JUNOS Cookbook

book cover
JUNOS Cookbook
By Aviva Garrett
Publisher: O'Reilly
Pub Date: April 2006
Print ISBN-10: 0-596-10014-0
Print ISBN-13: 978-0-59-610014-8
Pages: 682

Table of Contents  | Index

The Juniper Networks routing platforms are becoming the go-to solution for core, edge, metro and remote office networks, and JUNOS software is behind it all. The operating system is so full of industrial-strength routing protocols and IP innovations that those treading into the world of JUNOS will need clarification, explanation, and a showcase example or two. Look no further. This JUNOS Cookbook provides it all and more.

Yes, you can mine through the 5,000 pages of documentation or take a two-thousand-dollar training course, but JUNOS's interprocess sophistication can be baffling unless you know the shortcuts and tricks, as well as those rays of illuminating comprehension that can come only from those who live with it. JUNOS Cookbook is the first comprehensive book about JUNOS software and it provides over 200 time-saving step-by-step techniques including discussions about the processes and alternative ways to perform the same task. It's been tested and tech-reviewed by field engineers who know how to take JUNOS out for a spin and it's applicable to the entire line of M-, T-, and J-series routers. JUNOS Cookbook will not only pay for itself the first few times you use it, it will make your network easier to manage and update.

"Aviva Garrett has done a tremendous job of distilling the features of JUNOS software in a form that will be useful for a wide audience-students, field engineers, network architects, and other networking professionals alike will benefit from this book. For many people, this is the only book on JUNOS they will need."
Pradeep Sindhu, CTO and Founder, Juniper Networks

"This cookbook is superb. Aviva Garrett has masterfully assembled a complete set of practical real-world examples with step-by-step instructions. Security, management, routing: it's all here!"
Stephen Gill, Research Fellow, Team Cymru

"A technical time-saver for any NOC or SOC working with JUNOS. It's clear, concise, and informative recipes are are an invaluable resource. "
Scott A. McIntyre, Security Officer, XS4ALL Internet B.V

book cover
JUNOS Cookbook
By Aviva Garrett
Publisher: O'Reilly
Pub Date: April 2006
Print ISBN-10: 0-596-10014-0
Print ISBN-13: 978-0-59-610014-8
Pages: 682

