Junos Fundementals
Junos Fundementals
Slide 1
2009 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
SSFJUN01B
Slide 2
2009 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Welcome to Junos operating system user highlights. Junos is the network operating system that runs an increasing spectrum of the Juniper portfolio product, ranging from switches, to routers, and to firewall products. It is what sets Juniper apart as a strategic portfolio vendor.
SSFJUN01B
Slide 3
Introduction
 The Junos operating system is a single network operating system integrating routing, switching, security, and services  Junos OS delivers the power of one operating system to run highperformance networking infrastructure  The Junos OS command-line interface offers specialized features to save time for users and prevent downtime in the network  Juniper offers customers the training, tools, and services needed to make the adoption of Junos OS simple and safe
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 3
Much of the value, the savings, and the streamlining of operations of our products and solutions are delivered by the Junos operating system. With the limited amount of time that you have to talk to customers and get their interest, its important to understand how the operating system works, how customers use it, and how you can help to ease its adoption into their own infrastructure. When we talk about Junos, we talk about the Junos advantage offered by the Power of One operating system. This course is designed to share with you the highlights of the Junos advantages, focusing on its key differences and ease of operation that would aid to lower your customers operating costs. The course provides operational and configurational commands, illustrating the power of Junos and its ease of use.
SSFJUN01B
Slide 4
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 4
The year 2008 marked the 10th Anniversary of the Junos OS. Junos is the one operating system that spans Juniper routing, switching and security products. Among many other achievements, Juniper has consistently delivered a new Junos OS release 4 times a year, on or before scheduled release dates. This steady rate of innovation has enabled Juniper to extend the software to many new platforms while also expanding its set of services. The result: Junos has experienced tremendous market success, capturing a significant portion of its available market in just 10 years, while serving the most demanding customers in the world, including the: Top 100 service providers, and Many high-performance enterprise and public sector accounts
SSFJUN01B
Slide 5
Evolution of One OS
10 Years+ On Time 9.3
4Q08
9.4
1Q09
Platform Curve
18 Market Innovation
3Q 4Q 1Q 2Q 15 2009 | Virtualization for new core scalability 2009 2008 | 100+ Gbps Firewall 12 2008 | Advanced Insight Solutions 2008 | Hardware-virtualized router 2008 | NGN Multicast VPN 2008 | Virtual Chassis switching solution 2007 | Open to outside development 2007 | Unified ISSU
SRX Series
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 5
A closing thought on one operating system is its ability to evolve to meet new marketplace needs. Can your customers tell you what theyll need in five years? How about three? Even if you ask them about one year I suspect they are not able to accurately predict. So, by having one operating system, to which can be added new functionality, really gives customers protection of investment. They can purchase their hardware platforms and know that the software will bring them new functionality and new services and that Juniper has been doing this for ten years, quarter after quarter delivering new releases of the software, on time. Whenever we introduce new platforms to integrate into their systems, theyre based on a mature operating system thats ready to go and able to richly integrate new services such as the recent release of the SRX Series and continue to innovate in the marketplace, bringing additional firsts in high performance, additional firsts in support such as Advanced Insight Solutions and bring all of this into an expanding portfolio. In just the last two years, Juniper has more than doubled the number of platforms that run Junos.
SSFJUN01B
Slide 6
Routing Engine
CONFIDENTIAL
Data Plane
Lets review some of the architecture highlights whats different in the design. From the beginning the engineers decided to separate the functions of control and forwarding. Ask yourself a question what do routers do for living? They determine the path and then, once they know the next hop, they switch packets. So, it makes complete logical sense to separate the function of path determination, or control, from the function switching, or packet forwarding. Think of control as the brains of the system. Its really what runs the protocols. The forwarding is where the packet handling happens. Its the brawn of the system. Its whats responsible for the high throughput taking packets, inspecting them, and moving them on quickly down the network. So, if youre not a software engineer, why do you care about this? Well, the bottom line here is - dedicated resources means high resiliency, which gives you that incredibly high availability that carriers rely on. So, again, carrier class is what weve got.
SSFJUN01B
Slide 7
Control Plane
Management
Contain faults and enable rapid isolation Well-defined interfaces for expansion of functions/ platforms
Interfaces
 Kernel
 Controls the modules  Manages communication between the modules and to the PFE
...
Kernel
CONFIDENTIAL
Module n
Routing
SSFJUN01B
www.juniper.net | 7
A second design element to point out about the architecture is its modularity. Here we have a diagram of the control plane and you see a group of modules responsible for different functions of the software whether it be management or routing and each of these run as independent processes, all of which are controlled by the underlying kernel. Weve got dedicated resources. Because of the modular nature of these resources, if theres a problem, say, in the routing module, it doesnt disrupt anything going on in the management or interface modules. So, small problems dont become big ones, and that leads to really high availability and, when our engineers want to add functionality, they do it in a modular fashion. We can roll out new features by building a new module and putting it into this same model you see here. Junos modular architecture allows customers to troubleshoot the problems much easier because they can isolate whats going on in the software quicker versus other systems that are just monolithic blocks of code where it is very difficult to understand whats going on.
SSFJUN01B
Slide 8
Junos OS Services
 Tailored services flexibility
 Deep integration of new functionality  Dedicated hardware in many platforms  Create customized service chains
Scripts CLI NSM J-Web Toolkit
Control Plane
Interfaces
Services Interfaces
Kernel
Service App 3
Data Plane
Packet Forwarding
. . .
Physical Interfaces
Service App n
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 8
Junos modularity permits very painless addition of two additional Junos design elements that are different. First is a dedicated services plane in many platforms, such as the SRX Series Services Gateways. What this means is that Juniper engineers are able to quickly introduce and integrate new service capabilities whether it be bringing intrusion prevention, or Antivirus and have all of those services work together in an integrated fashion. The next element to add is open management interfaces. Junos offers interfaces for integrating both into our element management systems as well as some element management systems of other vendors and other operational systems.
SSFJUN01B
Services Plane
...
Module n
Routing
Service App 2
Slide 9
Junos OS
data center
routing
headquarters
switching
security
branch
campus
services
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 9
So, Junos OS, deployed in many platforms, ranging from switching to routing, to security, and encompassing multiple services is a key differential of Juniper products from any competition. The vast range of Junos OS products portfolio implies that your customers have an opportunity to position the products within any layer of their network infrastructure campus, branch, headquarters, and data centers.
SSFJUN01B
10
Slide 10
Junos 201
2009 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
SSFJUN01B
11
Slide 11
Learning Activity 1, Question 1 Why is the Junos message important in your sales presentations?
Platforms using Junos OS are subject to greater discounts b) Junos OS is capable of running competitors routers and switches c) The higher cost of Junos OS must be justified by knowing its value d) Much of the value, savings, and streamlining of operations are delivered by Junos OS
a)
Submit Submit
Clear Clear
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 11
SSFJUN01B
12
Slide 12
Learning Activity 1, Question 2 Junos OS runs an increasing spectrum of the Juniper Networks portfolio, including which three of the following?
a)
b) c) d)
Switches
Routers WAN Acceleration Firewall
Submit Submit Clear Clear
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 12
SSFJUN01B
13
Slide 13
Course Objectives
 On completing this course, you will be able to:
Describe the Junos OS command-line interface (CLI) Demonstrate specialized features of the Junos CLI that save time and avert downtime Describe basics of routing using Junos OS Discuss how to ease adoption of Junos OS
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 13
On completing this course, you will be able to: Describe the Junos command-line interface (CLI) Demonstrate specialized features of the Junos CLI that save time and prevent downtime Describe basics of routing using Junos Discuss how to ease adoption of Junos
SSFJUN01B
14
Slide 14
Course Agenda
1 2 3 4 5
Introducing Junos OS CLI The Junos OS CLI Rocks Routing with Junos OS Junos OS Adoption Course Summary
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 14
This course consists of five sections, including a summary. The four main sections are provided in sequential order and are titled as follows: Introducing the Junos CLI The Junos CLI rocks Routing with Junos Junos adoption Course summary
SSFJUN01B
15
Slide 15
2009 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Introducing the Junos CLI This section introduces the Junos command-line interface used to configure the platforms running Junos Software, monitor its operations, and adjust the configuration as needed.
SSFJUN01B
16
Slide 16
Section Objectives
 After completing this section, you will be able to:
Introduce the Junos OS CLI Understand the difference between operational mode and configuration mode Navigate the command hierarchy Use command-line shortcuts and get help
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 16
After completing this section, you will be able to: Introduce the Junos CLI Understand the difference between operational mode and configuration mode Navigate the command hierarchy Use command-line shortcuts and get help
SSFJUN01B
17
Slide 17
 Dedicated Ethernet management port on M Series routers (fxp0) and EX Series switches (me0)
All J Series network ports support management access and transit traffic
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 17
The command-line interface (CLI) is the software interface used to access the device. One big differentiator of Junos CLI from other CLIs in the market place is that Junos provides a rich set of new tools and safeguards that can help your customers to efficiently manage their networks and maintain high uptime. The material discussed in these slides is generally applicable to any device run by Junos. You can access the CLI through either a console connection, through an out-of-band network interface, or in-band through the network. By default, only the console connection is available for use. All other connection methods require explicit configuration in the device. Another option of operating and configuring a Junos device is J-Web, a powerful web-based management interface available on Junos devices. J-Web lets you perform the actions available in the command-line interface. It provides practical tools to monitor, configure, troubleshoot, and manage your device. Generally to use J-Web, the user has to either manually enable http via the CLI, or through the LCD panel externally to launch J-Web (by default J-Web is only set up on the J Series). Additionally customers can manage platforms run by Junos with Juniper management products including NSM.
