Walter Goralski Cathy GadeckiMichael Bushong

Learn to:• Work with the Junos network

operating system

• Set up and configure a Juniper Networks device and add security

• Connect, manage, and troubleshoot routers and other Juniper appliances

• Make your network more efficient

Junos® OS2nd Edition

Making Everything Easier!™

“Mike, Cathy, and Walter have managed to synthesize the key principles that are fundamental to the One Junos concept of running and operating Juniper Network devices with a single, unified, robust, and operator-friendly operating system. If you want to know something about the network OS that is driving the New Network, start here.”

– Michel Langlois, Senior Vice President, Junos Software, Juniper Networks

Open the book and find:

• How to set up Junos devices

• The ten most-used Junoscommands

• How to save time with J-Web

• Suggestions for effective monitoring methods

• How to deploy a router, an EX switch, and an SRX

• Ways that Junos can help secure your network

• How to construct routing policies

• Ten tips for migrating from another network OS

Walter Goralski is a Senior Staff Engineer and technical writer at Juniper

Networks. He has worked in the networking field for more than 40 years.

Cathy Gadecki is coauthor of the first edition of Junos For Dummies.

Michael Bushong is a Senior Director of Product Strategy at Juniper

Networks driving Junos software strategy.

$29.99 US / $35.99 CN / £21.99 UK

ISBN 978-0-470-89189-6

Computers/Networking/General

Go to Dummies.com®

for videos, step-by-step examples, how-to articles, or to shop!

Here’s just what you need to get your network running smoothly and securely on Junos®

As a network operating system, Junos is all about keeping your network secure and avoiding downtime. This book is all about how Junos works, how to configure it and add key services, and how to connect, manage, and troubleshoot routers and other Juniper appliances. It even shows you how to enhance security and make your network more efficient.

• Jump right in — explore the Junos CLI and work with the operational and configuration modes

• The great migration — see how to migrate your LAN, IGP, and security policies from IOS

• Get serious about security — explore the default security features in Junos, monitor who’s logged on, and don’t forget physical security

• Make the network hum — work with the Border Gateway Patrol, enable Class of Service, and know when to use Multi Protocol Level Switching

• Keep it out of trouble — monitor network operations so you can identify and fix problems when they arise

Junos® O

SGoralski Gadecki Bushong

2nd Edition

Start with FREE Cheat SheetsCheat Sheets include • Checklists • Charts • Common Instructions • And Other Good Stuff!

Get Smart at Dummies.com Dummies.com makes your life easier with 1,000s of answers on everything from removing wallpaper to using the latest version of Windows.

Check out our • Videos • Illustrated Articles • Step-by-Step Instructions

Plus, each month you can win valuable prizes by entering our Dummies.com sweepstakes. *

Want a weekly dose of Dummies? Sign up for Newsletters on • Digital Photography • Microsoft Windows & Office • Personal Finance & Investing • Health & Wellness • Computing, iPods & Cell Phones • eBay • Internet • Food, Home & Garden

Find out “HOW” at Dummies.com

*Sweepstakes not currently available in all countries; visit Dummies.com for official rules.

Get More and Do More at Dummies.com®

To access the Cheat Sheet created specifically for this book, go to www.dummies.com/cheatsheet/junos Mobile Apps

There’s a Dummies App for This and ThatWith more than 200 million books in print and over 1,600 unique titles, Dummies is a global leader in how-to information. Now you can get the same great Dummies information in an App. With topics such as Wine, Spanish, Digital Photography, Certification, and more, you’ll have instant access to the topics you need to know in a format you can trust.

To get information on all our Dummies apps, visit the following:

www.Dummies.com/go/mobile from your computer.

www.Dummies.com/go/iphone/apps from your phone.

Junos® OSFOR

DUMmIES‰

2ND EDITION

Walter Goralski, Cathy Gadecki,and Michael Bushong

Junos® OSFOR

DUMmIES‰

2ND EDITION

Junos® OS For Dummies®, 2nd EditionPublished by John Wiley & Sons, Inc. 111 River Street Hoboken, NJ 07030-5774 www.wiley.com

Copyright © 2011 by John Wiley & Sons, Inc., Hoboken, New Jersey

Published by John Wiley & Sons, Inc., Hoboken, New Jersey

Published simultaneously in Canada

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Trademarks: Wiley, the Wiley logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission. Junos is a registered trademark of Juniper Networks, Inc. in the United States and other countries. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.

