Juniper JNCIA JN0-103 – Operational Monitoring and Maintenance Part 2
- Network Utilities
Welcome back. In this lecture we’ll talk about network utilities. We’ll talk about some of those tools and commands that can help us with troubleshooting. Let’s begin. We’ll talk about six commands in specific. Those commands are telnet, SSH, ping, traceroute, FTP, and file copy. Let’s start with the first one called Telnet. To take a look at the these commands will go straight to the terminal. All right, as you can see, I’m at the terminal. Let’s try the commands one by one.
All of these commands are operational mode commands. First of all, we’ll start with telnet. So let’s do this telnet. And I have an IP address on which Telnet has been enabled. Just going to copy that over here. Hit Enter and straight away you will notice it is connected. You can see that it is actually showing you the host name of that device.
Just going to log in. All right, so I’ve logged into the device. You would have already noticed that it’s an Amazon Linux AMI. It’s an easy two instance that I spun up on AWS. So that’s how you can use telnet to log into a device. Similarly, you can also use SSH. So you can do SSH username at the IP address. If SSH is the supported protocol. It is always recommended that you use SSH over telnet because it is a secure protocol. The next command that we can try is the ping command. This command is one of the most basic troubleshooting utilities. We can use ping to test connectivity.
So I’m going to do ping and I’m going to try my favorite IP address for two. Hit Enter and you’ll notice that I’m getting echo replies. Alternatively, we could also do ping four two and use the word count. And we can specify the number of ping packets to send. For example, ping four two count of three would make sure that the ping only sends three packets and then it stops. Another very handy command is choice route.
This command can be used to verify network connectivity and to verify the path taken by the packets to reach the destination. Let’s try that. So I’m going to say choice route four two. Hit Enter. You’ll notice the path taken by the packet to reach the destination. Over here, it has reached the destination in twelve hops. We could also do this trace route four two and we can say no resolve. That would make sure that it does not try to find the IP to DNS hostname mapping. You’ll notice over here everything is shown as a DNS name. Now that can sometimes make the trace route work very slowly. If that is the case, you can go for trace route four two, no Resolve.
It will not attempt to map the IP to the host name. You can see that that’s very, very quick. Much faster, right? All right, now let’s try the next one. The next command is FTP for file transfer protocol. We can say FTP, and my target IP address is this one. Again, the same easy to instance on AWS. Just going to hit enter. My username is shyam, and my password is all dots or invisible password. Hit enter. There you go. I’ve logged in. We can try LS to view the files that are available for download enter. So I have a file over here which is called as demo TXT, which can be downloaded.
If I wanted to get that file, I can say get demo TXT, hit enter, and the transfer has been completed. How do I verify this? Well, I can go out or exit from the FTP connection. Hit Enter, and I can do file list. Hit enter, and I see that file over here. Just going to delete that not required. File delete demo TXT, hit enter. The last command I want to show you is file copy. Now, this command has two purposes. You can use the command to transfer files from your Juno’s device to a remote host, or on the flip side, you can use the same command called file copy to copy files from a remote host to your local Junos device. Normally, you would copy files from the Junos device to a remote host when you’re trying to back up your configuration, or maybe back up your log files.
On the flip side, you would normally transfer files from a remote host to the local Juno’s device when you’re trying to import, let’s say, the installation package. When you’re upgrading the Junes device, which we’ll understand in the next lecture, you’ll have to transfer the Juno’s package, the install image, from a remote FTP server, to the local Junos device. So this can be one situation where you may want to do that. It’s very simple. File copy is the command. If you’re trying to copy from your local Junos device, specify your file name over here, current config, and then put the remote host address. Or if you’re trying to copy from a remote host, put the host name first.
For example, FTP colon colon. That’s my username. I’ll introduce a colon, and then I’ll put my password at the IP address demo TXT, and I’m going to copy that tovar TMP. All right, looks good. So file copy the address of the remote host FTP colon username colon password at the IP addressthefile name, and the local directory over here. Let’s try it. All right, it looks like it has been done. We can verify this. I can say file listvar TMP, and I have the file over here. So I’m just going to delete that. I don’t need that file anymorevar. TMP tm demo TXT one thing I do want to point out, guys, if FTP is not working from here for some reason, if you’re not able to copy your files over FTP this way, you can also do the same thing from the shell mode.
