E-Series Introdution To Juniper Network Routers

Introduction to Juniper Networks Routers - E-series
Student Guide
1194 North Mathilda Avenue Sunnyvale, CA 94089

USA 408-745-2000
www.juniper.net
Juniper Networks, the Juniper Networks logo. NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOS and JUNOSe are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Introduction to Juniper Networks RoutersE-series Student Guide, Revision 7.c Copyright 2007, Juniper Networks, Inc. All rights reserved. Printed in USA. Revision History: Revision 4.cApril 2003 Revision 7.aSeptember 2005 Revision 7.bJanuary 2007 Revision 7.cApril 2007 The information in this document is current as of the date listed above. The information in this document has been carefully verified and is believed to be accurate for software Release 7.3.0. Juniper Networks assumes no responsibilities for any inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect, special, exemplary, incidental or consequential damages resulting from any defect or omission in this document, even if advised of the possibility of such damages.
Juniper Networks reserves the right to change, modify, transfer or otherwise revise this publication without notice. YEAR 2000 NOTICE Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The JUNOS software has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036. SOFTWARE LICENSE The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should consult the software license for further details.
Contents
Chapter 0: Chapter 1: Course Introduction ..................................................................................... 0-1 Overview of E-series Router Features and Applications ............................ 1-1 Juniper Networks Router Product Positioning ................................................. 1-3 E-series Router B-RAS Applications ............................................................... 1-6 E-series Router Dedicated Access Applications .......................................... 1-13 The SDX-300 Policy and Network Management System ............................. 1-18 E-series Router Hardware Architecture Overview ...................................... 2-1 E-series Product Family and Chassis Types ................................................. 2-3 ERX-14xx/7xx/310 Architecture ...................................................................... 2-8 E320 Architecture......................................................................................... 2-20 Packet Flow ................................................................................................. 2-27 Redundancy ................................................................................................. 2-33 Hardware Installation Notes ......................................................................... 2-44 Introduction to the Command-Line Interface and Configuration Basics .................................................................................... 3-1 CLI Modes and Shortcuts ................................................................................. 3-3 Basic Configuration Using the CLI .............................................................. 3-16 Configuration Using Scripts and Macros ....................................................... 3-27 E-series Router Timing Configuration Options ............................................ 3-32 E-series Router Boot Configuration and Reload Options............................... 3-35 E-series Virtual Routers ................................................................................. 4-1 E-series Virtual Router Concepts.................................................................... 4-3 Configuring and Managing E-series Virtual Routers........................................ 4-6 Lab 1: Introduction to the E-series Router CLI ............................................ 4-12 Lab 2: E-series Router Configuration Basics ................................................ 4-13
Chapter 2:
Chapter 3:
Chapter 4:
Contents - iii
Contents - iv
Course Overview
The Introduction to Juniper Networks RoutersE-series course provides an introduction to the E-series router platforms, including the E320 router. The course covers E-series router features, applications, and hardware architecture. It gives an overview of using the E-series command-line interface (CLI), including user modes, CLI shortcuts, the file system, and file manipulation. The course teaches students how to use the CLI to perform basic router administration tasks and how to perform a basic configuration of an E-series router. The course also introduces the concept of virtual routers and discusses the basics of virtual router configuration.
Objectives
After successfully completing this course, you should be able to: Describe the E-series router features and applications in both a B-RAS and dedicated access environment; Describe the E-series router hardware architecture; Describe the configuration options available for E-series hardware platforms; List the different CLI user modes; Describe the file system used on E-series routers; Use the CLI to manipulate files, to reload E-series router, and to perform basic troubleshooting; Use the CLI to configure the E-series platforms for basic IP connectivity; and Perform basic virtual router configuration and management tasks.
Intended Audience
This course is intended for network professionals, managers, and anyone needing an overview of the E-series router.
Course Level
This is an introductory-level course designed to be a stepping-stone to the more advanced courses available in the Juniper Networks training curriculum.
Prerequisites
Students attending this course should have a general knowledge of the Internet Protocol, including addressing. Students should also have a basic understanding of the OSI model, including the roles played by layers 1-4. Familiarity with common TCP and UDP protocols, such as Telnet and FTP, is helpful. This course is a required prerequisite for the following: E-series Routing Protocols (formerly E-series Circuit Aggregation Basics) E-series Broadband Remote Access Server Configuration Basics
Course Overview - v
Course Agenda
Day 1
Chapter 1: Chapter 2: Chapter 3: Chapter 4: Chapter 5: Course Introduction Overview of E-series Router Features and Applications E-series Router Hardware Architecture Overview Introduction to the Command-Line Interface and Configuration Basics E-series Virtual Routers
Course Agenda - vi
Additional Information
Education Services Offerings
You can obtain information on the latest Education Services offerings, course dates, and class locations from the World Wide Web by pointing your Web browser to: http://www.juniper.net/training/education/ .
About This Publication

The Introduction to Juniper Networks RoutersE-series Student Guide was developed and tested using software version 7.3.0. Previous and later versions of software may behave differently so you should always consult the documentation and release notes for the version of code you are running before reporting errors. This document is written and maintained by the Juniper Networks Education Services development team. Please send questions and suggestions for improvement to training@juniper.net.
Technical Publications
You can print technical manuals and release notes directly from the Internet in a variety of formats: Go to http://www.juniper.net/techpubs/ . Locate the specific software or hardware release and title you need, and choose the format in which you want to view or print the document. Documentation sets and CDs are available through your local Juniper Networks sales office or account representative.
Juniper Networks Support

For technical support, contact Juniper Networks at http://www.juniper.net/customers/ support/, or at 1-888-314-JTAC (within the United States) or 408-745-2121 (from outside the United States).
Additional Information - vii
Additional Information - viii
Introduction to Juniper Networks RoutersE-series
Chapter 0:
Course Introduction
Copyright 2008 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
Module 0: Course Introduction
0-1
Module Objectives
After successfully completing this module, you will be able to:
Get to know one another Identify the objectives, prerequisites, facilities, and materials used
during this course

Identify additional Juniper Networks courses Describe the Juniper Networks Technical Certification Program
(JNTCP)
www.juniper.net
This Chapter Discusses: Objectives and course content information; Additional Juniper Networks courses; and Juniper Networks Technical Certification Program.
0-2
Introductions
What is your name? Where do you work? What is your primary role in your organization? What kind of network experience do you have? What is the most important thing for you to learn in this training session?
www.juniper.net
Introductions This slide serves to break the ice by having you introduce yourself and state your reasons for attending the class.
0-3
Course Contents
Contents:
Chapter 0 : Introduction and Overview Chapter 1 : E-series Router Features and Applications Chapter 2 : Hardware Architecture Overview Chapter 3 : Introduction to the Command-Line Interface and
Configuration Basics
Chapter 4 : E-series Virtual Routers
www.juniper.net
Course Contents This slide lists the topics we discuss in this course.
0-4
Prerequisites
The prerequisites this course are :
A general knowledge of the Internet Protocol, including addressing A familiarity with common TCP and UDP protocols, such as Telnet and FTP A basic understanding of OSI model, including the particular role played by layers 1-4
www.juniper.net
Prerequisites This slide lists the prerequisites for this course.
0-5
Course Administration
Sign-in sheet Schedule
Class times Breaks Lunch
Break and restroom facilities Communications

Telephones Cellular phones and pagers Internet access
Copyright 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
General Course Administration This slide documents general aspects of classroom administration.
0-6
Education Materials
Available in class:
Lecture material Lab guide Lab equipment
Available outside of class:

Online documentation at www.juniper.net Juniper Networks Technical Assistance Center (JTAC)
Available through your account representative:

Documentation CD Printed documentation
www.juniper.net
Training and Study Materials This slide describes several options for obtaining study and preparation materials.
0-7
Satisfaction Feedback
Class Feedback
Please be sure to tell us how we did!

Look for an e-mail asking you to complete our on-line survey
Completed surveys:
Help us serve you better Ensure that you receive a certificate of completion
Satisfaction Feedback Juniper Networks uses an electronic survey system to collect and analyze your comments and feedback. Depending on the class you are taking, please complete the survey at the end of the class, or be sure to look for an e-mail about two weeks from class completion that directs you to complete an online survey form (be sure to provide us with your current e-mail address). Submitting your feedback entitles you to a certificate of class completion. We thank you in advance for taking the time to help us improve our educational offerings.
0-8
Service Provider Curriculum : JUNOS Platforms

Prerequisites : Detailed knowledge of M-series and Tseries routers from CIJNR-M attendance or similar
Advanced VPNs Advanced Policy Advanced Juniper Networks Routers (AJNR) Configuring Juniper Networks Routers (CIJNR-M) Juniper Networks Security Solutions (JNSS)
Prerequisites: Familiarity with JUNOS software CLI, General knowledge of TCP/IP and routing
IPSec
Prerequisites: General knowledge of TCP/IP, routing, and radio frequency (RF) concepts
Operation and Troubleshooting of Juniper Networks Routers (OTJNR)
Class of service IPv6 Intro to SDX for JUNOS
www.juniper.net
Service Provider Curriculum: JUNOS Platforms This slide displays the primary Education Services offerings that support Juniper Networks M-series and T-series technologies in a service provider environment.
0-9
Service Provider Curriculum: JUNOSe Platforms

Prerequisites: Detailed knowledge of Eseries products from attendance of IJNR-E class or similar
Broadband Remote Access Server Configuration Basics Introduction to Juniper Networks Routers E-series (IJNR-E) Prerequisites: General knowledge of TCP/IP and routing E -Series Routing Protocols
Introduction to SDX -300 for JUNOSe
E -series MPLS Configuration Basics
www.juniper.net
10
Service Provider Curriculum: JUNOSe Platforms This slide displays the primary Education Services offerings that support Juniper Networks Eseries router technologies.
0-10
Enterprise Routing Curriculum
Prerequisites: General knowledge of TCP/IP and routing Operating Juniper Networks Routers in the Enterprise (OJRE)
Prerequisites: Detailed knowledge of Jseries and M-series routers from OJRE attendance or similar Advance Juniper Networks Routing in the Enterprise (AJRE)
www.juniper.net
11
Enterprise Routing Curriculum This slide displays the primary Education Services offering that support Juniper Networks Mseries and J-series technologies in an enterprise environment.
0-11
Security Curriculum
Prerequisites: CJFV
Integrating Juniper Networks Firewall IPSec VPNs into HighPerfomance Networks Advanced Juniper Networks VPN Implementations Attack Prevention with Juniper Networks Firewalls Configuring Unified Access Control Configuring Juniper Networks Firewall/ IPSec VPN Products
Prerequisites: Basic experience with Ethernet, transparent bridging, TCP/IP operations, IP addressing, and routing
Prerequisites: Basic experience with Ethernet, transparent bridging, TCP/IP operations, IP addressing, and routing Prerequisites: Moderate background in Internetworking basic, security concepts, network administration, and application support
Security Manager Fundamentals
Implementing Intrusion Detection and Prevention
Configuring NetScreen Secure Access
Advanced NetScreen Secure Access
www.juniper.net
12
Security Curriculum This slide displays the primary Education Services offerings that support Juniper Networks security technologies.
0-12
WX Curriculum
Prerequisites: General knowledge of TCP/IP and routing, switches and VLANS Introduction to WAN Acceleration (WX) Framework (IWX)
Prerequisites: Completion of the WAN Acceleration Framework (WX) course or equivalent knowledge. The WAN Acceleration Central Management System (CMS)
www.juniper.net
13
WX Curriculum This slide displays the primary Education Services offerings that support Juniper Networks WX Framework technologies.
0-13
DX Curriculum
Implementing the DX Application Acceleration Platform (IDX) Prerequisites: General knowledge of TCP/IP HTTP and SSL.
www.juniper.net
14
DX Curriculum This slide displays the primary Education Services offerings that support Juniper Networks DX Application Acceleration Platform technologies.
0-14
Technical Certification Programs
Routing technical certification tracks include

Service provider track : JUNOSe Platforms Service provider track : JUNOS Platforms Enterprise routing track
Routing tracks consist of written and lab-based examination

15
Technical Certification Programs: Routing Tracks This slide outlines the current levels of technical certification offered by Juniper Networks.
0-15
Security tracks
Security technical certification programs include ;

Firewall/VPN tracks SSL/IDP tracks
Security certification programs are written examination only at this time

16
Technical Certification Programs: Security Tracks This slide outlines the current levels of technical certification offered by Juniper Networks.
0-16
Juniper Networks Certified Internet Associate

JNCIA
Computer-based, written exam Delivered at Prometric testing centers worldwide 60 questions, 60 minutes Passing Score: 70% $125 USD Prerequisite certification: none Benefits provided to JNCIAs: Certificate Logo usage Industry recognition Validates candidates general knowledge of IP technologies,
platform operating system, and hardware
www.juniper.net
17
The JNCIA Certification This slide details the JNCIA certification level.
0-17
Juniper Networks Certified Internet Specialist

JNCIS

Computer-based, written exam Delivered at Prometric testing centers worldwide Prerequisite for the JNCIP lab exam 75 questions, 90 minutes Passing Score: 70% $125 USD Prerequisite certification: none Benefits provided to JNCISs:
Certificate Logo usage Provides ability to take JNCIP exam Industry recognition as an IP and routing platform specialist
Validates candidates advanced knowledge of platform operating
system, hardware, and IP technologies
www.juniper.net
18
The JNCIS Certification This slide details the JNCIS certification level.
0-18
Juniper Networks Certified Internet Professional

JNCIP
One-day, lab-based exam Tests candidates configuration and
design skills for essential technologies

Testing centers: Sunnyvale, Amsterdam, Herndon, Westford,
Remote Prerequisite for the JNCIE lab exam $1,250 USD Prerequisite certification: JNCIS Benefits provided to JNCIPs:
Certificate Logo usage Provides ability to take JNCIE exam Industry recognition as an IP and routing platform professional
Validates candidates practical platform configuration skills
www.juniper.net
19
The JNCIP Certification This slide details the JNCIP certification level.
0-19
Juniper Networks Certified Internet Expert

JNCIE
One-day, lab-based exam Tests candidates advanced configuration & design
skills for essential and specialized technologies Testing centers: Sunnyvale, Amsterdam, Herndon, Remote $1,250 USD Prerequisite certification: JNCIP Currently only available in the M-series routers track Benefits provided to JNCIEs:
Crystal plaque and certificate Logo usage Worldwide recognition as an Internet Expert
The most challenging and respected exam of its type in the
industry
www.juniper.net
20
The JNCIE Certification This slide details the JNCIE certification level.
0-20
Certification Preparation
Training and study resources
JNTCP Website www.juniper.net/certification Education Services training classes http://www.juniper.net/training Juniper Networks documents and white papers http://www.juniper.net/techpubs/ http://www.juniper.net/techcenter/ Sybex JNTCP preparation guides JNCIA and JNCIP available February, 2003 Juniper Networks Routers: The Complete Reference Available at bookstores now Covers M-series and T-series platforms
Practical exams: Lots of hands-on practice

On-the-job experience Education Services training classes Equipment access
21
Prepping and Studying This slide lists some options for those interested in prepping f or Juniper Networks certification.
0-21
Questions
www.juniper.net
22
Any Questions? If you have any questions or concerns about the class you are attending, we suggest that you voice them now so that your instructor can best address your needs during class.
0-22
www.juniper.net
23
0-23
0-24
Chapter 1: Overview of EE-Series Router Features and Applications
www.juniper.net
Module Objectives
Describe how edge and core router requirements are different Describe how the E-series routers operate in a B-RAS environment Describe how the E-series routers operate in a dedicated access
environment
Describe the SDX-300 provisioning tool and list its main applications Explain the purpose and function of the NMC-RX configuration tool
www.juniper.net
This Chapter Discusses: The different requirements of edge and core routers; The E-series applications; router Broadband Remote Access Server (B-RAS)
The E-series router dedicated access applications; and The SDX-300 policy and network resource management system.
Module 1: Overview E-series Router Features and Applications
1-2
Agenda E -series Router Features & Applications

Juniper Networks Product Positioning
The Edge vs. the Core
E-series Router B-RAS Applications E-series Router Dedicated Access Applications The SDX-300 Provisioning Tool
www.juniper.net
Juniper Networks Router Product Positioning This chapter gives an overview of the E-series router's features and applications. The following slides describe how Juniper Networks positions its E-series, J-series, Mseries, and T-series routing products, and also discuss key differences between edge and core router applications.
1-3

Service Provider Network
Consumer Edge Network
Residential Residential
Edge (E-series)
Education
PSTN/ Mobile
Core (M-series, T-series)
Business Edge Network (E-series, M-series)
SOHO
Small/Medium Enterprise
Large Enterprise
www.juniper.net
Juniper Networks Router Product Positioning Today's service provider networks are typically made up of two major components: the network edge and the network core. These two components operate differently and have different network device requirements and application focuses. The network edge normally has routers that support large numbers of low- to medium-speed subscriber interfaces. These subscribers can range from residential subscribers with Broadband Remote Access Server (B-RAS) connections to enterprise customers with dedicated lines. Edge devices terminate customer-facing interfaces and must be able to classify and differentiate between traffic flows to provide dynamic IP services. Edge devices might provide security, virtual private network (VPN) features, and quality of service (QoS). In most cases, the E-series family of edge routers serves network edge applications, although J-series routers and smaller M-series routers are also deployed to address business edge applications. In contrast, the network core often has a smaller number of routers that support fewer, high-speed interfaces. These high-speed interfaces act to aggregate the data from large numbers of edge routers and enable efficient long-haul transport. Core routers might also provide QoS, security, and VPN-related features. The M-series and T-series routing platforms normally serve network core applications.
1-4
E-series Router Market Segmentation

IP edge
Where service providers meet
Edge
Business Edge
their customers
Service provider defines and
delivers services
End users subscribe to services
Two major applications

B-RAS
Consumer edge Subscriber management
Dedicated access
Consumer Edge
Business edge Circuit or private-line aggregation

