Vous êtes sur la page 1sur 66

Module 1: Router & JunOS Overview

JunOS Jump Start

Copyright 2008 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

Outline
Hardware Architecture
Basic design FPC and PIC ASICs Example: M7i, M10i and MX-series

JunOS Software Overview


One operating system Modular software

JunOS Command Line Interface J-Web User Interface

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

Hardware Architecture

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

Juniper Networks Router Architecture


ROUTING ENGINE

JunOS Software Routing Table

Routing Engine (RE) Packet Forwarding Engine (PFE) Connected by 100-Mbps channel

PACKET FORWARDING ENGINE

All Juniper Networks routers share the same basic design

Forwarding Table Programmable ASICs Switch Fabric

PIC

PIC

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

RE/PFE Interaction
ROUTING ENGINE Routing Table Forwarding Table

100Mbps Incremental Update Packet in Forwarding Table PACKET FORWARDING ENGINE Packet out

RE maintains routing table and creates forwarding table PFE receives forwarding table from RE

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

Routing Engine Overview

JUNOS software resides in flash memory


Backup copy available on hard drive

Implements CLI Provides routing protocol intelligence to PFE


Not directly involved with packet forwarding

Manages PFE

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

Packet Forwarding Engine Overview

Custom ASICs
Implement forwarding path Do not require a general-purpose processor Provide integrated fast features, including multicast and queuing

Divide-and-Conquer Architecture
Each ASIC provides piece of forwarding puzzle

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

Internet Processor ASIC

Internet Processor ASIC


Allows routers to forward traffic at wire-rate speeds

Internet Processor II ASIC


Adds packet-processing features: filtering, sampling, logging, counting, and load balancing The Internet Processor II has been standard on the M20 and M40 since the second quarter of 2000

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

Packet Forwarding Engine Components


Physical Interface Card (PIC)
Contains physical layer components

Flexible PIC Concentrator (FPC)


Hardware platform that accepts Physical Interface Cards (PICs)

System midplane Control


M5 and M10: Forwarding Engine Board (FEB) M20: System Switching Board (SSB) M40: System Control Board (SCB) M160: Switching and Forwarding Module (SFM)

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

FPC

Room for up to 4 PICs Hot-swappable Throughput


Up to 3.2 Gbps
Buffer memory

Physical Interface Card

PIC

Packet memory
64MB 256MB
ASIC

PIC

PowerPC supervisory processor

FPC

PIC

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

10

PIC

Custom ASIC for each media type Each port has status LED Hot-swappable on M160, M10, and M5 routers

Buffer memory

1, 2, or 4 port PICs attach to FPC

Physical Interface Card

PIC

PIC
ASIC

FPC

PIC

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

11

Control Systems
All models
200-MHz PowerPC 603e processor
Manages forwarding table updates Manages ASICs and environmental systems

64-MB EDO processor RAM 4 MB of forwarding table SRAM Internet Processor ASIC Stratum 3 synchronization reference

All except M40 router


Distributed Buffer Manager ASICs

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

12

ASICs
Internet Processor Forwarding Table

PFE System Controller (SSB, SFM, etc.)

Buffer Manager 1

Buffer Manager 2

FPC

I/O Manager 1

Mem

I/O Manager 2

Mem

I/O Manager 3

Mem

PICs

PIC I/O PIC I/O Manager PIC I/O Manager PIC I/O Manager Manager

PIC I/O PIC I/O PICManager I/O PICManager I/O Manager Manager

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

13

Example 1: M7i Router

Dedicated Intel Pentium for control plane ASIC forwarding with 16 Mpps and 7 Gbps 4 open slots for M7i/M10i PICs 2 x FE fixed or 1 x GE fixed (SFP) Optional adaptive services module for hardware based firewall, NAT, IPSec, J-Flow

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

14

Example 1: M7i Components


4 slots for hot- swappable M7i/M10i PICs Ultra-compact 8.75cm high (2U) 45cm deep Compact Forwarding Engine Board (CFEB), w/optional Adaptive Services Module Side-to-side cooling Built-in tunnel services (850 Mbps)

Fixed Interface Card (FIC) 2 fixed FE port or 1 fixed GE port (SFP)

Routing Engine Board (REB) PCMCIA expandable memory 2 serial aux ports Ethernet craft interface

Redundant AC or DC Power Supplies

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

15

Example 2: M10i Router

Dedicated Intel Pentium for control plane ASIC forwarding with 16 Mpps and 10 Gbps 8 open slots for M7i/M10i PICs Optional adaptive services PIC for hardware based firewall, NAT, IPSec, J-Flow Full redundant common hardware: Power, Fans, Forwarding Engine Boards, Routing Engine Boards
Copyright 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

16

Example 2: M10i Components


8 slots for hot- swappable M7i/M10i PICs Redundant Forwarding Engine Boards (FEB)

