0% found this document useful (0 votes)
1K views1,076 pagesJNCIA IJOS 21a
Uploaded by
Mihaita LucianCopyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
0% found this document useful (0 votes)
1K views1,076 pagesJNCIA IJOS 21a
Uploaded by
Mihaita LucianCopyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
JUNIPEE | ener,
Introduction to the
Junos Operating System
STUDENT GUIDE Revision V21A
Engineering
Simplicity
Education Services Courseware
unpa Suins Ue Ony
Introduction to the Junos Operating
System
Revision V21A
Student Guide
Volume 1 of 2
JUNIPer Juniper University
newors’ | Education Services
1133 innovation Way
Sunnyvale, CA 94089 USA
408-745-2000
www,junipernet
Course Number: EDUJUN-UOS
“Toi document proces by niger Networks, re.
‘Ta cocument yp thera may ot be Fepeduced a ransmetes ny foam under peal of, without he pie writen pemisin of Juniper
Networs Eatin Saves,
Jueper Neoware une, Stee Bets Rac, NetSron, and Sreer0S ae rye vadamaths of Juniper Networks en he Une States and other
‘countries The Juniper Networks Logo, the une ag, and aE oe trademarks of Juniper Reto, eA the ademas, service ark, epstred
‘radarans or egserd serve mars ar the pepe of hi reepucve owners.
Invoducon oe 40s Operating stom Student Gul, Rein VA
Coprigt © 2021 Juniper Networks ne AL gs reserved.
Ped USA.
Revision Hs
Fevsion V21A- May 2023
‘Tho nfrmaten nts documents crant so the dts sts above.
‘The inflomaton nh document as been carey vere ands bebeved to be scuat to elt the atest eleve aval pubs.
Junge Networks sums no responses fo an inaccurdes tat may appear inti document. no evert wl rier Networks be le or cect.
Inarect. spec, wera Incidental, o consequent damages ecutng rom ary detector emission nhs docurert eva advised he posta of
such damages.
Juniper avons reserves the rght.o change, Mody, ane ooerwse revise tis publication witout note.
‘vex 2000 noTCE
urge Neon haroware and softare products donot se rm YeBr 2000 prcbiems ad hence are Year 2000 compat. The Junos operating stm
ras ro brown be elated imtatons ough he yest 2038, However. the NTP epailstens known to hve some oficuty nthe yer 2036,
SOFTWARE LICENSE
‘The tems are constons fr using urge Network sofware are descr he sftnare case proved wth tear, ro the ett psa n
“anagreement executed detweon ou and Juper Networks of Juniper Networks agent. By using Juniper Networks sctware, yeu cae at ou understand
‘2d are tobe bound its Henge ters ad conctons, Genera speaking the softnae icerse esis the manver which You ae permite 0 use te
Jipe etwas twa, may contain protons agers cartain uses, and my state conditions under wich te Foose is automaticly terminated. You
‘shou consul te softae ears ec fur ets.
Module 4:
Module 2:
Module 3:
Module 4:
Module 5:
Module 6:
Module 7:
Module 8:
Module 9:
Module 10:
Module 14:
Module 12:
Module 13:
‘Acronym List . .
Course Introduction . .
Junos Operating System Fundamentals.
Junos CL! Operational Mode
Junos CLI Configuration Mode
The J-Web Interface. .
Initial System Configuration
Td
User Authentication And Archiving
System Logging, Tracing, NTP, and SNMP
Operational Monitoring and Maintenance
Upgrading the Junos OS .
Interface Configuration Examples. .......[Link] 144
Routing Fundamentals
Static And Dynamic Routes.
wwwjunipernet
Contents ii
iv + Contents wow [Link]
Course Overview
‘This toe day course provides students wit the foundational knowledge required to work with the Junos operating system
‘2nd to configure Junos devices. The course provides a bef overview ofthe Juniper products and discusses the key
architectural components ofthe Junos software. Key topics include user interface options with heavy focus onthe
‘commandttne interface (CU), configuration tasks typiealy associated with the inal setup of devices, interface configuration
‘basics with configuration examples, secondary system configuration, and the basics of operational monitoring and
‘maintenance of Junes devices. The course then delves into foundational routing Knowledge and configuration examples
Including general routing concepts, routing policy, and frewalfiters. Through demonstrations and hands-on labs, students
vil gain experience in configuring and monitoring the Juncs OS and monitoring basic device operations. This course is based
(on Junas 05 Release 21.11.11.
Course Level
Introductory
Intended Audience
“This course benefits individuals responsible for configuring and monitoring dewoes running the unos OS.
Prerequisites
‘The following are the prorequisitos for this course:
+ Besic networking knowledge and an understanding ofthe Open Systems Interconnection (OS!) reference model and
‘the TCP/IP protocol suite
+ Completion ofthe Geting Started with Networking eLearning course
Objectives,
‘Mtr successfully competing this cours, you shouldbe able to:
Describe unos operating system (0S) and provide a brief overview of Juniper products.
+ Describe Junos OS and its basic design architecture.
+ entity and provide a brit overview of Juniper products
+ Use the Junos CLI and its operational mode to monitor and conto Juniper devices.
+ Enter operational mode,
+ Locote various help options within the Junos CU.
+ Execute montoring and troubleshooting commands.
+ Configure a device using the CL
+ Enter configuration mode.
+ Navigate through the nes configuration hierarchy.
+ Mosity tne configuration on a Juniper device.
+ _Use-common configuration mode commands.
+ Use the 1 Web interface to make configuration changes, moniter, and maintain devices running Junos OS.
+ Configure basic system settings end interfaces.
+ Perform device administration.
+ Perform initia! system configuration using Junos OS,
+ Load factory defaurt configuration
+ _Ustand perform initia system configuration tasks.
‘+ Describe interface types and perform basic interface configuration task.
+ Configure user authentication and device backups.
