JNCIA - Study Guide Part 1

Embed or link this publication

Description

JNCIA - Study Guide Part 1

Popular Pages


p. 1

jncia-junos study guide part 1 worldwide education services 1194 north mathilda avenue sunnyvale ca 94089 usa 408-745-2000 www.juniper.net

[close]

p. 2

this document is produced by juniper networks inc this document or any part thereof may not be reproduced or transmitted in any form under penalty of law without the prior written permission of juniper networks education services juniper networks junos steel-belted radius netscreen and screenos are registered trademarks of juniper networks inc in the united states and other countries the juniper networks logo the junos logo and junose are trademarks of juniper networks inc all other trademarks service marks registered trademarks or registered service marks are the property of their respective owners jncia-junos study guide part 1 copyright © 2010 juniper networks inc all rights reserved printed in usa the information in this document is current as of the date listed above the information in this document has been carefully verified and is believed to be accurate for software release 10.1r1.8 juniper networks assumes no responsibilities for any inaccuracies that may appear in this document in no event will juniper networks be liable for direct indirect special exemplary incidental or consequential damages resulting from any defect or omission in this document even if advised of the possibility of such damages juniper networks reserves the right to change modify transfer or otherwise revise this publication without notice year 2000 notice juniper networks hardware and software products do not suffer from year 2000 problems and hence are year 2000 compliant the junos operating system has no known time-related limitations through the year 2038 however the ntp application is known to have some difficulty in the year 2036 software license the terms and conditions for using juniper networks software are described in the software license provided with the software or to the extent applicable in an agreement executed between you and juniper networks or juniper networks agent by using juniper networks software you indicate that you understand and agree to be bound by its license terms and conditions generally speaking the software license restricts the manner in which you are permitted to use the juniper networks software may contain prohibitions against certain uses and may state conditions under which the license is automatically terminated you should consult the software license for further details.

[close]

p. 3

contents chapter 1 chapter 2 chapter 3 chapter 4 chapter 5 junos operating system fundamentals 1-1 user interface options 2-1 initial configuration 3-1 secondary system configuration 4-1 operational monitoring and maintenance 5-1 appendix a interface configuration examples a-1 appendix b the j-web interface .b-1 contents · iii

[close]

p. 4

overview welcome to the jncia-junos study guide part 1 the purpose of this guide is to help you prepare for your jn0-101 exam and achieve your jncia-junos credential the contents of this document are based on the introduction to junos software course this study guide provides students with the foundational knowledge required to work with the junos operating system and to configure junos devices the study guide provides a brief overview of the junos device families and discusses the key architectural components of the software additional key topics include user interface options with a heavy focus on the command-line interface cli configuration tasks typically associated with the initial setup of devices interface configuration basics with configuration examples secondary system configuration and the basics of operational monitoring and maintenance of junos devices agenda chapter 1 chapter 2 chapter 3 chapter 4 chapter 5 junos operating system fundamentals user interface options initial configuration secondary system configuration operational monitoring and maintenance appendix a interface configuration examples appendix b the j-web interface overview · iv

[close]

p. 5

document conventions cli and gui text frequently throughout this study guide we refer to text that appears in a command-line interface cli or a graphical user interface gui to make the language of these documents easier to read we distinguish gui and cli text from chapter text according to the following table style franklin gothic courier new description normal text console text · · screen captures noncommand-related syntax menu names text field entry commit complete exiting configuration mode select file open and then click configuration.conf in the filename text box usage example most of what you read in the student guide gui text elements · · input text versus output text you will also frequently see cases where you must enter input text yourself often this will be shown in the context of where you must enter it we use bold style to distinguish text that is input versus text that is simply displayed style normal cli normal gui description no distinguishing variant usage example physical interface:fxp0 enabled view configuration history by clicking configuration history text that you must enter lab@san_jose show route select file save and enter config.ini in the filename field cli input gui input v · document conventions

[close]

p. 6

defined and undefined syntax variables finally this study guide distinguishes between regular text and syntax variables and it also distinguishes between syntax variables where the value is already assigned defined variables and syntax variables where you must assign the value undefined variables note that these styles can be combined with the input style as well style cli variable gui variable cli undefined gui undefined text where the variable s value is the user s discretion and text where the variable s value might differ from the value the user must input type set policy policy-name ping 10.0.x.y select file save and enter filename in the filename field description text where variable value is already assigned usage example policy my-peers click on my-peers in the dialog document conventions · vi

