
The link-state database for a given area is identical for all participating routers within that area.
SSFJUN01-I
100
To ensure correct routing knowledge and connectivity, OSPF maintains a special area called the backbone
area. OSPF designates the backbone area as Area 0.0.0.0. All other OSPF areas must connect themselves to
the backbone for connectivity. All data traffic between OSPF areas must transit the backbone.
SSFJUN01-I
101
Slide 99
ge-0/0/2
.1
.1
172.20.1.0/24
ge-0/0/3
Host-B
lo0: 192.168.100.2/32
OSPF Area 0
.10
.2
172.25.1.0/30
.1
172.20.2.0/24
.5
ge-0/0/1
.9
Host-C
lo0: 192.168.100.3/32
.6
.1
172.20.3.0/24
2011 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 99
SSFJUN01-I
102
Slide 100
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 100
SSFJUN01-I
103
Slide 101
State
Full
Full
ID
192.168.100.3
192.168.100.2
Pri
128
128
Dead
38
35
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 101
SSFJUN01-I
104
Slide 102
192.168.100.2/32
192.168.100.3/32
224.0.0.5/32
*[OSPF/10] 00:03:55,
> to 172.25.1.2 via
*[OSPF/10] 00:00:04,
> to 172.25.1.9 via
*[OSPF/10] 00:03:46,
> to 172.25.1.9 via
to 172.25.1.2 via
*[OSPF/10] 00:03:55,
> to 172.25.1.2 via
*[OSPF/10] 00:03:46,
> to 172.25.1.9 via
*[OSPF/10] 00:16:13,
MultiRecv
metric 2
ge-0/0/2.0
metric 2
ge-0/0/1.0
metric 2
ge-0/0/1.0
ge-0/0/2.0
metric 1
ge-0/0/2.0
metric 1
ge-0/0/1.0
metric 1
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 102
SSFJUN01-I
105
Slide 103
https://virtuallabs.juniper.net/
Click here to
continue
2011 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 3
SSFJUN01-I
106
Slide 104
Section Objectives
In this section, we:
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 104
SSFJUN01-I
107
Slide 105
Route hierarchy
c)
Destination table
d)
Routing table
Submit
Submit
CONFIDENTIAL
SSFJUN01G
Clear
Clear
www.juniper.net | 105
SSFJUN01-I
108
Slide 106
b)
c)
d)
Submit
Submit
CONFIDENTIAL
SSFJUN01G
Clear
Clear
www.juniper.net | 106
SSFJUN01-I
109
Slide 107
Junos OS Adoption
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Adoption of any new product or technology initially requires some effort; however, Junipers customers
have consistently found the initial short-term activities of Junos adoption to be far outweighed by the longterm benefits. This section introduces the interoperability features and migration tools available to Juniper
customers to make the move to Junos simple and safe.
SSFJUN01-I
110
Slide 108
Section Objectives
In this section, you will be able to:
Discuss how Junos OS interoperates with other devices
and integrates to other systems
Present ways in which Juniper eases Junos OS adoption
for new customers
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 108
SSFJUN01-I
111
Slide 109
Pragmatic approach
Run vendor interoperability tests
Interoperability that works
Not just compliance to standards
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 109
Do any of your customers have only one vendor in their network? For the most part, probably not. Just as
most of your customers likely have multiple vendors for servers, storage, and other IT systems, its good
practice to use multiple vendors in the network, as overall, an organization is likely to get better solutions
for lower costs. So how Junos interoperates and integrates into existing infrastructure is essential.
Juniper engineers have long been involved in building open standards for interoperability in industry
organizations. For example, Junos developers have been at the forefront of defining and implementing
MPLS applications, next-generation multicast VPN architectures, and high-availability features such as nonstop active routing and in-service software upgrades. Junos protocols engineers authored or co-authored
more than 20 IETF drafts in 2008 alone.
Junos OS supports hundreds of networking protocols standards such as spanning tree, LLDP, OSPF, BGP,
IPv6, and MPLS, to name just a few. Nonetheless, the practicalities of interoperability require that Juniper
goes beyond simply implementing the standards. For example, filling in gaps in cases of differences in
interpretation or where de-facto standards are used.
This practical approach is necessary to support the thousands of customers of Junos. Interoperability
between Juniper and other large networking vendors has been proven several times over, in the best
possible way, with live network implementations in the largest networks over the past decade.
SSFJUN01-I
112
Slide 110
EIGRP
PVST and PVST+
HSRP
WCCP
Etc.
Legacy
IPX
Appletalk
Etc.
Bleeding edge
New protocols that are draft standards
Synchronize over time
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 110
A few organizations may still be running proprietary or legacy protocols within their network. In these
cases, the customer will either have to transition to modern standards or adopt one of the available
methods of supporting these protocols over a standards-based infrastructure. For example, there are
various approaches to simultaneously running EIGRP and OSPF in legacy routers to support a long term
transition to OSPF. By moving to open standards, organizations benefit from the collective innovation of the
industry; open standards generally offer a broader set of capabilities than protocols developed exclusively
by one vendor.
