SlideShare a Scribd company logo
1 of 125
Zenith Networks: Jump Start JUNOS
Introduction….
Doug Marschke, Zenith Networks
Copyright 2012 (c)
www.zenithnetworks.com 2
Module 1
 Partner of Juniper Networks
 HQ Philadelphia, PA
 27 Years Network Integration Services
 12 Years Education Services
 LAN / WAN Configuration and Design
 Routing, Switching and Security
 JNCIA, JNCIS-ENT, JNCI-ENT
 www.zenithnetworks.com
Copyright 2012 (c)
www.zenithnetworks.com 3
Founded 1996
HQ Sunnyvale, CA
Employees 9,400 + 46 countries
2011, 2012, 2013 & 2104 Worlds Most Ethical Company
Award!!
Connect Everything…. Empower Everyone!
Routing, Switching, Security
www.juniper.net
Copyright 2012 (c)
www.zenithnetworks.com 4
Copyright 2012 (c)
www.zenithnetworks.com 5
Access to view the Slides……”Learning Academy”
 http://www.zenithnetworks.com/education
Copyright 2012 (c)
www.zenithnetworks.com 6
Copyright 2012 (c)
www.zenithnetworks.com 7
End of Introduction
Copyright 2012 (c)
www.zenithnetworks.com 8
Zenith Networks: Jump Start JUNOS
 Routers, Switches and SRX Firewalls….
 Thought process… efficiency and stability.
 Let’s check it out!!
10
Copyright 2012 (c)
www.zenithnetworks.com
Routing Engine
Control Plane
Packet Forwarding
Engine
Forwarding
Plane
11
Copyright 2012 (c)
www.zenithnetworks.com
 Control plane: is where routing engine resides.
 Routing Engine: brains of the device.
 JUNOS runs here…. CLI….
 Chassis control….
 OSPF – BGP – STP – SNMP….
 Routing and Switching tables.
12
Copyright 2012 (c)
www.zenithnetworks.com
Control Plane
 Packet Forwarding
 Engine
Packet Forwarding Engine….
Very efficiently processes packets
Receives copies of route/switch table from RE
Some intelligence…QOS…error reporting
Multiple PFE’s per device (ex4200-48….. 3 pfe’s)
13
Copyright 2012 (c)
www.zenithnetworks.com
Packets IN Packets OUT
Forwarding
Plane
root@HQ> show pfe statistics bridge
Slot 0
PFE: 0 1 ( ex4200-24 has two pfe’s… copper and uplink )
---------------------------------------------------------------------
---- Ingress Counters ----
-- Set0 --
Received: 0 4
VLAN Filtered: 0 0
Security Filtered: 0 0
Other Discards: 0 0
-- Set1 --
Received: 0 4
VLAN Filtered: 0 0
Security Filtered: 0 0
Other Discards: 0 0
14
Copyright 2012 (c)
www.zenithnetworks.com
root@HQ> show pfe statistics bridge
Slot 0
PFE: 0 1 ( ex4200-24 has two pfe’s… copper and uplink )
---------------------------------------------------------------------
---- Egress Counters ----
-- Set0 --
Unicast: 0 0
Multicast: 0 0
Broadcast: 0 0
Egress Filtered: 0 0
Congestion Filtered: 0 0
Control Packets: 0 74
-- Set1 --
Unicast: 0 0
Multicast: 0 0
Broadcast: 0 0
Egress Filtered: 0 0
Congestion Filtered: 0 0
Control Packets: 0 74
15
Copyright 2012 (c)
www.zenithnetworks.com
root@HQ> show pfe statistics bridge
Slot 0
PFE: 0 1 ( ex4200-24 has two pfe’s… copper and
uplink )
---------------------------------------------------------------------
---- General Counters ----
Drop Mode: 0 0
Drop Count: 0 2
Src Not Learnt: 0 0
16
Copyright 2012 (c)
www.zenithnetworks.com
 Efficiency….
 Multiple PFE’s
 Move data at high rates
 Routers, Switches, Firewalls
 Stability….
 System instabilities do not necessarily impact the other plane
 DOS on the PFE….
Control Plane is protected via filtering and / or rate limiting!!
 Protocol reset ( OPSF )
 Reset RPD on the control plane… rely on existing PFE based copy
 Traffic continues to flow
17
Copyright 2012 (c)
www.zenithnetworks.com
Operating System for…
Routers
Switches
Firewalls
One OS… Single Release Train…Modular…
Kernel: Based on Free BSD UNIX OS
No special or customer-specific builds
http://www.juniper.net/assets/us/en/local/pdf/whitepapers/2000264-en.pdf
18
Copyright 2012 (c)
www.zenithnetworks.com
 Modular Design: Stability….. Flexibility
 Built based on single-source code
Strict development process…
Released quarterly…
No special customer builds…
Features roll-up…. Not out…
Fairly easy to select your code…
BGP for ISP is same BGP for Enterprise
19
Copyright 2012 (c)
www.zenithnetworks.com
 Modular
 Daemons/Processes run in own protected memory
 Designed to eliminate run-away process from crashing system
 Load / Reset individual daemons/processes
 If need be… improved fault isolation
20
Copyright 2012 (c)
www.zenithnetworks.com
Kernel
Protocol
Security
Chassis
Management
Zenith Networks: Jump Start JUNOS
Out-of-Band:
Dedicated Management Ethernet Interface ( me0 )
root@HQ# set interfaces me0 unit 0 family inet address 192.168.1.1/24
[edit]
root@HQ# show interfaces me0
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
Console Port
Web Interface
HTTP or HTTPS
Copyright 2012 (c)
www.zenithnetworks.com 22
Initial login
login: root
Password:
--- JUNOS 12.3R6.6 built 2014-03-13 06:58:47 UTC
root@HQ:RE:0%
Operation Mode
root@HQ:RE:0% cli
root@HQ>
Configure Mode
root@HQ> configure
Entering configuration mode
[edit]
root@HQ#
Copyright 2012 (c)
www.zenithnetworks.com 23
 Operational Mode ( OP Mode )
 Show commands ( route tables, interface stats…)
 Request…. Clear… (upgrade, reboot, interface stats)
 Troubleshooting ( ping, traceroute…)
 Very powerful…. Brief to Extensive Output
 Easy to use!
 Configuration Mode
 Configuration changes
 Candidate Configuration ( Sandbox )
 Can also run OP commands
24
Copyright 2012 (c)
www.zenithnetworks.com
root@HQ> ?
Possible completions:
clear Clear information in the system
configure Manipulate software configuration information
file Perform file operations
help Provide help information
load Load information from file
monitor Show real-time debugging information
mtrace Trace multicast path from source to receiver
op Invoke an operation script
ping Ping remote target
quit Exit the management session
request Make system-level requests
restart Restart software process
save Save information to file
set Set CLI properties, date/time, craft interface message
show Show system information
ssh Start secure shell on another host
{master:0}
root>
Copyright 2012 (c)
www.zenithnetworks.com 25
root@HQ> show ?
Possible completions:
accounting Show accounting profiles and records
analyzer Show analyzer information
arp Show system Address Resolution Protocol table entries
as-path Show table of known autonomous system paths
authentication-whitelist Show 802.1X White List MAC addresses
bfd Show Bidirectional Forwarding Detection information
bgp Show Border Gateway Protocol information
captive-portal Show captive portal information
chassis Show chassis information
class-of-service Show class-of-service (CoS) information
cli Show command-line interface settings
configuration Show current configuration
connections Show circuit cross-connect connections
dhcp Show Dynamic Host Configuration Protocol information
diagnostics Show diagnostics information
diameter Show diameter information
dot1x Show 802.1X information
esis Show end system-to-intermediate system information
ethernet-switching Show Ethernet-switching information
event-options Show event-options information
firewall Show firewall information
26
Copyright 2012 (c)
www.zenithnetworks.com
root@HQ> show ethernet-switching ?
Possible completions:
interfaces Display Ethernet-switching interface information
layer2-protocol-tunneling Show Layer2 protocol tunneling information
mac-learning-log Show MAC address learning log
mac-notification Display MAC notification information
next-hops Show next hop information
statistics Show media access control statistics
table Show media access control table
27
Copyright 2012 (c)
www.zenithnetworks.com
root@HQ> ping ?
Possible completions:
<host> Hostname or IP address of remote host
bypass-routing Bypass routing table, use specified interface
count Number of ping requests to send (1..2000000000 packets)
detail Display incoming interface of received packet
do-not-fragment Don't fragment echo request packets (IPv4)
ethernet Ping to an ethernet host by unicast mac address
inet Force ping to IPv4 destination
inet6 Force ping to IPv6 destination
interface Source interface (multicast, all-ones, unrouted packets)
interval Delay between ping requests (seconds)
+ loose-source Intermediate loose source route entry (IPv4)
mpls Ping label-switched path
no-resolve Don't attempt to print addresses symbolically
pattern Hexadecimal fill pattern
rapid Send requests rapidly (default count of 5)
record-route Record and report packet's path (IPv4)
routing-instance Routing instance for ping attempt
size Size of request packets (0..65468 bytes)
source Source address of echo request
Copyright 2012 (c)
www.zenithnetworks.com 28
Ping forever!!
root@HQ> ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=1.044 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=2.611 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=3.880 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=3.549 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=1.029 ms
64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=1.035 ms
^C
--- 192.168.1.1 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.029/2.191/3.880/1.216 ms
Copyright 2012 (c)
www.zenithnetworks.com 29
Ping – Round Trip and Count
root@HQ> ping 192.168.1.2 count 3
PING 192.168.1.2 (192.168.1.2): 56 data bytes
64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.150 ms
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.109 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.207 ms
--- 192.168.1.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.109/0.155/0.207/0.040 ms
Copyright 2012 (c)
www.zenithnetworks.com 30
Ping – No roundtrip….. count
root@HQ> ping 192.168.1.1 rapid count 3
PING 192.168.1.1 (192.168.1.1): 56 data bytes
!!!
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.931/2.921/4.070/1.413 ms
Copyright 2012 (c)
www.zenithnetworks.com 31
Ping – destination… specify source…. count
root@HQ> ping 172.16.20.1 source 172.16.25.1 count 4
PING 172.16.20.1 (172.16.20.1): 56 data bytes
64 bytes from 172.16.20.1: icmp_seq=0 ttl=64 time=1.920 ms
64 bytes from 172.16.20.1: icmp_seq=1 ttl=64 time=4.375 ms
64 bytes from 172.16.20.1: icmp_seq=2 ttl=64 time=6.236 ms
64 bytes from 172.16.20.1: icmp_seq=3 ttl=64 time=1.068 ms
--- 172.16.20.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.068/3.400/6.236/2.039 ms
Copyright 2012 (c)
www.zenithnetworks.com 32
root@HQ> show route
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.20.0/24 *[OSPF/10] 00:08:05, metric 2
> to 192.168.1.1 via ge-0/0/0.0
172.16.25.0/24 *[Direct/0] 00:09:13
> via ge-0/0/23.0
172.16.25.1/32 *[Local/0] 00:24:12
Local via ge-0/0/23.0
172.16.26.0/24 *[Direct/0] 00:09:17
> via ge-0/0/22.0
172.16.26.1/32 *[Local/0] 00:24:12
Local via ge-0/0/22.0
172.16.30.0/24 *[OSPF/10] 00:08:21, metric 2
> to 192.168.1.1 via ge-0/0/0.0
Local via ge-0/0/0.0
Copyright 2012 (c)
www.zenithnetworks.com 33
root@HQ> show route protocol ospf
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.20.0/24 *[OSPF/10] 00:08:55, metric 2
> to 192.168.1.1 via ge-0/0/0.0
172.16.30.0/24 *[OSPF/10] 00:09:11, metric 2
> to 192.168.1.1 via ge-0/0/0.0
224.0.0.5/32 *[OSPF/10] 00:25:03, metric 1
MultiRecv
Copyright 2012 (c)
www.zenithnetworks.com 34
root@HQ> show interfaces ge-0/0/0 ?
Possible completions:
<[Enter]> Execute this command
brief Display brief output
descriptions Display interface description strings
detail Display detailed output
extensive Display extensive output
media Display media information
routing-instance Name of routing instance
snmp-index SNMP index of interface
statistics Display statistics and detailed output
terse Display terse output
| Pipe through a command
Copyright 2012 (c)
www.zenithnetworks.com 35
root@HQ> show interfaces ge-0/0/0 terse
Interface Admin Link Proto Local Remote
ge-0/0/0 up up
ge-0/0/0.0 up up inet 172.16.20.1/24
root@HQ> show interfaces ge-0/0/0 brief
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Link-level type: Ethernet, MTU: 1514, Speed: Auto, Duplex: Auto,
Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled,
Auto-negotiation: Enabled, Remote fault: Online
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Link flags : None
Logical interface ge-0/0/0.0
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
inet 172.16.20.1/24
Copyright 2012 (c)
www.zenithnetworks.com 36
root@HQ> show interfaces ge-0/0/0 detail
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Interface index: 130, SNMP ifIndex: 504, Generation: 133
Link-level type: Ethernet, MTU: 1514, Speed: Auto, Duplex: Auto,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled,
Remote fault: Online
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Hold-times : Up 0 ms, Down 0 ms
Current address: 28:c0:da:2a:2f:c0, Hardware address: 28:c0:da:2a:2f:c0
Last flapped : 2010-08-14 01:29:09 UTC (00:08:44 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 11290 0 bps
Output bytes : 11122 680 bps
Input packets: 102 0 pps
Output packets: 101 0 pps