Table of Contents  | Index

        Chapter 1.  Router Configuration and File Management
      Recipe 1.1.  Configuring the Router for the First Time
      Recipe 1.2.  Configuring the Router from the CLI
      Recipe 1.3.  Getting Exclusive Access to Configure the Router
      Recipe 1.4.  Displaying the Commands to Recreate a Configuration
      Recipe 1.5.  Including Comments in the Configuration
      Recipe 1.6.  Checking the Syntax of the Configuration
      Recipe 1.7.  Activating the Router Configuration
      Recipe 1.8.  Debugging a Failed Commit
      Recipe 1.9.  Exiting Configuration Mode
      Recipe 1.10.  Keeping a Record of Configuration Changes
      Recipe 1.11.  Determining What Changes You Have Made to the Configuration
      Recipe 1.12.  Configuring the Router by Copying a File from a Server
      Recipe 1.13.  Configuring the Router by Copying Text from a Terminal Window
      Recipe 1.14.  Backing Up the Router's Configuration
      Recipe 1.15.  Scheduling the Activation of a Configuration
      Recipe 1.16.  Provisionally Activating a Configuration
      Recipe 1.17.  Loading a Previous Router Configuration
      Recipe 1.18.  Creating an Emergency Rescue Configuration
      Recipe 1.19.  Backing Up Filesystems on M-Series and T-Series Routers
      Recipe 1.20.  Backing Up Filesystems on J-Series Routers
      Recipe 1.21.  Restoring a Backed-Up Filesystem
      Recipe 1.22.  Installing a Different Software Release on M-Series and T-Series Routers
      Recipe 1.23.  Installing a Different Software Release on J-Series Routers
      Recipe 1.24.  Creating an Emergency Boot Disk
      Recipe 1.25.  Gathering Software Version Information
      Recipe 1.26.  Gathering Hardware Inventory Information
      Recipe 1.27.  Finding Out How Long the Router Has Been Up
      Recipe 1.28.  Gathering Information Before Contacting Support
      Recipe 1.29.  Managing Routers with Similar Configurations
      Recipe 1.30.  Managing Redundant Routing Engines
      Recipe 1.31.  Using the Second Routing Engine to Upgrade to a New Software Version
        Chapter 2.  Basic Router Security and Access Control
      Recipe 2.1.  Allowing Access to the Router
      Recipe 2.2.  Controlling Root Authentication
      Recipe 2.3.  Logging In to the Router's Console
      Recipe 2.4.  Setting the Login Authentication Methods
      Recipe 2.5.  Setting Up Login Accounts on the Router
      Recipe 2.6.  Changing the Format of Plain-Text Passwords
      Recipe 2.7.  Changing the Plain-Text Password Encryption Method
      Recipe 2.8.  Creating a Login Account for Remote Authentication
      Recipe 2.9.  Creating a Group Login Account
      Recipe 2.10.  Customizing Account Privileges
      Recipe 2.11.  Creating a Privilege Class that Hides Encrypted Passwords
      Recipe 2.12.  Setting Up RADIUS User Authentication
      Recipe 2.13.  Setting Up TACACS+ User Authentication
      Recipe 2.14.  Restricting Inbound SSH and Telnet Access
      Recipe 2.15.  Setting the Source Address for Telnet Connections
      Recipe 2.16.  Creating a Login Banner
      Recipe 2.17.  Finding Out Who Is Logged In to the Router
      Recipe 2.18.  Logging Out of the Router
      Recipe 2.19.  Forcibly Logging a User Out
        Chapter 3.  IPSec
      Recipe 3.1.  Configuring IPSec
      Recipe 3.2.  Configuring IPSec Dynamic SAs
      Recipe 3.3.  Creating IPSec Dynamic SAs on J-Series Routers or Routers with AS PICs
      Recipe 3.4.  Using Digital Certificates to Create Dynamic IPSec SAs
        Chapter 4.  SNMP
      Recipe 4.1.  Configuring SNMP
      Recipe 4.2.  Setting Router Information for the MIB-II System Group
      Recipe 4.3.  Setting Up SNMP Traps
      Recipe 4.4.  Controlling SNMP Access to the Router
      Recipe 4.5.  Using a Firewall Filter to Protect SNMP Access
      Recipe 4.6.  Controlling Access to Router MIBs
      Recipe 4.7.  Extracting Software Inventory Information with SNMP
      Recipe 4.8.  Extracting Hardware Inventory Information with SNMP
      Recipe 4.9.  Collecting Router Operational Information with SNMP
      Recipe 4.10.  Logging SNMP Access to the Router
      Recipe 4.11.  Logging Enterprise-Specific Traps
      Recipe 4.12.  Using RMON Traps to Monitor the Router's Temperature
      Recipe 4.13.  Configuring SNMPv3
      Recipe 4.14.  Tracking Router Configuration Changes
      Recipe 4.15.  Setting Up SNMPv3 Traps
        Chapter 5.  Logging
      Recipe 5.1.  Turning On Logging
      Recipe 5.2.  Limiting the Messages Collected
