Documente Academic
Documente Profesional
Documente Cultură
NOTE: Please note this Student Guide has been developed from an audio narration. Therefore it will have
conversational English. The purpose of this transcript is to help you follow the online presentation and may require
reference to it.
Slide 1
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 1
Slide 2
2015 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Slide 3
Navigation
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 3
Throughout this module, you will find slides with valuable detailed information. You can stop any slide with the Pause
button to study the details. You can also read the notes by using the Notes tab. You can click the Feedback link at any
time to submit suggestions or corrections directly to the Juniper Networks eLearning team.
Slide 4
Course Objectives
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 4
Slide 5
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 5
This course consists of five sections. The five main sections are as follows:
An Introduction to the Junos OS;
The Command-line Interface;
Configuration Commands and Process;
Junos OS Routing; and
Junos OS Adoption.
Slide 6
2015 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Slide 7
Section Objectives
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 7
Slide 8
Junos OS Overview
Junos OS Overview
Juniper Networks Junos OS provides a common language across Junipers routing, switching and security devices.
The power of one Junos OS reduces complexity in high-performance networks to increase availability and deploy
services faster with lower TCO.
The consistent user experience and automated toolsets of the Junos OS makes planning and training easier, day-to-
day operations more efficient, and changes in the network faster. Furthermore, one operating system integrating new
functionality in software protects customer investment, not only in hardware, but also in internal systems, practices,
and knowledge. That means not only lower TCO, but also greater flexibility in meeting the new needs and
opportunities of the business.
Slide 9
Increasing Demands on
High-Performance Networks
The network runs the operations of high-performance
enterprise and service provider businesses
Legacy network software carries limitations:
Complex, error-prone administration tasks
Multiple release trains and software versions
Monolithic software architectures
The solution begins with greater confidence in the
underlying network foundation
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 9
The network fundamentally runs the operations of high-performance enterprise and service provider businesses.
Complex networks that require extensive rework to scale and change can slow down marketplace response and new
business initiatives.
While old hardware and outdated or poorly integrated technologies present challenges, it is the software running in IP
networks that consumes the most operational time, causes the majority of operational headaches, and creates
obstacles to change. Largely based on source code initially built decades ago, legacy network software carries a
number of limitations, including the following:
Complex, error-prone administration tasks, which not only add time and effort to routine activities, but also multiply
the risk of human error that can lead to outages or create security vulnerabilities.
Multiple release trains and software versions, which slow down network upgrades with requirements for extensive
testing, qualification, and training, while impacting the predictable delivery of new service features and fixes.
Monolithic software architectures, which impact network stability, performance, and security with comingled
operating system processes vying for the same shared computing resources, and where even a small problem in
one process can cascade to affect many others.
So, how can you develop a network that cost-effectively scales with traffic growth, adapts along with changing
business needs, and delivers new services, all while maintaining the operational stability of your infrastructure?
The solution begins with greater confidence in the underlying network foundation. If you can trust the software
supporting your infrastructure, particularly in its most strategic and distributed components, your team can focus more
of its time and effort keeping up with traffic demand as well as new application and business requirements.
Slide 10
Key Advantages
One OS across all types and sizes of platforms
A single software train with a steady release cadence
Modular architecture
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 10
The Junos OS provides a common language across Junipers routing, switching, and security devices, and that
reduces the complexity of not only the network design, but also its operation.
The following key advantages of the Junos OS are derived primarily from how it is built:
Having one operating system across all types and sizes of platforms reduces the time and effort to plan, deploy,
and operate network and security infrastructure;
A single software release train with a steady release cadence meets changing needs in software with stable
delivery of new functionality in a steady, time-tested cadence; and
A modular software architecture provides highly available, secure and scalable software that is open to
automation and partner innovation.
Slide 11
Modular Architecture
Modular
Independent operation for resiliency
Extensible design for new innovation
Management
Interfaces
Module n
Scalable
Control Plane
Routing
Up: distributed hardware
Down: flexible packaging for small
systems
...
Open Kernel
Automation APIs for on-box control
and integration to off-box systems
Junos SDK for application
development
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net 36
| 11
Modular Architecture
Lets take a look at some of the architecture highlights of the Junos OS.
First, the architecture is modular. So, if you are not a software engineer, why do you care about this? Well, the bottom
line is this: dedicated resources means high resiliency, which gives you the high availability that carriers rely on. Small
problems do not become big ones, and are easier to find. Carrier class resiliency is what the Junos OS provides,
along with flexibility for innovation. Juniper can roll out new functionality by building a new module and putting it into
this same model, as shown on this slide.
Additionally, the software has been designed from the beginning for scalability. System designers can provide
dedicated hardware for different functions where neededwhether its for control, forwarding, or servicesand it still
all works as one system. Not only does the architecture scale up, but it also scales down with flexible packaging for
small systems.
A third highlight is the open interfaces for automation and applications development which lets our partners customize
and extend the deployment of the Junos OS to each of their customers unique environments.
Slide 12
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net 35
| 12
In significant contrast to its primary competitors, Juniper extends the Junos OS in a single software release train under
a disciplined process of development. New releases build upon the prior, creating a single train delivered in a series of
numbered versions.
Each new release supports each product family with the code set optimized for its role and application in the network.
Whenever customers are ready to upgrade, they simply choose and qualify a higher release number than their current
version.
Slide 13
X Releases (1 of 2)
12.1 13 14
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 13
X Releases: Part 1
For certain platforms, (in particular the SRX Series) Juniper has adopted a software release model that allows for the
rapid introduction of new security capabilities. At the same time, the security services will leverage the architectural
underpinnings of the Junos OS including the CLI, scripting, and core capabilities. This release model ensures that new
security services are introduced rapidly, while quality and stability on the Junos OS is maintained.
Juniper is using a Junos OS base that is updated at a slower pace to release new security features at a faster
cadence, using special security-focused releases called X releases. The first security release train was X44. The
specific release number for X44 is D10, and the Junos base version is 12.1. The release is therefore referred to as
12.1X44-D10.
It is planned to continue the security X releases, with two X releases planned annually. The Junos OS base version for
the X releases will be updated at a slower regular cadence, and the security X releases will occur at a faster cadence.
Slide 14
X Releases (2 of 2)
X Releases
Time to market
Quality SRX100
12.1 13 14
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 14
X Releases: Part 2
Juniper has adopted the new software release model for security, for several reasons:
Time to market: Accelerate time to market for security services on top of the Junos OS. This X release model
facilitates the fast introduction of new security services, while leveraging the key capabilities of the Junos OS.
Quality: Higher stability and quality of both the Junos OS and the SRX Series as well as other security products. X
releases promote stability and thus higher quality of the layered security services on the Junos OS.
One Junos: Enhance One Junos by leveraging the architectural underpinnings of the Junos OS (such as the CLI,
scripting, and core capabilities) in the security-focused X releases.
Slide 15
Control Plane
Benefits: Routing
Provides superior performance Engine
Highly reliable
Data Plane
Packet Forwarding
Engine
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 15
From the beginning, Juniper engineers decided to separate the functions of control and forwarding. The diagram on
the slide shows a very basic illustration of the architecture. The control plane, shown above the dotted line, runs the
Routing Engine (RE). The data plane, shown below the dotted line, is the Packet Forwarding Engine (PFE).
Think of the control plane (RE) as the brains of the system. It is responsible for performing protocol updates and
system management. The routing table, bridging table, and primary forwarding table are maintained by the RE which
connects to the PFE through an internal link. The forwarding plane (PFE) is responsible for forwarding transit traffic
through the device and usually runs on separate hardware. Think of this as the brawn of the system. The forwarding
plane is responsible for the high throughputit takes the packets it receives, inspects them, and moves them through
the network quickly.
The primary benefit is that, because this architecture separates control operations from forwarding operations,
platforms running the Junos OS can deliver superior performance and highly reliable deterministic operation.
Slide 16
Data Plane
FT
frames/packets in frames/packets out
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 16
The Routing Engine is the portion of the device that handles all routing protocol processes as well as other software
processes that control the routers interfaces, some of the chassis components, system management, and user
access to the router. The RE provides the CLI as well as the J-Web GUI.
