Learning IOS and JUNOS

Junos Script Automation is a powerful and flexible on-box toolset which provides customization of network behavior, adaption to what your application expects to configure, manage and diagnose if and when needed. It sits right above the Junos OS, with a northbound interface to Junos Space applications, and southbound access to Junos SDK applications and native management plane instrumentation. This customized programmable solution makes your application smarter and better in real-time. In Juniper official website provides many script samples to match part of common requests. In my company, we deployed many inter-connections EBGP/IBGP between router or layer 3 switch. So I picked one op script from the JUNOS Script Library - show bgp policy : display all routing-policies in sequential order for a selected BGP peer.

In order to prepare the future migration from Juniper SSG to SRX, so I tried to use SRX GUI interface to see how its easy for operation team to sustain this. This is the first time I tried to use GUI to manage a router, and if you are not familiar with Juniper SRX features and functions, I have to say its a quick start to have a glance overview of Juniper SRX by web interface. For many junior engineers, if they can have what-you-see-what-you-get interface, they will accept new technology as fast as they can or they might refuse to try or to learn new technology if there's no time pressure or instructions from high-level managers directly . We are still using CLI to control most routing and switching network device today, but I believe someday the condition may change if the network virtualization come true.(I think no one would like to control firewall by CLI, isn't it ?)

Since our company current RTBH router was EOL(Cisco 1800), and our security team would like to expand the RTBH scope to all office SSL VPN all over the world(more than 100s), so we are trying to survey a good candidate for this position. We have a spare Juniper M10i and I believe it can meet the requirement for sure, but its too big so our operation team tried to leverage the lab device - Juniper SRX100H for this purpose. That's why I did this POC to prove the BGP scalability of SRX100H. As below is the Juniper SRX100H hardware features , as a such small device but has 1GB RAM so it can do much more than my expectation in its control plane: DDR Memory: 1 GB Power supply adapter: 30 watts AC input voltage: 100 to240 VAC FastEthernetports: 8 Consoleport: 1 USB port: 1 LEDs: 4 NAND flash: 1 GB  My POC topology as below is very simple and straight, I used a single cable connect between two SRX100H, then setup a trunk w/ 120 VLANs between them, each VLAN will have a dire...

在許多Juniper設備基本操作手冊中都會提到可以使用 'request system snapshot' 指令來備份現有組態及OS，不過在SRX上似乎只能搭配USB使用，不然的話會遇到錯誤訊息如下： root@SRX1# run request system snapshot error: usb (/dev/da1) media missing or invalid 好吧 來試試看，插入USB隨身碟之後再試試看： [edit] root@SRX1# umass1: Unigen Corporation PQS1000B1, rev 2.00/11.00, addr 4 da1 at umass-sim1 bus 1 target 0 lun 0 da1: Removable Direct Access SCSI-0 device  da1: 40.000MB/s transfers da1: 980MB (2007040 512 byte sectors: 64H 32S/T 980C) [edit] root@SRX1# run request system snapshot   WARNING: Recovery partition was not found on source media, creating now... Clearing current label... Partitioning usb media (/dev/da1) ... error: Not enough space to copy /altroot (/dev/da1s1a) partition. ...殘念 空間不足...再試試看用2G USB，終於成功! umass1: vendor 0x0930 USB Flash Memory, rev 2.00/1.00, addr 4 da1 at umass-sim1 bus 1 target 0 lun 0 da1: < USB Flash Memory 1.00> Removable Direct Access SCSI-2 device  da1: 40.000MB/s transfers da1: 1909MB (39116...

有時候想偷懶，懶得用FTP把JUNOS上傳到Branch SRX(SRX100/SRX200...)上；或是在機房裏真的忘了某一台設備的IP，懶得再走回座位去查，如果可以像以前M/T-Series直接用USB昇級JUNOS的話就可以省去許多的麻煩。 我以前曾經在JUNOS 10.2上嘗試過許多次都不成功，後來看到Juniper Learning Portal的教學才知道原來跟SRX本身的版本也有關係，至少要10.4以上才能支援USB自動昇級的功能。 步驟如下： 1. 先拿個USB隨身碟格式化成FAT/FAT32格式 2. 將要昇級的JUNOS版本(我是用複製到USB隨身碟中根目錄下 3. 執行這個指令 C:\> echo ""> [USB隨身碟的磁碟代號] :\autoinstall.conf EX: 我的USB隨身碟是F Drive，所以我的指令是 C:\> echo ""> F :\autoinstall.conf 4. 把USB隨身碟插到SRX的USB slot中，接著稍待片刻讓SRX偵測到USB 以下是我現有的版本  [edit] root# run show version Model: srx100h JUNOS Software Release [10.4R6.5] 當你插入USB時，Console會出現類似以下的提示  [edit] root# umass1: Unigen Corporation PQS1000B1, rev 2.00/11.00, addr 4 da1 at umass-sim1 bus 1 target 0 lun 0 da1: Removable Direct Access SCSI-0 device da1: 40.000MB/s transfers da1: 980MB (2007040 512 byte sectors: 64H 32S/T 980C) FSTYPE = 11...(omit)   5. 直接按下SRX的RESET CONFIG按鈕(注意不要按錯POWER按鈕) 6. 接下來所有的燈號都會變橙色燈號，然後就開始自動進行昇級動作；昇級完成會自動重新開機，開機完成後重新登入就看到新...