SSFJUN01B
18
Slide 18
CLI Login
 Log in with your username and password  Default CLI prompt shows:  username  device host name
mike@jnpr1>
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 18
To access the interface you need to connect and log in. These instructions assume that your device has already been configured with your user name and password. If youre using a brand-new device rather than one thats already been configured with your user name and password, you log in as root and press enter as your password. We use the convention of showing user input into the CLI in blue bold font
SSFJUN01B
19
Slide 19
CLI Modes
 Operational mode
Monitor and manage device operations
mike@jnpr1>
 Configuration mode
Configure the device and its interfaces
[edit]
mike@jnpr1#
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 19
The Junos CLI organizes its commands into two groups, known as modes: Operational mode is for managing and monitoring device operations. For example, monitor the status of the device interfaces, check chassis alarms, and upgrade and downgrade the device's operating system. Configuration mode is for configuring the device and its interfaces. This includes configuring the management console with its network settings, setting up user accounts for access to the device, specifying the security measures used to protect the device and the network, and setting up routing and switching protocols. The prompt following the device name indicates the mode as shown on the slide.
SSFJUN01B
20
Slide 20
 Know where you are at, find what you want, quickly move around the interface, efficiently enter commands
Top Level Node
...
... ... ... ... ... ...
...
... ... ...
...
... ... ...
SSFJUN01B www.juniper.net | 20
CONFIDENTIAL
The Junos CLI structures the activities of each mode into hierarchies. The hierarchy of each mode is made up of cascading branches of related functions commonly used together. The structured hierarchy of the command-line interface is among the first of many preferred differences that new users discover about the Junos CLI. By logically grouping activities, the Junos CLI provides a regular, consistent syntax helpful in knowing where you are at, finding what you want, quickly moving around the interface, and efficiently entering commands. The hierarchy of commands just makes everything a lot easier in both learning and then using the Junos CLI. New users regularly comment on just how logical the command-line is.
SSFJUN01B
21
Slide 21
 Perform system-level operations such as stopping and rebooting the device and loading Junos images
 2010 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 21
The slide shows common administrative tasks completed in operational mode. Junos provides an extensive set of on-board instrumentation capabilities for gathering critical operational status, statistics, and other information. These tools deliver advance notification of issues and speed problem-solving during events. As part of your configuration setup you can specify the types of events to track, the event severity, the files in which to store the data, among other options. You can then access this information in operational mode. Juniper devices come with sufficient processing power to collect and store critical operational data, including SNMP management, system logging, and traceoptions (or debugging) that help you to understand how the box operates in normal conditions and where, when, and why changes occur.
SSFJUN01B
22
Slide 22
top
Less Specific
clear configure file help monitor set show etc.
More Specific
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 22
When you first log in to the CLI, the command-line interface is at the top level of the CLI's operational mode. This slide shows a view of the CLI's tree structure from the top of the operational mode, with an example of its cascading hierarchy through the show command. The show command is one of the most commonly used because it displays information ranging from interfaces (show interface) to hardware (show chassis) to protocols (show ospf neighbor). For the student with experience using IOS, a basic difference of Junos is that it does not use the keyword IP. So, many of the show commands you already know work if you drop this part of the command. For example, the IOS command show ip route simply becomes show route in Junos.
SSFJUN01B
23
Slide 23
Specifying Output
mike@jnpr1> show interfaces fe-1/1/1 ? Possible completions: <[Enter]> Execute this command brief Display brief output descriptions Display interface description strings detail Display detailed output extensive Display extensive output media Display media information snmp-index SNMP index of interface statistics Display statistics and detailed output terse Display terse output
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 23
The show command includes other arguments to modify the output. This slide displays the available arguments for the show interfaces command for the fe-1/1/1 Fast Ethernet interface. The question mark (?) helps you to complete commands, enabling you to navigate through the command hierarchy without referencing a CLI manual. In fact, question mark is your best friend while operating or configuring a Junos running device. You can add these options to adjust the output listings to what you need.
SSFJUN01B
24
Slide 24
mike@jnpr1> show interfaces fe-1/1/1 terse Interface Admin Link Proto Local Remote fe-1/1/1 up up at-1/3/0.0 up up inet 1.0.0.1 --> 1.0.0.2 iso
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 24
This slide illustrates the results of adding the keywords brief and terse to the show interfaces command.
SSFJUN01B
25
Slide 25
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 25
As you monitor and configure a device, you need to switch between the operational mode and configuration mode. When you change to configuration mode the command prompt changes from > to #. To switch from operational mode to configuration mode, issue the configure command. The [edit] banner shows your location at the top level of the configuration hierarchy. To exit back to operational mode, you issue the exit command.
SSFJUN01B
26
Slide 26
Less Specific
access chassis groups interfaces services system etc.
finger
ftp
netconf
ssh
telnet
etc.
More Specific
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 26
Configuration mode has a hierarchical structure logically grouping related configuration statements. This structure eases configuration set up, review, and changes by allowing you to more readily find and view related statements. The slide illustrates a portion of the configuration tree, with nodes such as system and interfaces at the 2nd level of the hierarchy. The configuration statement hierarchy includes two types of statements: container statements: which contain other statements, that is they have subordinate configuration levels. Each container statement represents a configuration stanza, which could include other configuration stanzas. A configuration stanza is represented by the content between curly brackets ({ and }). leaf statements: which do not contain other statements, that is they are at the end of a particular hierarchical path. Each leaf statement is located within a configuration stanza.
SSFJUN01B
27
Slide 27
 Indentation of subordinate levels  Container statements indicated by open and close curly brackets { }
 In the example, system and services are cascading container statements
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 27
The command-line interface displays the hierarchy of the configuration mode through specific syntax: Indicating hierarchy by indenting each subordinate level In this example, services is a subordinate of system, and ftp is a subordinate to services. Indicating container statements by open and close curly brackets. In the example, system and services are cascading container statements. Indicating leaf statements with a semicolon. In the example, ftp; is a leaf statement. Also, speaking of configuration stanzas, system is a configuration stanza and so is services.
SSFJUN01B
28
Slide 28
Hierarchy Flexibility
 View from the top of configuration mode
[edit] system { services { ftp; } }
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 28
The flexibility to work at a specific sublevel or stanza in the hierarchy is helpful when users want to focus on just a small portion of the configuration. For example, the two configuration statements shown for the FTP service are equal. In the first, you are looking at the statement from the root level of the hierarchy; and so the ftp; statement is shown in this listing within the system and services container statements. In the second example, you are viewing the ftp; statement from deeper level within the hierarchy. When you are in deeper levels of the hierarchy, the [edit] banner displays the entire hierarchical path. Here, the banner [edit system services] indicates a place of the hierarchy lying within services at the 3rd level, within system at the 2nd level, and within the root - first level. In this 2nd example, as you are deeper within the hierarchy. Whenever you view the configuration, the command-line only displays the ftp; statement. To determine where you are in the configuration hierarchy refer to the configuration command banner before entering configuration commands. While you can edit the configuration from the root directory, often it is easier to navigate to the area within the configuration you are changing prior to adding and removing commands.
SSFJUN01B
29
Slide 29
 up
Move up one level in the hierarchy To move up multiple levels, add an optional count
 top
Move to the top level in the hierarchy
 exit
Leave the current level of the configuration hierarchy, returning to the level prior to the last edit command If you enter exit from the top level of the configuration hierarchy, you exit configuration mode
 2010 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 29
The edit, up, top, and exit commands let you navigate the configuration tree. Use the edit command to jump to a specific location within the candidate configuration. The configuration mode banner changes to indicate your new location in the hierarchy. You must know the full hierarchical path. If you navigate to a hierarchy location that doesnt exist in your configuration yet, the CLI will create the hierarchy level. The up command allows you to move up levels in the hierarchy. By default, you move one level. You can add a number after the command to specify how many levels to move up. The top command takes you to the first hierarchy level. The exit command returns you to the hierarchy location prior to the last edit command. If you exit this command from the top level of the configuration hierarchy, you exit configuration mode. The organized structure of the command hierarchy eases movement from one level to another within the Junos CLI.
SSFJUN01B
30
Slide 30
 Go to end of line
 Go left one character  Go right one character  Go forward one word  Go backward one word  Delete character over cursor  Delete word after cursor  Delete word before cursor  Delete text from the cursor to end of the line  Delete the line  Paste the deleted text at cursor
Ctrl+e
Ctrl+b Ctrl+f Esc+f Esc+b Ctrl+d Esc+d Esc+backspace Ctrl+k Ctrl+u Ctrl+y
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 30
Fortunately for new (and experienced) users, the Junos CLI includes lots of shortcuts and ways to get help. Both configuration mode and operational mode offer options to shorten keystrokes. All standard Unix keyboard shortcuts are available to you when you are logged on to the Junos device. It may take a few days for these to become second nature; however, once you have the muscle memory, these keys can save you lots of typing time. The command-line interface stores every entered command in its command history. At any command prompt the up and down arrow keys let you scroll through this history. Re-use commands that you previously entered, or modify them as needed. Keyboard sequences can save you much time, for example, when you are configuring similar items on the device, or you are repeating operational commands, such as when you are debugging an issue.
