JunOS Jumstart 01 - JunOS Overview

Module 1: Router & JunOS Overview
JunOS Jump Start
Copyright 2008 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
Outline
Hardware Architecture
Basic design FPC and PIC ASICs Example: M7i, M10i and MX-series
JunOS Software Overview

One operating system Modular software
JunOS Command Line Interface J-Web User Interface
www.juniper.net
Hardware Architecture
www.juniper.net
Juniper Networks Router Architecture

ROUTING ENGINE
JunOS Software Routing Table
Routing Engine (RE) Packet Forwarding Engine (PFE) Connected by 100-Mbps channel
PACKET FORWARDING ENGINE
All Juniper Networks routers share the same basic design
Forwarding Table Programmable ASICs Switch Fabric
PIC
PIC
www.juniper.net
RE/PFE Interaction
ROUTING ENGINE Routing Table Forwarding Table
100Mbps Incremental Update Packet in Forwarding Table PACKET FORWARDING ENGINE Packet out
RE maintains routing table and creates forwarding table PFE receives forwarding table from RE
www.juniper.net
Routing Engine Overview
JUNOS software resides in flash memory

Backup copy available on hard drive
Implements CLI Provides routing protocol intelligence to PFE

Not directly involved with packet forwarding
Manages PFE
www.juniper.net
Packet Forwarding Engine Overview
Custom ASICs
Implement forwarding path Do not require a general-purpose processor Provide integrated fast features, including multicast and queuing
Divide-and-Conquer Architecture
Each ASIC provides piece of forwarding puzzle
www.juniper.net
Internet Processor ASIC
Internet Processor ASIC

Allows routers to forward traffic at wire-rate speeds
Internet Processor II ASIC

Adds packet-processing features: filtering, sampling, logging, counting, and load balancing The Internet Processor II has been standard on the M20 and M40 since the second quarter of 2000
www.juniper.net
Packet Forwarding Engine Components

Physical Interface Card (PIC)
Contains physical layer components
Flexible PIC Concentrator (FPC)

Hardware platform that accepts Physical Interface Cards (PICs)
System midplane Control

M5 and M10: Forwarding Engine Board (FEB) M20: System Switching Board (SSB) M40: System Control Board (SCB) M160: Switching and Forwarding Module (SFM)
www.juniper.net
FPC
Room for up to 4 PICs Hot-swappable Throughput

Up to 3.2 Gbps
Buffer memory
Physical Interface Card
PIC
Packet memory
64MB 256MB
ASIC
PIC
PowerPC supervisory processor
FPC
PIC
www.juniper.net
10
PIC
Custom ASIC for each media type Each port has status LED Hot-swappable on M160, M10, and M5 routers
Buffer memory
1, 2, or 4 port PICs attach to FPC
Physical Interface Card
PIC
PIC
ASIC
FPC
PIC
www.juniper.net
11
Control Systems
All models
200-MHz PowerPC 603e processor
Manages forwarding table updates Manages ASICs and environmental systems
64-MB EDO processor RAM 4 MB of forwarding table SRAM Internet Processor ASIC Stratum 3 synchronization reference
All except M40 router

Distributed Buffer Manager ASICs
www.juniper.net
12
ASICs
Internet Processor Forwarding Table
PFE System Controller (SSB, SFM, etc.)
Buffer Manager 1
Buffer Manager 2
FPC
I/O Manager 1
Mem
I/O Manager 2
Mem
I/O Manager 3
Mem
PICs
PIC I/O PIC I/O Manager PIC I/O Manager PIC I/O Manager Manager
PIC I/O PIC I/O PICManager I/O PICManager I/O Manager Manager
www.juniper.net
13
Example 1: M7i Router
Dedicated Intel Pentium for control plane ASIC forwarding with 16 Mpps and 7 Gbps 4 open slots for M7i/M10i PICs 2 x FE fixed or 1 x GE fixed (SFP) Optional adaptive services module for hardware based firewall, NAT, IPSec, J-Flow
www.juniper.net
14
Example 1: M7i Components

