JUNOS Cookbook | O'Reilly Media

BUY THIS BOOK

Print Book $54.99

Print+PDF $71.49

PDF $43.99

Safari Books Online

What is this?

Print Book £38.99

What is this?

Looking to Reprint or License this content?

Tell a friend

JUNOS Cookbook

By Aviva Garrett
Book Price: $54.99 USD
£38.99 GBP
PDF Price: $43.99

Cover | Table of Contents | Colophon

Chapter 1: Router Configuration and File Management

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Juniper Networks routers are specialized network devices that run network operating system software, which is called JUNOS software. In this book, we talk about JUNOS features that run on the J-series, M-series, and T-series router platforms. The M-series and T-series platforms are larger routers typically used by network service providers, telephone companies, large enterprise companies, and universities. The J-series routers are smaller routers designed for use by businesses and other organizations to connect multiple sites or to connect to the Internet. The JUNOS software is pre-installed on a new Juniper Networks routers: when you turn the router on, the software automatically starts running. The first task you have to perform is configuring the router.

JUNOS software is distributed as a set of modular software packages that contain the various components of the software. A given JUNOS software release runs on all J-series, M-series, and T-series routers. The examples in this book are based on the JUNOS 7.4 release of the software on either M20 routers or J2300 routers, but all are applicable for the most recent JUNOS releases and for future releases on the M-, T-, and J-series families of routers.

This chapter discusses basic router configuration, including how to configure the router for the first time, configuring from the command-line interface ( CLI), loading and saving configuration files, and working with the filesystems and files used by the JUNOS software. It also discusses how to upgrade the JUNOS software and how to gather hardware and software inventory information.

When you first start a router, you must configure basic network information, such as the router name, IP address, and domain name, so that the router is reachable on the network. You then configure the desired software features. To configure the router, you generally log in to the router and use the JUNOS CLI. Some routers, including the J-series, also have a web-based interface called J-Web. From the CLI, you specify the configuration in a plain-text (ASCII) configuration file, which you can read from the CLI (on the router) or by using any ASCII text editor (on a server). From J-Web, the configuration is saved in an ASCII file that you can read using J-Web, the CLI, or an ASCII text editor.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Introduction

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Configuring the Router for the First Time

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You have just installed and turned on a router and are configuring the JUNOS software for the first time.

Use the following commands to configure the router:

	root# cli
	root@>
	cli> configure
	[edit]
	root@# set system host-name router1
	root@# set system domain-name mynetwork.com
	root@# set interfaces fxp0 unit 0 family inet address 192.168.15.1/24
	root@# set system backup-router 192.168.15.2
	root@# set system name-server 192.168.15.3
	root@# set system root-authentication plain-text-password
	New password:
	Retype password:
	root@ show
	system {
	    host-name router1 
;
	    domain-name mynetwork.com;
	    backup-router 192.168.15.2;
	    root-authentication {
	         encrypted-password "$1$ZUlES4dp$OUwWo1g7cLoV/aMWpHUnC/"; ## SECRET-DATA;
	    }
	    name-server {
	         192.168.15.3;
	}
	interfaces {
	    fxp0 {
	        unit 0 {
	            family inet {
	                address 192.168.15.1/24;
	            }
	        }
	    }
	}
	root@# commit
	root@router1# exit
	root@router1>

On most JUNOS routers, the JUNOS software is installed in two places: the flash drive and the hard disk. When you first turn on the router, it runs the version of the software that is installed on the flash drive. The copy on the hard disk is a backup. Another backup copy of the software is provided on removable media, typically a PC card or a compact Flash card.

When you turn on your router for the first time, the JUNOS software automatically boots and starts. On some routers, a script prompts you for basic information about the router. On other routers, you use the J-Web browser to perform the initial configuration. At this point, you need to enter enough basic configuration information so that the router can be on the network and others can log in over the network. To work on the router to perform the initial configuration, you need to connect a terminal or laptop computer to the router through the console port, which is a serial port on the front of the router.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Configuring the Router from the CLI

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You need to modify the router's configuration using the JUNOS CLI.

You need to be in configuration mode to configure the router:

	aviva@router1> configure
	Entering configuration mode
	[edit]
	aviva@router1#

When you want to modify the router's configuration, log in to the router, enter configuration mode as shown in this example, and then create a hierarchy of configuration statements that define the desired router operation. There are other ways to configure the router, which are discussed later in the chapter, including loading a configuration file from a remote server or from the local router and loading a previous router configuration.

When you want the configuration to take effect, you must activate, or commit, it.