IPv6 transit statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Egress queues: 8 supported, 4 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 0 3 0
1 assured-forw 0 0 0
5 expedited-fo 0 0 0
7 network-cont 0 98 0
Active alarms : None
Active defects : None
37
Copyright 2012 (c)
www.zenithnetworks.com
root@HQ> monitor interface ge-0/0/0
Seconds: 188 Time: 14:31:05
Delay: 0/0/20
Interface: ge-0/0/0, Enabled, Link is Up
Encapsulation: Ethernet, Speed: 1000mbps
Traffic statistics: Current delta
Input bytes: 65730 (816 bps) [17412]
Output bytes: 65601 (816 bps) [17400]
Input packets: 374 (1 pps) [163]
Output packets: 376 (1 pps) [163]
Error statistics:
Input errors: 0 [0]
Input drops: 0 [0]
Input framing errors: 0 [0]
Policed discards: 0 [0]
L3 incompletes: 0 [0]
L2 channel errors: 0 [0]
L2 mismatch timeouts: 0 Carrier transition [0]
Next='n', Quit='q' or ESC, Freeze='f', Thaw='t', Clear='c', Interface='i'
Copyright 2012 (c)
www.zenithnetworks.com 38
root@HQ> request system software ?
Possible completions:
add Add extension or upgrade package
delete Remove extension or upgrade package
nonstop-upgrade Nonstop software upgrade
rollback Attempt to roll back to previous set of packages
validate Verify package compatibility with current configuration
-------------------------------------------------------------------------------------------------------------
root@HQ> request system software add ?
Possible completions:
<package-name> URL or pathname of package
best-effort-load Load succeeds if at least one statement is valid
delay-restart Don't restart processes
force Force addition of package (ignore warnings)
member Install package on VC Member (0..9)
no-copy Don't save copies of package files
no-validate Don't check compatibility with current configuration
reboot Reboot system after adding package
Copyright 2012 (c)
www.zenithnetworks.com 39
root@HQ> help ?
Possible completions:
<[Enter]> Execute this command
apropos Find help information about a topic
reference Reference material
syslog System log error messages
tip Tip for the day
topic Help for high level topics
| Pipe through a command
Copyright 2012 (c)
www.zenithnetworks.com 40
root@HQ> help topic ?
Possible completions:
access
accounting-options
amt
ancp
applications
bfd
bgp
bridge-domains
chassis
class-of-service
connections
……..
……..
Copyright 2012 (c)
www.zenithnetworks.com 41
root@HQ> help topic ospf area-backbone
Configuring the Backbone Area
You must create a backbone area if your network consists of multiple
areas. An ABR must have at least one interface in the backbone area, or it
must have a virtual link to a router in the backbone area. The backbone
comprises all area border routers and all routers that are not included in
any other area. You configure all these routers by including the area
0.0.0.0 statement:
(ospf | ospf3) {
area 0.0.0.0;
}
Copyright 2012 (c)
www.zenithnetworks.com 42
root@HQ> help reference ?
Possible completions:
access
accounting-options
ancp
applications
bfd
bgp
bridge-domains
chassis
class-of-service
connections
…….
…….
Copyright 2012 (c)
www.zenithnetworks.com 43
root@HQ> help reference system syslog
syslog
Syntax
syslog {
archive {
files number;
size maximum-file-size;
start-time "YYYY-MM-DD.hh:mm";
transfer-interval minutes;
(world-readable | no-world-readable);
}
console {
facility severity;
Copyright 2012 (c)
www.zenithnetworks.com 44
 Structured Configuration
 Creates an intuitive learning environment
 Navigate and Set Configuration Parameters
OR….
 Configure parameters from the very top-level
45
Copyright 2012 (c)
www.zenithnetworks.com
Copyright 2012 (c)
www.zenithnetworks.com 46
EDIT
Chassis Ethernet-Switching-Options Interfaces Protocols
BPDU-Block Mac-notification Secure-access-port
DHCP-Snooping-File Interface VLAN
_______________________________________________________________________
__________________________________________________________________
____________________________________________________________
Structured Configuration Tree
_________________________
ge-0/0/0
ge-0/0/1
 Edit (navigate hierarchy / change directory)
 Up
 Up 2
 Top
 Exit
 Set (turn-on a parameter)
 Delete (undo parameter)
 Deactivate (turn-off)
47
Copyright 2012 (c)
www.zenithnetworks.com
root@HQ> configure
Entering configuration mode
[edit]
root@HQ#
Copyright 2012 (c)
www.zenithnetworks.com 48
root@HQ# show
## Last changed: 2010-08-14 00:09:54 UTC
version 10.3R1.9;
system {
root-authentication {
encrypted-password "$1$4vi5gL/q$8E6fwTWL/g2YPj3VrLOnj1"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.1.2/24;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching;
Copyright 2012 (c)
www.zenithnetworks.com 49
protocols {
ospf {
area 0.0.0.0 {
interface ge-0/0/0.0;
interface ge-0/0/23.0 {
passive;
metric 30;
}
interface ge-0/0/22.0 {
metric 100;
}
}
}
igmp-snooping {
vlan all;
}
Copyright 2012 (c)
www.zenithnetworks.com 50
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
accounting {
vlan-id 100;
}
engineering {
vlan-id 200;
}
}
Copyright 2012 (c)
www.zenithnetworks.com 51
[edit protocols ospf]
root@HQ# show
area 0.0.0.0 {
interface ge-0/0/0.0;
interface ge-0/0/23.0 {
passive;
metric 30;
}
interface ge-0/0/22.0 {
metric 100;
}
}
Copyright 2012 (c)
www.zenithnetworks.com 52
[edit]
root@HQ# show protocols ospf
area 0.0.0.0 {
interface ge-0/0/0.0;
interface ge-0/0/23.0 {
passive;
metric 30;
}
interface ge-0/0/22.0 {
metric 100;
}
}
Copyright 2012 (c)
www.zenithnetworks.com 53
[edit]
root@HQ# show | display set
set system root-authentication encrypted-password
"$1$4vi5gL/q$8E6fwTWL/g2YPj3VrLOnj1"
set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.2/24
set interfaces ge-0/0/22 unit 0 family inet address 172.16.26.1/24
set interfaces ge-0/0/23 unit 0 family inet address 172.16.25.1/24
set interfaces ge-0/1/0 unit 0 family ethernet-switching
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface ge-0/0/23.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/23.0 metric 30
set protocols ospf area 0.0.0.0 interface ge-0/0/22.0 metric 100
set protocols igmp-snooping vlan all
set protocols rstp
[edit]
root@HQ#
Copyright 2012 (c)
www.zenithnetworks.com 54
 The candidate configuration is your BIG TIME friend!!
 Will make your professional life a little less stressful
 “Sandbox”….. No fear!....
 Other manufacturers… you work in RAM… beware!
 Candidate is a copy of the active configuration
 We make changes to the candidate
 When ready….. Commit the candidate to become active configuration
 Let’s take a look….
55
Copyright 2012 (c)
www.zenithnetworks.com
Candidate
Configuration
RAM
Active Configuration
0
“Sandbox”
56
Copyright 2012 (c)
www.zenithnetworks.com
When we enter config mode, the active config is copied to candidate
root@HQ> configure
Entering configuration mode
[edit]
root@HQ#
Candidate
Config
RAM
Active Configuration
0
57
Copyright 2012 (c)
www.zenithnetworks.com
Protocols ospf area 0.0.0.0
interface ge-0/0/0
Protocols ospf area 0.0.0.0
Interface ge-0/0/0
Changes are made to the “sandbox” candidate configuration
Candidate
Config
RAM
Active Configuration
0
58
Copyright 2012 (c)
www.zenithnetworks.com
Protocols ospf area 0.0.0.0
interface ge-0/0/0
Protocols ospf area 0.0.0.0
Interface ge-0/0/0
VLAN Accounting VLAN-ID 10
We “commit” a configuration to write to RAM and local file system.
Candidate
Config
RAM
Active Configuration
0
59
Copyright 2012 (c)
www.zenithnetworks.com
Protocols ospf area 0.0.0.0
interface ge-0/0/0
Protocols ospf area 0.0.0.0
Interface ge-0/0/0
VLAN Accounting VLAN-ID 10 VLAN Accounting VLAN-ID 10
Multiple commit options….
 Commit
 Commit check
 Commit confirmed
 Commit at
 Commit and-quit
Copyright 2012 (c)
www.zenithnetworks.com 60
Set IP Address to Physical Interface
 Navigate….
root@HQ# edit interfaces ge-0/0/0 unit 0
[edit interfaces ge-0/0/0 unit 0]
root@HQ# set family inet address 192.168.1.1/24
OR!!!
 Set from top level of configuration hierarchy
[edit]
root@HQ# set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24
61
Copyright 2012 (c)
www.zenithnetworks.com
Place interface into OSPF area
 Navigate….
root@HQ# edit protocols ospf
[edit protocols ospf]
root@HQ# set area 5 interface ge-0/0/0.0
OR!!
 Set from top level of configuration hierarchy
[edit]
root@HQ# set protocols ospf area 5 interface ge-0/0/0.0
62
Copyright 2012 (c)
www.zenithnetworks.com
Zenith Networks: Jump Start JUNOS
 Interface Configuration (unit and family)
 Let’s go!!!
64
Copyright 2012 (c)
www.zenithnetworks.com
Interface Parameters:
 Physical
 ( speed / duplex )
 Logical
 ( ipv4, ipv6, mpls, ethernet-switching…. )
65
Copyright 2012 (c)
www.zenithnetworks.com
ge-0/0/18 {
ether-options {
no-auto-negotiation;
flow-control;
link-mode full-duplex;
speed {
100m;
==================================================================
[edit]
root@HQ# set interfaces ge-0/0/18 ether-options no-auto-negotiation
[edit]
root@HQ# set interfaces ge-0/0/18 ether-options flow-control
[edit]
root@HQ# set interfaces ge-0/0/18 ether-options speed 1g
[edit]
root@HQ# set interfaces ge-0/0/18 ether-options link-mode full-duplex
66
Copyright 2012 (c)
www.zenithnetworks.com
[edit]
root@HQ# set interfaces interface-range NEW-USERS member-range ge-0/0/10 to ge-0/0/15
[edit]
root@HQ# set interfaces interface-range NEW-USERS ether-options speed 1g
[edit]
root@HQ# set interfaces interface-range NEW-USERS ether-options link-mode full-duplex
67
Copyright 2012 (c)
www.zenithnetworks.com
ge-0/0/1 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching;
68
Copyright 2012 (c)
www.zenithnetworks.com
 Unit 0
 All interfaces…. except for Tagged interface and L3 VLAN.
 Assign logical parameters under unit 0
 Not a sub-interface… but a placeholder for logical parameters
 If tagged interface… multiple units per interface
69
Copyright 2012 (c)
www.zenithnetworks.com
Multiple families of protocols
inet – IPv4
inet6 – IPv6
Ethernet-Switching
---------------------------------------------------------------------------------------------
[edit interfaces ge-0/0/12 unit 0]
root@HQ# set family inet address 192.168.50.1/24
[edit interfaces ge-0/0/12 unit 0]
root@HQ# set family inet6 address 2001::1/64
Resulting configuration……..
70
Copyright 2012 (c)
www.zenithnetworks.com
[edit interfaces ge-0/0/12 unit 0]
root@HQ# show
family inet {
address 192.168.50.1/24;
}
family inet6 {
address 2001::1/64;
}
71
Copyright 2012 (c)
www.zenithnetworks.com
[edit interfaces ge-0/0/3 unit 0]
root@HQ# set family inet address 192.168.12.1/24
[edit interfaces ge-0/0/3 unit 0]
root@HQ# set family inet address 192.168.13.1/24
[edit interfaces ge-0/0/3 unit 0]
root@HQ# set family inet address 192.168.14.1/24
-------------------------------------------------------------------------------------------
[edit interfaces ge-0/0/3 unit 0]
root@HQ# show
family inet {
address 192.168.12.1/24;
address 192.168.13.1/24;
address 192.168.14.1/24;
}
72
Copyright 2012 (c)
www.zenithnetworks.com
[edit interfaces ge-0/0/5]
root@HQ# show
vlan-tagging;
unit 100 {
vlan-id 100;
family inet {
address 192.168.30.1/24;
}
}
unit 200 {
vlan-id 200;
family inet {
address 192.168.40.1/24;
}
}
73
Copyright 2012 (c)
www.zenithnetworks.com
[edit vlans]
root@HQ# set accounting vlan-id 100
[edit vlans]
root@HQ# set engineering vlan-id 200
-----------------------------------------------------------------------------------
[edit vlans]
root@HQ# show
accounting {
vlan-id 100;
}
engineering {
vlan-id 200;
}
74
Copyright 2012 (c)
www.zenithnetworks.com
[edit vlans]
root@HQ# set accounting interface ge-0/0/5
[edit vlans]
root@HQ# set accounting interface ge-0/0/6
[edit vlans]
root@HQ# set engineering interface ge-0/0/7
[edit vlans]
root@HQ# show
accounting {
vlan-id 100;
interface {
ge-0/0/5.0;
ge-0/0/6.0;
}
engineering {
vlan-id 200;
interface {
ge-0/0/7.0;
75
Copyright 2012 (c)
www.zenithnetworks.com
From the interface level….
[edit]
root@HQ# set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan accounting
[edit]
root@HQ# set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan accounting
[edit]
root@HQ# set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan engineering
76
Copyright 2012 (c)
www.zenithnetworks.com
root@HQ# show interfaces
ge-0/0/9 {
unit 0 {
family ethernet-switching {
vlan {
members accounting;
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
vlan {
members accounting;
}
ge-0/0/11 {
unit 0 {
family ethernet-switching {
vlan {
members engineering;
}
77
Copyright 2012 (c)
www.zenithnetworks.com
[edit interfaces ge-0/0/20 unit 0 family ethernet-switching]
root@HQ# set port-mode trunk
[edit interfaces ge-0/0/20 unit 0 family ethernet-switching]
root@HQ# set vlan members [ accounting engineering ]
[edit interfaces ge-0/0/20]
root@HQ# show
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ accounting engineering ];
78
Copyright 2012 (c)
www.zenithnetworks.com
root@HQ# set system services ?
Possible completions:
