O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

JUNOS Cookbook

Book Description

The Juniper Networks routing platforms are becoming the go-to solution for core, edge, metro and remote office networks, and JUNOS software is behind it all. The operating system is so full of industrial-strength routing protocols and IP innovations that those treading into the world of JUNOS will need clarification, explanation, and a showcase example or two. Look no further. This JUNOS Cookbook provides it all and more.

Yes, you can mine through the 5,000 pages of documentation or take a two-thousand-dollar training course, but JUNOS's interprocess sophistication can be baffling unless you know the shortcuts and tricks, as well as those rays of illuminating comprehension that can come only from those who live with it. JUNOS Cookbook is the first comprehensive book about JUNOS software and it provides over 200 time-saving step-by-step techniques including discussions about the processes and alternative ways to perform the same task. It's been tested and tech-reviewed by field engineers who know how to take JUNOS out for a spin and it's applicable to the entire line of M-, T-, and J-series routers. JUNOS Cookbook will not only pay for itself the first few times you use it, it will make your network easier to manage and update.



"Aviva Garrett has done a tremendous job of distilling the features of JUNOS software in a form that will be useful for a wide audience-students, field engineers, network architects, and other networking professionals alike will benefit from this book. For many people, this is the only book on JUNOS they will need."Pradeep Sindhu, CTO and Founder, Juniper Networks

"This cookbook is superb. Aviva Garrett has masterfully assembled a complete set of practical real-world examples with step-by-step instructions. Security, management, routing: it's all here!"Stephen Gill, Research Fellow, Team Cymru

"A technical time-saver for any NOC or SOC working with JUNOS. It's clear, concise, and informative recipes are are an invaluable resource. "Scott A. McIntyre, Security Officer, XS4ALL Internet B.V

