JNCIA Refresher #2 - Junos OS Fundamentals
Table of Contents
Junos device portfolio – product families, general functionality⌗
Juniper has a number of the products that span across a number of different environments now. In the most part you are able to categories the devices into a four networking areas. These areas are: Enterprise, Service Provider, Data Centre and Security. Of course you will be able to put whatever device into your network as you wish, but you will have devices that would be more effective and efficient in a particular environment compared to overs. The tabs show the different model Series that Juniper provide (descriptions are taken from the Juniper product pages)
M Series is a Multiservice Edge Router, on the edge of your network connecting to the external peers and transit providers. These would seen in Service Providers or Medium to Large Enterprise networks. M Series can provide up to 320Gbps of throughput.
|M7i||M7i Multiservice Edge Router is compact with 10 Gbps throughput.|
|M10i||M10i Multiservice Edge Router is compact and fully redundant with 16 Gbps throughput.|
|M120||M120 Multiservice Edge Router is highly redundant with 120 Gbps throughput.|
|M320||M320 Multiservice Edge Router is a 320 Gbps high-performance routing platform.|
T series provides from 320Gbps up to 1.6Tbps of throughput on a single chassis and up to 25Tbps in a multi-chassis configuration. These routers would be used within an IP/MPLS Core Service Provider or Large Enterprise networks.
|T640||T640 Core Router delivers 50 Gbps forwarding on each of its 8 slots, and is ideal for powering small core applications.|
|T1600||T1600 Core Router offers scalable, high-performance, core routing in a small package.|
|T4000||T4000 Core Router delivers 4 Tbps of traffic in a single half rack routing node.|
MX Series allows the flexibility between have router that has a throughput of 80Tbps with the switching capabilities. The MX Series can be used as both an Edge/Core device in Service Provider/Enterprise environment and has the stability through interchangeable line cards and software licensing.
|MX5||The MX5 is a compact 20 Gbps upgradeable router for enterprise applications, space/power constrained service provider facilities and CPEs.|
|MX10||The MX10 is a compact 40 Gbps router ideal for enterprise applications and space/power-constrained service provider facilities.|
|MX40||The MX40 is a compact 60 Gbps router ideal for enterprise applications and space/power-constrained service provider facilities.|
|MX80||The MX80 is a compact 80 Gbps router ideal for enterprise applications and space/power constrained service provider facilities.|
|MX104||The 80 Gbps MX104 offers control plane redundancy and is optimized for Ethernet aggregation and enterprise applications.|
|MX240||The modular MX240 offers almost 2 Tbps of system capacity for cloud, campus and enterprise data center, service provider edge, and mobile service core deployments.|
|MX480||The modular MX480 delivers over 5 Tbps of system capacity for cloud, campus and enterprise data center, service provider edge, and mobile service core deployments.|
|MX960||The modular MX960 delivers over 10 Tbps of system capacity for cloud and large enterprise data center, service provider edge, and mobile service core deployments.|
|MX2010||The modular MX2010 offers over 17 Tbps of system capacity to help service providers scale long-term for broadband traffic, subscribers, and services.|
|MX2020||The modular MX2020 is the industry’s highest-capacity, single-chassis edge router, supporting 10/100 Gbps interfaces and scaling up to 80 Tbps.|
EX Series is a Layer 2/3 switch largely (not exclusively) used in Enterprise Networks. These switches can be used within a Virtual Chassis configuration, to provide Aggregation Layer, High Availability and Port Capacity.
|2200||EX2200 switches are low power, low acoustic 1 U devices, offering an economical solution for branch offices and campus networks.|
|3200||The EX3300 is a compact switch for demanding converged enterprise access.|
|4200||The EX4200 is a flexible, stackable switching solution for data centers and campuses.|
|4300||The EX4300 supports branch, campus, and data center access and aggregation deployments.|
|4500/4550||The EX4500 and EX4550 are a compact, high-performance platform for data center, campus, and service provider deployments.|
|4600||The EX4600 delivers a scalable 10GbE solution for high-density campus and data center top-of-rack deployments.|
|6200||The EX6200 is a scalable, resilient, high-performance wiring closet solution.|
|8200||The EX8200 provides the port densities, scalability, and high availability required for today’s data center and campus core environments.|
|9200||The EX9200 is SDN-ready and offers the flexibility and scalability required for business agility and growth.|
QFX Series are switches that are fairly new product from Juniper. These switches are used in Data Centre environment.