<[Enter]> Execute this command
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> database-replication Database replication configuration
> dhcp Configure DHCP server
> dhcp-local-server Dynamic Host Configuration Protocol server configuration
> finger Allow finger requests from remote systems
> ftp Allow FTP file transfers
> netconf Allow NETCONF connections
> outbound-ssh Initiate outbound SSH connection
> service-deployment Configuration for Service Deployment (SDXD) management application
> ssh Allow ssh access
> subscriber-management Subscriber management configuration
> telnet Allow telnet login
> tftp-server Allow TFTP file transfers in default routing instance
> web-management Web management configuration
> xnm-clear-text Allow clear text-based JUNOScript connections
> xnm-ssl Allow SSL-based JUNOScript connections
| Pipe through a command
Copyright 2012 (c)
www.zenithnetworks.com 79
root@HQ# set system services web-management ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> control Control of the web management process
> http Unencrypted HTTP connection settings
> https Encrypted HTTPS connections
management-url URL path for web management access
> session Session parameters
Copyright 2012 (c)
www.zenithnetworks.com 80
[edit]
root@HQ# set system ntp server 1.1.1.1 ?
Possible completions:
<[Enter]> Execute this command
key Authentication key
prefer Prefer this peer_serv
version NTP version to use (1..4)
| Pipe through a command
============================================================================
[edit]
root@HQ# set system time-zone ?
Possible completions:
<time-zone> Time zone name or POSIX-compliant time zone string
America/Montreal
America/Montserrat
America/Nassau
America/New_York
81
Copyright 2012 (c)
www.zenithnetworks.com
End of JUNOS Spin!
Copyright 2012 (c)
www.zenithnetworks.com 82
Zenith Networks: Jump Start JUNOS
 Commit Options
 Rollback
 Rename…. replace
 Copy
 Deactivate
 Show | “pipe”
Copyright 2012 (c)
www.zenithnetworks.com 84
 Commit
 Commit check
 Commit confirmed
 Commit at
 Commit and-quit
Copyright 2012 (c)
www.zenithnetworks.com 85
 When making configuration changes… we live in candidate
 At some point we would commit to activate
 If succeed… activate… if trouble… report… do not activate
[edit]
root@HQ# set system host-name Jump-Start
[edit]
root@HQ# commit
configuration check succeeds
commit complete
[edit]
root@Jump-Start#
Copyright 2012 (c)
www.zenithnetworks.com 86
 Only Checks the validity of the syntax
 If good… confirmation message
 If NOT good… error message
 Will never activate… until commit
root@Jump-Start# set system host-name Friday
[edit]
root@Jump-Start# commit check
configuration check succeeds
[edit]
root@Jump-Start#
Copyright 2012 (c)
www.zenithnetworks.com 87
 Build your configuration in advance of cut-over!!
 Commit Check!!! (syntax verification)
All good...
Then… deactivate config statements and commit.
or
Save to local file system…. Rollback 0 to reset candidate
Copyright 2012 (c)
www.zenithnetworks.com 88
root@HQ# set protocols ospf area 30 interface ge-0/0/0
[edit]
root@HQ# show protocols ospf
area 0.0.0.30 {
interface ge-0/0/0.0;
}
[edit]
root@HQ# deactivate protocols ospf area 30 interface ge-0/0/0
[edit]
root@HQ# show protocols ospf
area 0.0.0.30 {
inactive: interface ge-0/0/0.0;
}
Copyright 2012 (c)
www.zenithnetworks.com 89
Save candidate configuration to local file system…
[edit]
root@HQ# save new-ospf-config-file
[edit]
root@HQ# rollback 0 (reset candidate to that of what is in RAM)
load complete
When ready… Load previously saved configuration file into the candidate
root@HQ# load override new-ospf-config-file
Still need to commit !!!
Copyright 2012 (c)
www.zenithnetworks.com 90
 Build a configuration in preparation for a new circuit
 Commit check…
 Commit AT…
 You are setting the time for the new configuration to be activated!
root@HQ# commit at 11:00:00
configuration check succeeds
commit at will be executed at 2013-08-14 11:00:00 UTC
The configuration has been changed but not committed
root@HQ> show system commit
commit requested by root via cli at 2013-03-04 16:30:00 UTC
root@HQ> clear system commit
Pending commit cleared
Copyright 2012 (c)
www.zenithnetworks.com 91
 Home run time!!
 Automatic Rollback!
 Network device is located remote from your location
 Could the new configuration result in a network disconnect ?
 What now ?
 Issue commit confirmed…
 All good ?.... Then issue a 2nd commit within the “confirmed” time
 Network disconnect ?.... Wait the “confirmed” time and auto rollback
 Let’s take a peek!!.....
Copyright 2012 (c)
www.zenithnetworks.com 92
root@HQ# set system host-name New-Name
root@HQ# commit confirmed 1
configuration check succeeds
commit confirmed will be automatically rolled back in 1 minutes unless
confirmed
commit complete
root@New-Name#
Broadcast Message from root@Jump-Start
(no tty) at 9:25 UTC...
Commit was not confirmed; automatic rollback complete.
root@HQ#
Copyright 2012 (c)
www.zenithnetworks.com 93
root@HQ# commit and-quit
configuration check succeeds commit complete
Exiting configuration mode
root@HQ>
Copyright 2012 (c)
www.zenithnetworks.com 94
1. Active Configuration is config # 0
2. Enter configure mode….
3. Active configuration is copied to candidate configuration
4. Up to 50 configuration versions are saved…. 0 thru 49
Copyright 2012 (c)
www.zenithnetworks.com 95
root@HQ# rollback ?
Possible completions:
<[Enter]> Execute this command
0 2010-08-14 09:33:15 UTC by root via cli
1 2010-08-14 09:25:15 UTC by root via other
2 2010-08-14 09:24:12 UTC by root via cli commit confirmed
3 2010-08-14 09:20:45 UTC by root via other
4 2010-08-14 09:18:41 UTC by root via cli commit confirmed
5 2010-08-14 06:25:52 UTC by root via cli
6 2010-08-14 03:28:33 UTC by root via cli
7 2010-08-13 23:10:32 UTC by root via cli
8 2010-08-13 23:06:09 UTC by root via button
9 2010-08-13 23:02:46 UTC by root via button
10 2010-08-13 23:01:56 UTC by root via other
Copyright 2012 (c)
www.zenithnetworks.com 96
1. root@HQ# set system host-name New-Name
2. root@HQ# show system host-name
host-name New-Name;
3. root@HQ# rollback 0
load complete Active
Configuration
4. root@HQ# show system host-name
host-name HQ;
Copyright 2012 (c)
www.zenithnetworks.com 97
Candidate
Config
root@HQ# show | compare rollback 9
[edit system]
- }
- interfaces { ( NOT IN CANDIDATE… ACTIVE IN ROLL 9 )
- vlan {
- bootp;
+ [edit interfaces ge-0/0/0 unit 0]
+ family inet { ( ACTIVE IN CANDIDATE.. NOT ROLL 9)
+ address 192.168.1.2/24;
From the perspective of candidate, relative to rollback 9…
Minus ( not in candidate, but present in rollback 9 )
Plus ( Present in the candidate, but not in rollback 9 )
Copyright 2012 (c)
www.zenithnetworks.com 98
ge-0/0/23 {
unit 0 {
family inet {
address 172.16.25.1/24;
}
root@HQ# rename ge-0/0/23 to ge-0/0/20
ge-0/0/20 {
unit 0 {
family inet {
address 172.16.25.1/24;
}
Copyright 2012 (c)
www.zenithnetworks.com 99
[edit protocols ospf]
root@HQ# show
area 0.0.0.0 {
interface ge-0/0/0.0;
interface ge-0/0/23.0
[edit protocols ospf]
root@HQ# top
root@HQ# replace pattern ge-0/0/23 with ge-0/0/20
[edit protocols ospf]
root@HQ# show
area 0.0.0.0 {
interface ge-0/0/0.0;
interface ge-0/0/20.0
Copyright 2012 (c)
www.zenithnetworks.com
10
0
ge-0/0/5 {
ether-options {
no-auto-negotiation;
flow-control;
link-mode full-duplex;
speed {
1g;
}
}
unit 0 {
family ethernet-switching;
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching;
}
}
Copyright 2012 (c)
www.zenithnetworks.com
10
1
ge-0/0/5 {
ether-options {
no-auto-negotiation;
flow-control;
link-mode full-duplex;
speed {
1g;
}
}
unit 0 {
family ethernet-switching;
}
}
ge-0/0/6 {
ether-options {
no-auto-negotiation;
flow-control;
link-mode full-duplex;
speed {
1g;
}
}
unit 0 {
family ethernet-switching;
}
Copyright 2012 (c)
www.zenithnetworks.com
10
2
 Awesome tool !!
 Great for troubleshooting or building a config for a later date
 Do not delete, rather turn-off
 When ready…. Activate
 Let’s take a peek…..
Copyright 2012 (c)
www.zenithnetworks.com
10
3
root@HQ# show protocols ospf
area 0.0.0.0 {
interface ge-0/0/0.0;
interface ge-0/0/23.0
[edit protocols ospf area 0.0.0.0]
root@HQ# deactivate interface ge-0/0/23
[edit protocols ospf area 0.0.0.0] Turn Off
root@HQ# show
interface ge-0/0/0.0;
inactive: interface ge-0/0/23.0
Still need to commit!!!
Copyright 2012 (c)
www.zenithnetworks.com
10
4
root@HQ> show interfaces terse
Interface Admin Link Proto Local Remote
ge-0/0/23 up up
ge-0/0/23.0 up up inet 172.16.20.1/24
vcp-0 up down
vcp-0.32768 up down
vcp-1 up down
vcp-1.32768 up down
bme0 up up
bme0.32768 up up inet 128.0.0.1/2
10
5
Copyright 2012 (c)
www.zenithnetworks.com
root@HQ> show interfaces terse | except ge-
Interface Admin Link Proto Local Remote
vcp-0 up down
vcp-0.32768 up down
vcp-1 up down
vcp-1.32768 up down
bme0 up up
bme0.32768 up up inet 128.0.0.1/2
10
6
Copyright 2012 (c)
www.zenithnetworks.com
root@HQ# run show interfaces terse | match ge-
ge-0/0/0 up up
ge-0/0/0.0 up up inet 192.168.1.1/24
ge-0/0/1 up down
ge-0/0/1.0 up down eth-switch
ge-0/0/2 up down
ge-0/0/2.0 up down eth-switch
ge-0/0/3 up down
ge-0/0/3.0 up down eth-switch
10
7
Copyright 2012 (c)
www.zenithnetworks.com
End of Cool Tips and
Tricks!!
Copyright 2012 (c)
www.zenithnetworks.com
10
8
Zenith Networks: Jump Start JUNOS
Allows for interaction with JUNOS
Customize your network environment!!
Automate repetitive tasks, response to events, configuration
Highly configurable…. What do you want to do ?
Accelerates problem solving!!
Ensures a higher level of configuration integrity
11
0
Copyright 2012 (c)
www.zenithnetworks.com
 Developed by you…. The network engineer
 Build a library of scripts
 Automate the operation of your network devices
 Customize as needed
Category of Scripts
Commit
Operation
Event
11
1
Copyright 2012 (c)
www.zenithnetworks.com
 Ensure integrity of configuration based on your standards
 You create your own commit scripts
 Candidate config file is checked for required parameters
 Check for VLAN, MTU, OSPF, BGP, Security Policies
 Automate…. Validate… Error Free Configuration
 If problem discovered… report, abort commit, fix and apply
 Very powerful!!
11
2
Copyright 2012 (c)
www.zenithnetworks.com
 Network Monitoring and Troubleshooting
 Diagnose and Fix Problems
 Auto-run commands, inspect output, take action….
 Attempt to fix…. Report
 Always running and monitoring
 Avoid little problems from becoming bigger
 What do you want to check ? (mtu, interface errors..)
11
3
Copyright 2012 (c)
www.zenithnetworks.com
 Correlate events…. Execute OP scripts
 Run multiple OP’s… gathering info.
 Attempt to uncover the point of failure
 Attempt to fix….. Report
 UP/Down interface… route disappears
 For more information…
 https://learningportal.juniper.net
Copyright 2012 (c)
www.zenithnetworks.com
11
4
 Traceoptions
 Very powerful…
 Insight to numerous protocol events (ospf, bgp…)
 Set protocol / event flags and log data
 Should not negatively impact performance
 You can run as an ongoing process… or deactivate
[edit protocols bgp]
root@HQ# show
traceoptions {
file bgp-events;
flag keepalive;
flag state;
}
Copyright 2012 (c)
www.zenithnetworks.com
11
5
End of Advanced Operations!!
Copyright 2012 (c)
www.zenithnetworks.com
11
6
Zenith Networks: Jump Start JUNOS
 “Sandbox”…. Candidate configuration
 Commit… check… at… confirmed
 Deactivate – Activate
 Rename… replace… copy
 Rollback
 | “pipe”
 Modular OS ( stability )
 Control and Forwarding Planes ( fast…. efficient )
 Automation
11
8
Copyright 2012 (c)
www.zenithnetworks.com
 More efficient…. For sure!
 Accuracy
 Confidence
 Faster troubleshooting
 High Availability
 Better Engineer
11
9
Copyright 2012 (c)
www.zenithnetworks.com
 Your Thoughts ?
 Comments ?
 Questions
12
0
Copyright 2012 (c)
www.zenithnetworks.com
Zenith Networks: Jump Start JUNOS
www.zenithnetworks.com
info@zenithnetworks.com
www.juniper.net
extjumpstart-junos@juniper.net
Copyright 2012 (c)
www.zenithnetworks.com
12
2
 Boot Camps (JUNOS – Switching – Routing – Security)
 Tech Days
 JNET Community ( http://forums.juniper.net)
 Ed Services Newsletter ( Education )
 Learning Bytes (http://www.juniper.net/us/en/training/)
 Social Networking ( youtube, facebook, twitter )
 User Group BAJUG www.bajug.org
 http://www.zenithnetworks.com/education (Learning Academy)
12
3
Copyright 2012 (c)
ZenithNetworks, Inc.
www.zenithnetworks.com
 www.juniper.net/education
 Multiple Tracks
 Enterprise Routing and Switching
 JNCIA-JUNOS, JNCIS-ENT, JNCIP-ENT, JNCIE-ENT
 Service Provider Routing and Switching
 JNCIA-JUNOS, JNCIS-SP, JNCIP-SP, JNCIE-SP
 JUNOS Security
 JNCIA-JUNOS, JNCIS-SEC, JNCIP-SEC, JNCIE-SEC
12
4
Copyright 2012 (c)
ZenithNetworks, Inc.
www.zenithnetworks.com
Access to view the Slides……
 http://www.zenithnetworks.com/education
Copyright 2012 (c)
www.zenithnetworks.com
12
5

