• Service Provider Routing and Switching Certification Track:
    image
    www.juniper.net/us/en/training/certification/certification-tracks/sp-routing-switching-track

    • sh configuration,sh ver,show interface terse,show interfaces [intfc] detail,show route,..
      networking.ringofsaturn.com/Cisco/ciscojuniper.php

    • JUNOS Internet Software Configuration Guide: Getting Started
      www.juniper.net/techpubs/software/junos/junos57/swconfig57-getting-started/html

    • mellowd.co.uk/ccie/?paged=8&tag=juniper

    WHAT IS JUNOS?
    • It's Different and That's Okay
    • It's Cool
    • FreeBSD UNIX
    • Modular Architecture
    • Independent Process
    • Hierarchy of Design


    JUNOS RUNS THE WORLD
    AND MOST OF THE JUNIPERS EQUIPMENT:

    • From Branch to Core
    • From Router to Switch to Firewall
    • Same Source Code Base


    DESCRIBING THE FUNCTIONS OF THE CONTROL AND
    FORWARDING PLANE:

    • Control is Key
    • Routing Engine (RE)
    • Routing Table (RT)
    • Forwarding Table (FT)
    • Packet Forwarding Engine (PFE)
    • Completely Separate Planes


    THE CONTROL PLANE:

    • Is the Intelligence of the Platform
    • Routing Tables
    • Bridging Table
    • Primary Forwarding Engine


    THE FORWARDING PLANE:

    • ASIC Based
    • Forwarding Table Copy
    • It does the Leg Work


    The Junos OS CLI compare with Cisco
    The Basics:

    • % cli = ena
    • > edit / configure = conf t
    • # load factory-default = wr era
    • # set system root-authentication plain-text-password = username root password
    • # show system = sho run xxx
    • # show system | display set
    • # show interface | display set = sho run int
    • > show interfaces terse = sho ip int bri
    • > show configuration | display set


    image
    Platforms Running the Junos OS

    • M Series Multiservice Routers can be deployed in both high-end enterprise and service-provider environments.
    • T Series Core Routers is ideal for service provider environments and is deployed within the core of those networks.
    • J Series Services Routers are deployed at a branch and remote locations in the network.
    • MX Series Ethernet Services Routers is targeted for dense dedicated access aggregation and provide edge services in medium and large POPs.
    • EX Series Ethernet Switches are designed for access, aggregation, and core deployments and are well for enterprise and data center.
    • SRX Series Services Gateways is designed to meet the network and security in both enterprise and service provider environments.

    • The Junos OS is compartmentalized into multiple software processes. Each process runs in its own protected memory space, ensuring that one process cannot directly interfere with another. This modularity also ensures that new features can be added with less likelihood of breaking current functionality are some advantages of the Junos OS.

    • The primary functions of the control plane are to maintain routing intelligence, control and monitor the chassis, and manage the Packet Forwarding Engine (PFE). The primary functions of the forwarding plane are to forward packets and to implement advanced services.

    • Transit traffic is forwarded through the PFE on platforms running the Junos OS, based on the forwarding table installed on the PFE. Exception traffic is processed locally by the platform running the Junos OS by either the PFE or the RE depending on the type of traffic. Host-bound packets, such as protocol and management traffic, are passed directly to the RE for processing, while traffic requiring ICMP error message responses is typically handled by the PFE.

    • > ?
    • > clear ?

    • > help topic interfaces ?
    • > help topic interfaces address

    • > help reference interfaces address

    • edit - functions like a CD command
    • up - moves up one level
    • up n - moves up n levels
    • top - moves to the top of the hierarchy
    • exit - moves to the previous, higher level in the hierarchy or exits configuration mode if at the top level of the hierarchy

    • Two primary modes exist within the Junos OS: the operational mode and the configuration mode. A third mode also exists in the form of the FreeBSD shell.
      Type configure at the operational mode prompt to enter configuration mode:

    • Use the operational mode to monitor and troubleshoot the software, network connectivity, and hardware. Use the configuration mode to configure a device running the Junos OS, including interfaces, protocols, user access, and system hardware.

    • Use the Spacebar to complete a command and the Tab key to complete a variable.

    • The top command is the quickest method of returning to the top of the hierarchy.

    • The active configuration has been committed and is in use, whereas the candidate configuration is not active until performing a commit operation.

    • The show | compare command displays the differences between the currently active and candidate configurations.

    http://mozquito-network.blogspot.com/2013/11/configure-junos-part-1.html


    Juniper Networks Certified Internet Associate (JNCIA) Study Guide
    Juniper Networks Certified Internet Professional (JNCIP) Study Guide
    Juniper Networks Certified Internet Expert (JNCIE) Study Guide
    https://kb.juniper.net/kb/documents/public/junos/StudyGuides

    • The Routing Engine is the intelligence of the router. It operates the routing protocols and builds a routing and forwarding table. The forwarding table is copied to the Packet Forwarding Engine, where the actual transmission of user data packets is handled.

    • The JUNOS software is stored on the internal flash drive, the internal hard drive, and the removable flash media. When the router begins to boot, the removable media is checked first, followed by the internal flash drive, and finally the internal hard drive.

    • May save the router's configuration to the hard drive with the save command. The load command restores files to the candidate configuration. The candidate configuration becomes the active configuration with the commit command. Can easily return to a previous configuration with the rollback command.

    • There are four main ASICs used in the Packet Forwarding Engine: the Internet Processor ASIC, the Distributed Buffer Manager ASIC, the I/O Manager ASIC, and the PIC I/O Manager ASIC.


    image
    A packet is received on an interface (1,2) and is segmented into J-cells by the I/O Manager ASIC (3). The Distributed Buffer Manager ASIC stores the packet in the shared memory pool (4-6). The Internet Processor ASIC performs a route lookup (7) and sends the result to the Distributed Buffer Manager ASIC (8), which forwards it to the outgoing I/O Manager ASIC (9). After queuing the packet, the I/O Manager ASIC receives the J-cells from the memory pool (10) and re-forms the packet (11). It is sent to the outgoing PIC I/O Manager ASIC for transmission into the network (12).
    B-)
  • 11 Comments sorted by
    • An exception packet could be a routing protocol update, a locally addressed packet, or a packet requiring the generation of an ICMP error message. The CPU on the router's control board handles these exception packets and performs the appropriate action.



    • Operates routing protocols, loads the JUNOS software, and controls the CLI are the functions of the Routing Engine.
      The Routing Engine performs multiple functions, including operating the routing protocols on the router, loading the JUNOS software, and controlling the CLI. The Packet Forwarding Engine controls packet forwarding.

    • Routing Engine router component is responsible for creating the forwarding table.
      The Routing Engine builds the master routing table, selects the best path to each route, and places those next hops into the forwarding table.

    • The PIC I/O Manager ASIC is responsible for transmitting packets function.
      The PIC I/O Manager ASIC is responsible for receiving and transmitting data packets from the physical media connected to the PIC.

    • The Internet Processor ASIC is responsible for performing route lookups function.
      The Internet Processor ASIC consults the forwarding table on the control board to determine the next-hop router along the path to the destination.

    • The I/O Manager ASIC is responsible for creating J-cells function.
      The I/O manager ASIC is responsible for multiple functions in the router. One of those is the creation of J-cells from the original data packet.

    • The Distributed Buffer Manager ASIC is responsible for storing packets in memory function.
      The primary role of the Distributed Buffer Manager ASIC is storing and retrieving J-cells from the packet storage buffer.

    • A unicast packet is flowing through the Packet Forwarding Engine. Incoming I/O Manager ASIC receives the packet after the incoming PIC I/O Manager ASIC performs its functions.
      After receiving the packet from the physical media and performing any link-layer functions, the incoming PIC I/O Manager ASIC sends the packet to the incoming I/O Manager ASIC on its FPC.