Recipe 1.7

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Getting Exclusive Access to Configure the Router

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

More than one person can log in to the router and modify the configuration at one time; you want to prevent someone from overwriting your configuration changes.

Use the following version of the configure command to enter configuration mode:

	aviva@router1> configure  
exclusive
	warning: uncommitted changes will be discarded on exit
	Entering configuration mode
	[edit]
	aviva@router1#

Because more than one person can log in to the router at the same time, several people may be modifying the configuration simultaneously. You will know that another person is editing the configuration when you enter configuration mode:

	aviva@router1> configure
	Entering configuration mode
	Users currently editing the configuration:
	    mike terminal p3 (pid 1088) on since 2005-02-30 19:47:58 PST, idle 00:00:44
	[edit]
	aviva@router1#

Here you can see that mike is also logged in, is working in configuration mode, and has not typed anything for 44 seconds. However, if someone enters configuration mode after you do, the CLI does not display any message, so you will not be notified. Instead, you need to check:

	[edit]
	aviva@router1#  
status
	Users currently editing the configuration:
	  aviva terminal p0 (pid 3358) on since 2005-06-09 11:22:18 PDT
	      [edit]
	  mike terminal p1 (pid 3768) on since 2005-06-09 11:48:31 PDT
	      [edit]

If you need to ensure that no one else can change the configuration while you are modifying it, use the

 
configure exclusive

command to enter configuration mode. With this option, no other users can change the configuration as long as you are in configuration mode. If you do not commit the changes you make, they are lost when you exit from configuration mode.

If another user has locked the configuration, you can forcibly log him out:

	aviva@router1> request system logout user mike

You get the username from the message displayed when you enter configuration mode or from the status command.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Displaying the Commands to Recreate a Configuration

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You have a copy of a JUNOS router configuration or you need to duplicate a router configuration on another router and you want to know the commands to use to create the configuration.

Use the following command to list the commands for creating a configuration:

	[edit]
	aviva@RouterA# show |  
display set

The

 
show | display set

command is a handy way to reverse-engineer a router configuration when you are trying to duplicate portions of a configuration on many routers or when you need to write up configuration, monitoring, or troubleshooting procedures for your network operations staff. This command is especially useful if the configuration is complex and when setting it up involves many long commands and lots of typing.

When you pipe the output of the configuration mode show command into the display set command, the JUNOS CLI prints a list of the commands you need to issue from that hierarchy level to create the existing configuration. When you use the command at the top level of the configuration (at the [edit] level), the CLI shows all the commands necessary to configure the router, which for most routers is a lot of commands. By way of illustration, here's a sample of the output for four interfaces on the router from the [edit interfaces] level:

	[edit interfaces]
	aviva@RouterA# show | display set
	set interfaces fe-0/0/1 unit 0 family inet address 10.0.15.2/24
	set interfaces se-0/0/2 unit 0 family inet address 10.0.21.1/24
	set interfaces se-0/0/3 serial-options clocking-mode dce
	set interfaces se-0/0/3 unit 0 family inet address 10.0.16.1/24
	set interfaces lo0 unit 0 family inet address 192.168.13.1/32

You can cut and paste these commands individually or all at once. They produce the following configuration:

	[edit interfaces]
	aviva@RouterA# show
	fe-0/0/1 {
	    unit 0 {
	        family inet {
	            address 10.0.15.2/24;
	        }
	    }
	}
	se-0/0/2 {
	    unit 0 {
	         family inet {
	             address 10.0.21.1/24;
	         }
	    }
	}
	se-0/0/3 {
	    serial-options {
	        clocking-mode dce;
	    }
	    unit 0 {
	         family inet {
	              address 10.0.16.1/24;
	         }
	    }
	}
	lo0 {
	    unit 0 {
	         family inet {
	              address 192.168.13.1/32;
	         }
	    }
	}

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Including Comments in the Configuration

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to add comments to the router configuration file to help other people reading the file understand how the router is configured.

Use the annotate command to add a comment:

	[edit protocols ospf]
	aviva@router1# set area 0.0.0.0 interface fe-0/0/0
	aviva@router1# annotate area 0.0.0.0 "backbone routers"
	aviva@router1# show
	/* backbone routers */
	area 0.0.0.0 {
	     interface fe-0/0/0.0;
	}

It is generally good practice to include comments in the configuration to clarify what is included for others who read the configuration. You can add comments for statements at the current hierarchy level in the configuration. In this recipe, we add a comment for the area statement at the [edit protocols ospf] level. The comment appears immediately before the statement.