[close]

p. 7

additional information education services offerings you can obtain information on the latest education services offerings course dates and class locations from the world wide web by pointing your web browser to http www.juniper.net/training/education about this publication the jncia-junos study guide part 1 was developed and tested using software release 10.1r1.8 previous and later versions of software might behave differently so you should always consult the documentation and release notes for the version of code you are running before reporting errors this document is written and maintained by the juniper networks education services development team please send questions and suggestions for improvement to training@juniper.net technical publications you can print technical manuals and release notes directly from the internet in a variety of formats · · go to http www.juniper.net/techpubs locate the specific software or hardware release and title you need and choose the format in which you want to view or print the document documentation sets and cds are available through your local juniper networks sales office or account representative juniper networks support for technical support contact juniper networks at http www.juniper.net/customers support or at 1-888-314-jtac within the united states or 408-745-2121 from outside the united states vii · additional information

[close]

p. 8

jncia-junos study guide part 1 chapter 1 junos operating system fundamentals this chapter discusses · · · the junos operating system and its basic design architecture traffic processing for transit and exception traffic and junos devices robust modular and scalable junos os functionality is compartmentalized into multiple software processes each process handles a portion of the device s functionality each process runs in its own protected memory space ensuring that one process cannot directly interfere with another when a single process fails the entire system does not necessarily fail this modularity also ensures that new features can be added with less likelihood of breaking current functionality the junos os is the trusted secure network operating system powering the high-performance network infrastructure offered by juniper networks the junos kernel is based on the freebsd unix operating system which is an open-source software system single software source code base all platforms running the junos os use the same source code base within their platform-specific images this design ensures that core features work in a consistent manner across all platforms running the junos os because many features and services are configured and managed the same way the setup tasks and ongoing maintenance and operation within your network are simplified separate control and forwarding planes junos operating system fundamentals · chapter 1­1 © 2010 juniper networks inc all rights reserved.

[close]

p. 9

jncia-junos study guide part 1 another aspect of junos modularity is the separation of the control plane and the forwarding or data plane the processes that control routing and switching protocols are cleanly separated from the processes that forward frames packets or both through the device running the junos os this design allows you to tune each process for maximum performance and reliability the separation of the control and forwarding planes is one of the key reasons why the junos os can support many different platforms from a common code base the graphic illustrates a basic view of the junos architecture and highlights the control and forwarding planes the control plane shown above the dashed line on the graphic runs on the routing engine re the re is the brain of the platform it is responsible for performing protocol updates and system management the re runs various protocol and management software processes that reside inside a protected memory environment the re is based on an x86 or powerpc architecture depending on the specific platform running the junos os the re maintains the routing tables bridging table and primary forwarding table and connects to the packet forwarding engine pfe through an internal link although all junos devices share this common design goal the actual components that make up the control and forwarding planes vary between the different junos devices for additional details about a specific junos device see the technical publications at http www.juniper.net/techpubs the pfe shown below the dashed line on the graphic usually runs on separate hardware and is responsible for forwarding transit traffic through the device in many platforms running the junos os the pfe uses application-specific integrated circuits asics for increased performance because this architecture separates control operations such as protocol updates and system management from forwarding operations platforms running the junos os can deliver superior performance and highly reliable deterministic operation the pfe receives the forwarding table ft from the re by means of an internal link ft updates are a high priority for the junos os kernel and are performed incrementally because the re provides the intelligence side of the equation the pfe can simply perform as it is instructed that is it forwards frames packets or both with a high degree of stability and deterministic performance this architectural design also makes possible the incorporation of high availability features like graceful routing engine switchover gres nonstop active routing nsr and unified in-service software upgrades issus maintains routing engine intelligence the re handles all protocol processes in addition to other software processes that control the device s interfaces the chassis components system management and user access to the device these software processes run on top of the junos kernel which interacts with the pfe the software directs all protocol traffic from the network to the re for the required processing controls and monitors chassis the re provides the cli in addition to the j-web gui these user interfaces run on top of the junos kernel and provide user access and control of the device we discuss user interfaces subsequently manages packet forwarding engine the re controls the pfe by providing accurate up-to-date layer 2 and layer 3 forwarding tables and by downloading microcode and managing software processes that reside in the pfe s microcode the re receives hardware and environmental status messages from the pfe and acts upon them as appropriate forwards traffic the pfe is the central processing component of the forwarding plane the pfe systematically forwards traffic based on its local copy of the forwarding table the pfe s forwarding table is a synchronized copy of the information created on and provided by the re storing and using a local copy of the forwarding table allows the pfe to forward traffic more efficiently and eliminates the need to consult the re each time a packet needs to be processed using this local copy of the forwarding table also allows platforms running the junos os to continue forwarding traffic during control plane instabilities chapter 1­2 · junos operating system fundamentals © 2010 juniper networks inc all rights reserved.

