Juniper Operating System Fundamental for APNIC Training Lab. APNIC Technical Workshop June 18, 2015, APNIC Office In-house training.

Similar documents
Introduction to the Junos Operating System

Juniper Networks Certified Internet Associate (JNCIA-Junos) Exam.

Juniper Networks Certified Associate Junos Bootcamp, IJOS and JRE (JNCIA-Junos BC)

Network Configuration Example

TOPOLOGY-INDEPENDENT IN-SERVICE SOFTWARE UPGRADES ON THE QFX5100

Juniper Networks Certified Internet Specialist Fast Track

Software Defined Networking (SDN) - Open Flow

VIRTUAL CHASSIS TECHNOLOGY BEST PRACTICES

JUNOS Command Line Interface. Copyright 2003 Juniper Networks, Inc. 1

Linux KVM Virtual Traffic Monitoring

Configuring DHCP Snooping

JUNOS Cheat-Sheet Quick Reference

Firewall Filters Feature Guide for EX9200 Switches

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Monitoring and Analyzing Switch Operation

SDN CENTRALIZED NETWORK COMMAND AND CONTROL

JUNOS: The Next-Generation in Enterprise Router OS

Chapter 1 Reading Organizer

Deployment Guide for SRX Series Services Gateways in Chassis Cluster Configuration

CNS-208 Citrix NetScaler 10 Essentials for ACE Migration

Firewalls. Chapter 3

Appendix D: Configuring Firewalls and Network Address Translation

Firewall Design Principles

Network Configuration Example

Junos OS. Firewall Filters Feature Guide for Routing Devices. Release Published: Copyright 2013, Juniper Networks, Inc.

Configuring Denial of Service Protection

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

SRX High Availability Design Guide

Network Management & Monitoring

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Introduction to the Junos Operating System

Firewalls. Network Security. Firewalls Defined. Firewalls

Linux MDS Firewall Supplement

Junos OS for EX Series Ethernet Switches

Configuring Redundancy

Firewalls P+S Linux Router & Firewall 2013

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port

Sample Configuration Using the ip nat outside source static

Chapter 11 Network Address Translation

Chapter 5. Figure 5-1: Border Firewall. Firewalls. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall

Network Configuration Example

1 Network Service Development Trends and Challenges

CCNP Switch Questions/Answers Implementing High Availability and Redundancy

VM-Series Firewall Deployment Tech Note PAN-OS 5.0

Firewalking. A Traceroute-Like Analysis of IP Packet Responses to Determine Gateway Access Control Lists

Denial Of Service. Types of attacks

DOS ATTACK PREVENTION ON A JUNIPER M/T-SERIES ROUTER

Connecting to the Firewall Services Module and Managing the Configuration

Denial of Service Attacks and Countermeasures. Extreme Networks, Inc. All rights reserved. ExtremeXOS Implementing Advanced Security (EIAS)

CONTINUOUS SYSTEMS, NONSTOP OPERATIONS WITH JUNOS OPERATING SYSTEM

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

Cisco Nexus 1000V Switch for Microsoft Hyper-V

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

High Availability Failover Optimization Tuning HA Timers PAN-OS 6.0.0

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Converting SSG 300M-series and SSG 500M-series Security Devices to J-series Services Routers with a USB Storage Device

Netflow Overview. PacNOG 6 Nadi, Fiji

Securing Networks with Juniper Networks

FTOS: A Modular and Portable Switch/Router Operating System Optimized for Resiliency and Scalability

WANPIPE TM. Multi-protocol WANPIPE Driver CONFIGURATION M A N U A L. Author: Nenad Corbic/Alex Feldman

Network Configuration Example

Cisco Integrators Cisco Partners installing and implementing the Cisco Catalyst 6500 Series Switches

