For years I’ve been one of those engineers who tends to loiter in the background. A lot of forums I’ve read tend to focus on basics, whilst others tend to leap off and explain vast subject areas in less than a couple of paragraphs (getting quite a few details incorrect whilst they do it). I’ve also watched engineers get confused as hell as they follow other peoples blogs and advice taken from forums instead of reading RFC’s or the whitepapers themselves.
Networking will always be that game of Chinese whispers but at times it’s utterly shocking. When I started learning to play chess in my youth, my Dad told me “you only get better by playing a better opponent”. I think the morale of that anecdote is, don’t be scared to improve your game. Question designs and never be afraid to push the limits of your capabilities. How else will you get better?
I have tendencies to value knowledge above everything else and as a result, I figure I will try and give each golden nugget the attention it deserves. I’m also a realist and tend to steer towards networking technology that follows RFCs with as few ‘additions’ as possible. In my world, this equates to Juniper Networks with an acceptance that Cisco does have its place (just not used by default – I’m looking at you CEOs!).
So, for my first post, I want to spread the Junos love! I’ve only been using Junos for about three years or so, but during this time, I’ve fell in love with it. Junos tends to be logical and has many cool and helpful features built in. It takes some getting used to if you’ve been a Cisco nut for the last few years, but once you adapt, you will question how you coped without it.
Networking has always been about learning in a layered fashion, reflecting that of the OSI model itself. Learn the bits and bytes and the rest will come. The Junos software is not much different. Learn the helpful bits of Junos, the keystrokes, the clever little features that makes your life as an engineer easy and the days of messy configuration works its way to an end. So, my top five Junos tips for the budding Junos explorer:
1. Use the built in help. It’s accessible from operational mode and configuration mode and gives you access to the built in documentation library. This is a little like *nix man pages. It puts you in the mind set at looking at documentation and ultimately RFC’s. Those turn you into a better engineer. Stop asking someone on a forum or IRC to write you a firewall filter (ACL).
Example: I’m at a customer site and have completely forgot how to configure a certain feature. Not only do you stop yourself looking stupid, but you get the job done in the the allotted timescale. How many of you have been on security jobs where you’re not allowed to take your iPad or laptop into the datacentre?
user@test_node# help ?
<[Enter]> Execute this command
apropos Find help information about a topic
reference Reference material
syslog System log error messages
tip Tip for the day
topic Help for high level topics
| Pipe through a command ?
A related feature is the ability to hit 'h' whilst paging through output. It displays what keys do what function in case you forget.
2. Auto rollback. This is a life saver. How many times have you let a Cisco device reload after forgetting to issue “no reload” after a maintenance window? I know CCIE’s who have this happen regularly. It doesn’t make them a bad engineer. Late night maintenance windows leave you feeling drained and tired. With Junos, not only do you have the commit feature (which alone is powerful), but when you commit a configuration that’s likely to disconnect you if you’ve made a mistake, you can issue ‘commit confirmed x’ where x is a number in minutes. If you do not enter ‘commit’within that time period, the router rolls back to the last configuration. You can tell the customers now that you don’t have to be in Scotland to make that change 😉
3. Compare your changes. This feature has to be in the top ten features. Junos by default archives the last 49 configuration revisions. You can compare your candidate configuration (the one you’re working on now) to a previous configuration. Under configuration mode, enter the following and replace x with a rollback number.
show | compare rollback x
You can also compare against another configuration file instead of a rollback!
4. Shortcuts make your life easy. Emacs shortcuts are supported in Junos. I’m not a *nix power user, but I make use of these as often as I can for speed. Some simple ones for now, but look into these. This is a good link (ignore the junos9.4 reference. They don’t change much!)
I regularly use ctrl+w, ctrl+a, ctrl+e, ctrl+r and when paging through output, use ‘/’ and ‘s’ to find words and save output respectively.
5. Apply-path reduces mistakes and reduces config. If you have your network locked down, you will appreciate managing access-lists & firewall filters can be an utter nightmare and very time consuming. The Junos apply-path allows you to expand configuration from other paths in Junos. For example, you have a Junos powered router as an internet gateway connected at an IX. You want to make sure only those routers at the IX are able to send information to your router (you do this right?). Instead of creating a firewall filter which mimics your BGP group listing (equivalent would be a list of BGP neighbors in IOS), you can point your prefix-list to your BGP configuration statements and voila. Your prefix-list inherits them creating you a dynamic filter. Stefan Fouant (a Juniper employee and networking superstar) has this great article on using them:
This barely scratches the surface with Junos so go experiment (without breaking any live networks of course). I take zero liability for anything you break with this information!!!