Network Management

SUMMARY This section provides an overview of the Junos OS (operating system).

Device Management Functions in Junos OS

After installing a device into your network, you need to manage the device within your network. Device management can be divided into five tasks:

Fault management—Monitor the device; detect and fix faults.
Configuration management—Configure device attributes.
Accounting management—Collect statistics for accounting purposes.
Performance management—Monitor and adjust device performance.
Security management—Control device access and authenticate users.

The Junos® operating system (Junos OS) network management features work in conjunction with an operations support system (OSS) to manage the devices within the network. Junos OS can assist you in performing these management tasks, as described in Table 1.

Table 1: Device Management Features in Junos OS
Task	Junos OS Feature
Fault management	Monitor and see faults using: Operational mode commands—For more information about operational mode commands, see the CLI Explorer. SNMP MIBs—For more information about SNMP MIBs supported by Junos OS, see “Standard SNMP MIBs Supported by Junos OS” and “Enterprise-Specific SNMP MIBs Supported by Junos OS. Standard SNMP traps—For more information about standard SNMP traps, see the Standard SNMP Traps Supported by Junos OS. Enterprise-specific SNMP traps—For more information about enterprise-specific traps, see “Enterprise-Specific SNMP Traps Supported by Junos OS”. System log messages— For more information about how to view system log messages, see the System Log Explorer.
Configuration management	Configure router attributes using the command-line interface (CLI), the Junos XML management protocol, and the NETCONF XML management protocol. For more information about configuring the router using the APIs, see the Junos XML Management Protocol Guide and NETCONF XML Management Protocol Guide. Configuration Management MIB—For more information about the Configuration Management MIB, see Configuration Management MIB.
Accounting management	Perform the following accounting-related tasks: Collect statistics for interfaces, firewall filters, destination classes, source classes, and the Routing Engine. For more information about collecting statistics, see Accounting Options Configuration. Use interface-specific traffic statistics and other counters, available in the Standard Interfaces MIB, Juniper Networks enterprise-specific extensions to the Interfaces MIB, and media-specific MIBs, such as the enterprise-specific ATM MIB. Use per-ATM virtual circuit (VC) counters, available in the enterprise-specific ATM MIB. For more information about the ATM MIB, see ATM MIB. Group source and destination prefixes into source classes and destination classes and count packets for those classes. Collect destination class and source class usage statistics. For more information about classes, see “Destination Class Usage MIB” and “Source Class Usage MIB”, Configuring Class Usage Profiles, the Junos OS Network Interfaces Library for Routing Devices. Count packets as part of a firewall filter. For more information about firewall filter policies, see Enterprise-Specific SNMP MIBs Supported by Junos OS. Sample traffic, collect the samples, and send the collection to a host running the CAIDA cflowd utility.
Performance management	You can monitor performance in the following ways: Use operational mode commands. For more information about monitoring performance using operational mode commands, see the CLI Explorer. Use firewall filter. Sample traffic, collect the samples, and send the samples to a host running the CAIDA cflowd utility. Use the enterprise-specific Class-of-Service MIB. For more information about this MIB, see Class-of-Service MIB.
Security management	Assure security in your network in the following ways: Control access to the router and authenticate users. Control access to the router using SNMPv3 and SNMP over IPv6. For more information, see Configuring the Local Engine ID and Tracing SNMP Activity on a Device Running Junos OS.

Device and Network Management Features

Juniper devices support features that allow you to manage the system performance, fault monitoring, and remote access.

You can use CLI operational mode commands to monitor the system health and performance of your network. Monitoring tools and commands display the current state of the device. You can filter the output to a file. Diagnostic tools and commands test the connectivity and reachability of hosts in the network.

This topic describes the functions available. To use the CLI operational tools, you must have the appropriate access privileges.

Table 2 lists the network management features.