For general information on our other products and services, please contact our Customer Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002.

For technical support, please visit www.wiley.com/techsupport.

Wiley also publishes its books in a variety of electronic formats and by print-on-demand. Not all content that is available in standard print versions of this book may appear or be packaged in all book formats. If you have purchased a version of this book that did not include media that is referenced by or accompanies a standard print version, you may request this media by visiting http://booksupport.wiley.com. For more information about Wiley products, visit us www.wiley.com.

Library of Congress Control Number: 2011937920

ISBN 978-0-470-89189-6 (pbk); ISBN 978-1-118-17373-2 (ebk); ISBN 978-1-118-17372-5 (ebk); ISBN 978-1-118-17374-9 (ebk)

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1

About the AuthorsWalter Goralski: Walter Goralski is a Senior Staff Engineer and Technical Writer at Juniper Networks, Inc. He has been involved in the networking field for more than forty years. His career has also included fifteen years as an Adjunct Professor at Pace University Graduate School of CS&IS. He is the author of more than ten books on networking topics, including a bestsell-ing book on SONET/SDH. He is currently documenting Juniper Networks’ MobileNext line of products.

Cathy Gadecki: Supporting Junos product marketing for over four years at Juniper Networks, Ms. Gadecki has more than 20 years in marketing and product management positions with a focus on creating new markets for network equipment and services, for both startup and established firms. Ms. Gadecki is the co-author of ATM For Dummies (John Wiley & Sons, Inc.), which has been reprinted seven times and published in multiple languages. She earned her master’s degree in electrical engineering from the Georgia Institute of Technology with a focus on data communications.

Michael Bushong: A Senior Product Manager at Juniper Networks, Michael is tasked with managing Junos software. Michael has spent the past seven years working at Juniper Networks in several capacities. Originally hired to train Junos engineers on architectural, design, and application principles, Michael developed detailed materials covering everything from software architecture to broader applications deployed using Junos software. Michael has since transitioned to product management, where he has focused on the constant evolution of the operating system, spearheading major infrastructure efforts designed to scale the operating system to meet tomorrow’s needs. Having majored in mechanical engineering with a specialized focus on advanced fluid mechanics and heat transfer, Michael began his professional career work-ing on research in aerodynamics. He has since spent time with databases at Sybase and, more recently, in ASIC design tools at both Synopsis and Magma Design Automation.

DedicationWalter Goralski: To my wife Camille, the backbone of support in all my accomplishments.

Cathy Gadecki: To Steve and our five children.

Michael Bushong: To Stacy Prager, now Stacy Bushong, but not when I began writing the book. Thank you, Patrick Ames. And to Chloe and, of course, to Steve and Linda Bushong.

Authors’ AcknowledgmentsThe authors wish to thank the many people who helped bring about this book. Our in-house editor for both editions, Patrick Ames encouraged, guided, and coached us in so many different ways. Jonathan Looney helped with many suggestions and edits for our first edition. Our lead technical editor to the first edition, Mario Puras, tested and confirmed our configura-tions and output. A large group of Juniper field engineers reviewed the first edition and made invaluable suggestions for improvement: Pedro Cutillas, Christian Graf, Joe Green, Imran Khan, Stefan Lager, and Michael Pergament. On security matters, insight from Barney Sanchez helped us in how to present the new security topics included in the second edition, while Monear Jalal reviewed the first edition. On matters of switching, Yong Kim and David Nguyen helped us in how to present the new switching topics; Kishore Inampudi assisted in the Q-Fabric content; and Lenny Bonsall, Bobby Guhasarkar, Joseph Li, and Michael Peachy shared their expertise for our first edition. Other key subject matter experts checked our work and took our phone calls: Daniel Backman, David Boland, Atif Khan, Kannan Kothandaram, Mike Marshall, Ananth Nagarajan, Brian Pavane, Naren Prabhu, Doug Radcliff, Alan Sardella, and Don Wheeler.