Proprietary and Confidential www.juniper.net
IP Edge The edge of the network is the entry point for the subscriber or end user. Service providers define and deliver services at the edge of their network and end users subscribe to these services. The E-series router can deliver exceptional performance and scalability in the demanding role of an edge router. Two Major Applications The E-series router is most often deployed in one of two environments: B-RAS and dedicated access. B-RAS offers service providers the ability to deploy high-speed services to residential and business customers using a variety of last-mile technologies. The E-series router currently supports all broadband deployments, including digital subscriber line access multiplexer (DSLAM) environments, cable modem head ends, wireless networks, and Ethernet. The E-series family of products allows service providers to aggregate thousands of dedicated business connections on a single router, while also providing highly customized IP services to each of these businesses. Service providers can use a single E-series system to offer customers various access line speeds, from fractional T1, T3, and E3 through 0C3c/STM 1. In turn, the provider can route this traffic into the core across high-speed connections, such as 0C12c/STM4, 0C48c/STM16, Gigabit Ethernet, and 10 Gigabit Ethernet. Circuit aggregation is a phrase sometimes used to describe the aggregation of traffic from many connections onto a few highspeed interfaces.
1-5

www.juniper.net
E-series Router B-RAS Applications The following slides discuss the E-series router's support for Broadband Remote Access Server (B-RAS) applications
1-6
B -RAS Overview
What is a B-RAS?
Intelligent Layer 3 device aggregating traffic from Layer 2 devices Provides PPP session termination and authentication Facilitates IP address assignment Offers IP QoS per traffic flow
Internet
PPPoE PPPoA DSLAM Bridged IP IP over ATM
Access Edge
OC3/STM1 OC12/STM4 ATM Ethernet
DSLAM
PPPoE Metro Ethernet
Ethernet Switch
BGP-4 OSPF IS-IS MPLS Multicast VPN
DHCP
RADIUS Policies
Consumer Edge B-RAS Subscribers
www.juniper.net
What Is a B-RAS? Traditional Remote Access Servers provide connections for dial-up customers of service providers that use analog modems for IP network access. Dial-up services are sometimes called narrowband services because customer access line speeds usually fall in a range of 28 Kbps to 56 Kbps. A B-RAS supplies connection termination services for customers using high-speed access devices, such as an xDSL modem, xDSL router, Ethernet, or 802.11x interface. Speeds delivered by these services can range from 128 Kbps to 30 Mbps, or even faster, so these services are typically called broadband services. A B-RAS is the intelligent layer 3 device that aggregates traffic from layer 2 devices, such as DSLAMs, Ethernet switches, and cable modem termination systems (CMTS). A B-RAS can provide Point-to-Point Protocol (PPP) session termination and authentication in conjunction with RADIUS servers. The B-RAS also works closely with Dynamic Host Configuration Protocol (DHCP) servers or uses local IP address pools to provide IP addresses to subscribers. Operating as a B-RAS, the E-series router offers superior scalability and performance. The E-series router can also offer sophisticated IP QoS services per customer traffic flow.
1-7
B-RAS Applications
E-series router B-RAS applications
Traditional Internet access Wholesaling using virtual routers VPN services Video services using multicasting
Internet Access
PPPoE PPPoA DSLAM
Edge
OC3/STM1 OC12/STM4 ATM Ethernet BGP-4 OSPF IS- IS MPLS Multicast
Bridged IP IP over ATM
ISP1
DSLAM
Ethernet Switch
VPN
DHCP RADIUS Policies
www.juniper.net
E-series Router B-RAS Applications A service provider can use the B-RAS services provided by an E-series router to support several kinds of products. In the traditional application, the service provider provides.traditional Internet access to its customers. In this application, it uses the E-series router to terminate residential customer connections and provide them with connectivity to the Internet. Using virtual routers, the service provider can also wholesale part of its E-series router and network infrastructure to other service providers or retailers. The E-series system can support multiple virtual routers with separate, secure routing tables. Using virtual routers, the service provider can keep wholesale customers completely isolated from each other, as well as from the service provider's own retail customers. A service provider can also use the E-series router to offer sophisticated virtual private network (VPN) services. Finally, a service provider can use the E-series router's multicasting capabilities to offer video services to its residential customers. IP multicasting improves network efficiency for the service provider by allowing a host to transmit a single datagram that is received by multiple end-user devices that are part of a targeted set.
1-8
B-RAS Connectivity
Subscriber interfaces
xDSL, cable modem, 802.11x, Ethernet with VLAN tags IP over bridged Ethernet, IP over ATM, PPPoE, PPPoA
B-RAS interfaces
Dynamic interface and address assignment allowing over-subscription ATM, Ethernet
Access
PPPoE PPPoA DSLAM Bridged IP IP over ATM
Internet
Edge
OC3/STM1 OC12/STM4 ATM Ethernet BGP-4 OSPF IS-IS MPLS Multicast OC3/STM1 OC12/STM4 SONET/ATM 10 Gigabit Ethernet
DSLAM
Ethernet Switch
VPN
www.juniper.net
Subscriber Interfaces B-RAS subscriber access methods include the family of xDSL technologies, cable modems, 802.11x wireless networks, and Ethernet using either copper- or fiberbased physical media. These customer lines are aggregated in a DSLAM, CMTS, or Ethernet switch. To obtain service over these links, customers typically use either PPP over Ethernet (PPPoE) or PPP over Asynchronous Transfer Mode (ATM) (PPPoA). These access methods maintain the current dial-up model, complete with centralized user authentication, authorization, and accounting (MA) using RADIUS. Customers can also use IP over bridged Ethernet or IP over ATM (IPoA) to gain access to the network. These last two approaches provide connections that are always on and require no authentication or authorization. B-RAS Interfaces The B-RAS can aggregate customer traffic from multiple devices, such as ATM or Ethernet switches. DSLAMs typically connect to the E-series router through ATM or Ethernet connections, while CMTSs typically connect through Ethernet connections. Continued on next page.
1-9

B-RAS Interfaces (contd.) With ATM-based access, the provider normally provisions an ATM permanent virtual circuit (PVC) to each xDSL device. This PVC allows each household member to establish a unique PPP session to the E-series router. The IP interfaces associated with this PPP session can be created dynamically. Dynamic IP interfaces can also be created for other B-RAS access methods. With Ethernet-based access, the provider typically implements stacked virtual local area networks (S-VLANs). In this environment, one VLAN is provisioned for each Ethernet-based DSLAM. Within this VLAN, additional VLAN are provisioned, one for each xDSL device. In contrast, dedicated access applications typically require static configuration of the customer's interface and IP addressing parameters. The dynamic nature of a B-RAS also allows the E-series system to be oversubscribed, based on the assumption that not all end users are active at the same time. On the other hand, dedicated access applications typically allow for much less oversubscription, if any.
1-10
B-RAS-Related Services and Protocols

Required services
DHCP RADIUS AAA
Associated protocols
PPP DHCP L2TP IGMP
PPPoE PPPoA DSLAM
Access Edge
OC3/STM1 OC12/STM4 ATM Ethernet BGP-4 OSPF IS-IS MPLS Multicast
Internet
Bridged IP IP over ATM
DSLAM
OC3/STM1 OC12/STM4 SONET/ATM 10 Gigabit Ethernet
Ethernet Switch
VPN
www.juniper.net
11
Main B-RAS Services As a B-RAS, the E-series system must support specific services and protocols commonly deployed in B-RAS environments. In a consumer edge environment, workstations might use DHCP to obtain an IP address. Depending on the network application, you can configure the E-series system to support workstations getting IP addresses dynamically by acting as a DHCP relay agent, acting as a DHCP local server, or working together with external DHCP servers. In dial-up environments using PPP, RADIUS AAA servers traditionally provided user password authentication, user authorization, and user accounting services to support billing for dial-up customers. The E-series system can work with RADIUS servers to maintain this traditional authentication and billing model for broadband technologies. Common B-RAS Protocols When terminating PPPoA and PPPoE sessions, PPP and RADIUS provide the utilities required to authenticate customers and perform accounting services. The Eseries system can also enable VPN support by tunnelling PPP sessions using the Layer 2 Tunneling Protocol (L2TP). Any E-series B-RAS can act as an L2TP access concentrator (LAC). With the addition of a service module or a line module that supports the use of shared tunnel-server ports, the E-series system can also act as a L2TP network server (LNS). Continued on next page.
1-11

Common B-RAS Protocols (contd.) The E-series system provides a comprehensive suite of IP multicast tools, including the Internet Group Management Protocol (IGMP), the Distance Vector Multicast Routing Protocol (DVMRP), and Protocol Independent Multicast (PIM) sparse and dense mode. These can be used to support content delivery services in a B-RAS environment.
1-12

www.juniper.net
13
E-series Router Dedicated Access Applications The following slides discuss E-series edge router support for dedicated access applications.
1-13
Dedicated Access Overview

What is dedicated access?
Private, static customer connection into the Internet or a VPN Connections between providers within the Internet Makes use of traditional Layer 2 protocols Frame Relay, PPP, or Ethernet Wide range of physical connectivity T3/E3, CT3, COCx/STMx, GE, 10 GE, OCx/STMx
Access
ADM FT1/E1
Internet
Edge
CT3 COC3/STM1 COC12/STM4 BGP4 OSPF IS-IS L2TP MPLS VPNs OC3/STM1 OC12/STM4 POS/ATM 10 Gigabit Ethernet
T1/E1
ADM ADM
Tier2 2 Tier ISP Network ISP Network
Gigabit Ethernet 10 Gigabit Ethernet
VPN
Dedicated Access Enterprise Customers
www.juniper.net
14
What Is Dedicated Access? Dedicated access defines the use of private (sometimes called leased) facilities to provide an individual business or enterprise site with a connection into the Internet or a VPN. Internet service providers (ISPs) connect to other ISPs using dedicated access connections. Typically, the IP addresses used on these connections are static in nature, unlike broadband remote access server (B-RAS) access lines. Dedicated access lines typically employ traditional Layer 2 protocols, such as the Point-to-Point Protocol (PPP), Ethernet, ATM, and VLANs. In this application, the E-series router aggregates many private lines onto a single, high-speed uplink, which feeds into an IP backbone. These Layer 2 protocols can use a wide range of physical connectivity including T3/E3, channelized T3, channelized 0C3/STM1 and 0C12/STM4, Fast Ethernet, Gigabit Ethernet, 10-Gigabit Ethernet, 0C3/STM1, 0C12/STM4, and 0C48/STM16. This chapter discusses the configuration and troubleshooting of PPP, Ethernet, ATM, and VLAN interfaces.
1-14
Dedicated Access Applications

Traditional private-line aggregation
Consolidating multiple low- and high-speed access lines into a single
aggregation point
Virtual private networks

Layer 2 virtual circuitsFrame Relay or ATM Virtual routers BGP MPLS VPNs (RFC 2547) IPSec
Traffic engineering using MPLS IP QoS

Multi-field classification Rate limits Policy routing
15
Private-Line Aggregation The most common deployment model of routers supporting dedicated access services is the consolidation of numerous low-speed interfaces onto a few highspeed links to the network's core routers. The result is that a few high-speed links to the core can support the traffic received from, and destined to, many individual lowspeed subscriber lines. Virtual Private Networks Service providers can also use dedicated access to support the establishment of VPN services. A VPN service provides a private network, so it enables the use of private and/or overlapping address space and provides enhanced security through encryption, traffic segregation, or both. The E-series router can provide layer 2 and layer 3 VPN services using virtual routers, the Border Gateway Protocol (BGP)/Multiprotocol Label Switching (MPLS), VPNs, L2TP, and/or IP Security (IPSec). Continued on next page.
1-15

Traffic Engineering The E-series router can provide traffic engineering through MPLS-based virtual circuits, referred to as label-switched paths (LSPs). The E-series router uses LSPs to facilitate the efficient use of network capacity. By directing certain types of traffic over predefined paths, the service provider can override the forwarding decisions that would be made by the interior gateway protocol (IGP) to prevent congestion and to back up QoS guarantees. IP QoS The E-series router allows a service provider to provide IP QoS to a dedicated access customer requiring specialized traffic handling as part of a particular servicelevel agreement (SLA). QoS classification can be based on various packet fields, and the router can provide traffic prioritization, rate limiting, and policy-based routing as needed.
1-16
Dedicated Access: Routing Protocols

E-series router supports carrier-grade routing protocols
BGP OSPF IS-IS RIP
Dedicated Access Enterprise Customers
FT1/E1 ADM
Access Edge
CT3 CHOC3/STM1 CHOC12/STM4 BGP-4 OSPF IS-IS L2TP MPLS VPNs
Internet
T1/E1
ADM ADM
OC3/STM1 OC12/STM4 SONET/ATM 10 Gigabit Ethernet
Tier Tier2 2 ISP ISP Network Network
Gigabit Ethernet 10 Gigabit Ethernet
VPN
www.juniper.net
17
Routing Protocols The E-series system is a carrier-class router that fully supports both the interior and exterior standards-based IP routing protocols used by service providers. The E-series system supports the Border Gateway Protocol (BGP) as an exterior gateway protocol (EGP). The system also supports all of the standards-based IGPs. Service providers typically use the Open Shortest Path First (OSPF) and Intermediate System-toIntermediate System (IS-IS) routing protocols to provide routing within their network. The E-series router also supports the Routing Information Protocol (RIP), which is sometimes used to receive dynamic routing information from customers on customerfacing interfaces.
1-17

www.juniper.net
18
The SDX-300 Policy and Network Management System The following slides discuss the functionality of the SDX-300 policy and network resource management system.
1-18
SDX-300 Overview
What is it?
Web-based portal for on-demand subscriber service selection and
service activation
Residential and enterprise environments
www.juniper.net
19
What Is the SDX-300? The Service Deployment System (SDX-300) is a Web-based portal that supports ondemand subscriber service selection and service activation. A sample deployment might be to support residential B-RAS customers who want to dynamically manage and control their own Internet connections. Through the portal, residential subscribers can upgrade or downgrade the speed of their Internet connections. The residential subscriber can activate a content service, such as on-line gaming or videos on demand, and only be charged for the content service while it is active. An enterprise deployment might allow an IT manager to control the access lines within an enterprise network. With the SDX-300, the IT manager can give certain types of traffic preference over others. Using the SDX-300, the IT manager can assign voice-over-IP (VolP) traffic to a higher queue and normal Web traffic to a lower queue on the E-series router. The IT manager might also want to dynamically increase the bandwidth on a specific access line during end-of-month processing.
1-19
The SDX-300 Tool Kit

Service Activation Service Accounting RADIUS
Subscriber Profile Service Profile Application Profile
Service Engine
COPS
Customized Network Profile DNS/DHCP, Radius Server Integration
LDAP
Subscribers & Services Directory
Policies via COPS Residential Subscribers

E-series
ISP1
ISP2 Content Provider
Enterprise Subscribers
www.juniper.net
20
The SDX-300 Tool Kit You can think of the SDX-300 as a software toolkit. A few of the tools in the kit include a demonstration portal that service providers can use as a starting point for customized portal development, a Lightweight Directory Access Protocol (LDAP)based directory for storing subscriber and service information, a Service engine for activating services on subscriber interfaces, and a RADIUS server for service accounting. Service providers can use these tools to quickly define and deploy new revenue-generating services and enhance their subscribers' network experience, while retaining full control of their underlying network. The SDX-300 enables service providers to take full advantage of Juniper Networks E-series routers' ability to assign policies to individual IP interfaces and provide a variety of sophisticated IP services. When a subscriber selects a particular service using the SDX-300's service selection portal, the SDX-300's service engine retrieves the appropriate service policies and subscriber profiles from an LDAP-based directory. Using the Common Open Policy Service (COPS) protocol, the service activation engine dynamically configures policies on the subscriber's IP interface. Using these dynamic policy rules, the E-series router manages the subscriber's service and generates RADIUS service accounting records. These service accounting records are stored in a RADIUS database, where they can later be accessed by billing applications.
1-20
Review Questions
1.What are two ways in which core and edge routers differ? 2.What are two similarities and two differences between BRAS and dedicated access services? 3.In what two ways can the SDX-300 provisioning system be deployed? 4.What is the purpose of the NMC-RX application?
www.juniper.net
21
This Chapter Discussed: The differing requirements of edge and core routers; The E-series router B-RAS applications; The E-series router dedicated access applications; and The SDX-300 policy and network resource management system.
1-21
www.juniper.net
22
1-22
Chapter 2:
E-series Router Hardware Architecture Overview
www.juniper.net
Module Objectives
Identify the Juniper Networks, Inc. E-series routers Describe the E-series systems carrier reliability features List and describe basic E-series router system architecture and hardware
components
Understand factors affecting wire-speed performance and how to control
oversubscription
Understand the basic packet flow through an E-series router Describe SRP redundancy options Describe line module redundancy configuration and operation
www.juniper.net
This Chapter Discusses: Juniper Networks, Inc. E-series routers; The E-series system's carrier reliability features; The E-series system architecture and hardware components; Factors affecting wire-speed performance and how to control oversubscription; The packet flow through an E-series router; Switch route processor (SRP) redundancy; and Line module redundancy configuration and operation.
Module 2: E-series Hardware Architecture
2-2
Agenda: EE-series Router Hardware Architecture

E-series Product Family and Chassis Types ERX-14xx/7xx/310 Architecture ERX320 Architecture Packet Flow Redundancy Hardware installation Notes
www.juniper.net
E-series Product Family and Chassis Types This chapter discusses the E-series router's hardware architecture. The following slides discuss the Eseries product family, including the different chassis types and carrier reliability features.
2-3
E -series Product Family (1 of 2)

ERX-320 Router
Large POPs and mega-POPs Wire-speed performance to line modules capacity 12 slots for line modules 100-Gbps or 320-Gbps switch fabric
ERX-1440 Router
Large POPs Wire-speed performance through OC48c 12 slots for line module 40-Gbps switching capacity
ERX-1410 Router
Medium to large POP 12 slots for line module 10-Gbps switching capacity
www.juniper.net
E320 Router The E320 router is specifically designed to deliver high-bandwidth edge connectivity with wire-rate forwarding and quality of service (QoS). The chassis supports 12 line modules. With the 100-Gbps switch fabric configuration, the E320 router is designed to allocate 10-Gbps throughput (in each direction) to each of the turbo slots (slots 2-3 and slots 4-5) and can terminate up to 64,000 subscriber connections. With the 320-Gbps switch fabric configuration, the E320 router allocates 10 Gbps of overall bandwidth to each regular slot and is capable of allocating 40 Gbps of overall bandwidth to each of the turbo slots. Using the 320-Gbps switch fabric configuration, the E320 router can terminate up to 96,000 subscriber connections. The shipping system will scale to support 128,000 subscribers in the future. The release notes identify all system maximums for a given software release. The E320 router supports SONET connections from 0C3c/STM1 through 0C48c/STM16, ATM, packet over SONET (POS), Gigabit Ethernet, and 10-Gigabit Ethernet. The E320 router does not share hardware components with the ERX-xxx routers, but it does run JUNOSe software. ERX-1440 Router The ERX-1440 router is well suited for the larger points of presence (POPs) or locations requiring highbandwidth configurations. This system has 12 slots for line modules and has a switching capacity of 40 Gbps. The ERX-1440 router aggregates thousands of subscribersboth broadband remote access server (B-RAS) and private lineonto high-bandwidth uplinks, such as 0C48c/STM16. ERX-1410 Router The ERX-1410 router is well suited for medium to large POPs. This system supports 12 line modules and has a switching capacity of 10 Gbps. It supports a variety of interfaces, ranging in speed from CT1/CE1 to 0C12c/STM4.
2-4
E -series Product Family (2 of 2)

