Notas estudo JNCIA-Junos parte 4

A tool primária de monitorização da plataforma é o CLI que inclui os comandos show e monitor. As secundarias são o J-Web , SNMP, hardware LEDS/LCDs

show system
alarms : This argument displays current system alarms;
boot-messages : This argument displays the messag es seen during the last system boot;
connections : This argument displays the status of local TCP and UDP connections;
statistics: This argument provides options for viewing various protocol statistics;
storage: This argument displays the status  of the file system storage space.

show chassis
alarms : This argument displays current chassis alarms;
environment : This argument displays component  and environmental status as well as the operational speeds of the cooling system;
hardware : This argument displays an inventory  of the installed hardware components along with the serial number of each component; and
routing-engine: This argument provides operational status and utilization details for the Routing Engine (RE).

Captura de tr√°fego

Capturar tr√°fego para ficheiro (hidden command)
monitor traffic write-file captura

Capturar em real-time especificando uma interface

[email protected]# run monitor traffic interface em5 no-resolve ?
Possible completions:
<[Enter]>            Execute this command
absolute-sequence    Display absolute TCP sequence numbers
brief                Display brief output
count                Number of packets to receive (0..1000000 packets)
detail               Display detailed output
extensive            Display extensive output
layer2-headers       Display link-level header on each dump line
matching             Expression for headers of receive packets to match
no-domain-names¬†¬†¬†¬†¬† Don’t display domain portion of hostnames
no-promiscuous¬†¬†¬†¬†¬†¬† Don’t put interface into promiscuous mode
no-timestamp¬†¬†¬†¬†¬†¬†¬†¬† Don’t print timestamp on each dump line
print-ascii          Display packets in ASCII when displaying in hexadecimal format
print-hex            Display packets in hexadecimal format
resolve-timeout      Period of time to wait for each name resolution (seconds)
size                 Amount of each packet to receive (bytes)
|                    Pipe through a command

[email protected]# run monitor traffic interface em5 no-resolve detail
Address resolution is OFF.
Listening on em5, capture size 1514 bytes

18:00:02.101361  In IP6 (hlim 1, next-header: UDP (17), length: 107) fe80::6101:1a73:bc24:3daf.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit(C cliaddr=8:2:189d:1:e:1:1:188a relayaddr=2145:d4be:d963:d2be:3:c:5300:5056)
18:00:02.983638 Out IP (tos 0xc0, ttl   1, id 12712, offset 0, flags [none], proto: OSPF (89), length: 64) 172.20.101.1 > 224.0.0.5: OSPFv2, Hello, length 44
Router-ID 9.9.9.9, Backbone Area, Authentication Type: none (0)
Options [External]
Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 128
Designated Router 172.20.101.1
18:00:02.985453 Out IP (tos 0xc0, ttl   1, id 12713, offset 0, flags [none], proto: OSPF (89), length: 64) 172.20.110.1 > 224.0.0.5: OSPFv2, Hello, length 44
Router-ID 9.9.9.9, Backbone Area, Authentication Type: none (0)
Options [External]
Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 128
Designated Router 172.20.110.1
^C
3 packets received by filter
0 packets dropped by kernel

Unified In-Service Software Upgrade (ISSU)

Permite upgrade sem disrup√ß√£o no control plane, apenas e suportado com 2 Routing Engines. O Graceful Routing Engine Switchover (GRES) e NonStop Active Routing (NSR) devem estar activos. Nem todas as plataformas suportam o NSR, durante a mudan√ßa de vers√£o n√£o podem ser feitas opera√ß√Ķes online/offline √°s PICs

Passos para efetuar um Unified ISSU:

1. activar o GRES e NSR e verificar a sincronização dos protocolos
2. efetuar no RE master request system software in-service-upgrade

Password Recovery

Durante o processo de reboot pressionar o Space

loader> boot -s (para boot em single user, similar em linux)