We also wish to thank our John Wiley & Sons, Inc. editors, Katie Feltman, Colleen Totz Diamond, and Melba Hopper.

Publisher’s AcknowledgmentsWe’re proud of this book; please send us your comments at http://dummies.custhelp.com. For other comments, please contact our Customer Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002.

Some of the people who helped bring this book to market include the following:

Acquisitions, Editorial

Project Editor: Colleen Totz Diamond

Sr. Acquisitions Editor: Katie Feltman

Copy Editor: Melba Hopper

Technical Editor: Juniper Networks

Editorial Manager: Jodi Jensen

Editorial Assistant: Amanda Graham

Sr. Editorial Assistant: Cherie Case

Cover Photo: © iStockphoto.com / Cary Westfall

Cartoons: Rich Tennant (www.the5thwave.com)

Composition Services

Project Coordinator: Nikki Gee

Layout and Graphics: Corrie Socolovitch

Proofreaders: Melissa Cossell, Evelyn Wellborn

Indexer: BIM Indexing & Proofreading Services

Publishing and Editorial for Technology Dummies

Richard Swadley, Vice President and Executive Group Publisher

Andy Cummings, Vice President and Publisher

Mary Bednarek, Executive Acquisitions Director

Mary C. Corder, Editorial Director

Publishing for Consumer Dummies

Kathy Nebenhaus, Vice President and Executive Publisher

Composition Services

Debbie Stailey, Director of Composition Services

Contents at a GlanceIntroduction ................................................................ 1

Part I: Discovering Junos OS ......................................... 7Chapter 1: Junos Is Everywhere You Need to Be........................................................... 9Chapter 2: Jumping Into Junos ....................................................................................... 19Chapter 3: Operating Your Network with Junos .......................................................... 39Chapter 4: Migrating to Junos ........................................................................................ 55

Part II: Setting Up Junos OS ....................................... 67Chapter 5: Configuring the Device with the CLI and J-Web ........................................ 69Chapter 6: Setting Up Junos Devices ............................................................................. 91Chapter 7: Managing Your Network with Junos OS................................................... 109Chapter 8: Monitoring Junos ........................................................................................ 127Chapter 9: Securing Your Junos OS Devices .............................................................. 147

Part III: Deploying a Device ..................................... 165Chapter 10: Deploying a Router ................................................................................... 167Chapter 11: Deploying an EX Switch ........................................................................... 185Chapter 12: Deploying Security with the SRX ............................................................ 207

Part IV: Running a Junos Network ............................ 227Chapter 13: Working with Border Gateway Control .................................................. 229Chapter 14: Working with Router Policies .................................................................. 255Chapter 15: Enabling Class of Service ......................................................................... 277Chapter 16: Using Multi-Protocol Level Switching .................................................... 303Chapter 17: Operating and Troubleshooting Your Network .................................... 325

Part V: The Part of Tens ........................................... 345Chapter 18: Ten Most Used Junos Commands .......................................................... 347Chapter 19: Ten Migration Tools ................................................................................. 353Chapter 20: Ten Help Resources.................................................................................. 359

Index ...................................................................... 363

Table of ContentsIntroduction ................................................................. 1

About This Book .............................................................................................. 2Conventions Used in This Book ..................................................................... 2Foolish Assumptions ....................................................................................... 2How This Book Is Organized .......................................................................... 3

Part I: Discovering Junos OS................................................................. 3Part II: Setting Up Junos OS .................................................................. 3Part III: Deploying a Device .................................................................. 3Part IV: Running a Junos Network ...................................................... 3Part V: The Part of Tens ........................................................................ 4

Icons Used in the Book ................................................................................... 4Where to Go from Here ................................................................................... 4

Part I: Discovering Junos OS .......................................... 7

Chapter 1: Junos Is Everywhere You Need to Be . . . . . . . . . . . . . . . . . . .9Functions of a Network OS ............................................................................. 9

Control functions ................................................................................. 10Service functions.................................................................................. 10Forwarding functions .......................................................................... 11

Taking Advantage of One Network OS ........................................................ 11Taking a Peek Inside the Junos OS .............................................................. 12

