16. root@HQ> show pfe statistics bridge
Slot 0
PFE: 0 1 ( ex4200-24 has two pfe’s… copper and
uplink )
---------------------------------------------------------------------
---- General Counters ----
Drop Mode: 0 0
Drop Count: 0 2
Src Not Learnt: 0 0
16
Copyright 2012 (c)
www.zenithnetworks.com
17. Efficiency….
Multiple PFE’s
Move data at high rates
Routers, Switches, Firewalls
Stability….
System instabilities do not necessarily impact the other plane
DOS on the PFE….
Control Plane is protected via filtering and / or rate limiting!!
Protocol reset ( OPSF )
Reset RPD on the control plane… rely on existing PFE based copy
Traffic continues to flow
17
Copyright 2012 (c)
www.zenithnetworks.com
18. Operating System for…
Routers
Switches
Firewalls
One OS… Single Release Train…Modular…
Kernel: Based on Free BSD UNIX OS
No special or customer-specific builds
http://www.juniper.net/assets/us/en/local/pdf/whitepapers/2000264-en.pdf
18
Copyright 2012 (c)
www.zenithnetworks.com
19. Modular Design: Stability….. Flexibility
Built based on single-source code
Strict development process…
Released quarterly…
No special customer builds…
Features roll-up…. Not out…
Fairly easy to select your code…
BGP for ISP is same BGP for Enterprise
19
Copyright 2012 (c)
www.zenithnetworks.com
20. Modular
Daemons/Processes run in own protected memory
Designed to eliminate run-away process from crashing system
Load / Reset individual daemons/processes
If need be… improved fault isolation
20
Copyright 2012 (c)
www.zenithnetworks.com
Kernel
Protocol
Security
Chassis
Management
22. Out-of-Band:
Dedicated Management Ethernet Interface ( me0 )
root@HQ# set interfaces me0 unit 0 family inet address 192.168.1.1/24
[edit]
root@HQ# show interfaces me0
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
Console Port
Web Interface
HTTP or HTTPS
Copyright 2012 (c)
www.zenithnetworks.com 22
24. Operational Mode ( OP Mode )
Show commands ( route tables, interface stats…)
Request…. Clear… (upgrade, reboot, interface stats)
Troubleshooting ( ping, traceroute…)
Very powerful…. Brief to Extensive Output
Easy to use!
Configuration Mode
Configuration changes
Candidate Configuration ( Sandbox )
Can also run OP commands
24
Copyright 2012 (c)
www.zenithnetworks.com
25. root@HQ> ?
Possible completions:
clear Clear information in the system
configure Manipulate software configuration information
file Perform file operations
help Provide help information
load Load information from file
monitor Show real-time debugging information
mtrace Trace multicast path from source to receiver
op Invoke an operation script
ping Ping remote target
quit Exit the management session
request Make system-level requests
restart Restart software process
save Save information to file
set Set CLI properties, date/time, craft interface message
show Show system information
ssh Start secure shell on another host
{master:0}
root>
Copyright 2012 (c)
www.zenithnetworks.com 25
26. root@HQ> show ?
Possible completions:
accounting Show accounting profiles and records
analyzer Show analyzer information
arp Show system Address Resolution Protocol table entries
as-path Show table of known autonomous system paths
authentication-whitelist Show 802.1X White List MAC addresses
bfd Show Bidirectional Forwarding Detection information
bgp Show Border Gateway Protocol information
captive-portal Show captive portal information
chassis Show chassis information
class-of-service Show class-of-service (CoS) information
cli Show command-line interface settings
configuration Show current configuration
connections Show circuit cross-connect connections
dhcp Show Dynamic Host Configuration Protocol information
diagnostics Show diagnostics information
diameter Show diameter information
dot1x Show 802.1X information
esis Show end system-to-intermediate system information
ethernet-switching Show Ethernet-switching information
event-options Show event-options information
firewall Show firewall information
26
Copyright 2012 (c)
www.zenithnetworks.com
27. root@HQ> show ethernet-switching ?
Possible completions:
interfaces Display Ethernet-switching interface information
layer2-protocol-tunneling Show Layer2 protocol tunneling information
mac-learning-log Show MAC address learning log
mac-notification Display MAC notification information
next-hops Show next hop information
statistics Show media access control statistics
table Show media access control table
27
Copyright 2012 (c)
www.zenithnetworks.com
28. root@HQ> ping ?