To delete a comment, use the annotate command with an empty string:

	[edit protocols ospf]
	aviva@router1# annotate area 0.0.0.0 ""

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Checking the Syntax of the Configuration

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to check the syntax of your configuration to make sure there are no errors or missing statements.

Check the syntax of the configuration:

	[edit]
	aviva@router1# commit check
	configuration check succeeds
	[edit]
	aviva@router1#

As you are configuring the router, if you mistype a JUNOS configuration statement or command, the CLI gives you immediate feedback and pesters you until you type it correctly. However, this does not guarantee that you have spelled all variable names correctly or that you haven't omitted any required statements. Use the commit check command from time to time to check the syntax of the configuration. This command only checks the syntax; it does not activate the configuration.

If the syntax has no errors, you see the message configuration check succeeds.

If you have made any mistakes in the configuration, a message reports where in the configuration hierarchy the mistake is and describes the problem. The following example shows that a RIP neighbor router has been incorrectly configured in two RIP groups:

	[edit]
	aviva@router1# commit check
	[edit protocols rip group alpha-rip-group]
	  'neighbor fe-0/0/0.0'
	     Failed to configure neighbor fe-0/0/0.0: already in group alpha-rip-group
	error: configuration check-out failed

This is a mistake because a RIP neighbor can be in only one group. You can see from the output that the mistake is at the [edit protocols rip group alpha-rip-group] hierarchy level of the configuration.

Even if the syntax of the configuration is correct, that is no guarantee that the configuration will work as expected.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Activating the Router Configuration

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You have created or modified the router's configuration using the CLI and you want to put the configuration into effect.

Use the following command to activate a router configuration:

	[edit]
	aviva@router1# commit
	commit complete
	[edit]
	aviva@router1#

When you modify the configuration on the router, you are editing a copy of the router's configuration. This copy is called the candidate configuration. Any modifications that you make to the configuration are recorded only in the copy of the configuration and have no impact on the operation of the router. When you want the configuration to take effect, you must activate, or commit, it. When you do this, your configuration file is checked to make sure the syntax is correct. It is then activated, becoming the running configuration.

The commit process is a batch mode operation. While you are in configuration mode, you can make any number of changes, but these appear only in the candidate configuration and have no effect on the running configuration. You can even verify the syntax without activating the changes (with the commit check command; see Recipe 1.6). The commit command batches up all your changes (as well as changes made by anyone else who is also in configuration mode) and activates them all at once. This means that interdependent configuration segments take effect at the same time, so you don't have to worry about the order in which you add statements to the configuration.

When you activate a configuration, the JUNOS software saves a copy of it on the router. This is discussed further in Recipe 1.14.

It bears repeating that you must activate a configuration using the commit command for it to take effect. It is a common mistake to forget to commit your changes, so this is often the first thing to check when debugging an operational problem on the router. It's very easy to see how this might happen. You might make a change in the configuration and then immediately use the run command to issue an operational mode command to verify that the router behavior matches the changed configuration, or you might get interrupted or distracted while configuring and issue a

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Debugging a Failed Commit

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You are trying to activate a configuration and the commit command continues to fail.

Watch each step of the commit operation:

	[edit]
	aviva@router1# commit | display detail
	2005-02-24 11:49:49 PST: exporting juniper.conf
	2005-02-24 11:49:49 PST: expanding groups
	2005-02-24 11:49:49 PST: finished expanding groups
	2005-02-24 11:49:49 PST: setup foreign files
	2005-02-24 11:49:49 PST: propagating foreign files
	2005-02-24 11:49:49 PST: complete foreign files
	2005-02-24 11:49:50 PST: dropping unchanged foreign files
	2005-02-24 11:49:50 PST: daemons checking new configuration
	2005-02-24 11:49:50 PST: commit wrapup…
	2005-02-24 11:49:50 PST: updating '/var/etc/filters/filter-define.conf'
	2005-02-24 11:49:50 PST: activating '/var/etc/keyadmin.conf'
	2005-02-24 11:49:50 PST: activating '/var/etc/gtpcd.conf'
	2005-02-24 11:49:50 PST: activating '/var/etc/certs'
	2005-02-24 11:49:50 PST: executing foreign_commands
	2005-02-24 11:49:50 PST: /bin/sh /etc/rc.ui ui_setup_users (sh)
	2005-02-24 11:49:50 PST: executing ui_commit in rc.ui
	2005-02-24 11:49:51 PST: copying configuration to juniper.save
	2005-02-24 11:49:51 PST: activating '/var/run/db/juniper.data'
	2005-02-24 11:49:51 PST: notifying daemons of new configuration
	2005-02-24 11:49:51 PST: signaling 'Routing protocol daemon', pid 2884, signal 1,
	status 0 with notification errors enabled
	commit complete

