Juniper Operating System

Fundamental for APNIC

Training Lab
APNIC Technical Workshop
June 18, 2015, APNIC Office In-house training.
Acknowledgment
•  APNIC training lab facilitate hands-on training and
workshop requirement for APNIC community in AP region.
•  APNIC training continues its best effort to support multi
vendor/open standard technology and software when
deliver hands-on training.
•  This presentation is prepared to support JunOS specific
hands-on lab exercises in APNIC training lab.
•  APNIC acknowledging Juniper Technology to use its
JNCIA-Junos Study Guide and other publicly available
Juniper documents to prepare this presentation.
Overview
•  JunOS Operating System Fundamental
•  JunOS User Interface and CLI
•  Basic & Interface Configuration on APNIC Training Lab
•  JunOS Routing Fundamentals & Policy Control
•  Operational Monitoring and Maintenance
JunOS Fundamental
•  Robust, Modular and Scalable
•  Single Source Code Base
•  Separate Control and Forwarding Planes
Robust, Modular and Scalable
•  Run multiple software process.
•  Each process controls a portion of
device hardware functionality.
•  Each process runs in its own
protected memory space so one
process cannot directly interfere with
another.
•  So one process failure/upgrade
doesn’t require system reboot.
Single Source Code Base
•  The JunOS kernel is based on the open source FreeBSD UNIX
operating system.
•  All Juniper device running the same JunOS use the same software
source code base within their platform-specific images.
•  It ensures core features work consistently across all platforms
running the JunOS.
•  Since many features and services use the same JunOS code so
configured and management tasks are simplified.
Separate Control & Forwarding Plane
•  The processes that control the routing & switching protocol
parameter and forwards data frames are clearly separated
in JunOS devices.
•  Forwarding plane functions are mostly done based on the
application-specific integrated circuits (ASICs) for
increased performance.
•  This design allows to tune each process for maximum
performance and reliability.
•  The separation of the control and forwarding planes is one
of the key reasons that JunOS can support many different
platforms from a common code base.
Separate Control & Forwarding Plane

Routing Engine (RE)

•  The control plane runs on the Routing Engine (RE) that is the brain of the
device. It is responsible for performing protocol updates and system
management functions.
•  RE is mainly based on X86 or PowerPC architecture, depending on the
specific platform and it runs various protocol and management software
processes that reside inside a protected memory environment.
•  RE maintains the routing tables, bridging table, and primary forwarding
table and connects to the Packet Forwarding Engine (PFE) through an
internal link.
Separate Control & Forwarding Plane

Packet Forwarding Engine (PFE)

•  PFE receives the forwarding table (FT) from the RE by means of an internal
link and simply forwards frames, packets, or both with a high degree of
stability and deterministic performance.
•  The PFE usually runs on separate hardware / in many case application-
specific integrated circuits (ASICs) and is responsible for forwarding transit
traffic through the device.
•  This architectural design makes it possible to incorporate high availability
features of JunOS i.e Graceful Routing Engine Switchover (GRES), Nonstop
Active Routing (NAR) etc.
Separate Control & Forwarding Plane

Forwards Traffic
•  The PFE is the central processing component of the forwarding
plane.
•  The PFE forwards traffic based on its local copy of the forwarding
table created by a regular synchronization with the RE.
•  PFE also implements a number of advanced services like rate
limiting, stateless firewall and other services through special
interface cards that can be add to the PFE complex.
Traffic Processing Behaviour

Transit Traffic
•  Transit traffic defined as the traffic enters an ingress network port, compared against
the forwarding table entries, and is forwarded out an egress network port toward the
final destination.
•  For transit traffic a forwarding table entry must be exist to successfully forward transit
traffic to that destination.
•  Transit traffic passes through the forwarding plane only and is never sent to or
processed by the control plane.
•  Forwarding plane only processing of the transit traffic in JunOS devices can achieve
predictably high performance rates.
Traffic Processing Behaviour

Exception Traffic:
•  Exception traffic is defined as the traffic does not pass through the local
device. It is destined to the local device and require special handling. I.e.
–  Packet addressed to the chassis, such as routing update packets, telnet/ssh
session to the device replies to the transit source.
–  IP packet with IP option field. PFE are not purposely designed to process IP option
field.
–  Traffic that requires the generation of Internet Control Message Protocol (ICMP)
messages.
•  I.e. Unreachable, TTL expire,
Traffic Processing Behaviour

Built-in Rate Limit for Exception Traffic:

•  In JunOS all exception traffic destined to RE are sent through an
“Internal Link” which connects the RE and PFE.
•  JunOS has a hardware based rate limiting on the internal link that
protects the JunOS device RE from any potential DoS attacks.
•  During the time of congestion JunOS device gives preference to
local and control traffic destine to RE.
•  This built-in rate limit is not configurable/modifiable.
Appendix Slides

For APNIC in house training only.

Juniper Product Range

Three Type of Equipment:

•  Routing Devices
•  Switching Device
•  Security/Firewall Device
Juniper Routing Product Series
Juniper Switching Product Series
Juniper Security Product Series
JunOS User Interface
and CLI
Hands on lab instruction provided
JunOS CLI Introduction
JunOS CLI Introduction

Switch Between Different Mode:

user> configure

[edit]
user# exit

user>
JunOS CLI Introduction
JunOS CLI Introduction
Type “?” to get Available Command from the Hierarchy:

root> configure ?
Possible completions:
<[Enter]> Execute this command
batch Work in batch mode
dynamic Work in dynamic database
exclusive Obtain exclusive lock
private Work in private database
| Pipe through a command
JunOS CLI Introduction
JunOS CLI Introduction
JunOS CLI Introduction
JunOS CLI Introduction
Execute Command from Different Hierarchy:
JunOS CLI Introduction
Execute Command from Different Hierarchy:
JunOS CLI Introduction
Save Configuration and Exit:

[edit]
root@Router21# commit and-quit
root@Router21>
JunOS CLI Introduction
JunOS CLI Introduction
Check the Rollback & Restore:
root# rollback ?
Possible completions:
<[Enter]> Execute this command
0 2015-06-17 12:37:31 UTC by root via cli
1 2015-06-17 12:35:15 UTC by root via cli
2 2015-06-17 12:34:33 UTC by root via cli
rescue 2015-06-17 12:36:00 UTC by root via cli

[edit]
root@Router21# rollback rescue
JunOS CLI Introduction
To get a Unix shell:
root@Router21> start shell
[will support standard unix command line]

Switch to JunOS CLI:

root@Router21% cli
[Come back to JunOS command line]
Questions
APNIC Training Lab
Exercises.
Hands on lab instruction provided