SSFJUN01B
31
Slide 31
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 31
The CLI provides command completion to further speed your typing in both modes. Command completion automatically finishes partially typed commands, filenames, and user names, so you dont need to recall the exact syntax of the desired input string. Command completion is a big help to new users, easing their transition to the new command-line interface. The spacebar completes most CLI commands. The tab key not only completes CLI commands, but also filenames and user-defined variables such as policy names, community names, and IP addresses. When the completion of the command or argument is ambiguous, hitting space or tab lists the possible completions.
SSFJUN01B
32
Slide 32
Getting Help
[edit system] mike@jnpr1# set s? Possible completions: saved-core-context saved-core-files > services > static-host-mapping > syslog
Save context information for core files Number of saved core files per executable (1..64) System services Static hostname database mapping System logging facility
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 32
Query the command-line with the ? character at any level of the operational or configuration hierarchies for a list of available commands and a short description of each. Typing a partial command and the ? provides a list of all the valid ways to complete your command, as shown in this example. Using the ? in either of these ways is known as context-sensitive help in Junos lingo. For commands that require a filename as an argument, the question mark lists the files in the working directory. You can consider ? to be your best friend while navigating through Junos CLI.
SSFJUN01B
33
Slide 33
More Help
 help apropos
Displays help about a text string contained in a statement or command name
 help reference
Provides assistance with configuration syntax by displaying summary information for the statement
 help syslog
Displays information on specific syslog events
 help tip
Provides random tips for using the CLI
 help topic
Displays usage guidelines for configuration statements
 2010 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 33
When you want more information than provided by context-sensitive help, you can turn to the Junos technical documentation on your device through the help commands. Juniper loads it on new devices and includes it as a part of new upgrade builds. When requesting help, follow each of these help commands with the string or topic for which you're seeking information. The help files are divided into major categories. You can access these files in operational mode. Use: help apropos to display help about a text string contained in a statement or command name help reference to provide assistance with configuration syntax by displaying summary information for the statement help syslog to display information on specific syslog events help tip to provide random tips for using the CLI help topic to display usage guidelines for configuration statements
SSFJUN01B
34
Slide 34
Logging out
     
[edit protocols ospf] mike@jnpr1# exit configuration-mode Exiting configuration mode mike@jnpr1> exit logout Connection closed by foreign host.
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 34
When it's time to take a break, you must be in operational mode to log out completely from the device. So, if you are in configuration mode use the exit configuration-mode command to enter operational mode. Then, you can completely exit the CLI by entering the exit command in this mode.
SSFJUN01B
35
Slide 35
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 35
Lab 1- Intro to the CLI Log into the Junos CLI Explore the Junos OS CLI operational mode Lab instructions: https://www.juniper.net/partners/partner_center/common/training/downloads/pdfs/ssfjun1b_lab.pdf Enter Virtual Lab https://virtuallabs.juniper.net/
SSFJUN01B
36
Slide 36
Section Summary
 In this section, you have learned how to:
Introduce the Junos OS CLI Understand the difference between operational mode and configuration mode Navigate the command hierarchy Use command-line shortcuts and get help
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 36
In this section, you have learned how to: Introduce the Junos CLI Understand the difference between operational mode and configuration mode Navigate the command hierarchy Use command-line shortcuts and get help
SSFJUN01B
37
Slide 37
c) d)
Submit Submit
Clear Clear
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 37
SSFJUN01B
38
Slide 38
> character
# character * character } character
Submit Submit
Clear Clear
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 38
SSFJUN01B
39
Slide 39
Learning Activity 2, Question 3 What are three key functions of operational mode?
a) b) Monitor and troubleshoot the device Connect to other network systems Specify the types of events to track Control the CLI environment
c)
d)
Submit Submit
Clear Clear
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 39
SSFJUN01B
40
Slide 40
c) d)
confmode switch
Submit Submit
Clear Clear
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 40
SSFJUN01B
41
Slide 41
2009 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
The Junos CLI includes functionality not found in legacy network operating systems, such as Ciscos IOS. For example, did you know that the Junos CLI has some special features for protecting the network from configuration errors and mistakes? Sound helpful? Many of these features came from the inspiration and ideas of early Junos users who demanded a safer way to set up and make changes to their device configurations. This section introduces you to the ground breaking and specialized features of the Junos CLI. These are the reasons why so many users say that Junos saves them time (often lots of it), reduces repetitive tasks, and helps them to avoid very costly mistakes. In other words to enthusiastically agree that the Junos CLI rocks!
SSFJUN01B
42
Slide 42
Section Objectives
 After completing this section, you will be able to:
Present and demonstrate the Junos OS configuration process and its multiple safeguards Highlight the advantages of operating devices run by Junos OS Discuss features of the Junos OS CLI to automate operations
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 42
After completing this section, you will be able to: Present and demonstrate the Junos configuration process and its multiple safeguards Highlight advantage of operating devices run by Junos Discuss features of the Junos CLI to automate operations
SSFJUN01B
43
Slide 43
 Convenient deployment of standard configurations and policy language across the network
candidate configuration commit validated configuration
commit scripts commit validations
Load
commit confirmed
active configuration
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 43
The presented graphic outlines the basic steps to configure a Junos run device. Do you notice anything different from most other network operating systems? Foremost: configuration changes in Junos do not become active until you are ready. The Junos approach provides multiple safety nets that can save engineers hours of troubleshooting on those bad days when configuration updates can go horribly wrong potentially resulting in network collapses. Once they understand these safety nets, new users of Junos typically come to see the Junos CLI as much more user-friendly than other systems that have line-by-line entry and instant activation of configuration changes. Have you ever had to make line-by-line changes in other systems, knowing that you were creating intermediate risks, such as removing a firewall on an interface? Perhaps you have entered a single-line change that created unwanted or unexpected results that you could not easily revert. The Junos CLI protects you from these and other configuration headaches. To operate a device Junos uses the active configuration file. When a user changes a configuration file, he/she works with the candidate configuration file, which is different from the active one. In order for configuration changes to take place, the user must commit the candidate configuration file.
SSFJUN01B
44
Slide 44
Load
candidate configuration
validated configuration
commit scripts commit validations
1
active configuration
rollback
49
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 44
So what are the basic sets of the multi-stage Junos configuration process? Lets examine it in more details. First: enter changes in the candidate configuration The candidate configuration is a copy of the active configuration. You can enter configuration changes to the candidate through the CLI via cut and paste, load or merge a text file with the updated configuration changes, or enter the changes by hand through the CLI interface. After making all your candidate changes, you can review your work, including comparing the candidate to the active running file. Second: commit you changes, sending off a copy of the candidate to become the active configuration Before finalizing the changeover, the software checks for certain statements within the candidate and performs other context validations. If the device includes pre-loaded commit scripts, these scripts will also check and possibly correct errors within the candidate configuration. Third: the candidate becomes the active configuration The candidate configuration becomes the active configuration and the device places the previous active configuration into an archive of up to 49 of the past active configurations, which you can access through the rollback command. Well explore explore each of these steps further in this section.
SSFJUN01B
45
Slide 45
 Use configure exclusive when you want to prohibit others from also making changes while you are in mike@jnpr1> configure exclusive be discarded on exit configuration mode warning: uncommitted changes will
Entering configuration mode
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 45
To enter configuration mode, Junos provides several options. These options give users different ways to manage who is making changes and when. If users enter configuration mode with the base command: configure, as discussed in the prior section, then they are in standard configuration mode. Standard mode allows any number of users to edit the candidate configuration simultaneously, and changes made by a single user are visibly shared by all users, any of whom will activate all changes if they enter a commit command. Alternatively, Junos offers the options to configure private or configure exclusive. These prevent one user from inadvertently activating another users changes before they are ready. In private mode, the device keeps a separate candidate copy holding only the changes by the private user. In exclusive mode, the command-line locks all other users out of configuration mode until the exclusive user closes the exclusive state. These two configuration options are very handy when multiple users can change the candidate configuration of a device.
SSFJUN01B
46
Slide 46
show Command
 List the complete candidate from the top of configuration mode
[edit] mike@juniper1# show version "9.2R1.3"; groups { re0 { system { jnpr1-name jnpr1; } } } 
 List a specific subset of the candidate configuration from a deeper level of the hierarchy
[edit interfaces ge-5/0/0] mike@jnpr# show gigether-options { flow-control; auto-negotiation; } unit 0 { family inet { address 1.2.3.4/28; } }
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 46
Initially, before any changes are entered, the candidate configuration is the same as the active running configuration of the device. To display the candidate configuration, use the show command in configuration mode. When entered from the top of the configuration hierarchy, the CLI displays the entire candidate configuration, as shown in the abbreviated listing of the example on the left. Deeper in the hierarchy, the show command displays the configuration from the current hierarchy level and below, as show in the example on the right. Note: You may have noticed that configuration mode uses the show command in a different way than operational mode. The commands of each mode are independent of each other, and so the show command represents different actions in each.