SSFJUN01-I
113
Slide 111
NETCONF XML
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 111
Operations teams use tens, sometimes hundreds, of different tools to manage their networks, for examples
tools for inventory, configuration, provisioning, monitoring, and managing faults. Many are home grown
while others are purchased from one of the many independent software vendors who develop network
management products. Juniper works in close partnership with these vendors to integrate management of
Junos into their solutions.
Juniper streamlines integration of partner and customer systems by providing a number of open, standard
interfaces in Junos. In addition to the CLI, standardized system logging messages, SNMP interfaces, and onboard instrumentation systems, Junos also provides an XML (eXtensible Markup Language) interface. All
these open options let network management tools interact with Junos in a reliable and predictable way.
For customers who want to use Juniper element management, Juniper provides its Network and Security
Manager (NSM), a powerful, centralized management solution that controls the entire device life cycle
across the broad portfolio of Junipers enterprise platforms, including firewall/IPSec VPN, Secure Access
(SSL), Infranet Controller, the J Series, M Series, and MX Series routing platforms and EX Series switches.
SSFJUN01-I
114
Slide 112
Operations Automation
Save Time: write custom
commands & automate
diagnostics
Event Automation
Speed Resolution:
Gather/correlate events and
automate response
Config Automation
Avoid Errors: Simplify
& enforce best practices
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 112
With Junos, we characterize Junos Automation with efficiency. Whether it be operations, event correlation,
or configuration, Junos will save time through automation that runs directly on the Junos device. We also
feature Juniper care with Service automation allowing a Juniper service team to work directly with
customers to maintain specific levels of incident response management. As explained earlier as well, we
offer Junos Space which through this platform we offer a programmable platform for developing and
running applications across the network.
SSFJUN01-I
115
Slide 113
ScreenOS security to
Junos
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 113
Are your customers migrating from Cisco to Juniper? Ease the transition with the I2J tool, a configuration
translator that converts Cisco IOS software configurations to Junos software configurations. Automatic
access to the tool at https://i2j.juniper.net/release/index.jsp is provided at no charge to JNASC Support
Managers, JNASC Support Providers, Premier Accounts, and all support contract customers.
Training on the Juniper I2J translator can be found by using the link :
http://www.juniper.net/us/en/training/elearning/ios_junos/content/index.html
And additional conversion tools can be found using the link at the bottom of this slide: https://migrationtools.juniper.net/tools/index.jsp
SSFJUN01-I
116
Slide 114
Books
Day One downloads
OReilly Technical Library
Community
J-Net: www.juniper.net/forums
Knowledge Base:
www.juniper.net/kb
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 114
So how do we get started with Junos? There is always training and certifications available from new user
Juniper Associate (JNCIA) Introduction to Junos curriculum, to expert level certifications (JNCIE). We also
offer a fast track program for those who are already familiar with other vendors products. This program will
offer the student discounts and time savings in certifying on the Junos OS. We also offer several books
including Day One downloads for eReaders as well as .PDF formats, and a full technical library of books
from the publisher OReilly.
SSFJUN01-I
117
Slide 115
Section Summary
In this section, we:
Discussed how Junos OS interoperates with other devices
and integrates to other systems
Presented ways in which Juniper eases Junos adoption for
new customers
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 115
SSFJUN01-I
118
Slide 116
True
b)
False
Submit
Submit
SSFJUN01-I
CONFIDENTIAL
SSFJUN01G
Clear
Clear
www.juniper.net | 116
119
Slide 117
Course Summary
In this course, we:
Described the Junos OS command-line interface (CLI)
Demonstrate specialized features of the Junos CLI that
save time and avert downtime
Described basics of routing using Junos OS
Discussed how to ease adoption of Junos OS
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 117
SSFJUN01-I
120
Slide 118
Additional Resources
Education Services training classes
http://www.juniper.net/training/technical_education/
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 118
For additional resources or to contact the Juniper Networks eLearning team, click the links on the screen.
SSFJUN01-I
121
Slide 119
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 119
You have reached the end of this Juniper eLearning module. You should now return to your Juniper
Learning Center to take the Practice Test and the Student Survey. The test will allow you to gauge your
knowledge of the material covered in this course. The survey will allow you to give feedback on the quality
and usefulness of the course.
SSFJUN01-I
122
Slide 120
CONFIDENTIAL
SSFJUN01G
www.juniper.net | 120
Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen,
and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries.
Junose is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks,
or registered service marks are the property of their respective owners. Juniper Networks reserves the right
to change, modify, transfer or otherwise revise this publication without notice.
SSFJUN01-I
123
Slide 121
CONFIDENTIAL
SSFJUN01-I
124
e d u c a t io n se rv ic e s c o u rsew a re