Describe and configure user authentication.
+ Archive configurations.
+ Configure system logging, tracing. NTP. and SNMP in unos OS.
+ Configure and analyze system logging and acing.
Configure and monitor NTP.
+ Configure and monitor SNMP.
Monitor and maintain Junes OS.
Monitor platform and interface operations.
Describe and use the avalable network tities.
Perform password recover.
Upgrade Junos 08.
Perform storage and system cleanup tasks.
Perform the Junos upgrade,
Describe the interfaces configuration hierarchy.
Configure various interface types.
Use configuration groups to configure interfaces,
Describe the tunctionaty of routing and routing instances.
Explain the basic routing concepts.
Describe the outing table and the forwarcing table
Describe the functionality of routing instances.
Configure and monitor a routing instance.
Implement static routes and dynamic routes using OSPF.
Configure and monitor static routes.
Desoribe the functionality of aynamic routing.
Configure and monitor OSPF.
Describe now routing works using IVE.
Implement routing policy within Junos.
Describe the outing policy an explain the defaut Junes import ana export routing polices.
dentiy various options in the match criteria and action blocks ofa routing policy.
Implement a routing policy fr a gen use case.
Implement firewall fiters within Junos.
Describe the unctionaity and the framework of firewall iter
Implement firewall ters fora given use case.
Implement a polier within Junos.
Describe the operation and configuration of unicast RPF.
Implement CoS within Junos.
Describe the purpose and benefits of Co.
Implement traffic classification within Junes.
Describe the traffic queuing within unos.
‘Configure trafic scheduling within unos,
Implement CoS fora gen use case.
‘Access and use Juniper support resources to manage Juniper Products,
Follow recommended procedures to open a JTAG support case.
‘Access Juniper online tools to manage Juniper products.
Use FTP to transfer large files to TAC.
Describe the Juniper Connected Securty components.
entiynigheve security challenges in today's networks.
Describe the Juniper Connected Security components.
Implement 196 within Junos.
Describe the diferences between Pv and IPv6.
Explain the IPv6 adress format and the different ecdress types.
Explain how v6 stateless and stateful autoconigurations work.
Configure and monitor IP¥6 routing.
Imploment IP8 overIPv4 tunnots.
Course Agenda
Day 4
Module 4: Course Introduction
Module 2: Junos Operating System Fundamentals
Module 3: Junes CL Operational Mode
Module 4: _Junos GLI Configuration Mode
Module: +Web interface
Lab: User interface Options
Module 6: Initial System Configuration
tap 2:
Intiat System Gontiguration
Day 2
Module 7: User Authentication archiving
0 3: User Authentication and Archiving
Module 8: System Logging, Tracing, NTP, and SNMP
Lad 4: System Logging, Tracing, NTP and SNMP
Module: Operational Monitoring and Maintenance
Lab: Operational Monitoring and Maintenance
Module 10: Upgrading the unos OS
Lab 6: Upgrading the Junos 08
Module 11: Intertace Coniguation Exampies
Module 42: Routing Fundamentals
lav 7: Routing Funcementais
Module 13: Static and Dynamic Routing
Lab 8: Static and Dynamic Routing
Day3
Module 14: Routing Policy
Lab 8: Routing Poy
Module 18: Flea Fiters
Lab 10: Firewall Fiters
Module 16: Class of Service
tad 11: Glessof Service
Module 17; JTACProoedures
Module 18: Juniper Securty Concepts
Aopendix A: IPV6 Fundamentals
Document Conventions
CLI and GUI Text
Frequently throughout this course, we refer to text that appear in a commandsiine interface (CL ora graphical usr interface
(GUD. To make the language of these documents easier to read, we distinguish GUI and CU text fom chapter text according to
the folowing table
syle Description Usoge Example
Sen sent Nomnal er ‘Wost of what you reed inthe Lab Guide and Student
Guide
Serif ‘Consove text commit complete
‘+ Screen captures Exiting configuration mode
+ Noncommandretated syntax Select File > Open, and then click
Gul text elements: [Link] inthe Filename
‘+ Menu names textbox
+ Textfeia envy
Input Text Versus Output Text
‘You wil aso frequently see cases where you must enter input text yourself. Often these instances willbe shown inthe context
lof where you must enter them. We use bold styetoGistingush text that is input versus text that is simply aisplayed,
syle Deserition sexe Example
Normal CLI ‘No distinguishing variant Physical i
Normal CLE
race: fxp0, Enabled
View contiguration history by clicking,
Configuration > History.
czr Input Text that you must enter. Jab@San_Jose> show route
Gur Input Select File > Save,and tye config. ini
inthe Filename fla
Syntax Variables
Finally, this course distinguishes syntax variables, where you must assign the value. Note that these styles can be combined
vith the input style as wel
syle Deserintion Usoge Example
CLL in Tent where the varable's value isthe user's Type set policy policyname, ping
GUL Uadetined discretion ortext where the variables value as «.0.0..y.
shown inthe lab guide might differ from the value Select File > Save,and ype #1Jename in
the user must input according tothe ab topology. _the Filename fies
Additional Information
Education Services Offerings
‘You can obtain information onthe latest Education Services offerings. course dates, ond clas locations trom the World Wide
Web by pointing your Web browser to: http/ww,unipernet/training/educatory.
About This Publication
‘This course was developed and tested using the software release listed on the copyright page. Previous and later versions of
software might behave different so you should always consult the documentation and release notes forthe version of code
you are runing before reporting errors.
‘This document is written and maintained by the Juniper Networks Education Services development team, Please send
‘questions and suggestions for improvement to [Link].
Technical Publications
You can print technical manuals and rlease notes airecty fom the Internet ina variety of formats:
© Goto heeps//wew. junipersn
+ Locate the specie software or hardware release and te ou need, and choose the formst in which you want to
‘iew oF print the 6ocument.