SSFJUN01B
47
Slide 47
set Command
 From the top of configuration mode
[edit] mike@jnpr1# set system mike@jnpr1# set system mike@jnpr1# set system mike@jnpr1# set system services services services services finger ftp ssh telnet [edit] system { services { finger; ftp; ssh; telnet; } }
 From a sublevel
[edit system services] mike@jnpr1# set finger mike@jnpr1# set ftp mike@jnpr1# set ssh mike@jnpr1# set telnet
Either adds
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 47
You can create or change the candidate configuration by entering a series of commands, including those to add and remove configuration statements. The set command inserts a statement and values into the candidate configuration. While you can edit the candidate from the root directory, as shown in the top example, often it is easier to navigate to the area within the configuration you are changing prior to adding and removing commands. This is shown in the second example where changes are entered in the [edit system services] sublevel of the hierarchy. Either approach adds the same lines, shown on the right.
SSFJUN01B
48
Slide 48
delete Command
 Remove a statement along with any subordinate statements
Deleting a statement effectively returns the affected device, protocol, or service to an unconfigured state Deleting a container statement removes everything under that level of the hierarchy
[edit] mike@jnpr1# delete system services [edit] system { }
Now
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 48
The delete command removes statements from the candidate configuration. In this example, we delete what we just added in the prior slide. Deleting a statement effectively returns the affected device, protocol, or service to an unconfigured state. Deleting a container statement removes everything under that level of the hierarchy. So, be cautious here!! Remember the delete command removes all subordinate statements and identifiers. For example, if you entered the simple command: delete protocols from the top of the CLI hierarchy; you would remove all the protocols configured in your candidate file. Know where you are at in the hierarchy and what all you are removing when you issue a delete statement!
SSFJUN01B
49
Slide 49
compare Configurations
 Display the differences between the candidate and active configuration
Options to show any two configurations
[edit system services] mike@jnpr1# show | compare - ssh; + telnet; - web-management { http { port 8080; } -}
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 49
Have you ever entered changes to a configuration and then wanted to review them? The compare command provides a convenient way to display the configured differences (and only these differences) between the candidate configuration file and the active running configuration of the device (or any other configurations you might choose). The CLI indicates new lines in the candidate with a plus (+) sign and those removed with a minus (-) sign. In this example, the user has enabled telnet within system services and also removed ssh and web-management.
SSFJUN01B
50
Slide 50
commit check
 Check that the device will accept your candidate
Validates the logic and completeness of the candidate without activating the changes
[edit] mike@jnpr1# commit check [edit interfaces lo0 unit 0 family inet] 'address 192.168.69.1/24' Loopback addresses' prefix must be 32 bits error: configuration check-out failed
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 50
The CLI also provides a command to check that the system can process your candidate configuration. The commit check command validates the logic and completeness of the candidate semantics without activating any changes. These are the same validations which run when you commit a candidate. If the system finds a problem in the candidate configuration, it lets you know, as the example above.
SSFJUN01B
51
Slide 51
commit
 Activates the candidate to become the running configuration of the device
If the validation checks find any errors, you must fix these before the candidate can become the active file
[edit] Add Bullets mike@jnpr1# commit error: Policy error: Policy my-policy referenced but not defined error: BGP: export list not applied error: configuration check-out failed
 The commit complete message tells you that the new configuration is now active
[edit] mike@jnpr1# commit commit complete
 2010 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 51
The candidate file is only the proposed configuration, and your device does not use any of this configuration until you issue a commit command. After you have entered all desired changes, and you have double checked your work, you are ready to activate your candidate as the active running configuration. To activate the candidate configuration, enter the commit command. Before actually activating the candidate configuration, Junos checks basic syntax and semantics. For example, the software makes sure that a policy has been defined before it is referenced. If any syntax or semantic problems are found, the commit command returns an error. You must fix all mistakes before the candidate (or any part of the candidate) can become active. The commit complete message tells you that the new configuration is up and running on the device.
SSFJUN01B
52
Slide 52
Commit confirmed
 Automate rollback in remote devices
Commit a candidate configuration for a limited time
[edit] mike@jnpr1# commit confirmed commit confirmed will be automatically rolled back in 10 minutes unless confirmed commit complete
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 52
Are you among those of us who have made the mistake of adding security to a remote box, only to discover the new firewall locked you out of the very interface that you were using to access the device? Do you have a story about the time you accidently isolated a remote box and then had to jump in the car and drive twoand-a-half hours in the middle of the night just to reset it? The commit confirmed command can prevent costly configuration mistakes by automatically rolling back problematic configurations. The commit confirmed command commits a candidate configuration for 10 minutes. Then if you don't follow up with a second commit, the device automatically rolls back to the previous configuration. You can use the commit confirmed command anytime you want a safety net against potential configuration problems. If you do not confirm the configuration by entering a second commit command, the CLI will roll back the device to the previous active configuration at the end of the 10 minutes (or other interval you specify). In this way, if you have accidently isolated the device, you simply need to wait for the roll back instead of agonizing over how you are going to otherwise undo your mistake.
SSFJUN01B
53
Slide 53
Rollback
 Use rollback (or rollback 0 ) to reset the candidate configuration to the currently active configuration
 rollback 1 loads the previously active configuration  rollback n loads the nth previous active configuration  rollback rescue loads the previously created rescue file
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 53
Whenever you commit the candidate as the new active configuration, Junos automatically saves a copy of the replaced active file. As you store each newly replaced configuration, all the prior configuration files move back one version number further in the configuration archive. Each device can store up to 50 of the most recently active versions. This number includes the current active configuration (also known as rollback 0). You can access this configuration archive using the rollback command to restore your candidate configuration. Reset your candidate to match the active running configuration by entering rollback or rollback 0. Return to the most recently previous configuration file using the rollback 1 command, or add any other number between 2 and 49 to go back to an even older version of the configuration. The rollback command loads the requested archive as the candidate file. You can also create a rescue configuration of a known working configuration so that you can rollback to it when all else fails. If you want to use the rollback file immediately, first make sure it's what you want by using the show command, and then activate it with the commit command. That last bit was important. Dont forget to complete a rollback for the active configuration of the device, you must also commit it. This automatic backup mechanism lets you return quickly to a previous configuration for immediate use or for fast updates.
SSFJUN01B
54
Slide 54
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 54
Lab 2 Configuring the CLI *Explore the Junos OS CLI configuration mode *Save, view, and use a rescue configuration Lab instructions: https://www.juniper.net/partners/partner_center/common/training/downloads/pdfs/ssfjun1b_lab.pdf Enter Virtual Lab https://virtuallabs.juniper.net/
SSFJUN01B
55
Slide 55
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 55
Unlike other systems Junos lets you prepare for an installation before actually installing the hardware. The software simply ignores any parts of the running configuration which are irrelevant to the existing hardware installation. Whenever the hardware becomes available, the newly added section of the configuration then becomes active. The option to set up a configuration prior to hardware install is quite useful, especially when the person installing the hardware is different than the person configuring the device, a common occurrence for remote boxes. Here is a configuration for fe-3/0/0, which will be installed tomorrow. Sometimes you want to prepare configuration changes for activation at a specific time, such as during a maintenance window. The commit at command provides this option. You can also make configuration changes and mark them as inactive until you are ready to use them by using the deactivate command.
SSFJUN01B
56
Slide 56
 rename changes the value of a user-defined variable or the name to a user-defined element
[edit interfaces] mike@jnpr1# rename se-0/0/1 unit 0 family inet address 10.0.22.1/24 to address 10.0.36.2/24
 2010 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 56
A typical configuration includes many similar elements named and defined by the user, such as interface names, policy statements, and firewall filters. The Junos CLI includes commands to duplicate and quickly change the configurations of these user-defined variables. The copy command duplicates a configuration statement along with all the subordinate statements configured underneath it. In using the command, you copy the configuration associated with one userdefined element to a new, similarly configured element. You then modify that second element with any needed changes. The rename command is a convenient shortcut when you need to alter the value of a user-defined variablesuch as policy names, filter names, IP addressesor to change the name of a user-defined element. The example on this slide illustrates a very useful technique for configuring similar interfaces, where only IP addresses are different. First, you create identical configuration of se-0/0/1 based on the se-0/0/2 interface. Then, you change the ip address of the newly created se-0/0/1 interface by deleting the ip address of the copied se-0/0/2 interface and setting the ip address for the se-0/0/1 interface, which is 10.0.36.2/24. Also, you can use the rename command to change the ip address of the newly created interface, thereby achieving the same result, as indicated on this slide.
SSFJUN01B
57
Slide 57
Powerful | Pipe
 Filter output in both operational and configuration mode  Sends output of one command as input to another  Examples:
Use to redirect output of a command to a file
 Useful for re-using sections of configurations across many devices
mike@jnpr1> request support information | save <filename> Wrote 1143 lines of output to filename
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 57
The pipe | character lets you filter output in both operational and configuration modes. Pipe makes it possible to display specific information in a single command step, sending the output of one command as input to another, or redirecting the output to a file. The output of the command to the left of the pipe symbol serves as input to the command or file to the right of the pipe. The first example shown on the slide creates a file that stores the output of the request support information command of the operational mode by piping its output to a filename. In the second, | count counts the number of lines in the output. Many more examples for using pipe are available in the Junos technical documentation and other reference resources.