Table of Contents

  1. Foreword
  2. Preface
    1. Organization
    2. What’s in This Book
    3. Conventions
    4. Comments and Questions
    5. Safari® Enabled
    6. Acknowledgments
  3. 1. Router Configuration and File Management
    1. Introduction
    2. 1.1. Configuring the Router for the First Time
    3. 1.2. Configuring the Router from the CLI
    4. 1.3. Getting Exclusive Access to Configure the Router
    5. 1.4. Displaying the Commands to Recreate a Configuration
    6. 1.5. Including Comments in the Configuration
    7. 1.6. Checking the Syntax of the Configuration
    8. 1.7. Activating the Router Configuration
    9. 1.8. Debugging a Failed Commit
    10. 1.9. Exiting Configuration Mode
    11. 1.10. Keeping a Record of Configuration Changes
    12. 1.11. Determining What Changes You Have Made to the Configuration
    13. 1.12. Configuring the Router by Copying a File from a Server
    14. 1.13. Configuring the Router by Copying Text from a Terminal Window
    15. 1.14. Backing Up the Router’s Configuration
    16. 1.15. Scheduling the Activation of a Configuration
    17. 1.16. Provisionally Activating a Configuration
    18. 1.17. Loading a Previous Router Configuration
    19. 1.18. Creating an Emergency Rescue Configuration
    20. 1.19. Backing Up Filesystems on M-Series and T-Series Routers
    21. 1.20. Backing Up Filesystems on J-Series Routers
    22. 1.21. Restoring a Backed-Up Filesystem
    23. 1.22. Installing a Different Software Release on M-Series and T-Series Routers
    24. 1.23. Installing a Different Software Release on J-Series Routers
    25. 1.24. Creating an Emergency Boot Disk
    26. 1.25. Gathering Software Version Information
    27. 1.26. Gathering Hardware Inventory Information
    28. 1.27. Finding Out How Long the Router Has Been Up
    29. 1.28. Gathering Information Before Contacting Support
    30. 1.29. Managing Routers with Similar Configurations
    31. 1.30. Managing Redundant Routing Engines
    32. 1.31. Using the Second Routing Engine to Upgrade to a New Software Version
  4. 2. Basic Router Security and Access Control
    1. Introduction
    2. 2.1. Allowing Access to the Router
    3. 2.2. Controlling Root Authentication
    4. 2.3. Logging In to the Router’s Console
    5. 2.4. Setting the Login Authentication Methods
    6. 2.5. Setting Up Login Accounts on the Router
    7. 2.6. Changing the Format of Plain-Text Passwords
    8. 2.7. Changing the Plain-Text Password Encryption Method
    9. 2.8. Creating a Login Account for Remote Authentication
    10. 2.9. Creating a Group Login Account
    11. 2.10. Customizing Account Privileges
    12. 2.11. Creating a Privilege Class that Hides Encrypted Passwords
    13. 2.12. Setting Up RADIUS User Authentication
    14. 2.13. Setting Up TACACS+ User Authentication
    15. 2.14. Restricting Inbound SSH and Telnet Access
    16. 2.15. Setting the Source Address for Telnet Connections
    17. 2.16. Creating a Login Banner
    18. 2.17. Finding Out Who Is Logged In to the Router
    19. 2.18. Logging Out of the Router
    20. 2.19. Forcibly Logging a User Out
  5. 3. IPSec
    1. Introduction
    2. 3.1. Configuring IPSec
    3. 3.2. Configuring IPSec Dynamic SAs
    4. 3.3. Creating IPSec Dynamic SAs on J-Series Routers or Routers with AS PICs
    5. 3.4. Using Digital Certificates to Create Dynamic IPSec SAs
  6. 4. SNMP
    1. Introduction
    2. 4.1. Configuring SNMP
    3. 4.2. Setting Router Information for the MIB-II System Group
    4. 4.3. Setting Up SNMP Traps
    5. 4.4. Controlling SNMP Access to the Router
    6. 4.5. Using a Firewall Filter to Protect SNMP Access
    7. 4.6. Controlling Access to Router MIBs
    8. 4.7. Extracting Software Inventory Information with SNMP
    9. 4.8. Extracting Hardware Inventory Information with SNMP
    10. 4.9. Collecting Router Operational Information with SNMP
    11. 4.10. Logging SNMP Access to the Router
    12. 4.11. Logging Enterprise-Specific Traps
    13. 4.12. Using RMON Traps to Monitor the Router’s Temperature
    14. 4.13. Configuring SNMPv3
    15. 4.14. Tracking Router Configuration Changes