The previous output shows the results of a successful commit operation. If the configuration contains a mistake, the output indicates where the mistake is:

	[edit]
	aviva@router1# commit | display detail
	2005-02-24 13:46:03 PST: exporting juniper.conf
	2005-02-24 13:46:03 PST: expanding groups
	2005-02-24 13:46:03 PST: finished expanding groups
	2005-02-24 13:46:03 PST: setup foreign files
	2005-02-24 13:46:03 PST: propagating foreign files
	2005-02-24 13:46:03 PST: complete foreign files
	2005-02-24 13:46:03 PST: dropping unchanged foreign files
	2005-02-24 13:46:03 PST: daemons checking new configuration
	[edit protocols rip group alpha-rip-group]
	  'neighbor fe-0/0/0.0'
	     Failed to configure neighbor fe-0/0/0.0: already in group alpha-rip-group
	error: configuration check-out failed

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Exiting Configuration Mode

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

After you have completed making changes to the configuration, you want to activate the configuration and return to operational mode.

From the top hierarchy level, activate the configuration and exit configuration mode:

	[edit]
	aviva@router1# commit
	aviva@router1#  
quit
	aviva@router1>

From a lower level in the hierarchy, commit and exit configuration mode:

	[edit system]
	aviva@router1# commit
	aviva@router1# top
	[edit]
	aviva@router1# quit
	aviva@router1>

The following command is a quicker variation:

	[edit system]
	aviva@router1# commit
	aviva@router1# exit configuration-mode
	aviva@router1>

From any hierarchy level, activate the configuration and exit configuration mode with a single command:

	[edit system]
	aviva@router1# commit and-quit
	aviva@router1>

The commands in this recipe show several variations of quitting configuration mode after you have committed a configuration. If you issue separate commit and quit (or exit) commands, you must be at the top level of the hierarchy (at the [edit] level) for the exit command to quit configuration mode. From a lower level, use the top command to return quickly to the [edit] level. If you use the exit command at a lower level, it returns you to the highest hierarchy from which you previously issued an edit command.

Here's an example sequence of edit and exit commands to illustrate this:

	[edit]
	aviva@router1# edit protocols
	[edit protocols]
	aviva@router1# edit ospf
	[edit protocols ospf]
	aviva@router1# edit area 0.0.0.1
	[edit protocols ospf area 0.0.0.1]
	aviva@router1# exit
	[edit protocols ospf]
	aviva@router1# exit
	[edit protocols]
	aviva@router1# exit
	[edit]
	aviva@router1# exit
	 
Exiting configuration mode
	aviva@router1>

A quicker way to commit and then exit configuration mode from a lower level in the hierarchy is to use the commit command followed by the

 
exit configuration-mode

command.

Perhaps the quickest way to commit and get back to operational mode is to use the

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Keeping a Record of Configuration Changes

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

When you activate a configuration, you want to include a short message that describes the changes you made.

Include a comment when you activate the configuration:

	aviva@router1# commit comment "turned on telnet"

It's good practice to include a short description of the changes you made to each version of a configuration file so you can keep a history of configuration changes. You do this by using the comment option with the commit command.

To track down what changed in the configuration and when, you can review the comments:

	aviva@router1> show system commit
	0   2005-03-31 20:26:16 UTC by aviva via cli
	    turned on telnet
	1   2005-03-31 11:12:28 UTC by aviva via cli
	    set host gildor facility-override local4

Recipe 1.17

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Determining What Changes You Have Made to the Configuration

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to check what changes you have already made when editing a configuration.

To find out what changes were made during the current configuration session, use the following command:

	[edit]
	aviva@RouterG# show | compare
	[edit interfaces]
	-    fe-1/0/1 {
	-         unit 0 {
	-              family inet {
	-                  address 10.0.1.2/24;
	-              }
	-          }
	-    }

To compare the current configuration to the previous one, use the following command:

	[edit]
	aviva@RouterG# show | compare rollback 1
	[edit protocols ospf]
	-   export send-direct;

When you are working in a small portion or hierarchy of the configuration, you can issue the show command from time to time to see the configuration statements that were added or deleted so you can confirm the configuration. However, when making changes throughout the configuration hierarchy, you generally just want a summary of all the changes so you don't have to dig through the entire router configuration. The easiest way to see all the changes is to move to the top of the configuration hierarchy with the top command and then use the

show |  
compare

command, which is equivalent to the

 
show | compare rollback 0

command. This is actually two commands: the show command displays the entire configuration, and the output is piped to the compare command, which lists only the differences between the two commands (just like the Unix diff command).