4 slots for hot- swappable M7i/M10i PICs Ultra-compact 8.75cm high (2U) 45cm deep Compact Forwarding Engine Board (CFEB), w/optional Adaptive Services Module Side-to-side cooling Built-in tunnel services (850 Mbps)
Fixed Interface Card (FIC) 2 fixed FE port or 1 fixed GE port (SFP)
Routing Engine Board (REB) PCMCIA expandable memory 2 serial aux ports Ethernet craft interface
Redundant AC or DC Power Supplies
www.juniper.net
15
Example 2: M10i Router
Dedicated Intel Pentium for control plane ASIC forwarding with 16 Mpps and 10 Gbps 8 open slots for M7i/M10i PICs Optional adaptive services PIC for hardware based firewall, NAT, IPSec, J-Flow Full redundant common hardware: Power, Fans, Forwarding Engine Boards, Routing Engine Boards
Copyright 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
16
Example 2: M10i Components

8 slots for hot- swappable M7i/M10i PICs Redundant Forwarding Engine Boards (FEB)
5U/21.8cm High 45cm deep
Side-to-side cooling
Redundant Routing Engine Boards (REB) PCMCIA expandable memory 2 serial aux ports Ethernet craft interface
Redundant AC or DC Power Supplies
www.juniper.net
17
Example 3: MX-Series Carrier Class Ethernet
New platforms designed for Ethernet Provider Edge Routing and L2/L3 Ethernet Aggregation Very high density Ethernet ports HA, QoS, SLA support, scalability for MetroE transport Designed for Cost optimized Carrier Ethernet
18
Example 3: MX-series
MX240 Physical dimensions Capacity 10 GigE / Gig E ports MAC Addresses 5 RU (9 per 7 rack) 240 Gbps 12 / 120 1 million
MX480 8 RU (6 per 7 rack) 480 Gbps 24 / 240 1 million
MX960 16 RU (3 per 7 rack) 960 Gbps 48 / 480 1 million
www.juniper.net
19
Example 3: MX960
14 Slot Chassis Dependable hardware
Redundant Routing Engines Redundant Switching Fabric (2+1) Distributed Packet Forwarding Architecture
Power and cooling

Front-to-back cooling with separate push-pull fan assemblies Holds up to 2 fan trays (1+1 redundancy) Holds up to 4 power supplies (2+2 DC, 3+1 AC)
System capacity
2 for FCs/REs with the option of 1 additional SCB for redundancy Up to 480Gbps (full-duplex) from 12 line cards
20
Example 3: MX960 Components

Control Panel Upper Fantray DPC SCB
RE Lower Fantray Air Intake
Cable Mgmnt
Height 27.75" Width 17.386 (w/o mounting flanges) Depth 23.50 (w/o cable mgr) ~28.2 (with cable mgr)
www.juniper.net
21
Example 3: MX480
8 Slot Chassis (6+2) Dependable hardware
Redundant Routing Engines Redundant Switching Fabric (1+1) Distributed Packet Forwarding Architecture
Power and cooling

Side to Side cooling Holds single fan tray Holds up to 4 power supplies (2+2 DC, 2+2 AC 240V, 3+1 AC 110V)
System capacity
8 slots - 2 for Fabric Cards / REs Up to 240Gbps (full-duplex) from 6 line cards
www.juniper.net
22
MX-series DPC
Dense Port Concentrator: SFPs or XFPs Line rate connectivity to the switch fabric 4 packet forwarding engines (PFEs) per DPC
I I II I
ESE
ESE
ESE
ESE
www.juniper.net
23
MX-series SCB with RE1300 or RE2000

SCBs are the Switch and Control Boards SCB act as RE carrier Each SCB has two SF (fabric) chips
www.juniper.net
24
JunOS Software Overview
www.juniper.net
25
What is JUNOS Software?

Deployed since 1998
First high-performance network operating system
10+ years of innovation and development

Routing, switching and security platforms Branch and regional offices, central sites, data centers 4 releases per year; thousands of features
Serving the most demanding customers

Top 40+ service providers High-performance enterprise and public sector accounts
www.juniper.net
26
How JUNOS Is Different

One OS
Single code source Consistent implementation of features
One Release
8.5
4Q07
9.0
1Q08
9.1
2Q08
Single software release train Stable, predictable enhancement
One Architecture
Module X
API
Modular software with Memory protection Nimble enhancement through new modules
www.juniper.net
27
One Operating System

One implementation of control plane features Eases training
Branch Office Corporate Streamlines testing, qualification and deployment HQ
MPLS BGP OSPF IPv6
Accelerates JUNOS development Consistent user experience Single common management interface and tools Unix familiarity
Service Provider Access/Edge
Service Provider Core
Data Center
www.juniper.net
28
One Code Train Release