The routing table (RT) is stored and maintained on the RE. The routing table is used to build the forwarding table (FT).
The PFE receives a synchronized copy of the forwarding table from the RE by means of the internal link. Storing and
using a local copy of the forwarding table allows the PFE to forward traffic more efficiently and eliminates the need to
check with the RE every time a packet needs to be processed. Using this local copy of the forwarding table also
allows devices running the Junos OS to continue forwarding traffic during control plane instabilities. The PFE also
maintains Layer 2 bridging information.
Because the RE is the brains and the PFE is the brawn, the PFE can simply perform as it is instructedforwarding
frames and packets with a high degree of stability and performance. This architectural design also makes it possible to
incorporate high availability features such as graceful Routing Engine switchover (GRES), nonstop active routing
(NSR), and unified in-service software upgrades (ISSUs).
Slide 17
Junos OS Platforms
Routing
Switching
Security
Virtual
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 17
Junos OS Platforms
Juniper Networks drives Junos OS innovation through its disciplined development as one network operating system.
Juniper solutions provide consistency and reliability with routing, switching, security, and virtual platforms run by the
same operating system across the high-performance network infrastructure. Junipers extensive portfolio connects
branch and regional offices, central sites and data centers, along with the metro, edge, and core sites of service
provider networks. Juniper is leveraging its heritage of best-in-class services and security technology by delivering a
broad set of intelligent and dynamic services in the Junos OS for security, broadband, voice, and video.
Slide 18
Routing Platforms
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 18
Routing Platforms
ACX Series: Powered by Juniper Networks Junos OS, the ACX Series routers complement Junipers universal edge
solutions through a flexible and scalable service provider and enterprise branch routing portfolio optimized to support
rapidly growing mobile, video, and cloud computing applications. The ACX Series introduces Junipers proven
IP/MPLS leadership from the core and edge into the access layers of the network.
LN Series: The LN Series Secure Routers provide high-performance network routing, next-generation firewall, and
unified threat management capabilities in a single platform. These devices are hardened to provide secure
connectivity to the harshest fixed and mobile environments such as remote substations, industrial manufacturing sites,
and transportation facilities.
M Series: M Series Multiservice Edge Routers combine IP/MPLS capabilities with reliability, security, and service
richness. Enterprises and service providers use the M Series in small core, multiservice edge, collapsed POP routing,
peering, route reflector, as well as campus and WAN gateway applications.
MX Series: MX Series 3D Universal Edge Routers are a portfolio of high-performance, software-centric physical and
virtual routers that support a broad set of applications in service provider, enterprise and cloud networks. With
powerful routing, switching, and services capabilities, the MX Series delivers unmatched flexibility and investment
protection.
PTX Series: The PTX Series Packet Transport Routers are the core router of choice for very high volume networks.
PTX Series Converged Supercore platforms are built for superior performance, transport integration, and elegant
deployment, supporting high-density 100-Gigabit Ethernet environments while delivering industry-leading energy
efficiency of up to 0.57 watts per Gbps.
T Series: T Series Core Routers include the features, functionality, scale, flexibility and availability requirements for a
multiservice core. The T Series platform with the TX Matrix Plus provides unparalleled investment protection and an
incremental in-service upgrade path to deliver system scale from a 640 Gbps single chassis system to up to 22 Tbps
multichassis system.
Slide 19
Switching Platforms
OCX Series
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 19
Switching Platforms
EX Series: These carrier-class switching solutions are for converged enterprise branch offices, campuses, and data
centers, as well as for service provider deployments. They address escalating demands for high availability, unified
communications, mobility, and virtualization within enterprise networks. Virtual Chassis and Virtual Chassis Fabric
technologies on select models enable multiple interconnected EX Series switches to operate as a single device,
reducing operational expense and management complexity.
QFX Series: QFX Series switches are high-performance, high-density platforms that satisfy the needs of todays most
demanding enterprise and service provider environments. Designed for top-of-rack, end-of-row, and spine-and-core
aggregation deployments in modern data centers, QFX Series switches can be deployed as 10-Gigabit Ethernet, 40-
Gigabit Ethernet, or 100-Gigabit Ethernet access, spine, core, or aggregation devices in Virtual Chassis, Virtual
Chassis Fabric, Multi-Chassis LAG and Junos Fusion architectures.
OCX Series: The currently available model in this series is the OCX1100. The OCX1100 is an open networking switch
based on hardware specifications ratified by the Open Compute Project (OCP). Combining a cloud-optimized OCP-
submitted hardware design with the industry-proven and feature-rich Junos OS, the OCX1100 gives customers all of
the benefits of an open source hardware design with none of the compromises.
Slide 20
Security Platforms
SRX Series
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 20
Security Platforms
The SRX Series Services Gateways are the Juniper Networks security platform running the Junos OS.
SRX Series: The SRX Series are next-generation firewalls offering high-performance security with advanced,
integrated threat intelligence, delivered on the industry's most scalable and resilient platform. The SRX Series offers a
broad range of options, from all-in-one, integrated physical and virtual security networking devices, to highly scalable,
chassis-based data center solutions that can defend enterprise data centers and service providers of any size.
Slide 21
Virtual MX (vMX)
Based on the MX Series
vMX
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 21
The Junos OS can also run as a virtual machine (VM) using either VMware or KVM as the host software. Two
products are currently availablevirtual SRX (vSRX) and virtual MX (vMX).
vSRX Services Gateway (formerly known as Firefly Perimeter) delivers a complete virtual firewall solution, including
advanced security, robust networking, and automated VM life-cycle management capabilities for service providers and
enterprises. vSRX empowers security professionals to deploy and scale firewall protection in highly dynamic
environments. Based on the SRX Series Services Gateways, vSRX extends the SRX Series capabilities to virtualized
and cloud environments.
The vSRXs automated provisioning capabilities, enabled through Junos Space Virtual Director, allow network and
security administrators to quickly and efficiently provision and scale firewall protection to meet the dynamic needs of
virtualized and cloud environments. By combining the vSRXs provisioning application with the power of Junos Space
Security Director, administrators can significantly improve policy configuration, management, and visibility into both
physical and virtual assets from a common, centralized platform.
vMX is a virtual MX Series 3D Universal Edge Router that extends over 15 years of Juniper Networks edge routing
expertise to the virtual realm. The vMX is a full-featured, carrier-grade router with complete control, forwarding, and
management planes. It runs the Junos OS, and supports vTrio packet handling and forwarding by compiling the
programmable Junos Trio chipset microcode for x86 chipsets.
With its granular, pay as you grow licensing model, the vMX reduces the risk associated with new market entry and
service innovation and allows you to start small, move fast, and stay profitable. Not only is it an ideal platform for
markets and applications that are difficult to serve with traditional hardware routers, it is also a great option for proof of
concept validation, lab testing, and feature and release certification.
Slide 22
Section Summary
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 22
Slide 23
A. Security
B. Switching
C. Routing
D. Wireless
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 23
Slide 23
A. True
B. False
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 23
Slide 24
2015 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Slide 25
Section Objectives
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 25
Slide 26
CLI Login
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 26
CLI Login
The Junos OS CLI is the software interface you use to access a device running the Junos OSwhether from the
console or through a network connection. By leveraging industry-standard tools and utilities, the CLI provides a
powerful set of commands that you can use to monitor and configure devices running the Junos OS.
To access the CLI, you need to connect and log in. If you are using a brand new device, rather than one that has
already been configured with your username and password, you would log in with a username of root, leave the
password blank, and press enter. The root login account has superuser privileges, with access to all commands and
statements. When you log in as root, the command prompt will end with a percentage symbol. At this point, you are in
a command shell. To enter the CLI you need to type cli and press enter. The command prompt will change to a
greater-than symbol, as shown in the example on this slide. This new command prompt indicates that you are now in
operational mode of the CLI. On a brand new device, you should always create a secure password for the root user,
then create other user accounts as needed. In fact, you are required to set a root password the first time you commit a
configuration.