ERX-705 and ERX-710 Routers
Environments where space is at a premium 5 slots for line modules 5-Gbps or 10-Gbps switch fabric
ERX-310 Router
Small, distributed environments 2 slots for line module 10-Gbps switch fabric
ERX-1440, ERX-1410, ERX-7xx, and ERX 310 routers share common line modules and input/output (I/O) modules
www.juniper.net
ERX-7xx Router The ERX-705 and ERX-710 routers are well-suited for small or medium POPs. This system supports up to five line modules and has a switching capacity of 5 Gbps (ERX-705) or 10 Gbps (ERX-710). Like the ERX-1410 router, the ERX-7xx routers aggregate both B-RAS and private-line subscribers onto high-bandwidth uplinks, such as 0C3c/STM1 or 0C12c/STM4. ERX-310 Router The ERX-310 router is designed for small, distributed environments. This router supports two line modules and has a switching capacity of 10 Gbps. The ERX-310 router supports connections up to 0C12c/STM4 and Gigabit Ethernet. Common Line Modules All E-series routers allow service providers to offer broadband session termination for some users, private-line services for others, and wholesale support for partners. The ERX-1440, ERX-1410, ERX7xx, and ERX-310 routers perform these functions using the same line modules, allowing you to use a single set of spares for all these models as well as allowing you to easily migrate between models. However, there are some compatibility restrictions. Please refer to the ERX Module Guide for detailed module compatibility information.
2-5
Carrier Reliability
Designed for continuous availability
Redundant line modules Redundant file system Hot-swappable components Distributed DC power Maximum rack density NEBS Level 3 compliant
ERX-310 does not offer redundant SRPs, line modules or file system
www.juniper.net
Nonstop Performance The E-series router is designed for continuous availability. The E-series router offers 1:n line module redundancy. In a redundant configuration, one standby line module can back up n number of active modules. In the case of line card failure, the redundant line module can take control without requiring a technician to swap cables. The services continue to run, and the subscriber downtime is minimal. In the event of a failure, system disruption is minimal, as you can remove and replace the line modules while the system is powered on. The file system is stored on redundant PCMCIA flash cards that can be synchronized automatically. The E-series router also supports redundant switch route processors (SRPs) and can seamlessly switch from the active to standby SRP in many configurations. The E320 switch fabric is also designed to provide redundancy with seamless failover. The E-series router runs on -48-volt DC power. The power distribution panel has redundant connections for the -48 volts, which are applied to redundant power busses on the system's midplane. Each line module is equipped with its own power conversion module, which draws on the -48 volts and generates the operating voltages for the card. With this innovative design, there is no central power supply whose failure would affect the entire chassis. (We also offer the ERX-310 platform in an ACpowered model. In that model, each power supply contains a power converter to supply DC power to the chassis.) Continued on next page.
2-6

Nonstop Performance (contd.) In the ERX-14xx series, air is drawn in through a built-in plenum on the bottom front of the unit, across the line modules, and out through a fan tray in the top of the chassis. Each ERX-14xx series router has an angled piece of metal built into the bottom of the chassis, allowing up to three units to be stacked in a single equipment rack. If an ERX-7xx router must be racked above an ERX-14xx series router, you must install a plenum on top of the ERX-14xx series router to allow adequate airflow. The plenum is not integrated into the ERX-7xx series routers. The E-series routers are Level 3 Network Equipment Building Systems (NEBS) certified. NEBS verification, based on Telecordia guidelines, certifies that the system is optically, electrically, and physically compatible with new and existing network environments. ERX-310 Router The ERX-310 router's design reflects the fact that it was designed to operate in a different environment than the other E-series routers. Its small form factor is designed for locations where space is at a premium. Additionally, it supports AC power inputs, as it might be deployed in locations without preexisting DC power. However, due to its small size, it does not support redundant SRPs, switch fabrics, line modules, or file systems.
2-7

E-series Product Family and Chassis Types ERX-14xx/7xx/310 Architecture ERX320 Architecture Packet Flow Redundancy Hardware installation Notes
www.juniper.net
ERX-14xx/7xV310 Architecture The following slides discuss the ERX-14xx, ERX-7xx, and ERX-310 router architecture, including the switching capacity of each model, oversubscription, and the significance of slot groups.
2-8
ERXERX -310, ERXERX-7xx & ERXERX-14xx System Architecture

Rear I/O Modules
Slot # 0 1 2 3 4 5
SRP I/O Module

6 7 8 9 10 11 12 13
Connection via Passive Midplane
Front Line Modules
SRP with Optional Redundant SRP
www.juniper.net
ERX-310, ERX-7xx, and ERX-14xx System Architecture Overview The E-series router uses a highly distributed, multiprocessor architecture that pushes packet processing functions to each line module in the system. The midplane is built with passive components and provides the connections for distributing the clock and enabling module-to-module communication. The modules that attach to the midplane include: Line modules: These modules are located in the front of the E-series router and handle packet processing and packet forwarding. They do not have physical connectors. The ERX1410 chassis supports 12 line modules. The ERX-705 chassis supports five line modules installed horizontally (not shown). The ERX-310 chassis supports two line modules installed horizontally (not shown). Input/output modules: I/O modules are installed in the rear of the E-series system and provide the physical ports for the network connections. These modules have passive components and a high mean time between failure (MTBF). The I/O modules are mated with compatible line modules through a passive midplane. The I/O modules and line modules are manufactured to prevent an I/O module from being mated with an incompatible line module. Switch route processor: The SRP connects all the internal data paths in the chassis via the switch fabric. It also performs the routing protocol processing. The route processor runs the routing protocol processes, such as OSPF and BGP, and sends routing tables and updates to the line modules. Each line module maintains separate forwarding tables, enabling it to make forwarding decisions locally. This design takes the route processor out of the forwarding path for most traffic. The SRPs are installed in slot 0 in the ERX-310 router, slots 0 and 1 in the ERX-7xx router, and in slots 6 and 7 in the ERX-14xx router. The SRP used in the ERX-310 is not interchangeable with the SRP used in the ERX-710 and ERX-1410, even though both have 10-Gbps switch fabrics.
2-9
ERXERX -310, ERXERX-7xx and ERXERX-14xx SRPs

Route processor
Monitors and manages the system Processes routing protocol messages, maintain routing table Provides management interface (CLI, SNMP) Manages the chassis clock
Switch fabric
Manages internal connections between ingress and egress ports 5, 10 cell-based 40 Gbps frame-based
www.juniper.net
10
Route Processor The route processor is responsible for the following tasks: Software image and configuration file storage using a PCMCIA flash card (currently, a 1 gigabyte flash card ships with each SRP); Booting the system and downloading the executable software image to each line module; Running all routing protocol processes, such as BGP, OSPF or IS-IS; Monitoring fans, power, and temperature; Controlling the SRP I/O module, which provides a RS232 console port via a null modem cable as well as a 10/100 Ethernet port for management; and Managing the command-line interface. Switch Fabric The switch fabric is a high-performance 5-, 10-, or 40-Gbps switching fabric that connects all the internal data paths in the chassis. The 5-Gbps and 10-Gbps switching fabric is cell-based and the 40Gbps switching fabric uses a high-speed serial interface. The The fabric's functions include buffer management, queuing, scheduling, and packet discard. It also manages the internal connections between ingress and egress ports. Each ERX-310, ERX-7xx, and ERX-14xx router requires one SRP; however, an additional SRP is typically installed for redundancy. The ERX-310 router only supports a single SRP.
2-10
5-Gbps and 10 -Gbps Switch Fabric

How do the line modules connect to the switch fabric? What is a slot group?
2 x UTOPIA II 622 Mbps (622*2=1.25) 2 x UTOPIA II 622 Mbps (622*2=1.25)
Switch Fabric 5 or 10 Gbps
Line Module
Slot Group 1 2.5 Gbps
Line Module
Line Module
Line Module
www.juniper.net
11
Line Module and Switch Fabric Connection The E-series router uses the switch fabric to interconnect all line modules within the router. The switch fabric operates at 5 Gbps (ERX-705), 10 Gbps (ERX-310, ERX-710, and ERX-1410), or 40 Gbps (ERX-1440). The line modules use Universal Test and Operations Physical Interface ATM (UTOPIA II) buses to communicate with the switch fabric. Both the ERX-7xx and ERX-1410 routers support eight pairs of UTOPIA II buses. Slot Groups Each UTOPIA II bus is wired to a specific group of line modules. We refer to this specific group of line modules as a slot group. When an SRP-5G+ (providing a 5-Gbps switch fabric) or SRP-10G (providing a 10-Gbps switch fabric) is installed in an ERX -7xx or ERX-1410 router, each slot group has two active UTOPIA II buses. For example, this slide shows a 10-Gbps switch fabric. If this fabric was installed in an ERX-1410 router, then you would see that the router has four slot groups with three line modules per slot group. Each slot within a slot group shares the pair of UTOPIA II buses. The older SRP-5G, which is no longer sold, used only one of the wired UTOPIA II buses in each slot group.
2-11
ERX-1410 and ERX-705 Slot Groups

6 5 4 3 2 1 0
Edge Routing Switch

0 1 2 3

8 9 10 11 12 13
Slot Group 4 Slot Group 3 Slot Group 2 Slot Group 1
4 5
Slot Group 1 Slot Group 2

www.juniper.net
ERX-1410
12
ERX-1410 and ERX-705 Slot Groups A slot group is a specific group of card slots that share common UTOPIA II buses. The E-series router is organized into slot groups through the system's midplane. A slot group in an ERX-1410 router is made up of three adjacent chassis slots. The ERX-1410 slot groups are: Slot group 1: slots 0-2; Slot group 2: slots 3-5; Slot group 3: slots 8-10; and Slot group 4: slots 11-13. Slot group 1: slots 2-3; Slot group 2: slot 4; Slot group 3: slot 5; and Slot group 4: slot 6.
The ERX-705 slot groups are:
2-12
Calculating Switching Capacity (Part 1 of 2)

Switch Fabric 10 Gbps (5 Gbps per switch)
2 x UTOPIA II 622 Mbps (622*2=1.25)
2 x UTOPIA II 622 Mbps (622*2=1.25)
Line Module
Line Module
Line Module
Line Module
www.juniper.net
13
Calculating Switching Capacity Each UTOPIA II bus operates at 622 Mbps, full duplex. A 10-Gbps switch fabric provides two UTOPIA II buses to each slot group and two UTOPIA II buses from each slot group. Each slot group provides 1.25-Gbps full-duplex bandwidth, or approximately 2.5-Gbps total bandwidth. There are four slot groups per E-series router. Therefore, [(622 * 2 inbound bandwidth) + (622 * 2 outbound bandwidth)] * 4 slot groups = 10 Gbps. Two 5-Gbps switchesreferred to as the top and bottom switchesprovide the 10-Gbps switch fabric capacity. Each of the two UTOPIA II buses from each slot group each connect to a different switch. The same is true for the connections from the switches to the slot group. So, each switch provides half the bandwidth available to each slot group (622 Mbps per switch in each direction, or 1.25 Gbps in total). Each kind of line module is designed to use a particular switch, to use both switches, or to use either switch.
2-13
Calculating Switching Capacity (Part 2 of 2)

Switch Fabric 5 Gbps (2.5 Gbps per switch)
2 x UTOPIA II 622 Mbps (622*2=1.25)
2 x UTOPIA II 622 Mbps (622*2=1.25)
Line Module
Line Module
Line Module
Line Module
www.juniper.net
14
Calculating Switching Capacity Each UTOPIA II bus operates at 622 Mbps, full duplex. With the 5-Gbps switch fabric (found on the SRP-5G+), all UTOPIA II busses are active, but the overall switch fabric capacity is still only 5 Gbps. Bandwidth is allocated to each slot group based on the requirements of the installed line modules. Like the 10-Gbps switch fabric, the 5-Gbps switch fabric has two switches that each provide 2.5 Gbps of switching capacity. The two UTOPIA II buses from each slot group each connect to a different switch. The same is true for the connections from the switches to the slot group. So, each switch provides half the bandwidth available to each slot group (622 Mbps per switch in each direction, or 1.25 Gbps in total).
2-14
Guaranteeing WireWire-Rate Performance

ERX-1410
Edge Routing Switch

0 1 2 3

8 9 10 11 12 13
4 5
To guarantee full line-rate performance on the ERX7xx/1410:

Sum of the line modules
bandwidth cannot exceed the slot group overall bandwidth

Sum of the line modules
bandwidth per switch cannot exceed the slot group bandwidth for that switch
ERX-705 only : sum of all line
modules bandwidth cannot exceed 5 Gbps
www.juniper.net
15
Guaranteeing Full Wire-Rate Performance The system proportionally allocates bandwidth to each line module within a slot group based on the line modules' bandwidth requirements. If one line module within a slot group is busy and one line module is idle, the available bandwidth is dynamically reallocated to the busy line module. When the idle line module becomes active, the bandwidth is once again reallocated. Note, however, that bandwidth cannot be shared between slot groups. For line modules to offer wire-rate performance, the sum of the line module bandwidths in a slot group cannot exceed the slot group bandwidth nor can the sum of the bandwidth the line modules in a slot group require of each switch exceed the amount of bandwidth that switch can provide to that slot group. Also, for the ERX-705 the sum of the bandwidth of all cards in the chassis cannot exceed 5 Gbps. The default behavior on the E-series router is to have bandwidth oversubscription enabled. You can configure the E-series router to prohibit oversubscription with the CLI command no bandwidth oversubscription. The JUNOSe System Basics Configuration Guide documents the amount of bandwidth each line module requires and the switch(es) it uses.
2-15
WireWire-Rate Performance Examples

Example
ERX-1410
Edge Routing Switch
ERX-7xx router with SRP-10G Gigabit Ethernet line module

0 1 2 3

8 9 10 11 12 13
4 5
consumes approxximately 2.46 Gbps and uses both switches

Install only one GE line module
per slot group
Example
ERX-1410 router with SRP-10G OCx/STMx ATM line module
consumes 1.22 Gbps and uses both switches

Install no more two OCx/STMx
ATM line module per slot group

16
Example 1 Assume we have an ERX-710 router. This configuration provides 2.5-Gbps total bandwidth to each slot group, half of which is provided by each switch. A Gigabit Ethernet line module requires 2.46-Gbps bandwidth and uses both switches. To guarantee wire-rate performance, we can install only one Gigabit Ethernet module in a slot group. The other slots in the slot group must remain unoccupied. Example 2 To consider another example, assume we have an ERX-1410 router with a 10-Gbps switch fabric. This configuration provides 2.5-Gbps total bandwidth to each slot group, half of which is provided by each switch. An OCx/STMx ATM line module requires 1.22-Gbps bandwidth and uses both switches. To guarantee wire-rate performance, we can only install two OCx/STMx line modules in a slot group. The other slots in the slot group must remain unoccupied. If we want to ensure that we do not accidentally install cards later that will cause oversubscription, we must configure the system with the no bandwidth oversubscription configuration option. We must reboot the router for this configuration change to take effect. We can verify this configuration option using the CLI command show bandwidth oversubscription. For more examples of card combinations that guarantee line-rate performance, refer to the JUNOSe System Basics Configuration Guide. Also, note that some line modules are not compatible with all systems. Please refer to the [-series Module Guide for detailed module compatibility information.
2-16
Oversubscribing a Slot Group

To allow slot group bandwidth oversubscription:
Use any combination of cards in a slot
ERX-1400
Edge Routing Switch
group
Line modules automatically adjust
bandwidth depending on bandwidth available

Dual-port OC3 and FE-2 line modules
0 1
4 5
8 9 10 11 12 13
do not adjust bandwidth
Example:
ERX-1410 router with 10-Gbps fabric Gigabit Ethernet line module

consumes approximately 2.46 Mbps

Install two or three Gigabit Ethernet
line modules per slot group

17
Allowing Slot Group Bandwidth Oversubscription If less than wire-rate performance is acceptable, the sum of the line module bandwidths in a slot group can exceed the slot group bandwidth. This behavior is allowed if the configuration command bandwidth oversubscription is configured, which is the default configuration on the E-series router. To allow lower than wire-rate performance, you can use any combination of line modules in any slot. In this mode, all line modules automatically adjust their bandwidth use depending on the bandwidth available. For example, if one line module is idle, the other line modules in the slot group can take advantage of the extra bandwidth. Example Assume we have an ERX-710 router. This configuration provides 2.5-Gbps total bandwidth to each slot group, half of which is provided by each switch. A Gigabit Ethernet line module requires approximately 2.46-Gbps bandwidth. To oversubscribe the slot group and allow lower than wire-rate performance, two or three Gigabit Ethernet line modules can be installed in a single slot group.
2-17
Route Update Processing