Possible completions:
<host> Hostname or IP address of remote host
bypass-routing Bypass routing table, use specified interface
count Number of ping requests to send (1..2000000000 packets)
detail Display incoming interface of received packet
do-not-fragment Don't fragment echo request packets (IPv4)
ethernet Ping to an ethernet host by unicast mac address
inet Force ping to IPv4 destination
inet6 Force ping to IPv6 destination
interface Source interface (multicast, all-ones, unrouted packets)
interval Delay between ping requests (seconds)
+ loose-source Intermediate loose source route entry (IPv4)
mpls Ping label-switched path
no-resolve Don't attempt to print addresses symbolically
pattern Hexadecimal fill pattern
rapid Send requests rapidly (default count of 5)
record-route Record and report packet's path (IPv4)
routing-instance Routing instance for ping attempt
size Size of request packets (0..65468 bytes)
source Source address of echo request
Copyright 2012 (c)
www.zenithnetworks.com 28
29. Ping forever!!
root@HQ> ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=1.044 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=2.611 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=3.880 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=3.549 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=1.029 ms
64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=1.035 ms
^C
--- 192.168.1.1 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.029/2.191/3.880/1.216 ms
Copyright 2012 (c)
www.zenithnetworks.com 29
30. Ping – Round Trip and Count
root@HQ> ping 192.168.1.2 count 3
PING 192.168.1.2 (192.168.1.2): 56 data bytes
64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.150 ms
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.109 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.207 ms
--- 192.168.1.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.109/0.155/0.207/0.040 ms
Copyright 2012 (c)
www.zenithnetworks.com 30
32. Ping – destination… specify source…. count
root@HQ> ping 172.16.20.1 source 172.16.25.1 count 4
PING 172.16.20.1 (172.16.20.1): 56 data bytes
64 bytes from 172.16.20.1: icmp_seq=0 ttl=64 time=1.920 ms
64 bytes from 172.16.20.1: icmp_seq=1 ttl=64 time=4.375 ms
64 bytes from 172.16.20.1: icmp_seq=2 ttl=64 time=6.236 ms
64 bytes from 172.16.20.1: icmp_seq=3 ttl=64 time=1.068 ms
--- 172.16.20.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.068/3.400/6.236/2.039 ms
Copyright 2012 (c)
www.zenithnetworks.com 32
33. root@HQ> show route
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.20.0/24 *[OSPF/10] 00:08:05, metric 2
> to 192.168.1.1 via ge-0/0/0.0
172.16.25.0/24 *[Direct/0] 00:09:13
> via ge-0/0/23.0
172.16.25.1/32 *[Local/0] 00:24:12
Local via ge-0/0/23.0
172.16.26.0/24 *[Direct/0] 00:09:17
> via ge-0/0/22.0
172.16.26.1/32 *[Local/0] 00:24:12
Local via ge-0/0/22.0
172.16.30.0/24 *[OSPF/10] 00:08:21, metric 2
> to 192.168.1.1 via ge-0/0/0.0
Local via ge-0/0/0.0
Copyright 2012 (c)
www.zenithnetworks.com 33
34. root@HQ> show route protocol ospf
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.20.0/24 *[OSPF/10] 00:08:55, metric 2
> to 192.168.1.1 via ge-0/0/0.0
172.16.30.0/24 *[OSPF/10] 00:09:11, metric 2
> to 192.168.1.1 via ge-0/0/0.0
224.0.0.5/32 *[OSPF/10] 00:25:03, metric 1
MultiRecv
Copyright 2012 (c)
www.zenithnetworks.com 34
35. root@HQ> show interfaces ge-0/0/0 ?
