Intro to JunOS Operating System

Notes from my JunOS class taught 2-20-13 by Steven Elliott.

Routing Engine (Control Plane)

Protocol Updates
System Management

Protocol engine handles routing protocols like RIP, OSPF, BGP, IS-IS, etc.

Routing Table, Forwarding Table, Bridging Table

Controls management interfaces

CLI - Telnet or SSH or direct serial consle connection
J-Web: GUI through HTTP or HTTPS

Runs on separate hardware from the PFE.

Traffic destined for the device is handled by the RE, not the PFE.

Internal Link

Non-configurable
Rate-limited
Varies from device to device

The connection between the control plane and the forwarding plane is a rate limited internal link -- to help mitigate DoS attacks, such as flooding the routing table.

It is non-configurable, and varies from device to device.

Packet Forwarding Engine (Forwarding Plane)

Uses layer 2 and 3 forwarding tables, provided by the RE, to forward transient traffic toward its destination.

Uses a copy of the FT from the RE, frequently updated.

Exception traffic is handled by the RE, like special IP headers.

Regular traffic is handled by the PFE.

If the PFE doesn't find a match in the FT, it drops the packet.

Reject: silently drop packet
Discard: send an ICMP Unreachable packet back.

Features

Available on high-end boxes

GRES - Graceful Routing SwitchOver
Two routing engines on a single box

NSR - Nonstop Active Routing
One RE handles traffic while the other RE updates

ISSUs - Unified In Service Upgrades

Navigation

Two modes: Operational and Configuration

Operational mode

can ping, traceroute, and view configuration

Configuration mode

Candidate configuration -- starts as a copy of Active Configuration

Active configuration (aka rollback0)

COMMIT changes Candidate config to ACTIVE config, and ACTIVE -> rollback1

Next change creates rollback2.

You can save up to 50 rollbacks. There are many levels in Configuration Mode
L1: [edit system]
L2: [edit system protocols]
L3: [edit system protocols ospf]

UP - goes up one level
TOP
EXIT
-- from top level will get you out of Configuration mode back to Opertional mode.

RUN - allows you to run any operational mode command from configuration mode

Password recovery requires physical connection to device, not by SSH or Telnet.

Rescue configuration--intended for use in a disaster situation

Practice Exam

We are preparing for this cert: JUNIPER NETWORKS CERTIFIED ASSOCIATE--JUNOS

There is a practice test on that page.

You need to re-certify every two years to maintain the certification.

Test Tips -- Things to Know

Interfaces

Management

Internal

Network

Services

Loopback

ge-0.2.3
Port 3 of a Gigabit Ethernet PIC in slot 2 on FPC 0

Commands

If you log in as root, you get a % prompt, which is BSD, not JuOS, and you need to enter the cli command to get into JunOS, so you get the > prompt.

> prompt: Operational mode

# prompt: Comfiguration mode

The recommended way to get in is to log in as user
configure
to enter Configuration mode

exit
from top to get out of configure

edit
Changes from Operational mode to Configuration mode

?
context-sensitive help

help topic interfaces
Help about interfaces

help apropos archive
Summary information in the current context

SPACEBAR or Tab
Completes commands, only Tab completes user-defined variables.

set cli complete-on-space off
Prevents space completion

Pipe Filters and manipulates command output
compare filename | rollback1
shows differences between the two configuration files.

display set
Displays commands in set mode rather than XML

clear configure help monitor set show Common commands

configure or edit
Enter Configuration mode, to work on a copy of the active configuration (aka running configuration, rollback0), which is the Candidate comfiguration

rollback 0
Rollback to the rollback0 configuration, and clear the Candidate file.

The rollback0 comfiguration is stored in nonvolatile memory, and is the bootup configuration.

There are 50 rollbacks, except for branch office devices that have fewer, such as 5.

commit
Push Candidate -> rollback 0; rollback 0 --> rollback 1

configure exclusive
By default, multiple users can enter configuration commands and commit changes.

configure exclusive
enters configuration mode and don't let anyone else configure at the same time

configure private
Enter configuration mode and allow others to configure at the same time. Each user's changes are merged into the active configuration.

This is the normal, preferred mode.

;
terminates statements in the configuration hierarchy

[edit system]
tells you where you are in the hierarchy

up or up 2 or top
Moves up in the hierarchy

exit
Same as up, except that exit from the top takes you out of the hierarchy, to operational mode.

quit
Takes you out of the hierarchy, to operational mode, no matter where you are.

edit system services
Here you configure ssh, ftp, telnet, etc.

delete
Removes statements: removes everything from the specified hierarchy down

wildcard delete
Removes a set of statements, and everything inside those objects.

deactivate
Same as up, except that exit from the top takes you out of the hierarchy, to operational mode.

deactivate interfaces ge-0/0/0
commit
show interfaces ge-0/0/0
Shows interface marked "inactive".

activate
Activates a deactivated interface.

show system services
Shows info about ssh, telnet etc. in Juniper XML format

show system services | display set
Shows info about ssh, telnet etc. in set command format

commit check
Checks the syntax of the commit

commit confirmed
Commits and rolls back unless confirmed in ten minutes

show compare
Compare candidate to active configuration.

show compare | compare rollback 1
Compare candidate to rollback 1

rollback ?
Shows rollbacks and when they were made.

load override terminal
Lets you copy and paste in a config file, which goes into the Candidate configuration.

run
Runs an operational mode command from configuration mode.

request system halt
Shuts down the system gracefully

request system halt both-routing-engines
For boxes with two routing engines

request system halt all members Virtual chassis in configuration

set system root-authentication plain-text-password
Sets root password

Initial configuration is set under "edit system"

edit system
set hostname myroutername

show root-authentication
Old type 1 password hash, easily cracked

set time-zone America/Los_Angeles

run set date 201302210900.00
YYYYMMDDHHMM.SS -- note this is an operational mode command

set services telnet

set services ssh

set cli idle-timeout 60
In minutes

set login message "We are happy"

set interfaces ______ unit 0 family inet address 10.0.1.131/27

set routing-options static route 10.0.1.0/24 nexthop 10.0.1.129

show config

request system configuration rescue (saves)
Saves a rescue configuration

request system configuration rescue delete
Deletes tje rescue cponfguratino

rollback rescue
Sets configuration to the rescue configuration. Then must issue commit

show interfaces ge-0/0/2 [terse | detailed | extensive]
Show interface information

set cli directory

show system authentication-order

show radius-server

show tacplus-server

show login user lab
Encrypted

help syslog ui_database_logout_event
(message name)

show log filename
e.x. show log messages | match "support info"

monitor start filename

monitor stop

clear log filename

file delete filename

set date ntpIP address

run show ntp associations

request system software add /var/tmp/image-name reboot
Upgrade JunOS version (or downgrade)

JunOS Sphere is virtual machine JunOS

Extras (not on Exam)

Interfaces can be in Zones, which have Policies including Access Control Lists.

Policer allows rate-limiting

Firewall filters can referece Policers

Net Screen OS Options allow dynamic policy changes, included in SRX. Juniper bought Net Screen and incorporated their features into SRX.

The first packet of a session is evaluated (path 1) -- if it is not dropped, further packets in that session can go down the Fast Path.

Class of service goes from 0 (low) to 7 (high). Uses Quality of Service Que

Posted by Sam Bowne 2-20-13