Ao iniciar o sistema vai perguntar pelo recovery script, apenas é necessário digitar recovery, sendo que o sistema vai iniciar permitindo fazer login sem password
Ap√≥s alterada a password, sair com ‘exit‘ para fazer reboot automaticamente

Remover/Copiar Ficheiros

[email protected]# run file ?
Possible completions:
<[Enter]>            Execute this command
archive              Archives files from the system
checksum             Calculate file checksum
compare              Compare files
copy                 Copy files (local or remote)
delete               Delete files from the system
list                 List file information
rename               Rename files
show                 Show file contents
source-address       Local address to use in originating the connection
|                    Pipe through a command

[email protected]# run file show /config/?
Possible completions:
<[Enter]>            Execute this command
<filename>           Filename to show
/config/juniper.conf.1.gz  Size: 458, Last changed: May 24 19:58:53
/config/juniper.conf.2.gz  Size: 454, Last changed: May 23 21:17:12
/config/juniper.conf.3.gz  Size: 450, Last changed: May 23 15:03:46
/config/juniper.conf.gz  Size: 452, Last changed: May 24 20:00:08
/config/juniper.conf.md5  Size: 32, Last changed: May 22 23:45:51
/config/rescue.conf.gz  Size: 454, Last changed: May 24 19:57:27

Uso de Grupos

Definir um grupo
Nota: Este grupo ir√° surtir efeito apenas em interfaces em*

set groups CONFIG_IF_EM interfaces <em*> description “By group”
set groups CONFIG_IF_EM interfaces <em*> vlan-tagging
set groups CONFIG_IF_EM interfaces <em*> speed 10m
set groups CONFIG_IF_EM interfaces <em*> link-mode half-duplex
set groups CONFIG_IF_EM interfaces <em*> unit 0 vlan-id 1
set groups CONFIG_IF_EM interfaces <em*> unit 0 family inet
set groups CONFIG_IF_EM interfaces <em*> unit 0 family inet6

[email protected]# set interfaces em4 apply-groups CONFIG_IF_EM;

[email protected]# show interfaces em4 | display inheritance | except #
description “By group”;
vlan-tagging;
speed 10m;
link-mode half-duplex;
unit 0 {
vlan-id 1;
family inet;
family inet6;
}

[edit]

[email protected]# show interfaces em4 | display inheritance
##
## ‘By group’ was inherited from group ‘CONFIG_IF_EM’
##
description “By group”;
##
## ‘vlan-tagging’ was inherited from group ‘CONFIG_IF_EM’
##
vlan-tagging;
##
## ’10m’ was inherited from group ‘CONFIG_IF_EM’
##
speed 10m;
##
## ‘half-duplex’ was inherited from group ‘CONFIG_IF_EM’
##
link-mode half-duplex;
##
## ‘0’ was inherited from group ‘CONFIG_IF_EM’
##
unit 0 {
##
## ‘1’ was inherited from group ‘CONFIG_IF_EM’
##
vlan-id 1;
##
## ‘inet’ was inherited from group ‘CONFIG_IF_EM’
##
family inet;
##
## ‘inet6’ was inherited from group ‘CONFIG_IF_EM’
##
family inet6;
}

[edit]

[email protected]# show interfaces ae0
apply-groups CONFIG_IF_EM;
vlan-tagging;
aggregated-ether-options {
lacp {
active;
}
}

[edit]
[email protected]# show interfaces ae0 | display inheritance
vlan-tagging;
aggregated-ether-options {
lacp {
active;
}
}

[edit]

Routing

Routing preference values can range from 0 to 4,294,967,295.