Possible completions:
<[Enter]> Execute this command
brief Display brief output
descriptions Display interface description strings
detail Display detailed output
extensive Display extensive output
media Display media information
routing-instance Name of routing instance
snmp-index SNMP index of interface
statistics Display statistics and detailed output
terse Display terse output
| Pipe through a command
Copyright 2012 (c)
www.zenithnetworks.com 35
36. root@HQ> show interfaces ge-0/0/0 terse
Interface Admin Link Proto Local Remote
ge-0/0/0 up up
ge-0/0/0.0 up up inet 172.16.20.1/24
root@HQ> show interfaces ge-0/0/0 brief
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Link-level type: Ethernet, MTU: 1514, Speed: Auto, Duplex: Auto,
Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled,
Auto-negotiation: Enabled, Remote fault: Online
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Link flags : None
Logical interface ge-0/0/0.0
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
inet 172.16.20.1/24
Copyright 2012 (c)
www.zenithnetworks.com 36
37. root@HQ> show interfaces ge-0/0/0 detail
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Interface index: 130, SNMP ifIndex: 504, Generation: 133
Link-level type: Ethernet, MTU: 1514, Speed: Auto, Duplex: Auto,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled,
Remote fault: Online
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Hold-times : Up 0 ms, Down 0 ms
Current address: 28:c0:da:2a:2f:c0, Hardware address: 28:c0:da:2a:2f:c0
Last flapped : 2010-08-14 01:29:09 UTC (00:08:44 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 11290 0 bps
Output bytes : 11122 680 bps
Input packets: 102 0 pps
Output packets: 101 0 pps
IPv6 transit statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Egress queues: 8 supported, 4 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 0 3 0
1 assured-forw 0 0 0
5 expedited-fo 0 0 0
7 network-cont 0 98 0
Active alarms : None
Active defects : None
37
Copyright 2012 (c)
www.zenithnetworks.com
39. root@HQ> request system software ?
Possible completions:
add Add extension or upgrade package
delete Remove extension or upgrade package
nonstop-upgrade Nonstop software upgrade
rollback Attempt to roll back to previous set of packages
validate Verify package compatibility with current configuration
-------------------------------------------------------------------------------------------------------------
root@HQ> request system software add ?
Possible completions:
<package-name> URL or pathname of package
best-effort-load Load succeeds if at least one statement is valid
delay-restart Don't restart processes
force Force addition of package (ignore warnings)
member Install package on VC Member (0..9)
no-copy Don't save copies of package files
no-validate Don't check compatibility with current configuration
reboot Reboot system after adding package
Copyright 2012 (c)
www.zenithnetworks.com 39
40. root@HQ> help ?
Possible completions:
<[Enter]> Execute this command
apropos Find help information about a topic
reference Reference material
syslog System log error messages
tip Tip for the day
topic Help for high level topics
| Pipe through a command
Copyright 2012 (c)
www.zenithnetworks.com 40
41. root@HQ> help topic ?
Possible completions:
access
accounting-options
amt
ancp
applications
bfd
bgp
bridge-domains
chassis
class-of-service
connections
……..
……..
Copyright 2012 (c)
www.zenithnetworks.com 41
42. root@HQ> help topic ospf area-backbone
Configuring the Backbone Area
You must create a backbone area if your network consists of multiple
areas. An ABR must have at least one interface in the backbone area, or it
must have a virtual link to a router in the backbone area. The backbone
comprises all area border routers and all routers that are not included in
any other area. You configure all these routers by including the area
0.0.0.0 statement:
(ospf | ospf3) {
area 0.0.0.0;
}
Copyright 2012 (c)
www.zenithnetworks.com 42
45. Structured Configuration
Creates an intuitive learning environment
Navigate and Set Configuration Parameters
OR….
Configure parameters from the very top-level
45
Copyright 2012 (c)
www.zenithnetworks.com
54. [edit]
root@HQ# show | display set
set system root-authentication encrypted-password
"$1$4vi5gL/q$8E6fwTWL/g2YPj3VrLOnj1"
set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.2/24
set interfaces ge-0/0/22 unit 0 family inet address 172.16.26.1/24
set interfaces ge-0/0/23 unit 0 family inet address 172.16.25.1/24
set interfaces ge-0/1/0 unit 0 family ethernet-switching
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface ge-0/0/23.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/23.0 metric 30
set protocols ospf area 0.0.0.0 interface ge-0/0/22.0 metric 100
set protocols igmp-snooping vlan all
set protocols rstp
[edit]
root@HQ#
Copyright 2012 (c)
www.zenithnetworks.com 54
55. The candidate configuration is your BIG TIME friend!!
Will make your professional life a little less stressful
“Sandbox”….. No fear!....
Other manufacturers… you work in RAM… beware!
Candidate is a copy of the active configuration
We make changes to the candidate
When ready….. Commit the candidate to become active configuration
Let’s take a look….