25 Mbps in-band for routing updates UTOPIA I
Switch Fabric 10 Gbps Route Processor

UTOPIA I
Routing table updates every 3 seconds
Control Bus (Serial)
Line Module
Line Module
Line Module
Line Module
Route Update
www.juniper.net
18
Routing Table Processing The route processor function of the SRP runs the routing protocols and generates the routing tables distributed to the individual line modules. When a routing update arrives at a line module, the destination address is evaluated for forwarding. All packets with a local destination address or a wellknown multicast address are sent to the route processor. There are mechanisms in place to prevent a traffic storm from overwhelming the SRP or its connection to the switch fabric. The route processor evaluates the information received in the routing update packet and determines if any routing information needs to be updated. Every 3 seconds, the route processor distributes routing table changes to each affected line module. Routing tables are distributed from the route processor to the line modules using a 25-Mbps in-band UTOPIA I interface. If no change occurred, the route processor does not send any updates.
2-18
ERXERX-1440 Hardware Architecture
140 Mbps (proprietary bus)
Switch Fabric (40 Gbps)
Route Processor
5.0 Gbps 1.25 Gbps 1.25 Gbps 5.0 Gbps 5.0 Gbps 5.0 Gbps 1.25 Gbps 1.25 Gbps
Line Card
Line Line Line Line Line SRP Card Card Card Card Card
SRP
Line Line Line Line Line Line Card Card Card Card Card Card
Slot 0
Slot 1
Slot 2
Slot 3
Slot 4
Slot 5
Slot 6
Slot 7
Slot 8
Slot 9
Slot 10
Slot 11
Slot 12
Slot 13
I/OA
I/OA
I/OA
I/OA
I/OA
I/OA I/OA
I/OA
I/OA
I/OA
I/OA
I/OA
I/OA
I/OA
www.juniper.net
19
ERX-1440 Hardware Architecture Architecturally, the ERX-1440 router operates in the same fashion as the ERX-705 and ERX-1410 routers. The main difference is the switch fabric capacity. The ERX-1440 uses the same basic chassis enclosure as the ERX-1410 router, but it supports a new midplane and the 40-Gbps switch fabric. The ERX-1440 router supports the existing ASIC line modules but does not support the low-speed, nonASIC line modules. For detailed line module compatibility information, please refer to the E-series Module Guide. The 40-Gbps switch fabric is measured in the same way as the 5-Gbps and 10-Gbps fabrics (40 Gbps total, 20 Gbps in each direction). This switch fabric sends and receives data at a rate of 1.25 Gbps in each direction per slot. With this fabric, all line modules operate at wire speed, eliminating previous slot group configuration limitations. Juniper Networks designed the 40-Gbps switch fabric for customers who require both full-performance bandwidth as well as 0C48c network uplinks. The fabric includes two slots with additional bandwidth (10 Gbps total, 5 Gbps in each direction) to support 0C48 line modules. The 0C48 line module is a double-wide card that can only be installed in slots 2/3 and 4/5. Configuring both 0C48 slots on the same side of the switch fabric allows the E-series router to support a redundancy midplane for the 0C48 line card. These slots also support regular, single-slot, ASIC-based cards. The card type single-wide versus double-wideis automatically detected when installed. Line modules connect to the 40-Gbps switch fabric using a high-speed serial link instead of UTOPIA II buses. Line modules actually have two different types of connections installed: a high-speed serial interface and the UTOPIA II buses. When a line module is connected to the 5- or 10-Gbps fabric, the UTOPIA II buses are active. When a line module is connected to the 40-Gbps fabric, the high-speed serial interface is active.
2-19

E-series Product Family and Chassis Types ERX-14xx/7xx/310 Architecture ERX-320 Architecture Packet Flow Redundancy Hardware installation Notes
www.juniper.net
20
E320 Architecture This following slides discuss the architecture of the E320 Broadband Services Router.
2-20
E320 Architecture
Rear I/O Adapters
Slot # 0 1 2 3 4
PDU and SRP I/O Adapter

5 11 12 13 14 15 16
Connection via Passive Midplane
Front Line Modules Access Uplink
SRPs (slot 6 and 7 positioned on top) and Switch Fabric Modules (slots 8-10 on the bottom)
www.juniper.net
21
E320 Architecture Overview Like the other E-series routers, the E320 router uses a highly distributed, multiprocessor architecture to allow distributed wire-rate forwarding and QoS. The components include: Input/output adapters: I/O adapters are installed in the rear of the E-series system and provide the physical ports for the network connections. Up to two half-height or one fullheight I/O adapter can be installed in each slot. The E320 I/O adapters handle some of the layer 2 processing and communicate the frames to the line modules in a standardized way. This design allows the line modules to operate in the same way regardless of the type of I/O adapter installed, allowing a single line module to support different kinds of I/O adapters. The I/O adapters are mated with the line modules through a passive midplane. Most I/O adapters provide the physical interconnection to the network using small form-factor pluggable transceivers (SFPs). Line modules: These modules are located in the front of the E-series router and handle packet processing and packet forwarding. They do not have physical connectors, as the physical connectors reside on the I/O adapters. The E320 router supports up to 12 line modules. A single line module can support any I/O adapter or combination of I/O adapters that communicates with it at a compatible speed. You can use a line module for either access or uplink. Access line modules receive traffic from low-speed circuits, and the system routes the traffic onto higher-speed uplink line modules and then to the core of the network. Currently, three line modules are available: the LM-4 and LM-10 access line modules and the LM-10 uplink line module. Line module slot placement is dependant on the switch fabric bandwidth. We discuss this topic in greater detail later in the chapter. Continued on next page.
2-21

E320 Architecture Overview (contd.) Switch route processor: The switch route processor (SRP) runs the routing protocol processes, such as OSPF and BGP, and sends routing tables and routing table updates to the line modules. Each line module maintains separate forwarding tables, enabling it to make forwarding decisions locally. This takes the route processor out of the forwarding path for most traffic. Each SRP card also contains a switch fabric module, which is logically separate from the route processor even though they both reside on the same physical card. The SRPs are half-height cards that reside in slots 6 and 7. Switch fabric modules: The E320 router has a distributed, shared memory switch fabric. Five switch fabric modules (SFMs), two located on the SRP cards and three on standalone cards, form the redundant switch fabric for the system. The standalone switch fabric modules are half-height cards installed in slots 8, 9, and 10. The switch fabric modules and SRPs must all be designed for the same switch fabric bandwidth.
2-22
E320 100100-Gbps Switch Fabric
3.43 Gbps
3.43 Gbps
13.7 Gbps
13.7 Gbps 13.7 Gbps 13.7 Gbps
3.43 Gbps
3.43 Gbps
Route Processor
Control Plane (200 Mbps)
Line Card
Line Line Line Line Line Card Card Card Card Card
Slot 0
Slot 1
Slot 2
Slot 3
Slot 4
Slot 5
Slot 8
Slot 9
Slot 10
Slot 11
Slot 12
Slot 13
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
www.juniper.net
23
E320 100-Gbps Switch Fabric Capacity You can install line modules in slots 0-5 and 11-16. When configured with the 100-Gbps switch fabric, slots 0-1 and 11-16 connect to the switch fabric at 3.43 Gbps full duplex (6.86 Gbps total). Each slot accommodates a single 4-Gbps line module (LM-4). These slots cannot accommodate a 10-Gbps line module (LM-10). The E320 platform has two turbo slotsslot 2 and slot 4. Each turbo slot can use the bandwidth allocated to the slot pairs 2/3 and 4/5. When using the 100-Gbps switch fabric, the two pairs of slot (2/3 and 4/5) each connect to the switch fabric at 13.7 Gbps full duplex (27.4 Gbps total). You can install one LM-10 in each turbo slot. When a LM-10 is installed in one of the turbo slots (slot 2 or 4), you cannot install a line module in the other slot (3 or 5, respectively) within that pair. The SRP communicates with each line card over a low-speed serial control bus. It also communicates with the line cards over a 200-Mbps control plane. This faster connection is used for routing table updates, image downloads, packets destined to and from the SRP, and other control traffic. Oversubscription The 4-Gbps line module is capable of processing between 2.2 and 3.5 Gbps in each direction (including overhead). Therefore, you are not likely to oversubscribe the connection between the switch fabric and the line modules. However, it is possible to oversubscribe the connection between the I/O adapter and the line module, which supports a 4-Gbps aggregate data rate in each direction with the 4Gbps line module and compatible I/O adapters. It is also possible to exceed the line module's processing capacity without overutilizing the link between the line module and the I/O adapter.
2-23
E320 320320-Gbps Switch Fabric
10 Gbps
10 Gbps
10 Gbps
10 10 Gbps Gbps
10 Gbps
10 Gbps
10 Gbps
Route Processor
Control Plane (200 Mbps)
Line Card
Line Line Line Line Line Card Card Card Card Card
Slot 0
Slot 1
Slot 2
Slot 3
Slot 4
Slot 5
Slot 8
Slot 9
Slot 10
Slot 11
Slot 12
Slot 13
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
I / O A
www.juniper.net
24
E320 320-Gbps Switch Fabric Capacity When configured with the 320-Gbps switch fabric, all slots connect to the switch fabric at 10 Gbps full duplex (20 Gbps total). With the 320-Gbps switch fabric, any line module can go in any slot. Recall that the E320 platform has two turbo slotsslot 2 and slot 4. Each turbo slot can use the bandwidth allocated to the slot pairs 2/3 and 4/5. Therefore, the turbo slots actually have extra bandwidth connections for potential future enhancements. Today, no line modules require more than 10 Gbps of bandwidth. In the future there might be line modules requiring more than 10 Gbps of bandwidth. The 320 Gbps SRP and SFM use the same chassis and midplane as the 100 Gbps SRP and SFM. Upgrading to the 320 Gbps SRP and SFM only requires board swaps.
2-24
E320 SRP and Switch Fabric

Route processor

Monitors and manages the system Processes routing protocol messages, maintain routing table Provides management interface (CLI, SNMP) Manages the chassis clock Manages switch fabric Provides internal forwarding plane between ingress and egress ports 100 or 320 Gbps frame-based 5 slices : 2 on SRPs (slot 6 and 7) and 3 on switch fabric modules (slots 8-10)
Switch fabric
Redundancy
1:1 route processor redundancy 1:4 switch fabric redundancy SRPs and SFM must be the same type
www.juniper.net
25
Route Processor The route processor is responsible for the following tasks: Software image and configuration file storage using a PCMCIA flash card; Booting the system and downloading the executable software image to each line module; Running all routing protocol processes, such as BGP, OSPF or IS-IS; Maintaining the routing table and distributing it to the line modules; Managing the switch fabric; Monitoring fans, power, and temperature; Controlling the SRP I/O adapter, which provides a RS232 console port via a null modem cable as well as a 10/100 Ethernet port for management; and Providing management interfaces to the system via the command-line interface (CLI) and the Simple Network Management Protocol (SNMP).
Continued on next page.
2-25

Switch Fabric The switch fabric is a high-performance, shared-memory, 100-Gbps or 320-Gbps distributed switch fabric that connects all the internal data paths in the chassis. The fabric is frame-based and supports QoS. Because the switch fabric uses shared memory buffers, a multicast packet can be written to the switch fabric one time and read by every line module that needs to transmit that packet. This results in very efficient handling of multicast traffic. A fully populated switch fabric is composed of five slices, one of which resides on each SRP and standalone switch fabric module. Four slices are active at any given time, while the fifth provides redundancy. The fabric slice on the SRP is logically separate from the route processor portion, allowing the two to operate independently. This design provides both increased efficiency and redundancy. It is possible that the route processor on an SRP could fail while the switch fabric slice on that card continues to function normally and vice versa. This scenario allows continued 1:4 switch fabric redundancy while awaiting the replacement of the failed route processor. SRP and Switch Fabric Module Requirements The E320 router requires one SRP and at least four working switch fabric slices to function correctly. Installing a second SRP provides redundancy for both the route processor and switch fabric. The type of SRP module directly corresponds to the type of SFM module. You can only use an SRP100 module with an SFM-100 module. An SRP-100 module cannot be used with an SFM-320 module. Likewise, all SRP modules must be the same type. You cannot install an SRP -100 module and an SRP-320 module in the same router.
2-26

www.juniper.net
27
Packet Flow The following slides discuss how packets flow through the E-series router.
2-27
ERX-14xx/7xx/310 Packet Flow (1 of 2)

E-series Router
Ingress
Ingress Line Module Switch Fabric Egress Line Module
Egress
IFC - Ingress Forwarding Controller IFA - Ingress Forwarding ASIC
EFC - Egress Forwarding Controller EFA - Egress Forwarding ASIC Fabric Egress FC Egress FA Egress PHY
IFC
Ingress PHY
IFA
Ingress Line Module
Switch Route Processor
Egress Line Module
www.juniper.net
28
ERX-14xx/7xx/310 Router Packet Flow Overview This slide illustrates the forwarding path of IP datagrams through the ERX-14xx, ERX-7xx, and ERX310 routers. The ingress physical interface on the I/O module receives the frame and passes it to the ingress line module. There, the layer 2 header is removed from the IP packet and the ingress forwarding controller performs a route lookup in a local routing table. As a result of the lookup, the egress interface is identified. The ingress forwarding controller applies a proprietary 4-byte route tag to the IP packet and chooses a bus for forwarding the packet across the switch fabric. The ingress forwarding ASIC manages the queuing and scheduling of data forwarded to the switch fabric. On an ERX-7xx router and an ERX-1410 router using ASIC-based line modules, the ingress and egress line modules are responsible for the segmentation and reassembly (SAR) functionality. On the ERX-1440 and ERX-310 routers, the switch fabric performs the SAR functionality. The switch fabric uses the route tag to identify and forward the packet across the appropriate internal virtual path identifier/virtual channel identifier (VPI/VCI) to the egress forwarding controller on the egress line module. The egress forwarding controller on the line module strips the route tag, handles multicast extrapolation, layer 2 encapsulation, layer 2 addressing, and, if necessary, the Address Resolution Protocol (ARP) processing. Once the packet is encapsulated for the egress interface, the egress forwarding controller sends the packet to the egress forwarding ASIC. The egress forwarding ASIC schedules and transmits traffic onto the egress network interface. All traffic flows are handled at wire speed.
2-28
ERXERX-14xx/7xx/310 Packet Flow (2 of 2)

Switch Fabric IFC Slot 1 IFA
Line Module EFA EFC
IFC Slot 2
IFA
Line Module EFA EFC
IFC Slot 3
IFA
Line Module EFA EFC
www.juniper.net
29
Forwarding a Packet over the Switch Fabric The switch fabric is central to the forwarding of traffic between ingress and egress ports on the Eseries router. When the E-series router boots, the SRP establishes a full mesh of ATM PVCs across the switch fabric for each QoS class (up to 8), connecting each ingress forwarding controller to every egress forwarding controller. For simplicity, this slide shows only one full mesh. These virtual circuits provide the path for forwarding packets to each interface card. This slide assumes that ASIC-based line modules are installed. If a packet comes in one interface on a line module and is destined for a different interface on the same line module, the packet will still traverse the switch fabric.
2-29
E320 Router Packet Flow (1 of 2)

E-series Router
Ingress
Ingress Line Module Switch Fabric Egress Line Module
Egress
FRA Frame Receive ASIC PIA Processor Interface ASIC FFA Frame Forwarding ASIC
EFI - Egress Fabric Interface FPGA IFI - Ingress Fabric Interface FPGA Fabric
FRA
Ingress PHY
PIA
FFA IFI
EFI
FRA
PIA
FFA
Egress PHY
Ingress Line Module
Switch Route Processor
Egress Line Module
www.juniper.net
30
E320 Broadband Services Router Packet Flow This slide illustrates the forwarding path of IP datagrams through the E320 Broadband Services Router's 4-Gbps line module. The ingress physical interface on the I/O adapter receives the frame, the I/O adapter performs some layer 2 processing and sends the processed frame to the line module. There, the Frame Receive ASIC, which receives and reassembles packet chunks, performs some initial processing on the packet. The Frame Receive ASIC then sends the packet for processing through a Processor Interface ASIC. There are two Processor Interface ASICs, each of which coordinates the work of multiple processors. These processors perform most of the processing work on the packet, with hardware assistance from field-programmable gate arrays (FPGAs). Where the traffic is destined for a local IP address or a multicast group that the SRP has joined (such as the OSPF multicast addresses, if the router is running OSPF), the processor will forward the packet to the SRP through the internal 200-Mbps control plane. Otherwise, the packet is sent to the Frame Forwarding ASIC, which reorders and buffers packets to be sent to the switch fabric. The data is actually transmitted to the switch fabric through the ingress fabric interface FPGA, which organizes and sends packets to the switch fabric. Continued on next page.
2-30

E320 Broadband Services Router Packet Flow (contd) The switch fabric then sends the packets to the destination line module, where the egress fabric interface FPGA processes the data received from the fabric, reassembles the packet, and sends it to the Frame Receive ASIC. Just as on the input line module, the packet is next sent to the Processor Interface ASIC, which sends it to the Frame Forwarding ASIC after processing. The Frame Forwarding ASIC then sends the packet to the I/O adapter to be transmitted on the wire. The bulk of the packet flow through a 4-Gbps line module is always the same whether the packet came from the switch fabric or the I/O adapter. Regardless of source, packets traversing the router will always be processed by the Frame Receive ASIC, Processor Interface ASIC, and the Frame Forwarding ASIC. Packets traversing the router will always be sent through the switch fabric, even when the output line module is the same as the input line module. The only exception to this is traffic destined for or sent from the SRP. That traffic is instead sent via the internal 200-Mbps control plane. Mechanisms exist in the software, however, to prevent the control plane from becoming saturated with traffic.
2-31
E320 Router Packet Flow (2 of 2)

Switch Fabric IFI EFI
Q1 Q2 Q3 Q4 Q5 Q6 Q7 Q8
IFI EFI
Q1 Q2 Q3 Q4 Q5 Q6 Q7 Q8
IFI EFI
Q1 Q2 Q3 Q4 Q5 Q6 Q7 Q8
www.juniper.net
32
Forwarding a Packet over the E320 Switch Fabric The switch fabric is central to the forwarding of traffic between ingress and egress ports on the E320 router. The E320 uses a frame-based, rather than cell-based, switch fabric. The switch fabric is designed to support multiple QoS classes per line module. This slide depicts traffic from one line module being sent through the switch fabric and sorted by both outgoing line module and QoS queue (Q1, Q2, etc.). Note that even traffic destined for the incoming line module traverses the switch fabric.
2-32

www.juniper.net
33
Redundancy This following slides discuss Switch Route Processor (SRP) and line module redundancy on the Eseries systems.
2-33
E-Series Router SRP Redundancy (1 of 2)

File system synchronization mode :
Primary/standby SRP File system redundancy System release, configuration, script, and macro files synchronized One-way synchronization
erx3#show redundancy srp high-availability state: disabled current redundancy mode: file-system-synchronization last activation type: cold-start
Criteria Preventing High Availability from being Active -------------------------------------------------------criterion ---------------------------------High Availability mode configured? met --No
www.juniper.net
34
File System Synchronization By default, the SRPs use a 1:1 warm redundancy scheme, providing file system redundancy between the two SRPs and their flash cards. When the system contains two SRPs, one SRP acts as the primary and the second acts as a standby. By default, the SRP located in the lower slot becomes the primary SRP. The SRP modules record their latest roles and retain them the next time the router boots. When configured to use this kind of redundancy, the primary SRP runs the system. The standby SRP is booted but not operational. The standby flash card is synchronized to the primary flash card every 5 minutes. The synchronization process is one wayprimary to standby. System releases, configuration, scripts, and macro files are synchronized. Log, history, and statistics files are not synchronized. If a file on the standby flash card is not on the primary flash card, it is deleted. If the primary SRP fails, the standby SRP assumes control. The line modules will reload, adjacencies will be reformed, and routing tables will be rebuilt. You can disable the synchronization process. You might want to disable the synchronization function while copying a new system release across the network to the router. You can also manually initiate the synchronization process.
2-34
E-Series Router SRP Redundancy (2 of 2)