Documentation sets and CDs are available through your local Juniper Networks sales office or account representative.
Juniper Networks Support
For technical support, contact Juniper Networks at htp//wwjunipernet/customers/Suppory/, ot 1-888:[Link] (within
the United States) or 408-745-2124 (ouside the United States)
Introduction tothe Janos Operating System
JUNIPer Juniper University
NETWORKS Education Services
Introduction to the Junos Operating System
Module 1: Course Introduction
Engineering Simplicity
wow juniper net ou Module 1-1
Introduction tothe Junos Operating System
Objectives
= Get to know one another
= Identify the objectives, prerequisites, and materials used during this
course
«= Identify additional Education Services courses at Juniper Networks
= Describe the Juniper Networks Certification Program
———a __ Junper
We Wit Discuss:
+ Objectives and course content information;
‘+ Additional Juniper Networks courses; and
+The Juniper Networks Certification Program.
Mose 1-2 Course introduction won juniper net
Introduction tothe Janos Operating System
Introductions
= Before we get started...
+ What is your name?
+ Where do you work?
+ What is your primary role in your organization?
+ What kind of network experience do you have?
+ Are you certified on Juniper Networks?
+ What is the most important thing for you to learn
in this training session?
——_— sunper 5
Introductions.
‘The slide asks several questions for you to answer during class introductions.
wav juipernet Course introduction Module 1-3
Introduction tothe Junos Operating System
Prerequisites
= The prerequisites for this course are the following:
* Basic understanding of the OS! model and the TCP/IP protocol suite
+ Basic understanding of computer networking concepts
+ Getting Started with Networking (eLearning)
——_— — yuneer
Prerequisites
-dunipe
‘Deanne nore er ae, Pn ts Laan For ot Nee casas or
net/3 for the Getting Started with Networking eLearning course.
Mose 1-4 Course introduction won juniper net
Introduction tothe Janos Operating System
Course Contents (1 of 2)
= Module 1: Introduction
* Module 2: Junos Operating System Fundamentals
= Module 3: Junos CLI Operational Mode
= Module 4: Junos CLI Configuration Mode
* Module 6: Initial System Configuration
= Module 7: User Authentication and Archiving
= Module 8: System Logging, Tracing, NTP, and SNMP
= Module 9: Operational Monitoring and Maintenance
= Module 10: Upgrading the Junos OS
——_— juniper
Course Contents, Part 1
‘The slide lists the topies we discuss in this course.
wav juipernet Course introduction Module 1-5
Introduction tothe Junos Operating System
Course Contents (2 of 2)
* Module 11: Interface Configuration Examples
«Module 12: Routing Fundamentals
* Module 13: Static and Dynamic Routing
= Module 14: Routing Policy
= Module 15: Firewall Filters
= Module 16: Class of Service
= Module 17: JTAC Procedures
* Module 18: Juniper Security Concepts
= Appendix A: IPv6 Fundamentals
Junper +
Course Contents, Part 2
‘The slide lists the continuation of topies we discuss in this course.
Mose 1-8 Course introduction won juniper net
Introduction tothe Janos Operating System
Course Administration
"= The basics:
+ Sign-in sheet
+ Schedule
* Class times
+ Breaks
+ Lunch
* Break and restroom facilities
+ Fire and safety procedures
+ Communications
+ Telephones and wireless devices
+ Intemet access
a
——_ __ guneer
General Course Administration
‘The slide documents general aspects of classroom administration.
wav juipernet Course introduction Module 1-7
Introduction tothe Junos Operating System
Education Materials
* Available materials for classroom-based
and instructor-led online classes:
+ Lecture material
+ Lab guide
+ Lab equipment
= Self-paced online courses also available
www. [Link]/ondemand
Juniper *
Training and Study Materials
‘The slide describes Education Services materials that are availabe for reference both in the classroom and online.
Mode 1-8 Course introduction
won juniper net
Introduction tothe Janos Operating System
Satisfaction Feedback
Class
Foodback
= To receive your certificate, you must complete the survey
+ Either you will receive a survey to complete at the end of class,
‘or we will e-mail it to you within two weeks
+ Completed surveys help us serve you better!
——_— sunper*
Satisfaction Feedback
Juniper Networks uses an electronic survey system to collect and analyze your comments and feedback. Depending on the
Class you are taking, please complete the survey at the end of the class, or be sure to look for an e-mail about two weeks
from class completion that directs you to complete an online survey form. (Be sure to provide us with your current e-mail,
address.)
‘Submitting your feedback entitles you toa certificate of class completion. We thank you in advance for taking the time to
help us improve our educational offerings.
wav juipernet Course introduction Module 1-9
Introduction tothe Junos Operating System
a
—— —— ee Se
Se ee mn i 1
toe —
————— Juniper
Juniper Networks Education Services
Juniper Networks Education Services can help ensure that you have the knowledge and skills to deploy end maintain cost
effective, high-performance networks for both enterprise and service provider environments. We have expert training staff
with deep technical and industry knowledge, providing you with instructor-led hands-on courses in the classroom and
‘online, as well as convenient, self-paced eLearning courses. n addition to the courses shown on the slide, Education
Services offers training in automation, E-Series, firewall/VPN, IDP, network design, QFabric, support, and wireless LAN.
Mose 1-10 Course introduction won juniper net
Introduction tothe Janos Operating System
Juniper Networks Curriculum—
Cloud, Automation & DevOps, and Design Bocemee
ious ‘Automation & DevOps
— Juniper *
Juniper Networks Curriculum Courses
Juniper Networks courses are available in the following formats:
+ Classroom-based instructoried technical courses:
© Online instructor‘ed technical courses;
+ Selt-paced on-demand training with labs:
+ Hardware installation eLearning courses as well as technical eLearning courses;
‘+ Learning bytes: Short, topic specific, video-based lessons covering Juniper products and technologies.