    • Switching control board CPU component of the router is responsible for handling exception packets.
      The CPU on the router's control board is responsible for handing exception packets. Some of those exception packets might reach the Routing Engine.

    • IP packets with TTL=1 and Routing protocol updates are considered exception packets.
      Routing protocol updates and packets requiring an ICMP error message (TTL=1) are considered exception packets. A Juniper Networks router does not communicate using the HTTP or SMTP protocols. Therefore, these packets must be transiting the router and are handled by the Packet Forwarding Engine.

    • mgd JUNOS software daemon is responsible for operating the CLI.
      The Management Daemon (mgd) is responsible for controlling the CLI process.

    • rpd JUNOS software daemon is responsible for controlling the routing protocols.
      The Routing Protocol Daemon (rpd) is responsible for all routing protocol activity on the router.

    • When issued from the top of the configuration hierarchy, save saved-file command creates a file called saved-file that contains the entire candidate configuration.
      The save command takes portions of the candidate configuration and places them in a file you specify. When used from the top of the hierarchy, this process saves the entire candidate configuration.

    • rollback 5 command places the juniper.conf.5.gz file in the candidate configuration.
      load override juniper.conf.5.gz and load merge juniper.conf.5.gz will look for the juniper.conf.5.gz file in the user's home directory, where it is not stored by default.

    • /var/home is the router store each user's home directory.
      Each user configured on the router receives his or her own home directory in the /var/home section of the hard drive.

    • Internal flash drive is the primary boot media for the JUNOS software.
      The router's internal flash drive is the primary boot location for the JUNOS software.

    • Internal hard drive is the secondary boot media for the JUNOS software.
      The router's internal hard drive is the secondary boot location for the JUNOS software.

    • request system software add filename command loads a new version of the JUNOS software into the internal flash drive.
      The request system software add filename command loads a copy of the JUNOS software onto the router's flash drive.

    • Ctrl+A Emacs keystroke takes the cursor to the beginning of the command line.
      To reach the beginning of the command line, use the Ctrl+A keystroke. Ctrl+E takes you to the end and Ctrl+W deletes the previous word. Ctrl+D closes your terminal during a load merge terminal operation.

    • load merge terminal command allows you to paste text directly into the candidate configuration.
      The load merge terminal command allows you to cut and paste configuration directly into the router.

    • When committing configuration, commit confirmed command allows the router to automatically return to a previous configuration.
      The commit confirmed command allows the router to return to the previous configuration automatically if don't issue a regular commit within the default 10-minute timer.



    • The format consists of a two-character media type designator followed by the FPC slot number, the PIC slot number within an FPC, the port number on the PIC, and the logical unit. the format is media_type-fpc/pic/port.unit.

    • Each Juniper Networks router contains the fxp0 and fxp1 permanent interfaces. All interfaces contained on a PIC are considered transient because they can be removed at any time.

    • The inet, inet6, iso, and mpls protocol families are configurable on a Juniper Networks interface.

    • Each interface in the JUNOS software requires some logical properties. These often include the Layer 3 and Layer 2 addressing information for enabling proper network operation.

    • The show interfaces extensive command, information such as the current status, input/output byte and packet statistics, and input/output error counters are available in the command output.

    • Both loopback and BERT testing help to locate trouble spots on a physical network circuit.



    • Type, FPC, PIC, and port is the order of elements in the JUNOS software interface naming convention.
      The order is the media type, FPC slot number, PIC slot number, and PIC port number.

    • 0 through 7, left to right are the FPC slot numbers for an M40e numbered.
      An M40e has eight vertical FPC slots. They are numbered 0 through 7, left to right.

    • 0 through 3, right to left are the PIC slots numbered on an M20 FPC.
      An M20 has four PIC slots in each FPC. Since the FPC has a horizontal orientation, the PIC slots are numbered 0 through 3, right to left.

    • Permanent and transient are two different types of interfaces on a Juniper Networks router.
      Juniper Networks routers have two types of interfaces: permanent and transient.

    • Keepalives, Description, and FCS are the example of a physical interface configuration.
      Only the protocol address is a logical property of an interface.
    B-)
    • DLCIs number and Protocol MTU are both examples of a logical interface configuration properties.
      Scrambling and description are physical properties.

    • The router assigns a /32 prefix length to an IPv4 address if you do not specify one in the configuration.
      In the absence of a prefix length, the router assumes a 32-bit prefix length for an IPv4 address.

    • show interfaces so-* terse command displays the status of all SONET interfaces on the router.
      An asterisk ( * ) may be used as a wildcard character. The command show interface so-* terse will display the status of all SONET interfaces on the router.

    • An interface has multiple IP addresses configured. The interface's primary address is the lowest numbered address on the interface.
      An interface contains only a single primary address and, by default, it is the lowest numerical prefix on the interface.

    • The configuration is ignored and not applied is the result of using the deactivate command.
      When an interface has been deactivated, the interface is marked inactive and the configuration statements are ignored when the candidate configuration is committed.

    • In the show interfaces extensive output, Input Errors field displays framing errors.
      Input Errors are the sum of the incoming frame aborts and FCS errors.

    • input L3 incompletes field in the show interfaces extensive output displays received packets with a damaged IP header.
      The input L3 incompletes field is a counter that is incremented when the incoming packet fails Layer 3 (usually IPv4) checks of the header.

    • A Frame Relay interface is configured to support DLCI values 40, 50, and 60. Incoming frames show a DLCI 45 at input L2 channel errors field in the show interfaces extensive output.
      The input L2 channel errors field is a counter that increments when the software cannot find a valid logical interface for an incoming frame.

    • Time for a bit of JunOS
      mellowd.co.uk/ccie/?p=565

    • The Death of TRILL
      networkingnerd.net/2016/05/11/the-death-of-trill

    • JunOS - The basics
      mellowd.co.uk/ccie/?p=672

    • JunOS vs IOS - Basic OSPF
      mellowd.co.uk/ccie/?p=687

    • Recovering the Root Password
      www.juniper.net/documentation/en_US/junos16.1/topics/task/configuration/authentication-root-password-recovering.html

    • [EX] While booting up, switch stuck in db> mode
      kb.juniper.net/InfoCenter/index?page=content&id=KB20635

    • สร้าง Client Windows 7 ใน GNS3 โดยใช้ VirtualBox
      www.ninehua.com/index.php/download/doc_download/7-client-windows-7-gns3-virtualbox

      image

    • /31's effect on routing protocols
      mellowd.co.uk/ccie/?p=937

    • Upgrading JUNOS
      mellowd.co.uk/ccie/?p=1135

    • Upgrading the compact flash on a Juniper M10 (RE2.0, RE333)
      mellowd.co.uk/ccie/?p=1188

    • Missing mandatory statement: 'root-authentication'
      root@Olive# set system root-authentication plain-text-password

    • Partition a Juniper router into logical systems
      mellowd.co.uk/ccie/?p=2290

    • First JUNOS logical topology
      mellowd.co.uk/ccie/?p=2321

    • aconaway.com/2012/07/31/junos-basics-configuring-bgp

    • Getting started with JUNOS routing policy
      mellowd.co.uk/ccie/?p=2358

    • JUNOS hard-disk recovery
      mellowd.co.uk/ccie/?p=2456

    Cisco > Juniper command:
    • show bgp vrf B0 ipv4 unicast  neighbor 10.185.161.210 advertised-routes > show route advertising-protocol bgp 10.185.161.210 table B0
    • show bgp vrf B0 ipv4 unicast  neighbor 10.185.161.210 advertised-routes | inc pre > show bgp neighbor instance B0 10.185.161.210 | match Adv
    • show ip interface brief | include 10.97.83.133 > show interfaces terse | match 10.97.83.133
    • show run router bgp 69 vrf B0 > show configuration routing-instances B0 protocols bgp group CI