Remember, one of those earliest lectures where we talked about CLI modes, shell mode, operational mode, and configuration mode. We said that the shell mode can be used to perform shell mode commands. One of the shell mode commands is FTP. I’ll show you how to do that. Just say start shell. From here. You can say FTP, and you can give that IP address over here. Shyam invisible password. There you go. I’ve logged in. I can do LS, and I have the same file over here. The same command can be used.
Getdemo TXT and the file gets transferred. Just going to say quit to exit out. And I’m going to say CLI to come back to the operational mode. Right. So this is another way of transferring files using file transfer protocol. Let’s go back. All right, guys, so that’s all the topics I wanted to discuss in this lecture. In the next lecture, we’re going to understand how to upgrade the Juno’s software version. I’m excited to see you in the next lecture. I’d like to thank you for watching, and I’ll catch you in the next lecture. Thank you.
- Upgrading Junos
Welcome back. In this lecture, we’ll discuss how to upgrade the Juno’s software. Let’s begin. Before we understand how to upgrade the Juno software, let’s understand for a minute what is the Juno’s naming convention? What is the naming structure for the install package? The Juno’s naming convention is standard. The structure that is followed code is package Hyphen Release Edition. The package indicates the name of the Juno’s package. Examples include j install, j install, hyphen, ex, Juno’s, SRX, and so on. The release portion includes major and minor release numbers. Release types which can be R, B, or I build number and spin number. R stands for Release Software, b stands for Beta Level Software and I stands for Internal. In some situations you might see the letter S, which is reserved for service releases. The addition portion indicates if the image is domestic or export. Domestic versions support strong encryption, while export versions do not.
There’s a third, less common addition called FIPS that provides advanced network security for customers who must comply with and operate in a federal information processing standards. FIPS 140, Hyphen II environment. I have an example on the screen which shows you the Juno’s naming convention. J install, hyphen nine two, R one eight, domestic signed TGZ. In this case, the name of the package is j install. The release is nine two R one eight. So the version number or the release number is nine two. The build number is one and the spin number is eight. The addition is domestic. The word signed over here indicates the software includes a digital signature for verification purposes.
Now let’s talk about the steps to upgrade Juno’s. Number one, connect to the console port. This is very important. Use an outofband connection from the console because inbound connections are lost during the upgrade process. Number two, make sure you backup the active file system using the Request System Snapshot command just in case the upgrade did not go well. You will have an option to restore back if you have a snapshot of the active file system. Number three, determine the current Juno’s version using the Show version command. And let’s see this on the terminal. All right, back over here we can try this command Show version. It will show you the currently running version on the Juno’s device. For example, the version number in my case is twelve one x 46 D 32. Step number four, download the install package from Juniper’s website. I’m over here on Juniper’s website. The URL from where you can download is Juniper net support downloads. You can select your product over here and download the image. I’m going to go over here and I’m going to look by series. I’m looking for the SRX series device, which is over here, the SRX series, and I’m looking for SRX 100.
Just click on that over here. You’ll be able to download the documentation for that model number. And in the software tab you will be able to download the install package. Please note that you must have an account on Juniper’s website in order to download that. When I click on this, the download should begin automatically. All right, once you have downloaded, the next step is to copy the package to the VAR TMP directory of your Juno’s device. And by now, you should already know how to do this. In the last lecture, we looked at a command called file copy, which can be used to copy a file from a remote host to our Juno’s device. The same command can be used, in this case to copy the image from the remote host to the VAR TMP directory of the Juno’s device. If you are having trouble copying the image because there’s not enough storage available on the device, I can show you some techniques by which you can free up some space on the device.
Number one, start with the command called Show system Storage, which should be a familiar command by now that will show you the free storage space available on the device. You can see that over here. If you need more space to copy your image, the first command, which is a very safe command to try, is request system Storage, and you can use the word Cleanup. Request system storage, cleanup. Hit enter. It will show you all the files that can be safely deleted. There you go. So that’s the list of files that I can safely delete to free some space on my device. It will ask you, do you want to delete these files? I’m going to say yes. All right, so that should free up some space. Even after doing this, if you’re still falling short, you can clear some of the log files. For example, we can go to Show log. This will list all the log files on your device, and you can see the file sizes over here. If you think there are files which are consuming a lot of memory, you can do this clear log, and you can clear the log files. For example, I’m going to try this one over here. Clear log messages.
And that should delete the contents of the file. Please keep in mind the file is still retained. It’s only the contents of the file which are cleared. If you wanted to delete the file, you could do file delete, and then you can provide the file location and the file name. These are three commands that you can use to free up some space on your Juno’s device. In my case, I do not have enough storage available on my device to show you a demo. The next version of Juno’s that I’m trying to install is almost 180 megabytes. I don’t have enough space available, so I’m not able to show you a demo. But these steps should help you when you’re trying to upgrade your Juno’s device. Assuming that you’ve been able to copy the image, the next step is to verify the checksum.