Find the latest Education Services offerings covering a wide range of platforms at ss.
[Link]/tveins
wav juipernet Course introduction Mole 1-21
Introduction tothe Junos Operating System
Juniper Networks Certification Program
Value of Certifications Today
+ Enable you to demonstrate competence and
stand out in the industry
Distinguish yourself and grow your career
Broaden skills to meet emerging networks’ needs
Get unique benefits for certified individuals
Increase technical roles and responsibiities
Get Trained
+ ATP: Every Juniper course for a full year
htpvfuniper nev/allaccess
‘+ On-Demand Training: Self-paced, hands-on labs
vf
+ Instructor-Led Training: Live classroom or online
Gat Cored
jeter Open Leer,
veo unborn tion
Connect with Us
snet
forums juniper net!
Sect Tanta, Creston,
Frac Post
vy
in
‘[Link]/176403
Juniper Networks Certification Program
Junper
[AJuniper Networks certification is the benchmark of skills and competence on Juniper Networks technologies.
Mode 1-12
Course introduction
we juniper net
Introduction tothe Janos Operating System
Juniper Networks Certification juniper
Program Framework =
Juniper Networks Certification Program Overview
‘The Juniper Networks Certification Program (JNCP) consists of multitiered tracks that enable participants to demonstrate
‘Competence with Juniper Networks technology through a combination of writen proficiency exams and hands-on
Configuration and troubleshooting exams. Successful candidates demonstrate a thorough understanding of Internet and
‘security technologies and Juniper Networks piatform configuration and troubleshooting skits
‘The JNCP offers the folowing features:
+ Multiple tracks;
‘+ Multiple certification level
+ Written proficiency exams; and
‘+ Hands-on configuration and troubleshooting exams.
Each JNCP track has one to four certification levels—Associate level, Specialist evel, ProfessionaHevel, and Expertevel.
‘The Associate-evel, Specialist level, and Professional-level exams are computer-based exams composed of multiple choice
‘questions administered at Pearson VUE testing centers worldwide.
Expert-evel exams are composed of hands-on lab exercises administered at select Juniper Networks testing centers.
Please visit the JNCP website at
pricing, and exam registration.
wav juipernet Course introduction Mole 1-13
Introduction tothe Junos Operating System
Additional Resources
= For those who want more:
Kb junipernet
www [Link]
‘https: (tabs [Link]
| www juniper net/support
— Junper
Additional Resources
‘The slide provides links to additional resources available to assist you in the installation, configuration, and operation of
Juniper Networks products.
Mole 1-16 Course introduction won juniper net
Introduction tothe Janos Operating System
Questions
——_ juniper
Any Questions?
Ifyou have any questions or concerns about the class you are attending, we suggest that you voice them now so that your
Instructor can best address your needs during cass.
wove juiper net Course introduction Morte 1-15,
Introduction tothe Junos Operating System
Mode 1-16 Course introduction won juniper net
Introduction tothe Janos Operating System
JUNIPer Juniper University
NETWORKS Education Services
Introduction to the Junos Operating System
Module 2: Junos Operating System Fundamentals
Engineering Simplicity
wow juniper net dines Operating System Fundamentals Module 2-1
Introduction tothe Junos Operating System
Objectives
= Describe the Junos operating system and provide a brief overview of
Juniper products
+ Describe the Junos operating system and its basic design architecture
+ Identify and provide a brief overview of Juniper products
——_— Juniper?
Objective: Describe The Junos Operating System And Its Basic Design Architecture
‘The side lists the topics we will discuss. We will begin withthe frst topic listed.
Mose 2-2 4hnos Operating System Fundamentals won juniper net
Introduction tothe Janos Operating System
Junos OS
* Junos OS is the single operating system that powers Juniper's broad
portfolio of physical and virtual networking and security products
+ One OS Network-wide
+ Modular Software Architecture
+ High Availability
+ Meaningful Configuration Hierarchies
+ Simple Routing Policy Management —
* Disaggregation
+ Open and Programmable Automation
——_— sunper 5
Junos 0S
‘The Junos operating system (0S) isa trusted, secure network operating system. Junos powers the high-performance:
network devices offered by Juniper Networks: routers, switches, and firewalls. Junos, depending on the device, runs on a
‘modified and hardened version of either FreeBSD or Linux.
Having the Junos running on all network devices gives administrators th
ramatically reducing the complexity of network management.
to have one OS network wide and thereby
‘The Junos 05 is divided into multiple software processes. Each process handles a portion of the device's functionality.
Each process runs in its own protected memory space, ensuring that one process cannot directly interfere with another.
When a single process fails, the entire system does not necessarily fal. This modularity also ensures that new features can
bbe added with less lkelinood of breaking current functionaity.
‘The Junos high availability (HA) features makes the insertion of device line cards and network OS upgrades a non service
Impact event.
Junos enables meaningful device configurations by providing an intuitive configuration hierarchy and including the ability to
‘annotate the configuration. Configuration management is also made easier with the ability to perform syntax checking
before committing the configuration, and, when needed, enabling configuration rollbacks after the configuration has been
committed.
Junos supports fine-grained network traffic controls, while separate control and data planes increase reliability and
secur.
Over time Junos has evolved from a monolithic operating system to a disaggregated network operating system where the
(0S has become independent of the harcware and the OS itself nas been separated into its individual parts. This
cisaggregation enables @ more flexible licensing consumption model for network applications and enables a DevOps
‘approach that simplifies complex network operations and improves service agit.