More Related Content

What's hot

Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksAdrien Blind
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRoutingFaisal Reza
 
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGate
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGatePLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGate
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGatePROIDEA
 
Junos vs ios Troubleshooting comands
Junos vs ios Troubleshooting comands Junos vs ios Troubleshooting comands
Junos vs ios Troubleshooting comands sandeep kumar
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseSite-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseHarris Andrea
 
Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...Cisco Canada
 
Garantindo a qualidade da sua API REST com Behave
Garantindo a qualidade da sua API REST com BehaveGarantindo a qualidade da sua API REST com Behave
Garantindo a qualidade da sua API REST com BehaveYuri Zamboni
 
Policy Based Routing (PBR)
Policy Based Routing (PBR)Policy Based Routing (PBR)
Policy Based Routing (PBR)KHNOG
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLIHoàng Hải Nguyễn
 
FCスイッチISL 追加削除時の考慮点
FCスイッチISL 追加削除時の考慮点FCスイッチISL 追加削除時の考慮点
FCスイッチISL 追加削除時の考慮点Brocade
 
RENAT - ネットワーク検証自動化
RENAT - ネットワーク検証自動化RENAT - ネットワーク検証自動化
RENAT - ネットワーク検証自動化HuuBachNguyen
 
In-depth Troubleshooting on NetScaler using Command Line Tools
In-depth Troubleshooting on NetScaler using Command Line ToolsIn-depth Troubleshooting on NetScaler using Command Line Tools
In-depth Troubleshooting on NetScaler using Command Line ToolsDavid McGeough
 
第2回 The Things Network(TTN)勉強会」 @柏の葉  オープンウェーブ尾鷲さん説明資料
第2回 The Things Network(TTN)勉強会」 @柏の葉  オープンウェーブ尾鷲さん説明資料第2回 The Things Network(TTN)勉強会」 @柏の葉  オープンウェーブ尾鷲さん説明資料
第2回 The Things Network(TTN)勉強会」 @柏の葉  オープンウェーブ尾鷲さん説明資料CRI Japan, Inc.
 
OpenStack マルチノード環境構築
OpenStack マルチノード環境構築OpenStack マルチノード環境構築
OpenStack マルチノード環境構築HommasSlide
 
Chassis Cluster Configuration
Chassis Cluster ConfigurationChassis Cluster Configuration
Chassis Cluster ConfigurationKashif Latif
 

What's hot (20)

Cisco CCNA Data Center Networking Fundamentals
Cisco CCNA Data Center Networking FundamentalsCisco CCNA Data Center Networking Fundamentals
Cisco CCNA Data Center Networking Fundamentals
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
 
Session 1
Session 1Session 1
Session 1
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRouting
 
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGate
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGatePLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGate
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGate
 
Junos vs ios Troubleshooting comands
Junos vs ios Troubleshooting comands Junos vs ios Troubleshooting comands
Junos vs ios Troubleshooting comands
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseSite-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
 
Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...
 
Garantindo a qualidade da sua API REST com Behave
Garantindo a qualidade da sua API REST com BehaveGarantindo a qualidade da sua API REST com Behave
Garantindo a qualidade da sua API REST com Behave
 
Policy Based Routing (PBR)
Policy Based Routing (PBR)Policy Based Routing (PBR)
Policy Based Routing (PBR)
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
 
Dhcpv6
Dhcpv6Dhcpv6
Dhcpv6
 
Brkdct 3101
Brkdct 3101Brkdct 3101
Brkdct 3101
 
Carrier Ethernet
Carrier EthernetCarrier Ethernet
Carrier Ethernet
 
FCスイッチISL 追加削除時の考慮点
FCスイッチISL 追加削除時の考慮点FCスイッチISL 追加削除時の考慮点
FCスイッチISL 追加削除時の考慮点
 
RENAT - ネットワーク検証自動化
RENAT - ネットワーク検証自動化RENAT - ネットワーク検証自動化
RENAT - ネットワーク検証自動化
 
In-depth Troubleshooting on NetScaler using Command Line Tools
In-depth Troubleshooting on NetScaler using Command Line ToolsIn-depth Troubleshooting on NetScaler using Command Line Tools
In-depth Troubleshooting on NetScaler using Command Line Tools
 
第2回 The Things Network(TTN)勉強会」 @柏の葉  オープンウェーブ尾鷲さん説明資料
第2回 The Things Network(TTN)勉強会」 @柏の葉  オープンウェーブ尾鷲さん説明資料第2回 The Things Network(TTN)勉強会」 @柏の葉  オープンウェーブ尾鷲さん説明資料
第2回 The Things Network(TTN)勉強会」 @柏の葉  オープンウェーブ尾鷲さん説明資料
 
OpenStack マルチノード環境構築
OpenStack マルチノード環境構築OpenStack マルチノード環境構築
OpenStack マルチノード環境構築
 
Chassis Cluster Configuration
Chassis Cluster ConfigurationChassis Cluster Configuration
Chassis Cluster Configuration
 

Viewers also liked (20)