5U/21.8cm High 45cm deep

Side-to-side cooling

Redundant Routing Engine Boards (REB) PCMCIA expandable memory 2 serial aux ports Ethernet craft interface

Redundant AC or DC Power Supplies

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

17

Example 3: MX-Series Carrier Class Ethernet

New platforms designed for Ethernet Provider Edge Routing and L2/L3 Ethernet Aggregation Very high density Ethernet ports HA, QoS, SLA support, scalability for MetroE transport Designed for Cost optimized Carrier Ethernet
Copyright 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

18

Example 3: MX-series

MX240 Physical dimensions Capacity 10 GigE / Gig E ports MAC Addresses 5 RU (9 per 7 rack) 240 Gbps 12 / 120 1 million

MX480 8 RU (6 per 7 rack) 480 Gbps 24 / 240 1 million

MX960 16 RU (3 per 7 rack) 960 Gbps 48 / 480 1 million

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

19

Example 3: MX960
14 Slot Chassis Dependable hardware
Redundant Routing Engines Redundant Switching Fabric (2+1) Distributed Packet Forwarding Architecture

Power and cooling


Front-to-back cooling with separate push-pull fan assemblies Holds up to 2 fan trays (1+1 redundancy) Holds up to 4 power supplies (2+2 DC, 3+1 AC)

System capacity
2 for FCs/REs with the option of 1 additional SCB for redundancy Up to 480Gbps (full-duplex) from 12 line cards
Copyright 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

20

Example 3: MX960 Components


Control Panel Upper Fantray DPC SCB

RE Lower Fantray Air Intake

Cable Mgmnt

Height 27.75" Width 17.386 (w/o mounting flanges) Depth 23.50 (w/o cable mgr) ~28.2 (with cable mgr)

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

21

Example 3: MX480
8 Slot Chassis (6+2) Dependable hardware
Redundant Routing Engines Redundant Switching Fabric (1+1) Distributed Packet Forwarding Architecture

Power and cooling


Side to Side cooling Holds single fan tray Holds up to 4 power supplies (2+2 DC, 2+2 AC 240V, 3+1 AC 110V)

System capacity
8 slots - 2 for Fabric Cards / REs Up to 240Gbps (full-duplex) from 6 line cards

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

22

MX-series DPC
Dense Port Concentrator: SFPs or XFPs Line rate connectivity to the switch fabric 4 packet forwarding engines (PFEs) per DPC
I I II I
ESE

ESE

ESE

ESE

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

23

MX-series SCB with RE1300 or RE2000


SCBs are the Switch and Control Boards SCB act as RE carrier Each SCB has two SF (fabric) chips

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

24

JunOS Software Overview

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

25

What is JUNOS Software?


Deployed since 1998
First high-performance network operating system

10+ years of innovation and development


Routing, switching and security platforms Branch and regional offices, central sites, data centers 4 releases per year; thousands of features

Serving the most demanding customers


Top 40+ service providers High-performance enterprise and public sector accounts

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

26

How JUNOS Is Different


One OS
Single code source Consistent implementation of features

One Release
8.5
4Q07

9.0
1Q08

9.1
2Q08

Single software release train Stable, predictable enhancement

One Architecture
Module X

API

Modular software with Memory protection Nimble enhancement through new modules

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

27

One Operating System


One implementation of control plane features Eases training
Branch Office Corporate Streamlines testing, qualification and deployment HQ
MPLS BGP OSPF IPv6

Accelerates JUNOS development Consistent user experience Single common management interface and tools Unix familiarity

Service Provider Access/Edge

Service Provider Core

Data Center

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

28

One Code Train Release


8.4 Q307 8.5 Q407 9.0 Q108 9.1 Q208 9.2 Q308 9.3 Q408

Single release train developed from one code base Quality + Schedule are the highest priorities
Each release is a superset of the previous Achieve zero critical regression errors in each release
Fix any and all critical bugs

Fixed schedule; plan with confidence


4 new releases pre-scheduled per year All product lines follow the same release schedule

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

29

Modular Software Architecture


Module 2 Module 3 Module 1 Module 4

Protected Memory for stability Contain faults Enable rapid fault isolation Restart independently Enable flexible innovation

Control Plane

Kernel

Forwarding Plane

Separation of control and packet forwarding


Assures performance Enhances resiliency Enables redundancy Firewalls control plane

Packet Forwarding

Services

Physical Interfaces High-Level Architecture

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

Module n
30

Stand-alone modules

User Interface Options


J-Web interface:
A Web-based GUI The J-Web service using HTTP is disabled by default on M-series

JUNOS software CLI:


Available from console interface
RJ-45 RS-232 @ 9600 Bps, 8/1/N Available by using Telnet and SSH Requires network interface and related service configuration