55
Copyright 2012 (c)
www.zenithnetworks.com
57. When we enter config mode, the active config is copied to candidate
root@HQ> configure
Entering configuration mode
[edit]
root@HQ#
Candidate
Config
RAM
Active Configuration
0
57
Copyright 2012 (c)
www.zenithnetworks.com
Protocols ospf area 0.0.0.0
interface ge-0/0/0
Protocols ospf area 0.0.0.0
Interface ge-0/0/0
58. Changes are made to the “sandbox” candidate configuration
Candidate
Config
RAM
Active Configuration
0
58
Copyright 2012 (c)
www.zenithnetworks.com
Protocols ospf area 0.0.0.0
interface ge-0/0/0
Protocols ospf area 0.0.0.0
Interface ge-0/0/0
VLAN Accounting VLAN-ID 10
59. We “commit” a configuration to write to RAM and local file system.
Candidate
Config
RAM
Active Configuration
0
59
Copyright 2012 (c)
www.zenithnetworks.com
Protocols ospf area 0.0.0.0
interface ge-0/0/0
Protocols ospf area 0.0.0.0
Interface ge-0/0/0
VLAN Accounting VLAN-ID 10 VLAN Accounting VLAN-ID 10
61. Set IP Address to Physical Interface
Navigate….
root@HQ# edit interfaces ge-0/0/0 unit 0
[edit interfaces ge-0/0/0 unit 0]
root@HQ# set family inet address 192.168.1.1/24
OR!!!
Set from top level of configuration hierarchy
[edit]
root@HQ# set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24
61
Copyright 2012 (c)
www.zenithnetworks.com
62. Place interface into OSPF area
Navigate….
root@HQ# edit protocols ospf
[edit protocols ospf]
root@HQ# set area 5 interface ge-0/0/0.0
OR!!
Set from top level of configuration hierarchy
[edit]
root@HQ# set protocols ospf area 5 interface ge-0/0/0.0
62
Copyright 2012 (c)
www.zenithnetworks.com
67. [edit]
root@HQ# set interfaces interface-range NEW-USERS member-range ge-0/0/10 to ge-0/0/15
[edit]
root@HQ# set interfaces interface-range NEW-USERS ether-options speed 1g
[edit]
root@HQ# set interfaces interface-range NEW-USERS ether-options link-mode full-duplex
67
Copyright 2012 (c)
www.zenithnetworks.com
68. ge-0/0/1 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching;
68
Copyright 2012 (c)
www.zenithnetworks.com
69. Unit 0
All interfaces…. except for Tagged interface and L3 VLAN.
Assign logical parameters under unit 0
Not a sub-interface… but a placeholder for logical parameters
If tagged interface… multiple units per interface
69
Copyright 2012 (c)
www.zenithnetworks.com
70. Multiple families of protocols
inet – IPv4
inet6 – IPv6
Ethernet-Switching
---------------------------------------------------------------------------------------------
[edit interfaces ge-0/0/12 unit 0]
root@HQ# set family inet address 192.168.50.1/24
[edit interfaces ge-0/0/12 unit 0]
root@HQ# set family inet6 address 2001::1/64
Resulting configuration……..
70
Copyright 2012 (c)
www.zenithnetworks.com
71. [edit interfaces ge-0/0/12 unit 0]
root@HQ# show
family inet {
address 192.168.50.1/24;
}
family inet6 {
address 2001::1/64;
}
71
Copyright 2012 (c)
www.zenithnetworks.com
72. [edit interfaces ge-0/0/3 unit 0]
root@HQ# set family inet address 192.168.12.1/24
[edit interfaces ge-0/0/3 unit 0]
root@HQ# set family inet address 192.168.13.1/24
[edit interfaces ge-0/0/3 unit 0]
root@HQ# set family inet address 192.168.14.1/24
-------------------------------------------------------------------------------------------
[edit interfaces ge-0/0/3 unit 0]
root@HQ# show
family inet {
address 192.168.12.1/24;
address 192.168.13.1/24;
address 192.168.14.1/24;
}
72
Copyright 2012 (c)
www.zenithnetworks.com
73. [edit interfaces ge-0/0/5]
root@HQ# show
vlan-tagging;
unit 100 {
vlan-id 100;
family inet {
address 192.168.30.1/24;
}
}
unit 200 {
vlan-id 200;
family inet {
address 192.168.40.1/24;
}
}
73
Copyright 2012 (c)