When you log in with your username and password (instead of the root username), you will be taken directly into the
CLI operational mode, as shown in the second example on this slide where a username of lab was used. Note that
the default CLI prompt is comprised of the username, then an at symbol, the device host name, and then the prompt
symbol. The prompt symbol indicates whether you are in the shell, operational mode, or configuration mode.
Slide 27
CLI Modes
Operational mode
Monitor and manage device operations
The > character identifies
mike@jnpr1> operational mode
Configuration mode
Configure the device and its interfaces
[edit]
The # character identifies
mike@jnpr1# configuration mode
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 27
CLI Modes
The Junos CLI organizes its commands into two groups, known as modes:
Operational mode is for managing and monitoring device operations. For example, monitor the status of the device
interfaces, check chassis alarms, and upgrade or downgrade the device's operating system.
Configuration mode is for configuring the device and its interfaces. This includes configuring the management
console with its network settings, setting up user accounts for access to the device, specifying the security
measures used to protect the device and the network, and setting up routing and switching protocols.
The prompt following the device name indicates the mode you are currently in, as illustrated on this slide.
Slide 28
2nd Level
... ... ...
3rd Level
... ... ... ...
... ... ... ...
... ... ... ...
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 28
The Junos CLI structures the activities of each mode into hierarchies. The hierarchy of each mode is made up of
cascading branches of related functions commonly used together.
The structured hierarchy of the CLI is among the first of many preferred differences that new users discover about the
Junos CLI. By logically grouping activities, the Junos CLI provides a regular, consistent syntax that is helpful to
knowing where you are, finding what you want, quickly moving around the interface, and efficiently entering
commands. The hierarchy of commands makes learning and using the Junos CLI easier. New users regularly
comment on just how logical the command-line is.
Slide 29
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 29
This slide shows some of the common administrative tasks that can be performed in operational mode. The Junos OS
provides an extensive set of on-board instrumentation capabilities for gathering critical operational status, statistics,
and other information. These tools deliver advance notification of issues and speed problem-solving during events.
As part of your configuration setup you can specify the types of events to track, the event severity, and the files in
which to store the data, among other options. You can then access this information in operational mode. Juniper
devices come with sufficient processing power to collect and store critical operational data, including SNMP
management, system logging, and traceoptions (or debugging) that help you to understand how the device operates
in normal conditions and where, when, and why changes occur.
Slide 30
top
Less Specific
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 30
When you first log in to the CLI, you are at the top level of the CLI's operational mode.
This slide shows a view of the CLI's tree structure from the top of operational mode, with an example of its cascading
hierarchy through a show command. The show command is one of the most commonly used because it displays
information ranging from interfaces (show interface), to hardware (show chassis), to protocols (show ospf neighbor).
The tree structure cascades from less specific to more specific as you get deeper into the hierarchy.
For the student with experience using IOS, a basic difference of the Junos OS is that it does not use the keyword IP.
So, many of the show commands you already know from IOS will work in the Junos OS if you drop that part of the
command. For example, the IOS command show ip route simply becomes show route in the Junos OS.
Slide 31
Specifying Output
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 31
Specifying Output
The show command includes other arguments to modify the output. This slide displays the available arguments for
the show interfaces command for the fe-1/1/1 Fast Ethernet interface. The question mark (?) helps you to complete
commands by showing a list of possible completions available for that command at that level, without you needing to
reference a CLI manual. The question mark will become your best friend while operating or configuring a Junos OS
device.
Slide 32
Output Options
mike@jnpr1> show interfaces fe-1/1/1 brief
Physical interface: fe-1/1/1 Enabled, Physic link is Down
Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, Loopback:
Disabled, Source filtering: Disabled
Flow control: Enabled
Device flags: Present Running Down
Interface flags: Hardware-Down SNMP-Traps Internal: Ox4000
Link flags: None
Command output
with brief option
Command output
with terse option
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 32
Output Options
Junos OS operational mode commands can include brief, detail, extensive, or terse options. You can use these
options to control the amount of information you want to view.
This slide illustrates the results of adding the keywords brief and terse to the show interfaces command.
Slide 33
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 33
As you monitor and configure a device, you will need to switch between operational mode and configuration mode.
When you change to configuration mode the command prompt changes from the greater than symbol to the
hashtag symbol, as shown in the examples on this slide.
To switch from operational mode to configuration mode, issue the configure command. The [edit] banner shows your
location at the top level of the configuration hierarchy. To switch back to operational mode, you issue the exit
command.
Slide 34
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 34
Configuration mode has a hierarchical structure that logically groups related configuration statements. This structure
eases configuration set up, review, and changes, by allowing you to more readily find and view related statements.
The slide illustrates a portion of the configuration mode tree.
The configuration statement hierarchy includes the following two types of statements:
Container statements: This type of statement contains other statements, that is, they have subordinate
configuration levels. Each container statement represents a configuration stanza, which could include other
configuration stanzas. A configuration stanza is represented as the content between curly brackets in the CLI
output.
Leaf statements: This type of statement does not contain other statements, that is, they are at the end of a
particular hierarchical path. Each leaf statement is located within a configuration stanza. A semicolon identifies a
leaf statement at a configuration hierarchy level.
Slide 35
system {
services {
ftp;
}
}
The CLI displays the hierarchy of the configuration mode through the following syntax:
The hierarchy levels are indicated by indenting each subordinate level. In the example shown on this slide,
services is a subordinate of system, and ftp is a subordinate of services.
Container statements are indicated between open and close curly brackets. In the example, system and services
are cascading container statements.
Leaf statements are indicated with a semicolon at the end. In the example, ftp; is a leaf statement.
Slide 36
Hierarchy Flexibility
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 36
Hierarchy Flexibility
The flexibility to work at a specific sublevel or stanza in the hierarchy is helpful when users want to focus on just a
small portion of the configuration.
Looking at the examples on this slide, the two configuration statements shown for the FTP service are equal. In the
top example, you are looking at the statement from the root level of the hierarchy, and thus the ftp; statement is shown
in this listing within the system and services container statements.
In the bottom example, you are viewing the same ftp; statement from deeper level within the hierarchy. When you are
in deeper levels of the hierarchy, the [edit] banner displays the entire hierarchical path. In this example, the banner
[edit system services] indicates a place in the hierarchy lying within services (the 3rd level), system (the 2nd level),
and [edit] (the root or 1st level).In this example, as you are deeper within the hierarchy. At this level, whenever you
view the configuration, the command-line only displays the ftp; statement.
To determine where you are in the configuration hierarchy, refer to the configuration mode banner before entering
configuration commands. While you can edit the configuration from the root directory, often it is easier to navigate to
the area within the configuration you are changing prior to adding and removing commands.
Slide 37
Commands
edit
The user must know the full hierarchical path
This command will create new intermediate hierarchy levels if they do not
yet exist in your configuration
up
Moves you up one level in the hierarchy
To move up multiple levels, add an optional count (up 2, for example)
top
Moves you to the top level in the hierarchy
exit
Leaves the current level of the configuration hierarchy, returning to the
level prior to the last edit command
If you enter exit from the top level of the configuration hierarchy, you exit
configuration mode and enter operational mode
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 37
The edit, up, top, and exit commands let you navigate the configuration tree.
Use the edit command to jump to a specific location within the candidate configuration. The configuration mode
banner changes to indicate your new location in the hierarchy. You must know the full hierarchical path. If you
navigate to a hierarchy location that does not exist in your configuration yet, the CLI will create that hierarchy level.
The up command allows you to move up levels in the hierarchy. By default, you move one level. You can add a
number after the command to specify how many levels to move up.
The exit command returns you to the hierarchy location prior to the last edit command. If you use the exit command at
the top level of the configuration hierarchy, you exit configuration mode and go back to operational mode.
The organized structure of the command hierarchy eases movement from one level to another within the Junos CLI.
Slide 38
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 38
Fortunately, for new users, and even experienced users, the Junos CLI includes lots of shortcuts and ways to get
help.
Both configuration mode and operational mode offer options to shorten keystrokes. All standard UNIX keyboard
shortcuts are available to you when you are logged on to the Junos OS device. It might take some repetition for these
to become second nature, but once they are, these shortcuts can save you a lot of typing time.