Session 3
Session 3Session 3
Session 3
 
Junos space seminar
Junos space seminarJunos space seminar
Junos space seminar
 
Junos commands
Junos commandsJunos commands
Junos commands
 
Juniper Platform Overview
Juniper Platform OverviewJuniper Platform Overview
Juniper Platform Overview
 
SSL/TLS : Faille Heartbleed
SSL/TLS : Faille HeartbleedSSL/TLS : Faille Heartbleed
SSL/TLS : Faille Heartbleed
 
Authentification des protocoles de routage
Authentification des protocoles de routageAuthentification des protocoles de routage
Authentification des protocoles de routage
 
IPv6
IPv6IPv6
IPv6
 
EtherChannel
EtherChannelEtherChannel
EtherChannel
 
Services IP
Services IPServices IP
Services IP
 
Virtuals LAN
Virtuals LANVirtuals LAN
Virtuals LAN
 
Protocole OSPF
Protocole OSPFProtocole OSPF
Protocole OSPF
 
Protocole IKE/IPsec
Protocole IKE/IPsecProtocole IKE/IPsec
Protocole IKE/IPsec
 
Protocoles SSL/TLS
Protocoles SSL/TLSProtocoles SSL/TLS
Protocoles SSL/TLS
 
JunOS - Fondamentaux
JunOS - FondamentauxJunOS - Fondamentaux
JunOS - Fondamentaux
 
OSPF Basics
OSPF BasicsOSPF Basics
OSPF Basics
 
Cisco ospf
Cisco ospf Cisco ospf
Cisco ospf
 
Ospf.ppt
Ospf.pptOspf.ppt
Ospf.ppt
 
Juniper SRX
Juniper SRX Juniper SRX
Juniper SRX
 
Cisco ASA
Cisco ASACisco ASA
Cisco ASA
 
Protocole EIGRP
Protocole EIGRPProtocole EIGRP
Protocole EIGRP
 

Similar to Zenith Networks: Jump Start JUNOS

Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Yongyoon Shin
 
SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspeChris Westin
 
Initial Configuration of Router
Initial Configuration of RouterInitial Configuration of Router
Initial Configuration of RouterKishore Kumar
 
Initial Configuration of Router
Initial Configuration of RouterInitial Configuration of Router
Initial Configuration of RouterKishore Kumar
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Joel W. King
 
Hardware accelerated switching with Linux @ SWLUG Talks May 2014
Hardware accelerated switching with Linux @ SWLUG Talks May 2014Hardware accelerated switching with Linux @ SWLUG Talks May 2014
Hardware accelerated switching with Linux @ SWLUG Talks May 2014Nat Morris
 
Splunk app for stream
Splunk app for stream Splunk app for stream
Splunk app for stream csching
 
Technical Overview of QUIC
Technical  Overview of QUICTechnical  Overview of QUIC
Technical Overview of QUICshigeki_ohtsu
 
Better Network Management Through Network Programmability
Better Network Management Through Network ProgrammabilityBetter Network Management Through Network Programmability
Better Network Management Through Network ProgrammabilityCisco Canada
 
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...Marco Balduzzi
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Puppet
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & TroubleshootingAPNIC
 
Track c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -eveTrack c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -evechiportal
 
[Webinar Slides] Programming the Network Dataplane in P4
[Webinar Slides] Programming the Network Dataplane in P4[Webinar Slides] Programming the Network Dataplane in P4
[Webinar Slides] Programming the Network Dataplane in P4Open Networking Summits
 
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...abdenour boussioud
 
Handy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemHandy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemSneha Inguva
 

Similar to Zenith Networks: Jump Start JUNOS (20)

Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1
 
SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspe
 
Ccna Imp Guide
Ccna Imp GuideCcna Imp Guide
Ccna Imp Guide
 
Networking
NetworkingNetworking
Networking
 
Initial Configuration of Router
Initial Configuration of RouterInitial Configuration of Router
Initial Configuration of Router
 
Initial Configuration of Router
Initial Configuration of RouterInitial Configuration of Router
Initial Configuration of Router
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1
 
Hardware accelerated switching with Linux @ SWLUG Talks May 2014
Hardware accelerated switching with Linux @ SWLUG Talks May 2014Hardware accelerated switching with Linux @ SWLUG Talks May 2014
Hardware accelerated switching with Linux @ SWLUG Talks May 2014
 
Splunk app for stream
Splunk app for stream Splunk app for stream
Splunk app for stream
 
Technical Overview of QUIC
Technical  Overview of QUICTechnical  Overview of QUIC
Technical Overview of QUIC
 
Better Network Management Through Network Programmability
Better Network Management Through Network ProgrammabilityBetter Network Management Through Network Programmability
Better Network Management Through Network Programmability
 
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
 
Using Netconf/Yang with OpenDalight
Using Netconf/Yang with OpenDalightUsing Netconf/Yang with OpenDalight
Using Netconf/Yang with OpenDalight
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & Troubleshooting
 
Track c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -eveTrack c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -eve
 
[Webinar Slides] Programming the Network Dataplane in P4
[Webinar Slides] Programming the Network Dataplane in P4[Webinar Slides] Programming the Network Dataplane in P4
[Webinar Slides] Programming the Network Dataplane in P4
 
SDN approach.pptx
SDN approach.pptxSDN approach.pptx
SDN approach.pptx
 
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
 
Handy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemHandy Networking Tools and How to Use Them
Handy Networking Tools and How to Use Them
 

Recently uploaded

How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 

Recently uploaded (20)