    • The IP address 10.1.1.1 belongs to Class A of IP address space

    • An IPv6 address consists of 128 bits separated into eight 16-bit hexadecimal sections
      image

    • LSPs (MPLS label-switched paths) are unidirectional, can follow paths other than the IGP's shortest path

    • End hosts determine the path MTU for IPv6 and Packet fragmentation occurs at intermediate nodes for IPv4 are two ways that packet fragmentation is handled differently between IPv6 and IPv4

    • Configuring Static Routing:
      # set routing-options static route 99.0.0.0/17 next-hop 10.0.0.6
      > show route protocol static   

      inet.0: 39 destinations, 39 routes (39 active, 0 holddown, 0 hidden)
      + = Active Route, - = Last Active, * = Both

      99.0.0.0/17        *[Static/5] 00:00:06
                          > to 10.0.0.6 via ge-0/0/1.0
      99.0.0.0/19        *[Static/5] 00:01:05
                          > to 10.2.0.10 via ge-0/0/2.0
      99.0.0.0/24        *[Static/5] 00:01:05
                          > to 10.2.0.14 via ge-0/0/3.0
      99.0.0.0/26        *[Static/5] 00:01:05
                          > to 10.2.0.18 via ge-0/0/6.0
      There are four static routes that route traffic through different interfaces.ge-0/0/6 interface does the router use if traffic is sent to the 99.0.0.1 destination

    • 14 host addresses are available in the 172.27.0.0/28 network

    • Benefits of using IPv6:
      • Supports a greater level of security by integrating features that were optional add-ons in IPv4
      • Reduces administrative overhead using stateless address autoconfiguration for hosts
      • Eliminates the need for private to public NAT using a large address pool

    • The forwarding table is stored on both the RE and PFE
    B-)
  • JNCIA:

    • OSPF hello packets that are sent from a remote router and are destined for the local router and Telnet traffic that is sent from a remote host and is destined for the local router are two examples of RE exception traffic.

    • If receive an alarm that Junos device is experiencing problems regarding temperature. show chassis temperature-thresholds and show chassis environment are two commands would use to investigate this problem.

    • A BGP router only uses the MED attribute, by default, when multiple routes in the Adjacency-RIB-In table have arrived from the same neighbouring AS.

    • By default, a Response message carries 25 route entries. When plain-text authentication is configured, one route entry is used to store the authentication data. Therefore, only 24 route entries can be advertised in this scenario. Using MD5 authentication, however, requires the use of two route entries, leaving a capacity of 23 RIP routes in the message.

    • ge-4/3/2:
      • media type Gigabit Ethernet interface in slot 4 in the chassis/slot 3 of the FPC/port 2 in a PIC.
      • media type Gigabit Ethernet interface on FPC 4/PIC 3/Port 2.

    • RIPv2 defaults to advertising Response messages using the 224.0.0.9/32 multicast group address.

    • Using an MPLS network to support Layer 3 VPNs.By default, the JUNOS software stores VPN routing information advertised between Provider Edge routers in the bgp.l3vpn.0 routing table.

    • The JUNOS software places a single next-hop entry into the forwarding table for each valid route in the routing table, by default. Can modify this behaviour by configuring a routing policy within the [edit routing-options forwarding-table] configuration hierarchy.

    • 3 prefixes will match route-filter 192.168.0.0/16 upto /17. The upto match type stops the evaluation of the route filter and matches the routes found at the specified level. This route filter matches the 192.168.0.0/16, 192.168.0.0/17, and 192.168.128.0/17 routes.

    • The Routing Protocol Daemon (rpd) software process is responsible for / in charge of operating all routing protocols in the JUNOS software.

    • 1 - 50: drive.google.com/open?id=0B-ob6L_QjGLpNUxPYTBIcVozcUE

    • 51 - 100: drive.google.com/open?id=0B-ob6L_QjGLpakNvMzczY1pRZ00

    • 101 - 150: drive.google.com/open?id=0B-ob6L_QjGLpbzFsTTczcWQxUUU

    • 151 - 200: drive.google.com/open?id=0B-ob6L_QjGLpcGV4UWpKSXpiNjQ

    • 201 - 250: drive.google.com/open?id=0B-ob6L_QjGLpaEZ2VEJFY3NIM1k

    • 251 - 300: drive.google.com/open?id=0B-ob6L_QjGLpT29kdFRUakplUHM

    • 301 - 350: drive.google.com/open?id=0B-ob6L_QjGLpSnBweXp4Q2pxelE

    • 358 - 368: issuu.com/ruthgriffithfreedumps/docs/_2017-may-version_free_jn0-102_dump

    Certification Levels:

    • Up to four levels per track:
      • JNCIA - Internet Associate
        • Multiple choice exam
      • JNCIS - Internet Specialist
        • Multiple choice exam
      • JNCIP - Internet Professional
        • Multiple choice exam
      • JNCIE - Internet Expert
        • One-day, lab-based exam

    Introduction to JUNOS Software:

    JUNOS Software:

    • Robust, modular operating system
      • Provides industry-leading performance and scalability
      • Based on the FreeBSD UNIX operating system

    • Protocols
    • Interface Mgmt
    • Chassis Mgmt
    • SNMP
    • Security Services
    • ...

    Single Software Train:

    • A single software train for all platforms running JUNOS Software
      • Eases management overhead by providing a consistent set of features that are implemented in a consistent manner

    Separation of Control and Forwarding:

    • All platforms running JUNOS Software share a common design goal:
      • Clean separation of control and forwarding functions
    • Control Plane: Routing Engine (RE)
      JUNOS Software: Routing Table (RT) > Forwarding Table (FT) - Internal Link >
    • Forwarding Plane: Packet Forwarding Engine (PFE)
      Frames/Packets In > FT > Frames/Packets Out
    • MAC Table = Bridge Table

    Routing Engine:

    • Maintains routing and forwarding table

    Packet Forwarding Engine (PFE):

    • Uses Layer 2 and 3 forwarding
    • ACL = stateless firewall filtering

    Transit Traffic Progressing: Pass-through

    Exception Traffic Processing:

    • Exception traffic is rate-limited

    Overview of JUNOS Platforms:

    • M Series
    • T Series: Core Router
    • SRX Series: Firewall

    Common User Interface Options:

    • JUNOS CLI:
      • Text-based command shell
      • Accessible through the console port using a terminal emulation program
        • Uses RJ-45 RS-232 @ 9600 Bps, 8/1/N (not configurable)
      • Also accessible through network ports using an access management protocol such as Telnet or SSH
        • Requires network interface and related service configuration
        • Many Junos devices include a dedicated management Ethernet interface used for out-of-band access
    • J-Web:
      • Web-based graphical user interface
      • Accessible through an HTTP-enabled or HTTPS-enabled browser

    Logging In:

    • When logging in:
      • Nonroot users are placed into the CLI automatically
        login: user
        Password:
        user@host> - CLI Prompt
      • The root user must start the CLI from the shell
        • Remember to exit the root shell after logging out of the CLI!

        root@router% cli - Shell Prompt

    CLI Modes:

    • Operational mode:
      • Monitor and troubleshoot the software, network connectivity, and hardware
        user@router> - The > character identifies operational mode
    • Configuration mode:
      • Configure the device, including interfaces, protocols, user access, and system hardware properties
        [edit]
        user@router# - The # character identifies configuration mode

    Context-Sensitive Help:

    • Type ? anywhere on the command line to get help:
      user@router> ?
      Possible completions:
        clear                Clear information in the system
        configure            Manipulate software configuration information
        file                 Perform file operations
        help                 Provide help information
        ...