SSFJUN01B
58
Slide 58
Run is Cool
 Issue operational mode commands while in configuration mode
[edit] mike@jnpr1# run show interfaces Physical interface: fe-4/0/2, Enabled, Physical link is Up Interface index: 137, SNMP ifIndex: 29 Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Interface flags: SNMP-Traps 16384 Link flags : 4 CoS queues : 8 supported <. . .>
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 58
The run command lets you issue CLI operational mode commands while in configuration mode. Just add the keyword run before any operational mode command that you want to execute while you are inside the configuration mode. For example, entering the run show interfaces command displays the output as if show interfaces had been entered from operational mode. Here we show an abbreviated listing of the output.
SSFJUN01B
59
Slide 59
 Flow accounting
 cflowd and rich filtering  Active monitoring, passive monitoring, port mirroring
 Health monitor
 Extends the Remote Network Monitoring (RMON) alarm infrastructure with minimum user configuration
 2010 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 59
Juniper devices provide extensive on-board instrumentation that enables customers to proactively gather status information. Self-monitoring allows continuous feedback and lets administrators capture networkwide down to highly granular perspectives on the operations of the network. Junos-based platforms come with sufficient processing power to collect and store critical operational data that help you to understand how a device operates in normal conditions and where, when, and why changes occur. Available tools for automating network monitoring include: Real-time performance monitoring: Measures the performance of traffic as it travels between network devices. The RPM probes can collect round-trip time minimums, averages, maximums, jitter, and other data on both a per-destination and application basis. Flow accounting: Provides a method for collecting traffic flow statistics, enabling operations teams to track link utilization for capacity planning, security analysis, fault isolation, internal billing, and more. You can gather statistics on an individual physical device, logical device, interface, or subinterface. Health monitor: Notifies your network management system (NMS) when something requires attention. Health monitor extends the Remote Network Monitoring (RMON) alarm infrastructure of Junos with minimum user configuration requirements, by providing predefined monitoring of the operating system processes and device hardware, for example: file system usage, CPU usage, and memory usage.
SSFJUN01B
60
Slide 60
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 60
The logging and tracing operations of Junos allow administrators to find out about events that occur in the device normal operations, as well as error conditions. You can use the following tools to discover, trace, and analyze the sequence of events leading to network or device issues for fast resolution. System logging: Generates system log messages (syslog messages) for recording events that occur on the device, including hardware and within the processes of the operating system. A few examples, among the thousands that we can cite: an interface starting up, login failure, or hardware failure conditions. Trace logging (also called traceoptions): Provides a wide range of variables for observing network and system events specific to operations, such as protocol operations. Note that traceoptions is similar to the debug function in IOS. Examples of trace logging include BGP state changes, graceful restart events, and even tracking SNMP operations and statistics. Trace logging is a valuable tool when you need to find out whats going on in your device.
SSFJUN01B
61
Slide 61
Junos OS Automation
Business Rules Automation
Enforce compliance check and change management to avert human factors
Provisioning Automation
Operations Automation Event Automation
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 61
Junos automation can be provisioned with four criteria in mind: Business; Provisioning; Operations; and Event. The business criterion enforces compliance check and change management to avert human factors. The provisioning criterion is aimed to simplify and abstract complex configurations. The operations criterion is aimed to allow custom outputs to ease migration and facilitate quick diagnosis of network/hardware problems. The event criterion automates pre-defined response to events for self-monitoring networks. You can see that the four criteria are aimed to ease operations, ensure network availability and scalability.
SSFJUN01B
62
Slide 62
scripts
 Operations-mode automation
 Build custom operational commands  Automate remediation steps/guidance
 Custom notifications, further diagnosis, or corrective actions  Correlate specific events and perform a set of actions
Junos management
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 62
Junos command automation is available in configuration and operation modes. In the configuration mode command automation prevents configuration errors and enforces compliance to pre-defined policies and procedures. In the operations mode command automation allows you customize operational commands, and automate custom-defined notifications, diagnosis, or corrective actions, correlating specific events and actions.
SSFJUN01B
63
Slide 63
SSFJUN01B
www.juniper.net | 63
In summary, the Junos CLI offers multiple specialized features that are not found in many other network operating systems. In configuration mode: configure private and configure exclusive let engineers manage who is changing the device and when. The commit model lets engineers enter configuration changes in a candidate file. The approach provides multiple safety nets that can prevent configuration problems and save hours of troubleshooting. The compare command lets engineers review their changes, looking for any last-minute typos or omissions, by comparing two different configurations, yet again providing safety nets ensuring maximum network availability. rollback restores the rescue or any of the prior 50 configurations. Preconfigure a device before hardware install or specify a time for changes to become active. A rich set of text editing tools saves engineers lots of typing, including the power of the copy and rename commands to repurpose existing configuration elements. Commit scripts to customize validation of configurations and define time-saving macros. In operational mode, the highlights include: Powerful monitoring and diagnostic tools that engineers can use without harming device performance. Various scripts and event policies to automate event detection and troubleshooting as well as restoration to normal operations.
SSFJUN01B
64
Slide 64
Section Objectives
 In this section, you have learned how to:
Present and demonstrate the Junos configuration process and its multiple safeguards Highlight the advantages of operating devices run by Junos Discuss features of the Junos CLI to automate operations
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 64
In this section, you have learned how to : Present and demonstrate the Junos configuration process and its multiple safeguards Highlight advantage of operating devices run by Junos Discuss features of the Junos CLI to automate operations
SSFJUN01B
65
Slide 65
Learning Activity 3, Question 1: True or False: As soon as you edit the configuration file and press Enter the changes are implemented on your device.
a) b) True False
Submit Submit
Clear Clear
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 65
SSFJUN01B
66
Slide 66
d)
Submit Submit
Clear Clear
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 66
SSFJUN01B
67
Slide 67
b)
c)
d)
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 67
SSFJUN01B
68
Slide 68
Learning Activity 3, Question 4: True or False: Junos-based platforms come with sufficient processing power to collect and store critical operational data.
a) b) True False
Submit Submit
Clear Clear
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 68
SSFJUN01B
69
Slide 69
2009 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Junos supports various standards-based routing protocols. This section provides a quick overview of basic routing, overviewing the differences between static and dynamic routing.
SSFJUN01B
70
Slide 70
Section Objectives
 In this section, you will:
Compare and contrast routing and forwarding tables Describe routing instances Describe static routing and its configuration using Junos OS Describe dynamic routing
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 70
Upon completion of this section, you will be able to: Compare and contrast routing and forwarding tables; Describe routing instances; Describe static routing and its configuration using Junos; and Describe dynamic routing.
SSFJUN01B
71
Slide 71
What Is Routing?
 The process of moving data between Layer 3 networks
Server A
Internet
Server B
User A
= Router = Switch
User B
Data center
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 71
A Basic Definition of Routing Routing, in its most basic form, is the process of moving data between Layer 3 networks. The sample topology on the slide consists of several Layer 3 networks, all connected to routers. Although routers are the most common devices for performing routing operations, note that many switches and security devices also perform routing operations. Note also that the Internet is actually a collection of many networks rather than a single network. We look at the required components of routing and how devices running Junos Software make routing decisions on subsequent slides within this section.
SSFJUN01B
72
Slide 72
Components of Routing
 For a device to communicate with another device in a remote network, the following requirements exist:
End-to-end communications path Routing information on participating Layer 3 devices
Internet
User A
= Router = Switch
User B
Data center
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 72
Routing Components You must consider several components and other aspects to effectively implement routing between remote networks. However, you can classify the various components and considerations into two primary requirementsend-to-end communications path and ensuring all Layer 3 devices within the communications path have the required routing information. In the example shown on the slide, you can see that a physical path exists between the highlighted networks and the Internet. As long as the physical path is configured and functioning correctly, the first requirement is satisfied. For the second requirement, all Layer 3 devices participating in the communications path must have the necessary routing information. The devices within the user and data center networks must have the proper gateway configured (the router that connects to those networks as well as the Internet). The gateway device must determine the proper next hop for each destination prefix for transit traffic it receives. Devices running Junos Software use the forwarding table, which is a subset of information found in the route table, to make this determination. We discuss the route and forwarding tables next.
SSFJUN01B
73
Slide 73
OSPF
Routing table
Direct Static
Forwarding table
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 73
Routing Information Sources The Junos Software routing table consolidates prefixes from multiple routing information sources including various routing protocols, static routes, and directly connected routes. Active Route Selection When a device running Junos Software receives multiple routes for a given prefix, it selects a single route as the active route. With additional configuration, Junos Software supports multiple, equal-cost routes. Forwarding Table The router uses the active route for each destination prefix to populate the forwarding table. The forwarding table determines the outgoing interface and Layer 2 rewrite information for each packet forwarded by a device running Junos Software. Multiple Routing Tables Devices running Junos Software can accommodate multiple routing tables. The primary routing table, inet.0, stores IPv4 unicast routes. Additional predefined routing tables exist, such as inet6.0, which Junos Software creates when required by the configuration. The following is a summary of the common predefined routing tables you might see on a device running Junos Software: inet.0: Used for IPv4 unicast routes; inet.1: Used for the multicast forwarding cache; inet.2: Used for MBGP routes to provide reverse path forwarding (RPF) checks; inet.3: Used for MPLS path information; inet.4: Used for MSDP route entries; inet6.0: Used for IPv6 unicast routes; and mpls.0: Used for MPLS next hops.