World-class architecture..................................................................... 12Plain smart: The planes of Junos OS ................................................. 13That’s not a problem: The many benefits of

modular architecture ....................................................................... 14Developing Junos OS ..................................................................................... 15Beyond the OS ................................................................................................ 16

Junos Space .......................................................................................... 17Junos Pulse ........................................................................................... 17

Chapter 2: Jumping Into Junos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19Jumpstart Instructions .................................................................................. 19Command-Line Essentials ............................................................................. 21

A tale of two command modes ........................................................... 22Knowing your location in the CLI ...................................................... 23Saving time with typing shortcuts ..................................................... 25Getting help .......................................................................................... 27

Junos OS For Dummies, 2nd Edition xivDefining How You Want Devices to Work .................................................. 28

Understanding the configuration process ........................................ 28Creating and editing the configuration ............................................. 30Committing your configuration .......................................................... 31

Going Back to a Prior Configuration ........................................................... 34Rolling back to a past configuration .................................................. 34Verifying the restored configuration ................................................. 35

This Way to the Exit ...................................................................................... 36

Chapter 3: Operating Your Network with Junos . . . . . . . . . . . . . . . . . .39Exploring Operational Mode ........................................................................ 39

Understanding the command hierarchy ........................................... 39Recognizing common utility commands ........................................... 43

Displaying Output .......................................................................................... 43Choosing your format ......................................................................... 44Tell me more ......................................................................................... 44Using the pipe command tool ............................................................ 45

Using Onboard Instrumentation Tools ....................................................... 47Monitoring the operations of your network .................................... 48Logging and tracing events ................................................................. 48Applying onboard automation ........................................................... 49

Exploring Junos Space .................................................................................. 50Service Now .......................................................................................... 50Service Insight ...................................................................................... 51Route Insight ........................................................................................ 51

Using the System Software ........................................................................... 51Restarting and requesting system-wide functions .......................... 51Upgrading to new releases ................................................................. 52

Chapter 4: Migrating to Junos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55Collapsing Switching Layers ........................................................................ 55

Mountains of gear ................................................................................ 56Collapsing to a two-layer network ..................................................... 56Virtual Chassis technology for collapsing layers ............................ 57

Scaling the Access Switching Layer ............................................................ 57Top or end of row ................................................................................ 57Best of both design options ................................................................ 58Virtual Chassis technology for scaling data center networks ....... 58

Speeding Up the Data Center Network ....................................................... 59A need for speed .................................................................................. 59Collapsing to a single layer network ................................................. 60QFabric as a one layer backbone ...................................................... 60

Securing the Infrastructure .......................................................................... 61Inbound and outbound threats .......................................................... 61Meeting new security needs ............................................................... 62Juniper security solutions .................................................................. 62

xv Table of Contents

About the Devices Running Junos ............................................................... 63Routers .................................................................................................. 63Switches ................................................................................................ 64Security Devices ................................................................................... 66

Part II: Setting Up Junos OS ........................................ 67

Chapter 5: Configuring the Device with the CLI and J-Web . . . . . . . . .69Installing the Hardware and Software ......................................................... 69

Installing hardware for the MX80 ...................................................... 70Installing hardware for the MX960 .................................................... 71Installing software for your network ................................................. 71

Connecting to the Junos OS ......................................................................... 72Console connection ............................................................................. 73CLI interface.......................................................................................... 73J-Web interface ..................................................................................... 73

Configuring Junos OS Devices with the CLI ............................................... 74Getting the configuration information .............................................. 75Configuring the device ........................................................................ 75

Displaying set Commands ............................................................................ 79Making Changes to the Junos OS Configuration . . . Faster ...................... 80

Renaming a section of the configuration ......................................... 80Copying parts of the configuration .................................................... 81Replacing a part of the configuration ................................................ 82Inserting a configuration statement .................................................. 83

Archiving Configurations .............................................................................. 83Using the rollback command.............................................................. 83Restoring the full archive.................................................................... 84Archiving manually from a server ..................................................... 85Creating and saving configurations ................................................... 86

Configuring Junos OS Devices with J-Web ................................................. 86

Chapter 6: Setting Up Junos Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . .91Understanding the Initial Configuration ..................................................... 91Setting Up System Options ........................................................................... 92

Configuring syslogs.............................................................................. 93Tracing routing events ........................................................................ 95

