JNCIA Refresher #2 – Junos OS Fundamentals

Reading Time: 4 minutes

Junos device portfolio – product families, general functionality
Software architecture and Protocol daemons
Control and Forwarding planes
Routing Engine and Packet Forwarding Engine
Transit and Exception traffic

Junos device portfolio – product families, general functionality

Juniper has a number of the products that span across a number of different environments now. In the most part you are able to categories the devices into a four networking areas. These areas are: Enterprise, Service Provider, Data Centre and Security. Of course you will be able to put whatever device into your network as you wish, but you will have devices that would be more effective and efficient in a particular environment compared to overs. The tabs show the different model Series that Juniper provide (descriptions are taken from the Juniper product pages)

M SeriesT SeriesMX SeriesEX SeriesQFX SeriesSRX Series
M Series is a Multiservice Edge Router, on the edge of your network connecting to the external peers and transit providers. These would seen in Service Providers or Medium to Large Enterprise networks. M Series can provide up to 320Gbps of throughput.

Model Juniper’s Description
M7i M7i Multiservice Edge Router is compact with 10 Gbps throughput.
M10i M10i Multiservice Edge Router is compact and fully redundant with 16 Gbps throughput.
M120 M120 Multiservice Edge Router is highly redundant with 120 Gbps throughput.
M320 M320 Multiservice Edge Router is a 320 Gbps high-performance routing platform.
T series provides from 320Gbps up to 1.6Tbps of throughput on a single chassis and up to 25Tbps in a multi-chassis configuration. These routers would be used within an IP/MPLS Core Service Provider or Large Enterprise networks.

Model Juniper’s Description
T640 T640 Core Router delivers 50 Gbps forwarding on each of its 8 slots, and is ideal for powering small core applications.
T1600 T1600 Core Router offers scalable, high-performance, core routing in a small package.
T4000 T4000 Core Router delivers 4 Tbps of traffic in a single half rack routing node.
MX Series allows the flexibility between have router that has a throughput of 80Tbps with the switching capabilities. The MX Series can be used as both an Edge/Core device in Service Provider/Enterprise environment and has the stability through interchangeable line cards and software licensing.

Model Juniper’s Description
MX5 The MX5 is a compact 20 Gbps upgradeable router for enterprise applications, space/power constrained service provider facilities and CPEs.
MX10 The MX10 is a compact 40 Gbps router ideal for enterprise applications and space/power-constrained service provider facilities.
MX40 The MX40 is a compact 60 Gbps router ideal for enterprise applications and space/power-constrained service provider facilities.
MX80 The MX80 is a compact 80 Gbps router ideal for enterprise applications and space/power constrained service provider facilities.
MX104 The 80 Gbps MX104 offers control plane redundancy and is optimized for Ethernet aggregation and enterprise applications.
MX240 The modular MX240 offers almost 2 Tbps of system capacity for cloud, campus and enterprise data center, service provider edge, and mobile service core deployments.
MX480 The modular MX480 delivers over 5 Tbps of system capacity for cloud, campus and enterprise data center, service provider edge, and mobile service core deployments.
MX960 The modular MX960 delivers over 10 Tbps of system capacity for cloud and large enterprise data center, service provider edge, and mobile service core deployments.
MX2010 The modular MX2010 offers over 17 Tbps of system capacity to help service providers scale long-term for broadband traffic, subscribers, and services.
MX2020 The modular MX2020 is the industry’s highest-capacity, single-chassis edge router, supporting 10/100 Gbps interfaces and scaling up to 80 Tbps.
EX Series is a Layer 2/3 switch largely (not exclusively) used in Enterprise Networks. These switches can be used within a Virtual Chassis configuration, to provide Aggregation Layer, High Availability and Port Capacity.

Model Juniper’s Description
2200 EX2200 switches are low power, low acoustic 1 U devices, offering an economical solution for branch offices and campus networks.
3200 The EX3300 is a compact switch for demanding converged enterprise access.
4200 The EX4200 is a flexible, stackable switching solution for data centers and campuses.
4300 The EX4300 supports branch, campus, and data center access and aggregation deployments.
4500/4550 The EX4500 and EX4550 are a compact, high-performance platform for data center, campus, and service provider deployments.
4600 The EX4600 delivers a scalable 10GbE solution for high-density campus and data center top-of-rack deployments.
6200 The EX6200 is a scalable, resilient, high-performance wiring closet solution.
8200 The EX8200 provides the port densities, scalability, and high availability required for today’s data center and campus core environments.
9200 The EX9200 is SDN-ready and offers the flexibility and scalability required for business agility and growth.
QFX Series are switches that are fairly new product from Juniper. These switches are used in Data Centre environment.