High availability mode
Provides the same synchronization as file system synchronization mode Transaction-based mirroring to ensure rapid SRP recovery During SRP switchover:
Line modules remain operational and continue to forward traffic User connections remain active and forwarding continues through the chassis New configuration changes are prevented until switchover is complete
Application behavior:
Supported and unsupported applications Gracefully recover using mirrored static and dynamic information such as IP, PPP, and PPPoE Recover using static configuration only; no run -time state is restored
www.juniper.net
35
High-Availability Mode When using this mode of redundancy, there is again a primary and standby SRP, chosen the same way as in the file system synchronization redundancy mode. In addition to keeping the contents of NVS synchronized, high-availability mode keeps state and dynamic configuration data from the SRP memory synchronized between the primary and standby SRP modules. When high-availability mode is enabled, SRP modules are synchronized using an initial bulk transfer of data. Once a stable highavailability mode state is reached, transactions (BGP updates, configuration changes, B-RAS session starts/stops, and so forth) occurring on the primary SRP are replicated to the standby SRP for processing. If the primary SRP fails, the standby SRP takes over management of the system. While the standby (now primary) SRP applies any outstanding transactions (maximum of 5 minutes), no new B-RAS sessions or router configuration changes are allowed. However, all existing end-user connections remain active and the system continues to forward traffic. For this reason, this kind of SRP redundancy is also called stateful SRP switchover mode. Continued on next page.
2-35

High-Availability Mode (contd.) Applications or protocols are either supported or unsupported by high-availability mode. When a switchover occurs, supported applications can react in one of two ways. Most applications, such as IP, PPP, and PPPoE interfaces, recover gracefully using mirrored static and dynamic information and remain active. Some applications, such as Telnet and FTP sessions, do not recover gracefully. No runtime state is maintained and sessions must be restarted. By default, routing protocols such as OSPF, IS-IS, and BGP will lose state. Packets continue to be routed using the current forwarding tables on the line modules. Adjancencies and connections will have to be reformed, link-state databases must be rebuilt, and so on. These protocols can gracefully recover when the graceful restart extensions are enabled. Keep in mind that a switchover using high-availability mode will be much faster and downtime less than with the file system synchronization redundancy scheme. Unsupported applications prevent high-availability mode from being enabled. If high-availability mode is currently operational and an unsupported application is configured, the system automatically suspends high-availability mode and reverts to file synchronization mode. If you configure an unsupported application, you will receive several log messages indicating a change in the state of highavailability mode. Currently, only a limited number of unsupported applications exist. High-availability mode remains inactive for approximately 15-20 minutes after an initial cold-start or cold-restart. This delay enables the system to reach a stable configuration before starting high availability. To use high-availability mode, the software, hardware, and configuration must all be compatible with high-availability mode. For detailed requirements and information on protocol support, see the "Managing High Availability" chapter of the JUNOSe System Basics Configuration Guide.
2-36
SRP Redundancy Commands (1 of 2)

erx3(config)# redundancy erx3(config-redundancy)# mode high-availability NOTICE: High Availability is initializing. Type show redundancy srp for details. erx3(config-redundancy)#do show redundancy srp high-availability state: initializing current redundancy mode: high-availability last activation type: cold-start WARNING 09/28/2006 21:14:56 ha: High Availability is now active erx3(config-redundancy)# do show redundancy srp high-availability state: active current redundancy mode: high-availability last activation type: cold-start
www.juniper.net
37
SRP Redundancy Commands SRP redundancy is configured in the redundancy configuration mode. To enter this CLI mode, enter the redundancy command within configuration mode. You can then configure the router for the mode of SRP redundancy you want to use. To configure the file system synchronization method of redundancy, enter the mode file-systemsynchronization command. To configure stateful SRP switchover, use the mode high-availability command. Note that high-availability mode take several minutes to initialize. Because the default is warm redundancy, the no mode command disables stateful SRP switchover and restores the default of file system synchronization. You can monitor the current redundancy state with the show redundancy CLI command. This command shows you the current redundancy state and any items that prevents stateful SRP switchover (high availability) from entering an active state. If any of these criteria are not met, the router cannot perform a stateful SRP switchover.
2-37
SRP Redundancy Commands (2 of 2)

Monitor SRP redundancy
erx3# show redundancy clients Unsupported High Availability Clients ------------------------------------client ------------------DHCP Proxy Client Global Ipv6 IPsec Transport (ITM) 12tpDialoutGenerator DHCPv6 Local Server Radius Relay Server SMDS cbf configuration ------------safe safe safe safe safe safe safe safe
erx3# show redundancy history detail
www.juniper.net
38
Monitor SRP Redundancy You can quickly determine which applications high-availability mode considers unsupported using the show redundancy clients command. This list of applications might change with subsequent releases. Please see the "Managing High Availability" chapter of the JUNOSe System Basics Configuration Guide for a complete list of supported and unsupported applications for a particular software release. The show redundancy history command provides some statistics on SRP redundancy events. Adding the detail keyword to that command causes a log of SRP switchover events to also be printed to the screen. You can also clear the high-availability switchover history for the router using the clear redundancy history command.
2-38
ERX-14xx/7xx Line Module Redundancy

Slot # 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Line Modules Front

Passive Midplane
Redundancy Group
R E D U N D A N T
Redundancy Midplane Type of module Size of redundancy group
I/O Modules Rear
Redundancy groups

Adjacent slots Same line module type Ts and Esbackup 2, 3, 4, or 5 line modules OC x/STMx, channelized OCx/STM x - backup 2 or 5 line modules OC x/STMx, channelized OCx/STM x can have a mixture of OC3/OC12
Proprietary and Confidential www.juniper.net
39
Line Module Redundancy Groups You can install an extra line module in a group of identical line modules to provide redundancy if one of the line modules fail. When the router switches from the failed line module to the extra or standby line module, the line, circuit, and IP interfaces on the module appear to go down temporarily. The duration of the downtime depends on the number of interfaces and the size of the routing table. During switchover, the router must reload the extra or spare line module with the interface configuration and the routing table from the SRP module. The requirements for line module redundancy depend on the type of router. Recall that the ERX-310 router does not support line module redundancy. To implement a line module redundancy scheme on ERX-7xx and ERX-14xx models, you must first install a redundancy midplane on the chassis midplane. You must also install a spare or redundant line module and IOA . The redundancy midplane is specific to the type of line module (12 port CT3/T3/E3, OCx/STMx, or cOCx/STMx) and size of the redundancy group. The redundancy midplane is a passive device. The spare line module is also specific to the type of line module and is mated with a redundancy I/O module in the back of the E-series router. The redundancy I/O module has no ports. The redundancy midplane dictates which line modules can be inserted into it using the same method that prevents line modules from being installed with incompatible I/O modules. Continued on next page.
2-39

Line Module Redundancy Groups (contd.) A line module redundancy group is defined as a set of n contiguous line modules that share one spare line module. Line modules in the redundancy group must be adjacent and must be the same type. One line module in the group is designated as the redundant module or spare line module. The other cards in the redundancy group are the primary line modules. You must install the spare line module in the lowest slot in the group. This scheme allows a single spare line module to communicate with multiple I/O modules, providing redundancy for the line modules attached to them. For Tx and Ex interfaces, one spare line module can back up one or two primary line modules. For OCx/STMx, one spare line module can back up either one or two primary line modules or one, two, three, four, or five primary line modules. For cOCx/STMx interfaces, one spare line module can back up one or two primary line modules. In the ERX-1400 series, a redundancy group cannot span the SRP modules. Because OCx/STMx and channelized OCx/STMx line modules support either 0C3/STM1 or 0C12/STM4 interfaces depending on the I/O module, a redundancy group can contain a mix of 0C3/STM1 and 0C12/STM4 interfaces. The redundant OCx/STMx or channelized OCx/STMx card learns its mode type when it becomes the active line module. On the ERX-7xx and ERX-14xx systems, there is no line module redundancy support for Fast Ethernet, Gigabit Ethernet, 0C48/STM16, or service line modules. For a complete list of line module capabilities, see the JUNOSe ERX Module Guide.
2-40
E320 Line Module Redundancy

Slot # 16 15 14 13 12 11 7 6 5 4 3 2 1 0
Line Modules Front

Passive Midplane
R E D U N D A N T I / O A D A P T E R
Redundancy Group
I/O Modules Rear
E320 redundancy groups:

Redundant line module must be installed in slot 0 or 11 Redundancy 1/0 adapter required for each redundant line module (slot 0 or 11) Slot 0 can back up slots 1-5; Slot 11 can back up slots 12-16 Any combination of supported I/O adapters
41
E320 Line Module Redundancy Line module redundancy in the E320 chassis operates on the same principle as the ERX-14xx and ERX-7xx routers, but has several advantages. The redundancy feature is no longer restricted to supporting only a single kind of I/O adapter in a group. Because the I/O adapters now handle more of the layer 2 processing and communicate with the line modules over a standard interface, a single type of line module can support multiple kinds of I/O adapters. This design allows a single line module to back up other line modules with any combination of compatible I/O adapters. For example, a single 4Gbps line module can back up five other 4-Gbps line modules, regardless of the type of I/O adapters installed in those slots. Also, there is no need to install a redundancy midplane to support line module redundancy. Rather, the only additional hardware required is an extra line module and redundancy I/O adapter, which must be installed in either slot 0 or 11. Slot 0 can back up slots 1-5, while slot 11 can backup slots 12-16. The redundancy I/O adapter can work with either the LM-4 or LM-10 line modules. The spare line module, however, must match the type of line module being backed up. For example, in an E320 router using a 100-Gbps SRP/SFM, an LM-4 spare line module installed in slot 0 or slot 11 can only back up LM-4 line modules installed in slots 1-5 or slots 12-15 respectively. If an LM-10 line module is installed in one of the turbo slots, it cannot be backed up by the LM-4 line module. In an E320 router using a 320-Gbps SRP/SFM, an LM-10 line module installed in slot 0 or slot 11 can only back up LM10 line modules installed in slots 1-5 or slots 12-15. It cannot back up any LM-4 line modules. LM-10 line module redundancy is only available using the 320-Gbps SRP/SFM.
2-41
Line Module Redundancy Operation

The E-series system automatically detects line module redundancy When all line modules are operational in a redundancy group:
Primary line module State = active On-line and redundant LED illuminated Spare line module State = standby
When the primary line module fails:

I/O module connection switched from primary to spare line module via
redundancy midplane
Only redundant LED illuminated Spare line module assumes control Interface configuration and routing tables obtained from SRP State = active On-line LED illuminated SNMP trap
www.juniper.net
42
Automatic Detection and Configuration The ERX-14xx/7xx routers automatically detect line module redundancy based on the redundancy midplane, spare line module, and redundancy I/O module. The E320 router automatically detects line module redundancy when the redundancy I/O adapter and associated spare line module are installed. No extra configuration is necessary. The CLI command show redundancy displays the redundancy configuration and status of each redundancy group. Primary Line Modules Operational When all line modules in a redundancy group are operational, the state of the primary line modules is active, and the state of the spare is standby. Use the CLI command show version to obtain the state of all line modules. The CLI command show environment also indicates which slots are members of each redundancy group. The primary line modules have the online and redundancy LED illuminated. The spare line module only has the redundancy LED illuminated. Primary Line Module Failure If one of the primary line modules fails, the E-series router switches the I/O module or I/O adapter connection from the primary line module to the spare line module by means of the redundancy midplane (on the ERX-14xx/7xx routers) or the pathways built into the chassis midplane for this purpose (on the E320 router). This switch eliminates the need for a cable swap to maintain operation. The spare line module obtains the interface configuration and routing table from the SRP and continues routing packets. Externally, the switchover appears like a momentary line outage while the spare line module is configured. Because line module redundancy is limited to one spare line module per redundancy group, the group is no longer redundant once the spare is in use. Things that can trigger a failover to the redundant line module include a hardware failure; a software problem; removing, resetting, disabling, or reloading a line module; or a missing line module. If you configure the E-series router to send SNMP traps, a trap is sent to the appropriate management station(s) when a switchover occurs.
2-42
Redundancy Revert Options

What happens when the primary line module is operational again?
By default, spare remains active, primary is inactive Revert to primary line module using the CLI redundancy revert
command
Other redundancy commands and configuration options

Automatic switchover to primary line module Automatic switchover to primary line module at specific time Disable redundancy on a specific line module within a redundancy
group
Manually forcing a failover
www.juniper.net
43
The Primary Line Module Is Operational Again By default, once the problem that caused the switchover is resolved, the spare line module still remains active. To switch back to the primary card, use the show version CLI command to verify that the new line module is online and that the state is inactive. Then use the redundancy revert CLI command to switch from the spare line module to the primary line module. You can also use that command to schedule a one-time switchover back to the primary card. An SNMP trap is generated when the primary line module is available for switchover and when the primary line module resumes control. Other Redundancy Commands and Configuration Options You can use the redundancy revertive configuration command to configure the E-series router to always automatically revert from all spare line modules back to their primary cards as soon as they become available. You can use that same command to configure the router to automatically revert to available primary cards at a specific time every day by specifying a time at the end of the command. To disable line module redundancy on a specific line module within a redundancy group, use the Global Configuration command redundancy lockout. To manually force a failover, use the Privileged Exec CLI command revert force-switchover. This command causes a failover to the associated spare line module even if redundancy lockout is configured.
2-43

www.juniper.net
44
Hardware Installation Notes The following slide provides some notes on hardware installation.
2-44
Hardware Installation Notes

Installation order
Install I/O module before line module New system Existing system
Powering off the E-series router

Using the halt command
E320 I/O adapter

Half-height adpaters require support bracket in middle of slot Full-height adpaters require support bracket be removed
www.juniper.net
45
Module Installation Order When installing new cards, first insert the I/O module in the rear of the E-series system, then install the line module in the front of the chassis. Power-on self-test (POST) diagnostics run when a line module is installed in a chassis slot. If the corresponding I/O module is not present, the POST diagnostics will fail. If this happens, you must remove and re-insert the line module. When installing modules in an empty chassis, work from the center outward. Do not tighten the faceplate screws until all line modules are in place. On the E320 router, be sure to reserve slots 0 and 11 for the redundancy line modules if you might ever use that feature. When installing modules in a populated chassis, loosen the screws on the adjacent modules before inserting the new module. If there is a blank faceplate cover adjacent to the new modules, remove it. Open the ejector handles all the way before inserting the new module. Push the module into the chassis by hand until the module cannot be inserted any further and ejector levers begin to move inward. Then push the ejector handles in smoothly and evenly until the card is fully seated. If you feel any resistance, remove the card and inspect the module and midplane connectors. Insert blank or empty slot faceplate covers last. Finally, tighten all faceplate screws. You can remove and replace line cards while power is applied so that, in the event of a failure, system disruption is minimized. Continued on next page.
2-45

Powering Off the E-series Router You must execute the halt CLI command prior to powering down the E-series system to avoid corrupting the file system. The SRP expects the flash card to always be present. Files are always open on the flash card, and the SRP might attempt to write information to the flash card while the E-series system is operating. Therefore, it is also possible to corrupt the flash card if it is removed while the Eseries router is operational. E320 I/O Adapters The E320 router supports both half-height and full-height I/O adapters. When a slot is populated with half-height I/O adapters, a post must be installed in the middle of the slot to hold the two half-height cards. When a new system is ordered, we ship it with these posts pre-installed where necessary, based on the card configuration you order. However, if you later wish to use full-height I/O adapters where half-height cards were installed, or half-height I/O adapters where full-height cards were installed, you will need to remove or install this post prior to installing the new cards.
2-46
Review Questions
1.What are the three different E-series routers? How are they different? 2.What are the E-series routers carrier reliability features? 3.What are the major hardware components of the E-series router? 4.How does SRP redundancy operate? 5.What are E-series slot groups and why are they important? 6.Describe line module redundancy configuration and operation.
www.juniper.net
47
This Chapter Discussed: Juniper Networks, Inc. E-series routers; The E-series system's carrier reliability features; The E-series system architecture and hardware components; Factors affecting wire-speed performance and how to control oversubscription; The packet flow through an E-series router; SRP redundancy; and Line module redundancy configuration and operation.
2-47
Proprietary Proprietary and and Confidential Confidential
www.juniper.net
48
2-48
Chapter 3: Introduction to the Command-Line Interface and Configuring Basics
www.juniper.net
Module Objectives
List and describe the different CLI modes Compare and contrast the E-series CLI with other routers CLI List and describe CLI shortcut commands Describe the E-series router file system Copy files to and from the E-series router Configure basic E-series system parameters through the CLI View a configuration file Configure basic system parameters using a script Configure basic system parameters using a macro List and describe useful CLI commands Describe timing configuration options Describe boot configuration and reload options
This Chapter Discusses: The E-series router command-line interface (CLI) modes; The differences between the E-series CLI and other routers' CLIs; CLI shortcuts; The E-series router file system; Copying files to and from the router; Configuring basic system parameters through the CLI; Viewing a configuration file; Useful CLI commands; Configuring basic system parameters using a script or a macro; The timing configuration options; and The boot configuration and reload options.
Module 3: Introduction to the CLI and Configuration Basics
3-2
Agenda: Introduction to the CLI

CLI Modes and Shortcuts
File System and Copying Files
Basic Configuration Using the CLI

Viewing a Configuration File
Configuration Using Scripts and Macros E-series Router Timing Configuration Options E-series Router Boot Configuration and Reload Options
www.juniper.net
CLI Modes and Shortcuts This chapter discusses the E-series router's CLI. The following slides discuss the CLI modes and shortcuts, including the file system and how to copy files.
3-3
Introducing the CLI

User establishes connection User Exec
enable
Privileged Exec
ERX-10-15-6c#
configure
Global Configuration
ERX-10-15-6c>
ERX -10-15-6c(config)#
What is the command-line interface?

Used for management, configuration, and troubleshooting Similar to other routers CLI
How do I access the CLI?