Configuring User Accounts ........................................................................... 95Local user configuration ..................................................................... 97Authentication server user configuration ........................................ 98User configuration and permissions ................................................. 99

Configuring the Management and Loopback Interfaces ........................... 99Knowing the physical and logical interface properties ................ 100Configuring the management interface .......................................... 101Configuring the loopback interface ................................................. 101

Junos OS For Dummies, 2nd Edition xviConfiguring Network Interfaces ................................................................. 102

Configuring other Gigabit Ethernet properties .............................. 104Configuring Other Options ......................................................................... 105

Configuring a banner for login ......................................................... 105Setting the time and time zone ........................................................ 107

Logging Out .................................................................................................. 107

Chapter 7: Managing Your Network with Junos OS . . . . . . . . . . . . . .109Choosing a Management Interface ............................................................ 109Setting Up Out-of-Band Management ........................................................ 111Setting Up In-Band Management ................................................................ 111Accessing the Device .................................................................................. 113

Accessing your device with Telnet .................................................. 113Accessing your device with SSH ...................................................... 114

Managing Devices with Simple Network Management Protocol ........... 115Monitoring a Device with System Logging ............................................... 118

Digging into syslog messages ........................................................... 119Mood music: Turning on logging ..................................................... 121Viewing syslog messages .................................................................. 122Filtering syslog to different files....................................................... 122Refining your access to events......................................................... 123Managing your log files ..................................................................... 124

Monitoring a Device Using Trace Logging ................................................ 125

Chapter 8: Monitoring Junos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127Checking Host-to-Host ................................................................................ 127Tracerouting the Network .......................................................................... 130Using Diagnostic Commands ..................................................................... 132

Monitoring your interfaces ............................................................... 132Monitoring your routing information .............................................. 137

Keeping an Eye on Latency ........................................................................ 143Real-time performance monitoring.................................................. 143Configuring RPM ................................................................................ 144Monitoring RPM tests ........................................................................ 145

Chapter 9: Securing Your Junos OS Devices . . . . . . . . . . . . . . . . . . . .147Stop! Physical Security ................................................................................ 148Go! Junos Default Security Features .......................................................... 148

Encryption and hashing algorithms ................................................ 150Tighten the root login account ........................................................ 150

Checking Who’s on the Router .................................................................. 152Knowing who’s logged in .................................................................. 152Figuring out who’s configuring......................................................... 152

Logging Out .................................................................................................. 154

xvii Table of Contents

Controlling SSH and Telnet Access to the Router ................................... 154Limiting Traffic on Router Interfaces ........................................................ 157Protecting the Routing Engine: A More Complete Strategy ................... 158Securing Routing Protocols ........................................................................ 160

Securing RIP ........................................................................................ 161Securing IS-IS and OSPF ..................................................................... 161Securing OSPF .................................................................................... 161Authenticating BGP peers ................................................................. 162Enabling authentication on MPLS signaling protocols ................. 162

Part III: Deploying a Device ...................................... 165

Chapter 10: Deploying a Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167Understanding Network Routing ............................................................... 167

Dynamic routing protocols ............................................................... 169Routing tables .................................................................................... 170Choosing the best route .................................................................... 172Choosing the Next Hop ..................................................................... 173

Routing, Bridging, and Switching .............................................................. 174Layer 2: Bridging ................................................................................ 174Layer 3: Routing ................................................................................. 175(Layer 2) Switching ............................................................................ 176

Running RIPv2 .............................................................................................. 177Running OSPF .............................................................................................. 178

Dividing an OSPF network into areas .............................................. 179Configuring and monitoring OSPF ................................................... 180

Running IS-IS ................................................................................................ 181Using IS-IS addresses only when needed ........................................ 182Minding your IS-IS areas .................................................................... 183Configuring and monitoring IS-IS ..................................................... 183

Chapter 11: Deploying an EX Switch . . . . . . . . . . . . . . . . . . . . . . . . . . .185Ethernet, VLANs, and Juniper EX-Series Switches .................................. 185

Understanding Ethernet .................................................................... 186Understanding VLANs ....................................................................... 187Understanding LAN Switches ........................................................... 188

