Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Network Management

SUMMARY This section provides an overview of the Junos OS (operating system).

Benefits of using the CLI to Manage the Network

You can use CLI operational mode commands to monitor the system health and performance of your network. Monitoring tools and commands display the current state of the device or you can filter the output to a file. Diagnostic tools and commands test the connectivity and reachability of hosts in the network.

This topic describes the functions available. To use the CLI operational tools, you must have the appropriate access privileges.

Understanding Device Management Functions in Junos OS

After you have installed a device into your network, you need to manage the device within your network. Device management can be divided into five tasks:

  • Fault management—Monitor the device; detect and fix faults.

  • Configuration management—Configure device attributes.

  • Accounting management—Collect statistics for accounting purposes.

  • Performance management—Monitor and adjust device performance.

  • Security management—Control device access and authenticate users.

The Junos® operating system (Junos OS) network management features work in conjunction with an operations support system (OSS) to manage the devices within the network. Junos OS can assist you in performing these management tasks, as described in Table 1.

Table 1: Device Management Features in Junos OS

Task

Junos OS Feature

Fault management

Monitor and see faults using:

Configuration management

  • Configure router attributes using the command-line interface (CLI), the Junos XML management protocol, and the NETCONF XML management protocol. For more information about configuring the router using the CLI, see the Junos OS Administration Library. For more information about configuring the router using the APIs, see the Junos XML Management Protocol Guide and NETCONF XML Management Protocol Guide.

  • Configuration Management MIB—For more information about the Configuration Management MIB, see Configuration Management MIB.

Accounting management

Perform the following accounting-related tasks:

  • Collect statistics for interfaces, firewall filters, destination classes, source classes, and the Routing Engine. For more information about collecting statistics, see Accounting Options Configuration.

  • Use interface-specific traffic statistics and other counters, available in the Standard Interfaces MIB, Juniper Networks enterprise-specific extensions to the Interfaces MIB, and media-specific MIBs, such as the enterprise-specific ATM MIB.

  • Use per-ATM virtual circuit (VC) counters, available in the enterprise-specific ATM MIB. For more information about the ATM MIB, see ATM MIB.

  • Group source and destination prefixes into source classes and destination classes and count packets for those classes. Collect destination class and source class usage statistics. For more information about classes, see “Destination Class Usage MIB” and “Source Class Usage MIB”, Configuring Class Usage Profiles, the Junos OS Network Interfaces Library for Routing Devices, and the Junos OS Routing Protocols Library.

  • Count packets as part of a firewall filter. For more information about firewall filter policies, see Enterprise-Specific SNMP MIBs Supported by Junos OS and the Junos OS Routing Protocols Library.

  • Sample traffic, collect the samples, and send the collection to a host running the CAIDA cflowd utility. For more information about CAIDA and cflowd, see the Junos OS Routing Protocols Library.

Performance management

Monitor performance in the following ways:

  • Use operational mode commands. For more information about monitoring performance using operational mode commands, see the CLI Explorer.

  • Use firewall filter. For more information about performance monitoring using firewall filters, see the Junos OS Routing Protocols Library.

  • Sample traffic, collect the samples, and send the samples to a host running the CAIDA cflowd utility. For more information about CAIDA and cflowd, see the Junos OS Routing Protocols Library.

  • Use the enterprise-specific Class-of-Service MIB. For more information about this MIB, see Class-of-Service MIB.

Security management

Assure security in your network in the following ways:

Understanding Device and Network Management Features

Juniper devices support features that you use to manage the system performance, fault monitoring, and remote access.

Table 2 lists the network management features.

Table 2: Device and Network Management Features on the QFX Series, OCX Series, and EX4600 Series

Feature

Typical Uses

Documentation

AI-Scripts and Advanced Insight Manager (AIM)—Automatically detect and monitor faults on the switch, and depending on the configuration on the AIM application, send notifications of potential problems, and submit problem reports to Juniper Support Systems.