8.4 Q307 8.5 Q407 9.0 Q108 9.1 Q208 9.2 Q308 9.3 Q408
Single release train developed from one code base Quality + Schedule are the highest priorities
Each release is a superset of the previous Achieve zero critical regression errors in each release
Fix any and all critical bugs
Fixed schedule; plan with confidence

4 new releases pre-scheduled per year All product lines follow the same release schedule
www.juniper.net
29
Modular Software Architecture

Module 2 Module 3 Module 1 Module 4
Protected Memory for stability Contain faults Enable rapid fault isolation Restart independently Enable flexible innovation
Control Plane
Kernel
Forwarding Plane
Separation of control and packet forwarding

Assures performance Enhances resiliency Enables redundancy Firewalls control plane
Packet Forwarding
Services
Physical Interfaces High-Level Architecture
www.juniper.net
Module n
30
Stand-alone modules
User Interface Options

J-Web interface:
A Web-based GUI The J-Web service using HTTP is disabled by default on M-series
JUNOS software CLI:

Available from console interface
RJ-45 RS-232 @ 9600 Bps, 8/1/N Available by using Telnet and SSH Requires network interface and related service configuration
Dedicated Ethernet management port on M-series routers
www.juniper.net
31
User Authentication
Local Authentication Database RADIUS/ TACACS+ Server
Local database
Name and password Individual accounts and home directories
RADIUS and TACACS+

Centralized authentication of users Users mapped to locally defined template users for authorization Extended regular expressions can be passed to alter authorization
www.juniper.net
32
JunOS Command Line Interface
www.juniper.net
33
CLI Modes and Feature Overview

CLI operational mode:
Editing command lines Command completion and history Context-sensitive and documentation-based help UNIX-style pipes
CLI configuration mode:

Object-oriented hierarchy Jumping between levels Candidate configuration with sanity checking Automatic rollback capability Showing portions of configuration while configuring Saving, loading, and deleting configuration files
34
CLI Modes
Operational mode:
Monitor and troubleshoot the software, network connectivity, and router hardware
user@host> The > character identifies operational mode
Configuration mode:
Configure the router, including interfaces, general routing, routing protocols, user access, and system hardware properties
[edit] user@host# The # character identifies configuration mode
www.juniper.net
35
Logging In
host (ttyd0) login: user Password: --- JUNOS 8.3R2.8 built 2007-07-07 00:21:56 UTC user@host> Non-root users are placed into the CLI automatically
host (ttyd0) login: root Password: --- JUNOS 8.3R2.8 built 2007-07-07 00:21:56 UTC root@host% cli root@host>
The root user must start the CLI from the shell Shell Prompt
CLI Prompt
www.juniper.net
36
CLI Operational Mode

Execute commands (mainly) from the default CLI level (user@host>)
Can execute from configuration mode with the run command Hierarchy of commands
> show ospf neighbor
clear configure file help monitor set show etc.
Less Specific
bgp
chassis
configuration
ospf
rip
route
version
etc.
database
interface
neighbor
route
statistics
etc.
More Specific
www.juniper.net
37
Editing Command Lines

user@host> show interfaces Ctrl-B user@host> show interfaces user@host> show interfaces user@host> show interfaces user@host> show interfaces Ctrl-A Ctrl-F Ctrl-E
EMACS-style editing sequences are supported The default VT100 terminal type also supports cursor positioning with the arrow keys
38
Command and Variable Completion

user@host> sh<space>ow 'i' is ambiguous. Possible completions: igmp ike interfaces ipsec isis i<space> Enter a space to complete a command
Show Show Show Show Show
Internet Group Internet Key interface IP Security Intermediate
[edit policy-options] user@host# show policy-statement T<tab>EST then accept; [edit policy-options] user@host#
Use Tab to complete assigned variables
www.juniper.net
39
Context-Sensitive Help
user@host> ? Possible completions: clear configure file help . . .
Clear information in the system Manipulate software configuration info Perform file operations Provide help information
user@host> clear ? Possible completions: arp bfd bgp firewall
Clear Clear Clear Clear
address resolution information Bidirectional Forwarding Detecti Border Gateway Protocol informat firewall counters
www.juniper.net
40
Topical Help
user@host> help topic interfaces ? Possible completions: ... acknowledge-timer Maximum time to wait for link... address Interface address and destination pref ... user@host> help topic interfaces address Configuring the Interface Address You assign an address to an interface by specifying the address when configuring the protocol family. For the inet family, you configure the interface's IP address. For the iso family, you configure one or more addresses for the loopback interface. For the ccc, tcc, mpls, tnp, and vpls families, you never configure an address. ...
www.juniper.net
41
Configuration Syntax Help