The output shown in the "Solution" indicates that you have deleted the fe-1/0/1 interface from the [edit interfaces] configuration hierarchy. The first line of the output shows the hierarchy level, and the minus signs indicate the deletions. Plus signs are used when you have added statements, as in this example:

	[edit]
	aviva@RouterG#  
show | compare
	[edit interfaces lo0 unit 0 family inet]
	        address 192.168.19.1/32 { … }
	 
+       address 127.0.0.1/32;

You can also compare the current configuration with a previously committed one. The second command shows how to do this.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Configuring the Router by Copying a File from a Server

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You have a router configuration file on a server and you want to copy it to the router and activate it.

Use the following command to copy the configuration to the router:

	aviva@router1> file copy server1:router- 
base-configuration  
.
	aviva@router1's password:
	router-base-configuration              100%   10KB   10.0KB/s   00:00

Verify that the file has been copied to the router:

	aviva@router1> file list
	/var/home/aviva/:
	.ssh/
	router-base-configuration

Then load the file into the JUNOS CLI:

	[edit]
	aviva@router1#  
load override router-base-configuration
	load complete

You should use the show command to review the loaded configuration and make sure it's what you expect:

	aviva@router1# show

Then activate the configuration:

	[edit]
	aviva@router1# commit
	commit complete

JUNOS configuration files are simply formatted text files, so you can create a configuration file on a server and then load it onto the router. Use the file copy command on the router to copy the file from the server to the router. This command is similar to the Unix

scp

command. In this example, the file is copied from the user's home directory on the server to her home directory on the router. The home directory is effectively the current directory, so you can type a dot (.) for the directory name, just as in Unix. The explicit path is /var/home/aviva. No text is shown here for the password because the CLI does not echo what you type when you enter the password.

Because the file copy command uses SSH, the server must also be running SSH. (You can use the file copy command because you enabled SSH when you initially configured the router [see Recipe 1.1].)

If the file on the server is not in your home directory, you can specify the full path to the directory. In this example, the file you want to copy is in the /tmp/config directory:

	aviva@router1> file copy server1:/tmp/config/router-base-configuration .

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Configuring the Router by Copying Text from a Terminal Window

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You have a portion of a router configuration displayed in another window on your terminal or computer and you want to copy it to another router and activate it.

Use the

 
load merge terminal

command:

	aviva@router1> configure
	Entering configuration mode
	[edit]
	aviva@router1# load merge terminal
	[Type ^D at a new line to end input]

Then, cut the configuration snippet and paste it here. When you are done, type Ctrl-d.

A time-saver when configuring the router is to cut the configuration text from one window on your computer and paste it into the router's terminal window with the load merge terminal command. This is a great technique when you are copying configuration text from a browser or email window or when you are propagating identical or similar configurations from one router to another. To illustrate with a simple example, suppose you are configuring PIM-SM on all routers and are copying the configuration from a browser window. Here's the configuration in the browser:

	protocols {
	    pim {
	        interface all {
	            mode sparse;
	            version 2;
	        }
	        interface fxp0.0 {
	             disable;
	        }
	    }
	}

Copy the text from the browser window; then, in the router's configuration window, go into configuration mode, move to the correct configuration hierarchy level, and paste the text.

If PIM is not yet configured, merge it into the existing configuration:

	aviva@router1> configure
	Entering configuration mode
	[edit]
	aviva@router1#  
load merge terminal
	[Type ^D at a new line to end input]
	cut and paste here to add the lines shown below
	protocols  
{
	    pim {
	        interface all {
	            mode sparse;
	            version 2;
	        }
	        interface fxp0.0 {
	             disable;
	        }
	    }
	}
	^D
	load complete

First type the load merge terminal command and press Enter. Then paste the copied text and press Ctrl-d when done. This snippet starts at the top level of the configuration,

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Backing Up the Router's Configuration

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to back up the router's configuration to a remote server.