      user@router> clear ?
      Possible completions:
        amt                  Clear AMT Protocol information
        arp                  Clear address resolution information
        auto-configuration   Clear auto-configuration action
        bfd                  Clear Bidirectional Forwarding Detection information
        ...
    B-)
  • A bit of JNCIE-SP:

    • Apply the new hostname R1:
      set system host-name R1

    • Set the time zone location of the device:
      set system time-zone Asia/Bangkok
      show system uptime = Cisco show clock
      show log messages = show logging

    • Configure firewall filters to control traffic destined to the routing engine:
      set firewall policer re-policer if-exceeding bandwidth-limit 100k
      set firewall policer re-policer if-exceeding burst-size-limit 25k
      set firewall policer re-policer then discard
      set firewall family inet filter protect-re term icmp from protocol icmp
      set firewall family inet filter protect-re term icmp then policer re-policer
      set firewall family inet filter protect-re term icmp then accept
      show firewall filter protect-re
      set firewall family inet filter protect-re term last then count dropped-packets
      set firewall family inet filter protect-re term last then log
      set firewall family inet filter protect-re term last then discard
      show firewall filter counter dropped-packets protect-re   
      show firewall log

    • Assign IP addresses on interfaces:
      show interfaces terse = show ip interface brief
      set interfaces lo0 unit 0 family inet address 172.31.100.1/32
      set interfaces ge-0/0/0 unit 0 family inet address 172.22.121.2/30

    • IGP Setup:
      set interfaces ge0/0/0 unit 0 family iso
      set interfaces lo0 unit 0 family iso address 49.1234.1720.3110.0001.00
      set protocols isis interface ge-0/0/0.0 point-to-point
      ge0/0/0.0 - Gigabit Ethernet interface on FPC 0/PIC 0/Port 0.logical interface 0
      set protocols isis interface lo0.0 passive

    • Turn up LDP and MPLS:
      set interfaces ge-0/0/0 unit 0 family mpls
      set protocols mpls interface ge-0/0/0.0
      set protocols ldp interface ge-0/0/0.0
  • JNCIA:

    Command and Variable Completion:

    • Use the Spacebar to complete commands:
      user@host> sh<space>ow i<space>
      'i' is ambiguous.
      Possible completions:
        iccp                 Show Inter Chassis Control Protocol information
        igmp                 Show Internet Group Management Protocol information
        ike                  Show Internet Key Exchange information
        interfaces           Show interface information
        ipsec                Show IP Security information
        ipv6                 Show IP version 6 information
        isis                 Show Intermediate System-to-Intermediate System information

    • Use the Tab key to complete commands and variables:
      [edit policy-options]
      user@router# show policy-statement t<tab>his-is-my-policy
      then accept;

    Editing Command Lines:

    EMACS-style editing sequences are supported:

    • Ctrl+b(ackward): Moves the cursor left one character;
    • Ctrl+a: Moves the cursor to the beginning of the command line;
    • Ctrl+f(orward): Moves the cursor right one character;
    • Ctrl+e(nd): Moves the cursor to the end of the command line;

    A VT100 terminal type also supports the Arrow keys

    Using | (Pipe):

    • Use | (pipe) to filter and manipulate command output:
      user@host> show route | ?

    CLI Operational Mode:

    • Execute operational mode commands to monitor and control the operation of devices running the Junos OS
      • Hierarchy of commands: Less Specific > More Specific
        • Example: user@host> show ospf interfaces

    Active Versus Candidate Configuration:

    • Batch configuration model:
      • Must commit configuration changes
    • Active configuration:
      • Current operational configuration
      • Boot-up configuration
    • Candidate configuration:
      • A working copy for configuration changes
      • Initialized with the active configuration
      • Becomes active configuration upon commit

    Overview: The Life of a Configuration File:

    • Active Configuration 0 - configure > Candidate Configuration - commit > Active Configuration 0
    • Active Configuration 0 - rollback 1-49 > Candidate Configuration

    Entering Configuration Mode:

    • Type configure at the operational mode prompt to enter configuration mode
    • Use configure exclusive to exclude other users from editing the configuration
      • Any uncommitted changes are discarded when users exit
    • Use configure private to allow users to edit private copies of candidate configuration concurrently
      • When users issue a commit, their private changes merge back into the global configuration
      • Any uncommitted changes are discarded when users exit
      • If two users make competing changes, the first user's commit succeeds, and the second user receives a warning
        • The second user must issue a second commit to activate the change

    Configuration Statement Hierarchy:

    [edit]
    user@host# edit protocols ospf area 51 stub

    [edit protocols ospf area 0.0.0.51 stub]
    user@host#

    Configuration File Is Hierarchical:

    • Enter CLI commands without curly brackets:
      [edit system]
      user@host# set services web-management http port 8080

    • The result is a hierarchical configuration file, complete with curly brackets:
      [edit system]
      user@host# show services
      web-management {
        http {
          port 8080;
        }
      }

    Moving Between Levels:

    • edit: functions like a change directory command / a CD command:
      user@router# edit protocols ospf area 51
    • up: moves up one level in the hierarchy
    • up n: moves up n levels in the hierarchy
    • top moves to the top of the hierarchy
    • exit moves to the previous, higher level in the hierarchy or exits configuration mode if at the top level of the hierarchy
    B-)
  • Adding Configuration Statements:
    • Use set to add configuration statements:

    Removing Configuration Statements:

    • Use the delete

    Test Knowledge:

    • Just disabled an interface with a set interface interface-name disable
      Use delete interface interface-name disable to enable

    Committing a Configuration:

    • Use commit to activate configuration changes:
      [edit]
      user@host# commit
      commit complete
      • If multiple REs are installed, use commit synchronize
    • Use commit check to confirm syntax:
      [edit]
      user@host# commit check
      [edit interfaces ge-0/0/10 unit 0]
        'family'
          When an ethernet-switching family is configured on an interface, no other family type can be configured on the same interface.
      error: configuration check-out failed
    • Use commit confirmed
    • Use commit at to schedule a future commit

    Comparing Configuration File Differences:

    • Compare candidate and active configurations:
      [edit system services]
      user@host# show | compare
      [edit system services]
      + ftp;
      - telnet;
    • Compare active and historical configurations:
      user@host> show configuration | compare rollback number

    Loading Configuration Files:

    • Use the load command to load a configuration file:
    • Use terminal to input from terminal capture buffer

    Using the run command: Cisco do

    • Use run to execute operational mode CLI commands while in configuration mode
      • Can save time

    J-Web Overview:

    • The J-Web user interface:
      • Allows for easy setup and maintenance
        • Fast deployment with minimal configuration steps
        • HTTP-based - no user software required
      • Offers quick verification of system status
        • Summary page shows system information and status
      • Provides multiple configuration options

    Dashboard Tab:

    • The Dashboard tab is the default view

    Configure Tab:

    • Graphical configuration editing and viewing

    Monitor Tab: Operational Mode

    Maintain Tab

    Troubleshoot Tab

    Initial Configuration Checklist

    Initial Configuration:

    • Set the time parameters:
      • Time zone
    • Set the management network parameters:
      • Management interface address
      • Static route for management traffic

    Viewing the Results:

    • Use show configuration to view the results

    The Rescue Configuration:

    • A rescue configuration is designed to restore basic connectivity in the event of configuration problem

    Overview of Interfaces:

    • Interfaces connect to networks or provide a service; interface type examples

    Interface Naming:

    • Most interfaces are named according to:
      • Interface media type (ge, so, at, and so forth)
      • Line card (FPC) slot number
      • Interface card (PIC) slot number
        While different platforms use different name

    Logical Units:

    • Similar to sub-interfaces used by other vendors:
      • In JUNOS Software, a logical unit is always required

    Interface Properties:

    • Physical properties settings include:
      • Data Link Layer protocol
      • Link speed and duplex

    Authentication Order Example:

    [edit]
    user@host# show system authentication-order
    authentication-order [ radius tacplus ];

    Components of Authorization:

    User > Class > Permission > deny-commands (operational mode) / deny-configuration (configuration mode) > allow-commands / allow-configuration > Authorized or Denied

    [edit system login]
    root@host# show
    class noc-admin {
      permission [ clear network reset view ];
      allow-commands "(configure private)";
      deny-commands "(file)";
      allow-configuration "(interface)...

    set system login user admin class super-user authentication ...