SSFJUN01B
74
Slide 74
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 74
The following is a summary of the common predefined routing tables you might see on a device running Junos OS : inet.0: Used for IPv4 unicast routes; inet.1: Used for the multicast forwarding cache; inet.2: Used for MBGP routes to provide reverse path forwarding (RPF) checks; inet.3: Used for MPLS path information; inet.4: Used for MSDP route entries; inet6.0: Used for IPv6 unicast routes; and mpls.0: Used for MPLS next hops.
SSFJUN01B
75
Slide 75
Route Preference
 Ranks routes received from different sources  Primary criterion for selecting the active route
Used as a tiebreaker when same destination prefix is available through multiple sources
Route Preference Values
Default preference
Direct Local Static OSPF internal RIP OSPF AS external BGP (both EBGP and IBGP)
More Preferred
Less Preferred
SSFJUN01B
www.juniper.net | 75
Preferred Routing Information Sources Junos OS uses route preference to differentiate routes received from different routing protocols or routing information sources. Route preference is equivalent to administrative distance on equipment from other vendors. Selecting the Active Route Route preference is similar to Ciscos administrative distance setting. Junos OS uses route preference to rank routes received through the various route information sources and as the primary criterion for selecting the active route. The table at the bottom of the slide shows the default preference values for a selected set of routing information sources. Of course, any default can be changed.
SSFJUN01B
76
Slide 76
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 76
Viewing the Route Table The slide shows the use of the show route command, which displays all route entries in the routing table. As identified on the slide, all active routes are marked with an asterisk (*) next to the selected entry. Each route entry displays the source from which the device learned the route, along with the route preference for that source. The show route command displays a summary of active, holddown, and hidden routes. Active routes are the routes the system uses to forward traffic. Holddown routes are routes that are in a pending state before the system declares them as inactive. Hidden routes are routes that the system cannot use for reasons such as an invalid next hop and route policy. You can filter the generated output by destination prefix, protocol type, and other distinguishing attributes. The following sample capture illustrates the use of the protocol filtering option: user@host> show route protocol ospf inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.1.1.0/24 224.0.0.5/32 [OSPF/10] 04:57:41, metric 2 > to 172.18.25.2 via ge-0/0/13.0 *[OSPF/10] 05:00:58, metric 1 MultiRecv
SSFJUN01B
77
Slide 77
OSPF
DirectStatic
Routing Table
Forwarding Table
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 77
The Forwarding Table The forwarding table stores a subset of information from the routing table. Within the forwarding table, you can find the details used by a device running Junos OS to forward packets such as the learned destination prefixes and the outgoing interfaces associated with each destination prefix. You use the show route forwarding-table CLI command to view the forwarding table contents. Note that the Junos OS kernel adds some forwarding entries and considers them permanent in nature. One such example is the default forwarding entry, which matches all packets when no other matching entry exists. When a packet matches this default forwarding entry, the router discards the packet and it sends an ICMP destination unreachable message back to the sender. If you configured a user-defined default route, the router uses it instead of the permanent default forwarding entry. Some examples of forwarding entries are remote addresses directly reachable through an interface, routes installed by the kernel when the routing table initializes, routes installed by the routing protocol process or as a result of the configuration, and local address on an interface.
SSFJUN01B
78
Slide 78
Forwarding plane
FT
Packets in Packets out
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 78
Determining the Next Hop When a packet enters a device running Junos OS , it compares that packet against the entries within the forwarding table to determine the proper next hop. If the packet is destined to the local device, Junos OS processes the packet locally. If the packet is destined to a remote device and a valid entry exists, the device running Junos OS forwards the packet out the next-hop interface associated with the forwarding table entry. If multiple destination prefixes match the packets destination, Junos OS uses the most specific entry (also called longest match) when forwarding the packet to its destination. In situations where no matching entry exists, the device running Junos OS responds to the source device with a destination unreachable notification.
SSFJUN01B
79
Slide 79
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 79
Overview of Routing Instances Junos OS logically groups routing tables, interfaces, and routing protocol parameters to form unique routing instances. The device logically keeps the routing information in one routing instance apart from all other routing instances. The use of routing instances introduces great flexibility because a single device can effectively imitate multiple devices.
SSFJUN01B
80
Slide 80
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 80
Master Routing Instance Junos OS creates a default unicast routing instance called the master routing instance. By default, the master routing instance includes the inet.0 route table, which the device uses for IPv4 unicast routing. The software creates other route tables, such as inet6.0, adds them to their respective routing instance, and displays them when required by the configuration. The Junos OS also creates private routing instances, which the device uses for internal communications between hardware components. You can safely ignore these instances and their related information when planning your network.
SSFJUN01B
81
Slide 81
 Note: Actual routing instance types vary between platforms running Junos OS; Check product documentation for actual support
 2010 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 81
User-Defined Routing Instances For added flexibility, Junos OS allows you to configure additional routing instances under the [edit routinginstances] hierarchy. User-defined routing instances can be used for a variety of different situations and provide users a great amount of flexibility in their respective environments. We also commonly refer to filter-based forwarding as policy-based routing (PBR). Some typical uses of user-defined routing instances include filter-based forwarding (FBF), Layer 2 and Layer 3 VPN services, and system virtualization. The following are some of the common routing instance types: forwarding: Used to implement filter-based forwarding for common Access Layer applications; l2vpn: Used in Layer 2 VPN implementations; no-forwarding: Used to separate large networks into smaller administrative entities; virtual-router: Used for non-VPN-related applications such as system virtualization; vpls: Used for point-to-multipoint LAN implementations between a set of sites in a VPN; and vrf: Used in Layer 3 VPN implementations. Note that the actual routing instance types vary between platforms running Junos OS . Be sure to check the technical documentation for your specific product.
SSFJUN01B
82
Slide 82
Configuration Example
 Routing instance configuration example:
[edit routing-instances new-instance] Routing instance name is user-defined user@host# show instance-type virtual-router; Routing instance type interface ge-0/0/0.0; Define interfaces under the [edit interface ge-0/0/1.0; interfaces] hierarchy and reference interface lo0.1; them under the routing instance routing-options { static { route 0.0.0.0/0 next-hop 172.26.25.1; } } protocols { ospf { area 0.0.0.0 { interface ge-0/0/0.0; interface ge-0/0/1.0; interface lo0.1; } } }
 2010 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 82
Configuration Example: Routing Instances The slide illustrates a basic routing instance configuration example.
SSFJUN01B
83
Slide 83
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 83
Working with Routing Instances: Part 1 Once you configure a routing instance and the device learns routing information within the instance, Junos OS automatically generates a route table. If you use IPv4 routing, the software creates an IPv4 unicast routing table. The name of the route table uses the format instance-name.inet.0, where instance-name is the name of the routing instance within the configuration. Likewise, if you use IPv6 within the instance, the software creates an IPv6 unicast routing table and it follows the format instance-name.inet6.0. As illustrated on the slide, to view a routing table associated with a specific routing instance, you simply use the show route table table-name CLI command.
SSFJUN01B
84
Slide 84
Remote
--> 0/0
user@host> ping 172.26.25.1 rapid count 25 routing-instance new-instance PING 172.26.25.1 (172.26.25.1): 56 data bytes !!!!!!!!!!!!!!!!!!!!!!!!! --- 172.26.25.1 ping statistics --25 packets transmitted, 25 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.014/1.875/2.073/0.285 ms
user@host> traceroute 192.168.100.25 routing-instance new-instance traceroute to 192.168.100.25 (192.168.100.25), 30 hops max, 40 byte packets 1 192.168.100.25 (192.168.100.25) 4.536 ms 4.503 ms 2.209 ms
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 84
Working with Routing Instances: Part 2 You can filter many of the common outputs generated through CLI show commands by referencing the name of a given routing instance. The first example on the slide shows a practical way of viewing interfaces that belong to a specific routing instance. You can also source traffic from a specific routing instance by referencing the name of the desired routing instance. The last two examples on the slide show this option in action with the ping and traceroute utilities.