user@host> help reference interfaces address address Syntax address address { arp ip-address (mac | multicast-mac) mac-address <publ broadcast address; destination address; destination-profile name; eui-64; multipoint-destination address dlci dlci-identifier; ... Hierarchy Level [edit interfaces interface-name unit logical-unit-number f [edit logical-routers logical-router-name interfaces intef
www.juniper.net
42
Using | (Pipe)
user@host> show route | ? Possible completions: count Count occurrences display Show additional kinds of information except Show only text that does not match a p find Search for first occurrence of pattern hold Hold text without exiting the --More-last Display end of output only match Show only text that matches a pattern no-more Don't paginate output request Make system-level requests resolve Resolve IP addresses save Save output text to file trim Trim specified number of columns from user@host> show route
www.juniper.net
43
Active and Candidate Configurations

Batch configuration model:
Must commit configuration changes
Active configuration:
Current operational configuration Boot-up configuration
Candidate configuration:
A working copy for configuration changes Initialized with the active configuration Becomes active configuration upon commit
www.juniper.net
44
Configuration History
commit
Candidate Configuration
configure
Active Configuration 0
rollback n 1 2 ...
49
Active configuration stored in /config/juniper.conf.gz Rollback files stored in /config/juniper.conf.n.gz (n=13) /var/db/config/juniper.conf.n.gz (n=449)
www.juniper.net
45
Entering Configuration Mode

Type configure or edit at the CLI operational-mode prompt:
> configure
To allow a single user to edit the configuration, type:

> configure exclusive
Use configure private to allow users to edit a private copy of the candidate configuration
> configure private Multiple users can edit private candidate configurations simultaneously At commit time, the users private changes are merged back into the global configuration
www.juniper.net
46
Configuration Statement Hierarchy

user@host# edit protocols ospf area 51 stub [edit protocols ospf area 0.0.0.51 stub] user@host# top Less Specific chassis interfaces protocols services system etc.
bgp
isis
mpls
ospf
pim
rip
rsvp
vrrp
etc.
area area_id graceful-restart overload traffic-engineering etc.
area-range area_range
interface
nssa
stub
etc.
More Specific
www.juniper.net
47
Configuration File is Hierarchical

CLI commands are entered without curly brackets:
# set system services web-management http port 8080
The result is a hierarchical configuration file, complete with curly brackets

[edit system] user@host# show services web-management { http { port 8080; } }
www.juniper.net
48
Moving Between Levels

[edit] user@host# edit protocol ospf [edit protocols ospf] user@host# edit area 51 stub [edit protocols ospf area 0.0.0.51 stub] user@host# exit [edit protocols ospf] user@host# up [edit protocols] user@host# top [edit] user@host#
www.juniper.net
49
Viewing Candidate Configuration

user@host# show system services ssh; web-management { http { port 8080; } } user@host# edit system services [edit system services] user@host# show ssh; web-management { http { port 8080; } } You can display just the portions that concern you from the root of the hierarchy
or use edit to park yourself at a specific sub-hierarchy
www.juniper.net
50
Configuration File Differences

[edit system] user@host# set services telnet [edit system] user@host# delete services web-management [edit system] user@host# delete services ssh user@host# show | compare [edit system services] ssh; + telnet; web-management { http { port 8080; } }
Display differences between the candidate and active configurations
www.juniper.net
51
Removing Statements
Statements are removed with the delete command
Removes everything from the specified hierarchy down Use wildcard delete to save time
user@host# show services ssh; web-management { http { port 8080; } } [edit system] user@host# delete services web-management [edit system] user@host# show services ssh;
The entire Webmanagement hierarchy is removed by the delete statement
www.juniper.net
52
Committing a Configuration
Configuration changes must be committed to take effect
# commit
Use commit check to confirm syntax