Setting Up the Switch .................................................................................. 188Racking the switch ............................................................................. 189Configuring the switch initially ........................................................ 189Plugging devices into the switch ..................................................... 190Connecting switches ......................................................................... 190

Segmenting a LAN with VLANs .................................................................. 192Configuring the default VLAN ........................................................... 192Configuring more VLANs................................................................... 194

Junos OS For Dummies, 2nd Edition xviiiTrunking together VLANs ................................................................. 196Controlling access to VLANs ............................................................ 197

Interconnecting Switches with Virtual Chassis ....................................... 200Going virtual ....................................................................................... 200Providing redundancy with Virtual Chassis ................................... 203

Using the Switch as a Router ..................................................................... 205Connecting to the Internet ................................................................ 205Connecting to a router in your LAN ................................................ 206

Chapter 12: Deploying Security with the SRX . . . . . . . . . . . . . . . . . . . .207Setting Up the SRX ....................................................................................... 207

Accessing the services gateway ....................................................... 208Using the Network and Security Manager ...................................... 208Initial SRX console access................................................................. 208

Understanding Flow Processing ................................................................ 210Managing the System .................................................................................. 213

Security zones .................................................................................... 213Security zones and interfaces .......................................................... 214

Writing Basic Security Policies .................................................................. 215Multiple security policies ................................................................. 216Configuring address books ............................................................... 217Configuring services .......................................................................... 218Configuring the security policies ..................................................... 219Verifying the policies ........................................................................ 220

Configuring NAT Source Address Translation ......................................... 221Major NAT options ............................................................................ 221NAT configuration .............................................................................. 222

Part IV: Running a Junos Network ............................. 227

Chapter 13: Working with Border Gateway Control . . . . . . . . . . . . . .229An Island of Their Own: Autonomous Systems ....................................... 229Making AS Connections .............................................................................. 230Configuring BGP ........................................................................................... 232Monitoring BGP ............................................................................................ 235

Knowing why you can’t ping ............................................................ 237Configuring routing policies that advertise routes ....................... 240Using next-hop self ............................................................................ 243Pinging to the loopbacks .................................................................. 245

Configuring Route Reflection ..................................................................... 246Route reflectors on large networks ................................................. 248Route reflector configuration ........................................................... 251Dual route reflectors for backup ...................................................... 252

xix Table of Contents

Chapter 14: Working with Router Policies . . . . . . . . . . . . . . . . . . . . . .255Constructing Routing Policies ................................................................... 255

Working with terms ........................................................................... 256Match conditions ............................................................................... 260Match actions ..................................................................................... 262Default actions ................................................................................... 264Application of policies ...................................................................... 265Evaluation of routing policies .......................................................... 267

Configuring Route Filters ............................................................................ 268Prefixes and prefix lengths ............................................................... 269Match types ........................................................................................ 269Match actions ..................................................................................... 271

Configuring an Aggregate Route ................................................................ 273

Chapter 15: Enabling Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . .277Knowing What Pieces a C0S Configuration Requires .............................. 278Classifying Inbound Traffic ......................................................................... 279

Differentiated Services Code Points (DSCP)................................... 281Configuring BA classifiers ................................................................. 284

Controlling Outbound Traffic ..................................................................... 290Scheduler configuration .................................................................... 290Shaping outbound traffic .................................................................. 291Setting up outbound buffers ............................................................. 294Configuring priority scheduling ....................................................... 295

Massaging BA Classifiers for Core Transit ............................................... 297Matching traffic based on the source address ............................... 297Matching traffic based on destination port .................................... 299Setting DSCP values for transit ........................................................ 299

Chapter 16: Using Multi-Protocol Level Switching . . . . . . . . . . . . . . .303Packet-Switched Networking ...................................................................... 303

Label switching .................................................................................. 305Label-switched paths ........................................................................ 306Label-switching routers .................................................................... 306Labels .................................................................................................. 307Label operations ................................................................................ 308

Establishing Label-Switched Paths ............................................................ 310Signaling Protocols ...................................................................................... 310Configuring RSVP-Signaled LSPs ................................................................ 311

Enabling MPLS and RSVP .................................................................. 312Enabling MPLS on your transit interfaces ...................................... 313Configuring an LSP ............................................................................. 314Verifying the LSPs .............................................................................. 315