|QFX3500||The QFX3500 Switch is a high-performance, low-latency, feature-rich 10GbE Layer 2 and Layer 3 switch designed and optimized for virtualized data centers.|
|QFX3600||The QFX3600 Switch is a 40GbE, high-performance, Layer 2 and Layer 3 switch designed and optimized for virtualized data centers|
|QFX5100||The QFX5100 Switches are low-latency, high-performance 10GbE/40GbE switches that act as a flexible building block for multiple data center fabric architectures.|
|QFX10000||The QFX10000 Switches are highly scalable, high-density platforms that support a variety of 10GbE/40GbE/100GbE deployments, providing a robust foundation for the most demanding data centers.|
SRX Series are Juniper Security Gateways/Firewall devices that will be used to protect your network. These can use be as an Edge Gateway in a number of different environments from Service Provider/Enterprise or Data Centre.
|100||SRX100 Services Gateway provides high-performance security for small business and distributed enterprise locations.|
|110||SRX110 consolidates security, routing, switching, and WAN connectivity in a small desktop device, and is ideal for securing small businesses and branch deployments.|
|210||SRX210 provides robust, enterprise-class security for small distributed enterprise locations.|
|220||SRX220 provides robust, enterprise-class security for small to midsize businesses and distributed enterprise locations.|
|240||SRX240 provides robust, enterprise-class security for branch distributed enterprise locations.|
|550||SRX550 provides robust, enterprise-class security for medium and large branch locations.|
|650||SRX650 provides robust, enterprise-class security for regional sites and large branch locations|
|1400||SRX1400 is ideal for securing small to midsize data center environments.|
|3400||SRX3400 is ideal for securing small and midsize server farms and hosting sites.|
|3600||SRX3600 is ideal for securing medium to large enterprise data centers, hosted or colocated data centers, and server farms.|
|5400||SRX5400 is ideal for securing service provider, large enterprise, and public sector networks.|
|5600||SRX5600 is ideal for securing large enterprise data centers or service provider infrastructures, and aggregating security services.|
|5800||SRX5800 is ideal for securing large enterprise data centers, hosted or colocated data centers, and service provider infrastructures.|
Software architecture and Protocol daemons⌗
Junos unlike other vendors is Unix based system, its underlying operating system is based on the Unix Open Source system FreeBSD. By using an open source approached for the OS, it has allowed Junos to be easily adaptable across the multiple platforms that Juniper offer. The Unix based OS allows Junos to be modular design, where the different modules have their own separate process with it own dedicated memory space. This is important, because if you have an issue with one module, it is not going to break the whole device, as the module has its own separate memory space. You would be able to see the processes being run on device, you would be able run the command
show system processes | match /usr/sbin
System Processes and Daemons⌗
[email protected]\_SRX> show system processes | match /usr/sbin 1257 ?? S 0:00.06 /usr/sbin/tnetd -N 1259 ?? S 13:15.04 /usr/sbin/chassisd -N 1260 ?? S 33:39.68 /usr/sbin/alarmd -N 1261 ?? S 1:53.77 /usr/sbin/craftd -N 1262 ?? S 0:21.39 /usr/sbin/mgd -N 1263 ?? S 27:16.26 /usr/sbin/snmpd -N 1264 ?? S 73:26.45 /usr/sbin/mib2d -N 1265 ?? S 32:50.53 /usr/sbin/rpd -N 1266 ?? S 73:08.18 /usr/sbin/l2ald -N 1267 ?? S 0:00.18 /usr/sbin/inetd -N -w 1268 ?? S 32:51.30 /usr/sbin/pfed -N 1269 ?? S 1:45.65 /usr/sbin/cosd 1270 ?? S 12:34.69 /usr/sbin/kmd -N 1271 ?? S 15:28.64 /usr/sbin/ppmd -N 1272 ?? S 0:17.35 /usr/sbin/dfwd -N 1273 ?? S 7:54.62 /usr/sbin/irsd -N 1274 ?? S 2:48.90 /usr/sbin/bfdd -N 1275 ?? S 39659:13.10 /usr/sbin/flowd\_octeon\_hm 1277 ?? S 0:00.33 /usr/sbin/pppd -N 1279 ?? S 0:35.75 /usr/sbin/mplsoamd -N 1280 ?? S 0:00.25 /usr/sbin/sendd -N 1281 ?? S 0:00.46 /usr/sbin/wwand -N 1282 ?? S 3:42.82 /usr/sbin/smid -N 1283 ?? S 0:00.17 /usr/sbin/relayd -N 1284 ?? S 55:48.49 /usr/sbin/shm-rtsdbd -N 1285 ?? S 1:47.37 /usr/sbin/jsrpd -N 1286 ?? S 2:41.78 /usr/sbin/nsd -N 1287 ?? S 5:50.36 /usr/sbin/pkid -N 1288 ?? S 0:00.56 /usr/sbin/appidd -N 1289 ?? S 3:08.13 /usr/sbin/idpd -N 1290 ?? S 8:46.55 /usr/sbin/rtlogd -N 1291 ?? S 38:49.97 /usr/sbin/utmd -N 1292 ?? S 0:25.08 /usr/sbin/smtpd -N 1293 ?? S 8:57.92 /usr/sbin/wland -N 1294 ?? S 8:19.53 /usr/sbin/mcsnoopd -N 1295 ?? S 110:37.19 /usr/sbin/license-check -U -M -p 10 -i 10 1296 ?? S 0:00.39 /usr/sbin/sdxd -N 17173 ?? S 7:35.50 /usr/sbin/lldpd -N 923 u0- S 0:06.23 /usr/sbin/usbd -N 942 u0- S 0:18.52 /usr/sbin/eventd -N -r -s -A