Table 2: Device and Network Management Features on the QFX Series, OCX Series, and EX4600 Series
Feature	Typical Uses	Documentation
Alarms and LEDs on the switch—Display status of hardware components and indicate warning or error conditions.	Fault management	Chassis Alarm Messages on a QFX3500 Device
Firewall filters—Control the packets that are sent to and from the network, balance network traffic, and optimize performance.	Performance management	Routing Policies, Firewall Filters, and Traffic Policers User Guide Overview of Firewall Filters (QFX Series)
In-band management—Enables connection to the switch using the same interfaces through which customer traffic flows. Communication between the switch and a remote console is enabled using SSH and Telnet services. SSH provides secure encrypted communications, whereas Telnet provides unencrypted, and therefore less secure, access to the switch.	Remote access management	Configuring SSH Service for Remote Access to the Router or Switch Configuring Telnet Service for Remote Access to a Router or Switch
Juniper Networks Junos OS automation scripts—Configuration and operation automation tools provided by Junos OS include commit scripts, operation scripts, event scripts, and event policies. Commit scripts enforce custom configuration rules, whereas operation scripts, event policies, and event scripts automate network troubleshooting and management.	Configuration management Performance management Fault management	Automation Scripting User Guide
Junos OS command-line interface (CLI)— CLI configuration statements enable you to configure the switch based on your networking requirements, such as security, service, and performance.	Configuration management Performance management User access management Remote access management	CLI User Guide for Junos OS
Junos Space software—Multipurpose GUI-based network management system includes a base platform, the Network Application Platform, and other optional applications such as Ethernet Design, Service Now, Service Insight, and Virtual Control. Note: Junos Space does not support the OCX Series.	Configuration management Performance management Fault management	Junos Space Support for Network Management
Junos XML API—XML representation of Junos OS configuration statements and operational mode commands. The Junos XML API also includes tag elements that are the counterpart to Junos CLI configuration statements.	Configuration management Performance management Fault management	Junos XML API Overview
NETCONF XML management protocol—XML-based management protocol that client applications use to request and change configuration information on routing, switching, and security platforms running Junos OS. The NETCONF XML management protocol defines basic operations that are equivalent to Junos OS CLI configuration mode commands. Client applications use the protocol operations to display, edit, and commit configuration statements (among other operations), as administrators use CLI configuration mode commands such as `show`, `set`, and `commit` to perform those operations.	Configuration management Performance management Fault management	NETCONF XML Management Protocol Developer Guide
Operational mode commands: Monitor switch performance. For example, the `show chassis routing-engine` command shows the CPU utilization of the Routing Engine. High CPU utilization of the Routing Engine can affect performance of the switch. View current activity and status of the device or network. For example, you can use the `ping` command to monitor and diagnose connectivity problems, and the `traceroute` command to locate points of failure on the network.	Performance management Fault management	CLI Explorer
Out-of-band management—Enables connection to the switch through a management interface. Out-of-band management is supported on two dedicated management Ethernet interfaces as well as on the console and auxiliary ports. The management Ethernet interfaces connect directly to the Routing Engine. Transit traffic is not allowed through the interfaces, which ensures the congestion or failures in the transit network do not affect the management of the switch.	Remote access management	Connect a Device to a Network for Out-of-Band Management Connecting a QFX Series Device to a Management Console
SNMP Configuration Management MIB—Provides notification for configuration changes in the form of SNMP traps. Each trap contains the time at which the configuration change was committed, the name of the user who made the change, and the method by which the change was made. History of the last 32 configuration changes is placed in jnxCmChgEventTable.	Configuration management	SNMP MIB Explorer
SNMP MIBs and traps—Enable the monitoring of network devices from a central location. Use SNMP requests such as `get` and `walk` to monitor and view system activity. The QFX3500 switch supports SNMP Version 1 (v1), v2, and v3, and both standard and Juniper Networks enterprise-specific MIBs and traps.	Fault management	SNMP MIB Explorer Understanding SNMP Implementation in Junos OS
System log messages—Log details of system and user events, including errors. You can specify the severity and type of system log messages you wish to view or save, and configure the output to be sent to local or remote hosts.	Fault management User access management	System Log Explorer Overview of System Logging Overview of Single-Chassis System Logging Configuration

Tracing and Logging Operations

Tracing and logging operations enable you to track events that occur in the switch—both normal operations and error conditions—and to track the packets that are generated by or passed through the switch. The results of tracing and logging operations are placed in /var/log directory on the switch.