For example, the CLI stores every entered command in its command history. At any command prompt, the up and
down arrow keys let you scroll through this history. This allows you to re-use commands that you previously entered,
or modify them as needed.
Keyboard shortcut sequences can save you much time, for example, when you are configuring similar items on the
device, or you are repeating operational commands.
Slide 39
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 39
The CLI provides command completion to further speed your typing in both modes. Command completion
automatically finishes partially typed commands, filenames, usernames, and so forth, so you do not need to recall the
exact syntax of the desired input string. Command completion is a big help to new users, especially when they are first
learning the Junos OS CLI.
The spacebar completes most CLI commands. The tab key not only completes CLI commands, but also filenames
and user-defined variables such as policy names, community names, and IP addresses. When the completion of the
command or argument is ambiguous, hitting space or tab lists the possible completions, as shown in the top example
on this slide.
Slide 40
Getting Help
[edit system]
mike@jnpr1# set s?
Possible completions:
saved-core-context Save context information for core files
saved-core-files Number of saved core files per executable
(1..64)
> services System services
> static-host-mapping Static hostname database mapping
> syslog System logging facility
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 40
Getting Help
You can query the command-line with the question mark character at any level of the operational or configuration
hierarchies for a list of available commands and a short description of each. Typing a partial command followed by a
question mark provides a list of all the valid ways to complete your command, as shown in the example on this slide.
Using the question mark in this way is known as context-sensitive help in Junos OS lingo. For commands that require
a filename as an argument, the question mark lists the files in the working directory.
Slide 41
More Help
help apropos
Displays help about a text string contained in a statement or
command name
help reference
Provides assistance with configuration syntax by displaying
summary information for the statement
help syslog
Displays information on specific syslog events
help tip
Provides random tips for using the CLI
help topic
Displays usage guidelines for configuration statements
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 41
More Help
When you want more information than provided by context-sensitive help, you can turn to the Junos OS technical
documentation included on your device by using the help commands. When requesting help, follow each of these help
commands with the string or topic for which you are seeking information.
The help files are divided into major categories. You can access these files in operational mode. You can use:
help apropos to display help about a text string contained in a statement or command name;
help reference to provide assistance with configuration syntax by displaying summary information for the
statement ;
help syslog to display information on specific syslog events;
help tip to provide random tips for using the CLI; and
help topic to display usage guidelines for configuration statements.
Slide 42
Logging Out
mike@jnpr1> exit
jnpr1 (ttyu0)
login:
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 42
Logging Out
You must be in operational mode to log out completely from the device. If you are in configuration mode, use the exit
configuration-mode command to enter operational mode. If you are at the top of the configuration mode hierarchy, you
only need to use the exit command. From operational mode, you can completely exit the CLI by entering the exit
command and hitting enter.
Slide 43
https://virtuallabs.juniper.net/
At this point, you should pause this presentation, follow the link to Junipers Virtual Lab environment, open the Lab
Guide, and complete the lab portion of this section. When you are finished, return to this presentation and click Play to
continue.
Slide 44
Section Summary
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 44
Slide 45
A. # (hashtag symbol)
B. } (curly bracket symbol)
C. > (greater-than symbol)
D. ~ (tilde symbol)
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 45
Slide 45
A. # (hashtag symbol)
B. } (curly bracket symbol)
C. ~ (tilde symbol)
D. % (percentage symbol)
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 45
Slide 46
2015 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Slide 47
Section Objectives
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 47
Slide 48
commit
candidate validated active
Load configuration configuration configuration
commit
confirmed commit commit
scripts validations
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 48
The graphic at the bottom of this slide outlines the basic steps of the Junos OS configuration process. One of the
foremost differences between the Junos OS and other operating systems is that Junos OS configuration changes do
not become active until the user is ready to make them active. The Junos OS configuration approach provides multiple
safety nets that can save users hours of troubleshooting on those bad days when their configuration changes do not
go quite as planned, potentially resulting in network issues.
Once they understand these safety nets, new users of the Junos OS typically recognize the Junos OS CLI as much
more user-friendly than other operating systems that have line-by-line entry and instant activation of configuration
changes. Have you ever had to make line-by-line changes in other systems, knowing that you were creating
intermediate risks, such as removing a firewall on an interface? Perhaps you have entered a single-line change that
created unwanted or unexpected results that you could not easily revert. The Junos OS CLI protects you from these
and other configuration headaches.
To operate a device, the Junos OS uses the active configuration file. When a user wants to make changes to the
configuration file, they work with a candidate configuration file, which is a copy of the active configuration. In order for
configuration changes made to the candidate configuration to become active, the user must commit the candidate
configuration file.
Slide 49
commit
candidate validated active
Load
rollback
configuration configuration configuration
commit
confirmed
commit commit 1
scripts validations 49
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 49
Lets take a look at the basic steps of the multi-stage Junos OS configuration process, which are as follows:
First, the user makes changes to the candidate configuration.
The candidate configuration is a copy of the active configuration. You can enter configuration changes to the
candidate configuration through the CLI by using cut-and-paste, loading or merging a text file with the
updated configuration changes, or entering the changes manually through the CLI interface. After making all
your candidate changes, you can review your work, including comparing the candidate to the active running
file.
Second, you will commit your changes, which will make the candidate configuration the active configuration.
Before finalizing the changeover, the software checks for certain statements within the candidate
configuration and performs other context validations. If the device includes pre-loaded commit scripts, these
scripts will also check for errors and possibly correct errors within the candidate configuration. If there are
any issues, the user will be notified and the configuration will not become active.
Third, once everything checks out, the candidate configuration becomes the active configuration.
The candidate configuration you were working on becomes the active configuration and the device places
the previous active configuration into an archive of up to 49 of the past active configurations, which you can
access through the rollback command if needed.
We will explore each of these steps in more detail on the upcoming slides.
Slide 50
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 50
To enter configuration mode, the Junos OS provides several options. These options give users different ways to
manage who is making changes and when.
If users enter configuration mode with the command: configure, then they are in standard configuration mode.
Standard mode allows any number of users to edit the candidate configuration simultaneously, and changes made by
a single user are visibly shared by all users, any of whom will activate all changes if they enter a commit command.
Alternatively, the Junos OS offers the options to configure private or configure exclusive. These prevent one user from
inadvertently activating another users changes before they are ready.
In configure private mode, the device keeps a separate candidate copy, which holds only the changes made by the
private user. In configure exclusive mode, the CLI locks all other users out of configuration mode until the exclusive
user closes the exclusive state. These two configuration options are very handy when multiple users can change the
candidate configuration of a device.
Slide 51
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 51
Initially, before any changes are entered, the candidate configuration is the same as the active running configuration.
To display the candidate configuration, use the show command in configuration mode. When entered from the top of
the configuration hierarchy, the CLI displays the entire candidate configuration, as shown in the abbreviated example
on the left of this slide.
Deeper in the hierarchy, the show command displays the configuration from the current hierarchy level and below, as
show in the example on the right of this slide.
You might have noticed that configuration mode uses the show command in a different way than operational mode.
The commands of each mode are independent of each other, and thus the show command represents different
actions in each mode.
Slide 52
}
[edit system services]
mike@jnpr1# set finger
mike@jnpr1# set ftp
mike@jnpr1# set ssh
mike@jnpr1# set telnet
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 52
You can create or change the candidate configuration by entering a series of commands, including those to add and
remove configuration statements. The set command inserts a statement and values into the candidate configuration.
While you can edit the candidate from the root directory, as shown in the top example on this slide, often it is easier to
navigate to the area within the configuration you are changing prior to adding and removing commands. This is shown
in the second example on this slide where changes are entered in the [edit system services] sublevel of the hierarchy.
Either approach provides the same results, as shown in the example on the right of this slide.
Slide 53
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 53
The delete command removes statements from the candidate configuration. In the example shown on this slide, we
delete what we had just added in the prior slide, which was system services.