www.zenithnetworks.com
76. From the interface level….
[edit]
root@HQ# set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan accounting
[edit]
root@HQ# set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan accounting
[edit]
root@HQ# set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan engineering
76
Copyright 2012 (c)
www.zenithnetworks.com
77. root@HQ# show interfaces
ge-0/0/9 {
unit 0 {
family ethernet-switching {
vlan {
members accounting;
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
vlan {
members accounting;
}
ge-0/0/11 {
unit 0 {
family ethernet-switching {
vlan {
members engineering;
}
77
Copyright 2012 (c)
www.zenithnetworks.com
78. [edit interfaces ge-0/0/20 unit 0 family ethernet-switching]
root@HQ# set port-mode trunk
[edit interfaces ge-0/0/20 unit 0 family ethernet-switching]
root@HQ# set vlan members [ accounting engineering ]
[edit interfaces ge-0/0/20]
root@HQ# show
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ accounting engineering ];
78
Copyright 2012 (c)
www.zenithnetworks.com
79. root@HQ# set system services ?
Possible completions:
<[Enter]> Execute this command
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> database-replication Database replication configuration
> dhcp Configure DHCP server
> dhcp-local-server Dynamic Host Configuration Protocol server configuration
> finger Allow finger requests from remote systems
> ftp Allow FTP file transfers
> netconf Allow NETCONF connections
> outbound-ssh Initiate outbound SSH connection
> service-deployment Configuration for Service Deployment (SDXD) management application
> ssh Allow ssh access
> subscriber-management Subscriber management configuration
> telnet Allow telnet login
> tftp-server Allow TFTP file transfers in default routing instance
> web-management Web management configuration
> xnm-clear-text Allow clear text-based JUNOScript connections
> xnm-ssl Allow SSL-based JUNOScript connections
| Pipe through a command
Copyright 2012 (c)
www.zenithnetworks.com 79
80. root@HQ# set system services web-management ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> control Control of the web management process
> http Unencrypted HTTP connection settings
> https Encrypted HTTPS connections
management-url URL path for web management access
> session Session parameters
Copyright 2012 (c)
www.zenithnetworks.com 80
81. [edit]
root@HQ# set system ntp server 1.1.1.1 ?
Possible completions:
<[Enter]> Execute this command
key Authentication key
prefer Prefer this peer_serv
version NTP version to use (1..4)
| Pipe through a command
============================================================================
[edit]
root@HQ# set system time-zone ?
Possible completions:
<time-zone> Time zone name or POSIX-compliant time zone string
America/Montreal
America/Montserrat
America/Nassau
America/New_York
81
Copyright 2012 (c)
www.zenithnetworks.com
82. End of JUNOS Spin!
Copyright 2012 (c)
www.zenithnetworks.com 82
86. When making configuration changes… we live in candidate
At some point we would commit to activate
If succeed… activate… if trouble… report… do not activate
[edit]
root@HQ# set system host-name Jump-Start
[edit]
root@HQ# commit
configuration check succeeds
commit complete
[edit]
root@Jump-Start#
Copyright 2012 (c)
www.zenithnetworks.com 86
87. Only Checks the validity of the syntax
If good… confirmation message
If NOT good… error message
Will never activate… until commit
root@Jump-Start# set system host-name Friday
[edit]
root@Jump-Start# commit check
configuration check succeeds
[edit]
root@Jump-Start#
Copyright 2012 (c)
www.zenithnetworks.com 87
88. Build your configuration in advance of cut-over!!
Commit Check!!! (syntax verification)
All good...
Then… deactivate config statements and commit.
or
Save to local file system…. Rollback 0 to reset candidate
Copyright 2012 (c)
www.zenithnetworks.com 88
89. root@HQ# set protocols ospf area 30 interface ge-0/0/0
[edit]
root@HQ# show protocols ospf
area 0.0.0.30 {
interface ge-0/0/0.0;
}
[edit]
root@HQ# deactivate protocols ospf area 30 interface ge-0/0/0
[edit]
root@HQ# show protocols ospf
area 0.0.0.30 {
inactive: interface ge-0/0/0.0;
}
Copyright 2012 (c)
www.zenithnetworks.com 89
90. Save candidate configuration to local file system…
[edit]
root@HQ# save new-ospf-config-file
[edit]
root@HQ# rollback 0 (reset candidate to that of what is in RAM)
load complete
When ready… Load previously saved configuration file into the candidate
root@HQ# load override new-ospf-config-file
Still need to commit !!!