The Junos OS supports remote tracing for the following processes:

chassisd—Chassis-control process
eventd—Event-processing process
cosd—Class-of-service process

You configure remote tracing using the tracing statement at the [edit system] hierarchy level.

Note:

The tracing statement is not supported on the QFX3000 QFabric system.

You can disable remote tracing for specific processes on the switch using the no-remote-trace statement at the [edit process-name traceoptions] hierarchy level.

Logging operations use system logging mechanism similar to the UNIX syslogd utility to record systemwide, high-level operations, such as interfaces going up or down and users logging in to or out of the switch. You configure these operations by using the syslog statement at the [edit system] hierarchy level and by using the options statement at the [edit ethernet-switching-options] hierarchy level.

Tracing operations record more detailed information about the operations of the switch, including packet forwarding and routing information. You can configure tracing operations using the traceoptions statement.

Note:

The traceoptions statement is not supported on the QFX3000 QFabric system.

You can define tracing operations in different portions of the switch configuration:

SNMP agent activity tracing operations—Define tracing of the activities of SNMP agents on the switch. You can configure SNMP agent activity tracing operations at the [edit snmp] hierarchy level.
Global switching tracing operations—Define tracing for all switching operations. You configure global switching tracing operations at the [edit ethernet-switching-options] hierarchy level.
Protocol-specific tracing operations—Define tracing for a specific routing protocol. You configure protocol-specific tracing operations in the [edit protocols] hierarchy. Protocol-specific tracing operations override any equivalent operations that you specify in the global traceoptions statement.
Tracing operations within individual routing protocol entities—Some protocols allow you to define more granular tracing operations. For example, in Border Gateway Protocol (BGP), you can configure peer-specific tracing operations. These operations override any equivalent BGP-wide operations. If you do not specify any peer-specific tracing operations, the peers inherit, first, all the BGP-wide tracing operations and, second, the global tracing operations.
Interface tracing operations—Define tracing for individual interfaces and for the interface process itself. You define interface tracing operations at the [edit interfaces] hierarchy level.
Remote tracing—To enable system-wide remote tracing, configure the destination-override syslog host statement at the [edit system tracing] hierarchy level. This specifies the remote host running the system log process (syslogd), which collects the traces. Traces are written to files on the remote host in accordance with the syslogd configuration in /etc/syslog.conf. By default, remote tracing is not configured.

To override the system-wide remote tracing configuration for a particular process, include the no-remote-trace statement at the [edit process-name traceoptions] hierarchy. When no-remote-trace is enabled, the process does local tracing.

To collect traces, use the local0 facility as the selector in the /etc/syslog.conf file on the remote host. To separate traces from various processes into different files, include the process name or trace-file name (if it is specified at the [edit process-name traceoptions file] hierarchy level) in the Program field in the /etc/syslog.conf file. If the system log server supports parsing hostname and program name, then you can separate traces from the various processes.

Note:

During a commit check, warnings about the traceoptions configuration (for example, mismatch in trace file sizes or number of trace files) are not displayed on the console. However, these warnings are logged in the system log messages when the new configuration is committed.

Junos Space Support for Network Management

The Juniper Networks Junos Space application, running on a Junos Space Virtual Appliance, is a comprehensive platform for building and deploying applications. This supports for collaboration, productivity, and network infrastructure and operations management. Junos Space provides a runtime environment implemented as a fabric of virtual and physical appliances.

Preparing the Device for Junos Space Management

Prerequisites

Ensure that the configuration on the QFX Series device meets the following requirements for device discovery in Junos Space:

The device configuration has a static management IP address that is reachable from the Junos Space server.
There is a user with full administrative privileges for Junos Space administration.
SNMP is enabled (only if you plan on using SNMP as part of the device discovery).
In Junos Space, set up a default device management interface (DMI) schema for the QFX Series device.

To prepare the device before using Junos Space:

Perform the initial configuration of the device through the console port using the Junos OS CLI. This task includes the configuration of a static management IP address and a user with root administrative privileges.

For the QFX3500 switch, see Configuring a QFX3500 Device as a Standalone Switch.