Junos has always included automation and now includes a wide range of automation capabilites using REST, NETCONF,
‘SONIC, and gRPC APIs,
We will cover additional details on some of these features in the next few slides. For in-depth coverage of Junos, go to!
wav juipernet 4hnos Operating System Fundamentals Module 2-3
Introduction tothe Junos Operating System
One OS Network-wide
* A single software train for all platforms running the Junos OS
+ Eases management overhead by providing a consistent set of features that
are implemented in a consistent manner
£X2300 Switch
MX2010 Router
—— _ Juniper +
One OS Network-Wide
'As mentioned earlier, with Junos it is possible for all devices network wide to run one OS, the Junos OS. All platforms.
running the Junas OS use the same source code base within thelr platform-specific images. This design ensures that core
‘features work in a consistent manner across all platforms running the Junos 0S. Because mary features and services are
configured and managed the same way, the setup tasks and ongoing maintenance and operation within your network are
simplified.
Juniper Networks releases a new version of Juncs typically each quarter of the year. Junos releases are numbered using
the form [Link].s, where m.n are the main and minor release numbers (for example, 21.1, which indicates the first
Quarter of the year 2021) that give the Junos version. The 2 denotes the release type, 1» isthe build number of the
product, and = is the spin number of the product. The mast common type of release is the R release type. The Ri release
's the first revenue ship (FRS) release, The R2, R3, and following releases are maintenance releases. New & releases such
{85 R2 and R3 include bug fixes only. That is to say, version 20.3R2 does not contain any features not included in 20.3R.
New features are not introduced until version 20.484
When you upgrade a Juniper device running the Junos 0S, the Junos software upgrade packages also follow the naming
convention just described. Junos package naming conventions are covered in more depth in a later module of this course.
Mose 2-4 4hnos Operating System Fundamentals won juniper net
Introduction tothe Janos Operating System
Modular Software Architecture
* Provides highly scalable software that keeps pace with evolving
requirements:
usortesuter> show system processes extensive | match “zpd|ded|chaseied|pfod|snmpalogs”
——_— ee juniper
Modular Software Architecture
Although individual architecture modules of Junos OS communicate through well defined interfaces, each module runs in.
its own protected memory space. preventing one module from disrupting another. also enables the independent restart
of each module as necessary. This isin contrast to monolithic operating systems in which a matfunction in one module can
ripple to other modules, possibly causing a full system crash or restart. This modular Junos OS architecture provides a high
level of performance, availabilty, security, and device scalability not found in other operating systems.
‘The slide ilustrates some of the common software processes running inside Junos, which can be verified with the show
system processes extensive CLI command. The table below gives a brief overview of each of these main Junos
processes.
Process Name Description
Routing Protocol Process "pa ‘Controls the roving protocels thet run on the
‘vice. ts functionality includes al protocol
‘messages, routing table updates, and
Implementation of routing policies. The routing
‘protocol process stars all configured routing
protocols and handles all outing messages.
Interface process ca ‘Configures and monitors network interfaces by
Maintains Routing Engine Intelligence
Now that you have had a basic introduction tothe Routing Engine and the Packet Forwarding Engine, let's take a closer
look at the Routing Engine (RE). In addition to the processes that control the interfaces on a device, the RE also handles
protocol processes, chassis components, user access, and other system management tasks. These software processes run
‘on top ofthe Junos kere, which interacts with the PFE. The RE performs three main tasks. These tasks are explained
next.
‘The Junos OS software directs all protocol traffic such as OSPF and BGP routing information from the network to the RE for
the required processing.
Controls And Monitors Chassis
‘The RE provides the CLI and the J Web GUI. These user interfaces run on top ofthe Junos kernel and provide user access
‘and control of the device.
Manages Packet Forwarding Engine
‘The RE controls the PFE by providing accurate, up-to-ate Layer 2 and Layer 3 forwarding tables and by downloading
‘microcode and managing software processes that reside in the PFE's microcode. The RE receives hardware and
environmental status messages trom the PFE and acts upon them as appropriate.
Mose 2-8 4hnos Operating System Fundamentals we juniper net
Introduction tothe Janos Operating System
Packet Forwarding Engine
* Uses Layer 2 and Layer 3 forwarding tables, provided by the RE, to
forward traffic toward its destination
= Implements various services such as policing, stateless firewall
filtering, and class of service
Routing Engine
Control Plane
Forwarding Plane
——_— sunper*
Forwards Traffic
‘The PFE is the central processing component of the forwarding plane. The PFE uses ASICs that are physically located on
‘the system board or line cards. In all recent Juniper devices, a line card hosts a handful of PFES. Utilzing multiple PFES in a
line card is a way of scaling the device's capacity. The PFE performs two main tasks. These tasks are explained next.
‘The PFE systematically forwards traffic based on its local copy of the forwarding table. The PFE's forwarding table is &
‘synchronized copy ofthe information created on and provided by the RE. Storing and using local copy of the forwarding
‘table allows the PFE to forward trafic more efficiently and eliminates the need to consult the RE each time a packet needs
10 be processed. Using this local copy of the forwarding table also allows platforms running the Junos 0S to continue
‘forwarding traffic during control plane instabilities. The PFE also maintains Layer 2 bridging information.
Implements Services
Inadattion to forwarding traffic, the PFE also implements a number of advanced services. Some examples of advanced
‘services implemented through the PFE include policers that provide rate limiting, stateless firewall fiters, and class of
‘service (CoS). Other services are available through special interface cards that you can add to the PFE complex.
wav juipernet 4hnos Operating System Fundamentals Module 2-9
Introduction tothe Junos Operating System
Transit Traffic Processing
* Transit traffic is forwarded through the local system
+ PFE uses the forwarding table provided by the RE
+ Examples of transit traffic include unicast and multicast traffic
Routing Engine
& Control Plane
orn Forwarding Plane
——_— ee sunper*
Transit Traffic
‘Transit traffic consists of all trafic that enters an ingress network port is compared against the forwarding table entries,
{and is finally forwarded out an egress network port toward its destination.
‘A forwarding table entry for a destination must exist for a device running the Junos 0S to successfully forward transit traffic,
to that destination. Transit traffic passes through the forwarding plane only and is never sent to or processed by the control
plane. 8y processing transit traffic through the forwarding plane ony, platforms running the Junos OS cen achieve
Predictably high performance rates.