      Recipe 5.3.  Including the Facility and Severity in Messages
      Recipe 5.4.  Changing the Size of a Logging File
      Recipe 5.5.  Clearing the Router's Logfiles
      Recipe 5.6.  Sending Log Messages to Your Screen
      Recipe 5.7.  Sending Logging Messages to a Log Server
      Recipe 5.8.  Saving Logging Messages to the Other Routing Engine
      Recipe 5.9.  Turning Off Logging
      Recipe 5.10.  Turning On Basic Tracing
      Recipe 5.11.  Monitoring Interface Traffic
        Chapter 6.  NTP
      Recipe 6.1.  Setting the Date and Time on the Router Manually
      Recipe 6.2.  Setting the Time Zone
      Recipe 6.3.  Synchronizing Time When the Router Boots
      Recipe 6.4.  Synchronizing Time Periodically
      Recipe 6.5.  Authenticating NTP
      Recipe 6.6.  Checking NTP Status
        Chapter 7.  Router Interfaces
      Recipe 7.1.  Viewing Interface Status
      Recipe 7.2.  Viewing Traffic Statistics on an Interface
      Recipe 7.3.  Setting an IP Address for the Router
      Recipe 7.4.  Setting the Router's Source Address
      Recipe 7.5.  Configuring an IPv4 Address on an Interface
      Recipe 7.6.  Configuring an IPv6 Address on an Interface
      Recipe 7.7.  Configuring an ISO Address on an Interface
      Recipe 7.8.  Creating an MPLS Protocol Family on a Logical Interface
      Recipe 7.9.  Configuring an Interface Description
      Recipe 7.10.  Choosing Primary and Preferred Interface Addresses
      Recipe 7.11.  Using the Management Interface
      Recipe 7.12.  Finding Out What IP Addresses Are Used on the Router
      Recipe 7.13.  Configuring Ethernet Interfaces
      Recipe 7.14.  Using VRRP on Ethernet Interfaces
      Recipe 7.15.  Connecting to an Ethernet Switch
      Recipe 7.16.  Configuring T1 Interfaces
      Recipe 7.17.  Performing a Loopback Test on a T1 Interface
      Recipe 7.18.  Setting Up a BERT Test on a T1 Interface
      Recipe 7.19.  Configuring Frame Relay on a T1 Interface
      Recipe 7.20.  Configuring a SONET Interface
      Recipe 7.21.  Using APS to Protect Against SONET Circuit Failures
      Recipe 7.22.  Configuring an ATM Interface
      Recipe 7.23.  Dealing with Nonconfigurable Interfaces
      Recipe 7.24.  Configuring Interfaces Before the PICs Are Installed
        Chapter 8.  IP Routing
      Recipe 8.1.  Viewing the Routes in the Routing Table
      Recipe 8.2.  Viewing Routes to a Particular Prefix
      Recipe 8.3.  Viewing Routes Learned from a Specific Protocol
      Recipe 8.4.  Displaying the Routes in the Forwarding Table
      Recipe 8.5.  Creating Static Routes
      Recipe 8.6.  Blackholing Routes
      Recipe 8.7.  Filtering Traffic Using Unicast Reverse-Path Forwarding
      Recipe 8.8.  Aggregating Routes
      Recipe 8.9.  Load-Balancing Traffic Flows
      Recipe 8.10.  Adding Martian Addresses
      Recipe 8.11.  Changing Route Preferences to Migrate to Another IGP
      Recipe 8.12.  Configuring Routing Protocols to Restart Without Losing Adjacencies
        Chapter 9.  Routing Policy and Firewall Filters
      Recipe 9.1.  Creating a Simple Routing Policy
      Recipe 9.2.  Changing a Route's Routing Information
      Recipe 9.3.  Filtering Routes by IP Address
      Recipe 9.4.  Filtering Long Prefixes
      Recipe 9.5.  Filtering Unallocated Prefix Blocks
      Recipe 9.6.  Creating a Chain of Routing Policies
      Recipe 9.7.  Making Sure a Routing Policy Is Functioning Properly
      Recipe 9.8.  Creating a Simple Firewall Filter that Matches Packet Contents
      Recipe 9.9.  Creating a Firewall Filter that Negates a Match
      Recipe 9.10.  Reordering Firewall Terms
      Recipe 9.11.  Filtering Traffic Transiting the Router
      Recipe 9.12.  Using a Firewall Filter to Count Traffic on an Interface
      Recipe 9.13.  Logging the Traffic on an Interface
      Recipe 9.14.  Limiting Traffic on an Interface
      Recipe 9.15.  Protecting the Local Routing Engine
      Recipe 9.16.  Rate-Limiting Traffic Flow to the Routing Engine
      Recipe 9.17.  Using Counters to Determine Whether a Router Is Under Attack
        Chapter 10.  RIP
      Recipe 10.1.  Configuring RIP
      Recipe 10.2.  Having RIP Advertise Its Routes
      Recipe 10.3.  Configuring RIP for IPv6
      Recipe 10.4.  Enabling RIP Authentication
      Recipe 10.5.  Routing RIP Traffic over Faster Interfaces
      Recipe 10.6.  Sending Version 1 Update Messages
      Recipe 10.7.  Tracing RIP Protocol Traffic
        Chapter 11.  IS-IS