You can use the following command to copy the active configuration file to a server:

	aviva@router1> file copy /config/juniper.conf.gz server1:/homes/aviva/tmp
	aviva@server1's password:
	juniper.conf.gz               100% 2127       2.1KB/s       00:00

From configuration mode, use the

 
save

command to copy the candidate configuration to your home directory on a server:

	[edit]
	aviva@router1# save server1:configuration-march02
	aviva@server1's password:
	tempfile                      100%    11KB    11.2KB/s      00:00
	Wrote 433 lines of configuration to 'server1:configuration-march02'

You can also save it to a file in your home directory on the router:

	[edit]
	aviva@router1# save configuration-march02
	Wrote 433 lines of configuration to 'configuration-march02'
	aviva@router1# run file list
	/var/home/aviva:
	.ssh/
	configuration-march02

Another way to back up configuration files is to automatically transfer the file each time you commit the configuration:

	[edit system]
	aviva@router1# set archival configuration transfer-on-commit
	aviva@router1# set archival configuration archive-sites ftp://aviva:password@server1.
	mynetwork.com:/m20-config-archives

This recipe shows several ways to save a backup copy of the router's configuration. Use the first command from operational mode to copy the currently running version of the configuration to a server. The next two commands are configuration mode commands that save the candidate configuration either to a server or to your home directory on the router. If you use the save command after committing the configuration, you are effectively backing up the running configuration. The save command saves the configuration starting at your current hierarchy level. In this recipe, the commands are issued from the top hierarchy level (the [edit] level), so the entire configuration is saved. If you issue the command from a lower level, only that portion of the configuration is saved. The following command saves only the BGP configuration:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Scheduling the Activation of a Configuration

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to activate a new or modified router configuration at a later time.

You schedule when the software should activate a configuration:

	[edit]
	aviva@router1# commit at 10:45
	configuration check succeeds
	commit at will be executed at 2005-02-25 10:45:00 PST
	Exiting configuration mode

The time is in 24-hour (military) format, so to specify a time after 12 p.m., use the following command:

	[edit]
	aviva@router1#  
commit at 22:45
	configuration check succeeds
	commit at will be executed at 2005-02-25 22:45:00 PST
	Exiting configuration mode

To schedule the activation of a configuration to occur on another day, use the full date and time:

	[edit]
	aviva@router1# commit at "2005-02-26 10:45"
	configuration check succeeds
	commit at will be executed at 2005-02-26 10:45:00 PST
	Exiting configuration mode

To cancel a commit operation scheduled with the commit at command, use the following command:

	aviva@router1>  
clear system commit
	Pending commit cleared

Sometimes you want to delay the activation of a configuration, scheduling it to occur at some later time. For example, if you are a network provider and have a service window in which network changes are made, you want the new configuration to take effect during that window. Or, if you are making changes on a number of routers, you might want the changes to take effect on all the routers at the same time or within the same time window, especially if you are making changes to routing protocols that might affect routing and route convergence across the network.

One way to schedule the activation of a configuration is to use the commit at command. The first two commands in this recipe commit the configuration at a specific time on the current day, one at 10:45 a.m. and the second at 10:45 p.m. The third command schedules the commit at 10:45 a.m. on another day.

Verify that the commit command has actually executed by looking at the timestamp on the currently running configuration file:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Provisionally Activating a Configuration

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to activate a new or modified router configuration but you are not sure whether the configuration will somehow disable the router.

Use the following command to commit the configuration changes provisionally:

	[edit]
	aviva@router1#  
commit confirmed
	commit confirmed will be automatically rolled back in 10 minutes unless confirmed
	commit complete

To make the provisional activation permanent, issue the following command:

	[edit]
	aviva@router1# commit
	commit complete

When you need to verify that a new or modified configuration is working properly—and especially if the changes might lock you out of the router—you can provisionally commit it using the commit confirmed command.

By default, the commit confirmed command activates the configuration for 10 minutes. Within this time, you must explicitly confirm that the configuration is acceptable—either by issuing another commit command or by entering the commit check command—to make the provisional activation permanent. If you do not, the router loads and activates the previous configuration when 10 minutes have passed. You have to keep track of the time yourself, because the CLI doesn't warn you when it is expiring. The CLI displays a message if you do not confirm the commit when returning to the previous configuration:

	Broadcast Message from root@router1
	        (no tty) at 15:05 PDT…
	Commit was not confirmed; automatic rollback complete.

When working on a production router, if you are concerned that the change you are making might not go as expected, specify an interval of less than 10 minutes. If you are quite worried, one minute might be as long as you want to wait:

	[edit]
	aviva@router1# commit confirmed 1
	commit confirmed will be automatically rolled back in 1 minutes unless confirmed
	commit complete

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Loading a Previous Router Configuration

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You need to undo the active router configuration and return to a previous configuration.

The

 
rollback

configuration mode command loads a previous router configuration as the candidate configuration:

	[edit]
	aviva@router1# rollback 1
	load complete
	[edit]
	aviva@router1# show
	[edit]
	aviva@router1# commit
	commit complete

You can reload any of the previously committed versions of the configuration file. You identify the version by the number, which is the number in the filename. In this example, we reload the last saved configuration file, /config/juniper.conf.1.gz. The rollback command only loads the configuration, making it the candidate configuration, but does not activate it. The commit command activates the retrieved configuration. While using the show command here is optional, it's good practice to verify that the configuration you loaded is what you expect.

