Juniper Operating System Fundamental for APNIC · PDF fileJuniper Operating System Fundamental for APNIC ... • JunOS Routing Fundamentals & Policy Control ... Juniper Security Product

Juniper Operating System Fundamental for APNIC Training Lab APNIC Technical Workshop

June 18, 2015, APNIC Office In-house training.

Acknowledgment

•  APNIC training lab facilitate hands-on training and workshop requirement for APNIC community in AP region.

•  APNIC training continues its best effort to support multi vendor/open standard technology and software when deliver hands-on training.

•  This presentation is prepared to support JunOS specific hands-on lab exercises in APNIC training lab.

•  APNIC acknowledging Juniper Technology to use its JNCIA-Junos Study Guide and other publicly available Juniper documents to prepare this presentation.

Overview

•  JunOS Operating System Fundamental

•  JunOS User Interface and CLI

•  Basic & Interface Configuration on APNIC Training Lab

•  JunOS Routing Fundamentals & Policy Control

•  Operational Monitoring and Maintenance

JunOS Fundamental

•  Robust, Modular and Scalable

•  Single Source Code Base

•  Separate Control and Forwarding Planes

Robust, Modular and Scalable

•  Run multiple software process.

•  Each process controls a portion of device hardware functionality.

•  Each process runs in its own protected memory space so one process cannot directly interfere with another.

•  So one process failure/upgrade doesn’t require system reboot.

Single Source Code Base

•  The JunOS kernel is based on the open source FreeBSD UNIX operating system.

•  All Juniper device running the same JunOS use the same software source code base within their platform-specific images.

•  It ensures core features work consistently across all platforms running the JunOS.

•  Since many features and services use the same JunOS code so configured and management tasks are simplified.

Separate Control & Forwarding Plane

•  The processes that control the routing & switching protocol parameter and forwards data frames are clearly separated in JunOS devices.

•  Forwarding plane functions are mostly done based on the application-specific integrated circuits (ASICs) for increased performance.

•  This design allows to tune each process for maximum performance and reliability.

•  The separation of the control and forwarding planes is one of the key reasons that JunOS can support many different platforms from a common code base.


Routing Engine (RE) •  The control plane runs on the Routing Engine (RE) that is the brain of the

device. It is responsible for performing protocol updates and system management functions.

•  RE is mainly based on X86 or PowerPC architecture, depending on the specific platform and it runs various protocol and management software processes that reside inside a protected memory environment.

•  RE maintains the routing tables, bridging table, and primary forwarding table and connects to the Packet Forwarding Engine (PFE) through an internal link.


Packet Forwarding Engine (PFE) •  PFE receives the forwarding table (FT) from the RE by means of an internal

link and simply forwards frames, packets, or both with a high degree of stability and deterministic performance.

•  The PFE usually runs on separate hardware / in many case application-specific integrated circuits (ASICs) and is responsible for forwarding transit traffic through the device.

•  This architectural design makes it possible to incorporate high availability features of JunOS i.e Graceful Routing Engine Switchover (GRES), Nonstop Active Routing (NAR) etc.


Forwards Traffic •  The PFE is the central processing component of the forwarding

plane. •  The PFE forwards traffic based on its local copy of the forwarding

table created by a regular synchronization with the RE. •  PFE also implements a number of advanced services like rate

limiting, stateless firewall and other services through special interface cards that can be add to the PFE complex.

Traffic Processing Behaviour

Transit Traffic •  Transit traffic defined as the traffic enters an ingress network port, compared against

the forwarding table entries, and is forwarded out an egress network port toward the final destination.

•  For transit traffic a forwarding table entry must be exist to successfully forward transit traffic to that destination.

•  Transit traffic passes through the forwarding plane only and is never sent to or processed by the control plane.

•  Forwarding plane only processing of the transit traffic in JunOS devices can achieve predictably high performance rates.


Exception Traffic: •  Exception traffic is defined as the traffic does not pass through the local

device. It is destined to the local device and require special handling. I.e. –  Packet addressed to the chassis, such as routing update packets, telnet/ssh

session to the device replies to the transit source. –  IP packet with IP option field. PFE are not purposely designed to process IP option

field. –  Traffic that requires the generation of Internet Control Message Protocol (ICMP)

messages. •  I.e. Unreachable, TTL expire,


Built-in Rate Limit for Exception Traffic: •  In JunOS all exception traffic destined to RE are sent through an

“Internal Link” which connects the RE and PFE. •  JunOS has a hardware based rate limiting on the internal link that

protects the JunOS device RE from any potential DoS attacks. •  During the time of congestion JunOS device gives preference to

local and control traffic destine to RE. •  This built-in rate limit is not configurable/modifiable.

Appendix Slides

For APNIC in house training only.

Juniper Product Range

Three Type of Equipment: •  Routing Devices

•  Switching Device

•  Security/Firewall Device

Juniper Routing Product Series

Juniper Switching Product Series

Juniper Security Product Series

JunOS User Interface and CLI Hands on lab instruction provided

JunOS CLI Introduction


Switch Between Different Mode:

user> configure

[edit]

user# exit

user>


JunOS CLI Introduction Type “?” to get Available Command from the Hierarchy:

root> configure ?

Possible completions:

<[Enter]> Execute this command

batch Work in batch mode dynamic Work in dynamic database

exclusive Obtain exclusive lock

private Work in private database

| Pipe through a command




JunOS CLI Introduction Execute Command from Different Hierarchy:

JunOS CLI Introduction Execute Command from Different Hierarchy:

JunOS CLI Introduction Save Configuration and Exit:

[edit]

root@Router21# commit and-quit

root@Router21>



Check the Rollback & Restore: root# rollback ?

Possible completions:

<[Enter]> Execute this command

0 2015-06-17 12:37:31 UTC by root via cli



rescue 2015-06-17 12:36:00 UTC by root via cli

[edit]

root@Router21# rollback rescue

JunOS CLI Introduction To get a Unix shell:

root@Router21> start shell

[will support standard unix command line]

Switch to JunOS CLI:

root@Router21% cli

[Come back to JunOS command line]

Questions

APNIC Training Lab Exercises. Hands on lab instruction provided

Documents

Juniper Operating System Fundamental for APNIC · PDF fileJuniper Operating System Fundamental for APNIC ... • JunOS Routing Fundamentals & Policy Control ... Juniper Security Product