For the QFabric system, see QFabric System Initial and Default Configuration Information and Performing the QFabric System Initial Setup on a QFX3100 Director Group.
(Optional) Configure SNMP if you plan on using SNMP to probe devices during device discovery.

See Configuring SNMP.
(Optional) Enable SSH if you wish to use the Secure Console feature in Junos Space.

See Connecting to a Device by Using Secure Console.
In Junos Space, set up a default DMI schema. For more information about managing DMI schemas, see:

Setting a Default DMI Schema.

Diagnostic Tools Overview

Juniper Networks devices support a suite of J-Web tools and CLI operational mode commands for evaluating system health and performance. Diagnostic tools and commands test the connectivity and reachability of hosts in the network.

Use the J-Web Diagnose options to diagnose a device. J-Web results appear in the browser.
Use CLI operational mode commands to diagnose a device. You can view the CLI command output on the console or management device. You can filter the output to a file.

To use the J-Web user interface and CLI operational tools, you must have the appropriate access privileges.

This section contains the following topics:

J-Web Diagnostic Tools
CLI Diagnostic Commands

J-Web Diagnostic Tools

The J-Web diagnostic tools consist of the options that appear when you select Troubleshoot and Maintain in the task bar. Table 3 describes the functions of the Troubleshoot options.

Table 3: J-Web Interface Troubleshoot Options
Option	Function
Troubleshoot Options
Ping Host	Allows you to ping a remote host. You can configure advanced options for the ping operation.
Ping MPLS	Allows you to ping an MPLS endpoint using various options.
Traceroute	Allows you to trace a route between the device and a remote host. You can configure advanced options for the traceroute operation.
Packet Capture	Allows you to capture and analyze router control traffic.
Maintain Options
Files	Allows you to manage log, temporary, and core files on the device.
Upgrade	Allows you to upgrade and manage Junos OS packages.
Licenses	Displays the summary of the licenses needed and used for each feature that requires a license. Allows you to add licenses.
Reboot	Allows you to reboot the device at a specified time.

CLI Diagnostic Commands

The CLI commands available in operational mode allow you to perform the same monitoring, troubleshooting, and management tasks you can perform with the J-Web user interface. Instead of invoking the tools through a graphical interface, you use operational mode commands to perform the tasks.

CLI command output appears on the screen of your console or management device, or you can filter the output to a file. For operational commands that display output, such as the show commands, you can redirect the output into a filter or a file. When you display help about these commands, one of the options listed is |, called a pipe, which allows you to filter the command output.

You can use the mtrace command to display trace information about a multicast path from a source to a receiver.

To view a list of top-level operational mode commands, type a question mark (?) at the command-line prompt.

You can view CLI diagnostic commands at the top level of operational mode listed in Table 4.

Table 4: CLI Diagnostic Command Summary
Command	Function
Controlling the CLI Environment
`set option`	Configures the CLI display.
Diagnosis and Troubleshooting
`clear`	Clears statistics and protocol database information.
`mtrace`	Traces information about multicast paths from source to receiver.
`monitor`	Performs real-time debugging of various Junos OS components, including the routing protocols and interfaces.
`ping`	Determines the reachability of a remote network host.
`ping mpls`	Determines the reachability of an MPLS endpoint using various options.
`test`	Tests the configuration and application of policy filters and AS path regular expressions.
`traceroute`	Traces the route to a remote network host.
Connecting to Other Network Systems
`ssh`	Opens secure shell connections.
`telnet`	Opens Telnet sessions to other hosts on the network.
Management
`copy`	Copies files from one location on the device to another, from the device to a remote system, or from a remote system to the device.
`restart option`	Restarts the various system processes, including the routing protocol, interface, and SNMP processes.
`request`	Performs system-level operations, including stopping and rebooting the device and loading Junos OS images.
`start`	Exits the CLI and starts a UNIX shell.
`configuration`	Enters configuration mode.
`quit`	Exits the CLI and returns to the UNIX shell.

ON THIS PAGE

Network Management

Device Management Functions in Junos OS

Device and Network Management Features

Tracing and Logging Operations

Junos Space Support for Network Management

Preparing the Device for Junos Space Management

See Also

Diagnostic Tools Overview

J-Web Diagnostic Tools

CLI Diagnostic Commands