‘Transit traffic can be both unicast and multicast traffic. Unicast transit traffic enters one ingress port andis transmitted out
exactly one egress port toward its destination. Although multicast transit traffic also enters the transit device through @
‘single ingress por, t can be replicated and sent out multiple egress ports depending on the numer of multicast receivers
and the network environment.
Mose 2-10 4hnos Operating System Fundamentals we juniper net
Introduction tothe Janos Operating System
Exception Traffic Processing (1 of 2)
= Exception traffic is processed by the local system
+ Traffic destined for the local system is processed by RE CPU
+ In most cases, the PFE processes traffic requiring the generation of ICMP
messages, such as TTL expired
Routing Engine
Control Plane
Forwarding Plane
——_— juniper
Exception Traffic Processing, Part 1
Uniike transit traffic, exception traffic does not pass through the local device but rather requires some form of spectal
hhancling. Examples of exception traffic include:
+ Packets addressed to the chassis, such as routing protocol updates, Telnet and SSH sessions, pings,
traceroutes, and replies to trafic sourced from the RE;
‘+ IP packets with the IP options field set. The options field in the packet's IP header are rarely seen, but the PFE
| purposely designed to not handle IP options: packets with IP options must be sent to the RE for processing:
and
‘+ Internet Controt Message Protocol (ICMP) messages. ICMP messages are sent to the packet's source to report
‘various error conditions and to respond to ping requests. One example of an ICMP error isa destination
‘unreachable error, which is sent when no entry is present in the forwarding table forthe packet's destination
address. A second exemple of an ICMP error is @ time-to-live (TTL) expired message. which is sent when a
packet's TTL is decremented to zero. In most cases, the PFE process handles the generation of ICMP
messages.
wav juipernet 4hnos Operating System Fundamentals Morile 2-21
Introduction tothe Junos Operating System
Exception Traffic Processing (2 of 2)
* Exception traffic is rate-limited on the internal link to protect the RE
from potential DoS attacks
* Control traffic is given preference when congestion exists
Routing Engine
Control Plane
Forwarding Plane
Junge *
Exception Traffic Processing, Part 2
‘The Junos OS sends all exception trafic destined for the RE over the internal link that connects the control and forwarding
planes. The Junos OS rate limits exception traffic traversing the internal ink to protect the RE from denial-ot-service (DoS)
attacks. During times of congestion, the Junos OS gives preference to the local and control traffic destined for the RE.
Mode 2-12 4hnos Operating System Fundamentals we juniper net
Introduction tothe Janos Operating System
Evolution of Junos Software
fresco) Vans. * ornsoae ee 2 Morrow occas
- ae Mtr ae © Raeseemeears eegured we pra eey
sa | Sey Mesdanen AS rd te
Saito « Rercoterere an 1 Steeonahrpaty sete
——— juniper @
Modular Junos
‘The Junos OS has evolved over time. it has existed in four diferent architectural forms. As already discussed, Junos started
ut asa single entity. In traditional Junos, the control plane, the forwarding engine, and all of the hardware drivers are
‘modularized components of a single image. This software image is tightly bound to its underlying hardware.
Virtualized Junos
‘Virtualized Junos takes advantage of virtualization technologies to run Juncs ina virtual machine (VM) on top of the kernel-
based virtual machine (KVM) or VMWare hypervisor. Note that all the components of Junos are stil fused into a single
image. The vital SRX (vSRX) and virtual MX (vX) products are examples of Virwalized Junes. The lab portion ofthis
course uses vSRXs,
Disaggregated Junos
Further development of Junos took the advantage of virtualization further, and separated the PFE software and platform-
specific components from the core OS. The control plane, and the daemons attached to the control plane, remained with
‘the FreeBSD kernel, but the OS was opened up to external APIs, and the PFE and platform-specific software was no longer
directly embedded in the OS. Disaggregated Junos separated the platform drivers and the forwarding engine (PFE software)
and is running them in their own virtual environments directly on top of Linux. The NFX series devices use disaggregated
Junos. This disaggregation brings a number of advantages, including:
‘+ Removing the platform drivers and forwarding engine from the control plane image and running them in
‘another thread improves the control plane performance significant
‘+The Junos VM is now hardware independent and focused on the control plane only, speeding up the innovation
process.
‘+ Unuxis a multithreading 0S. CPUs are multicore. The Disaggregated Junos architecture allows Junos to pin
‘software to different processor cores, and third-party binaries or other applications can make use of additional
(CPU cores.
+ Unified ISSu is factitated. Different versions of Junos can run in separate VMs.
‘+ The virtualization infrastructure ellows users to install third-party applications and tools on supported
‘switching, routing, and security platforms.
wav juipernet 4hnos Operating System Fundamentals Module 2-13,
Introduction tothe Junos Operating System
The Next Step—Junos Evolved
‘The last stage of evolution ofthe Junos follows the trend of cloud computing, where systems leverage pools of hardware to
Perform tasks. This is the core concept of Junos Evolved. With Junos Evolved, the legacy FreeBSD kernel is removed.
Because the core functions of legacy Junos were attached to the kernel directly as software daemons, the daemon
processes have been re-designed to run independently of the kemel. In other words, they have been rebuilt as applications,
independent from the underlying kernel, but are based on the same functionality and code concepts ofthe original
daemons.
Inlegacy Junos, information retated to a daemon is managed, modified, and stored by the respective daemon. When that
daemon experienced a fault or restart, the information it manages and stores is lost, unless a system is implemented to
run @ backup of the daemon, which tries to synchronize its information with the primary daemon. This type of hot standby
Is inefficient and dificult to manage. With Junos Evolved, the applications that perform functions no longer store the
information they process internally to the application. The application is a consumer or publisher of information
Information is sent to the application, it processes the information according to its design, and publishes the results to a
centralized, distributed database, much like a data center environment. if an application experiences a fault ors restarted,
‘the new instance of the application retrieves the state information that the previous instance of the application had stored
inthe database, and the information is not lost.
