Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
www.juniper.net
Outline
Hardware Architecture
Basic design FPC and PIC ASICs Example: M7i, M10i and MX-series
www.juniper.net
Hardware Architecture
www.juniper.net
Routing Engine (RE) Packet Forwarding Engine (PFE) Connected by 100-Mbps channel
PIC
PIC
www.juniper.net
RE/PFE Interaction
ROUTING ENGINE Routing Table Forwarding Table
100Mbps Incremental Update Packet in Forwarding Table PACKET FORWARDING ENGINE Packet out
RE maintains routing table and creates forwarding table PFE receives forwarding table from RE
www.juniper.net
Manages PFE
www.juniper.net
Custom ASICs
Implement forwarding path Do not require a general-purpose processor Provide integrated fast features, including multicast and queuing
Divide-and-Conquer Architecture
Each ASIC provides piece of forwarding puzzle
www.juniper.net
www.juniper.net
www.juniper.net
FPC
PIC
Packet memory
64MB 256MB
ASIC
PIC
FPC
PIC
www.juniper.net
10
PIC
Custom ASIC for each media type Each port has status LED Hot-swappable on M160, M10, and M5 routers
Buffer memory
PIC
PIC
ASIC
FPC
PIC
www.juniper.net
11
Control Systems
All models
200-MHz PowerPC 603e processor
Manages forwarding table updates Manages ASICs and environmental systems
64-MB EDO processor RAM 4 MB of forwarding table SRAM Internet Processor ASIC Stratum 3 synchronization reference
www.juniper.net
12
ASICs
Internet Processor Forwarding Table
Buffer Manager 1
Buffer Manager 2
FPC
I/O Manager 1
Mem
I/O Manager 2
Mem
I/O Manager 3
Mem
PICs
PIC I/O PIC I/O Manager PIC I/O Manager PIC I/O Manager Manager
PIC I/O PIC I/O PICManager I/O PICManager I/O Manager Manager
www.juniper.net
13
Dedicated Intel Pentium for control plane ASIC forwarding with 16 Mpps and 7 Gbps 4 open slots for M7i/M10i PICs 2 x FE fixed or 1 x GE fixed (SFP) Optional adaptive services module for hardware based firewall, NAT, IPSec, J-Flow
www.juniper.net
14
Routing Engine Board (REB) PCMCIA expandable memory 2 serial aux ports Ethernet craft interface
www.juniper.net
15
Dedicated Intel Pentium for control plane ASIC forwarding with 16 Mpps and 10 Gbps 8 open slots for M7i/M10i PICs Optional adaptive services PIC for hardware based firewall, NAT, IPSec, J-Flow Full redundant common hardware: Power, Fans, Forwarding Engine Boards, Routing Engine Boards
Copyright 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
16
Side-to-side cooling
Redundant Routing Engine Boards (REB) PCMCIA expandable memory 2 serial aux ports Ethernet craft interface
www.juniper.net
17
New platforms designed for Ethernet Provider Edge Routing and L2/L3 Ethernet Aggregation Very high density Ethernet ports HA, QoS, SLA support, scalability for MetroE transport Designed for Cost optimized Carrier Ethernet
Copyright 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
18
Example 3: MX-series
MX240 Physical dimensions Capacity 10 GigE / Gig E ports MAC Addresses 5 RU (9 per 7 rack) 240 Gbps 12 / 120 1 million
www.juniper.net
19
Example 3: MX960
14 Slot Chassis Dependable hardware
Redundant Routing Engines Redundant Switching Fabric (2+1) Distributed Packet Forwarding Architecture
System capacity
2 for FCs/REs with the option of 1 additional SCB for redundancy Up to 480Gbps (full-duplex) from 12 line cards
Copyright 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
20
Cable Mgmnt
Height 27.75" Width 17.386 (w/o mounting flanges) Depth 23.50 (w/o cable mgr) ~28.2 (with cable mgr)
www.juniper.net
21
Example 3: MX480
8 Slot Chassis (6+2) Dependable hardware
Redundant Routing Engines Redundant Switching Fabric (1+1) Distributed Packet Forwarding Architecture
System capacity
8 slots - 2 for Fabric Cards / REs Up to 240Gbps (full-duplex) from 6 line cards
www.juniper.net
22
MX-series DPC
Dense Port Concentrator: SFPs or XFPs Line rate connectivity to the switch fabric 4 packet forwarding engines (PFEs) per DPC
I I II I
ESE
ESE
ESE
ESE
www.juniper.net
23
www.juniper.net
24
www.juniper.net
25
www.juniper.net
26
One Release
8.5
4Q07
9.0
1Q08
9.1
2Q08
One Architecture
Module X
API
Modular software with Memory protection Nimble enhancement through new modules
www.juniper.net
27
Accelerates JUNOS development Consistent user experience Single common management interface and tools Unix familiarity
Data Center
www.juniper.net
28
Single release train developed from one code base Quality + Schedule are the highest priorities
Each release is a superset of the previous Achieve zero critical regression errors in each release
Fix any and all critical bugs
www.juniper.net
29
Protected Memory for stability Contain faults Enable rapid fault isolation Restart independently Enable flexible innovation
Control Plane
Kernel
Forwarding Plane
Packet Forwarding
Services
www.juniper.net
Module n
30
Stand-alone modules
www.juniper.net
31
User Authentication
Local Authentication Database RADIUS/ TACACS+ Server
Local database
Name and password Individual accounts and home directories
www.juniper.net
32
www.juniper.net
33
34
CLI Modes
Operational mode:
Monitor and troubleshoot the software, network connectivity, and router hardware
user@host> The > character identifies operational mode
Configuration mode:
Configure the router, including interfaces, general routing, routing protocols, user access, and system hardware properties
[edit] user@host# The # character identifies configuration mode
www.juniper.net
35
Logging In
host (ttyd0) login: user Password: --- JUNOS 8.3R2.8 built 2007-07-07 00:21:56 UTC user@host> Non-root users are placed into the CLI automatically
host (ttyd0) login: root Password: --- JUNOS 8.3R2.8 built 2007-07-07 00:21:56 UTC root@host% cli root@host>
The root user must start the CLI from the shell Shell Prompt
CLI Prompt
www.juniper.net
36
Less Specific
bgp
chassis
configuration
ospf
rip
route
version
etc.
database
interface
neighbor
route
statistics
etc.