How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 

Zenith Networks: Jump Start JUNOS

  • 2. Introduction…. Doug Marschke, Zenith Networks Copyright 2012 (c) www.zenithnetworks.com 2 Module 1
  • 3.  Partner of Juniper Networks  HQ Philadelphia, PA  27 Years Network Integration Services  12 Years Education Services  LAN / WAN Configuration and Design  Routing, Switching and Security  JNCIA, JNCIS-ENT, JNCI-ENT  www.zenithnetworks.com Copyright 2012 (c) www.zenithnetworks.com 3
  • 4. Founded 1996 HQ Sunnyvale, CA Employees 9,400 + 46 countries 2011, 2012, 2013 & 2104 Worlds Most Ethical Company Award!! Connect Everything…. Empower Everyone! Routing, Switching, Security www.juniper.net Copyright 2012 (c) www.zenithnetworks.com 4
  • 6. Access to view the Slides……”Learning Academy”  http://www.zenithnetworks.com/education Copyright 2012 (c) www.zenithnetworks.com 6
  • 8. End of Introduction Copyright 2012 (c) www.zenithnetworks.com 8
  • 10.  Routers, Switches and SRX Firewalls….  Thought process… efficiency and stability.  Let’s check it out!! 10 Copyright 2012 (c) www.zenithnetworks.com
  • 11. Routing Engine Control Plane Packet Forwarding Engine Forwarding Plane 11 Copyright 2012 (c) www.zenithnetworks.com
  • 12.  Control plane: is where routing engine resides.  Routing Engine: brains of the device.  JUNOS runs here…. CLI….  Chassis control….  OSPF – BGP – STP – SNMP….  Routing and Switching tables. 12 Copyright 2012 (c) www.zenithnetworks.com Control Plane
  • 13.  Packet Forwarding  Engine Packet Forwarding Engine…. Very efficiently processes packets Receives copies of route/switch table from RE Some intelligence…QOS…error reporting Multiple PFE’s per device (ex4200-48….. 3 pfe’s) 13 Copyright 2012 (c) www.zenithnetworks.com Packets IN Packets OUT Forwarding Plane
  • 14. root@HQ> show pfe statistics bridge Slot 0 PFE: 0 1 ( ex4200-24 has two pfe’s… copper and uplink ) --------------------------------------------------------------------- ---- Ingress Counters ---- -- Set0 -- Received: 0 4 VLAN Filtered: 0 0 Security Filtered: 0 0 Other Discards: 0 0 -- Set1 -- Received: 0 4 VLAN Filtered: 0 0 Security Filtered: 0 0 Other Discards: 0 0 14 Copyright 2012 (c) www.zenithnetworks.com
  • 15. root@HQ> show pfe statistics bridge Slot 0 PFE: 0 1 ( ex4200-24 has two pfe’s… copper and uplink ) --------------------------------------------------------------------- ---- Egress Counters ---- -- Set0 -- Unicast: 0 0 Multicast: 0 0 Broadcast: 0 0 Egress Filtered: 0 0 Congestion Filtered: 0 0 Control Packets: 0 74 -- Set1 -- Unicast: 0 0 Multicast: 0 0 Broadcast: 0 0 Egress Filtered: 0 0 Congestion Filtered: 0 0 Control Packets: 0 74 15 Copyright 2012 (c) www.zenithnetworks.com
  • 16. root@HQ> show pfe statistics bridge Slot 0 PFE: 0 1 ( ex4200-24 has two pfe’s… copper and uplink ) --------------------------------------------------------------------- ---- General Counters ---- Drop Mode: 0 0 Drop Count: 0 2 Src Not Learnt: 0 0 16 Copyright 2012 (c) www.zenithnetworks.com
  • 17.  Efficiency….  Multiple PFE’s  Move data at high rates  Routers, Switches, Firewalls  Stability….  System instabilities do not necessarily impact the other plane  DOS on the PFE…. Control Plane is protected via filtering and / or rate limiting!!  Protocol reset ( OPSF )  Reset RPD on the control plane… rely on existing PFE based copy  Traffic continues to flow 17 Copyright 2012 (c) www.zenithnetworks.com
  • 18. Operating System for… Routers Switches Firewalls One OS… Single Release Train…Modular… Kernel: Based on Free BSD UNIX OS No special or customer-specific builds http://www.juniper.net/assets/us/en/local/pdf/whitepapers/2000264-en.pdf 18 Copyright 2012 (c) www.zenithnetworks.com
  • 19.  Modular Design: Stability….. Flexibility  Built based on single-source code Strict development process… Released quarterly… No special customer builds… Features roll-up…. Not out… Fairly easy to select your code… BGP for ISP is same BGP for Enterprise 19 Copyright 2012 (c) www.zenithnetworks.com
  • 20.  Modular  Daemons/Processes run in own protected memory  Designed to eliminate run-away process from crashing system  Load / Reset individual daemons/processes  If need be… improved fault isolation 20 Copyright 2012 (c) www.zenithnetworks.com Kernel Protocol Security Chassis Management
  • 22. Out-of-Band: Dedicated Management Ethernet Interface ( me0 ) root@HQ# set interfaces me0 unit 0 family inet address 192.168.1.1/24 [edit] root@HQ# show interfaces me0 unit 0 { family inet { address 192.168.1.1/24; } } Console Port Web Interface HTTP or HTTPS Copyright 2012 (c) www.zenithnetworks.com 22
  • 23. Initial login login: root Password: --- JUNOS 12.3R6.6 built 2014-03-13 06:58:47 UTC root@HQ:RE:0% Operation Mode root@HQ:RE:0% cli root@HQ> Configure Mode root@HQ> configure Entering configuration mode [edit] root@HQ# Copyright 2012 (c) www.zenithnetworks.com 23
  • 24.  Operational Mode ( OP Mode )  Show commands ( route tables, interface stats…)  Request…. Clear… (upgrade, reboot, interface stats)  Troubleshooting ( ping, traceroute…)  Very powerful…. Brief to Extensive Output  Easy to use!  Configuration Mode  Configuration changes  Candidate Configuration ( Sandbox )  Can also run OP commands 24 Copyright 2012 (c) www.zenithnetworks.com
  • 25. root@HQ> ? Possible completions: clear Clear information in the system configure Manipulate software configuration information file Perform file operations help Provide help information load Load information from file monitor Show real-time debugging information mtrace Trace multicast path from source to receiver op Invoke an operation script ping Ping remote target quit Exit the management session request Make system-level requests restart Restart software process save Save information to file set Set CLI properties, date/time, craft interface message show Show system information ssh Start secure shell on another host {master:0} root> Copyright 2012 (c) www.zenithnetworks.com 25
  • 26. root@HQ> show ? Possible completions: accounting Show accounting profiles and records analyzer Show analyzer information arp Show system Address Resolution Protocol table entries as-path Show table of known autonomous system paths authentication-whitelist Show 802.1X White List MAC addresses bfd Show Bidirectional Forwarding Detection information bgp Show Border Gateway Protocol information captive-portal Show captive portal information chassis Show chassis information class-of-service Show class-of-service (CoS) information cli Show command-line interface settings configuration Show current configuration connections Show circuit cross-connect connections dhcp Show Dynamic Host Configuration Protocol information diagnostics Show diagnostics information diameter Show diameter information dot1x Show 802.1X information esis Show end system-to-intermediate system information ethernet-switching Show Ethernet-switching information event-options Show event-options information firewall Show firewall information 26 Copyright 2012 (c) www.zenithnetworks.com
  • 27. root@HQ> show ethernet-switching ? Possible completions: interfaces Display Ethernet-switching interface information layer2-protocol-tunneling Show Layer2 protocol tunneling information mac-learning-log Show MAC address learning log mac-notification Display MAC notification information next-hops Show next hop information statistics Show media access control statistics table Show media access control table 27 Copyright 2012 (c) www.zenithnetworks.com
  • 28. root@HQ> ping ? Possible completions: <host> Hostname or IP address of remote host bypass-routing Bypass routing table, use specified interface count Number of ping requests to send (1..2000000000 packets) detail Display incoming interface of received packet do-not-fragment Don't fragment echo request packets (IPv4) ethernet Ping to an ethernet host by unicast mac address inet Force ping to IPv4 destination inet6 Force ping to IPv6 destination interface Source interface (multicast, all-ones, unrouted packets) interval Delay between ping requests (seconds) + loose-source Intermediate loose source route entry (IPv4) mpls Ping label-switched path no-resolve Don't attempt to print addresses symbolically pattern Hexadecimal fill pattern rapid Send requests rapidly (default count of 5) record-route Record and report packet's path (IPv4) routing-instance Routing instance for ping attempt size Size of request packets (0..65468 bytes) source Source address of echo request Copyright 2012 (c) www.zenithnetworks.com 28
  • 29. Ping forever!! root@HQ> ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1): 56 data bytes 64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=1.044 ms 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=2.611 ms 64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=3.880 ms 64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=3.549 ms 64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=1.029 ms 64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=1.035 ms ^C --- 192.168.1.1 ping statistics --- 6 packets transmitted, 6 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.029/2.191/3.880/1.216 ms Copyright 2012 (c) www.zenithnetworks.com 29
  • 30. Ping – Round Trip and Count root@HQ> ping 192.168.1.2 count 3 PING 192.168.1.2 (192.168.1.2): 56 data bytes 64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.150 ms 64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.109 ms 64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.207 ms --- 192.168.1.2 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.109/0.155/0.207/0.040 ms Copyright 2012 (c) www.zenithnetworks.com 30
  • 31. Ping – No roundtrip….. count root@HQ> ping 192.168.1.1 rapid count 3 PING 192.168.1.1 (192.168.1.1): 56 data bytes !!! --- 192.168.1.1 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.931/2.921/4.070/1.413 ms Copyright 2012 (c) www.zenithnetworks.com 31
  • 32. Ping – destination… specify source…. count root@HQ> ping 172.16.20.1 source 172.16.25.1 count 4 PING 172.16.20.1 (172.16.20.1): 56 data bytes 64 bytes from 172.16.20.1: icmp_seq=0 ttl=64 time=1.920 ms 64 bytes from 172.16.20.1: icmp_seq=1 ttl=64 time=4.375 ms 64 bytes from 172.16.20.1: icmp_seq=2 ttl=64 time=6.236 ms 64 bytes from 172.16.20.1: icmp_seq=3 ttl=64 time=1.068 ms --- 172.16.20.1 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.068/3.400/6.236/2.039 ms Copyright 2012 (c) www.zenithnetworks.com 32
  • 33. root@HQ> show route inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 172.16.20.0/24 *[OSPF/10] 00:08:05, metric 2 > to 192.168.1.1 via ge-0/0/0.0 172.16.25.0/24 *[Direct/0] 00:09:13 > via ge-0/0/23.0 172.16.25.1/32 *[Local/0] 00:24:12 Local via ge-0/0/23.0 172.16.26.0/24 *[Direct/0] 00:09:17 > via ge-0/0/22.0 172.16.26.1/32 *[Local/0] 00:24:12 Local via ge-0/0/22.0 172.16.30.0/24 *[OSPF/10] 00:08:21, metric 2 > to 192.168.1.1 via ge-0/0/0.0 Local via ge-0/0/0.0 Copyright 2012 (c) www.zenithnetworks.com 33
  • 34. root@HQ> show route protocol ospf inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 172.16.20.0/24 *[OSPF/10] 00:08:55, metric 2 > to 192.168.1.1 via ge-0/0/0.0 172.16.30.0/24 *[OSPF/10] 00:09:11, metric 2 > to 192.168.1.1 via ge-0/0/0.0 224.0.0.5/32 *[OSPF/10] 00:25:03, metric 1 MultiRecv Copyright 2012 (c) www.zenithnetworks.com 34
  • 35. root@HQ> show interfaces ge-0/0/0 ? Possible completions: <[Enter]> Execute this command brief Display brief output descriptions Display interface description strings detail Display detailed output extensive Display extensive output media Display media information routing-instance Name of routing instance snmp-index SNMP index of interface statistics Display statistics and detailed output terse Display terse output | Pipe through a command Copyright 2012 (c) www.zenithnetworks.com 35
  • 36. root@HQ> show interfaces ge-0/0/0 terse Interface Admin Link Proto Local Remote ge-0/0/0 up up ge-0/0/0.0 up up inet 172.16.20.1/24 root@HQ> show interfaces ge-0/0/0 brief Physical interface: ge-0/0/0, Enabled, Physical link is Up Link-level type: Ethernet, MTU: 1514, Speed: Auto, Duplex: Auto, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x0 Link flags : None Logical interface ge-0/0/0.0 Flags: SNMP-Traps 0x0 Encapsulation: ENET2 inet 172.16.20.1/24 Copyright 2012 (c) www.zenithnetworks.com 36
  • 37. root@HQ> show interfaces ge-0/0/0 detail Physical interface: ge-0/0/0, Enabled, Physical link is Up Interface index: 130, SNMP ifIndex: 504, Generation: 133 Link-level type: Ethernet, MTU: 1514, Speed: Auto, Duplex: Auto, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x0 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Hold-times : Up 0 ms, Down 0 ms Current address: 28:c0:da:2a:2f:c0, Hardware address: 28:c0:da:2a:2f:c0 Last flapped : 2010-08-14 01:29:09 UTC (00:08:44 ago) Statistics last cleared: Never Traffic statistics: Input bytes : 11290 0 bps Output bytes : 11122 680 bps Input packets: 102 0 pps Output packets: 101 0 pps IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Egress queues: 8 supported, 4 in use Queue counters: Queued packets Transmitted packets Dropped packets 0 best-effort 0 3 0 1 assured-forw 0 0 0 5 expedited-fo 0 0 0 7 network-cont 0 98 0 Active alarms : None Active defects : None 37 Copyright 2012 (c) www.zenithnetworks.com