Because the functions of Junos Evolved are application based, and run on a Linux hypervisor, third-party applications that
are developed to run on the hypervisor can be Implemented as wel. And because the information related to all processes
on the device are stored in a distributed state infrastructure, or database, third-party applications can be developed as
‘consumers ofthat state information, which retrieve information from the data store for administrators, management
platforms, and so forth. They can also be developed and implemented as publishers of information, which can publish
Information into the data store, as long as itis formatted properly and utlizes the builtin APIs.
unos OS devices do not support the new Linux kernel, nor the distributed processing capabilities required to run Junos OS
Evolved. Currently Junos Evolved is planned for the cloug-domain oriented platforms such as QFX and PTX Series devices.
Eventually, all new Juniper hardware will support Junos 0S Evolved.
Mode 2-16 4hnos Operating System Fundamentals won juniper net
Introduction tothe Janos Operating System
Activity
‘Your instructor will ead you through this activity.
Jhnos Operating System Fundamentals Mode 2-15
Introduction tothe Junos Operating System
Objectives
= Describe the Junos operating system and provide a brief overview of
Juniper products
+ Identify and provide a brief overview of Juniper products
——_— junper™
Objective: Identify And Provide A Brief Overview Of Juniper Products
‘The slide highlignts the topic we will discuss next
Mose 2-16 4hnos Operating System Fundamentals won juniper net
Introduction tothe Janos Operating System
Overview of Junos Devices
= Junos runs on:
+ switches, routers, and security devices
+ devices in large and small networks
+ devices in enterprise and service provider environments
——_ oe juniper
Overview Of Junos Devices
Platforms running the Junos 0S come in many shapes and sizes and are targeted for a number of deployment scenarios.
The platforms running the Junos OS span switching, routing. and security and are well-suited fora variety of network
environments, As the heart of all these platforms, the Junos OS provides a consistent end-to-end IP infrastructure in small
enterprise environments and the largest service provider networks alike. The subsequent slides introduce and provide
some details for each product family
wav juipernet 4hnos Operating System Fundamentals Modhle 2-17
Introduction tothe Junos Operating System
Junos Routing Devices
co
wx Pm ACK
Sories Series Sories
——_ juniper
Junos Routing Devices
Some of the routing devices that run the Junos OS are listed as follows:
‘+ The AOX Series products deliver simplified end-to-end provisioning and support Layer 2 and Layer 3
‘functionality with 1f/MPLS traffic engineering. The fied 1 U ACX Series models are environmentally hardened
‘and support passive cooling (far-less design) for outdoor depleyments. For additional, in-depth details on the
‘AOX Series, g0 to. ‘wr Jun s duct
‘+ The MXSeries Ethemet services routers provide up to 80 Tops of aggregate half-cuplex throughput. The MX
‘Series familys targeted for dense dedicated access aggregation and provider edge services in medium and
large points of presence (POPs). Large enterprise environments and service providers can leverage MX Series
Ethemet services routers fora varity of network functions including Ethernet transport and aggregation, and
can use them to offer new Ethemet-based services. For additional, in-depth details on the MX Series Ethernet,
goto beeps: //wmw. juniper.n
+ The PTX Series packet transport switches provide up to 460.8 Tops of throughput in a single chassis. The PTX
Series family is ideal for the service provider supercore and can readily adapt to today's rapidly changing traffic
patterns fr video, mobility, and cloud based services. For additional, in-depth details on the PTX Series, goto
‘en/pr ting/mx-series/,
ducts~services/packet-transport/ptx-series/.
Other devices, such as SRX Series, also provide routing. For more information about all of Juniper's routing devices, goto
ps://www. [Link] /us/en/products-services/r
Mose 2-18, 4s Operating System Fundamentals won juniper net
Introduction tothe Janos Operating System
Junos Switching Devices
=o
=="
x Fx
Series Series
=a _ juniper
Junos Switching Devices
Some of the switching devices that run the Junos 0S are listed as follows:
‘+ The &XSeries Ethernet switches provide up to 13.2 Tops of throughput. The EX Series switches are designed
{for access, aggregation, and core deployments and are well-suited for low-density to high-density enterprise
and data center environments. For additional, indepth details on the EX Series Ethernet switches, visit
ducts-services/switching/ox-
‘The QFX Series switches provide a high-performance, ultra-low latency, feature-rich L2/L3 device with a wire-
speed 10 / 25 / 40 /100 /400 GbE throughput and standards-based Fibre Channel /O convergence. For use
In data center environments, It provides a ready solution for an Ethemet VPN- Virtual Extensible LAN (EVPN
\VKLAN) system. For additional, in-depth details on the QFX Series Ethernet switches, visit hrcp.s+
For more information about all of Juniper's switching devices, goto he
wav juipernet 4hnos Operating System Fundamentals Mole 2-19
Introduction tothe Junos Operating System
Juniper Security Products
@ | &
ATP Cloud Secintol__-—-JIMS-—_ Juniper Secure Connect
SRX Series. ATP Series JSA Series
ae juneer
Juniper Security Products
One of the security devices that run the Junos 0S is 3 follows:
+The SRX Series Services Gateways provide up to 2 Thps of fullduplex throughput. The SRX Series familys
designed to meet the network and security requirements for consolidated data centers, managed services.