    System Logging Overview:

    • System logging:
      • Uses UNIX Syslog-style configuration syntax

    Syslog Configuration Example:

    [edit system syslog]
    user@host# show
    user * { < Emergency messages go to all logged-in users (*)
      any emergency;
    }
    host 10.210.14.174 { < Logs to a remote host

    Interpreting Syslog Messages:

    Traceoptions Overview:

    • Tracing is the JUNOS Software equivalent of debug
      • Requires configuration

    Traceoptions Configuration Example:

    • Include the traceoptions statement at the [edit protocols protocol-name] hierarchy level
      • Traceoptions also available for other hierarchies

    Analyzing Log and Trace Files:

    • Use show log file-name to display file contents:

    Miscellaneous Log File Commands:

    • Use the monitor to perform real-time monitoring:
      user@host> monitor start filename
      • Use pipe (|) to filter

    NTP Clock Synchronization:

    • Use NTP to synchronize clocking on network devices

    Monitoring NTP Clock Synchronization:

    Archiving Configuration Files:

    • Configure host to automatically back up configuration file at the [edit system archival) hierarchy

    Monitoring the Archival Process:

    • Configuration files are queued for transmission in the /var/transfer/config directory

    SNMP Overview:

    • SNMP facilitates communication between an SNMP agent and a network management system
      • NMS and agent communication:
        • Get, GetBulk, and GetNext requests
        • Set requests
        • Notifications (traps (UDP) - SNMP v2c or informs (TCP) - SNMP v3)
    • MIB:
      • Used to define managed objects in a network device

    Example: Configuration SNMP:

    [edit snmp]
    user@host# show
    description "My JUNOS Device";
    location...

    Monitoring Tools:

    • Primary monitoring tool is JUNOS CLI

    Monitoring System-Level

    Monitoring the Chassis:

    Verifying Interface Status:

    • Use show interface

    Terse Output Example:

    • Use show interfaces terse to quickly

    Monitoring Interfaces

    • Use monitor interface

    Network Utilities:

    • Access Telnet, SSH, ...

    Packet Capture Example:

    JUNOS Software Naming Convention:

    Upgrading JUNOS Software:

    • Download JUNOS Software
    • by USB:
      root@% mkdir /var/tmp/usb (any directory name can be used as mounted directory)

    Password Recovery Process:

    • Must have a console connection
    • Steps:
      1. Reboot the system
        • Press the Spacebar when prompted
        • Enter boot -s to access single user mode
      2. Enter recovery, when prompted to go into recovery

    • The IP address 10.1.1.1 belongs to Class A of IP address space.

    • For the interface ge-1/2/3.4, "ge" represent Gigabit Ethernet.

    • The Junos Genius mobile learning platform (www.junosgenius.net) helps you learn Juniper technologies and prepare for Juniper certification exams on your schedule.

    • 11000000 10101000 10111011 11001001 is the binary equivalent of 192.168.187.201.

    • 01100000 00000110 11100111 10010100 is the binary equivalent of 96.6.231.148.
    B-)
  • Junos Troubleshooting Process:

    Before You Begin...:

    • First, do no harm:
      • Know what is normal
      • Use change control processes
      • Plan for the worst
      • Backup configurations and other key files
      • Use non-disruptive practices
      • Recreate in a lab environment
      • Use maintenance windows

    Know What Is Normal:

    • You must know what is normal for your system:
      • Establish a baseline before a problem occurs:
        • Resource utilization
        • Throughput
        • Types of traffic
    • Confirm the symptoms:
      • Always verify a problem exists before conducting potentially disruptive testing

    Change-Control Processes:

    • Use change-control processes:
      • Formalized
      • Balance needs with risks
      • Coordinate scheduling to minimize impact to production
      • Remember, customers might have change control policies in place as well

    Plan for the Worst:

    • Have a back-out plan

    Configuration:

    • Working with configurations:
      • Use save to make backups before modifying a configuration:
        • All or part of a configuration can be saved locally or remotely
      • Use commit comment to add comments:
        • Logged comments can help when a quick rollback is needed
      • Use commit confirmed to temporarily activate
        • When working with remote systems
        • When adding or modifying policies, firewalls, or other security elements

    Disruptive Practices:

    • Be aware of disruptive practices:
      • Review power-on hardware information for your equipment:
        • Hot-swappable FRUs
        • Hot-pluggable FRUs
      • Review hardware redundancy options where available
      • Be careful when using hidden CLI commands:
        • Hidden commands are hidden for a reason
        • Understand disruptive potential before using
      • Be careful when using disruptive testing techniques

    Recreate in Lab Environment:

    • Why start a lab reproduction effort?
      • You can troubleshoot without affecting customer traffic even when your actions are potentially disruptive
      • You are free to experiment with possible workarounds:
        • One possible methodology is to start with a simple setup, and add detail until the problem can be reproduced
      • Lab reproduction is invaluable for some problems:
        • Protocol anomalies
        • Interoperability issues
        • Unexpected signaling behavior
      • When is lab reproduction not useful?:
        • When a problem is tied to a specific device or circuit failure
        • When the complexity of the network or of the potential triggers makes reproduction unfeasible

    Maintenance Windows:

    • Minimize impact from unforeseen issues
    • Do not be distracted by perceived urgency
    • Customers have maintenance windows too

    Troubleshooting:

    • The ability to identify the root cause of a problem impacting the network
    • The ability to identify the root cause of any deviation from the normal or expected behavior of a network

    A Process-Based Methodology:

    • Learnable
    • Repeatable
    • Can be used when dealing within any of these elements of a device running the Junos OS:
      • Chassis
      • Control plane
      • Interfaces and circuits
      • Data plane

    Where To Begin?:

    • The scientific method:
      • Characterize a problem based on observation and experience
      • Hypothesize and propose an explanation for the observation
      • Make a prediction based on past experiences
      • Test and experiment to prove or disprove the accuracy of the prediction

    Troubleshooting Steps:

    • Define success
    • Isolate the component preventing success:
      • Characterize
      • Hypothesize
      • Predict
      • Test and experiment
    • Identify a solution
    • Implement the solution

    Define Success:

    • Quantify the problem:
      • What is happening that should not be happening?
      • What should be happening that is not happening?
    • Define a desirable endpoint:
      • Be specific
      • Define a recognizable endpoint
      • Example: prefix a.b.c.d/z will be received from neighbor x
    • Be careful not to define success using preconceived solutions

    Verify the Problem:

    • Once defined, verify the problem exists before proceeding with troubleshooting:
      • Troubleshooting can be more disruptive than the problem

    Isolate the Problem:

    • Isolate the component preventing success:
      • Characterize
      • Hypothesize
      • Predict
      • Test and experiment

    Characterize the issue:

    • Collect information:
      • System logs
      • Protocol traceoptions
      • Operational mode command output
    • Ask probing questions:
      • When did this start happening?
      • Has this ever worked?
      • When did this last work as desired?
      • What has changed?
      • What troubleshooting steps and actions have been tried already?
    • Identify the knowns and unknowns

    Hypothesize:

    • Suggest possible explanations for observed behavior:
      • Identify all required components and dependencies
        • Use your knowledge of the technology
        • Remember the OSI
        • Use online references
        • When possible, reconstruct a working scenario
      • Be complete
      • Do not assume
      • Do not overlook the obvious

    Layered Approach:

    TCP - OSI:

    • Link - Physical, Data Link
    • Internet - Network
    • Transport - Transport
    • Application - Session, Presentation, Application

    Revisiting Control and Data Planes:

    • Control Plane - Routing Engine - Common Symptoms: Missing routes
    • Data Plane - Ingress > PFE - FT > Egress > Common Symptoms: Physical errors, dropped packets (all or some)

    • Generally a good idea to begin diagnosis at the control plane

    Predict and Test:

    • Make a prediction:
      • Identify most probable explanation
        • Be complete
        • Do not assume
        • Do not overlook the obvious
      • Test to prove (or disprove) your hypothesis
        • Validity, validity, validity!