[close]

p. 10

jncia-junos study guide part 1 implements services in addition to forwarding traffic the pfe also implements a number of advanced services some examples of advanced services implemented through the pfe include policers that provide rate limiting stateless firewall filters and class of service cos other services are available through special interface cards that you can add to the pfe complex transit traffic transit traffic consists of all traffic that enters an ingress network port is compared against the forwarding table entries and is finally forwarded out an egress network port toward its destination a forwarding table entry for a destination must exist for a device running the junos os to successfully forward transit traffic to that destination transit traffic passes through the forwarding plane only and is never sent to or processed by the control plane by processing transit traffic through the forwarding plane only platforms running the junos os can achieve predictably high performance rates transit traffic can be both unicast and multicast traffic unicast transit traffic enters one ingress port and is transmitted out exactly one egress port toward its destination although multicast transit traffic also enters the transit device through a single ingress port it can be replicated and sent out multiple egress ports depending on the number of multicast receivers and the network environment exception traffic part 1 unlike transit traffic exception traffic does not pass through the local device but rather requires some form of special handling examples of exception traffic include the following · · packets addressed to the chassis such as routing protocol updates telnet sessions pings traceroutes and replies to traffic sourced from the re ip packets with the ip options field options in the packet s ip header are rarely seen but the pfe was purposely designed not to handle ip options packets with ip options must be sent to the re for processing and traffic that requires the generation of internet control message protocol icmp messages · icmp messages are sent to the packet s source to report various error conditions and to respond to ping requests examples of icmp errors include destination unreachable messages which are sent when no entry is present in the forwarding table for the packet s destination address and time-to-live ttl expired messages which are sent when a packet s ttl is decremented to zero in most cases the pfe process handles the generation of icmp messages exception traffic part 2 the junos os sends all exception traffic destined for the re over the internal link that connects the control and forwarding planes the junos os rate limits exception traffic traversing the internal link to protect the re from denial-of-service dos attacks during times of congestion the junos os gives preference to the local and control traffic destined for the re the built-in rate limiter is not configurable platforms running the junos os platforms running the junos os come in many shapes and sizes and are targeted for a number of deployment scenarios the platforms running the junos os span switching routing and security and are well suited for a variety of network environments as the heart of all these platforms the junos os provides a consistent end-to-end ip infrastructure in small enterprise environments and the largest service provider networks alike the subsequent paragraphs introduce and provide some details for each product family m series multiservice routers the m series multiservice routers provide up to 320 gbps of aggregate half-duplex throughput the m series family can be deployed in both high-end enterprise and service-provider environments large enterprises deploy m series junos operating system fundamentals · chapter 1­3 © 2010 juniper networks inc all rights reserved.

[close]

p. 11

jncia-junos study guide part 1 routers in a number of different roles including internet gateway router wan connectivity router campus core router and regional backbone and data center routers in service-provider environments the m series router operates predominantly as a multiservice edge router but you can also deploy it in small and medium cores and in peering route reflector multicast mobile and data-center applications for additional in-depth details on the m series go to http www.juniper.net/us/en/products-services/routing/m-series t series core routers the t series core routers provide up to 25.6 tbps of throughput the t series family is ideal for service provider environments and is deployed within the core of those networks for additional in-depth details on the t series go to http www.juniper.net/us/en/products-services/routing/t-tx-series j series services routers the j series services routers provide up to 2 gbps of throughput the j series services routers are deployed at branch and remote locations in the network to provide all-in-one secure wan connectivity ip telephony and connection to local pcs and servers through integrated ethernet switching for additional in-depth details on the j series go to http www.juniper.net/us/en/products-services/routing/j-series mx series ethernet services routers the mx series ethernet services routers provide up to 960 gbps of aggregate half-duplex throughput the mx series family is targeted for dense dedicated access aggregation and provider edge services in medium and large point of presence pops large enterprise environments and service providers can leverage mx series ethernet services routers for a variety of network functions including ethernet transport and aggregation and can use them to offer new ethernet-based services for additional in-depth details on the mx series ethernet go to http www.juniper.net/us/en/products-services/routing/mx-series ex series ethernet switches the ex series ethernet switches provide up to 6.2 tbps of full duplex throughput the ex series switches are designed for access aggregation and core deployments and are well suited for low-density to high-density enterprise and data center environments for additional in-depth details on the ex series ethernet switches go to http www.juniper.net/us/en/products-services/switching/ex-series srx series services gateways the srx series services gateways provide up to 120 gbps of full duplex throughput the srx series family is designed to meet the network and security requirements for consolidated data centers managed services deployments and aggregation of security services in both enterprise and service provider environments for additional in-depth details on the srx series go to http www.juniper.net/us/en/products-services/security/srx-series chapter 1­4 · junos operating system fundamentals © 2010 juniper networks inc all rights reserved.