Control and Forwarding planes⌗
All the functions of the control plane run on the
Routing Engine (RE) whether you have a router, switch, or security platform running Junos. The Control plane has a set of modules, with clean interfaces between them. This interface can be different between device models, but largely will be fxp1 or bme0. You can check by running show interface terse. In addition, the kernel has control modules that manage all the needed communication between the components. The kernel handles the RE link between itself and the Packet Forwarding Engine (PFE) and the services. Each of the different modules provides a different control process, such as control for the chassis, Ethernet switching, routing protocols, interfaces, management etc. As stated earlier Junos uses a Unix based kernal from FreeBSD, by using this open-source untying kernal, it can provides many of the essential functions of an operating system, such as the scheduling of resources. Junos to protect the control plane from a security attack, by rate-limit the traffic that reaches your RE and allowing firewall filters to be placed onto the management interfaces
Packet Forwarding Engine (PFE) is the central processing element of the forwarding plane, systematically moving the packets in and out of the device. In the Junos OS, the PFE has a locally stored forwarding table. The forwarding table is a synchronized copy of all the information from the RE that the forwarding plane needs to handle each packet, including outgoing interfaces, addresses, and so on. Storing a local copy of this information allows the PFE to get its job done without going to the control plane every time that it needs to process a packet. Another benefit to having a local copy is that the PFE can continue forwarding packets, even when a disruption occurs to the control plane, such as when a routing or other process issue happens.
Sourced from here
Routing Engine and Packet Forwarding Engine⌗
The Packet Forwarding Engine uses application-specific integrated circuits (ASICs) chips, to perform Layer 2 and Layer 3 packet switching, route lookups, and packet forwarding. The Packet Forwarding Engine forwards packets between input and output interfaces.
The Routing Engine controls the routing updates and system management. The Routing Engine consists of routing protocol software processes running inside a protected memory environment on a general-purpose computer platform. The Routing Engine handles all the routing protocol processes and other software processes that control the routing platform’s interfaces, some of the chassis components, system management, and user access to the routing platform. These routing platform and software processes run on top of a kernel that interacts with the Packet Forwarding Engine.
The key functions of the Routing Engine are:- Routing protocol packets processing
- Software modularity—Software functions have been divided into separate processes, so a failure of one process has little or no effect on other software processes.
- In-depth IP functionality- Each routing protocol is implemented with a complete set of IP features and provides full flexibility for advertising, filtering, and modifying routes. Routing policies are set according to route parameters, such as prefix, prefix lengths, and Border Gateway Protocol (BGP) attributes
- Management interfaces—System management is possible with a command-line interface (CLI), a craft interface, and Simple Network Management Protocol (SNMP).
- Storage and change management
- Monitoring efficiency and flexibility—Alarms can be generated and packets can be counted without adversely affecting packet forwarding performance.
Transit and Exception traffic⌗
Transit Transit is traffic that is sent by an user which isn’t destined for the router, switch or gateway, but the packets have to pass through the device to get its end destination. For example:
PC1 —> Switch –> Router –> Internet
If the PC on the left wanted to get the Internet on the right, the packets would transit the network to get out to the Internet. Transit Traffic is mostly unicast and/or multicast packets. Most of the time, Transit traffic will be largely processed by the PFE as the Forwarding Table will be referenced, to allow quicker movement of traffic. It is important to note, Transit Traffic does not consult the Routing Engine.
Exception Traffic is traffic that is destined for the local system. For example if you wanted to check if the router up, you would ping its loopback address. This would be regarded as Exception Traffic, as packets destined for a device requires additional processing by the Routing Engine.