# commit check
Use commit confirmed to temporarily activate

# commit confirmed
Schedule a future commit with commit at

# commit at 21:00:00
Add comments with commit comment

# commit comment "Changed OSPF configuration" > show system commit
Use commit and-quit to save time

# commit and-quit
www.juniper.net
53
Backing Out of Configuration Changes

Use the rollback command to restore one of the last 50 previously committed configurations
# rollback
Use rollback (or rollback 0) to reset the candidate configuration to the currently active configuration (which is the last version committed)
# rollback 1 loads the configuration before that # rollback n loads n configurations before that
Using rollback only modifies the candidate configuration

Dont forget to commit the changes
www.juniper.net
54
run is Cool
[edit interfaces fe-0/0/0] user@host# set unit 0 family inet address 10.250.0.141/16 [edit interfaces fe-0/0/0] user@host# commit commit complete
Use the run command to execute operational-mode CLI commands from within configuration
[edit interfaces fe-0/0/0] user@host# run ping 10.250.0.149 count 1 PING 10.250.0.149 (10.250.0.149): 56 data bytes 64 bytes from 10.250.0.149: icmp_seq=0 ttl=255 time=0.967 ms --- 10.250.0.149 ping statistics --1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.967/0.967/0.967/0.000 ms
www.juniper.net
55
Using rename
user@host# show interfaces fe-0/0/0 unit 0 { family inet { address 10.250.0.141/16; } } user@host# rename interfaces fe-0/0/0 unit 0 family inet address 10.250.0.141/16 to address 10.250.0.241/16 user@host# show interfaces fe-0/0/0 unit 0 { family inet { address 10.250.0.241/16; } }
www.juniper.net
56
J-Web User Interface
www.juniper.net
57
J-Web User Interface
Easy-to-use, Web-based graphical interface

Operational monitoring, configuration, and maintenance HTTP and HTTPS (SSL) support
J-Web features:
Same authentication and authorization as CLI User-defined session timeout One browser window per J-Web session
www.juniper.net
58
J-Web Login
J-Web sessions require a valid login

Use the same authentication methods as CLI Exception is initial access, when no login is needed to access the setup wizard
www.juniper.net
59
J-Web Layout
Top Pane Current Location
Task Bar
Main Pane
Left Pane
www.juniper.net
60
J-Web Monitoring
View the operation of the router and its protocols
www.juniper.net
61
J-Web Configurations
Use Quick Configuration wizards Navigate a clickable view-and-edit function Access previous configuration history (rollbacks) Set a rescue configuration
www.juniper.net
62
J-Web Diagnosis
Access the ping, traceroute, and packet capture utilities

Optional switches available through Advanced Options
www.juniper.net
63
J-Web Management
Download and delete files Upgrade software Install and manage licenses Schedule system reboots Perform backups of software and configuration files
www.juniper.net
64
J-Web Events
Provides access to log files
www.juniper.net
65
www.juniper.net
66

JunOS Jumstart 01 - JunOS Overview

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

JunOS Jumstart 01 - JunOS Overview

Caricato da

Copyright:

Formati disponibili

Module 1: Router & JunOS Overview

JunOS Jump Start

Copyright 2008 Juniper Networks, Inc.

Proprietary and Confidential

JunOS Software Overview

JunOS Command Line Interface J-Web User Interface

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Juniper Networks Router Architecture

JunOS Software Routing Table

PACKET FORWARDING ENGINE

All Juniper Networks routers share the same basic design

Forwarding Table Programmable ASICs Switch Fabric

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Routing Engine Overview

JUNOS software resides in flash memory

Implements CLI Provides routing protocol intelligence to PFE

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Packet Forwarding Engine Overview

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Internet Processor ASIC

Internet Processor ASIC

Internet Processor II ASIC

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Packet Forwarding Engine Components

Flexible PIC Concentrator (FPC)

System midplane Control

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Room for up to 4 PICs Hot-swappable Throughput

Physical Interface Card

PowerPC supervisory processor

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

1, 2, or 4 port PICs attach to FPC

Physical Interface Card

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

All except M40 router

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

PFE System Controller (SSB, SFM, etc.)

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Example 1: M7i Router

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Example 1: M7i Components

Fixed Interface Card (FIC) 2 fixed FE port or 1 fixed GE port (SFP)

Redundant AC or DC Power Supplies

Copyright 2006 Juniper Networks, Inc.

Proprietary and Confidential

Example 2: M10i Router

Example 2: M10i Components

5U/21.8cm High 45cm deep