Junos OS For Dummies, 2nd Edition xxPlacing Constraints on Packet Forwarding .............................................. 316

Reserving bandwidth on an LSP ...................................................... 317Verifying traffic using the LSP .......................................................... 321

Chapter 17: Operating and Troubleshooting Your Network . . . . . . . .325Identifying the Cause of Problems ............................................................ 325

System logging ................................................................................... 326SNMP polling ...................................................................................... 328SNMP traps ......................................................................................... 328CLI show commands ......................................................................... 329

Implementing Controlled Change .............................................................. 330Understanding Traffic Engineering ........................................................... 331Troubleshooting Your Network ................................................................. 332

Issues at Layer 1 and Layer 2 ........................................................... 333Issues at Layer 3 ................................................................................. 342End-to-end considerations ................................................................ 343

Part V: The Part of Tens ............................................ 345

Chapter 18: Ten Most Used Junos Commands . . . . . . . . . . . . . . . . . . .347Show Me the Version and Version Detail ................................................. 347Show Me the Chassis Hardware and Chassis Hardware Detail ............. 347Show Me and Confirm My Configuration .................................................. 348Back Up and Roll Back My Configurations ............................................... 348Show Me the Interfaces in the Device ....................................................... 349Give Me More Detail About the Interfaces ............................................... 349Show Me Something About Routing .......................................................... 349Give Me More Detail About Routing .......................................................... 350Show Me Something About Switching ...................................................... 351Show Me Details for Maintenance ............................................................. 351

Chapter 19: Ten Migration Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .353Junosphere Labs .......................................................................................... 353Juniper Documents ..................................................................................... 354Juniper Networks Books ............................................................................. 355Translators ................................................................................................... 355Installation Guides and Training ............................................................... 356J-Web ............................................................................................................. 356Junos Space Applications ........................................................................... 356Custom Commands ..................................................................................... 357Professional Services .................................................................................. 357

xxi Table of Contents

Chapter 20: Ten Help Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .359Using the Command-Line Interface Help Commands ............................. 359Using Juniper Networks Technical Publications ..................................... 360Joining J-Net Forums ................................................................................... 360Finding Videos and Webcasts .................................................................... 360Finding Books ............................................................................................... 361Using the Knowledge Base ......................................................................... 361Taking Certification Courses ...................................................................... 361Getting Support ............................................................................................ 362Contacting Customer Care ......................................................................... 362Contacting JTAC ......................................................................................... 362

Index ....................................................................... 363

Junos OS For Dummies, 2nd Edition xxii

Introduction

W elcome to Junos OS For Dummies. This book provides you with a handy reference for configuring and running Junos software on

Juniper Networks products. (We won’t bore you with how Junos got here, but you can discover more about Juniper Networks and the evolution of Junos software at www.juniper.net/company.)

More and more, Junos software is being deployed throughout the world running on Juniper Networks platforms designed for switching, routing, and security. You can find it in both the largest and the smallest service provider networks and in the networks at tens of thousands of offices, regional cam-puses, and data centers of enterprise organizations, as well as in the public sector and on educational campuses.

See whether you can identify with any of the following scenarios:

✓ In your branch offices: You may be updating your branch gateway with an integrated platform, Voice over IP (VoIP), supporting new users, or upgrading older switching, routing, or security infrastructure.

✓ In your headquarters or regional office campuses: You may be adding new users or deploying new or deploying VoIP, new web or upgrading older switching and routing infrastructures, or merging or migrating from other operating systems.

✓ In your metropolitan or wide area networks: You may be transitioning to new optical, Ethernet, or MPLS carrier services; building a new core for your metro, wide area, or data center backbone network; rolling out MPLS; or upgrading an older switching, routing, or security infrastructure.

✓ In your data centers: You may be looking for ways to reduce the power usage of your data center, collapse networking tiers and infrastructure, converge your data centers into fewer sites, deploy networking fabric, scale existing sites, or build out new data centers.

This book can help you with all these scenarios and a whole lot more. We offer this book as a fast and easy way to understand and use the Junos oper-ating system (OS) for all your network needs.

