Protocol engine handles routing protocols like RIP, OSPF, BGP, IS-IS, etc.
Routing Table, Forwarding Table, Bridging Table
Controls management interfaces
CLI - Telnet or SSH or direct serial consle connection
J-Web: GUI through HTTP or HTTPS
Runs on separate hardware from the PFE.
Traffic destined for the device is handled by the RE, not the PFE.
The connection between the control plane and the forwarding plane is a rate limited internal link -- to help mitigate DoS attacks, such as flooding the routing table.
It is non-configurable, and varies from device to device.
Uses a copy of the FT from the RE, frequently updated.
Exception traffic is handled by the RE, like special IP headers.
Regular traffic is handled by the PFE.
If the PFE doesn't find a match in the FT, it drops the packet.
Reject: silently drop packet
Discard: send an
ICMP Unreachable packet back.
GRES - Graceful Routing SwitchOver
Two routing engines on a single box
NSR - Nonstop Active Routing
One RE handles traffic while the other RE updates
ISSUs - Unified In Service Upgrades
Candidate configuration -- starts as a copy of Active Configuration
Active configuration (aka rollback0)
COMMIT changes Candidate config to ACTIVE config, and ACTIVE -> rollback1
Next change creates rollback2.
You can save up to 50 rollbacks.
There are many levels in Configuration Mode
L1: [edit system]
L2: [edit system protocols]
L3: [edit system protocols ospf]
UP - goes up one level
TOP
EXIT
-- from top level will get you out of Configuration
mode back to Opertional mode.
RUN - allows you to run any operational mode command from configuration mode
Password recovery requires physical connection to device, not by SSH or Telnet.
Rescue configuration--intended for use in a disaster situation
There is a practice test on that page.
You need to re-certify every two years to maintain the certification.
Internal
Network
Services
Loopback
ge-0.2.3
Port 3 of a Gigabit Ethernet PIC in slot 2 on
FPC 0
> prompt: Operational mode
# prompt: Comfiguration mode
The recommended way to get in is to log in as
user
configure
to enter Configuration mode
exit
from top to get out of configure
edit
Changes from Operational mode to Configuration mode
?
context-sensitive help
help topic interfaces
Help about interfaces
help apropos archive
Summary information in the current context
SPACEBAR or Tab
Completes commands, only Tab completes user-defined
variables.
set cli complete-on-space off
Prevents space completion
Pipe
Filters and manipulates command output
compare filename | rollback1
shows differences between the two configuration
files.
display set
Displays commands in set mode rather than XML
clear configure help monitor set show Common commands
configure or edit
Enter Configuration mode, to work on a copy of the
active configuration
(aka running configuration, rollback0),
which is the Candidate comfiguration
rollback 0
Rollback to the rollback0 configuration,
and clear the Candidate file.
The rollback0 comfiguration is stored in nonvolatile memory, and is the bootup configuration.
There are 50 rollbacks, except for branch office devices that have fewer, such as 5.
commit
Push Candidate -> rollback 0; rollback 0 -->
rollback 1
configure exclusive
By default, multiple users can enter configuration
commands and commit changes.
configure exclusive
enters configuration
mode and don't let anyone else
configure at the same time
configure private
Enter configuration mode and allow others to
configure at the same time. Each user's changes
are merged into the active configuration.
This is the normal, preferred mode.
;
terminates statements in the configuration hierarchy
[edit system]
tells you where you are in the hierarchy
up or up 2 or top
Moves up in the hierarchy
exit
Same as up, except that exit
from the top takes you out of the hierarchy,
to operational mode.
quit
Takes you out of the hierarchy,
to operational mode, no matter where
you are.
edit system services
Here you configure ssh, ftp, telnet, etc.
delete
Removes statements: removes everything
from the specified hierarchy down
wildcard delete
Removes a set of statements, and everything inside
those objects.
deactivate
Same as up, except that exit
from the top takes you out of the hierarchy,
to operational mode.
deactivate interfaces ge-0/0/0
commit
show interfaces ge-0/0/0
Shows interface marked "inactive".
activate
Activates a deactivated interface.
show system services
Shows info about ssh, telnet etc. in
Juniper XML format
show system services | display set
Shows info about ssh, telnet etc. in
set command format
commit check
Checks the syntax of the commit
commit confirmed
Commits and rolls back unless confirmed
in ten minutes
show compare
Compare candidate to active configuration.
show compare | compare rollback 1
Compare candidate to rollback 1
rollback ?
Shows rollbacks and when they were made.
load override terminal
Lets you copy and paste in a config
file, which goes into the Candidate
configuration.
run
Runs an operational mode command from
configuration mode.
request system halt
Shuts down the system gracefully
request system halt both-routing-engines
For boxes with two routing engines
request system halt all members Virtual chassis in configuration
set system root-authentication plain-text-password
Sets root password
Initial configuration is set under "edit system"edit system
set hostname myrouternameshow root-authentication
Old type 1 password hash, easily crackedset time-zone America/Los_Angeles
run set date 201302210900.00
YYYYMMDDHHMM.SS -- note this is an operational mode commandset services telnet
set services ssh
set cli idle-timeout 60
In minutesset login message "We are happy"
set interfaces ______ unit 0 family inet address 10.0.1.131/27
set routing-options static route 10.0.1.0/24 nexthop 10.0.1.129
show config
request system configuration rescue (saves)
Saves a rescue configuration
request system configuration rescue delete
Deletes tje rescue cponfguratino
rollback rescue
Sets configuration to the rescue configuration.
Then must issue commit
show interfaces ge-0/0/2 [terse | detailed | extensive]
Show interface information
set cli directory
show system authentication-order
show radius-server
show tacplus-server
show login user lab
Encrypted
help syslog ui_database_logout_event
(message name)
show log filename
e.x. show log messages | match "support info"
monitor start filename
monitor stop
clear log filename
file delete filename
set date ntpIP address
run show ntp associations
request system software add /var/tmp/image-name reboot
Upgrade JunOS version (or downgrade)
JunOS Sphere is virtual machine JunOS
Policer allows rate-limiting
Firewall filters can referece Policers
Net Screen OS Options allow dynamic policy changes, included in SRX. Juniper bought Net Screen and incorporated their features into SRX.
The first packet of a session is evaluated (path 1) -- if it is not dropped, further packets in that session can go down the Fast Path.
Class of service goes from 0 (low) to 7 (high). Uses Quality of Service Que