And this is very important, guys. It could be possible that the image got damaged or corrupted while trying to download. So it is important to verify the checksum of the package that you’re trying to install. The command to verify the checksum is very simple. It’s file space checksum. You next need to select the hashing algorithm. I’m going to say MD five, question mark, and then you can specify the file name. Right now, for demonstration, I’m just going to do this. Just try to compute the MD five hash of this file over here called current config. When you’re doing the upgrade, you will compute the hash value for the image that you downloaded and copied to your Juno’s device. Hit enter and there you go. That’s the hash value, or that’s the checksum of this file called Current config.
Once you have the checksum, you must match this with the value published on Jennifer’s website. How do we do that? Just come back over here and just click on MD Five Sha one for the image that you’ve downloaded. For example, if I click on this one, you’ll notice the MD five hash and the Sha one hash. The hash over here and the hash on the device must match exactly that’s when we can proceed for the next step. The next step is to perform the upgrade. The command to do that is very simple. Request system software add, VAR TMP the package name. Once you enter this command, the upgrade process should start automatically. Once the upgrade has been completed, make sure you reboot the device. Once you’ve rebooted your device, verify that everything is working well. Try to make some outbound connections and verify connectivity. If all looks okay, be sure to remove the package from the VAR TMP directory. That will free up a lot of space.
Some notes about upgrading Juno’s when you’re upgrading or downgrading, it is recommended to include the validate option with the request system software add command. This will make sure that the install package is compatible with the current configuration back over here. When I try this command, request System software add and then I specify the package name. When I do a question mark, I have this option over here called validate. This option will verify if the image that I’m trying to install is compatible with my current active configuration. By default, when you add a package with a different release number, the validation check is done automatically. Very important when you’re trying to downgrade downgrading by more than three releases is not supported. For example, if your routing platform is running Juno’s release seven five, you can downgrade directly to release seven two, but you cannot downgrade directly to release seven one.
As a workaround, you can first downgrade to release seven two and then downgrade to release seven one. Let’s now talk about Unified Issu. Unified In-service software Upgrade, also known as Unified Issu, is supported only on dual routing engine platforms. What do I mean by dual routing engine platforms? Well, devices which have two routing engines. Unified Issu enables you to upgrade between two different Juno’s releases with no disruption on the control plane and with minimal disruption of traffic. So if you have two routing engines, how do you bring both of them to the same Juno’s version without impacting your traffic? The process is called as Unified Issu, and it requires two protocols to be enabled. Number one, graceful routing engine switchover, also known as Gres.
And number two, nonstop active routing, also known as MSR. From the examination perspective, you must remember the names of both these protocols. For unified Issu, we need two protocols graceful routing engine switchover and nonstop active routing. Let’s talk a little bit about both these protocols. Number one graceful routing engine switchover. It is a feature on Juno’s which enables a device with redundant routing engines to continue forwarding packets. Even if one routing engine fails, traffic is not interrupted and the device is not rebooted. In case of two routing engines, one is the master routing engine and the other one is the backup routing engine. The master routing engine switches to the backup routing engine in three situations. Number one, the master routing engine kernel stops operating. Number two, the master routing engine experiences a hardware failure. Number three, the administrator initiates a manual switch over.
All this is not important from the examination perspective, but it is a good idea to know what it really does. The next one is NSR or nonstop active routing. It is a high availability feature that allows a routing platform with redundant routing engines to preserve routing information on the backup routing engine and switch over from the primary routing engine to the backup routing engine without alerting pure nodes that a change has occurred. And I have a diagram that shows you two routing engines on the same device. I don’t want you to get confused with all this explanation.
From the examination perspective, it is important for us to remember the two protocols that need to be enabled for unified Issu. All right, steps to perform unified Issu number one, enable the two protocols, Gres and NSR. Number two, verify that routing engines and protocols are synchronized. Number three, download the install package from Juniper’s website, copy the package to the device, verify the checksum, and finally, issue the command called Request System Software in Service Upgrade on the master routing engine.
From the examination perspective, that command is also very important to remember. All right, so that’s all the topics that we had to discuss in this lecture. In the next lecture we’ll discuss about password recovery. I’d like to thank you for watching, and I’m going to catch you in the next lecture. Thank you.