Dedicated Ethernet management port on M-series routers

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

31

User Authentication
Local Authentication Database RADIUS/ TACACS+ Server

Local database
Name and password Individual accounts and home directories

RADIUS and TACACS+


Centralized authentication of users Users mapped to locally defined template users for authorization Extended regular expressions can be passed to alter authorization

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

32

JunOS Command Line Interface

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

33

CLI Modes and Feature Overview


CLI operational mode:
Editing command lines Command completion and history Context-sensitive and documentation-based help UNIX-style pipes

CLI configuration mode:


Object-oriented hierarchy Jumping between levels Candidate configuration with sanity checking Automatic rollback capability Showing portions of configuration while configuring Saving, loading, and deleting configuration files
Copyright 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

34

CLI Modes
Operational mode:
Monitor and troubleshoot the software, network connectivity, and router hardware
user@host> The > character identifies operational mode

Configuration mode:
Configure the router, including interfaces, general routing, routing protocols, user access, and system hardware properties
[edit] user@host# The # character identifies configuration mode

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

35

Logging In
host (ttyd0) login: user Password: --- JUNOS 8.3R2.8 built 2007-07-07 00:21:56 UTC user@host> Non-root users are placed into the CLI automatically

host (ttyd0) login: root Password: --- JUNOS 8.3R2.8 built 2007-07-07 00:21:56 UTC root@host% cli root@host>

The root user must start the CLI from the shell Shell Prompt

CLI Prompt

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

36

CLI Operational Mode


Execute commands (mainly) from the default CLI level (user@host>)
Can execute from configuration mode with the run command Hierarchy of commands
> show ospf neighbor

clear configure file help monitor set show etc.

Less Specific

bgp

chassis

configuration

ospf

rip

route

version

etc.

database

interface

neighbor

route

statistics

etc.

More Specific

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

37

Editing Command Lines


user@host> show interfaces Ctrl-B user@host> show interfaces user@host> show interfaces user@host> show interfaces user@host> show interfaces Ctrl-A Ctrl-F Ctrl-E

EMACS-style editing sequences are supported The default VT100 terminal type also supports cursor positioning with the arrow keys
Copyright 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

38

Command and Variable Completion


user@host> sh<space>ow 'i' is ambiguous. Possible completions: igmp ike interfaces ipsec isis i<space> Enter a space to complete a command

Show Show Show Show Show

Internet Group Internet Key interface IP Security Intermediate

[edit policy-options] user@host# show policy-statement T<tab>EST then accept; [edit policy-options] user@host#

Use Tab to complete assigned variables

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

39

Context-Sensitive Help
user@host> ? Possible completions: clear configure file help . . .

Clear information in the system Manipulate software configuration info Perform file operations Provide help information

user@host> clear ? Possible completions: arp bfd bgp firewall

Clear Clear Clear Clear

address resolution information Bidirectional Forwarding Detecti Border Gateway Protocol informat firewall counters

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

40

Topical Help
user@host> help topic interfaces ? Possible completions: ... acknowledge-timer Maximum time to wait for link... address Interface address and destination pref ... user@host> help topic interfaces address Configuring the Interface Address You assign an address to an interface by specifying the address when configuring the protocol family. For the inet family, you configure the interface's IP address. For the iso family, you configure one or more addresses for the loopback interface. For the ccc, tcc, mpls, tnp, and vpls families, you never configure an address. ...

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

41

Configuration Syntax Help


user@host> help reference interfaces address address Syntax address address { arp ip-address (mac | multicast-mac) mac-address <publ broadcast address; destination address; destination-profile name; eui-64; multipoint-destination address dlci dlci-identifier; ... Hierarchy Level [edit interfaces interface-name unit logical-unit-number f [edit logical-routers logical-router-name interfaces intef

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

42

Using | (Pipe)
user@host> show route | ? Possible completions: count Count occurrences display Show additional kinds of information except Show only text that does not match a p find Search for first occurrence of pattern hold Hold text without exiting the --More-last Display end of output only match Show only text that matches a pattern no-more Don't paginate output request Make system-level requests resolve Resolve IP addresses save Save output text to file trim Trim specified number of columns from user@host> show route

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

43

Active and Candidate Configurations


Batch configuration model:
Must commit configuration changes

Active configuration:
Current operational configuration Boot-up configuration

Candidate configuration:
A working copy for configuration changes Initialized with the active configuration Becomes active configuration upon commit

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

44

Configuration History
commit

Candidate Configuration

configure

Active Configuration 0

rollback n 1 2 ...