To figure out which previous configuration you want to retrieve, you can use a few commands that we have already discussed, including

 
show system commit

and

 
file list detail /config

. You can use the file list detail /var/db/config command to find out when the older configuration files were activated and by whom. You can also see this information when you issue the rollback command by using the router's built-in help:

	[edit]
	aviva@router1# rollback ?
	Possible completions:
	  <[Enter]>            Execute this command
	  0                          2005-02-25 12:31:52 PST by aviva via cli
	  1                          2005-02-25 10:45:12 PST by aviva via cli commit at
	  2                          2005-02-25 03:10:21 PST by root via cli
	…
	  48                         2005-02-19 03:01:04 PST by root via cli
	  49                         2005-02-18 18:24:21 PST by aviva via cli
	  |                          Pipe through a command

Recipes 1.10, 1.14, and 1.18

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Creating an Emergency Rescue Configuration

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to store a copy of a known good and working configuration that you can load in case of an emergency without having to remember which rollback number to use.

When a known stable and working configuration is loaded and running on the router, save it as the rescue configuration:

	aviva@router1> request system configuration rescue save

You can also save it directly from configuration mode:

	aviva@router1# run request system configuration rescue save

You create a rescue configuration to define a known working configuration or a configuration with a known state that you can roll back to at any time. This alleviates having to know the rollback number when you use the rollback command. You use the rescue configuration when you need to roll back to a known configuration or as a last resort if your router configuration and the backup configuration files become damaged beyond repair. The JUNOS software does not provide a default rescue configuration.

To return to the rescue configuration, load it with the following command:

	[edit]
	aviva@router1# rollback rescue
	[edit]
	aviva@router1# commit
	commit complete

The JUNOS software stores the rescue configuration in the /config directory:

	aviva@router1> file list /config
	/config:
	juniper.conf.1.gz
	juniper.conf.2.gz
	juniper.conf.3.gz
	juniper.conf.gz
	rescue.conf.gz

To save a different configuration as the rescue configuration, just use the request system configuration rescue save command to overwrite the existing file. If you discover that the existing rescue configuration is not correct, but you don't have something to replace it with, delete the rescue configuration so no one accidentally uses it:

	aviva@router1> request system configuration rescue delete

Recipe 1.17

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Backing Up Filesystems on M-Series and T-Series Routers

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You are preparing to load a different release of the JUNOS software or reload the current release and you want to save the files that are already on the router.

On M-series and T-series routers, use the following command to back up the files in the router's filesystems:

	aviva@router1>  
request system snapshot

Before you install any JUNOS software, either upgrading, downgrading, or reinstalling the current software version, you should always back up the files in the router's filesystem. This operation is sometimes called taking a snapshot of the software. The request system snapshot command copies the files and filesystems from the current running active partitions to standby partitions. Specifically, it copies the / (root) filesystem to /altroot, and the /config filesystem to /altconfig. You see information about the copying as the command is running:

	aviva@router1> request system snapshot
	Copying '/' to '/altroot' .. (this may take a few minutes)
	Copying '/config' to '/altconfig' .. (this may take a few minutes)
	The following filesystems were archived: / /config

You can take a snapshot of the software at any time, but you should always do so before installing a new JUNOS software version so that you can recover to a known, stable environment in case something goes wrong when you load the software. You should also always run it after you have successfully loaded a new version of the software.

Why do you need to back up the JUNOS filesystems? One seasoned administrator has said that the less you know about the JUNOS filesystems, the more sane you will be—but still, you have to know at least a little bit. Routers have two internal storage areas, the flash drive (by default, the primary boot device) and the hard disk (the secondary boot device). A copy of the JUNOS software is stored in both. The flash drive has two filesystems (or partitions): /config, which contains the active and most recent backup configurations, the rescue configuration, and software licenses, and /, which contains the JUNOS software (everything installed by the

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Backing Up Filesystems on J-Series Routers

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You are preparing to load a different release of the JUNOS software or reload the current release on a J-series router and you want to save the files that are already on the router.

On any J-series router, back up the filesystem to a device that is connected to the router's USB port:

	aviva@RouterA> request system snapshot media usb

On J4300 and J6300 routers, you can also back up the files in the router's filesystem to a removable compact flash disk:

	aviva@RouterA> request system snapshot media removable-compact-flash

Before installing the software upgrade, delete old log- and crashfiles:

	aviva@RouterA> request system storage cleanup

The snapshot process on J-series routers differs from the process for M-series and T-series routers because of hardware differences. You can place a snapshot of the J-series filesystems on a device connected to the router's USB port or, for J4300 and J6300 routers, on a removable compact flash disk.