    Recursive Process:

    • "If at first you don't succeed...":
      • Divide and conquer:
        • Remember the reference models
      • Narrow down the possibilities:
        • Validity, validity, validity!
        • Build your own troubleshooting flowchart as you go
        • Each test should reduce the number of possible causes for the problem, regardless of pass/fail status
      • Remember, more than one contributing factor could be present (particularly in new setups)

    Consider the Possibilities:

    • Possible causes:
      • Configuration
      • Hardware
      • Software
      • Something else
    • Remember, more than one contributing factor could be present:
      • New installations
      • Some troubleshooting has already occurred
      • New, previously unnoticed issues, become apparent
    B-)
  • Configuration Errors:

    • Most plausible in new setup or with recent changes:
      • Use show system commit to check for recent changes
      • Use show | compare rollback x to display differences in rollback configurations
      • Remember to check all devices that could introduce a problem
    • Eliminate the control plane as a possibility before focusing on the data plane
    • When
      configuration errors are suspected, it is OK to quickly glance at
      configuration, but rely on operational mode commands to isolate errors:
      • The human brain sees what it expects to see

    The Human Brain, a Funny Thing...:

    Take a moment and read the following paragraph:

    Arocdnicg to rsceearch it deosn’t mttaer in waht oredr the ltteers in a wrod are, the olny iprmoatnt tihng is taht the frist and lsat ltteer are in the rghit pcale. The rset can be a toatl mses and you can sitll raed it wouthit pobelrm. Tihs is buseace the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe.

    Sample operational mode commands:

    • Success:
      • Reachability between remote hosts using a BGP-learned route X
    • Operational mode commands to help isolate the problem:
      • show route protocol bgp
      • show route prefix
      • show bgp summary
      • traceroute
      • show route receive-protocol bgp
      • show route advertising-protocol bgp
    • Know which part of the configuration you must review

    Hardware Errors:

    • Plausible in new out-of-box setups
    • Plausible if new problems show up in established networks
      • Can be a delayed effect from improper handling
    • Alarms, LEDs, and log files, along with operational mode command output all prove helpful in troubleshooting hardware issues
    • Try moving the problem
    • Generally eliminate hardware as a possibility before progressing on to software

    The Human Brain - Still a Funny Thing...:

    Count the number of Fs:

    The necessity of training farm hands for first class farms in the fatherly handling of farm live stock is foremost in the eyes of farm owners. Since the forefathers of the farm owners trained the farm hands for first class farms in the fatherly handling of farm livestock, the farm owners feel they should carry on with the family tradition of training farm hands of first class farmers in the fatherly handling of farm live stock because they believe it is the basis of good fundamental farm management.

    Parsing System Log and Other Output:

    • The CLI's | (pipe) function makes parsing log files and other extensive output easy:
      • Several options are available:
        • Use the | (pipe) function to filter and manipulate output
          show interfaces terse | match down
        • Chain multiple options for advanced capability
          show log messages | match fpc | count fail
        • Use quotes and the pipe function as a logical "or" for example:
          show log messages | match "fpc | sfm | kernel"
      • Search the messages and chassisd logs for entries like fail, kernel, core, error, and so on

    Hardware Troubleshooting:

    • Display and View Alarms:
      show chassis alarms

    • View LED Status and Display Craft Interface:
      show chassis craft-interface

    • Parse and View Syslogs and Act Accordingly:
      show log messages
      show log chassisd
      monitor start [messages | chassisd]

    • Display Interface and Hardware Status:
      show chassis hardware
      show chassis fpc
      show pfe statistics error
      show interfaces terse
      show interfaces interface detail
      show log log-file-name

    Software Errors:

    • Plausible in new setups, with recent Junos OS upgrades, or when using new features
    • View version and last Junos OS change:
      show version detail
      show system software detail
      file list /var/sw/pkg detail | match rollback
    • Check online resources for known issues:
      • Check release notes:
        www.juniper.net/documentation/software/junos
      • Search using keyword search - requires login:
        prsearch.juniper.net

    Troubleshooting software problems:

    • First, eliminate hardware as a possible issue
    • Review logs for software-related entries
    • Verify required processes are running
    • Move the problem:
      • Can the issue be duplicated on another system using the same version of the Junos OS?
      • Can the issue be duplicated on another system using a different version of the Junos OS?
    • Core files and memory dumps might be required for advanced troubleshooting

    • Parse and View Syslogs and Act Accordingly:
      show log messages
      monitor start messages

    • Display Running Processes:
      show system processes
      show system connections
      file show /etc/services

    • Determine Whether Core Files Are Present:
      show system core-dumps
      file list /var/tmp/*core*
      file list /var/crash/*core*

    One More Possibility...:

    • Something else:
      • Outside influences
        • Changes in traffic flow
        • Changes in traffic type
        • Malicious attacks
      • Works as designed
        • Misunderstanding of feature
        • Design decision

    Identify a possible Solutions:

    • More than one way might be possible
    • Criteria:
      • The fix does not cause other problems
      • The fix survives a reboot
      • The fix is well communicated
      • The fix is operationally understandable
    • Short-term fixes are acceptable for quick restoration of service - short term
    • Test the solution:
      • Validity, validity, validity
      • Plan how to implement solution with minimum disruption

    Implement the Solution:

    • Remember - do no harm:
      • Follow change control processes
      • Use maintenance windows
      • Have a back-out plan
      • Plan for the worst
    • Verify that the issue is resolved:
      • Success achieved?
      • Monitor solution
      • Confirm the absence of other negative impacts
    • Document the changes

    Challenging Network Issues:

    • Some situations can be particularly challenging:
      • Packet loss
      • Troubleshooting intermittent issues
      • Isolating bottlenecks
    • Information is key:
      • Use an out-of-band management network to ensure access
      • Have a baseline for comparison
      • Use appropriate logging options
      • Look for patterns
    B-)
  • Monitoring Memory and Storage:

    • Enter into configuration mode and load the device's reset configuration by issuing the load override jtnoc/lab3-start.config command.

    • Change the root password to lab123 by issuing the set system root-authentication plain-text-password command.

    • Issue the show chassis routing-engine command to view the details of your router's RE.
      •     DRAM                      16330 MB (16384 MB installed)
        There is 16384 MB of DRAM installed.
      •     15 min CPU utilization:
              Idle                      99 percent
        The RE CPU idle utilization in the last 15 minutes is 99%
      •     Uptime                         124 days, 1 hour, 12 minutes, 55 seconds
        The RE has been powered up for 124 days, 1 hour, 12 minutes, 55 seconds.

    • Issue the show system storage command to determine the amount of storage space available on your router.
      User home directories are located at /var/home. The /var directory is mounted on a partition of ada1s1f, so it is currently being used to store user home directories.

    • Enter the shell as the root user by issuing the start shell user root command. Enter the password of lab123 when prompted.

    • Perform a read-only test to determine the integrity of the ada1 storage drive. Use the dd if=/dev/ada1 of=/dev/null bs=1m command to perform the test.
      It might take between 5 or 10 minutes for the test to complete. Be patient.
      • If the test results show that errors occurred, please notify your support because your router might be experiencing a hardware failure.
      • 4192247808 bytes transferred in 95.412312 secs (43938227 bytes/sec)
        4192247808 bytes were read from the da0 flash drive.