Fault management

Advanced Insight Scripts (AI-Scripts) Release Notes

Alarms and LEDs on the switch—Show status of hardware components and indicate warning or error conditions.

Fault management

Chassis Alarm Messages on a QFX3500 Device

Firewall filters—Control the packets that are sent to and from the network, balance network traffic, and optimize performance.

Performance management

In-band management—Enables connection to the switch using the same interfaces through which customer traffic flows. Communication between the switch and a remote console is typically enabled using SSH and Telnet services. SSH provides secure encrypted communications, whereas Telnet provides unencrypted, and therefore less secure, access to the switch.

Remote access management

Juniper Networks Junos OS automation scripts—Configuration and operations automation tools provided by Junos OS. These tools include commit scripts, operation scripts, event scripts, and event policies. Commit scripts enforce custom configuration rules, whereas operation scripts, event policies, and event scripts automate network troubleshooting and management.

  • Configuration management

  • Performance management

  • Fault management

Automation Scripting User Guide

Junos OS command-line interface (CLI)— CLI configuration statements that enable you to configure the switch based on your networking requirements, such as security, service, and performance.

  • Configuration management

  • Performance management

  • User access management

  • Remote access management

Junos OS CLI User Guide

Junos Space software—Multipurpose GUI-based network management system that includes a base platform, the Network Application Platform, and other optional applications such as Ethernet Design, Service Now, Service Insight, and Virtual Control.

Note:

Junos Space does not support the OCX Series.

  • Configuration management

  • Performance management

  • Fault management

Junos XML API—XML representation of Junos OS configuration statements and operational mode commands. Junos XML configuration tag elements are the content to which the Junos XML protocol operations apply. Junos XML operational tag elements are equivalent in function to operational mode commands in the CLI, which you can use to retrieve status information for a device. The Junos XML API also includes tag elements that are the counterpart to Junos CLI configuration statements.

  • Configuration management

  • Performance management

  • Fault management

NETCONF XML management protocol—XML-based management protocol that client applications use to request and change configuration information on routing, switching, and security platforms running Junos OS. The NETCONF XML management protocol defines basic operations that are equivalent to Junos OS CLI configuration mode commands. Client applications use the protocol operations to display, edit, and commit configuration statements (among other operations), just as administrators use CLI configuration mode commands such as show, set, and commit to perform those operations.

  • Configuration management

  • Performance management

  • Fault management

NETCONF XML Management Protocol Developer Guide

Operational mode commands—May be used to do the following:

  • Monitor switch performance. For example, the show chassis routing-engine command shows the CPU utilization of the Routing Engine. High CPU utilization of the Routing Engine can affect performance of the switch.

  • View current activity and status of the device or network. For example, you can use the ping command to monitor and diagnose connectivity problems, and the traceroute command to locate points of failure on the network.

  • Performance management

  • Fault management

CLI Explorer

Out-of-band management—Enables connection to the switch through a management interface. Out-of-band management is supported on two dedicated management Ethernet interfaces as well as on the console and auxiliary ports. The management Ethernet interfaces connect directly to the Routing Engine. No transit traffic is allowed through the interfaces, separating customer and management traffic and ensuring that congestion or failures in the transit network do not affect the management of the switch.

Remote access management

SNMP Configuration Management MIB—Provides notification for configuration changes in the form of SNMP traps. Each trap contains the time at which the configuration change was committed, the name of the user who made the change, and the method by which the change was made. A history of the last 32 configuration changes is kept in jnxCmChgEventTable.

Configuration management

SNMP MIB Explorer

SNMP MIBs and traps—Enable the monitoring of network devices from a central location. Use SNMP requests such as get and walk to monitor and view system activity.

The QFX3500 switch supports SNMP Version 1 (v1), v2, and v3, and both standard and Juniper Networks enterprise-specific MIBs and traps.