Deleting a statement effectively returns the device, protocol, or service to an un-configured state. Deleting a container
statement removes everything under that level of the hierarchy. Proceed with caution. Remember, the delete
command removes all subordinate statements and identifiers. For example, if you entered the simple command:
delete protocols from the top of the CLI hierarchy, you would remove all the protocols configured in your candidate file.
You need to be aware of where you are within the hierarchy and what you are removing when you issue a delete
statement.
Slide 54
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 54
In configuration mode only, when you have made changes to the configuration and want to compare the candidate
configuration with a prior version, you can use the compare command to display the differences. The compare
command compares the candidate configuration with either the current active configuration or another configuration
file and displays the differences between the two configurations. The CLI indicates new lines in the candidate with a
plus (+) sign and those removed with a minus (-) sign. In the example shown at the top of this slide, the user has
enabled telnet within system services and also removed ssh and web-management.
To compare configurations, specify the compare command after the pipe symbol, as shown in the examples on this
slide. If you do not specify any arguments after the compare command, then the candidate configuration is compared
against the active configuration file, as shown in the top example on this slide. If you want to specify a file other than
the active configuration file for comparison, then you would specify the filename after the compare command, as
shown in the bottom example on this slide. You can also do a comparison to a previously active configuration by using
rollback n, where n is the index into the list of previously committed configurations. The most recently saved
configuration (which is the active configuration) is number 0, and the oldest saved configuration is number 49.
Slide 55
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 55
The CLI also provides a command to check that the system can process your candidate configuration. The commit
check command validates the logic and completeness of the candidate semantics without activating any changes.
These are the same validations which run when you commit a candidate. If the system finds a problem in the
candidate configuration, it lets you know, as the example on this slide illustrates.
Slide 56
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 56
The candidate configuration file is only the proposed configuration, and your device does not use any of this
configuration until a commit command activates the configuration. After you have entered all desired changes, and
you have double checked your work, you are ready to activate your candidate as the active running configuration. To
activate the candidate configuration, enter the commit command.
Before actually activating the candidate configuration, the Junos OS checks basic syntax and semantics. For example,
the software makes sure that a policy has been defined before it is referenced. If any syntax or semantic problems are
found, the commit command returns an error and the configuration is not activated, as shown in the first example on
this slide.
You must fix all errors before the candidate can become active. The commit complete message tells you that the new
configuration is up and running on the device.
Slide 57
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 57
Are you among those of us who have made the mistake of adding security to a remote device, only to discover that
the security configuration changes you made locked you out of the very interface that you were using to access the
device? Do you have a story about the time you accidently isolated a remote device and then had to jump in the car
and drive two-and-a-half hours in the middle of the night just to reset it? The commit confirmed command can prevent
costly configuration mistakes by automatically rolling back problematic configurations.
The commit confirmed command commits a candidate configuration for 10 minutes (this is the default time setting).
Then if you do not follow up with a second commit within that time period, the device automatically rolls back to the
previous configuration. You can use the commit confirmed command anytime you want a safety net against potential
configuration problems.
If you do not confirm the configuration by entering a second commit command, the CLI will roll back the device to the
previous active configuration at the end of the 10 minutes (or an interval you specify). In this way, if you have
accidently isolated the device, you simply need to wait for the rollback instead of agonizing over how you are going to
otherwise undo your mistake.
Slide 58
[edit]
mike@host# commit
commit complete
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 58
Whenever you commit the candidate as the new active configuration, the Junos OS automatically saves a copy of the
active configuration file that is being replaced. As you store each newly replaced configuration, all the prior
configuration files move back one version number further in the configuration archive. Each device can store up to 50
of the most recently active versions. This number includes the current active configuration (also known as rollback 0).
You can access this configuration archive using the rollback command.
You can reset your candidate configuration to match the active running configuration by entering rollback or rollback 0.
You can also return to the most recent previous active configuration file by using the rollback 1 command, or use any
other number between 2 and 49 to go back to any of the previous configurations.
The rollback command loads the requested archive as the candidate file. You can also create a rescue configuration
of a known working configuration so that you can rollback to it when all else fails.
If you want to use a rollback file you will need to commit the configuration. First, use the show command to view the
file so you can be sure it is what you want. Then activate the file with the commit command. This is a very important
stepto complete a rollback for the active configuration of the device, you must run the commit command to activate
it.
Slide 59
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 59
Unlike other systems, the Junos OS lets you prepare for an installation before actually installing the hardware. The
software simply ignores the areas of the running configuration which are irrelevant to the existing hardware
installation. Those areas of the running configuration will become active once the hardware becomes available.
The option to set up a configuration prior to hardware installation is quite useful, especially when the person installing
the hardware is different than the person configuring the device, a common occurrence for remote devices. At the top
of this slide we show a configuration for fe-3/0/0, which will be installed at a later date. Nevertheless, the configuration
statement is the same. The settings will simply be ignored until the hardware is installed. Then the setting will become
active.
You can also schedule when you want your candidate configuration to become active. To save Junos OS
configuration changes and activate the configuration on the device at a future time or upon reboot, use the commit at
configuration mode command, specifying reboot or a future time at the [edit] hierarchy level, as shown in the example
at the bottom of this slide.
Slide 60
edit interfaces]
mike@jnpr1# delete se-0/0/1 unit 0 family inet address 10.0.22.1/24
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 60
A typical configuration includes many similar elements named and defined by the user, such as interface names,
policy statements, and firewall filters. The Junos CLI includes commands to duplicate and quickly change the
configurations of these user-defined variables.
The copy command duplicates a configuration statement along with all the subordinate statements configured
underneath it. In using the copy command, you copy the configuration associated with one user-defined element to a
new, similarly configured element. You can then modify that second element with any needed changes. Copying
statements is useful when you are configuring many physical or logical interfaces
of the same type.
The rename command is a convenient shortcut when you need to alter the value of a user-defined variablesuch as
policy names, filter names, and IP addressesor to change the name of a user-defined element.
The examples on this slide illustrate a very useful technique for configuring similar interfaces, where only IP addresses
are different. First, you create an identical configuration of se-0/0/1 based on the se-0/0/2 interface using the copy
command. Then, you change the IP address of the newly created se-0/0/1 interface by deleting the IP address of the
copied se-0/0/2 interface and setting the IP address for the se-0/0/1 interface, which is 10.0.36.2/24 in the example
shown on this slide. You could also use the rename command to change the IP address of the newly created
interface, thereby achieving the same result, as shown in the bottom example on this slide.
Slide 61
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 61
The pipe symbol lets you filter output in both operational and configuration modes. Pipe makes it possible to achieve
results such as: displaying specific information in a single command step, sending the output of one command as
input to another, or redirecting the output to a file, to name a few examples. The output of the command to the left of
the pipe symbol serves as input to the command or file to the right of the pipe.
The first example shown on this slide creates a file that stores the output of the request support information command
entered in operational mode by piping its output to a filename specified by the user.
In the second example on this slide, the pipe symbol, followed by count, counts the number of lines in the output.
These are only a few of the examples of what the pipe symbol can do.
Slide 62
<...OUTPUT TRIMMED...>
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 62
The run command lets you issue CLI operational mode commands while in configuration mode. Just add the keyword
run before any operational mode command that you want to execute while you are inside configuration mode.
As shown in the example on the slide, entering the run show interfaces command displays the output as if show
interfaces had been entered from operational mode. The example on this slide shows an abbreviated listing of the
output.
Slide 63
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 63
Juniper devices provide extensive on-board instrumentation that enables customers to proactively gather status
information. Self-monitoring allows continuous feedback and lets administrators capture information network-wide,
down to highly granular perspectives on the operations of the network. Junos OS-based platforms come with sufficient
processing power to collect and store critical operational data that help you to understand how a device operates in
normal conditions and where, when, and why changes occur.
Slide 64
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 64
The logging and tracing operations of the Junos OS allow administrators to find out about events that occur in the
devicenormal operations, as well as error conditions.
You can use the following tools to discover, trace, and analyze the sequence of events leading to network or device
issues for fast resolution:
System logging generates system log messages (syslog messages) for recording events that occur on the device,
including hardware and within the processes of the operating system. A few examples, among the thousands that
we can cite: an interface starting up, login failure, or hardware failure conditions.