    Viewing Boot and System Logs:

    • Direct your router to reboot in 20 minutes using the request system reboot in 20 command.
      Shutdown at Tue Jan 16 09:58:54 2018.
      The router will reboot at 09:58.

    • Clear the schedule reboot using the clear system reboot command.

    • Direct your router to reboot immediately using the request system reboot command.

    • View the boot messages that occurred during the reboot process by issuing the show system boot-messages | no-more command.
      The boot messages record the step-by-step process that the RE goes through to boot. No critical errors should have occurred. You may see a few instances while the system is coming online.

    • Use the show system uptime command to determine the router's current time and date.
      Current time: 2018-01-16 09:53:28 ICT
      The time and date are currently 2018-01-16 09:53:28 ICT.

    • View the messages log file using the show log messages to view detailed information about the PFE during the reboot that just occurred. It might be helpful to use the match modifier to ensure that only entries from today's date are shown. For example, if today's date is Jan 16th, issue the command show log messages | match "Jan 16" (you might need to use two spaces between month and day).

    • You might notice that matching on the date might not narrow the search down enough because thousands of entries might happen on any one day. Use the previous command but add a second pipe that matches on reboot, show log messages | match "Jan 16" | match reboot.
      • Jan 16 10:12:31.570 2018  vmx1 mgd[95632]: UI_REBOOT_EVENT: System rebooted by 'lab'
        The first reboot was issued at 10:12:31.
      • Jan 16 10:12:31.594 2018  vmx1 shutdown: reboot requested by lab at Tue Jan 16 10:32:31 2018
        This indicates that we requested the reboot to happen 20 minutes later.
      • Jan 16 10:14:44.681 2018  vmx1 mgd[95632]: UI_REBOOT_EVENT: System rebooted by 'lab'
        The second request was issued at 10:14:44.

    • Using the show log messages | match chassisd | match fpc | match online command, determine the exact time that FPC 0 came back online after the reboot. (Status of FPCs are tracked by chassisd.)

    Monitoring Chassis Alarms:

    • Determine if any alarms exist by issuing the show chassis alarms command.
      2 alarms currently active
      2 active alarms exist.

    • Enter
      configuration mode and change the default chassis alarm settings such that if any Ethernet ports are in the link-down state issuing set chassis alarm ethernet link-down red, the router will generate a red alarm.

    • delete chassis alarm ethernet link-down

    Examining User Processes and Daemons:

    • Issue the show system users command.
      USER     TTY      FROM                              LOGIN@  IDLE WHAT
      lab    pts/0    192.168.0.231                    2:23PM      - -cli (cli)   
      • Only the user, lab, is logged in to your device.
      • Shows that user lab is logged in from the IP address of 192.168.0.231.

    • Forcibly remove the instance of user by issuing the request system logout user lab terminal pts/0.

    • Issue the show system processes extensive command.
      • The chassisd daemon manages the chassis components of the router.
      • The rpd daemon manages the routing function.

    • Issue the show route command.
      • 10.85.0.12/32      *[Direct/0] 16w3d 20:52:27
        Shows that the oldest route has been in the routing table for 16w3d 20:52:27.
      • If for some reason the rpd process were to restart, the Junos OS removes all routing information from the routing table. Then, the Junos OS adds any current routing information through independent and dynamic routing protocols.

    • Issue the restart routing command.
      • All the routes in the routing table were removed and replaced with new routes, which you can see by viewing the current age of the routes in the routing table.
      • Restarting rpd causes ISIS to completely reconverge. All neighbor adjacencies must re-establish, the router must repopulate the linkstate database, and calculations must run on all possible routes to determine the best path.
      • You can restart only ISIS by deactivate protocols isis command in the [edit] hierarchy level, committing the configuration, activate protocols isis, and committing the configuration again.

    Generating Core Files:

    • Issue the show system core-dumps command:
      /var/crash/*core*: No such file or directory
      /var/tmp/*core*: No such file or directory
      No core dump files are present on your device.

    • Generate a core dump file using the rpd process, request system core-dump routing.

    • Delete the core dump from the device using the file delete command.
    B-)
  • Configuring Routing Protocols and Routing Tables:

    • Issue the show route command.
      • 0.0.0.0/0          *[Static/100] 00:30:48
        The default static route points to unknown destinations.
      • inet.0: 81 destinations, 81 routes (81 active, 0 holddown, 0 hidden)
        inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
        The inet.0 and inet6.0 routing tables are present in the output.

    • To test connectivity, ping the virtual router loopback address (192.168.1.1) attached to your vmx1 device. Limit your attempts to 5 pings, ping 192.168.1.1 count 5.
      5 packets transmitted, 0 packets received, 100% packet loss
      The ping test was not successful.

    • Because the ping test failed in the previous step, issue a traceroute to the same address to determine the path taken, traceroute 192.168.1.1.
      •  1  * * *
        ...
        30  * * *
        Shows that the next hop device, does not have the proper routing knowledge.
      • show route 192.168.1.1
        0.0.0.0/0          *[Static/100] 00:46:35
        Our local router does not have a route to that IP and must use the default 0/0 route to attempt to reach this address.

    • edit protocols ospf
      set area 0 interface ge-0/0/4

    • Issue the show ospf interface and show ospf neighbor commands.

    • Configure a local autonomous system:
      edit routing-options
      set autonomous-system 65412

    • Configure the bgp neighbor IP address and define the peer autonomous system number:
      top edit protocols bgp group ISP-1
      set neighbor 172.18.1.1
      set peer-as 56155
      Default Junos BGP type is EBGP.

    • Issue the run show bgp summary command to verify that BGP is currently up and established.

    • To investigate why the BGP sessions cannot reach the Established state, configure traceoptions under the BGP protocol.
      [edit protocols bgp group ISP-2]
      up 1 edit traceoptions
      set flag open
      set file bgp-trace.log

    • Issue the run show log bgp-trace.log command.
      bgp_process_open:4060: NOTIFICATION sent to 172.18.1.1 (External AS 56155): code 2 (Open Message Error) subcode 2 (bad peer AS number), Reason: peer 172.18.1.1 (External AS 56155) claims 65001, 56155 configured
      • An autonomous system mismatch exists between your device and the ISP-1 router.
      • Should change the peer-as value to 65001.

    • Now that we know what the problem is, should remove the traceoptions configuration that recently configured.
      delete traceoptions
      file list /var/log/ | match trace
      file delete
      /var/log/bgp-trace.log

    Determine Current Control Plane Requirements:

    • Review the current system configuration using the show system command.
      FTP, SSH, Telnet, and NTP traffic must be allowed by a control plane protection filter.

    • Review protocol configuration using the show protocols command.
      Also BGP and ISIS must be allowed to maintain the current communication requirements.

    • Issue the show isis adjacency command to verify ISIS is working correctly.

    • Issue the show ntp associations command to review the current status of NTP.