Fault management

System log messages—Log details of system and user events, including errors. You can specify the severity and type of system log messages you wish to view or save, and configure the output to be sent to local or remote hosts.

  • Fault management

  • User access management

Understanding Tracing and Logging Operations

Tracing and logging operations enable you to track events that occur in the switch—both normal operations and error conditions—and to track the packets that are generated by or passed through the switch. The results of tracing and logging operations are placed in files in the /var/log directory on the switch.

The Junos OS supports remote tracing for the following processes:

  • chassisd—Chassis-control process

  • eventd—Event-processing process

  • cosd—Class-of-service process

You configure remote tracing by using the tracing statement at the [edit system] hierarchy level.

Note:

The tracing statement is not supported on the QFX3000 QFabric system.

If you enabled remote tracing but wish to disable it for specific processes on the switch, use the no-remote-trace statement at the [edit process-name traceoptions] hierarchy level. This feature does not alter local tracing functionality in any way, and logging files are stored on the switch.

Logging operations use a system logging mechanism similar to the UNIX syslogd utility to record systemwide, high-level operations, such as interfaces going up or down and users logging in to or out of the switch. You configure these operations by using the syslog statement at the [edit system] hierarchy level and by using the options statement at the [edit ethernet-switching-options] hierarchy level.

Tracing operations record more detailed information about the operations of the switch, including packet forwarding and routing information. To configure tracing operations, use the traceoptions statement.

Note:

The traceoptions statement is not supported on the QFX3000 QFabric system.

You can define tracing operations in different portions of the switch configuration:

  • SNMP agent activity tracing operations—Define tracing of the activities of SNMP agents on the switch. You configure SNMP agent activity tracing operations at the [edit snmp] hierarchy level.

  • Global switching tracing operations—Define tracing for all switching operations. You configure global switching tracing operations at the [edit ethernet-switching-options] hierarchy level of the configuration.

  • Protocol-specific tracing operations—Define tracing for a specific routing protocol. You configure protocol-specific tracing operations in the [edit protocols] hierarchy when configuring the individual routing protocol. Protocol-specific tracing operations override any equivalent operations that you specify in the global traceoptions statement. If there are no equivalent operations, they supplement the global tracing options. If you do not specify any protocol-specific tracing, the routing protocol inherits all the global tracing operations.

  • Tracing operations within individual routing protocol entities—Some protocols allow you to define more granular tracing operations. For example, in Border Gateway Protocol (BGP), you can configure peer-specific tracing operations. These operations override any equivalent BGP-wide operations or, if there are no equivalents, supplement them. If you do not specify any peer-specific tracing operations, the peers inherit, first, all the BGP-wide tracing operations and, second, the global tracing operations.

  • Interface tracing operations—Define tracing for individual interfaces and for the interface process itself. You define interface tracing operations at the [edit interfaces] hierarchy level of the configuration.

  • Remote tracing—To enable system-wide remote tracing, configure the destination-override syslog host statement at the [edit system tracing] hierarchy level. This specifies the remote host running the system log process (syslogd), which collects the traces. Traces are written to files on the remote host in accordance with the syslogd configuration in /etc/syslog.conf. By default, remote tracing is not configured.

    To override the system-wide remote tracing configuration for a particular process, include the no-remote-trace statement at the [edit process-name traceoptions] hierarchy. When no-remote-trace is enabled, the process does local tracing.

    To collect traces, use the local0 facility as the selector in the /etc/syslog.conf file on the remote host. To separate traces from various processes into different files, include the process name or trace-file name (if it is specified at the [edit process-name traceoptions file] hierarchy level) in the Program field in the /etc/syslog.conf file. If your system log server supports parsing hostname and program name, then you can separate traces from the various processes.

Note:

During a commit check, warnings about the traceoptions configuration (for example, mismatch in trace file sizes or number of trace files) are not displayed on the console. However, these warnings are logged in the system log messages when the new configuration is committed.