deployments, and aggregation of securty services in bot enterprise and service provider environments. For
Bectonal, indepth detas onthe SRK Sere, goto ne p9://ior. Junie products-se
Other security products include:
+ Next-generation firewall (NGFW) services—They include advanced application visibility and control, user and
role-based policies, nested-epplication support, and Secure Sockets Layer (SSL) inspection;
+ Secintel—Juniper’s curated security threat inteligence feed;
‘+ Advanced Threat Prevention (ATP) Appliance—The JATP Series on-premises appliance collects and processes
security events identified by the SRX and thi-party security products; finds and blocks both known and
unknown cyberthreats;
+ Cloud:-based ATP (ATP Cloud}~ATP Cloud is a cloud service add-on to the SRX Series firewalls. Using Secinte!
across the network. ATP stops threats in their tracks by enforcing protection mechanisms at all points of
connection on the network:
‘+ Juniper Secure Analytics—ISA series appliances (available in both physical and virtual formats) provide security
information and event management (SIEM) system that consolidates large volumes of event data from
‘thousands of devices, endpoints, and applications into actionable intelligence;
+ Juniper Secure Connect—Juniper Secure Connect is a highly flexible SSL VPN application that gives remote
workers secure access to corporate and cloud resources, providing reliable connectivity and consistent
security to any device, anywhere. Juniper Secure Connect is available for desktop and mobile devices including
Windows, Mac 0S, Android, and iOS. When combined with the SRX Series Services Gateways, it helps
organizations quickly achieve optimal performance and connectivity from client to cloud, reducing risk by
extending visibility and enforcement to users and devices, wherever they are: and
‘+ Juniper identity Management Service (IMS)-JIMS is @ Windows-based application that links IP addresses to
specific user identities, providing visibility nto and control over network activity on a per-user basis. JIMS
integrates directly with Active Directory servers to verify userto1P address relationships and determine specific
role and group assignments. This enables SRX Series Services Gateways to manage security policy decisions.
that directly associate application activity to user roles. Based on thi information, the SRX Series firewall
either permits or denies users access to applications and data based on detaled security policies,
Mose 2-20 4hnos Operating System Fundamentals won juniper net
Introduction tothe Janos Operating System
For more information about al of Juniper's security products, goto ht cp.
wav juipernet 4hnos Operating System Fundamentals Morile 2-21
Introduction tothe Junos Operating System
Juniper CPE Devices
NFX Series.
co Junper
Juniper CPE Devices
Junipt CPE devoes area group of produetsdelged to integrate unas into clout based solutions. Frau overview of
ur SON produets, visit ne ips: //[Link] 7
“The NFX series Network Services Platforms are Junos customer premises equipment (CPE) devices designed
to provide very fast custom service delivery on-demand, including software-defined WAN (SD-WAN). These
secure on-premises devices can run and chain multiple vitualized network functions simultaneously in an
‘open environment. The NFX series also supports embedded vSRX security functionality.
For [Link] detais on the NFX ries devices, goto
Mode 2-22 4hnos Operating System Fundamentals won juniper net
Introduction tothe Janos Operating System
Juniper Wireless Access Points
Rr ed
—— sunper =
Juniper Wireless Access Points
Juniper is leading the convergence of Wi, Bluetooth Low Energy (Bluetooth® LE), and Internet of Things (loT) with our
enterprise-grade access points,
+The AP Series Access Points work in conjunction with the Juniper Mist Cloud Architecture and Mist Alto collect
‘and analyze metadata in near real-time from all wireless clients. These access points are all bull on areal-
time microservices platform and are managed by the Juniper Mist Cloud.
+The BTLL is an enterprise-grade Access Point exclusively for Bluetooth® Low Energy. t leverages Mist's
patented VBLE antenna array, cloud subscription services, and the Mist Al Engine to enable high value
location-based services such as wayfinding, asset location, conference room usage analytics, and various
‘contact tracing/social distancing use cases.
+ The Mist Edge uses the Mist Cloud and its distributed software architecture for scalable and resilient
operations, management, troubleshooting. and analytics ~ all without the need for legacy wireless controllers.
For large campus networks, Edge provides seamless roaming through on-premises tunnel termination of traffic
to and from access points. Mist Edge extends VLANs to distributed branches and telecommuters to replace
remote virtual private network (VPN) technology. Spit tunneling allows for guest access and corporate traffic
‘And Edge provides dynamic traffic segmentation for loT devices.
For acsitional, in-depth detaits on the Wireless Access Point devices, g0%0 hc
wav juipernet 4hnos Operating System Fundamentals Modile 2-23,
Introduction tothe Junos Operating System
Juniper Mist Cloud Service:
= Wi-Fi Assurance—Wireless APs
= Wired Assurance—EX Series Switches
= WAN Assurance—SRX Series Gateways
= Marvis Virtual Network Assistant (VNA)
Gm fel] le) elle
Mist Cloud Mist Dashboard = WI-FI Wired = WAN Marvis
Assurance Assurance Assurance VNA
——_— juneer
Wi-Fi Assurance
WiFi Assurance cloud service, Juniper's machine learning driven by Mist Al, replaces manual troubleshooting tasks with
‘utomated wireless operations. This subscription service makes Wil predictable, reliable, and measurable with unique
Visibility into user service levels.
Wired Assurance
‘The Wired Assurance cloud service with Mist Al enables simpler operations, streamlined troubleshooting, and better
visibility into the experiences for your connected devices. It leverages rich Junos telemetry to deliver Al-powered automation
‘and service levels and also onboards, provisions, manages and troubleshoots Juniper EX Series Switches,
WAN Assurance
WAN Assurance cloud service enables simpler operations, better visibility into end-user experiences, and shorter mean
‘time to repair for your connected wired and wireless devices, including loT endpoints based on application telemetry data
‘across the WAN. Now you can use our Juniper Mist cloud solution with Mist A to deliver better user experiences for the SO-
WAN with Session Smart Routers, SRX Series gateways, or both,
Marvis Virtual Network Assistant
‘The Marvis Virtual Network Assistant (VNA) cloud service isthe first Al-driven network assistant for enterprise networks. It
‘simplifies everyday troubleshooting with selt-