[close]

p. 12

jncia-junos study guide part 1 review questions answers 1 the junos os is compartmentalized into multiple software processes each process runs in its own protected memory space ensuring that one process cannot directly interfere with another this modularity also ensures that new features can be added with less likelihood of breaking current functionality 2 the primary functions of the control plane are to maintain routing intelligence control and monitor the chassis and manage the packet forwarding engine pfe the primary functions of the forwarding plane are to forward packets and to implement advanced services 3 transit traffic is forwarded through the pfe on platforms running the junos os based on the forwarding table installed on the pfe exception traffic is processed locally by the platform running the junos os by either the pfe or the re depending on the type of traffic host-bound packets such as protocol and management traffic are passed directly to the re for processing while traffic requiring icmp error message responses is typically handled by the pfe 4 platform families that run the junos os include m series t series j series mx series ex series and srx series junos operating system fundamentals · chapter 1­5 © 2010 juniper networks inc all rights reserved.

[close]

p. 13

jncia-junos study guide part 1 chapter 2 user interface options this chapter discusses · · common user interface options available for platforms running the junos operating system and the junos os command-line system cli and its related modes and features the junos cli the junos cli is a text-based command shell one option for accessing the cli is through the out-of-band oob serial console connection the console port settings are predefined and are not user configurable a second option for accessing the cli is over the network in band using access protocols such as telnet or ssh unlike the console connection these access options require configuration for a network port and the access protocol many platforms running the junos os also offer a dedicated management ethernet port this management port provides oob access therefore the software cannot forward transit traffic through this management port the actual name of the dedicated management ethernet port varies between platforms for details on your specific platform refer to http www.juniper.net/techpubs for the technical publications j-web interface the j-web is a web-based graphical user interface gui that you access by using either hypertext transfer protocol http or http over secure sockets layer https it provides quick configuration wizards to simplify the most common configuration tasks for more complicated configurations the j-web gui allows you to directly edit the system s text configuration file the j-web gui is installed and enabled by default on most platforms running the junos os logging in the junos os requires a username and a password for access the administrator creates user accounts and assigns permissions all platforms running the junos os have only the root user configured by default without any password when configured the console login displays the hostname of the device when you have not configured a hostname as is the case with a factory-default configuration the software displays amnesiac in place of the hostname amnesiac ttyu0 login root junos 10.1r1.8 built 2010-02-12 18:31:54 utc root user interface options · chapter 2­1 © 2010 juniper networks inc all rights reserved.

[close]

p. 14

jncia-junos study guide part 1 the root user has complete access and control of the device when you log in as the root user the software places you at the unix shell you must start the cli by typing the cli command when you exit the cli you return to the unix shell for security reasons ensure that you also log out of the shell by using the exit command operational mode in operational mode you use the cli to monitor and troubleshoot the device the monitor ping show test and traceroute commands let you display information and test network connectivity for the device configuration mode in configuration mode you can configure all properties of the junos os including interfaces protocols and user access as well as several system hardware properties need help the cli provides context-sensitive help at any point in a command line help tells you which options are acceptable at the current point in the command and provides a brief description of each command or command option to receive help at any time while in the junos cli type a question mark you do not need to press enter if you type the question mark at the command-line prompt the cli lists the available commands and options including user-defined variables at the appropriate context if you type the question mark after entering the complete name of a command or an option the cli lists the available commands and options and then redisplays the command name and options that you typed if you type the question mark in the middle of a command name the cli lists possible command completions that match the letters you have entered so far and then redisplays the letters that you typed help on general concepts chapter 2­2 · user interface options © 2010 juniper networks inc all rights reserved.

[close]

p. 15

jncia-junos study guide part 1 you can use the help command in various ways the help topic command displays usage guidelines for the statement in the example on the graphic we receive information on configuring an interface address help with junos os configuration the help reference command displays summary information for the referenced configuration statement in the example on the graphic once again we are seeking help with interface addressing although not shown on the graphic the help reference command displays a complete list of related configuration options along with several other details specific to the referenced command statement in addition to the help topic and help reference commands the junos os also offers the help apropos command the help apropos command displays the contexts typically set commands that reference a specified variable the following is an example of the help apropos command [edit system archival configuration user@host help apropos archive set archive-sites list of archive destinations set archive-sites

[close]

Comments

no comments yet