Junos Space Support for Network Management

The Juniper Networks Junos Space application, running on a JA1500 appliance or a Junos Space Virtual Appliance, is a comprehensive platform for building and deploying applications for collaboration, productivity, and network infrastructure and operations management. Junos Space provides a runtime environment implemented as a fabric of virtual and physical appliances.

The following subsections describe Junos Space support for network management”

Overview of Junos Space Network Management

The Junos Space Network Management Platform software comprises various applications for network management and configuration, including:

  • Junos Space Administration—Provides management of Junos Space fabric, databases, licenses, applications, authentication servers, tags, permission labels, DMI schemas, and troubleshooting.

  • Network Director—Provides unified management of supported Juniper Networks devices in your network. By providing full network life cycle management, Network Director simplifies the discovery, configuration, visualization, monitoring, and administration of large networks.

  • Service Automation—Provides an end-to-end solution designed to streamline operations and enable proactive network management for Junos OS devices. The solution consists of Advanced Insight Scripts (AI-Scripts), Junos Space Service Now and Service Insight applications, and Juniper Support Systems (JSS).

    Note:

    Do not install Junos Space and AI-Scripts on the control plane network EX4200 switches or EX4200 Virtual Chassis in a QFX3000 QFabric system

Before you can use Junos Space Network Director to manage the QFX Series device, you must ensure that the configuration on the device meets the requirements for all managed devices. For example:

  • The device configuration has a static management IP address that is reachable from the Junos Space server.

  • There is a user with full administrative privileges for Junos Space administration.

  • SNMP is enabled (only if you plan on using SNMP as part of the device discovery).

  • In Junos Space, set up a default device management interface (DMI) schema for the QFX Series device.

For more information about Network Director requirements, see the Network Director Quick Start Guide at:

https://www.juniper.net/documentation/en_US/network-director1.5/information-products/ pathway-pages/index.html

For more information about Junos Space, go to:

https://www.juniper.net/documentation/en_US/release-independent/junos-space/index.html

Preparing the Device for Junos Space Management

Before you can use the Juniper Networks Junos Space application to manage the QFX Series device, you must ensure that the configuration on the device meets the following requirements for device discovery in Junos Space:

  • The device configuration has a static management IP address that is reachable from the Junos Space server.

  • There is a user with full administrative privileges for Junos Space administration.

  • SNMP is enabled (only if you plan on using SNMP as part of the device discovery).

  • In Junos Space, set up a default device management interface (DMI) schema for the QFX Series device.

Note:

Do not install Junos Space and AI-Scripts (AIS) on the control plane network EX4200 switches or EX4200 Virtual Chassis in a QFX3000 QFabric system

To prepare the device before using Junos Space:

  1. Perform the initial configuration of the device through the console port using the Junos OS CLI. This task includes the configuration of a static management IP address and a user with root administrative privileges.

    For the QFX3500 switch, see Configuring a QFX3500 Device as a Standalone Switch.

    For the QFabric system, see QFabric System Initial and Default Configuration Information and Performing the QFabric System Initial Setup on a QFX3100 Director Group.

  2. (Optional) Configure SNMP if you plan on using SNMP to probe devices during device discovery.

    See Configuring SNMP.

  3. (Optional) Enable SSH if you wish to use the Secure Console feature in Junos Space.

    See Configuring SSH Service for Remote Access to the Router or Switch.

  4. In Junos Space, set up a default DMI schema. For more information about managing DMI schemas, see:

    https://www.juniper.net/documentation/en_US/junos-space13.1/platform/information-products/pathway-pages/junos-space-administration-pwp.html .

Monitoring Overview

Junos OS supports a suite of J-Web tools and CLI operational mode commands for monitoring the system health and performance of your device. Monitoring tools and commands display the current state of the device. To use the J-Web user interface and CLI operational tools, you must have the appropriate access privileges.

You can use the J-Web Monitor option to monitor a device. J-Web results appear in the browser.