49

Active configuration stored in /config/juniper.conf.gz Rollback files stored in /config/juniper.conf.n.gz (n=13) /var/db/config/juniper.conf.n.gz (n=449)

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

45

Entering Configuration Mode


Type configure or edit at the CLI operational-mode prompt:
> configure

To allow a single user to edit the configuration, type:


> configure exclusive

Use configure private to allow users to edit a private copy of the candidate configuration
> configure private Multiple users can edit private candidate configurations simultaneously At commit time, the users private changes are merged back into the global configuration

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

46

Configuration Statement Hierarchy


user@host# edit protocols ospf area 51 stub [edit protocols ospf area 0.0.0.51 stub] user@host# top Less Specific chassis interfaces protocols services system etc.

bgp

isis

mpls

ospf

pim

rip

rsvp

vrrp

etc.

area area_id graceful-restart overload traffic-engineering etc.

area-range area_range

interface

nssa

stub

etc.

More Specific

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

47

Configuration File is Hierarchical


CLI commands are entered without curly brackets:
# set system services web-management http port 8080

The result is a hierarchical configuration file, complete with curly brackets


[edit system] user@host# show services web-management { http { port 8080; } }

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

48

Moving Between Levels


[edit] user@host# edit protocol ospf [edit protocols ospf] user@host# edit area 51 stub [edit protocols ospf area 0.0.0.51 stub] user@host# exit [edit protocols ospf] user@host# up [edit protocols] user@host# top [edit] user@host#

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

49

Viewing Candidate Configuration


user@host# show system services ssh; web-management { http { port 8080; } } user@host# edit system services [edit system services] user@host# show ssh; web-management { http { port 8080; } } You can display just the portions that concern you from the root of the hierarchy

or use edit to park yourself at a specific sub-hierarchy

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

50

Configuration File Differences


[edit system] user@host# set services telnet [edit system] user@host# delete services web-management [edit system] user@host# delete services ssh user@host# show | compare [edit system services] ssh; + telnet; web-management { http { port 8080; } }

Display differences between the candidate and active configurations

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

51

Removing Statements
Statements are removed with the delete command
Removes everything from the specified hierarchy down Use wildcard delete to save time
user@host# show services ssh; web-management { http { port 8080; } } [edit system] user@host# delete services web-management [edit system] user@host# show services ssh;

The entire Webmanagement hierarchy is removed by the delete statement

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

52

Committing a Configuration
Configuration changes must be committed to take effect
# commit

Use commit check to confirm syntax


# commit check

Use commit confirmed to temporarily activate


# commit confirmed

Schedule a future commit with commit at


# commit at 21:00:00

Add comments with commit comment


# commit comment "Changed OSPF configuration" > show system commit

Use commit and-quit to save time


# commit and-quit

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

53

Backing Out of Configuration Changes


Use the rollback command to restore one of the last 50 previously committed configurations
# rollback

Use rollback (or rollback 0) to reset the candidate configuration to the currently active configuration (which is the last version committed)
# rollback 1 loads the configuration before that # rollback n loads n configurations before that

Using rollback only modifies the candidate configuration


Dont forget to commit the changes

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

54

run is Cool

[edit interfaces fe-0/0/0] user@host# set unit 0 family inet address 10.250.0.141/16 [edit interfaces fe-0/0/0] user@host# commit commit complete

Use the run command to execute operational-mode CLI commands from within configuration

[edit interfaces fe-0/0/0] user@host# run ping 10.250.0.149 count 1 PING 10.250.0.149 (10.250.0.149): 56 data bytes 64 bytes from 10.250.0.149: icmp_seq=0 ttl=255 time=0.967 ms --- 10.250.0.149 ping statistics --1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.967/0.967/0.967/0.000 ms

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

55

Using rename
user@host# show interfaces fe-0/0/0 unit 0 { family inet { address 10.250.0.141/16; } } user@host# rename interfaces fe-0/0/0 unit 0 family inet address 10.250.0.141/16 to address 10.250.0.241/16 user@host# show interfaces fe-0/0/0 unit 0 { family inet { address 10.250.0.241/16; } }

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

56

J-Web User Interface

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

57

J-Web User Interface

Easy-to-use, Web-based graphical interface


Operational monitoring, configuration, and maintenance HTTP and HTTPS (SSL) support

J-Web features:
Same authentication and authorization as CLI User-defined session timeout One browser window per J-Web session

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

58

J-Web Login

J-Web sessions require a valid login


Use the same authentication methods as CLI Exception is initial access, when no login is needed to access the setup wizard

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

59

J-Web Layout
Top Pane Current Location

Task Bar

Main Pane

Left Pane

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

60

J-Web Monitoring

View the operation of the router and its protocols

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

61

J-Web Configurations

Use Quick Configuration wizards Navigate a clickable view-and-edit function Access previous configuration history (rollbacks) Set a rescue configuration

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

62

J-Web Diagnosis

Access the ping, traceroute, and packet capture utilities


Optional switches available through Advanced Options

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

63

J-Web Management
Download and delete files Upgrade software Install and manage licenses Schedule system reboots Perform backups of software and configuration files

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

64

J-Web Events

Provides access to log files

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

65

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

66