  • 38. root@HQ> monitor interface ge-0/0/0 Seconds: 188 Time: 14:31:05 Delay: 0/0/20 Interface: ge-0/0/0, Enabled, Link is Up Encapsulation: Ethernet, Speed: 1000mbps Traffic statistics: Current delta Input bytes: 65730 (816 bps) [17412] Output bytes: 65601 (816 bps) [17400] Input packets: 374 (1 pps) [163] Output packets: 376 (1 pps) [163] Error statistics: Input errors: 0 [0] Input drops: 0 [0] Input framing errors: 0 [0] Policed discards: 0 [0] L3 incompletes: 0 [0] L2 channel errors: 0 [0] L2 mismatch timeouts: 0 Carrier transition [0] Next='n', Quit='q' or ESC, Freeze='f', Thaw='t', Clear='c', Interface='i' Copyright 2012 (c) www.zenithnetworks.com 38
  • 39. root@HQ> request system software ? Possible completions: add Add extension or upgrade package delete Remove extension or upgrade package nonstop-upgrade Nonstop software upgrade rollback Attempt to roll back to previous set of packages validate Verify package compatibility with current configuration ------------------------------------------------------------------------------------------------------------- root@HQ> request system software add ? Possible completions: <package-name> URL or pathname of package best-effort-load Load succeeds if at least one statement is valid delay-restart Don't restart processes force Force addition of package (ignore warnings) member Install package on VC Member (0..9) no-copy Don't save copies of package files no-validate Don't check compatibility with current configuration reboot Reboot system after adding package Copyright 2012 (c) www.zenithnetworks.com 39
  • 40. root@HQ> help ? Possible completions: <[Enter]> Execute this command apropos Find help information about a topic reference Reference material syslog System log error messages tip Tip for the day topic Help for high level topics | Pipe through a command Copyright 2012 (c) www.zenithnetworks.com 40
  • 41. root@HQ> help topic ? Possible completions: access accounting-options amt ancp applications bfd bgp bridge-domains chassis class-of-service connections …….. …….. Copyright 2012 (c) www.zenithnetworks.com 41
  • 42. root@HQ> help topic ospf area-backbone Configuring the Backbone Area You must create a backbone area if your network consists of multiple areas. An ABR must have at least one interface in the backbone area, or it must have a virtual link to a router in the backbone area. The backbone comprises all area border routers and all routers that are not included in any other area. You configure all these routers by including the area 0.0.0.0 statement: (ospf | ospf3) { area 0.0.0.0; } Copyright 2012 (c) www.zenithnetworks.com 42
  • 43. root@HQ> help reference ? Possible completions: access accounting-options ancp applications bfd bgp bridge-domains chassis class-of-service connections ……. ……. Copyright 2012 (c) www.zenithnetworks.com 43
  • 44. root@HQ> help reference system syslog syslog Syntax syslog { archive { files number; size maximum-file-size; start-time "YYYY-MM-DD.hh:mm"; transfer-interval minutes; (world-readable | no-world-readable); } console { facility severity; Copyright 2012 (c) www.zenithnetworks.com 44
  • 45.  Structured Configuration  Creates an intuitive learning environment  Navigate and Set Configuration Parameters OR….  Configure parameters from the very top-level 45 Copyright 2012 (c) www.zenithnetworks.com
  • 46. Copyright 2012 (c) www.zenithnetworks.com 46 EDIT Chassis Ethernet-Switching-Options Interfaces Protocols BPDU-Block Mac-notification Secure-access-port DHCP-Snooping-File Interface VLAN _______________________________________________________________________ __________________________________________________________________ ____________________________________________________________ Structured Configuration Tree _________________________ ge-0/0/0 ge-0/0/1
  • 47.  Edit (navigate hierarchy / change directory)  Up  Up 2  Top  Exit  Set (turn-on a parameter)  Delete (undo parameter)  Deactivate (turn-off) 47 Copyright 2012 (c) www.zenithnetworks.com
  • 48. root@HQ> configure Entering configuration mode [edit] root@HQ# Copyright 2012 (c) www.zenithnetworks.com 48
  • 49. root@HQ# show ## Last changed: 2010-08-14 00:09:54 UTC version 10.3R1.9; system { root-authentication { encrypted-password "$1$4vi5gL/q$8E6fwTWL/g2YPj3VrLOnj1"; ## SECRET-DATA } syslog { user * { any emergency; } } interfaces { ge-0/0/0 { unit 0 { family inet { address 192.168.1.2/24; } } } ge-0/0/1 { unit 0 { family ethernet-switching; Copyright 2012 (c) www.zenithnetworks.com 49
  • 50. protocols { ospf { area 0.0.0.0 { interface ge-0/0/0.0; interface ge-0/0/23.0 { passive; metric 30; } interface ge-0/0/22.0 { metric 100; } } } igmp-snooping { vlan all; } Copyright 2012 (c) www.zenithnetworks.com 50
  • 51. rstp; lldp { interface all; } lldp-med { interface all; } } ethernet-switching-options { storm-control { interface all; } } vlans { accounting { vlan-id 100; } engineering { vlan-id 200; } } Copyright 2012 (c) www.zenithnetworks.com 51
  • 52. [edit protocols ospf] root@HQ# show area 0.0.0.0 { interface ge-0/0/0.0; interface ge-0/0/23.0 { passive; metric 30; } interface ge-0/0/22.0 { metric 100; } } Copyright 2012 (c) www.zenithnetworks.com 52
  • 53. [edit] root@HQ# show protocols ospf area 0.0.0.0 { interface ge-0/0/0.0; interface ge-0/0/23.0 { passive; metric 30; } interface ge-0/0/22.0 { metric 100; } } Copyright 2012 (c) www.zenithnetworks.com 53
  • 54. [edit] root@HQ# show | display set set system root-authentication encrypted-password "$1$4vi5gL/q$8E6fwTWL/g2YPj3VrLOnj1" set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.2/24 set interfaces ge-0/0/22 unit 0 family inet address 172.16.26.1/24 set interfaces ge-0/0/23 unit 0 family inet address 172.16.25.1/24 set interfaces ge-0/1/0 unit 0 family ethernet-switching set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 set protocols ospf area 0.0.0.0 interface ge-0/0/23.0 passive set protocols ospf area 0.0.0.0 interface ge-0/0/23.0 metric 30 set protocols ospf area 0.0.0.0 interface ge-0/0/22.0 metric 100 set protocols igmp-snooping vlan all set protocols rstp [edit] root@HQ# Copyright 2012 (c) www.zenithnetworks.com 54
  • 55.  The candidate configuration is your BIG TIME friend!!  Will make your professional life a little less stressful  “Sandbox”….. No fear!....  Other manufacturers… you work in RAM… beware!  Candidate is a copy of the active configuration  We make changes to the candidate  When ready….. Commit the candidate to become active configuration  Let’s take a look…. 55 Copyright 2012 (c) www.zenithnetworks.com
  • 57. When we enter config mode, the active config is copied to candidate root@HQ> configure Entering configuration mode [edit] root@HQ# Candidate Config RAM Active Configuration 0 57 Copyright 2012 (c) www.zenithnetworks.com Protocols ospf area 0.0.0.0 interface ge-0/0/0 Protocols ospf area 0.0.0.0 Interface ge-0/0/0
  • 58. Changes are made to the “sandbox” candidate configuration Candidate Config RAM Active Configuration 0 58 Copyright 2012 (c) www.zenithnetworks.com Protocols ospf area 0.0.0.0 interface ge-0/0/0 Protocols ospf area 0.0.0.0 Interface ge-0/0/0 VLAN Accounting VLAN-ID 10
  • 59. We “commit” a configuration to write to RAM and local file system. Candidate Config RAM Active Configuration 0 59 Copyright 2012 (c) www.zenithnetworks.com Protocols ospf area 0.0.0.0 interface ge-0/0/0 Protocols ospf area 0.0.0.0 Interface ge-0/0/0 VLAN Accounting VLAN-ID 10 VLAN Accounting VLAN-ID 10
  • 60. Multiple commit options….  Commit  Commit check  Commit confirmed  Commit at  Commit and-quit Copyright 2012 (c) www.zenithnetworks.com 60
  • 61. Set IP Address to Physical Interface  Navigate…. root@HQ# edit interfaces ge-0/0/0 unit 0 [edit interfaces ge-0/0/0 unit 0] root@HQ# set family inet address 192.168.1.1/24 OR!!!  Set from top level of configuration hierarchy [edit] root@HQ# set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24 61 Copyright 2012 (c) www.zenithnetworks.com
  • 62. Place interface into OSPF area  Navigate…. root@HQ# edit protocols ospf [edit protocols ospf] root@HQ# set area 5 interface ge-0/0/0.0 OR!!  Set from top level of configuration hierarchy [edit] root@HQ# set protocols ospf area 5 interface ge-0/0/0.0 62 Copyright 2012 (c) www.zenithnetworks.com
  • 64.  Interface Configuration (unit and family)  Let’s go!!! 64 Copyright 2012 (c) www.zenithnetworks.com
  • 65. Interface Parameters:  Physical  ( speed / duplex )  Logical  ( ipv4, ipv6, mpls, ethernet-switching…. ) 65 Copyright 2012 (c) www.zenithnetworks.com
  • 66. ge-0/0/18 { ether-options { no-auto-negotiation; flow-control; link-mode full-duplex; speed { 100m; ================================================================== [edit] root@HQ# set interfaces ge-0/0/18 ether-options no-auto-negotiation [edit] root@HQ# set interfaces ge-0/0/18 ether-options flow-control [edit] root@HQ# set interfaces ge-0/0/18 ether-options speed 1g [edit] root@HQ# set interfaces ge-0/0/18 ether-options link-mode full-duplex 66 Copyright 2012 (c) www.zenithnetworks.com
  • 67. [edit] root@HQ# set interfaces interface-range NEW-USERS member-range ge-0/0/10 to ge-0/0/15 [edit] root@HQ# set interfaces interface-range NEW-USERS ether-options speed 1g [edit] root@HQ# set interfaces interface-range NEW-USERS ether-options link-mode full-duplex 67 Copyright 2012 (c) www.zenithnetworks.com
  • 68. ge-0/0/1 { unit 0 { family ethernet-switching; } } ge-0/0/2 { unit 0 { family ethernet-switching; 68 Copyright 2012 (c) www.zenithnetworks.com
  • 69.  Unit 0  All interfaces…. except for Tagged interface and L3 VLAN.  Assign logical parameters under unit 0  Not a sub-interface… but a placeholder for logical parameters  If tagged interface… multiple units per interface 69 Copyright 2012 (c) www.zenithnetworks.com
  • 70. Multiple families of protocols inet – IPv4 inet6 – IPv6 Ethernet-Switching --------------------------------------------------------------------------------------------- [edit interfaces ge-0/0/12 unit 0] root@HQ# set family inet address 192.168.50.1/24 [edit interfaces ge-0/0/12 unit 0] root@HQ# set family inet6 address 2001::1/64 Resulting configuration…….. 70 Copyright 2012 (c) www.zenithnetworks.com
  • 71. [edit interfaces ge-0/0/12 unit 0] root@HQ# show family inet { address 192.168.50.1/24; } family inet6 { address 2001::1/64; } 71 Copyright 2012 (c) www.zenithnetworks.com
  • 72. [edit interfaces ge-0/0/3 unit 0] root@HQ# set family inet address 192.168.12.1/24 [edit interfaces ge-0/0/3 unit 0] root@HQ# set family inet address 192.168.13.1/24 [edit interfaces ge-0/0/3 unit 0] root@HQ# set family inet address 192.168.14.1/24 ------------------------------------------------------------------------------------------- [edit interfaces ge-0/0/3 unit 0] root@HQ# show family inet { address 192.168.12.1/24; address 192.168.13.1/24; address 192.168.14.1/24; } 72 Copyright 2012 (c) www.zenithnetworks.com
  • 73. [edit interfaces ge-0/0/5] root@HQ# show vlan-tagging; unit 100 { vlan-id 100; family inet { address 192.168.30.1/24; } } unit 200 { vlan-id 200; family inet { address 192.168.40.1/24; } } 73 Copyright 2012 (c) www.zenithnetworks.com
  • 74. [edit vlans] root@HQ# set accounting vlan-id 100 [edit vlans] root@HQ# set engineering vlan-id 200 ----------------------------------------------------------------------------------- [edit vlans] root@HQ# show accounting { vlan-id 100; } engineering { vlan-id 200; } 74 Copyright 2012 (c) www.zenithnetworks.com
  • 75. [edit vlans] root@HQ# set accounting interface ge-0/0/5 [edit vlans] root@HQ# set accounting interface ge-0/0/6 [edit vlans] root@HQ# set engineering interface ge-0/0/7 [edit vlans] root@HQ# show accounting { vlan-id 100; interface { ge-0/0/5.0; ge-0/0/6.0; } engineering { vlan-id 200; interface { ge-0/0/7.0; 75 Copyright 2012 (c) www.zenithnetworks.com
  • 76. From the interface level…. [edit] root@HQ# set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan accounting [edit] root@HQ# set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan accounting [edit] root@HQ# set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan engineering 76 Copyright 2012 (c) www.zenithnetworks.com
  • 77. root@HQ# show interfaces ge-0/0/9 { unit 0 { family ethernet-switching { vlan { members accounting; } ge-0/0/10 { unit 0 { family ethernet-switching { vlan { members accounting; } ge-0/0/11 { unit 0 { family ethernet-switching { vlan { members engineering; } 77 Copyright 2012 (c) www.zenithnetworks.com
  • 78. [edit interfaces ge-0/0/20 unit 0 family ethernet-switching] root@HQ# set port-mode trunk [edit interfaces ge-0/0/20 unit 0 family ethernet-switching] root@HQ# set vlan members [ accounting engineering ] [edit interfaces ge-0/0/20] root@HQ# show unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ accounting engineering ]; 78 Copyright 2012 (c) www.zenithnetworks.com