    Configuring Control Plane Protection:

    • Navigate to the [edit policy-options] and create a prefix list named bgp-neighbors. Use the apply-path feature to walk through the Junos configuration to discover all the BGP neighbors within the configuration.
      set prefix-list bgp-neighbors apply-path "protocols bgp group <*> neighbor <*>"

    • Create a prefix-list named ospf to match both of the well-known multicast addresses (224.0.0.5/32 and 224.0.0.6/32) as well as the network associated with the WAN link. This solution does not scale well, but since we only have one neighbor and one interface this simple approach should work fine.
      set prefix-list ospf 224.0.0.5/32
      set prefix-list ospf 224.0.0.6/32
      set prefix-list ospf 192.168.11.0/30

    • Navigate to the [edit firewall family inet filter protect-re] hierarchy. Create a term called allow-bgp and ensure that BGP's TCP messages are accepted from any BGP neighbor identified in the prefix list.
      set term allow-bgp from source-prefix-list bgp-neighbors
      set term allow-bgp from protocol tcp
      set term allow-bgp from port bgp
      set term allow-bgp then accept

    • Allow-ospf:
      set term allow-ospf from source-address 192.168.11.0/30
      set term allow-ospf from destination-prefix-list ospf
      set term allow-ospf from protocol ospf
      set term allow-ospf then accept

    • Create a term called allow-ntp and ensure that NTP's UDP messages are accepted from configured NTP server (172.25.11.254). Need to make sure that NTP related information is accepted from the local loopback address (192.168.31.1) because the system connects to the NTP daemon on the Junos device itself. NTP communication will work fine without the loopback address but will not be able to validate.
      set term allow-ntp from source-address 172.25.11.254
      set term allow-ntp from source-address 192.168.31.1
      set term allow-ntp from protocol udp
      set term allow-ntp from destination-port ntp
      set term allow-ntp then accept

    • Allow-ftp:
      set term allow-ftp from protocol tcp
      set term allow-ftp from port ftp
      set term allow-ftp from port ftp-data
      set term allow-ftp then accept

    • Allow-ssh:
      set term allow-ssh from protocol tcp
      set term allow-ssh from port ssh
      set term allow-ssh then accept

    • Allow-telnet:
      set term allow-telnet from source-address 172.25.11.254/32
      set term allow-telnet from protocol tcp
      set term allow-telnet from destination-port telnet
      set term allow-telnet then accept

    • Create a final term named block-rest to discard all other traffic. There is an implicit deny when dealing with firewall filters but we will create the term for others who might review our work.
      set term block-rest then discard

    • Apply it as an input filter on the loopback interface. Use commit confirmed with a 5 minute interval to ensure connectivity is not impacted.
      set interfaces lo0 unit 0 family inet filter input protect-re
      commit confirmed 5

    Performing Interface Troubleshooting:

    • Issue the show interfaces terse command.
      Interface               Admin Link Proto    Local                 Remote
      ge-0/0/1.0              down  up   inet     172.18.2.2/30    
      The logical interface for ge-0/0/1.0 is Admin down Link up. An interface unit that has been disabled will show this status.

    • Issue the show configuration interfaces ge-0/0/1 command to review the current ge-0/0/1 settings.
          disable;

    • Enter into configuration mode and delete the disable command from the ge-0/0/1 interface.
      delete interfaces ge-0/0/1 unit 0 disable

    • Issue the show interfaces ge-0/0/0 extensive command to review the interfaces properties.
        Input Filters: filter-1

    • Review the firewall configuration:
      show configuration firewall
    B-)
    • show interface ge-0/0/4
        Link-level type: Ethernet, MTU: 1514, MRU: 1522, LAN-PHY mode, Speed: 1000mbps, BPDU Error: None, Loop Detect PDU Error: None,
        Logical interface ge-0/0/4.0 (Index 336) (SNMP ifIndex 530)
            Flags: No-neighbor-learn, Sendbcast-pkt-to-re
      • The link speed is 1000mbps.
      • The physical MTU is 1514.
      • The default physical MTU is 1514 in Junos.
      • The No-neighbor-learn Flag indicates the interface has been configured to not learn neighbors MAC addresses.

    • Issue the show arp command to review the currently learned MAC addresses.

    • Issue the show interfaces ge-0/0/4 | match hardware command to get the current MAC address on another side.

    • Navigate to the [edit firewall family inet filter filter-1] hierarchy and configure a static ARP entry for the neighbor address (192.168.11.2) with the MAC address identified in the previous step.
      set unit 0 family inet address 192.168.11.1/30 arp 192.168.11.2 mac 52:54:00:99:23:4a

    A short IS-IS review:

    • Hierarchical link-state protocol
    • Can divide a network into areas to increase scalability
    • Unlike OSPF, areas are a property of the whole router, not of interfaces
    • Interface can belong to two levels (even simultaneously)
      • Level 1: Routes traffic within an area
      • Level 2: Routes traffic across areas
    • Maintains database synchronization by periodic check on database content
    • Very extensible: Built-in support for IPv6, MPLS-TE

    IS-IS Terminology and Examples:

    • Key IS-IS features and terminology:
      • No neighbors but adjacencies
      • No routers but intermediate systems
      • No different LSA types as in OSPF - just a single object, the LSP (link state PDU), with a very complex structure
      • Separate database for Level 1 and Level 2
      • The use of TLV makes it easy to extend
      • Can add support for features like MPLS-TE and IPv6 simply by defining additional TLVs

    The IS-IS adjacency state machine:

    • Neighbor discovery Bidirectional communication check:
      • Down
      • New
      • Two-way
    • Link-state database synchronization:
      • Initializing
    • Initial SPF computation:
      • Up

      • Rejected

    Troubleshooting IS-IS:

    • Issue the show isis interface command to view the interfaces that have been configured for IS-IS.

    • Issue the show isis adjacency command to view the status of the IS-IS neighbor relationships.

    • Change the perspective of the CLI to that of the R2 logical system by issuing the set cli logical-system R2 command.

    • show route 192.168/16
      show route 2001::/16

      The mxC router's loopback interface route is missing.

    • Examine the link-state database using the show isis database command.
      Link-state PDU seems to be missing.

    • Connect to the missing router, enter configuration mode and navigate to the [edit protocols isis] hierarchy. Enable traceoptions using a file called isis and the flag error detail options.
      set traceoptions file isis
      set traceoptions flag error detail

    • Check the logs generated because of the traceoptions settings by issuing the show log isis command.
      ERROR: Possible sysid collision.

    • Navigate to the [edit interfaces lo0] hierarchy. Issue the show command and review the ISO address on assigned to the loopback interface.
        family iso {
          address 99.0001.0000.0000.7801.00;

    • Fix the incorrectly configured address.
      rename unit 0 family iso address 99.0001.0000.0000.7801.00 to address 49.0001.0000.0000.7105.00

    • Exit from the logical-system:
      clear cli logical-system

    Troubleshooting BGP:

    • Use the show bgp summary command to view the BGP neighborships.

    • Use the show bgp neighbor 172.22.131.37 command to examine the session that is currently in an Active state.
      Peer: 172.22.131.37 AS 65230  Local: 172.22.131.38 AS 65501
        Error: 'Open Message Error' Sent: 6 Recv: 0

    • Enter into configuration mode and navigate to the [edit protocols bgp] hierarchy and enable traceoptions flagging the normal and open conditions.
      set traceoptions file bgp-trace
      set traceoptions flag normal
      set traceoptions flag open

    • Review the contents of the new traceoptions file and identify the problem relating the failure to establish a neighborship with EBGP peer.
      show log bgp-trace
      bgp_process_open:4059: NOTIFICATION sent to 172.22.131.37 (External AS 65230): code 2 (Open Message Error) subcode 2 (bad peer AS number),
      Reason: peer 172.22.131.37 (External AS 65230) claims 65530, 65230
      configured
      The message indicates that 65230 is configured but the peer is looking for 65530.

    • Issue the show configuration protocols bgp command to see group_name. Correct the peer AS number that is not configured correctly for the EBGP group by changing the configured peer AS to 65530.
      set group ebgp-AS65530 peer-as 65530

    Routing Policy Overview:

    • Import and export protocol policies
      • The role of policies in the flow of routing information

      Neighbors - Import policy > Routing information base - Export policy > Neighbors
      Routing information base - Best route selection > Forwarding Table

    • Forwarding table export policy:

      Routing information base - Best route selection with Export policy > Forwarding Table

      user@router# show routing-options
      autonomous-system 65512;
      forwarding-table {
        export forwarding-policy;
      }

    B-)