    16. 4.15. Setting Up SNMPv3 Traps
  7. 5. Logging
    1. Introduction
    2. 5.1. Turning On Logging
    3. 5.2. Limiting the Messages Collected
    4. 5.3. Including the Facility and Severity in Messages
    5. 5.4. Changing the Size of a Logging File
    6. 5.5. Clearing the Router’s Logfiles
    7. 5.6. Sending Log Messages to Your Screen
    8. 5.7. Sending Logging Messages to a Log Server
    9. 5.8. Saving Logging Messages to the Other Routing Engine
    10. 5.9. Turning Off Logging
    11. 5.10. Turning On Basic Tracing
    12. 5.11. Monitoring Interface Traffic
  8. 6. NTP
    1. Introduction
    2. 6.1. Setting the Date and Time on the Router Manually
    3. 6.2. Setting the Time Zone
    4. 6.3. Synchronizing Time When the Router Boots
    5. 6.4. Synchronizing Time Periodically
    6. 6.5. Authenticating NTP
    7. 6.6. Checking NTP Status
  9. 7. Router Interfaces
    1. Introduction
    2. 7.1. Viewing Interface Status
    3. 7.2. Viewing Traffic Statistics on an Interface
    4. 7.3. Setting an IP Address for the Router
    5. 7.4. Setting the Router’s Source Address
    6. 7.5. Configuring an IPv4 Address on an Interface
    7. 7.6. Configuring an IPv6 Address on an Interface
    8. 7.7. Configuring an ISO Address on an Interface
    9. 7.8. Creating an MPLS Protocol Family on a Logical Interface
    10. 7.9. Configuring an Interface Description
    11. 7.10. Choosing Primary and Preferred Interface Addresses
    12. 7.11. Using the Management Interface
    13. 7.12. Finding Out What IP Addresses Are Used on the Router
    14. 7.13. Configuring Ethernet Interfaces
    15. 7.14. Using VRRP on Ethernet Interfaces
    16. 7.15. Connecting to an Ethernet Switch
    17. 7.16. Configuring T1 Interfaces
    18. 7.17. Performing a Loopback Test on a T1 Interface
    19. 7.18. Setting Up a BERT Test on a T1 Interface
    20. 7.19. Configuring Frame Relay on a T1 Interface
    21. 7.20. Configuring a SONET Interface
    22. 7.21. Using APS to Protect Against SONET Circuit Failures
    23. 7.22. Configuring an ATM Interface
    24. 7.23. Dealing with Nonconfigurable Interfaces
    25. 7.24. Configuring Interfaces Before the PICs Are Installed
  10. 8. IP Routing
    1. Introduction
    2. 8.1. Viewing the Routes in the Routing Table
    3. 8.2. Viewing Routes to a Particular Prefix
    4. 8.3. Viewing Routes Learned from a Specific Protocol
    5. 8.4. Displaying the Routes in the Forwarding Table
    6. 8.5. Creating Static Routes
    7. 8.6. Blackholing Routes
    8. 8.7. Filtering Traffic Using Unicast Reverse-Path Forwarding
    9. 8.8. Aggregating Routes
    10. 8.9. Load-Balancing Traffic Flows
    11. 8.10. Adding Martian Addresses
    12. 8.11. Changing Route Preferences to Migrate to Another IGP
    13. 8.12. Configuring Routing Protocols to Restart Without Losing Adjacencies
  11. 9. Routing Policy and Firewall Filters
    1. Introduction
    2. 9.1. Creating a Simple Routing Policy
    3. 9.2. Changing a Route’s Routing Information
    4. 9.3. Filtering Routes by IP Address
    5. 9.4. Filtering Long Prefixes
    6. 9.5. Filtering Unallocated Prefix Blocks
    7. 9.6. Creating a Chain of Routing Policies
    8. 9.7. Making Sure a Routing Policy Is Functioning Properly
    9. 9.8. Creating a Simple Firewall Filter that Matches Packet Contents
    10. 9.9. Creating a Firewall Filter that Negates a Match
    11. 9.10. Reordering Firewall Terms
    12. 9.11. Filtering Traffic Transiting the Router
    13. 9.12. Using a Firewall Filter to Count Traffic on an Interface
    14. 9.13. Logging the Traffic on an Interface
    15. 9.14. Limiting Traffic on an Interface
    16. 9.15. Protecting the Local Routing Engine
    17. 9.16. Rate-Limiting Traffic Flow to the Routing Engine
    18. 9.17. Using Counters to Determine Whether a Router Is Under Attack
  12. 10. RIP
    1. Introduction
    2. 10.1. Configuring RIP
    3. 10.2. Having RIP Advertise Its Routes
    4. 10.3. Configuring RIP for IPv6
    5. 10.4. Enabling RIP Authentication
    6. 10.5. Routing RIP Traffic over Faster Interfaces
    7. 10.6. Sending Version 1 Update Messages
    8. 10.7. Tracing RIP Protocol Traffic
