Juniper Operating System Fundamental for APNIC Training Lab. APNIC Technical Workshop June 18, 2015, APNIC Office In-house training.

Transcription

1 Juniper Operating System Fundamental for APNIC Training Lab APNIC Technical Workshop June 18, 2015, APNIC Office In-house training.

2 Acknowledgment APNIC training lab facilitate hands-on training and workshop requirement for APNIC community in AP region. APNIC training continues its best effort to support multi vendor/open standard technology and software when deliver hands-on training. This presentation is prepared to support JunOS specific hands-on lab exercises in APNIC training lab. APNIC acknowledging Juniper Technology to use its JNCIA-Junos Study Guide and other publicly available Juniper documents to prepare this presentation.

3 Overview JunOS Operating System Fundamental JunOS User Interface and CLI Basic & Interface Configuration on APNIC Training Lab JunOS Routing Fundamentals & Policy Control Operational Monitoring and Maintenance

4 JunOS Fundamental Robust, Modular and Scalable Single Source Code Base Separate Control and Forwarding Planes

5 Robust, Modular and Scalable Run multiple software process. Each process controls a portion of device hardware functionality. Each process runs in its own protected memory space so one process cannot directly interfere with another. So one process failure/upgrade doesn t require system reboot.

6 Single Source Code Base The JunOS kernel is based on the open source FreeBSD UNIX operating system. All Juniper device running the same JunOS use the same software source code base within their platform-specific images. It ensures core features work consistently across all platforms running the JunOS. Since many features and services use the same JunOS code so configured and management tasks are simplified.

7 Separate Control & Forwarding Plane The processes that control the routing & switching protocol parameter and forwards data frames are clearly separated in JunOS devices. Forwarding plane functions are mostly done based on the application-specific integrated circuits (ASICs) for increased performance. This design allows to tune each process for maximum performance and reliability. The separation of the control and forwarding planes is one of the key reasons that JunOS can support many different platforms from a common code base.

8 Separate Control & Forwarding Plane Routing Engine (RE) The control plane runs on the Routing Engine (RE) that is the brain of the device. It is responsible for performing protocol updates and system management functions. RE is mainly based on X86 or PowerPC architecture, depending on the specific platform and it runs various protocol and management software processes that reside inside a protected memory environment. RE maintains the routing tables, bridging table, and primary forwarding table and connects to the Packet Forwarding Engine (PFE) through an internal link.

9 Separate Control & Forwarding Plane Packet Forwarding Engine (PFE) PFE receives the forwarding table (FT) from the RE by means of an internal link and simply forwards frames, packets, or both with a high degree of stability and deterministic performance. The PFE usually runs on separate hardware / in many case applicationspecific integrated circuits (ASICs) and is responsible for forwarding transit traffic through the device. This architectural design makes it possible to incorporate high availability features of JunOS i.e Graceful Routing Engine Switchover (GRES), Nonstop Active Routing (NAR) etc.

10 Separate Control & Forwarding Plane Forwards Traffic The PFE is the central processing component of the forwarding plane. The PFE forwards traffic based on its local copy of the forwarding table created by a regular synchronization with the RE. PFE also implements a number of advanced services like rate limiting, stateless firewall and other services through special interface cards that can be add to the PFE complex.

11 Traffic Processing Behaviour Transit Traffic Transit traffic defined as the traffic enters an ingress network port, compared against the forwarding table entries, and is forwarded out an egress network port toward the final destination. For transit traffic a forwarding table entry must be exist to successfully forward transit traffic to that destination. Transit traffic passes through the forwarding plane only and is never sent to or processed by the control plane. Forwarding plane only processing of the transit traffic in JunOS devices can achieve predictably high performance rates.

12 Traffic Processing Behaviour Exception Traffic: Exception traffic is defined as the traffic does not pass through the local device. It is destined to the local device and require special handling. I.e. Packet addressed to the chassis, such as routing update packets, telnet/ssh session to the device replies to the transit source. IP packet with IP option field. PFE are not purposely designed to process IP option field. Traffic that requires the generation of Internet Control Message Protocol (ICMP) messages. I.e. Unreachable, TTL expire,

13 Traffic Processing Behaviour Built-in Rate Limit for Exception Traffic: In JunOS all exception traffic destined to RE are sent through an Internal Link which connects the RE and PFE. JunOS has a hardware based rate limiting on the internal link that protects the JunOS device RE from any potential DoS attacks. During the time of congestion JunOS device gives preference to local and control traffic destine to RE. This built-in rate limit is not configurable/modifiable.

14 Appendix Slides For APNIC in house training only.

15 Juniper Product Range Three Type of Equipment: Routing Devices Switching Device Security/Firewall Device

16 Juniper Routing Product Series

17 Juniper Switching Product Series

18 Juniper Security Product Series

19 JunOS User Interface and CLI Hands on lab instruction provided

20 JunOS CLI Introduction

21 JunOS CLI Introduction Switch Between Different Mode: user> configure [edit] user# exit user>

22 JunOS CLI Introduction

23 JunOS CLI Introduction Type? to get Available Command from the Hierarchy: root> configure? Possible completions: <[Enter]> Execute this command batch Work in batch mode dynamic Work in dynamic database exclusive Obtain exclusive lock private Work in private database Pipe through a command

24 JunOS CLI Introduction

25 JunOS CLI Introduction

26 JunOS CLI Introduction

27 JunOS CLI Introduction Execute Command from Different Hierarchy:

28 JunOS CLI Introduction Execute Command from Different Hierarchy:

29 JunOS CLI Introduction Save Configuration and Exit: [edit] commit and-quit

30 JunOS CLI Introduction

31 JunOS CLI Introduction Check the Rollback & Restore: root# rollback? Possible completions: <[Enter]> Execute this command :37:31 UTC by root via cli :35:15 UTC by root via cli :34:33 UTC by root via cli rescue :36:00 UTC by root via cli [edit] root@router21# rollback rescue

32 JunOS CLI Introduction To get a Unix shell: root@router21> start shell [will support standard unix command line] Switch to JunOS CLI: root@router21% cli [Come back to JunOS command line]

33 Questions

34 APNIC Training Lab Exercises. Hands on lab instruction provided