Computer Networking. Definitions. Introduction

INTEGRATING FIREWALL SERVICES IN THE DATA CENTER NETWORK ARCHITECTURE USING SRX SERIES SERVICES GATEWAY

Citrix NetScaler 10 Essentials and Networking

Configuring NTP. Information about NTP. NTP Overview. Send document comments to CHAPTER

Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches

IPv6 Security from point of view firewalls

Automated Penetration Test

Troubleshooting the Firewall Services Module

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Implementing L3 at the Data Center Access Layer on Juniper Networks Infrastructure

Table of Contents. Introduction

Configuring DHCP Snooping and IP Source Guard

Cisco PIX vs. Checkpoint Firewall

Internet Security Firewalls

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Bivio 7000 Series Network Appliance Platforms

MLAG on Linux - Lessons Learned. Scott Emery, Wilson Kok Cumulus Networks Inc.

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES

Firewalls Netasq. Security Management by NETASQ

F5 Configuring BIG-IP Local Traffic Manager (LTM) - V11. Description

Lab - Observing DNS Resolution

Technical Bulletin. Enabling Arista Advanced Monitoring. Overview

Junos Switching Basics

Lab Diagramming Intranet Traffic Flows

PERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY

Junos OS for EX Series Ethernet Switches

White Paper Abstract Disclaimer

Campus LAN at NKN Member Institutions

LAB THREE STATIC ROUTING

Junos OS. DDoS Protection Configuration Guide. Release Published: Copyright 2012, Juniper Networks, Inc.

Network Configuration Example

Junos OS. DDoS Protection Configuration Guide. Release Published: Copyright 2012, Juniper Networks, Inc.

Cisco Networking Academy CCNP Multilayer Switching

Lab Characterizing Network Applications

Chapter 3. Enterprise Campus Network Design

Transcription:

Juniper Operating System Fundamental for APNIC Training Lab APNIC Technical Workshop June 18, 2015, APNIC Office In-house training.

Acknowledgment APNIC training lab facilitate hands-on training and workshop requirement for APNIC community in AP region. APNIC training continues its best effort to support multi vendor/open standard technology and software when deliver hands-on training. This presentation is prepared to support JunOS specific hands-on lab exercises in APNIC training lab. APNIC acknowledging Juniper Technology to use its JNCIA-Junos Study Guide and other publicly available Juniper documents to prepare this presentation.

Overview JunOS Operating System Fundamental JunOS User Interface and CLI Basic & Interface Configuration on APNIC Training Lab JunOS Routing Fundamentals & Policy Control Operational Monitoring and Maintenance

JunOS Fundamental Robust, Modular and Scalable Single Source Code Base Separate Control and Forwarding Planes

Robust, Modular and Scalable Run multiple software process. Each process controls a portion of device hardware functionality. Each process runs in its own protected memory space so one process cannot directly interfere with another. So one process failure/upgrade doesn t require system reboot.

Single Source Code Base The JunOS kernel is based on the open source FreeBSD UNIX operating system. All Juniper device running the same JunOS use the same software source code base within their platform-specific images. It ensures core features work consistently across all platforms running the JunOS. Since many features and services use the same JunOS code so configured and management tasks are simplified.

Separate Control & Forwarding Plane The processes that control the routing & switching protocol parameter and forwards data frames are clearly separated in JunOS devices. Forwarding plane functions are mostly done based on the application-specific integrated circuits (ASICs) for increased performance. This design allows to tune each process for maximum performance and reliability. The separation of the control and forwarding planes is one of the key reasons that JunOS can support many different platforms from a common code base.

Separate Control & Forwarding Plane Routing Engine (RE) The control plane runs on the Routing Engine (RE) that is the brain of the device. It is responsible for performing protocol updates and system management functions. RE is mainly based on X86 or PowerPC architecture, depending on the specific platform and it runs various protocol and management software processes that reside inside a protected memory environment. RE maintains the routing tables, bridging table, and primary forwarding table and connects to the Packet Forwarding Engine (PFE) through an internal link.