SSFJUN01B
85
Slide 85
Static Routes
 Manually configured routes added to routing table
Defined under [edit routing-options] hierarchy
.1
.2
.1
Internet
172.30.25.0/30 192.168.63.14 user@host> show route 192.168.63.14 inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both
0.0.0.0/0
SSFJUN01B
www.juniper.net | 85
Static Routes Static routes are used in a networking environment for multiple purposes, including a default route for the autonomous system (AS) and as routes to customer networks. Unlike dynamic routing protocols, you manually configure the routing information provided by static routes on each router or multilayer switch in the network. All configuration for static routes occurs at the [edit routing-options] level of the hierarchy. Next Hop Required Static routes must have a valid next-hop defined. Often that next-hop value is the IP address of the neighboring router headed toward the ultimate destination. On point-to-point interfaces, you can specify the egress interface name rather than the IP address of the remote device. Another possibility is that the next-hop value is the bit bucket. This phrase is analogous to dropping the packet off the network. Within Junos Software, the way to represent the dropping of packets is with the keywords reject or discard. Both options drop the packet from the network. The difference between them is in the action the device running Junos Software takes after the drop action. If you specify reject as the next-hop value, the system sends an ICMP message (the network unreachable message) back to the source of the IP packet. If you specify discard as the next-hop value, the system does not send back an ICMP message; the system drops the packet silently. By default, the next-hop IP address of static routes configured in Junos Software must be reachable using a direct route. Unlike with software from other vendors, Junos Software does not perform recursive lookups of next hops by default. Static routes remain in the routing table until you remove them or until they become inactive. One possible scenario in which a static route becomes inactive is when the IP address used as the next hop becomes unreachable.
SSFJUN01B
86
Slide 86
Restricts route from being advertised into a routing protocol through routing policy; Highly suggested for static routes used for management traffic
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 86
Configuration Example: Static Routing The slide illustrates the basic configuration syntax for IPv4 and IPv6 static routes. The slide also highlights the no-readvertise option which prohibits the redistribution of the associated route through routing policy into a dynamic routing protocol such as OSPF. We highly suggest that you use the noreadvertise option on static routes that direct traffic out the management Ethernet interface and through the management network. Note that IPv6 support varies between Junos OS platforms. Be sure to check the technical documentation for your specific product for support information.
SSFJUN01B
87
Slide 87
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 87
Monitoring Static Routing The slide shows the basic verification steps when determining proper operation of static routing.
SSFJUN01B
88
Slide 88
Host-B .5 .6 172.25.1.4/30
Host-C .1 172.20.3.0/24
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 88
Resolving Indirect Next Hops By default, Junos OS requires that the next-hop IP address of static routes be reachable using a direct route. Unlike software from other vendors, Junos OS does not perform recursive lookups of next hops by default. As illustrated on the slide, you can alter the default next-hop resolution behavior using the resolve CLI option. In addition to the resolve CLI option, a route to the indirect next hop is also required. Indirect next hops can be resolved through another static route or through a dynamic routing protocol. We recommend, whenever possible, that you use a dynamic routing protocol as your method of resolution. Using a dynamic routing protocol, rather than a static route to resolve indirect next hops, dynamically removes the static route if the indirect next hop becomes unavailable.
SSFJUN01B
89
Slide 89
Network A 172.29.100.0/24
.2 .1
se-1/0/0
primary secondary
.1
Internet
.6
.5
172.30.25.4/30
[edit routing-options] user@host# show static { route 0.0.0.0/0 { next-hop 172.30.25.1; qualified-next-hop 172.30.25.5 { preference 7; } } }
 2010 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 89
Qualified Next Hops The qualified-next-hop option allows independent preferences for static routes to the same destination. The slide shows an example using the qualified-next-hop option. In the sample configuration shown on the slide, the 172.30.25.1 next hop assumes the default static route preference of 5, whereas the qualified 172.30.25.5 next hop, uses the defined route preference of 7. All traffic using this static route uses the 172.30.25.1 next hop unless it becomes unavailable. If the 172.30.25.1 next hop becomes unavailable, the device uses the 172.30.25.5 next hop. Some vendors refer to this implementation as a floating static route.
SSFJUN01B
90
Slide 90
Dynamic Routing
 Method of dynamically learning routing information  Dynamic routing has the following benefits:
Lower administrative overhead Increased network availability Greater network scalability
Static routing
Dynamic routing
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 90
Dynamic Routing Static routing is ideal in small networks where only a few routes exist or in networks where absolute control of routing is required. However, static routing has certain drawbacks that might make it cumbersome and hard to manage in large environments where growth and change are constant. For large networks or networks that change regularly, dynamic routing might be the best option. With dynamic routing, you simply configure the network interfaces to participate in a routing protocol. Devices running routing protocols can dynamically learn routing information from each other. When a device adds or removes routing information for a participating device, all other devices automatically update. Benefits of Dynamic Routing Dynamic routing resolves many of the limitations and drawbacks of static routing. Some of the general benefits of dynamic routing include: Lower administrative overhead: The device learns routing information automatically, which eliminates the need for manual route definition; Increased network availability: During failure situations, dynamic routing can reroute traffic around the failure automatically (the ability to react to failures when they occur can provide increased network uptime); and Greater network scalability: The device easily manages network growth by dynamically learning routes and calculating the best paths through a network.
SSFJUN01B
91
Slide 91
IGP
IGP IBGP
IGP
AS 64512
AS 65535
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 91
A Summary of Dynamic Routing Protocols Our main objective is to provide a basic summary of dynamic routing protocols. Advanced coverage of routing protocols is outside the scope of this class. The slide provides a high-level summary of Interior Gateway Protocols (IGPs) and Exterior Gateway Protocols (EGPs).
SSFJUN01B
92
Slide 92
AS 64512
Area 0.0.0.1
Area 0.0.0.0
Area 0.0.0.2
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 92
OSPF Protocol OSPF is a link-state routing protocol designed for use within an AS. OSPF is an IGP. Link-state protocols allow for faster reconvergence, support larger internetworks, and are less susceptible to bad routing information than distance-vector protocols. It is common to refer to distancevector protocols learning as learning by rumor, where a router learns about prefixes from neighboring routers perspectives. Routers using link-state routing protocols learn network topology by propaganda, where they learn the topology from all the routers directly. Devices running OSPF send out information about their network links and the state of those links to other routers in the AS. This information transmits reliably to all other routers in the AS by means of link-state advertisements (LSAs). The other routers receive this information, and each router stores it locally. This total set of information now contains all possible links in the network. In addition to flooding LSAs and discovering neighbors, a third major task of the link-state routing protocol is establishing the link-state database. The link-state (or topological) database stores the LSAs as a series of records. The important information for the shortest path determination process is the advertising routers ID, its attached networks and neighboring routers, and the cost associated with those networks or neighbors. OSPF uses the shortest-path-first (SPF) algorithm (also called the Dijkstra algorithm) to calculate the shortest paths to all destinations. It does this calculation by calculating a tree of shortest paths incrementally and picking the best candidate from that tree. OSPF uses areas to allow for a hierarchical organization and facilitate scalability. An OSPF area is a logical group of routers. The software can summarize the routing information from an OSPF area and the device can pass it to the rest of the network. Areas can reduce the size of the link-state database on an individual router. Each OSPF router maintains a separate link-state database for each area to which it is connected. The link-state database for a given area is identical for all participating routers within that area. To ensure correct routing knowledge and connectivity, OSPF maintains a special area called the backbone area. OSPF designates the backbone area as Area 0.0.0.0. All other OSPF areas must connect themselves to the backbone for connectivity. All data traffic between OSPF areas must transit the backbone.
SSFJUN01B
93
Slide 93
OSPF Area 0
ge-0/0/2 .1 .10 172.25.1.0/30 .2
172.20.1.0/24
.1 ge-0/0/3
172.20.2.0/24
.5
ge-0/0/1
.6
172.20.3.0/24
 2010 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 93
Case Study: Objective and Topology The slide provides the objective and sample topology used in this case study.
SSFJUN01B
94
Slide 94
Specify the logical interface. If unit is not referenced, Junos Software assumes unit 0. Use passive option to prohibit adjacency formation.
[edit protocols ospf] user@Host-A# set area 0 interface ge-0/0/3.0 passive [edit protocols ospf] user@Host-A# set area 0 interface lo0.0 [edit protocols ospf] user@Host-A# show area 0.0.0.0 { interface ge-0/0/1.0; interface ge-0/0/2.0; interface ge-0/0/3.0 { passive; } interface lo0.0; }
 2010 Juniper Networks, Inc. All rights reserved.
Junos Software converts area 0 to its proper dotted decimal notation (0.0.0.0).
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 94
Case Study: Configuring OSPF Note that you must include the lo0 interface if you want the associated IP address(es) advertised into OSPF. Prior to software Release 8.5, the IP address associated with the lo0 interface was automatically advertised into OSPF as a router LSA. The slide illustrates the required OSPF configuration for Host-A. Although not shown, Host-B and Host-C require a similar OSPF configuration to establish adjacencies and share routing information.
SSFJUN01B
95
Slide 95
The state of the adjacencies shows Full, which means neighbors can exchange routing information
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 95
Case Study: Verifying OSPF Neighbor State The slide shows the CLI command used to determine OSPF adjacencies. In the sample output on the slide, you can see that Host-A has formed adjacencies with both Host-B and Host-C. The following is a description of the fields displayed in the output: Address: The address of the neighbor. Interface: The interface through which the neighbor is reachable. State: The state of the neighbor, which can be Attempt, Down, Exchange, ExStart, Full, Init, Loading, or 2 Way. ID: The router ID of the neighbor. Pri: The priority of the neighbor to become the designated router, only used on broadcast networks during designated router elections. By default, this value is set to 128, indicating the highest priority and the most likely router to be elected designated router. Dead: The number of seconds until the neighbor becomes unreachable.