Local console port using null modem cable Telnet Secure Shell (SSH)
Modes
User Exec, Privileged Exec, and Global Configuration Different commands available in each mode Passwords configurable at User Exec and Privileged Exec
What Is the Command-Line Interface? The CLI is the interface used to manage, configure, and troubleshoot the E-series router. The interface has a similar look and feel to other routers' CLIs. How Do I Access the Command Line? You can access the CLI using the console port located on the switch route processor (SRP) I/O module using a null modem cable. You can also access it using Telnet or Secure Shell (SSH). Three Modes The User Exec mode is a read-only mode supporting a limited amount of noninvasive commands. Examples of User Exec mode CLI commands are show version, used to determine the running software release, and show hardware, used to obtain line module serial numbers. User Exec mode is privilege level 1. Continued on next page.
3-4

Three Modes (contd.) In Privileged Exec mode, you can execute all User Exec mode commands plus additional invasive and noninvasive nonconfiguration commands, such as show configuration, reload, and halt. You use the CLI command enable to move from User Exec mode to Privileged Exec mode. When you use the enable command with no additional arguments and you did not authenticate through RADIUS, it defaults to privilege level 10. You can view your privilege level with the CLI command show privilege. There are sixteen privilege levels, numbered 0-15. You can use these privilege levels to define a coarse system of command authorization. You can find more details about privilege levels in the JUNOSe System Basics Configuration Guide. Global Configuration mode is a write-only mode; you can only access it from the Privileged Exec mode by entering the configure command. From within Global Configuration mode, you can access specific configuration modes (such as Interface Configuration mode and Controller Configuration mode). We refer to all available configuration modes together (including Global Configuration mode) as configuration modes. By default, the E-series router has no passwords. You can configure different passwords for the User Exec mode and for each level (2-15) of Privileged Exec mode. Passwords are stored in the configuration file using MD5 encryption.
3-5
Whats Unique to the E-series Router?

System initialization and configuration process
Boots with running-configuration file stored on the flash Configuration changes automatically saved to
running-configuration on the flash

Minor configuration command differences Binary configuration files
File system
FTP versus TFTP
Logging Protocol support
www.juniper.net
System Initialization and Configuration Process Although the E-series router's CLI is very similar to other routers' CLIs, the following are some differences to remember when using the CLI. By default, the E-series router always boots with a configuration file called running-configuration, which is stored on the SRP's flash card. All configuration changes are automatically saved to running-configuration. We call this default behavior Automatic Commit mode. To view configuration settings, use the CLI command show configuration. You do not have to save or write configuration changes to the flash card on an E-series router. Most configuration commands are the same as other router's configuration commands; however, some minor differences exist. For example, the E-series router uses classifier lists to filter on TCP or UDP port numbers, and other routers use extended access lists. The E-series router configuration file is stored on the flash card in binary format. However, you can save a copy of the configuration file in text format for off-line viewing. File System The E-series router's file system is also quite different from other routers' file systems. The E-series router has built-in FTP and Trivial File Transfer Protocol (TFTP) clients to transfer files between the flash card and remote hosts. Additionally, you can activate a built-in FTP server on the E-series router and transfer files using a remote FTP client. Logging Logging on the E-series router's CLI is very different from other routers' CLIs. Although some debug CLI commands are available, most logging is configured via the log configuration commands. Protocol Support The E-series router only supports IP, whereas other routers support traditional enterprise protocols, such as IPX and Appletalk.
3-6
CLI Shortcuts
The question mark (? ) key for context-sensitive help
Available commands Available command completions Available options within a command
Use the following shortcuts:

Up/down arrows to repeat or edit previous commands Abbreviated commands Tab to complete a command Execute a User or Privileged Exec command within Global
Configuration mode using the run or the do keyword

Control-key shortcuts
www.juniper.net
The Question Mark Help is always available using the Question Mark (?) key. The ? shows a list of all available commands or all available options within a specific command. CLI Shortcuts The Up and Down Arrow keys allow you to scroll through a command history buffer. Use these keys to find a command stored in the history buffer and then press return to execute the command.You can modify a command from the history buffer by using the Right and Left Arrow keys. A command history buffer exists for User and Privileged Exec modes, and a separate history buffer exists for the configuration modes. The CLI supports abbreviated commands as long as the abbreviation is unique within the context. For example, show configuration can be shortened to show config. The E-series router's CLI also supports the use of the Tab key to complete a command. For example, if you type show config and then press the Tab key, the system will complete the command for you. To execute a User Exec or Privileged Exec command within a configuration mode, type run or do and then the name of the command. For example, to view the routing table within a configuration mode, type run show ip route and then press return. Context-sensitive help using ? is available for User Exec and Privileged Exec commands when using the run command in a configuration mode. Continued on next page.
3-7

CLI Shortcuts (contd.) You can use a number of control-key shortcuts for CLI command-line editing: Ctrl-p: Goes backward one entry in the command history (equivalent to the Up Arrow). Ctrl-n: Goes forward one entry in the command history (equivalent to the Down Arrow). Ctrl-b: Moves the cursor left one character (equivalent to the Left Arrow). Ctrl-f: Moves the cursor right one character (equivalent to the Right Arrow). Ctrl-w: Deletes the word to the left of the cursor. Ctrl-a: Moves the cursor to the beginning of the line. Ctrl-e: Moves the cursor to the left of the line. Ctrl-k: Deletes all characters from the cursor to the end of the command-line. Ctrl-u: Deletes entire command-line. Ctrl-y: Recalls most recently deleted characters and inserts (or overwrites) them at the cursor. Ctrl-o: Toggles overwrite/insert mode. Ctrl-1: Reprints system prompt and command-line.
This is just a partial listing of the command-line editing keys that you can use in JUNOSe software. Please consult the JUNOSe System Basics Configuration Guide for a full listing.
3-8
E-series Router File System

ERX-10-15-6c#dir Please wait... unshared in file size size date (UTC) use -------------------------------------------------------- --/incoming <DIR> 0 11/16/2001 14:35:04 /outgoing <DIR> 0 11/16/2001 14:35:04 lab1.cnf 76729 76729 06/28/2002 09:57:02 erx7_ssc57.cnf 77140 77140 05/07/2002 12:37:10 reboot.hty 28032 28032 10/24/2002 11:07:58 initial-setup.mac 540 540 10/28/2002 14:26:58 erx_4-0-0.rel 94641042 80947454 10/24/2002 10:56:28 ! erx_4-0-0p1-3.rel 94760084 81066496 10/24/2002 11:17:22 autocfg.scr 224 224 01/31/2002 15:20:52 ospfcore.scr 7926 7926 12/13/2001 17:15:56 erx7_ssc57_3-0.scr 3373 3373 06/24/2002 15:59:10 inital.scr 338 338 10/28/2002 12:27:20 Capacity = 224133120, Bytes Free = 9262464, Reserved = 36700160 ERX-10-15-6c#
www.juniper.net
The E-series Router File System Use the dir CLI command to view the contents of the flash card. Files must be saved with specific file extensions. There are ten different file formats or file extensions: Configuration ( .cnf); Core dump ( .dmp); History ( .hty); Log (.log); Macro ( .mac); System release ( .rel); Script ( .scr); Secure Shell (SSH) server public key ( .pub); Bulk statistics ( .sts); and Text ( .txt).
Continued on next page.
3-9

The E-series Router File System (contd.) The file system uses a file allocation table (FAT) file system. There is no need to run a compact or squeeze command after deleting a file. The E-series system uses the reserved space to store the current running configuration. You cannot delete this file. The reboot.hty file provides a running history of why the E-series system rebooted. The file has a maximum size of 32 KB. Use the show reboot-history command to view the information in the file, or use the show last command to determine the reason for the last system reboot. The in-use flag (!) indicates that the configuration file or system release file is stored in nonvolatile memory as a boot configuration parameter or is currently in use. You cannot delete a file that is in use. Deleting an in-use file might prevent the E-series system from being able to boot. A system release consists of many individual files, such as diagnostic programs, field-programmable gate array (FPGA) images, and operational programs. The entire set of files is called a system release or .rel file. If a flash card has multiple releases based on the same software release (e320_7-3-0.rel and e320_7-3-0b1-2.rel ), a few identical files might exist between the two releases. To save space, the E-series router will re-use (or share) the identical files it already has from other releases and only store those files that are unique to a release. The size column indicates the total size of both the shared files and those unique to this release. The unshared size column indicates the total flash space required only for the files that are unique to this release. If a user deletes e320_7-0-0b1-2.rel, the E-series router cannot delete all the files in the e320_7-3-0b1-2.rel release, as some of these files are also being used by the e320_7-3-0.rel release. The system can delete only the files that are unique to e320_7-3-0b1-2.rel, freeing up the bytes listed in the unshared size column for e3207-3-0b1-2.rel. While the different hardware platforms all run JUNOSe software, each platform supports different hardware requiring specific diagnostic programs, field-programmable gate array (FPGA) images, and other operational programs. The name of the release file indicates the supported platform. This directory listing is taken from an E320 router since the release file name is e320 7-3-0.rel. The ERX1440 platform would use a file named erx40 7-3-0.rel , the ERX-310 platform would use a file named e310_7-3-0.rel , and the ERX-7xx/14xx platform would use a file named erx7-3-0.rel . Because configuration files are stored in binary format, you cannot easily view their contents. You can use the more command to view the contents of .mac, .scr, and .txt files. If the entries in the directory listing do not appear on the same line like the example on the slide, you can use the terminal width ## command to increase the width of the terminal display. In most cases, the ## must be a number larger than 80. The E320 router can have a second flash card installed in its SRP modules. All other routers can only have a single flash card installed. Device names are reserved for the router's primary flash card slot: disk and standby-disk0. The E320 router has two additional device names for the second flash card slot: diskl and standby-diskl. The E320 router's second card can only be used for storage of core dump ( clmp) files.
3-10
Copying Files (1 of 2)
Files can be local (flash card) or remote (FTP | TFTP server)
Use the copy command for either Copying remote files invokes FTP or TFTP, as appropriate
FTP client on the E-series router

Default FTP user = anonymous with password = null Define remote computer or FTP server using host command
ERX-10-15-6c(config)# host dianepc 10.10.0.156 ftp ERX-10-15-6c(config)# host garypc 10.10.0.100 ftp gary mypass
TFTP client on the E-Series router

32 MB maximum file size Define TFTP server using host command
ERX-10-15-6c(config)# host tompc 10.10.0.254 tftp
www.juniper.net
11
Local or Remote Files You can copy files to and from the E-series router using the copy command. The file can either be local (on the flash card) or on a remote FTP or TFTP server. You use the copy CLI command for either. When you copy files from a remote device, the copy command invokes the FTP or TFTP client, depending on which protocol you configure the E-series router to use for that hostname. FTP Client on the E-series Router The E-series router includes a built-in FTP server and client. One way to use the system's FTP client is by using the host Global Configuration command to define the remote FTP server and the FTP user account on that server. By default, the E-series router uses the username anonymous with a null password. In this example, the FTP server's IP address is 10.10.0.156, to which we are assigning a local hostname of dianepc: ERX-10-15-6c(config)# host dianepc 10.10.0.156 ftp You can also configure the FTP client to use a specific FTP username and password. In this example, we configure a username of gary and a password of mypass for the FTP server at 10.10.0.100, to which we are assigning a local hostname of garypc: ERX-10-15-6c(config)# host garypc 10.10.0.100 ftp gary mypass Continued on next page.
3-11

TFTP Client on the E-series Router The E-series router includes a built-in TFTP client, which you can use to transfer files that are no larger than 32 MB. Although release files can be larger than 32 MB, all JUNOSe software releases beginning with JUNOSe software Release 6.1.0 are built in such a way that they can be transferred in chunks that are smaller than 32 MB so as to enable TFTP to be used to download releases to E-series routers. To use the TFTP client functionality, use the host Global Configuration command to define the remote TFTP server. You do not need to specify a username or password, because TFTP does not include support for user authentication. In this example, we define a remote TFTP server with the IP address 10.10.0.254 and give it the local hostname tompc: ERX-10-15-6c(config)#host tompc 10.10.0.254 tftp You can only configure a single hostname as either a TFTP server or an FTP server. To configure more than one set of parameters (different FTP account information or different protocol) to be used for the same IP address, you must configure each set of parameters with a unique hostname. You can also include all remote file data such as the FTP server's IP address and the username and password in the copy command as an alternative to configuring static host entries. With this approach, you specify remote files using a URL format. The next page shows an example using this format.
3-12
Copying Files (2 of 2)
Copying a new system release from Dianes computer
ERX-10-15-6c#copy dianepc:7-3-0/e320 7-3-0.rel e320 7-3-0.rel
Saving a configuration file

ERX-10-15-6c#copy running-configuration filename.cnf ERX-10-15-6c#copy running-co ftp://garypc/configs/7-3-0.cnf
Copying files including all remote file data in command

ERX-10-15-6c#copy ftp://dave@1.1.1.100/scripts/labl.scr lab1.scr ERX-10-15-6c#copy config.txt ftp://damien:hisPass02.2.2.100/ textDir/config.txt
www.juniper.net
13
Copying a New System Release from a Remote Host To upgrade an E-series router, copy the new system release from a remote host using the copy command. The E-series router's built-in FTP client does not provide interactive access to the FTP session. So, when copying files from an FTP server, you must first determine the correct remote path to use to reach the desired files. In this example, we determined the remote path to be 7-3-0/. In this example, we copy the release from the FTP server we previously defined as dianepc using this CLI command: ERX-10-15-6c#copy dianepc:7-3-0/e320 7-3-0.rel e320 7-3-0.rel Saving a Configuration File Before reloading the system with a new software release, always save a copy of the working configuration in case you must return to the current software version. This example saves a copy on the local flash card: ERX-10-15-6c#copy running-configuration filename.cnf You might also consider saving a copy of the working configuration on the FTP server. In this example, we copy the working config to the FTP server we previously defined as garypc using the URL format: ERX-10-15-6c#copy running-co ftp://garypc/configs/7-3-0.cnf Copying Files Including All Remote File Data in Command These next two examples show how to copy files without statically configuring a host entry. The first example uses the URL format to copy the lab1.scr file from the FTP server found at 1.1.1.100 using the username dave to the local flash card. ERX-10-15-6c#copy ftp://dave@1.1.1.100/scripts/lab1.scr lab1.scr The second example uses the URL format to copy the config.txt file on the flash card to the FTP server found at 2.2.2.100 using the username damien & the password hisPass to the directory textDir. ERX-10-15-6c#copy config.txt ftp://damien:hisPass02.2.2.100/ textDir/config.txt
3-13
File System Idiosyncrasies

Things to keep in mind:
Wildcards are not supported Cannot delete some important files E320 file system not compatible with ERX-310/7xx/14xx
Halting the file system

Execute the halt command prior to powering down the E-series router
www.juniper.net
14
File System Idiosyncrasies The E-series router does not support the use of wildcards, such as the asterisk (*), with file names used as arguments to commands. Additionally, you cannot use the Question Mark (?) key help or Tab completion to help complete file names used as arguments to commands. You cannot delete the running-configuration file, the running system release, a configuration file that is configured to be used the next time the system boots, or a system release that is configured to be used the next time the system boots. The E320 router uses a different file system format than the ERX-310/7xx/14xx routers. The E320 router can read flash disks created by the ERX-310/7xx/14xx routers, but those routers cannot read flash disks created by the E320 router. However, you should always be careful when exchanging flash disks between different chassis. Different models of E-series routers require that different files be downloaded for each release. Therefore, releases contained on flash disks exchanged between different routers might not work on the new chassis as expected, if at all. Halting the File System Execute the halt CLI command prior to powering down the E-series system or removing an SRP module to avoid file system corruption. You can specify which SRP should be stopped. If you don't specify which SRP module should be stopped, the halt command will stop both SRP modules in a redundant system. The SRP expects the flash card to always be present. Files are always open on the flash card, and the SRP might attempt to write information, such as logging message, to the flash card while the E-series system is operating. Therefore, you can also corrupt the flash card if it is removed when the E-series router is operational or if the system is abruptly powered off without executing the halt command.
3-14
CLI Hardware show Commands

To determine software version and line module state, use:
ERX-10-15-6c#show version
To determine hardware serial number, version, and memory, use:

ERX-10-15-6c#show harware
To examine environmental information, use:

ERX-10-15-6c#show enviroment
www.juniper.net
15
Software Version and Line Module State Use the show version CLI command to determine which line modules are installed in which slots, their state (online, booting, inactive) as well as the running system or software release. This command also displays system uptime as well as individual slot uptime. Serial Number, Hardware Version, and Memory Use the show hardware CLI command to determine hardware serial numbers, hardware revisions, and the memory configuration of components that require memory. This command also indicates which line modules and I/O modules are installed in each slot. On the E320 router, this command shows which I/O adapters are installed in each slot and gives their position within the slot. For example, an OC-3c I/O adapter installed in the top half of slot 4 is listed as being in slot 4/0. The first port on that I/O adapter is designated 4/0/0. Full-height I/O adapters will always be designated as being in the top half of the slot. Environmental Information Use the show environment CLI command to determine chassis and switch-fabric type. This command also indicates the status of power, fans, flash cards, temperature, and chassis timing. The command also displays which slots are populated with line modules, which slots are empty, and any redundancy configuration information.
3-15


www.juniper.net
16
Basic Configuration Using the CLI The following slides discuss the basic E-series router configuration using the CLI as well as how to view a configuration file.
3-16
E-series Router Configuration Basics

Configuration commands are entered two ways
Terminal Configuration commands entered by hand through the CLI ERX-10-15-6c#config Configuring from terminal or file [terminal]? terminal Enter configuration commands, one per line. End with CNTL/Z. ERX-10-15-6c(config)# interface fastethernet 6/0 ERX-10-15-6c(config-if)# exit ERX-10-15-6c(config)# exit
File Configuration script file located on the flash or on a FTP server

ERX-10-15-6c#config file ospf .scr show-progress ERX-10-15-6c#config file dianepc:scripts/init.scr verbose
Configuration changes
Dynamic Automatically saved to running-configuration Use no to disable or negate a command
www.juniper.net
17
Terminal Versus File You can configure the E-series router by hand through the terminal or by using a file. Using the terminal, you enter CLI commands by hand. When configuring the system using a file, the script can be local on the flash or on an FTP or TFTP server. The show-progress option will print periods (.) to the screen as the commands are executed. By default, this option causes the router to print one period for every 100 commands executed. Alternatively, the verbose option causes the system to display the commands in the script on the console as they are executed. Whether or not the verbose option is used, the system will print any commands that fail and the associated error message. Configuration Changes All configuration changes, whether done through the terminal or with a file, are dynamic in nature and take effect immediately. By default, all configuration changes are automatically saved to the runningconfiguration file on the flash card. This behavior is also known as Automatic Commit mode. In this mode, you do not need to save or write the changes to the flash card. Most configuration commands have a no version. The no version disables or negates the configuration command or restores its default setting. Most configuration commands also have a default version. In most cases, when you execute the default version of a command, it produces the exact results as the no version and restores the default setting.
3-17
E-series System Configuration Tree