  • 79. root@HQ# set system services ? Possible completions: <[Enter]> Execute this command + apply-groups Groups from which to inherit configuration data + apply-groups-except Don't inherit configuration data from these groups > database-replication Database replication configuration > dhcp Configure DHCP server > dhcp-local-server Dynamic Host Configuration Protocol server configuration > finger Allow finger requests from remote systems > ftp Allow FTP file transfers > netconf Allow NETCONF connections > outbound-ssh Initiate outbound SSH connection > service-deployment Configuration for Service Deployment (SDXD) management application > ssh Allow ssh access > subscriber-management Subscriber management configuration > telnet Allow telnet login > tftp-server Allow TFTP file transfers in default routing instance > web-management Web management configuration > xnm-clear-text Allow clear text-based JUNOScript connections > xnm-ssl Allow SSL-based JUNOScript connections | Pipe through a command Copyright 2012 (c) www.zenithnetworks.com 79
  • 80. root@HQ# set system services web-management ? Possible completions: + apply-groups Groups from which to inherit configuration data + apply-groups-except Don't inherit configuration data from these groups > control Control of the web management process > http Unencrypted HTTP connection settings > https Encrypted HTTPS connections management-url URL path for web management access > session Session parameters Copyright 2012 (c) www.zenithnetworks.com 80
  • 81. [edit] root@HQ# set system ntp server 1.1.1.1 ? Possible completions: <[Enter]> Execute this command key Authentication key prefer Prefer this peer_serv version NTP version to use (1..4) | Pipe through a command ============================================================================ [edit] root@HQ# set system time-zone ? Possible completions: <time-zone> Time zone name or POSIX-compliant time zone string America/Montreal America/Montserrat America/Nassau America/New_York 81 Copyright 2012 (c) www.zenithnetworks.com
  • 82. End of JUNOS Spin! Copyright 2012 (c) www.zenithnetworks.com 82
  • 84.  Commit Options  Rollback  Rename…. replace  Copy  Deactivate  Show | “pipe” Copyright 2012 (c) www.zenithnetworks.com 84
  • 85.  Commit  Commit check  Commit confirmed  Commit at  Commit and-quit Copyright 2012 (c) www.zenithnetworks.com 85
  • 86.  When making configuration changes… we live in candidate  At some point we would commit to activate  If succeed… activate… if trouble… report… do not activate [edit] root@HQ# set system host-name Jump-Start [edit] root@HQ# commit configuration check succeeds commit complete [edit] root@Jump-Start# Copyright 2012 (c) www.zenithnetworks.com 86
  • 87.  Only Checks the validity of the syntax  If good… confirmation message  If NOT good… error message  Will never activate… until commit root@Jump-Start# set system host-name Friday [edit] root@Jump-Start# commit check configuration check succeeds [edit] root@Jump-Start# Copyright 2012 (c) www.zenithnetworks.com 87
  • 88.  Build your configuration in advance of cut-over!!  Commit Check!!! (syntax verification) All good... Then… deactivate config statements and commit. or Save to local file system…. Rollback 0 to reset candidate Copyright 2012 (c) www.zenithnetworks.com 88
  • 89. root@HQ# set protocols ospf area 30 interface ge-0/0/0 [edit] root@HQ# show protocols ospf area 0.0.0.30 { interface ge-0/0/0.0; } [edit] root@HQ# deactivate protocols ospf area 30 interface ge-0/0/0 [edit] root@HQ# show protocols ospf area 0.0.0.30 { inactive: interface ge-0/0/0.0; } Copyright 2012 (c) www.zenithnetworks.com 89
  • 90. Save candidate configuration to local file system… [edit] root@HQ# save new-ospf-config-file [edit] root@HQ# rollback 0 (reset candidate to that of what is in RAM) load complete When ready… Load previously saved configuration file into the candidate root@HQ# load override new-ospf-config-file Still need to commit !!! Copyright 2012 (c) www.zenithnetworks.com 90
  • 91.  Build a configuration in preparation for a new circuit  Commit check…  Commit AT…  You are setting the time for the new configuration to be activated! root@HQ# commit at 11:00:00 configuration check succeeds commit at will be executed at 2013-08-14 11:00:00 UTC The configuration has been changed but not committed root@HQ> show system commit commit requested by root via cli at 2013-03-04 16:30:00 UTC root@HQ> clear system commit Pending commit cleared Copyright 2012 (c) www.zenithnetworks.com 91
  • 92.  Home run time!!  Automatic Rollback!  Network device is located remote from your location  Could the new configuration result in a network disconnect ?  What now ?  Issue commit confirmed…  All good ?.... Then issue a 2nd commit within the “confirmed” time  Network disconnect ?.... Wait the “confirmed” time and auto rollback  Let’s take a peek!!..... Copyright 2012 (c) www.zenithnetworks.com 92
  • 93. root@HQ# set system host-name New-Name root@HQ# commit confirmed 1 configuration check succeeds commit confirmed will be automatically rolled back in 1 minutes unless confirmed commit complete root@New-Name# Broadcast Message from root@Jump-Start (no tty) at 9:25 UTC... Commit was not confirmed; automatic rollback complete. root@HQ# Copyright 2012 (c) www.zenithnetworks.com 93
  • 94. root@HQ# commit and-quit configuration check succeeds commit complete Exiting configuration mode root@HQ> Copyright 2012 (c) www.zenithnetworks.com 94
  • 95. 1. Active Configuration is config # 0 2. Enter configure mode…. 3. Active configuration is copied to candidate configuration 4. Up to 50 configuration versions are saved…. 0 thru 49 Copyright 2012 (c) www.zenithnetworks.com 95
  • 96. root@HQ# rollback ? Possible completions: <[Enter]> Execute this command 0 2010-08-14 09:33:15 UTC by root via cli 1 2010-08-14 09:25:15 UTC by root via other 2 2010-08-14 09:24:12 UTC by root via cli commit confirmed 3 2010-08-14 09:20:45 UTC by root via other 4 2010-08-14 09:18:41 UTC by root via cli commit confirmed 5 2010-08-14 06:25:52 UTC by root via cli 6 2010-08-14 03:28:33 UTC by root via cli 7 2010-08-13 23:10:32 UTC by root via cli 8 2010-08-13 23:06:09 UTC by root via button 9 2010-08-13 23:02:46 UTC by root via button 10 2010-08-13 23:01:56 UTC by root via other Copyright 2012 (c) www.zenithnetworks.com 96
  • 97. 1. root@HQ# set system host-name New-Name 2. root@HQ# show system host-name host-name New-Name; 3. root@HQ# rollback 0 load complete Active Configuration 4. root@HQ# show system host-name host-name HQ; Copyright 2012 (c) www.zenithnetworks.com 97 Candidate Config
  • 98. root@HQ# show | compare rollback 9 [edit system] - } - interfaces { ( NOT IN CANDIDATE… ACTIVE IN ROLL 9 ) - vlan { - bootp; + [edit interfaces ge-0/0/0 unit 0] + family inet { ( ACTIVE IN CANDIDATE.. NOT ROLL 9) + address 192.168.1.2/24; From the perspective of candidate, relative to rollback 9… Minus ( not in candidate, but present in rollback 9 ) Plus ( Present in the candidate, but not in rollback 9 ) Copyright 2012 (c) www.zenithnetworks.com 98
  • 99. ge-0/0/23 { unit 0 { family inet { address 172.16.25.1/24; } root@HQ# rename ge-0/0/23 to ge-0/0/20 ge-0/0/20 { unit 0 { family inet { address 172.16.25.1/24; } Copyright 2012 (c) www.zenithnetworks.com 99
  • 100. [edit protocols ospf] root@HQ# show area 0.0.0.0 { interface ge-0/0/0.0; interface ge-0/0/23.0 [edit protocols ospf] root@HQ# top root@HQ# replace pattern ge-0/0/23 with ge-0/0/20 [edit protocols ospf] root@HQ# show area 0.0.0.0 { interface ge-0/0/0.0; interface ge-0/0/20.0 Copyright 2012 (c) www.zenithnetworks.com 10 0
  • 101. ge-0/0/5 { ether-options { no-auto-negotiation; flow-control; link-mode full-duplex; speed { 1g; } } unit 0 { family ethernet-switching; } } ge-0/0/7 { unit 0 { family ethernet-switching; } } Copyright 2012 (c) www.zenithnetworks.com 10 1
  • 102. ge-0/0/5 { ether-options { no-auto-negotiation; flow-control; link-mode full-duplex; speed { 1g; } } unit 0 { family ethernet-switching; } } ge-0/0/6 { ether-options { no-auto-negotiation; flow-control; link-mode full-duplex; speed { 1g; } } unit 0 { family ethernet-switching; } Copyright 2012 (c) www.zenithnetworks.com 10 2
  • 103.  Awesome tool !!  Great for troubleshooting or building a config for a later date  Do not delete, rather turn-off  When ready…. Activate  Let’s take a peek….. Copyright 2012 (c) www.zenithnetworks.com 10 3
  • 104. root@HQ# show protocols ospf area 0.0.0.0 { interface ge-0/0/0.0; interface ge-0/0/23.0 [edit protocols ospf area 0.0.0.0] root@HQ# deactivate interface ge-0/0/23 [edit protocols ospf area 0.0.0.0] Turn Off root@HQ# show interface ge-0/0/0.0; inactive: interface ge-0/0/23.0 Still need to commit!!! Copyright 2012 (c) www.zenithnetworks.com 10 4
  • 105. root@HQ> show interfaces terse Interface Admin Link Proto Local Remote ge-0/0/23 up up ge-0/0/23.0 up up inet 172.16.20.1/24 vcp-0 up down vcp-0.32768 up down vcp-1 up down vcp-1.32768 up down bme0 up up bme0.32768 up up inet 128.0.0.1/2 10 5 Copyright 2012 (c) www.zenithnetworks.com
  • 106. root@HQ> show interfaces terse | except ge- Interface Admin Link Proto Local Remote vcp-0 up down vcp-0.32768 up down vcp-1 up down vcp-1.32768 up down bme0 up up bme0.32768 up up inet 128.0.0.1/2 10 6 Copyright 2012 (c) www.zenithnetworks.com
  • 107. root@HQ# run show interfaces terse | match ge- ge-0/0/0 up up ge-0/0/0.0 up up inet 192.168.1.1/24 ge-0/0/1 up down ge-0/0/1.0 up down eth-switch ge-0/0/2 up down ge-0/0/2.0 up down eth-switch ge-0/0/3 up down ge-0/0/3.0 up down eth-switch 10 7 Copyright 2012 (c) www.zenithnetworks.com
  • 108. End of Cool Tips and Tricks!! Copyright 2012 (c) www.zenithnetworks.com 10 8
  • 110. Allows for interaction with JUNOS Customize your network environment!! Automate repetitive tasks, response to events, configuration Highly configurable…. What do you want to do ? Accelerates problem solving!! Ensures a higher level of configuration integrity 11 0 Copyright 2012 (c) www.zenithnetworks.com
  • 111.  Developed by you…. The network engineer  Build a library of scripts  Automate the operation of your network devices  Customize as needed Category of Scripts Commit Operation Event 11 1 Copyright 2012 (c) www.zenithnetworks.com
  • 112.  Ensure integrity of configuration based on your standards  You create your own commit scripts  Candidate config file is checked for required parameters  Check for VLAN, MTU, OSPF, BGP, Security Policies  Automate…. Validate… Error Free Configuration  If problem discovered… report, abort commit, fix and apply  Very powerful!! 11 2 Copyright 2012 (c) www.zenithnetworks.com
  • 113.  Network Monitoring and Troubleshooting  Diagnose and Fix Problems  Auto-run commands, inspect output, take action….  Attempt to fix…. Report  Always running and monitoring  Avoid little problems from becoming bigger  What do you want to check ? (mtu, interface errors..) 11 3 Copyright 2012 (c) www.zenithnetworks.com
  • 114.  Correlate events…. Execute OP scripts  Run multiple OP’s… gathering info.  Attempt to uncover the point of failure  Attempt to fix….. Report  UP/Down interface… route disappears  For more information…  https://learningportal.juniper.net Copyright 2012 (c) www.zenithnetworks.com 11 4
  • 115.  Traceoptions  Very powerful…  Insight to numerous protocol events (ospf, bgp…)  Set protocol / event flags and log data  Should not negatively impact performance  You can run as an ongoing process… or deactivate [edit protocols bgp] root@HQ# show traceoptions { file bgp-events; flag keepalive; flag state; } Copyright 2012 (c) www.zenithnetworks.com 11 5
  • 116. End of Advanced Operations!! Copyright 2012 (c) www.zenithnetworks.com 11 6
  • 118.  “Sandbox”…. Candidate configuration  Commit… check… at… confirmed  Deactivate – Activate  Rename… replace… copy  Rollback  | “pipe”  Modular OS ( stability )  Control and Forwarding Planes ( fast…. efficient )  Automation 11 8 Copyright 2012 (c) www.zenithnetworks.com
  • 119.  More efficient…. For sure!  Accuracy  Confidence  Faster troubleshooting  High Availability  Better Engineer 11 9 Copyright 2012 (c) www.zenithnetworks.com
  • 120.  Your Thoughts ?  Comments ?  Questions 12 0 Copyright 2012 (c) www.zenithnetworks.com
  • 123.  Boot Camps (JUNOS – Switching – Routing – Security)  Tech Days  JNET Community ( http://forums.juniper.net)  Ed Services Newsletter ( Education )  Learning Bytes (http://www.juniper.net/us/en/training/)  Social Networking ( youtube, facebook, twitter )  User Group BAJUG www.bajug.org  http://www.zenithnetworks.com/education (Learning Academy) 12 3 Copyright 2012 (c) ZenithNetworks, Inc. www.zenithnetworks.com
  • 124.  www.juniper.net/education  Multiple Tracks  Enterprise Routing and Switching  JNCIA-JUNOS, JNCIS-ENT, JNCIP-ENT, JNCIE-ENT  Service Provider Routing and Switching  JNCIA-JUNOS, JNCIS-SP, JNCIP-SP, JNCIE-SP  JUNOS Security  JNCIA-JUNOS, JNCIS-SEC, JNCIP-SEC, JNCIE-SEC 12 4 Copyright 2012 (c) ZenithNetworks, Inc. www.zenithnetworks.com
  • 125. Access to view the Slides……  http://www.zenithnetworks.com/education Copyright 2012 (c) www.zenithnetworks.com 12 5