SSFJUN01B
96
Slide 96
172.20.2.0/24
172.20.3.0/24 172.25.1.4/30
*[OSPF/10] 00:03:55, > to 172.25.1.2 via *[OSPF/10] 00:00:04, > to 172.25.1.9 via *[OSPF/10] 00:03:46, > to 172.25.1.9 via to 172.25.1.2 via *[OSPF/10] 00:03:55, > to 172.25.1.2 via *[OSPF/10] 00:03:46, > to 172.25.1.9 via *[OSPF/10] 00:16:13, MultiRecv
metric 2 ge-0/0/2.0 metric 2 ge-0/0/1.0 metric 2 ge-0/0/1.0 ge-0/0/2.0 metric 1 ge-0/0/2.0 metric 1 ge-0/0/1.0 metric 1
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 96
Case Study: Viewing OSPF Routes The slide illustrates the show route protocol ospf command, which displays OSPF routes learned by Host-A. Note that Host-A does not actually install its directly connected subnets in its route table as OSPF routesit installs them as direct routes.
SSFJUN01B
97
Slide 97
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 72
Lab 3- Configuring OSPF Configure and monitor static routing Configure and monitor OSPF Lab instructions: https://www.juniper.net/partners/partner_center/common/training/downloads/pdfs/ssfjun1b_lab.pdf Enter Virtual Lab https://virtuallabs.juniper.net/
SSFJUN01B
98
Slide 98
Section Objectives
 In this section, you have learned how to:
Explain basic routing operations and concepts View and describe routing and forwarding tables Configure and monitor static routing Configure and monitor  OSPF
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 98
In this section, you have learned: Basic routing operations and concepts; Routing and forwarding tables; Configuration and monitoring of static routing; and Configuration and monitoring of basic OSPF.
SSFJUN01B
99
Slide 99
Submit Submit
Clear Clear
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 99
SSFJUN01B
100
Slide 100
Submit Submit
Clear Clear
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 100
SSFJUN01B
101
Slide 101
Junos OS Adoption
2009 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Adoption of any new product or technology initially requires some effort; however, Junipers customers have consistently found the initial short-term activities of Junos adoption to be far outweighed by the longterm benefits. This section introduces the interoperability features and migration tools available to Juniper customers to make the move to Junos simple and safe.
SSFJUN01B
102
Slide 102
Section Objectives
 In this section, you will learn how to:
Discuss how Junos OS interoperates with other devices and integrates to other systems Introduce Junipers Advanced Insight Solutions Present ways in which Juniper eases Junos OS adoption for new customers
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 102
In this section, you have learned how to: Discuss how Junos interoperates with other devices and integrates to other systems Introduce Junipers Advanced Insight Solutions Present ways in which Juniper eases Junos adoption for new customers
SSFJUN01B
103
Slide 103
 Pragmatic approach
 Run vendor interoperability tests  Interoperability that works
 Not just compliance to standards
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 103
Do any of your customers have only one vendor in their network? For the most part, probably not. Just as most of your customers likely have multiple vendors for servers, storage, and other IT systems, its good practice to use multiple vendors in the network, as overall, an organization is likely to get better solutions for lower costs. So how Junos interoperates and integrates into existing infrastructure is essential. Juniper engineers have long been involved in building open standards for interoperability in industry organizations. For example, Junos developers have been at the forefront of defining and implementing MPLS applications, next-generation multicast VPN architectures, and high-availability features such as nonstop active routing and in-service software upgrades. Junos protocols engineers authored or co-authored more than 20 IETF drafts in 2008 alone. Junos OS supports hundreds of networking protocols standards such as spanning tree, LLDP, OSPF, BGP, IPv6, and MPLS, to name just a few. Nonetheless, the practicalities of interoperability require that Juniper goes beyond simply implementing the standards. For example, filling in gaps in cases of differences in interpretation or where de-facto standards are used. This practical approach is necessary to support the thousands of customers of Junos. Interoperability between Juniper and other large networking vendors has been proven several times over, in the best possible way, with live network implementations in the largest networks over the past decade.
SSFJUN01B
104
Slide 104
 Legacy
IPX Appletalk Etc.
 Bleeding edge
New protocols that are draft standards
 Synchronize over time
104
 2010 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 104
A few organizations may still be running proprietary or legacy protocols within their network. In these cases, the customer will either have to transition to modern standards or adopt one of the available methods of supporting these protocols over a standards-based infrastructure. For example, there are various approaches to simultaneously running EIGRP and OSPF in legacy routers to support a long term transition to OSPF. By moving to open standards, organizations benefit from the collective innovation of the industry; open standards generally offer a broader set of capabilities than protocols developed exclusively by one vendor.
SSFJUN01B
105
Slide 105
NETCONF XML
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 105
Operations teams use tens, sometimes hundreds, of different tools to manage their networks, for examples tools for inventory, configuration, provisioning, monitoring, and managing faults. Many are home grown while others are purchased from one of the many independent software vendors who develop network management products. Juniper works in close partnership with these vendors to integrate management of Junos into their solutions. Juniper streamlines integration of partner and customer systems by providing a number of open, standard interfaces in Junos. In addition to the CLI, standardized system logging messages, SNMP interfaces, and onboard instrumentation systems, Junos also provides an XML (eXtensible Markup Language) interface. All these open options let network management tools interact with Junos in a reliable and predictable way. For customers who want to use Juniper element management, Juniper provides its Network and Security Manager (NSM), a powerful, centralized management solution that controls the entire device life cycle across the broad portfolio of Junipers enterprise platforms, including firewall/IPSec VPN, Secure Access (SSL), Infranet Controller, the J Series, M Series, and MX Series routing platforms and EX Series switches.
SSFJUN01B
106
Slide 106
security
switching
routing
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 106
Advanced Insight Solutions (AIS) is a new Juniper offering that revolutionizes problem detection and resolution for IP networks. With AIS, Juniper pledges to solve customers network problems fasteror prevent them in the first place. AIS provides a comprehensive set of tools and technologies to automate the delivery of tailored, proactive network intelligence and support services offered by the Juniper Networks Technical Assistance Center (JTAC). By distributing advanced support intelligence from Juniper engineers and systems, automating support steps for customers, and providing proactive insight into software device operations, AIS enables network operations to become simpler, more reliable, and more cost-effective. Many customers also deploy the Service Now application running on Junos Space to ease management when they have a large number of devices subscribed to AIS.
SSFJUN01B
107
Slide 107
Junos OS Certification
 Comprehensive certification tracks
New user to expert
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 107
Our customers have consistently found the short-term efforts of Junos adoption to be far outweighed by the long-term benefitsfrom significant cost savings, to greatly improved operations efficiency, to the increased availability, performance, and security of business applications. Juniper Networks provides a wide array of training programs and a range of technical certifications including its Fast Track program design specifically to expedite training and certification of experienced networking professionals along with operations tools that ease migration.
SSFJUN01B
108
Slide 108
Professional Services
Education Services
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 108
Besides a full portfolio of training courses, Juniper offers to you and your customers a wide range of professional consulting services and technical support, enabling your customers to take advantage of Junipers breadth of internetwork and security hands-on experiences.
SSFJUN01B
109
Slide 109
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 109
Are your customers migrating from Cisco to Juniper? Ease the transition with the I2J tool, a configuration translator that converts Cisco IOS software configurations to Junos OS configurations. Automatic access to the tool at https://i2j.juniper.net/release/index.jsp is provided at no charge to JNASC Support Manager, JNASC Support Provider, Premier Accounts and all support contract customers.
SSFJUN01B
110
Slide 110
Section Objectives
 In this section, you have learned how to:
Discuss how Junos OS interoperates with other devices and integrates to other systems Introduce Junipers Advanced Insight Solutions Present ways in which Juniper eases Junos adoption for new customers
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 110
In this section, you have learned how to: Discuss Junos interoperability with other devices and its integration into other systems Introduce Junipers Advanced Insight Solutions Present ways in which Juniper eases Junos adoption for new customers
SSFJUN01B
111
Slide 111
Learning Activity 5, Question 1: True or False: Junos OS is designed for Junos-only networks
a)
b)
True
False
Submit Submit
Clear Clear
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 111
SSFJUN01B
112
Slide 112
Learning Activity 5, Question 2: What does Advanced Insight Solutions (AIS) provide to help the customer?
a) b) c) d) Robust fail-fast and rollover features in our Junos based platforms A comprehensive set of tools and technologies to automate relations with Juniper JTAC
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 112
SSFJUN01B
113
Slide 113
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 113
You have reached the end of this Juniper eLearning module. You should now return to your Juniper Learning Center to take the Practice Test and the Student Survey. The test will allow you to gauge your knowledge of the material covered in this course. The survey will allow you to give feedback on the quality and usefulness of the course.
SSFJUN01B
114
Slide 114
Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. Junose is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks reserves the right to change, modify, transfer or otherwise revise this publication without notice.
CONFIDENTIAL
SSFJUN01B
www.juniper.net | 114
Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. Junose is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks reserves the right to change, modify, transfer or otherwise revise this publication without notice.
SSFJUN01B
115
Slide 115
CONFIDENTIAL
SSFJUN01B
116