Copyright 2012 (c)
www.zenithnetworks.com 90
91. Build a configuration in preparation for a new circuit
Commit check…
Commit AT…
You are setting the time for the new configuration to be activated!
root@HQ# commit at 11:00:00
configuration check succeeds
commit at will be executed at 2013-08-14 11:00:00 UTC
The configuration has been changed but not committed
root@HQ> show system commit
commit requested by root via cli at 2013-03-04 16:30:00 UTC
root@HQ> clear system commit
Pending commit cleared
Copyright 2012 (c)
www.zenithnetworks.com 91
92. Home run time!!
Automatic Rollback!
Network device is located remote from your location
Could the new configuration result in a network disconnect ?
What now ?
Issue commit confirmed…
All good ?.... Then issue a 2nd commit within the “confirmed” time
Network disconnect ?.... Wait the “confirmed” time and auto rollback
Let’s take a peek!!.....
Copyright 2012 (c)
www.zenithnetworks.com 92
93. root@HQ# set system host-name New-Name
root@HQ# commit confirmed 1
configuration check succeeds
commit confirmed will be automatically rolled back in 1 minutes unless
confirmed
commit complete
root@New-Name#
Broadcast Message from root@Jump-Start
(no tty) at 9:25 UTC...
Commit was not confirmed; automatic rollback complete.
root@HQ#
Copyright 2012 (c)
www.zenithnetworks.com 93
95. 1. Active Configuration is config # 0
2. Enter configure mode….
3. Active configuration is copied to candidate configuration
4. Up to 50 configuration versions are saved…. 0 thru 49
Copyright 2012 (c)
www.zenithnetworks.com 95
96. root@HQ# rollback ?
Possible completions:
<[Enter]> Execute this command
0 2010-08-14 09:33:15 UTC by root via cli
1 2010-08-14 09:25:15 UTC by root via other
2 2010-08-14 09:24:12 UTC by root via cli commit confirmed
3 2010-08-14 09:20:45 UTC by root via other
4 2010-08-14 09:18:41 UTC by root via cli commit confirmed
5 2010-08-14 06:25:52 UTC by root via cli
6 2010-08-14 03:28:33 UTC by root via cli
7 2010-08-13 23:10:32 UTC by root via cli
8 2010-08-13 23:06:09 UTC by root via button
9 2010-08-13 23:02:46 UTC by root via button
10 2010-08-13 23:01:56 UTC by root via other
Copyright 2012 (c)
www.zenithnetworks.com 96
97. 1. root@HQ# set system host-name New-Name
2. root@HQ# show system host-name
host-name New-Name;
3. root@HQ# rollback 0
load complete Active
Configuration
4. root@HQ# show system host-name
host-name HQ;
Copyright 2012 (c)
www.zenithnetworks.com 97
Candidate
Config
98. root@HQ# show | compare rollback 9
[edit system]
- }
- interfaces { ( NOT IN CANDIDATE… ACTIVE IN ROLL 9 )
- vlan {
- bootp;
+ [edit interfaces ge-0/0/0 unit 0]
+ family inet { ( ACTIVE IN CANDIDATE.. NOT ROLL 9)
+ address 192.168.1.2/24;
From the perspective of candidate, relative to rollback 9…
Minus ( not in candidate, but present in rollback 9 )
Plus ( Present in the candidate, but not in rollback 9 )
Copyright 2012 (c)
www.zenithnetworks.com 98
99. ge-0/0/23 {
unit 0 {
family inet {
address 172.16.25.1/24;
}
root@HQ# rename ge-0/0/23 to ge-0/0/20
ge-0/0/20 {
unit 0 {
family inet {
address 172.16.25.1/24;
}
Copyright 2012 (c)
www.zenithnetworks.com 99
100. [edit protocols ospf]
root@HQ# show
area 0.0.0.0 {
interface ge-0/0/0.0;
interface ge-0/0/23.0
[edit protocols ospf]
root@HQ# top
root@HQ# replace pattern ge-0/0/23 with ge-0/0/20
[edit protocols ospf]
root@HQ# show
area 0.0.0.0 {
interface ge-0/0/0.0;
interface ge-0/0/20.0
Copyright 2012 (c)
www.zenithnetworks.com
10
0
103. Awesome tool !!
Great for troubleshooting or building a config for a later date
Do not delete, rather turn-off
When ready…. Activate
Let’s take a peek…..