Model Juniper’s Description
QFX3500 The QFX3500 Switch is a high-performance, low-latency, feature-rich 10GbE Layer 2 and Layer 3 switch designed and optimized for virtualized data centers.
QFX3600 The QFX3600 Switch is a 40GbE, high-performance, Layer 2 and Layer 3 switch designed and optimized for virtualized data centers
QFX5100 The QFX5100 Switches are low-latency, high-performance 10GbE/40GbE switches that act as a flexible building block for multiple data center fabric architectures.
QFX10000 The QFX10000 Switches are highly scalable, high-density platforms that support a variety of 10GbE/40GbE/100GbE deployments, providing a robust foundation for the most demanding data centers.
SRX Series are Juniper Security Gateways/Firewall devices that will be used to protect your network. These can use be as an Edge Gateway in a number of different environments from Service Provider/Enterprise or Data Centre.

Model Juniper’s Description
100 SRX100 Services Gateway provides high-performance security for small business and distributed enterprise locations.
110 SRX110 consolidates security, routing, switching, and WAN connectivity in a small desktop device, and is ideal for securing small businesses and branch deployments.
210 SRX210 provides robust, enterprise-class security for small distributed enterprise locations.
220 SRX220 provides robust, enterprise-class security for small to midsize businesses and distributed enterprise locations.
240 SRX240 provides robust, enterprise-class security for branch distributed enterprise locations.
550 SRX550 provides robust, enterprise-class security for medium and large branch locations.
650 SRX650 provides robust, enterprise-class security for regional sites and large branch locations
1400 SRX1400 is ideal for securing small to midsize data center environments.
3400 SRX3400 is ideal for securing small and midsize server farms and hosting sites.
3600 SRX3600 is ideal for securing medium to large enterprise data centers, hosted or colocated data centers, and server farms.
5400 SRX5400 is ideal for securing service provider, large enterprise, and public sector networks.
5600 SRX5600 is ideal for securing large enterprise data centers or service provider infrastructures, and aggregating security services.
5800 SRX5800 is ideal for securing large enterprise data centers, hosted or colocated data centers, and service provider infrastructures.

Software architecture and Protocol daemons

Junos unlike other vendors is Unix based system, its underlying operating system is based on the Unix Open Source system FreeBSD. By using an open source approached for the OS, it has allowed Junos to be easily adaptable across the multiple platforms that Juniper offer. The Unix based OS allows Junos to be modular design, where the different modules have their own separate process with it own dedicated memory space. This is important, because if you have an issue with one module, it is not going to break the whole device, as the module has its own separate memory space. You would be able to see the processes being run on device, you would be able run the command show system processes | match /usr/sbin

System Processes and Daemons
[email protected]_SRX> show system processes | match /usr/sbin 
 1257  ??  S      0:00.06 /usr/sbin/tnetd -N
 1259  ??  S     13:15.04 /usr/sbin/chassisd -N
 1260  ??  S     33:39.68 /usr/sbin/alarmd -N
 1261  ??  S      1:53.77 /usr/sbin/craftd -N
 1262  ??  S      0:21.39 /usr/sbin/mgd -N
 1263  ??  S     27:16.26 /usr/sbin/snmpd -N
 1264  ??  S     73:26.45 /usr/sbin/mib2d -N
 1265  ??  S     32:50.53 /usr/sbin/rpd -N
 1266  ??  S     73:08.18 /usr/sbin/l2ald -N
 1267  ??  S      0:00.18 /usr/sbin/inetd -N -w
 1268  ??  S     32:51.30 /usr/sbin/pfed -N
 1269  ??  S      1:45.65 /usr/sbin/cosd
 1270  ??  S     12:34.69 /usr/sbin/kmd -N
 1271  ??  S     15:28.64 /usr/sbin/ppmd -N
 1272  ??  S      0:17.35 /usr/sbin/dfwd -N
 1273  ??  S      7:54.62 /usr/sbin/irsd -N
 1274  ??  S      2:48.90 /usr/sbin/bfdd -N
 1275  ??  S    39659:13.10 /usr/sbin/flowd_octeon_hm
 1277  ??  S      0:00.33 /usr/sbin/pppd -N
 1279  ??  S      0:35.75 /usr/sbin/mplsoamd -N
 1280  ??  S      0:00.25 /usr/sbin/sendd -N
 1281  ??  S      0:00.46 /usr/sbin/wwand -N
 1282  ??  S      3:42.82 /usr/sbin/smid -N
 1283  ??  S      0:00.17 /usr/sbin/relayd -N
 1284  ??  S     55:48.49 /usr/sbin/shm-rtsdbd -N
 1285  ??  S      1:47.37 /usr/sbin/jsrpd -N
 1286  ??  S      2:41.78 /usr/sbin/nsd -N
 1287  ??  S      5:50.36 /usr/sbin/pkid -N
 1288  ??  S      0:00.56 /usr/sbin/appidd -N
 1289  ??  S      3:08.13 /usr/sbin/idpd -N
 1290  ??  S      8:46.55 /usr/sbin/rtlogd -N
 1291  ??  S     38:49.97 /usr/sbin/utmd -N
 1292  ??  S      0:25.08 /usr/sbin/smtpd -N
 1293  ??  S      8:57.92 /usr/sbin/wland -N
 1294  ??  S      8:19.53 /usr/sbin/mcsnoopd -N
 1295  ??  S    110:37.19 /usr/sbin/license-check -U -M -p 10 -i 10
 1296  ??  S      0:00.39 /usr/sbin/sdxd -N
17173  ??  S      7:35.50 /usr/sbin/lldpd -N
  923  u0- S      0:06.23 /usr/sbin/usbd -N
  942  u0- S      0:18.52 /usr/sbin/eventd -N -r -s -A