Trace logging (also called traceoptions) provides a wide range of variables for observing network and system
events specific to operations, such as protocol operations. Note that traceoptions is similar to the debug function in
IOS. Examples of trace logging include BGP state changes, graceful restart events, and even tracking SNMP
operations and statistics. Trace logging is a valuable tool when you need to find out what is going on in your
device.
Slide 65
Actions
XML
ACTIVE
Configuration
Service Insight:
Proactive bug Network Director:
notifications and enables Management of campus and
data center switches/routers
On-Box Automation: thorough automated end-
of-life/end-of-support
Commit/Op/Event Scripts/Macros
impact analysis
Security Director:
scalable and responsive security
Off-Box Automation: management application that
Puppet Service Now: improves security policy
Chef Automated administration
Ansible troubleshooting client
Python that enables Juniper and many other easy-to-use
Ruby Juniper applications to optimize network
to quickly identify and
Perl JSS management for various domains
resolve a problem in
Java the customer's in service provider and enterprise
SLAX (Juise) network environments
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 65
Junos automation consists of a suite of tools used to automate operational and configuration tasks on network devices
running the Junos OS. The Junos automation tool kit is part of the standard Junos OS available on all switches,
routers, and security devices running Junos OS. Junos automation tools for on-box automation, which leverage the
native XML capabilities of the Junos OS, include commit scripts, operational scripts (op scripts), event policies and
scripts, and macros.
Junos automation simplifies complex configurations and reduces potential configuration errors. It saves time by
automating operational and configuration tasks. It also speeds troubleshooting and maximizes network uptime by
warning of potential problems and automatically responding to system events.
Junos automation can capture the knowledge and expertise of experienced network operators and administrators and
allow a business to leverage this combined expertise across the organization.
Where a Juniper Networks product does not provide an essential functionality in the creation or monitoring of a robust
automated network service, the Junos OS enables an interface, protocol, or API, or adds a third-party client to
integrate with a best-in-class product.
Slide 66
https://virtuallabs.juniper.net/
At this point, you should return to the Virtual Lab session you opened previously and complete the lab portion of this
section. When you are finished, return to this presentation and continue.
Slide 67
Section Summary
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 67
Slide 68
A. True
B. False
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 68
Slide 68
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 68
Slide 69
Junos OS Routing
2015 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Junos OS Routing
Slide 70
Section Objectives
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 70
Slide 71
Server Server
A B
Internet
User A
Router
User B Data Center
Switch
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 71
Routing, in its most basic form, is the process of moving data between Layer 3 networks. The sample topology on
shown on this slide consists of several Layer 3 networks, all connected by routers. Although routers are the most
common devices for performing routing operations, note that many switches and security devices also perform routing
operations. Note also that the Internet is actually a collection of many networks rather than a single network.
In this section, we will look at the required components of routing, and how devices running the Junos OS make
routing decisions.
Slide 72
Internet
Network 1
Network 2
User A
Router
gateway Data Center
User B
device
Switch
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 72
There are several components and concerns you need to consider to effectively implement routing between remote
networks. However, you can classify the various components and considerations into two primary requirementsan
end-to-end communications path and ensuring all Layer 3 devices within the communications path have the required
routing information.
In the example shown on this slide, you can see that a physical path exists between the two networks and the
Internet. As long as the physical path is configured and functioning correctly, the first requirement is satisfied.
For the second requirement, all Layer 3 devices participating in the communications path must have the necessary
routing information. The devices within the networks must have the proper gateway configured (the router that
connects to those networks as well as the Internet). The gateway device must determine the proper next hop for each
destination prefix for the transit traffic it receives. Devices running the Junos OS use the forwarding table, which is a
subset of information found in the routing table, to make this determination.
Slide 73
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 73
The Junos OS routing table consolidates prefixes from multiple routing information sources including various routing
protocols, static routes, and directly connected routes.
Forwarding Table
The router uses the active route for each destination prefix to populate the forwarding table. The forwarding table
determines the outgoing interface and Layer 2 rewrite information for each packet forwarded by a device running the
Junos OS.
Slide 74
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 74
The slide provides a summary of the common predefined routing tables you might see on a device running the Junos
OS.
Slide 75
Route Preference
Local 0
Static 5
OSPF internal 10
RIP 100
OSPF AS external 150
BGP (both EBGP and IBGP) 170 Less Preferred
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 75
Route Preference
The Junos OS uses route preference to differentiate routes received from different routing protocols or routing
information sources. Route preference is equivalent to administrative distance on equipment from other vendors such
as Cisco.
Slide 76
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 76
This slide shows the use of the show route command, which displays all route entries in the routing table. As identified
on the slide, all active routes are marked with an asterisk (*) next to the selected entry. Each route entry displays the
source from which the device learned the route, along with the route preference for that source.
The show route command displays a summary of active, holddown, and hidden routes. Active routes are the routes
the system uses to forward traffic. Holddown routes are routes that are in a pending state before the system declares
them as inactive. Hidden routes are routes that the system cannot use for reasons such as an invalid next-hop and
route policy.
You can also filter the output by destination prefix, protocol type, and other distinguishing attributes.
Slide 77
Routing
protocol OSPF
databases
Routing Forwarding
table table
Other routing
information Direct Static
sources
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 77
The forwarding table stores a subset of information from the routing table. Within the forwarding table, you can find the
details used by a device running the Junos OS to forward packets such as the learned destination prefixes and the
outgoing interfaces associated with each destination prefix. You use the show route forwarding-table CLI command to
view the forwarding table contents.
Note that the Junos OS kernel adds some forwarding entries and considers them permanent in nature. One such
example is the default forwarding entry, which matches all packets when no other matching entry exists. When a
packet matches this default forwarding entry, the device discards the packet and sends an ICMP destination
unreachable message back to the sender. If you configured a user-defined default route, it will be used by the device
instead of the permanent default forwarding entry.
Slide 78
Forwarding Plane
FT
Packets in Packets out
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 78
When a packet enters a device running the Junos OS, it compares that packet against the entries within the
forwarding table to determine the proper next hop. If the packet is destined to the local device, the Junos OS
processes the packet locally. If the packet is destined to a remote device and a valid entry exists, the device running
the Junos OS forwards the packet out the next-hop interface associated with the forwarding table entry.
If multiple destination prefixes match the packets destination, the Junos OS uses the most specific entry (also called
longest match) when forwarding the packet to its destination.
In situations where no matching entry exists, the device running the Junos OS responds to the source device with a
destination unreachable notification.
Slide 79
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 79
The Junos OS logically groups routing tables, interfaces, and routing protocol parameters to form unique routing
instances. The device logically keeps the routing information in one routing instance apart from all other routing
instances. The use of routing instances introduces great flexibility because a single device can effectively imitate
multiple devices.
Slide 80
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 80
The Junos OS creates a default unicast routing instance called the master routing instance. By default, the master
routing instance includes the inet.0 route table, which the device uses for IPv4 unicast routing. The software creates
other route tables, such as inet6.0, adds them to their respective routing instance, and displays them when required
by the configuration.
The Junos OS also creates private routing instances, which the device uses for internal communications between
hardware components. You can safely ignore these instances and their related information when planning your
network.
Slide 81
Note: Actual routing instance types vary between platforms running the
Junos OS; Check product documentation for actual support
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 81
For added flexibility, the Junos OS allows you to configure additional routing instances under the [edit routing-
instances] hierarchy. User-defined routing instances can be used for a variety of different situations and provide users
a great amount of flexibility in their respective environments.
We also commonly refer to filter-based forwarding (FBF) as policy-based routing (PBR). Some typical uses for user-
defined routing instances include filter-based forwarding (FBF), Layer 2 and Layer 3 VPN services, and system
virtualization.
Note that the actual routing instance types vary between platforms running the Junos OS. Be sure to check the
technical documentation for your specific product.
Slide 82
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 82
This slide illustrates a basic routing instance configuration example and points out some of the highlights. Note that
the routing instance name is user-defined.