2 Junos OS For Dummies, 2nd Edition

About This BookWe wrote this book thinking that you’re probably a lot like us: too many proj-ects, with too little uninterrupted time. So, we created this book to help you do the following:

✓ Understand what Junos can do for you and how you can use it in your own network.

✓ Quickly use the CLI so that you can configure and change your network using the Junos OS.

✓ Deploy any networking device out of the box and onto your network in an hour or two. If it runs Junos, you’ll be able to do it.

✓ Run, operate, and maintain the Junos OS with high uptime, performance, and security over the long haul.

✓ Find easy access to a set of references about the many features and uses of Junos in your network.

Conventions Used in This BookJunos device output and configuration samples are printed in a monospace font. A bold monospace font within an output snippet indicates something that you, the user, key into the command-line interface (CLI) to launch the command and receive the subsequent output, such as this:

user@junos-router> show route

By the way, we don’t bold configuration samples, however, as the entire con-figuration would be a bolded series of lines.

This book is based on Junos 11.1. While newer software versions of Junos are always in the works, subsequent release versions don’t negate what you find out in this book; they extend the functionality of what you have learned.

Foolish AssumptionsWhen we wrote this book, we made a few assumptions about you. In essence, we assume that you do, or will, operate or administer a Junos device and need to configure, deploy, maintain, or troubleshoot it. And that means you probably fit within the following:

3 Introduction

✓ You are a network professional, although you don’t have to be one. Our objective is to get you up and running, so we don’t discuss the opera-tions of the protocols in detail.

✓ You may design or operate networks with devices running Junos soft-ware — or are about to, are considering it, or are just curious about what the Junos OS is all about.

✓ You may be coming from another network operating system, such as Cisco IOS, in which case, you’ve found a really good introduction to Junos and the day-to-day administration of the Juniper devices that run it.

✓ You may be a student entering the networking profession.

If you are any of these people, or a hybrid of them all, welcome. You’ve found the right book.

How This Book Is OrganizedThis book is divided into five parts with very practical names.

Part I: Discovering Junos OSThis part introduces the Junos OS that is used for switching, routing, MPLS, and security. It also includes a section on migrating from other platforms.

Part II: Setting Up Junos OSThis part helps you set up the basics of your network. You find out how to work with the command-line interface and discover the basic commands for routing, switching, and securing your device.

Part III: Deploying a Device In this part, we help you set up your router, switch, or security device to your network.

Part IV: Running a Junos Network In this part, we help you set up additional functionality, including remote management, interfaces, peering, policy, class-of-service, MPLS, and VPNs.

4 Junos OS For Dummies, 2nd Edition

Part V: The Part of TensThis part offers a quick reference of the ten most helpful commands, the keys to migrating from one network to a Junos network, and other places you can go for more information.

Icons Used in the BookWe use icons throughout this book to key you into time-saving tips, things you really need to know, and the occasional warning or interesting back-grounder. Look for them throughout these pages.

This icon highlights helpful hints that save you time and make your life easier.

Be careful when you see this icon. It marks information that can keep you out of trouble.

Whenever you see this icon, you know that it highlights key information you’ll use often.

We mark text that is interesting but that you don’t have to read as Technical Stuff. You can skip these items if you’re in a hurry or don’t want to lose your train of thought. Return to them later or browse through the book some day during lunch and read them at your leisure.

Where to Go from HereYou can go anywhere within your network and deploy or fine-tune the Junos OS with this book in your hands and its content in your head. That’s the whole point. We happen to teach and train hundreds of network administra-tors and engineers about Junos each month, and we work with people just like you who are improving their network response time, traffic handling, or expanding services. We see it all the time — that light bulb that goes off midway through the class or training seminar and the administrators can see their network in a whole new way. That’s because there’s only one Junos, not variants, and once you learn Junos, you can take that knowledge anywhere on your network and apply it.

5 Introduction

Browse through the Table of Contents and consider a starting point and then just dip in. Ramble around a little. Get a feel for the book and then dive in. Remember, you can’t get lost with Junos. You can only get better.

Note that we occasionally have updates to our technology books. If this book does have technical updates, they will be posted at

dummies.com/go/junosfdupdates

6 Junos OS For Dummies, 2nd Edition