You can take a snapshot of the software at any time, but you should always do so before installing a new JUNOS software version so that you can recover to a known, stable environment in case something goes wrong when you load the software. You should also always take a snapshot after you have successfully loaded a new version of the software.

Before installing a new software package, you can use the request system storage cleanup command to remove older files to free up space in the filesystem. This command deletes any rotating logfiles in /cf/var/log that are not current files in /cf/var/tmp that have not been modified in the last two days and all crashfiles in /cf/var/crash. Before you delete files in the directories, you can use the

 
file list

command to check what they contain:

	aviva@RouterA> file list detail /cf/var/tmp
	/cf/var/tmp:
	total 28
	-rw-r--r--  1  root  wheel        6379 Nov 3 00:10 cleanup-pkgs.log
	drwxrwxrwx  2  root  wheel         512 Apr 15 2005 install/
	-rw-r-----  1  root  wheel        2492 Nov 3 00:10 sampled.pkts

	aviva@RouterA>

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Restoring a Backed-Up Filesystem

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to restore a filesystem that you backed up by taking a snapshot.

First, reboot the router from the alternate boot media to which you saved the snapshot. On M-series and T-series routers, this is the hard disk:

aviva@RouterA> request system software reboot media disk

On J-series routers, this is either a removable compact flash card or a device connected to the router's USB port:

	aviva@RouterA> request system software reboot media removable-compact-flash
	or
	aviva@RouterA> request system software reboot media usb

Then, retake the snapshot to copy the filesystem to the media from which you didn't boot:

	aviva@router1>  
request system snapshot

	aviva@RouterA> request system snapshot media removable-compact-flash

The procedure for returning to a snapshot filesystem backup is very straightforward. You boot the router from the alternate media and then run the snapshot command again, which copies the filesystem from the alternate media to the media from which you didn't boot.M-series and T-series routers normally boot from the internal flash drive, and the hard disk is the alternate boot media. J-series routers also normally boot from an internal flash drive, and the alternate boot media is a compact flash card that is either installed in the router's compact flash drive or in a USB device connected to the router.

Recipes 1.19 and 1.20

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Installing a Different Software Release on M-Series and T-Series Routers

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to install a different release of JUNOS software on an M-series or T-series router.

First, retrieve the JUNOS install package,

 
jinstall

, from the Juniper Networks web site (http://www.juniper.net/support) and place it on a local server. You can install the software directly from the server:

	aviva@router1> request system software add validate server1:jinstall-7.4R1.7-domestic
-signed. Tgz

If you want to have a copy of the software on the router, copy it to the router. You can use SSH:

	aviva@router1> file copy server1:jinstall-7.4R1.7-domestic-signed.tgz /var/tmp
	aviva@server1's password:
	jinstall-7.4R1.7-domestic-signed.tgz         100% 64MB 774.5KB/s 01:24
	aviva@router1> file list /var/tmp
	/var/tmp:
	cores/
	install/
	jbundle-7.4jbundle-7.4R1.7-domestic-signed.tgz

You can also use FTP to install the software directly from a server:

	aviva@router1> request system software add validate ftp://aviva:prompt@
server1.mynetwork.com/jinstall-7.4R1.7-domestic-signed.tgz

If you are using anonymous FTP, just specify the name of the server:

	aviva@router1> request system software add validate ftp://server1.mynetwork.com/jinstall-
7.4R1.7-domestic-signed.tgz

If you want a copy of the software on the router, you can also copy it over with FTP:

	avive@router1> file copy ftp://aviva:prompt@
server1.mynetwork.com/jinstall-7.4R1.7-domestic
-signed.tgz /var/tmp/jinstall-
7.4R1.7-domestic-signed
	Password for aviva@server1.mynetwork.com:
	/var/home/aviva/…transferring.file.........YoE4Qe/
jinstall-7.4R1.7-domestic-signed.
	tgz100% of 63 MB 794 kBps 00m00s

After copying the software to the router, install it:

	aviva@router1> request system software add validate /var/tmp/jinstall-
7.4R1.7-domestic-signed.tgz

Once you have installed the new software version, reboot the router to activate it:

	aviva@router1> request system reboot

You can reboot directly as part of the software download process:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Installing a Different Software Release on J-Series Routers

Content preview·Buy PDF of this chapter|