Control and Forwarding planes

All the functions of the control plane run on the Routing Engine (RE) whether you have a router, switch, or security platform running Junos. The Control plane has a set of modules, with clean interfaces between them. This interface can be different between device models, but largely will be fxp1 or bme0. You can check by running show interface terse. In addition, the kernel has control modules that manage all the needed communication between the components. The kernel handles the RE link between itself and the Packet Forwarding Engine (PFE) and the services. Each of the different modules provides a different control process, such as control for the chassis, Ethernet switching, routing protocols, interfaces, management etc. As stated earlier Junos uses a Unix based kernal from FreeBSD, by using this open-source untying kernal, it can provides many of the essential functions of an operating system, such as the scheduling of resources. Junos to protect the control plane from a security attack, by rate-limit the traffic that reaches your RE and allowing firewall filters to be placed onto the management interfaces

The Packet Forwarding Engine (PFE) is the central processing element of the forwarding plane, systematically moving the packets in and out of the device. In the Junos OS, the PFE has a locally stored forwarding table. The forwarding table is a synchronized copy of all the information from the RE that the forwarding plane needs to handle each packet, including outgoing interfaces, addresses, and so on. Storing a local copy of this information allows the PFE to get its job done without going to the control plane every time that it needs to process a packet. Another benefit to having a local copy is that the PFE can continue forwarding packets, even when a disruption occurs to the control plane, such as when a routing or other process issue happens.

 

Routing Engine and Packet Forwarding Engine

The Packet Forwarding Engine uses application-specific integrated circuits (ASICs) chips, to perform Layer 2 and Layer 3 packet switching, route lookups, and packet forwarding. The Packet Forwarding Engine forwards packets between input and output interfaces.

The Routing Engine controls the routing updates and system management. The Routing Engine consists of routing protocol software processes running inside a protected memory environment on a general-purpose computer platform. The Routing Engine handles all the routing protocol processes and other software processes that control the routing platform’s interfaces, some of the chassis components, system management, and user access to the routing platform. These routing platform and software processes run on top of a kernel that interacts with the Packet Forwarding Engine.

The key functions of the Routing Engine are:

  • Routing protocol packets processing
  • Software modularity—Software functions have been divided into separate processes, so a failure of one process has little or no effect on other software processes.
  • In-depth IP functionality- Each routing protocol is implemented with a complete set of IP features and provides full flexibility for advertising, filtering, and modifying routes. Routing policies are set according to route parameters, such as prefix, prefix lengths, and Border Gateway Protocol (BGP) attributes
  • Management interfaces—System management is possible with a command-line interface (CLI), a craft interface, and Simple Network Management Protocol (SNMP).
  • Storage and change management
  • Monitoring efficiency and flexibility—Alarms can be generated and packets can be counted without adversely affecting packet forwarding performance.
  • Transit and Exception traffic

    Transit Transit is traffic that is sent by an user which isn’t destined for the router, switch or gateway, but the packets have to pass through the device to get its end destination. For example:

    PC1 ---> Switch --> Router --> Internet

    If the PC on the left wanted to get the Internet on the right, the packets would transit the network to get out to the Internet. Transit Traffic is mostly unicast and/or multicast packets. Most of the time, Transit traffic will be largely processed by the PFE as the Forwarding Table will be referenced, to allow quicker movement of traffic. It is important to note, Transit Traffic does not consult the Routing Engine.

    Exception Traffic is traffic that is destined for the local system. For example if you wanted to check if the router up, you would ping its loopback address. This would be regarded as Exception Traffic, as packets destined for a device requires additional processing by the Routing Engine.

    The following two tabs change content below.

    Keeran Marquis

    Network Engineer
    Keeran Marquis is a Network Engineer. His main goal is to learn everything within the Networking field, pick up a little bit of scripting, be a poor man sysadmin and share whatever he knows! All Posts are his own views, opinions and experiences, no guarantees they will work for you but point you in the right direction 🙂
    Share this:
    Share

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.