  13. 11. IS-IS
    1. Introduction
    2. 11.1. Configuring IS-IS
    3. 11.2. Viewing the IS-IS Link-State Database
    4. 11.3. Viewing Routes Learned by IS-IS
    5. 11.4. Configuring IS-IS for IPv6
    6. 11.5. Configuring a Level 1–Only Router
    7. 11.6. Controlling DIS Election
    8. 11.7. Enabling IS-IS Authentication
    9. 11.8. Redistributing Static Routes into IS-IS
    10. 11.9. Leaking IS-IS Level 2 Routes into Level 1
    11. 11.10. Adjusting IS-IS Link Costs
    12. 11.11. Improving IS-IS Convergence Times
    13. 11.12. Moving IS-IS Traffic off a Router
    14. 11.13. Disabling IS-IS on an Interface
    15. 11.14. Tracing IS-IS Protocol Traffic
  14. 12. OSPF
    1. Introduction
    2. 12.1. Configuring OSPF
    3. 12.2. Viewing Routes Learned by OSPF
    4. 12.3. Viewing the OSPF Link-State Database
    5. 12.4. Configuring OSPF for IPv6
    6. 12.5. Configuring a Multiarea OSPF Network
    7. 12.6. Setting Up Stub Areas
    8. 12.7. Creating a Not-So-Stubby Area
    9. 12.8. Summarizing Routes in OSPF
    10. 12.9. Enabling OSPF Authentication
    11. 12.10. Redistributing Static Routes into OSPF
    12. 12.11. Adjusting OSPF Link Costs
    13. 12.12. Improving OSPF Convergence Times
    14. 12.13. Moving OSPF Traffic off a Router
    15. 12.14. Disabling OSPF on an Interface
    16. 12.15. Tracing OSPF Protocol Traffic
  15. 13. BGP
    1. Introduction
    2. 13.1. Configuring a BGP Session Between Routers in Two ASs
    3. 13.2. Configuring BGP on Routers Within an AS
    4. 13.3. Diagnosing TCP Session Problems
    5. 13.4. Adjusting the Next-Hop Attribute
    6. 13.5. Adjusting Local Preference Values
    7. 13.6. Removing Private AS Numbers from the AS Path
    8. 13.7. Prepending AS Numbers to the AS Path
    9. 13.8. Filtering BGP Routes Based on AS Paths
    10. 13.9. Restricting the Number of Routes Advertised to a BGP Peer
    11. 13.10. Authenticating BGP Peers
    12. 13.11. Setting Up Route Reflectors
    13. 13.12. Mitigating Route Instabilities with Route Flap Damping
    14. 13.13. Adding a BGP Community to Routes
    15. 13.14. Load-Balancing BGP Traffic
    16. 13.15. Tracing BGP Protocol Traffic
  16. 14. MPLS
    1. Introduction
    2. 14.1. Configuring LSPs Using LDP as the Signaling Protocol
    3. 14.2. Viewing Information and LDP-Signaled LSPs in the Routing Tables
    4. 14.3. Verifying that an LDP-Signaled LSP Is Carrying Traffic
    5. 14.4. Enabling LDP Authentication
    6. 14.5. Tracing LDP Operations
    7. 14.6. Setting Up RSVP-Signaled LSPs
    8. 14.7. Viewing Information About RSVP-Signaled LSPs in the Routing Tables
    9. 14.8. Verifying Packet Labels
    10. 14.9. Verifying that the RSVP-Signaled LSP Is Carrying Traffic
    11. 14.10. Configuring RSVP Authentication
    12. 14.11. Protecting an LSP’s Path
    13. 14.12. Using Fast Reroute to Reduce Packet Loss Following a Link Failure
    14. 14.13. Automatically Allocating Bandwidth
    15. 14.14. Prioritizing LSPs
    16. 14.15. Allowing IGP Traffic to Use an LSP
    17. 14.16. Installing LSPs into the Unicast Routing Table
    18. 14.17. Tracing RSVP Operations
  17. 15. VPNs
    1. Introduction
    2. 15.1. Setting Up a Simple Layer 3 VPN
    3. 15.2. Viewing the VPN Routing Tables
    4. 15.3. Adding a VPN for a Second Customer
  18. 16. IP Multicast
    1. Introduction
    2. 16.1. Configuring PIM-SM
    3. 16.2. Manually Establishing a PIM-SM RP
    4. 16.3. Using Auto-RP to Dynamically Map RPs
    5. 16.4. Setting Up a PIM-SM Bootstrap Router
    6. 16.5. Filtering PIM-SM Bootstrap Messages
    7. 16.6. Configuring Multiple RPs in a PIM-SM Domain with Anycast RP
    8. 16.7. Configuring Multiple RPs in a PIM-SM Domain Anycast PIM
    9. 16.8. Limiting the Group Ranges an RP Services
    10. 16.9. Viewing Multicast Routes
    11. 16.10. Checking the Groups for Which a PIM-SM Router Maintains Join State
    12. 16.11. Manually Configuring IGMP
    13. 16.12. Using SSM
    14. 16.13. Connecting PIM-SM Domains Using MSDP and MBGP
    15. 16.14. Configuring PIM-DM
    16. 16.15. Tracing PIM Packets
  19. Index
  20. About the Author
  21. Colophon
  22. Copyright