Config Controller Interface Router Line
T1 E1 T3 E3 SONET
FastEthernet ATM POS Loopback Serial
RIP OSPF BGP ISIS
console vty
Novice users traverse the configuration tree

The ? command is your friend exit, end and Ctrl Z
Experienced users perform any command, anywhere

Context-sensitive help might not be available
18
Navigating Between Configuration Modes This slide shows a partial listing of the configuration modes (Global Configuration, Controller Configuration, Interface Configuration, etc.) and some of the items configured in those configuration modes (for example, RIP, OSPF, BGP, and ISIS are all configured in Router Configuration mode). You enter a configuration mode using the appropriate command from its parent configuration mode. For example, Global Configuration mode is the parent of Interface Configuration mode. To access Interface Configuration mode to configure the Fast Ethernet interface designated 4/0/0, you type interface fastEthernet 4/0/0 in Global Configuration mode. Remember to use ? for context-sensitive help at any level in the tree or use the Tab key to complete commands. You can use the exit command to go up one level in the tree. To exit all configuration modes and return to Privileged Exec mode, use the end command or type Ctrlz. From any configuration mode, the Ctrl-z key combination always takes you to Privileged Exec mode. Global Configuration Mode Commands You can run any Global Configuration mode command in any configuration mode. However, Tab completion and ? generally do not work when Global Configuration mode commands are executed in a different configuration mode. Running a Global Configuration mode command in any other configuration mode returns you to the Global Configuration mode before the command is executed.
3-18
Think in Layers
E-series Router E-series Router
Fast Ethernet 10.13.7.19
Network Layer Data Link Layer Physical Layer
IP Address Subnet Mask IP Description Encapsulation Ethernet Description Slot/Port or Slot/Adapter/Port shutdown
IP
Ethernet
Fast Ethernet
www.juniper.net
19
Layers When configuring the E-series router, it is useful to think in layers. You should begin configuring your E-series router with the configuration parameters found in the lowest layer of the OSI model first and then systematically proceed through the subsequent higher layers. For any new IP interface, you should first configure the physical layer, including parameters such as slot and port or slot, adapter, and port location, timing, operational state, and speed. Next, you should configure the data link layer, including encapsulation method, framing, and authentication, if used. Finally, you should configure the network layer, including the IP address, subnet mask, and an IP description. The E-series router allows you to configure descriptions at most layers of the OSI model. This ability allows you to configure descriptions at each layer that are appropriate to that layer.
3-19
Fast Ethernet Configuration

Network Layer Data Link Layer Physical Layer
ERX- 10-15-6c#config t
IP
ERX- 10-15-6c(config)#interface fastEthernet 6/0 ERX- 10-15-6c(config-if)#speed 100
Ethernet
ERX- 10-15-6c(config-if)#duplex full ERX- 10-15-6c(config-if)#ip address 10.13.7.19/24
Fast Ethernet
ERX- 10-15-6c(config-if)#description erx1 mgmt enet ERX- 10-15-6c(config-if)#exit ERX- 10-15-6c(config)#exit ERX- 10-15-6c#
www.juniper.net
20
Fast Ethernet Configuration Up until this point, we have accessed the CLI using the E-series system's console port. However, there are other ways to access the E-series system remotely. One way is to use Telnet. Before you can access the system remotely, you must configure an IP address on an interface that is attached to a network you can reach. In this example, you configure the management Fast Ethernet port located on the E320 router's SRP I/O module in slot 6. Because there is only one adapter and one port, it is adapter 0, port 0. You enter Global Configuration mode using the configure terminal command and enter Interface Configuration mode to configure the port by specifying the interface type and the slot, adapter, and port location. Working from the lowest layers of the OSI model, you begin by setting the speed and duplex. Because you are not configuring virtual LANs (VLANs), there is no need to configure the encapsulation method. Continuing to work your way up the layers of the OSI model, you next assign an IP address and subnet mask. You also configure an optional IP description. This example shows the configuration an E320 router's management Fast Ethernet port located on the SRP I/O module in slot 6. To configure an ERX-7xx platform's management Fast Ethernet port located in slot 0, you would use the command interface fastEthernet 0/0. All other commands would be the same.
3-20
Configuring Loopback Interface & Host Name

IP address assigned to the router, not a physical port

Management or vittual interface Loopback interface is unique number
ERX-10-15-6c(config)#interface loopback 0 ERX-10-15-6c(config-if)#ip address 192.168.1.1/24 ERX-10-15-6c(config-if)#exit
Hostname configuration changes prompt

ERX-10-15-6c(config)#hostname erx1 erx1(config)#
21
Loopback Interface You can assign the E-series router one or more loopback interfaces. The loopback interface is a logical interface that is not associated with a physical port, but rather is always up. As long as the E-series router is reachable through IP, the loopback address should be reachable, assuming the address is correctly routed within the network. For this reason, loopback interface addresses are often considered management addresses and are used for SNMP, Telnet, FTP, TFTP, and SSH. The loopback interface number is a locally-assigned unique number. Loopback interfaces can use a 32-bit subnet mask to preserve IP address space. In this example, the prefix length indicates the subnet mask. You can specify subnet masks either by traditional dotted decimal notation (as was shown on the previous slide) or with the prefix length notation. Hostname Configuration You can also configure the router's hostname. The E-series router's configured hostname becomes the prompt for the system. By default, the router's hostname is the MAC address of the SRP's management Fast Ethernet port.
3-21
Remote Management Configuration (1 of 2)

vty configuration
30 maximum, 5 default Used for incoming Telnet, FTP, and SSH connections
Telnet configuration
Unencrypted CLI access using IP, not the console port Inherits authentication from the line configuration Client and server functionality
erx1(config)#line vty 0 29 erx1(config-line)# password password
22
vty Configuration Every incoming Telnet, FTP, and SSH connection uses a virtual terminal (vty). By default, 5 vtys are configured, numbered 0-4. You can never delete these first 5 vtys. However, if you find you need the ability for more simultaneous connections, you can create additional vtys by configuring them in Line Configuration mode. You can configure up to 30 vtys (0-29). You configure vtys by entering Line Configuration mode with the Global Configuration command line vty first last, where first and last define the range of vtys you want to configure. If the vtys specified in the range do not already exist, they are created by the system, even if no subsequent commands are entered in Line Configuration mode. In this example, we use the Global Configuration command line vty 0 29 to define the range of vtys we want to configure and to create them, if they do not already exist. Telnet Configuration Telnet allows a workstation with a working IP configuration and Telnet client software to establish a CLI session, almost as if the workstation were directly attached to the E-series console port. The E-series router supports both Telnet server and Telnet client functionality. Each incoming Telnet session uses a vty and inherits its authentication parameters from the line configuration. By default, each vty requires a password for authentication. If none is set, you cannot access the system through a vty. You can override this option using the no login command on the vty. Alternatively, you can use the Line Configuration command password to configure a password for the vty. Unlike other routers, you can access Privileged Exec mode through a Telnet session even if no enable password is set.
3-22
Remote Management Configuration (2 of 2)

SSH configuration
Encrypted authentication and CLI session Server only Only RADIUS authentication
erx1(config)#crypto key generate dss
FTP server
Inherits authentication from the line configuration
erx1(config)#ftp-server enale
www.juniper.net
23
SSH Configuration The E-series router has a built-in SSH server. Like Telnet, you can use SSH to establish a CLI session remotely. Unlike Telnet, SSH sessions are encrypted, protecting both authentication credentials and the actual content of the CLI session. For this reason, once SSH is properly implemented, it is a good idea to write access filters to limit inbound Telnet access as much as possible. Like Telnet, incoming SSH sessions use a vty. However, unlike Telnet, SSH does not inherit its authentication configuration from the vty. Rather, SSH only supports RADIUS authentication, and it attempts to authenticate against configured RADIUS servers. Alternatively, you can disable all user authentication for SSH sessions (which results in all incoming SSH sessions being established with no authentication) using the Global Configuration command ip ssh disable-user-authentication. Because this command allows unauthenticated access to the router, you should probably only consider implementing it for a short period of time while debugging the SSH configuration, and only with the proper access protections. To enable the SSH server, create a host key using the Global Configuration command crypto key generate dss. To disable the SSH server, delete the host key using the Global Configuration command crypto key zeroize dss. FTP Server Configuration The E-series router has a built-in FTP server. Like Telnet, incoming FTP sessions use a vty, and the FTP server inherits its authentication configuration from the vty. The FTP server is disabled by default. You enable the FTP server with the Global Configuration command ftp-server enable.
3-23
Viewing the Configuration

To view current configuration settings, use show
Displays nondefault settings configuration
To view entire configuration, including default values, use the show config include-defaults command Configuration output filtering
erx1#show config category aaa erx1#show config exclude-category interface loopback erx1#show config category interfaces erx1#show config interface fastEthernet 6/0/0 include-defaults
CLI output filtering

erx1(config)#run show config include-def | begin fastEthernet erx1#show config include-defaults | include snmp erx1#show config include-defaults | include t1
www.juniper.net
24
Current Configuration Settings By default, the show configuration CLI command displays the current configuration. This command displays all nondefault configuration parameter settings. Entire Configuration Including Default Values Sometimes you must view the default values for configuration parameters. The CLI command show configuration include-defaults displays all configuration values, including all default values. The output of this command can be quite lengthy. Configuration Output Filtering You can use the category option to the show configuration command to only show configuration parameters of the specified category. You can use this with or without the include-defaults option. You can use the interface option to the show configuration command to display the configuration for a particular interface. This is a very useful option when you are configuring or troubleshooting a particular interface. Continued on next page.
3-24

CLI Output Filtering Many CLI output filtering commands are available to limit the amount of data displayed. You can use these commands for any User Exec and Privileged Exec show command. You follow the command to be filtered with the pipe (|) character and then the output filtering command and a case-sensitive string or regular expression to be matched. The begin CLI output filtering option begins displaying the output of the command with the first line that matches the given pattern. The include command displays all output lines that match the given pattern. The exclude command displays all output lines that do not match the given pattern. For example, you could use the begin CLI output filtering option to filter the output of show configuration include-defaults to display the current configuration (including defaults) starting at a specific point in the configuration file. To limit the display to only lines containing a given string, you can instead use the include CLI output filtering option. If you want to display the entire configuration file without any lines containing the word password, you can use the exclude CLI output filtering option.
3-25
Useful show commands

To view inteface statistics, use
erx1#show interface fastEthernet 6/0/0
To determine which IP interfaces are configured, use

erx1(config)#do show ip interface brief erx1(config)#exit erx1#show ip interface brief | include 10.13.7.19 erx1#show ip interface brief | include CompanyXYZ
To view the IP unicast routing table, use

erx1#show ip route erx1#show ip route 10.13.7.19 erx1#show ip route 10.13.7.0 255.255.255.0 erx1#show ip route 10.13.7.0 /24
www.juniper.net
26
Interface Statistics To examine Fast Ethernet interface statistics, use the show interface fastEthernet slot/port CLI command. Viewing Configured IP Interfaces Use the show ip interface brief command to list all IP interfaces configured on the E-series router as well as their state. If this list is quite lengthy, you can use the | include filter to narrow the search. Viewing the Routing Table Use the show ip route command to examine the unicast routing table. To find the route to a particular destination or prefix, you can enter it as an argument to the command. If you just enter an IP address, the router finds the route it would follow to that destination and display it. If you enter an IP address and mask, the router displays all routes for that exact prefix as well as all more specific routes.
3-26


www.juniper.net
27
Configuration Using Scripts and Macros The following slides discuss the E-series router configuration using scripts and macros.
3-27
E-series Router Configuration Scripts

What is a script?
List of CLI commands stored in a file Created by hand or using show config command output erx1#show config > & show_config_script.scr
How do I run a script called show_config_script.scr?

erx1# config file show_config_script.scr verbose Proceed with configure [confirm]?
www.juniper.net
28
What Is a Script? A script is a list of CLI commands stored in a file. This file can be stored locally on the flash or remotely on a FTP or TFTP server. You can create the file by hand or by using the output of the show configuration CLI command. If the script is stored locally on the flash, you can examine the contents of the script using the more command. How Do I Run a Script? You run a script using the config file command. It is usually a good idea to add the verbose or showprogress keyword. These options were described earlier in this chapter on page 21.
3-28
Sample Script
Sample script initial_config.scr:
interface fastethernet 6/0 ip address 10.13.7.19 255.255.255.0 description erx mgmt enet exit line vty 0 19 no login exit interface loopback 1 ip address 192.168.1.1 255.255.255.0 exit
www.juniper.net
29
Sample Script File The commands listed on the slide create the exact same configuration previously discussed..In this simple configuration, it is rather easy to type 15 configuration commands through the CLI. When you must provision thousands of ATM PVCs or IP interfaces, however, manual CLI configuration becomes cumbersome. Scripting is one way of automating E-series configuration. Although the script on the slide has no indentation or comments, indentations and comments are allowed to appear in the script. In fact, it is generally a very good idea to comment and indent scripts, so they are more readable and their intent is clear to others who might see them. You can use the bang character (!) to introduce a comment. The router executes anything that precedes a bang and ignores the remainder of the line beginning with the bang (with the exception of some text fields). You can also use the output of show configuration as a model for indentation and comments.
3-29
E-series Router CLI Macros

What is a macro?
Embedded programming language available on the E-series router Defines and runs a program that generates and executes CLI
commands
Written on a computer, not the E-series router Prompts user for configuration parameters
How do I see what a macro called initial-setup.mac will do ?

ERX-10-15-6c#macro test initial-setup.mac verbose ERX-10-15-6c#macro test dianepc:initial-setup.mac
How do I run a macro called initial-setup.mac ?

ERX-10-15-6c#macro initial-setup.mac verbose ERX-10-15-6c#macro dianepc:initial-setup.mac
www.juniper.net
30
What Is a Macro? The E-series router has an embedded programming language. This language allows you to define and run a program that generates and executes CLI commands. This program is called a macro. You must write macros on a computer because there is no mechanism for creating them on the E-series router. The macro can prompt the user for specific configuration parameters, such as IP addresses, hostname, or subnet masks. The macro programming language is very powerful and can be used to automate many tasks. The JUNOSe System Basics Configuration Guide documents the macro programming language. Testing a Macro It is good practice to ensure a macro will run the commands you expect it to run. You can do this by including the test option. This option causes the macro to execute normally and to print a list of all commands it would run, but without actually running those commands. Running Macros You run a macro from the CLI using the Privileged Exec or Global Configuration macro command. The macro runs its commands within the context where you execute the macro command. The macro can either reside on the flash or on a remote FTP or TFTP server.
3-30
Sample Macro
<# start #> <# srpipAddress := env.getline ("SRP IOA IP address?") #> <# srpmask := env.getline ("SRP IOA subnet mask?") #> <# loopipAddress := env.getline ("loopback IP address?") #> <# loopmask := env.getline ("loopback subnet mask?") #> <# hostName := env.getline ("router hostname?") #> enable 10 config term interface f6/0 ip addr <# srpipAddress #> <# srpmask #> exit interface loopback 1 ip addr <# loopipAddress #> <# loopmask #> exit line vty 0 19 no login exit hostname <# hostName #> exit exit <# endtmpl #>
www.juniper.net
31
Sample Macro You can use this simple macro, called initial-setup.mac, to initially configure the E-series router from a factory-default configuration. When run, it prompts the user for the SRP I/O module IP address and subnet mask, the loopback interface IP address and subnet mask, and the hostname. It also configures the E-series router for Telnet access without any authentication.
3-31


www.juniper.net
32
E-series Router Timing Configuration Options The following slides discuss the E-series router's timing configuration options.
3-32
Chassis Timing Configuration

SRP
Customer X
ERX 1400
SONET slot 1 adapter 0 port 0
ISP 1
T1 port A on SRP IO Primary BITS Clock
Customer Y
Timing clock source configured globally for the chassis

erx1(config)#timing source primary line t1:a erx1(config)#timing source secondary ds3 5/0 erx1(config)#timing source tertiary internal
Which chassis clock source is being used?

erx1(config)#run show timing
www.juniper.net
33
Timing Clock Source Configured Globally for the Chassis Configuring the timing source for each line can be a two-step process. First, you must configure the Eseries chassis global timing. The chassis can derive its transmit clock from one of three sources. In this example, the primary clock source is a building integrated timing supply (BITS) connected to the T1 port A on the SRP I/O module. The secondary timing source is derived from a DS3 from a reliable carrier, ISP 1, located on slot 1, adapter 0, port 0. If either of these timing sources is not active, the tertiary clock source is the internal clock found on the SRP. Each SRP and line module has an internal oscillator built into the card that can supply the transmit clock. Typically, it is preferred to derive the transmit clock from a reliable source, such as a BITS clock or from a reliable carrier. By default, all three chassis timing sources are set to the internal oscillator on the SRP. If the timing source is changed due to the failure of a more preferred source, the default behavior is for the router to automatically switch back to the more preferred source when it becomes available. This feature is called auto-upgrade and can be disabled with the timing disable-auto-upgrade Global Configuration command. Which Chassis Clock Source Is Being Used? Use the show timing CLI command to determine which chassis timing source is active, the state of each clock source, and the auto-upgrade configuration.
3-33
Line Timing Configuration

SRP
Customer X
ERX 1400
SONET slot 1 adapter 0 port 0
ISP 1
T1 port A on SRP IO
Customer Y
Primary BITS Clock
Individual line clock source configuration

erx1(config)#controller t3 5/0
erx1(config-controll)#clock source internal chassis
Line timing clock source options

Line (default) Internal module Internal chassis
34
Individual Clock Source Configuration Once the chassis timing is configured, you can configure individual lines to reference this chassis timing source. This configuration occurs on a line-by-line basis. In this example, we configured a SONET controller to derive its transmit clock from the internal chassis clock. This configuration causes the E-series router to automatically use the active chassis timing source, which is the BITS clock in this example, for this line. Line Timing Clock Source Options You can configure each line to derive its transmit clock from the line, which is the default setting. Other options include the internal oscillator on the line module or referencing the global chassis timing configuration. You should be sure to use a timing source appropriate for the line you are configuring. With most telco circuits, you should derive the transmit clock from the line. If you are deploying a private connection between two directly connected devices, one side must provide the timing, while the other side should derive its transmit clock from the line.
3-34


Configuration Using Scripts and Macros Useful show Commands E-series Router Timing Configuration Options E-series Router Boot Configuration and Reload Options
www.juniper.net
35
E-series Router Boot Configuration and Reload Options The following slides discuss the E-series router's boot configuration and reload options.
3-35
E -series Router Rebooting Basics