Slide 83
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 83
Once you configure a routing instance and the device learns routing information within the instance, the Junos OS
automatically generates a route table. If you use IPv4 routing, the software creates an IPv4 unicast routing table. The
name of the IPv4 unicast route table uses the format instance-name.inet.0, where instance-name is the name of the
routing instance within the configuration. Likewise, if you use IPv6 within the instance, the software creates an IPv6
unicast routing table and it follows the format instance-name.inet6.0.
As illustrated on this slide, to view a routing table associated with a specific routing instance, you simply use the show
route table table-name CLI command.
Slide 84
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 84
You can filter many of the common outputs generated through CLI show commands by referencing the name of a
given routing instance. The first example shown on this slide shows a practical way of viewing interfaces that belong
to a specific routing instance.
You can also source traffic from a specific routing instance by referencing the name of the desired routing instance.
The last two examples on this slide show this option in action with the ping and traceroute utilities.
Slide 85
Static Routes
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 85
Static Routes
Static routes are used in a networking environment for multiple purposes, including a default route for the autonomous
system (AS) and as routes to customer networks. Unlike dynamic routing protocols, you manually configure the
routing information provided by static routes on each router or multilayer switch in the network. All configuration for
static routes occurs at the [edit routing-options] level of the hierarchy.
Static routes must have a valid next-hop defined. Often, that next-hop value is the IP address of the neighboring router
headed toward the ultimate destination. On point-to-point interfaces, you can specify the egress interface name rather
than the IP address of the remote device. Another possibility is that the next-hop value is the bit bucket. This phrase is
analogous to dropping the packet off the network. Within the Junos OS, the way to represent the dropping of packets
is with the keywords reject or discard. Both options drop the packet from the network. The difference between them is
in the action the device running the Junos OS takes after the drop action. If you specify reject as the next-hop value,
the system sends an ICMP message (the network unreachable message) back to the source of the IP packet. If you
specify discard as the next-hop value, the system does not send back an ICMP message, the system just drops the
packet silently.
By default, the next-hop IP address of static routes configured in the Junos OS must be reachable using a direct route.
Unlike with software from other vendors, the Junos OS does not perform recursive lookups of next hops by default.
Static routes remain in the routing table until you remove them or until they become inactive. One possible scenario in
which a static route becomes inactive is when the IP address used as the next hop becomes unreachable.
Slide 86
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 86
This slide illustrates the basic configuration syntax for IPv4 and IPv6 static routes. The slide also highlights the no-
readvertise option which prohibits the redistribution of the associated route through routing policy into a dynamic
routing protocol such as OSPF. We highly suggest that you use the no-readvertise option on static routes that direct
traffic out the management Ethernet interface and through the management network.
Note that IPv6 support varies between Junos OS platforms. Be sure to check the technical documentation for your
specific product for support information.
Slide 87
Monitoring
Use show route protocol static to display
static routes
user@host> show route protocol static
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 87
This slide shows the basic verification steps when determining proper operation of static routing. Use the show route
protocol static command to display static routes. The ping utility can be used to verify reachability.
Slide 88
Next-Hop Resolution
[edit routing-options]
user@Host-A# show Indirect next-hop
static {
route 172.20.3.0/24 {
next-hop 172.25.1.6;
resolve; resolve option required
}
}
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 88
Next-Hop Resolution
By default, the Junos OS requires that the next-hop IP address of static routes be reachable using a direct route.
Unlike software from other vendors, the Junos OS does not perform recursive lookups of next hops by default.
As illustrated on this slide, you can alter the default next-hop resolution behavior using the resolve CLI option. In
addition to the resolve CLI option, a route to the indirect next-hop is also required. Indirect next-hops can be resolved
through another static route or through a dynamic routing protocol. We recommend, whenever possible, that you use
a dynamic routing protocol as your method of resolution. Using a dynamic routing protocol rather than a static route to
resolve indirect next-hops, dynamically removes the static route if the indirect next-hop becomes unavailable.
Slide 89
Qualified Next-Hops
Use qualified-next-hop to allow independent
preference for static routes to the same destination
172.30.25.0/30
ge-0/0/1
.2 primary .1
Network A
172.29.100.0/24 Internet
.1 .6 secondary .5
se-1/0/0
172.30.25.4/30
[edit routing-options]
user@host# show Primary next-hop due to
static { default route preference (5)
route 0.0.0.0/0 {
next-hop 172.30.25.1;
qualified-next-hop 172.30.25.5 {
preference 7;
} Secondary next-hop due to
} configured route preference (7)
}
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 89
Qualified Next-Hops
The qualified-next-hop option allows independent preferences for static routes to the same destination. This slide
shows an example using the qualified-next-hop option.
In the example configuration shown on this slide, the 172.30.25.1 next-hop assumes the default static route
preference of 5, whereas the qualified 172.30.25.5 next-hop, uses the defined route preference of 7. All traffic using
this static route uses the 172.30.25.1 next-hop unless it becomes unavailable. If the 172.30.25.1 next-hop becomes
unavailable, the device uses the 172.30.25.5 next-hop. Some vendors refer to this implementation as a floating static
route.
Slide 90
Dynamic Routing
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 90
Dynamic Routing
Static routing is ideal in small networks where only a few routes exist, or in networks where absolute control of routing
is required. However, static routing has certain drawbacks that might make it cumbersome and hard to manage in
large environments where growth and change are constant. For large networks or networks that change regularly,
dynamic routing might be the best option.
With dynamic routing, you simply configure the network interfaces to participate in a routing protocol. Devices running
routing protocols can dynamically learn routing information from each other. When a device adds or removes routing
information for a participating device, all other devices automatically update.
Dynamic routing resolves many of the limitations and drawbacks of static routing. Some of the general benefits of
dynamic routing include the following:
Lower administrative overhead: The device learns routing information automatically, which eliminates the need for
manual route definition;
Increased network availability: During failure situations, dynamic routing can reroute traffic around the failure
automatically (the ability to react to failures when they occur can provide increased network uptime); and
Greater network scalability: The device easily manages network growth by dynamically learning routes and
calculating the best paths through a network.
Slide 91
IGP
IBGP
AS 64512 AS 65535
AS = Autonomous system
EBGP = External BGP
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 91
Although there are many types of routing protocols, two major categories are in widespread use in todays IP
networkinterior gateway protocols (IGPs) and exterior gateway protocols (EGPs).
IGPs distribute routing information to routers within an autonomous system (AS). Examples include RIP, OSPF, and
IS-IS.
EGPs distribute routing information to routers that connect separate autonomous systems. BGP is the current EGP in
use today.
Slide 92
OSPF Protocol
AS 64512
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 92
OSPF Protocol
OSPF is a link-state routing protocol designed for use within an AS. OSPF is an IGP. Link-state protocols allow for
faster reconvergence, support larger internetworks, and are less susceptible to bad routing information than distance-
vector protocols. It is common to refer to distance-vector protocols learning as learning by rumor, where a router
learns about prefixes from neighboring routers perspectives. Routers using link-state routing protocols learn network
topology by propaganda, where they learn the topology from all the routers directly.
Devices running OSPF send out information about their network links and the state of those links to other routers in
the AS. This information transmits reliably to all other routers in the AS by means of link-state advertisements (LSAs).
The other routers receive this information, and each router stores it locally. This total set of information now contains
all possible links in the network.
In addition to flooding LSAs and discovering neighbors, a third major task of the link-state routing protocol is
establishing the link-state database. The link-state (or topological) database stores the LSAs as a series of records.
The important information for the shortest path determination process is the advertising routers ID, its attached
networks and neighboring routers, and the cost associated with those networks or neighbors.
OSPF uses the shortest-path-first (SPF) algorithm (also called the Dijkstra algorithm) to calculate the shortest paths to
all destinations. It does this calculation by calculating a tree of shortest paths incrementally and picking the best
candidate from that tree.
OSPF uses areas to allow for a hierarchical organization and facilitate scalability. An OSPF area is a logical group of
routers. The software can summarize the routing information from an OSPF area and the device can pass it to the rest
of the network. Areas can reduce the size of the link-state database on an individual router. Each OSPF router
maintains a separate link-state database for each area to which it is connected. The link-state database for a given
area is identical for all participating routers within that area.