Separate Control & Forwarding Plane Packet Forwarding Engine (PFE) PFE receives the forwarding table (FT) from the RE by means of an internal link and simply forwards frames, packets, or both with a high degree of stability and deterministic performance. The PFE usually runs on separate hardware / in many case applicationspecific integrated circuits (ASICs) and is responsible for forwarding transit traffic through the device. This architectural design makes it possible to incorporate high availability features of JunOS i.e Graceful Routing Engine Switchover (GRES), Nonstop Active Routing (NAR) etc.

Separate Control & Forwarding Plane Forwards Traffic The PFE is the central processing component of the forwarding plane. The PFE forwards traffic based on its local copy of the forwarding table created by a regular synchronization with the RE. PFE also implements a number of advanced services like rate limiting, stateless firewall and other services through special interface cards that can be add to the PFE complex.

Traffic Processing Behaviour Transit Traffic Transit traffic defined as the traffic enters an ingress network port, compared against the forwarding table entries, and is forwarded out an egress network port toward the final destination. For transit traffic a forwarding table entry must be exist to successfully forward transit traffic to that destination. Transit traffic passes through the forwarding plane only and is never sent to or processed by the control plane. Forwarding plane only processing of the transit traffic in JunOS devices can achieve predictably high performance rates.

Traffic Processing Behaviour Exception Traffic: Exception traffic is defined as the traffic does not pass through the local device. It is destined to the local device and require special handling. I.e. Packet addressed to the chassis, such as routing update packets, telnet/ssh session to the device replies to the transit source. IP packet with IP option field. PFE are not purposely designed to process IP option field. Traffic that requires the generation of Internet Control Message Protocol (ICMP) messages. I.e. Unreachable, TTL expire,

Traffic Processing Behaviour Built-in Rate Limit for Exception Traffic: In JunOS all exception traffic destined to RE are sent through an Internal Link which connects the RE and PFE. JunOS has a hardware based rate limiting on the internal link that protects the JunOS device RE from any potential DoS attacks. During the time of congestion JunOS device gives preference to local and control traffic destine to RE. This built-in rate limit is not configurable/modifiable.

Appendix Slides For APNIC in house training only.

Juniper Product Range Three Type of Equipment: Routing Devices Switching Device Security/Firewall Device

Juniper Routing Product Series

Juniper Switching Product Series

Juniper Security Product Series

JunOS User Interface and CLI Hands on lab instruction provided

JunOS CLI Introduction

JunOS CLI Introduction Switch Between Different Mode: user> configure [edit] user# exit user>

JunOS CLI Introduction

JunOS CLI Introduction Type? to get Available Command from the Hierarchy: root> configure? Possible completions: <[Enter]> Execute this command batch Work in batch mode dynamic Work in dynamic database exclusive Obtain exclusive lock private Work in private database Pipe through a command

JunOS CLI Introduction

JunOS CLI Introduction

JunOS CLI Introduction

JunOS CLI Introduction Execute Command from Different Hierarchy:

JunOS CLI Introduction Execute Command from Different Hierarchy:

JunOS CLI Introduction Save Configuration and Exit: [edit] root@router21# commit and-quit root@router21>

JunOS CLI Introduction

JunOS CLI Introduction Check the Rollback & Restore: root# rollback? Possible completions: <[Enter]> Execute this command 0 2015-06-17 12:37:31 UTC by root via cli 1 2015-06-17 12:35:15 UTC by root via cli 2 2015-06-17 12:34:33 UTC by root via cli rescue 2015-06-17 12:36:00 UTC by root via cli [edit] root@router21# rollback rescue

JunOS CLI Introduction To get a Unix shell: root@router21> start shell [will support standard unix command line] Switch to JunOS CLI: root@router21% cli [Come back to JunOS command line]

Questions

APNIC Training Lab Exercises. Hands on lab instruction provided

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information