You can also monitor the device with CLI operational mode commands. CLI command output appears on the screen of your console or management device, or you can filter the output to a file. For operational commands that display output, such as the show commands, you can redirect the output into a filter or a file. When you display help about these commands, one of the options listed is |, called a pipe, which allows you to filter the command output.

For example, if you enter the show configuration command, the complete device configuration appears on the screen. To limit the display to only those lines of the configuration that contain address, enter the show configuration command using a pipe into the match filter:

For a complete list of the filters, type a command, followed by the pipe, followed by a question mark (?):

You can specify complex expressions as an option for the match and except filters.

Note:

To filter the output of configuration mode commands, use the filter commands provided for the operational mode commands. In configuration mode, an additional filter is supported.

Diagnostic Tools Overview

Juniper Networks devices support a suite of J-Web tools and CLI operational mode commands for evaluating system health and performance. Diagnostic tools and commands test the connectivity and reachability of hosts in the network.

  • Use the J-Web Diagnose options to diagnose a device. J-Web results appear in the browser.

  • Use CLI operational mode commands to diagnose a device. CLI command output appears on the screen of your console or management device, or you can filter the output to a file.

To use the J-Web user interface and CLI operational tools, you must have the appropriate access privileges.

This section contains the following topics:

J-Web Diagnostic Tools

The J-Web diagnostic tools consist of the options that appear when you select Troubleshoot and Maintain in the task bar. Table 3 describes the functions of the Troubleshoot options.

Table 3: J-Web Interface Troubleshoot Options

Option

Function

Troubleshoot Options

Ping Host

Allows you to ping a remote host. You can configure advanced options for the ping operation.

Ping MPLS

Allows you to ping an MPLS endpoint using various options.

Traceroute

Allows you to trace a route between the device and a remote host. You can configure advanced options for the traceroute operation.

Packet Capture

Allows you to capture and analyze router control traffic.

Maintain Options

Files

Allows you to manage log, temporary, and core files on the device.

Upgrade

Allows you to upgrade and manage Junos OS packages.

Licenses

Displays a summary of the licenses needed and used for each feature that requires a license. Allows you to add licenses.

Reboot

Allows you to reboot the device at a specified time.

CLI Diagnostic Commands

The CLI commands available in operational mode allow you to perform the same monitoring, troubleshooting, and management tasks you can perform with the J-Web user interface. Instead of invoking the tools through a graphical interface, you use operational mode commands to perform the tasks.

You can perform certain tasks only through the CLI. For example, you can use the mtrace command to display trace information about a multicast path from a source to a receiver, which is a feature available only through the CLI.

To view a list of top-level operational mode commands, type a question mark (?) at the command-line prompt.

At the top level of operational mode are the broad groups of CLI diagnostic commands listed in Table 4.

Table 4: CLI Diagnostic Command Summary

Command

Function

Controlling the CLI Environment

set option

Configures the CLI display.

Diagnosis and Troubleshooting

clear

Clears statistics and protocol database information.

mtrace

Traces information about multicast paths from source to receiver.

monitor

Performs real-time debugging of various Junos OS components, including the routing protocols and interfaces.

ping

Determines the reachability of a remote network host.

ping mpls

Determines the reachability of an MPLS endpoint using various options.

test

Tests the configuration and application of policy filters and AS path regular expressions.

traceroute

Traces the route to a remote network host.

Connecting to Other Network Systems

ssh

Opens secure shell connections.

telnet

Opens Telnet sessions to other hosts on the network.

Management

copy

Copies files from one location on the device to another, from the device to a remote system, or from a remote system to the device.

restart option

Restarts the various system processes, including the routing protocol, interface, and SNMP processes.

request

Performs system-level operations, including stopping and rebooting the device and loading Junos OS images.

start

Exits the CLI and starts a UNIX shell.

configuration

Enters configuration mode.

quit

Exits the CLI and returns to the UNIX shell.