E-series router needs two things to boot or reload
Configuration file System release
To view current boot configuration, use:

erx1#show boot System Release: erx_4-0-0.rel
System Configuration: running-configuration
Note: This system is not configured with backup settings. erx1#
www.juniper.net
36
Successful Reload To successfully reload or boot, the E-series router requires a configuration file and a system release. By default, the E-series router uses the configuration file called running-configuration located on the flash. You can override this configuration and use a different configuration file. The Boot Configuration To determine which configuration file and which system release the E-series router will use the next time it boots, use the show boot CLI command.
3-36
Boot Configurationonce Option

To fall back and boot with old configuration file, use:
erx1#config t Enter configuration commands, one per line. End with CNTL/Z. erx1(config)#boot config good.cnf once erx1(config)#exit erx1#reload
At system reload, good.cnf is copied into the runningconfiguration area on the flash
Any changes saved to the running-configuration file The good.cnf file is not changed or modified For subsequent reloads, the E-series router uses the running-configuration file, not the good.cnf file
www.juniper.net
37
Booting with an Old Configuration File The configuration command boot config specifies which configuration file the E-series router will use at the next reload. Using the once option at the end of the boot config command specifies that the Eseries router should only boot using this configuration file for the next reload. Subsequent reloads should resume using the default configuration file, or running-configuration. You can specify either a configuration (.cnf) or script (.scr) file. The file must exist on the flash card when the command is run. If you specify a script, the configuration is reset to factory defaults at boot. Then, the system waits up to 10 minutes for all modules to fully initialize before running the script. good.cnf Becomes the Active Configuration When the E-series router reloads, the good.cnf file is copied into the running-configuration area on the flash card. Any configuration changes made after the reload are saved to the running-configuration file. The file good.cnf remains unchanged. If the E-series router were to reload, any configuration changes would remain intact because they were saved in the active configuration, and the router would boot using this configuration.
3-37
Boot Configuration ConfigurationPersistent

To always boot with the configuration file good.cnf, use:
erx1(config)#boot config good.cnf
WARNING: Execution of this command will cause the system to revert to the configuration settings specified by good.cnf following every system reboot, until an overriding boot config command is executed.
Proceed with 'boot config'? [confirm] erx1(config)#exit erx1#reload
At system reload, good.cnf is copied into the running-configuration area on the flash
Any changes saved to the running-configuration file The good.cnf file never changed For subsequent reloads, the E-series router will use good.cnf, not the running-configuration file
www.juniper.net
38
Always Boot with the good.cnf File The configuration command boot config good.cnf specifies that the E-series router should use the configuration file good.cnf each and every time it reloads. In this example, the once option is not specified. good.cnf Used to Configure the System at Reload When the E-series router reloads, the good.cnf file is copied into the running-configuration area on the flash card. Any configuration changes made after the reload are saved to the running-configuration file. The file good.cnf remains unchanged. Subsequent reloads will always use the configuration file good.cnf. If the E-series router were to reload, any configuration changes would be lost because they were saved to the running-configuration file, while the router would again boot using the good.cnf configuration file.
3-38
Other Boot Configuration Options

To return the E-series router to its factory default settings,use:
erx1#config t Enter configuration commands, one per line. End with CNTL/Z. erx1(config)#boot config factory-defaults erx1(config)#
To boot using running-configuration, use:

erx1#config t Enter configuration commands, one per line. End with CNTL/Z. erx1(config)#boot config running-configuration erx1(config)#
www.juniper.net
39
Return the E-series Router to the Factory-Default Configuration The configuration command boot config factory-defaults specifies that the E-series router should return to a factory-default configuration file the next time it reloads. For this command, the once option is automatically implied. Boot Using the running-configuration File Recall that the configuration command boot config good.cnf specifies that the E-series router should use the configuration file good.cnf every time it reloads. To change the behavior to resume using running-configuration, use the boot config running-configuration command.
3-39
Manual Commit Mode

To configure manual commit mode, use:
erx1(config)#service manual-commit erx1#show running-configuration
Configuration changes are dynamic but not automatically saved to flash

erx1#write memory erx1#copy running-configuration startup-configuration
To back up the current startup-configuration file, use:

erx1#copy startup-configuration backup .cnf
To return to normal E-series router operation, use:

erx1(config)#no service manual-commit erx1(config)#end erx1#show config
www.juniper.net
40
Configuring Manual Commit Mode You can configure the E-series router to have the CLI operate like other routers' CLIs and not automatically save configuration changes. This behavior is called Manual Commit mode. To configure the E-series router to operate in Manual Commit mode, use the service manual-commit Global Configuration mode command. In Manual Commit mode, use show running-configuration, instead of show configuration, to view the active configuration and show startup-configuration to view the saved configuration. Configuration Changes Are Dynamic but Not Saved to Flash In Manual Commit mode, configuration changes take effect immediately but are not automatically written to the flash card. To save any configuration changes, use the write memory CLI command or the copy running-configuration startup-configuration CLI command. If you issue the reload command on a system in Manual Commit mode with unsaved changes to the configuration, the system displays a warning message, allowing you to save configuration changes prior to reload. Backing Up the Current startup-configuration File To copy a working startup-configuration file to a system configuration file for backup purposes, use the copy startup-configuration backup.cnf command. If you made configuration changes but did not save them using either the write memory or copy running-configuration startup-configuration, these changes are not in the startup-configuration file, so they will not appear in backup.cnf either. Returning to Automatic Commit Mode To return the router to the E-series default of Automatic Commit mode, use the no service manualcommit Global Configuration mode command. In Automatic Commit mode, you use the Privileged Exec CLI command show configuration to view the configuration file and configuration changes are automatically written to flash.
3-40
Review Questions
1.What are the three different CLI modes and how are they different? 2.What are some differences between the E-series CLI and other routers CLI? 3.What are four CLI shortcuts? 4.Describe the E-series router file system? 5.What protocol is used to transfer files to and from the Eseries router flash card? 6.What command displays the current configuration? 7.Compare and contrast three ways to configure the E-series router 8.What is the difference between the commands boot config good.cnf once and boot config good.cnf?
41
This Module Discussed: The E-series router CLI modes; The differences between other routers' CLIs and the E-series CLI; CLI shortcuts; The E-series router file system; Copying files to and from the E-series router; Viewing a configuration file; Configuring basic system parameters through the CLI; Viewing a configuration file; Useful CLI commands; Configuring basic system parameters using a script or a macro; The timing configuration options; and The boot configuration and reload options.
3-41
www.juniper.net
42
3-42
Chapter 4: E-series Virtual Routers
www.juniper.net
Module Objectives
Define the term virtual router List and describe three different uses for virtual routers Identify E-series router parameters specific to virtual routers Configure and manage virtual routers on the E-series router
www.juniper.net
This Chapter Discusses: The definition of a virtual router; Some uses for virtual routers; The E-series router configuration parameters that are specific to virtual routers; and How to configure and manage virtual routers on the E-series router.
Module 4: E-series Virtual Routers
4-2
Agenda: Virtual Routers

E-series Virtual Router Concepts Configuring and Managing E-series Virtual Routers
www.juniper.net
E-series Virtual Router Concepts This slide outlines the topics for this chapter and highlights the section we cover first. In this section we discuss the concepts associated with E-series virtual routers.
4-3
Virtual Routers on the EE-series Router

ISP A
ispa
Corporate VPN
VPN B-RAS
Customer A Customer B Customer C
default
Multiple separate and distinct routers within a single chassis Some Uses:
Individual routers dedicated to wholesale customers Individual routers dedicated to corporate VPNs Routers dedicated to a particular traffic type
1000 virtual routers per E-series system

E-series Virtual Routers The E-series system supports multiple, distinct routers within a single chassis. This support allows service providers to configure multiple separate, secure routers within a single chassis. The E-series system implements virtual routers by maintaining separate instances of each data structure for each virtual router. Because each router maintains completely independent layer 3 information, you can enable separate routing protocol instances, such as the Routing Information Protocol (RIP), Open Shortest Path First (OSPF), Intermediate System-to-Intermediate System (IS-IS), and Border Gateway Protocol (BGP), in each virtual router. The E-series software maintains a table of router interfaces, mapping each data link connection (for example, Point-to-Point Protocol (PPP) or Frame Relay) to an IP interface. Each IP interface is then mapped to a single virtual router. Virtual routers are transparent to other devices; instead, it appears that they are attached to a dedicated router. Every E-series router configuration includes a virtual router named the default virtual router. You can add or delete additional virtual routers. However, you cannot delete the default virtual router. Uses Any application that requires a completely separate layer 3 routing policy can use virtual routers. Possible applications include dedicating individual virtual routers to wholesale customers or corporate virtual private networks (VPNs). It is also possible to secure a particular class of traffic (such as network management traffic) by directing it to a specific virtual router. This setup essentially creates a VPN limited to that type of traffic. Capacity The E-series router can support up to 1000 forwarding tables. Each virtual router uses one forwarding table, as does each VPN routing and forwarding (VRF) instance. While you can configure each virtual router to run BGP and all the standards-based IGPs, the system supports a maximum of 500,000 total unicast IP routes across all forwarding tables.
4-4
Virtual Routers vs. Global Configuration

ISPA ispa
ATM 192.168.9.1/24 ATM
OC3 OC3
Per Virtual Router
IP
IP
VPN VPN
192.168.33.1/24
ATM Subinterface ATM PVC
ATM Subinterface ATM PVC
B-RAS
PPP 192.168.2.1/24
Per Chassis
3
ATM Major Interface
Customers default
10.3.202.1/16 SRP
OC3/STM1
Layer 1 and Layer 2 information is global, or per chassis Layer 3 information is specific to a virtual router
www.juniper.net
Layer 1 and Layer 2 Information per Chassis On the E-series system, layer land layer 2 information is global, or box-wide, in nature. You can configure and manage layer land layer 2 parameters within any virtual router. For example, you can configure controller information, such as timing, speed, and framing, in any virtual router because this information applies to the entire chassis; it is not specific to a virtual router. The same is true for data link information. Encapsulation methods, such as PPP or ATM, are also chassis-wide in nature, and you can configure these methods within any virtual router. You can obtain SONET controller or ATM PVC statistics from within any virtual router. Layer 3 Information Specific to a Virtual Router All IP information is specific to a virtual router, and therefore, you must configure it within the appropriate virtual router. You must execute CLI commands used to configure, manage, or view layer 3 information, such as IP interfaces or IP routing tables, in the appropriate virtual router. Likewise, you must execute CLI commands used to configure, manage, or view other virtual router-specific information, such as Telnet and SSH, in the appropriate virtual router.
4-5
Agenda: Virtual Routers

E-series Virtual Router Concepts Configuring and Managing E-series Virtual Routers
www.juniper.net
Configuring and Managing E-series Virtual Routers The following slides discuss how to configure and manage E-series virtual routers.
4-6
Creating Virtual Routers

ISPA ispa
ATM 192.168.9.1/24 ATM
VPN VPN
192.168.33.1/24
B-RAS
PPP 192.168.2.1/24
Customers default
10.3.202.1/16 SRP
ERX1:(config)# virtual-router ispa Proceed with new virtual-router creation? [confirm] ERX1:ispa(config)#
OC3
OC3
0 1
www.juniper.net
Configuration To create a new virtual router within the E-series router, use the virtual-router configuration command. The E-series router then searches the configuration settings for the name entered to determine if the specified virtual router already exists. If a virtual router with the specified name exists, the E-series software moves the CLI session to that virtual router context. If no virtual router with the specified name exists, the E-series router prompts you for confirmation to proceed with the creation of a new virtual router. Pressing the Enter key or typing Y or y creates the new virtual router and moves the CLI session to the new virtual router context, while any other key cancels the operation.
4-7
Virtual Router Rules of Thumb

Virtual router rules of thumb:
Virtual router names are CaSe
ISPA ispa
ATM 192.168.9.1/24 ATM
sensitive
Cannot abbreviate virtual router names Console session initially logs to the
VPN
VPN
192.168.33.1/24
default virtual router

Prompt indicates virtual router location
Customers
B-RAS
PPP 192.168.2.1/24
Configure Telnet per virtual router

SRP
default
10.3.202.1/16
OC3
OC3
0 1
www.juniper.net
Rules of Thumb Virtual router names are case sensitive. This behavior is particularly important in B-RAS applications where you can assign a dynamic subscriber interface to a specific virtual router using a RADIUS vendor-specific attribute. The virtual router name attribute stored in the RADIUS database must exactly match the virtual router name configured on the E-series system. When creating a new virtual router or moving from one virtual router to another, you can abbreviate the virtual-router command but not the virtual router name. For example, if you are moving to a virtual router called ERXwes tford, you can enter virtual-r ERXwestford, but not virtual-router ERXwestf. Likewise, Question Mark (?) help and Tab completion will help you complete the virtual-router command, but not the virtual router name. CLI sessions are always associated with a virtual router. By default, a console-based CLI session is connected to the default virtual router. The CLI prompt indicates the current virtual router context, where the name following the colon ( : ) indicates the virtual router name. For example, the prompt erxl : ispa# indicates that the current CLI session is in the ispa virtual router. The prompt erxl# indicates that the current CLI session is in the default virtual router. You configure Telnet and SSH access per virtual router. Assume the virtual router ispa requires Telnet access. Within the ispa context, you can use the telnet listen Global Configuration mode command to enable Telnet access. Telnet access is configured by default in the default virtual router but not in additional virtual routers. You can configure SSH access by executing the crypto key generate dss Global Configuration mode command in the appropriate virtual router context. You can disable the SSH server by executing the crypto key zeroize dss Global Configuration mode command in the appropriate virtual router context. SSH access is not enabled by default in any virtual router.
4-8
Displaying Virtual Router Information

ERX1#show virtual-router
Virtual Router : default
ERX1#show virtual-router detail

Virtual Router : default
Ip:
Present
Mgtm: Not present Bgp: Not present
Isis: Not present Ospf: Not present Pim: Rip: Not present Not present
Igmp: not present Dvmrp:Not present

Displaying Virtual Router Information Using the CLI, you can display the virtual routers configured on the E-series router as a simple named list or with detailed configuration information. Enter the show virtual-router command to display a named list of the virtual routers currently configured. For more information about the protocols configured and running within a virtual router, use the command show virtual-router virtual-router- name detail. You can run these commands from any virtual router context.
4-9
Managing Virtual Routers

Change to a different virtual router
ERX1# virtual-router ispa ERX1:ispa# ERX1:ispa# virtual-router test % Specified virtual router not found ERX1:ispa#
View the configuration for a specific virtual router

ERX1# show config virtual-router ispa
www.juniper.net
10
Switching Between Virtual Routers Within Privileged Exec mode, you can use the virtual-router command to connect to a different virtual router context. When you enter the virtual-router virtual-router-name command, the E-series router searches the configuration for a virtual router with the name entered. If the virtual router name is found, the CLI session is moved to that virtual router context and the prompt is updated to reflect the new context. If the virtual router name is not found, an error message is returned. Keep in mind that virtual router names are case sensitive and cannot be abbreviated. Viewing a Virtual Router's Configuration If multiple virtual routers are configured on a single E-series router, it is useful to filter the output of the show configuration command by virtual router. When you use the virtual-router keyword, only the configuration settings for the specified virtual router are displayed. To examine the interface configuration for a particular virtual router, use the show configuration category interfaces virtual-router command. You can also quickly view the state of all IP interfaces for a particular virtual router using the show ip interfaces show-virtual-router command. You can execute this command from any virtual router context.
4-10
Review Questions
1. What is a virtual router? 2. Which layers of the OSI model are configured chassis-wide? 3. Which layer of the OSI model is configured per virtual router? 4. How many virtual routers can you have per E-series system? 5. What is the command you would use to create a virtual router called ERX1 ? 6. What happens to the prompt when you create ERX1?
www.juniper.net
11
This Chapter Discussed: The definition of a virtual router; Some uses for virtual routers; The E-series router configuration parameters that are specific to virtual routers; and How to configure and manage virtual routers on the E-series router.
4-11
Lab 1: Introduction to the E -series Router CLI
Lab Objectives:
Become familiar with the E-series router CLI
www.juniper.net
12
Lab 1: Introduction to the E-series Router CLI This slide shows the objectives for this lab.
4-12
Lab 2: E-series Router Configuration Basics
Lab Objectives:
Perform basic configuration commands on the E-series router
www.juniper.net
13
Lab 2: E-series Router Configuration Basics This slide shows the objectives for this lab.
4-13
Proprietary Proprietary and and Confidential Confidential
www.juniper.net
14
4-14

E-Series Introdution To Juniper Network Routers

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

E-Series Introdution To Juniper Network Routers

Caricato da

Copyright:

Formati disponibili

Introduction to Juniper Networks Routers - E-series

1194 North Mathilda Avenue Sunnyvale, CA 94089

About This Publication

Juniper Networks Support

Additional Information - vii

Additional Information - viii

Introduction to Juniper Networks RoutersE-series

Copyright 2008 Juniper Networks, Inc.

Proprietary and Confidential

Module 0: Course Introduction

Introduction to Juniper Networks RoutersE-series

during this course

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Module 0: Course Introduction

Introduction to Juniper Networks RoutersE-series

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Module 0: Course Introduction

Introduction to Juniper Networks RoutersE-series

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Module 0: Course Introduction

Introduction to Juniper Networks RoutersE-series

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Prerequisites This slide lists the prerequisites for this course.

Module 0: Course Introduction

Introduction to Juniper Networks RoutersE-series

Break and restroom facilities Communications

Module 0: Course Introduction

Introduction to Juniper Networks RoutersE-series

Available outside of class:

Available through your account representative:

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Module 0: Course Introduction

Introduction to Juniper Networks RoutersE-series

Please be sure to tell us how we did!

Module 0: Course Introduction

Introduction to Juniper Networks RoutersE-series

Service Provider Curriculum : JUNOS Platforms

Operation and Troubleshooting of Juniper Networks Routers (OTJNR)

Class of service IPv6 Intro to SDX for JUNOS

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Module 0: Course Introduction

Introduction to Juniper Networks RoutersE-series

Service Provider Curriculum: JUNOSe Platforms

Introduction to SDX -300 for JUNOSe

E -series MPLS Configuration Basics

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Module 0: Course Introduction

Introduction to Juniper Networks RoutersE-series

Enterprise Routing Curriculum

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Module 0: Course Introduction

Introduction to Juniper Networks RoutersE-series

Security Manager Fundamentals

Implementing Intrusion Detection and Prevention