Copyright 2012 (c)
www.zenithnetworks.com
10
3
104. root@HQ# show protocols ospf
area 0.0.0.0 {
interface ge-0/0/0.0;
interface ge-0/0/23.0
[edit protocols ospf area 0.0.0.0]
root@HQ# deactivate interface ge-0/0/23
[edit protocols ospf area 0.0.0.0] Turn Off
root@HQ# show
interface ge-0/0/0.0;
inactive: interface ge-0/0/23.0
Still need to commit!!!
Copyright 2012 (c)
www.zenithnetworks.com
10
4
105. root@HQ> show interfaces terse
Interface Admin Link Proto Local Remote
ge-0/0/23 up up
ge-0/0/23.0 up up inet 172.16.20.1/24
vcp-0 up down
vcp-0.32768 up down
vcp-1 up down
vcp-1.32768 up down
bme0 up up
bme0.32768 up up inet 128.0.0.1/2
10
5
Copyright 2012 (c)
www.zenithnetworks.com
106. root@HQ> show interfaces terse | except ge-
Interface Admin Link Proto Local Remote
vcp-0 up down
vcp-0.32768 up down
vcp-1 up down
vcp-1.32768 up down
bme0 up up
bme0.32768 up up inet 128.0.0.1/2
10
6
Copyright 2012 (c)
www.zenithnetworks.com
107. root@HQ# run show interfaces terse | match ge-
ge-0/0/0 up up
ge-0/0/0.0 up up inet 192.168.1.1/24
ge-0/0/1 up down
ge-0/0/1.0 up down eth-switch
ge-0/0/2 up down
ge-0/0/2.0 up down eth-switch
ge-0/0/3 up down
ge-0/0/3.0 up down eth-switch
10
7
Copyright 2012 (c)
www.zenithnetworks.com
108. End of Cool Tips and
Tricks!!
Copyright 2012 (c)
www.zenithnetworks.com
10
8
110. Allows for interaction with JUNOS
Customize your network environment!!
Automate repetitive tasks, response to events, configuration
Highly configurable…. What do you want to do ?
Accelerates problem solving!!
Ensures a higher level of configuration integrity
11
0
Copyright 2012 (c)
www.zenithnetworks.com
111. Developed by you…. The network engineer
Build a library of scripts
Automate the operation of your network devices
Customize as needed
Category of Scripts
Commit
Operation
Event
11
1
Copyright 2012 (c)
www.zenithnetworks.com
112. Ensure integrity of configuration based on your standards
You create your own commit scripts
Candidate config file is checked for required parameters
Check for VLAN, MTU, OSPF, BGP, Security Policies
Automate…. Validate… Error Free Configuration
If problem discovered… report, abort commit, fix and apply
Very powerful!!
11
2
Copyright 2012 (c)
www.zenithnetworks.com
113. Network Monitoring and Troubleshooting
Diagnose and Fix Problems
Auto-run commands, inspect output, take action….
Attempt to fix…. Report
Always running and monitoring
Avoid little problems from becoming bigger
What do you want to check ? (mtu, interface errors..)
11
3
Copyright 2012 (c)
www.zenithnetworks.com
114. Correlate events…. Execute OP scripts
Run multiple OP’s… gathering info.
Attempt to uncover the point of failure
Attempt to fix….. Report
UP/Down interface… route disappears
For more information…
https://learningportal.juniper.net
Copyright 2012 (c)
www.zenithnetworks.com
11
4
115. Traceoptions
Very powerful…
Insight to numerous protocol events (ospf, bgp…)
Set protocol / event flags and log data
Should not negatively impact performance
You can run as an ongoing process… or deactivate
[edit protocols bgp]
root@HQ# show
traceoptions {
file bgp-events;
flag keepalive;
flag state;
}
Copyright 2012 (c)
www.zenithnetworks.com
11
5
116. End of Advanced Operations!!
Copyright 2012 (c)
www.zenithnetworks.com
11
6