      Recipe 11.1.  Configuring IS-IS
      Recipe 11.2.  Viewing the IS-IS Link-State Database
      Recipe 11.3.  Viewing Routes Learned by IS-IS
      Recipe 11.4.  Configuring IS-IS for IPv6
      Recipe 11.5.  Configuring a Level 1Only Router
      Recipe 11.6.  Controlling DIS Election
      Recipe 11.7.  Enabling IS-IS Authentication
      Recipe 11.8.  Redistributing Static Routes into IS-IS
      Recipe 11.9.  Leaking IS-IS Level 2 Routes into Level 1
      Recipe 11.10.  Adjusting IS-IS Link Costs
      Recipe 11.11.  Improving IS-IS Convergence Times
      Recipe 11.12.  Moving IS-IS Traffic off a Router
      Recipe 11.13.  Disabling IS-IS on an Interface
      Recipe 11.14.  Tracing IS-IS Protocol Traffic
        Chapter 12.  OSPF
      Recipe 12.1.  Configuring OSPF
      Recipe 12.2.  Viewing Routes Learned by OSPF
      Recipe 12.3.  Viewing the OSPF Link-State Database
      Recipe 12.4.  Configuring OSPF for IPv6
      Recipe 12.5.  Configuring a Multiarea OSPF Network
      Recipe 12.6.  Setting Up Stub Areas
      Recipe 12.7.  Creating a Not-So-Stubby Area
      Recipe 12.8.  Summarizing Routes in OSPF
      Recipe 12.9.  Enabling OSPF Authentication
      Recipe 12.10.  Redistributing Static Routes into OSPF
      Recipe 12.11.  Adjusting OSPF Link Costs
      Recipe 12.12.  Improving OSPF Convergence Times
      Recipe 12.13.  Moving OSPF Traffic off a Router
      Recipe 12.14.  Disabling OSPF on an Interface
      Recipe 12.15.  Tracing OSPF Protocol Traffic
        Chapter 13.  BGP
      Recipe 13.1.  Configuring a BGP Session Between Routers in Two ASs
      Recipe 13.2.  Configuring BGP on Routers Within an AS
      Recipe 13.3.  Diagnosing TCP Session Problems
      Recipe 13.4.  Adjusting the Next-Hop Attribute
      Recipe 13.5.  Adjusting Local Preference Values
      Recipe 13.6.  Removing Private AS Numbers from the AS Path
      Recipe 13.7.  Prepending AS Numbers to the AS Path
      Recipe 13.8.  Filtering BGP Routes Based on AS Paths
      Recipe 13.9.  Restricting the Number of Routes Advertised to a BGP Peer
      Recipe 13.10.  Authenticating BGP Peers
      Recipe 13.11.  Setting Up Route Reflectors
      Recipe 13.12.  Mitigating Route Instabilities with Route Flap Damping
      Recipe 13.13.  Adding a BGP Community to Routes
      Recipe 13.14.  Load-Balancing BGP Traffic
      Recipe 13.15.  Tracing BGP Protocol Traffic
        Chapter 14.  MPLS
      Recipe 14.1.  Configuring LSPs Using LDP as the Signaling Protocol
      Recipe 14.2.  Viewing Information and LDP-Signaled LSPs in the Routing Tables
      Recipe 14.3.  Verifying that an LDP-Signaled LSP Is Carrying Traffic
      Recipe 14.4.  Enabling LDP Authentication
      Recipe 14.5.  Tracing LDP Operations
      Recipe 14.6.  Setting Up RSVP-Signaled LSPs
      Recipe 14.7.  Viewing Information About RSVP-Signaled LSPs in the Routing Tables
      Recipe 14.8.  Verifying Packet Labels
      Recipe 14.9.  Verifying that the RSVP-Signaled LSP Is Carrying Traffic
      Recipe 14.10.  Configuring RSVP Authentication
      Recipe 14.11.  Protecting an LSP's Path
      Recipe 14.12.  Using Fast Reroute to Reduce Packet Loss Following a Link Failure
      Recipe 14.13.  Automatically Allocating Bandwidth
      Recipe 14.14.  Prioritizing LSPs
      Recipe 14.15.  Allowing IGP Traffic to Use an LSP
      Recipe 14.16.  Installing LSPs into the Unicast Routing Table
      Recipe 14.17.  Tracing RSVP Operations
        Chapter 15.  VPNs
      Recipe 15.1.  Setting Up a Simple Layer 3 VPN
      Recipe 15.2.  Viewing the VPN Routing Tables
      Recipe 15.3.  Adding a VPN for a Second Customer
        Chapter 16.  IP Multicast
      Recipe 16.1.  Configuring PIM-SM
      Recipe 16.2.  Manually Establishing a PIM-SM RP
      Recipe 16.3.  Using Auto-RP to Dynamically Map RPs
      Recipe 16.4.  Setting Up a PIM-SM Bootstrap Router
      Recipe 16.5.  Filtering PIM-SM Bootstrap Messages
      Recipe 16.6.  Configuring Multiple RPs in a PIM-SM Domain with Anycast RP
      Recipe 16.7.  Configuring Multiple RPs in a PIM-SM Domain Anycast PIM
      Recipe 16.8.  Limiting the Group Ranges an RP Services
      Recipe 16.9.  Viewing Multicast Routes
      Recipe 16.10.  Checking the Groups for Which a PIM-SM Router Maintains Join State
      Recipe 16.11.  Manually Configuring IGMP
      Recipe 16.12.  Using SSM
      Recipe 16.13.  Connecting PIM-SM Domains Using MSDP and MBGP
      Recipe 16.14.  Configuring PIM-DM
      Recipe 16.15.  Tracing PIM Packets
   About the Author