More Specific
www.juniper.net
37
EMACS-style editing sequences are supported The default VT100 terminal type also supports cursor positioning with the arrow keys
Copyright 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
38
[edit policy-options] user@host# show policy-statement T<tab>EST then accept; [edit policy-options] user@host#
www.juniper.net
39
Context-Sensitive Help
user@host> ? Possible completions: clear configure file help . . .
Clear information in the system Manipulate software configuration info Perform file operations Provide help information
address resolution information Bidirectional Forwarding Detecti Border Gateway Protocol informat firewall counters
www.juniper.net
40
Topical Help
user@host> help topic interfaces ? Possible completions: ... acknowledge-timer Maximum time to wait for link... address Interface address and destination pref ... user@host> help topic interfaces address Configuring the Interface Address You assign an address to an interface by specifying the address when configuring the protocol family. For the inet family, you configure the interface's IP address. For the iso family, you configure one or more addresses for the loopback interface. For the ccc, tcc, mpls, tnp, and vpls families, you never configure an address. ...
www.juniper.net
41
www.juniper.net
42
Using | (Pipe)
user@host> show route | ? Possible completions: count Count occurrences display Show additional kinds of information except Show only text that does not match a p find Search for first occurrence of pattern hold Hold text without exiting the --More-last Display end of output only match Show only text that matches a pattern no-more Don't paginate output request Make system-level requests resolve Resolve IP addresses save Save output text to file trim Trim specified number of columns from user@host> show route
www.juniper.net
43
Active configuration:
Current operational configuration Boot-up configuration
Candidate configuration:
A working copy for configuration changes Initialized with the active configuration Becomes active configuration upon commit
www.juniper.net
44
Configuration History
commit
Candidate Configuration
configure
Active Configuration 0
rollback n 1 2 ...
49
Active configuration stored in /config/juniper.conf.gz Rollback files stored in /config/juniper.conf.n.gz (n=13) /var/db/config/juniper.conf.n.gz (n=449)
www.juniper.net
45
Use configure private to allow users to edit a private copy of the candidate configuration
> configure private Multiple users can edit private candidate configurations simultaneously At commit time, the users private changes are merged back into the global configuration
www.juniper.net
46
bgp
isis
mpls
ospf
pim
rip
rsvp
vrrp
etc.
area-range area_range
interface
nssa
stub
etc.
More Specific
www.juniper.net
47
www.juniper.net
48
www.juniper.net
49
www.juniper.net
50
www.juniper.net
51
Removing Statements
Statements are removed with the delete command
Removes everything from the specified hierarchy down Use wildcard delete to save time
user@host# show services ssh; web-management { http { port 8080; } } [edit system] user@host# delete services web-management [edit system] user@host# show services ssh;
www.juniper.net
52
Committing a Configuration
Configuration changes must be committed to take effect
# commit
www.juniper.net
53
Use rollback (or rollback 0) to reset the candidate configuration to the currently active configuration (which is the last version committed)
# rollback 1 loads the configuration before that # rollback n loads n configurations before that
www.juniper.net
54
run is Cool
[edit interfaces fe-0/0/0] user@host# set unit 0 family inet address 10.250.0.141/16 [edit interfaces fe-0/0/0] user@host# commit commit complete
Use the run command to execute operational-mode CLI commands from within configuration
[edit interfaces fe-0/0/0] user@host# run ping 10.250.0.149 count 1 PING 10.250.0.149 (10.250.0.149): 56 data bytes 64 bytes from 10.250.0.149: icmp_seq=0 ttl=255 time=0.967 ms --- 10.250.0.149 ping statistics --1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.967/0.967/0.967/0.000 ms
www.juniper.net
55
Using rename
user@host# show interfaces fe-0/0/0 unit 0 { family inet { address 10.250.0.141/16; } } user@host# rename interfaces fe-0/0/0 unit 0 family inet address 10.250.0.141/16 to address 10.250.0.241/16 user@host# show interfaces fe-0/0/0 unit 0 { family inet { address 10.250.0.241/16; } }
www.juniper.net
56
www.juniper.net
57
J-Web features:
Same authentication and authorization as CLI User-defined session timeout One browser window per J-Web session
www.juniper.net
58
J-Web Login
www.juniper.net
59
J-Web Layout
Top Pane Current Location
Task Bar
Main Pane
Left Pane
www.juniper.net
60
J-Web Monitoring
www.juniper.net
61
J-Web Configurations
Use Quick Configuration wizards Navigate a clickable view-and-edit function Access previous configuration history (rollbacks) Set a rescue configuration
www.juniper.net
62
J-Web Diagnosis
www.juniper.net
63
J-Web Management
Download and delete files Upgrade software Install and manage licenses Schedule system reboots Perform backups of software and configuration files
www.juniper.net
64
J-Web Events
www.juniper.net
65
www.juniper.net
66