To ensure correct routing knowledge and connectivity, OSPF maintains a special area called the backbone area.
OSPF designates the backbone area as Area 0.0.0.0. All other OSPF areas must connect themselves to the
backbone for connectivity. All data traffic between OSPF areas must transit the backbone.
Slide 93
.9 .6
Host-C
lo0: 192.168.100.3/32 .1
172.20.3.0/24
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 93
Over the next several slides, we will take a look at a case study example. This slide provides the objective and sample
topology used in this case study.
Slide 94
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 94
Note that you must include the lo0 interface if you want the associated IP address (or IP addresses) advertised into
OSPF. Prior to Junos OS Release 8.5, the IP address associated with the lo0 interface was automatically advertised
into OSPF as a router link-state advertisement (LSA).
This slide illustrates the required OSPF configuration for Host-A. Although not shown, Host-B and Host-C require a
similar OSPF configuration to establish adjacencies and share routing information.
Slide 95
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 95
This slide shows the CLI command used to determine OSPF adjacencies. In the sample output on this slide, you can
see that Host-A has formed adjacencies with both Host-B and Host-C.
Slide 96
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 96
The slide illustrates the show route protocol ospf command, which displays OSPF routes learned by Host-A. Note that
Host-A does not actually install its directly connected subnets in its route table as OSPF routesit installs them as
direct routes.
Slide 97
https://virtuallabs.juniper.net/
At this point, you should return to the Virtual Lab session you opened previously and complete the lab portion of this
section. When you are finished, return to this presentation and continue.
Slide 98
Section Summary
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 98
Slide 99
A. Administrative distance
B. Route hierarchy
C. Destination table
D. Routing table
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 99
Slide 99
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 99
Slide 100
Junos OS Adoption
2015 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
Junos OS Adoption
Slide 101
Section Objectives
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 101
Slide 102
Do any of your customers have only one vendor in their network? Most likely, they use multiple vendors. Just as most
of your customers likely have multiple vendors for servers, storage, and other IT systems, they want the flexibility to
use multiple vendors in the network. It is likely that their migration to Juniper solutions will occur over time. So the
ease in which the Junos OS interoperates and integrates into existing infrastructure is essential.
Juniper engineers have long been involved with industry organizations in building open standards for interoperability.
For example, Junos developers have been at the forefront of defining and implementing MPLS applications, next-
generation multicast VPN architectures, and high-availability features such as non-stop active routing and in-service
software upgrades.
Junos supports hundreds of networking protocolsstandards such as spanning tree, LLDP, OSPF, BGP, IPv6, and
MPLS, to name just a few. Nonetheless, the practicalities of interoperability require that Juniper goes beyond simply
implementing the standards. For example, filling in gaps in cases of differences in interpretation or where de-facto
standards are used. This practical approach is necessary to support the thousands of Junos OS customers.
Interoperability between Juniper and other large networking vendors has been proven several times over, in the best
possible way, with live network implementations in the largest networks over many years.
Slide 103
Proprietary Legacy
EIGRP IPX
PVST and PVST+ Appletalk
HSRP And so on...
WCCP
And so on...
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 103
A few organizations might still be running proprietary or legacy protocols within their network. In these cases, the
customer will either have to transition to modern standards or adopt one of the available methods of supporting these
protocols over a standards-based infrastructure. For example, there are various approaches to simultaneously running
EIGRP and OSPF in legacy routers to support a long term transition to OSPF. By moving to open standards,
organizations benefit from the collective innovation of the industry. Open standards generally offer a broader set of
capabilities than protocols developed exclusively by one vendor.
Slide 104
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 104
Operations teams use tens, sometimes hundreds, of different tools to manage their networks, for examples tools for
inventory, configuration, provisioning, monitoring, and managing faults. Many are home grown while others are
purchased from one of the many independent software vendors who develop network management products. Juniper
works in close partnership with these vendors to integrate management of Junos into their solutions.
Juniper streamlines integration of partner and customer systems by providing a number of open, standard interfaces
in the Junos OS. In addition to the CLI, standardized system logging messages, SNMP interfaces, and on-board
instrumentation systems, the Junos OS also provides an XML (eXtensible Markup Language) interface. All these open
options let network management tools interact with the Junos OS in a reliable and predictable way.
Slide 105
Customers migrating
from Cisco to Juniper?
ScreenOS to Junos OS?
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 105
Are your customers migrating from Cisco to Juniper? Ease the transition with the I2J translator tool, a configuration
translator that converts Cisco IOS software configurations to Junos OS configurations. Juniper also provides tools for
ScreenOS to JunosOS translation and many other resources on the Juniper support site at the links shown on the
slide. A login is required.
Slide 106
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 106
There are a number of ways to get started using the Junos OS. Information on presales and post sales training and
certifications are available in the Partner Center. Certification training is available, from new user level to the expert
level. We also offer a Fast Track program for those who are already familiar with other vendors products. This
program will offer the student discounts and time savings in certifying on the Junos OS.
Juniper also offers several publications including Day One downloads (available for e-readers as well as in PDF
format), and a full technical library of books from the publisher OReilly.
Training materials can be found at the links shown on the slide. A login will be needed for some of these resources.
Slide 107
Section Summary
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 107
Slide 108
A. True
B. False
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 108
Slide 109
Course Summary
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 109
Slide 110
Additional Resources
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 110
For additional resources or to contact the Juniper Networks eLearning team, click the links on the screen.
Slide 111
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 111
You have reached the end of this Juniper Networks eLearning module. You should now return to your Juniper
Learning Center to take the assessment and the student survey. After successfully completing the assessment, you
will earn credits that will be recognized through certificates and non-monetary rewards. The survey will allow you to
give feedback on the quality and usefulness of the course.
Slide 112
2015 Juniper Networks, Inc. All rights reserved. CONFIDENTIAL SSFJUN01J-ML5 www.juniper.net | 112
All rights reserved. JUNIPER NETWORKS, the Juniper Networks logo, JUNOS, QFABRIC, NETSCREEN, and
SCREENOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other
trademarks, service marks, registered trademarks, or registered service marks are the property of their respective
owners. Juniper Networks reserves the right to change, modify, transfer or otherwise revise this publication without
notice.
Slide 113
CONFIDENTIAL
Co rp o rat e and Sales Head q uart ers APAC Head q uart ers EM EA Head q ua rt ers Copyright 20 10 Junip er Net w orks, Inc.
All right s reserved. Junip er Net w o rks,
Junip er Net w orks, Inc. Junip er Net w orks ( Ho ng Kong) Junip er Net w orks Ireland t he Junip er Net w orks lo go, Juno s,
119 4 Nort h Mat hild a Avenue 26 / F, Cit yp laza One Airsid e Business Park Net Screen, and ScreenOS are regist ered
Sunnyvale, CA 9 4 0 8 9 USA 1111 Kings Ro ad Sw ord s, Co unt y Dub l in, Ireland t rad em arks of Junip er Net w o rks, Inc. in
Phone: 8 8 8 .JUNIPER Taikoo Shing, Ho ng Kong Phone: 35 .31.8 9 0 3.6 0 0 t he Unit ed St at es and ot her count ries.
( 8 8 8 .5 8 6 .4737) Phone: 8 5 2.2332.36 36 EMEA Sales: 0 0 8 0 0 .4 58 6 .4737 All o t her t rad em arks, service m arks,
or 4 0 8 .74 5 .20 0 0 Fax: 8 5 2.2574 .78 0 3 Fax: 35 .31.8 9 0 3.6 0 1 regist ered m arks, or regist ered service
Fax: 4 0 8 .74 5.210 0 m arks are t he p ro p ert y of t heir
w w w.junip er.net resp ect ive ow ners. Junip er Net w orks
assum es no resp o nsib ilit y f or any
inaccuracies in t his d o cum ent . Junip er
Net w orks reserves t he right t o change,
m o d if y, t ransf er, o r ot herw ise revise t his
p ub l icat ion w it hout not ice.