* – indica a rota activa

holddown – est√£o no estado pendente antes de o sistema as declarar como inativas
hidden – o sistema n√£o pode usar por quest√Ķes de invalid next-hop e/ou route policy

show route forwarding-table

Algumas das rotas são permanentes devido a sua natureza como e o caso da default (Type perm), esta entrada e usada para o router descartar tráfego quando não existe roteamento para determinado destino, após descarte envia um ICMP unreachable ao host de origem

Caso exista um default route na tabela, o router utiliza-a em vez da Type perm

Route types:

cloned (clon) – (TCP or multicast only) Cloned route.
destination (dest) – Remote addresses directly reachable through an interface.
destination down (iddn) – Destination route for which the interface is unreachable.
interface cloned (ifcl) – Cloned route for which the interface is unreachable.
route down (ifdn) – Interface route for which the interface is unreachable.
ignore (ignr) – Ignore this route.
interface (intf) – Installed as a result of configuring an interface.
permanent (perm) – Routes installed by the kernel when the routing table is initialized.
user – Routes installed by the routing protocol process or as a result of the configuration.

Next-hop Types:

broadcast (bcst) – Broadcast.
deny – Deny.
hold – Next hop is waiting to be resolved into a unicast or multicast type.
indexed (idxd) – Indexed next hop.
indirect (indr) – Indirect next hop.
local (locl) – Local address on an interface.
routed multicast (mcrt) – Regular multicast next hop
multicast (mcst) – Wire multicast next hop (limited to the LAN).
multicast discard (mdsc) – Multicast discard.
multicast group (mgrp)  РMulticast group member.
receive (recv) – Receive.
reject (rjct) – Discard. An ICMP unreachable message was sent.
resolve (rslv) – Resolving the next hop.
unicast (ucst) – Unicast.
unilist (ulst) – List of unicast next hops. A packet sent to this next hop goes to any next hop in the list.

By default o JunOS cria a master instance e outras private instances. Estas private instances s√£o para uso interno (comunica√ß√Ķes entre componentes de hardware) do JunOS.

[email protected]> show route instance
Instance             Type
Primary RIB                                     Active/holddown/hidden
__juniper_private1__ forwarding
__juniper_private1__.inet.0                     0/0/1
__juniper_private1__.inet6.0                    1/0/0

__juniper_private2__ forwarding
__juniper_private2__.inet.0                     0/0/1

__master.anon__      forwarding

master               forwarding
inet.0                                          8/0/0
inet6.0                                         1/0/0

Instances Types

forwarding: Used to implement filter-based forwarding for common Access Layer applications;
l2vpn: Used in Layer 2 VPN implementations;
no-forwarding :  Used to separate large networks into smaller administrative entities;
virtual-router: Used for non-VPN-related applications such as system virtualization; “VRF-lite”
vpls:  Used for point-to-multipoint LAN implementations between a set of sites in a VPN;
vrf :  Used in Layer 3 VPN implementations.

[email protected]# set routing-instances <instance-name> instance-type <instance-type>

[email protected]>show route table new-instance.inet.0
[email protected]>show interfaces terse routing-instance new-instance
[email protected]>traceroute 2.2.2.2 routing-instance new-instance

Static Routing

O next-hop pode ser a opção de bit bucket, as opcoes de discard/reject permite descartar o trafego:

  • discard faz drop silenciosamente (nao envia ICMP)
  • reject envia ICMP unreachable

Config static routing

set routing-options
static{
route 0.0.0.0/0 next-hop 172.30.25.1;
route 172.28.102.0/24 {
next-hop 10.210.11.190;
no-readdvertise;
}
}

O nexr-hop deve estar diretamente ligado, porque by default o JunOS n√£o faz lookups recursivos. Para possibilitar a recursividade usar o comando resolve

set routing-options static route 0.0.0.0/0 next-hop 172.30.25.1;
set routing-options static route 172.28.102.0/24 next-hop 10.210.11.190 resolve

Qualified Next hops

Permite indicar a preferência de uma rota (floating route)

qualified-next-hop x.x.x.x {
preference 7;
}

Referências:

Notas estudo JNCIA-Junos parte 1

Notas estudo JNCIA-Junos parte 2

Notas estudo JNCIA-Junos parte 3

2 thoughts on “Notas estudo JNCIA-Junos parte 4

  1. Pingback: Notas estudo JNCIA-Junos parte 5

  2. Pingback: Notas estudo JNCIS-ENT parte 7

Leave a Reply

Your email address will not be published. Required fields are marked *