Monday, 5 October 2015

NTP juniper

NTP

When you use NTP, configure the router or switch to operate in one of the following modes:

Client mode
Symmetric active mode
Broadcast mode
Server mode

The following topics describe how to configure these modes of operation:

Configuring the Router or Switch to Operate in Client Mode

To configure the local router or switch to operate in client mode, include the server statement and other optional statements at the [edit system ntp] hierarchy level:

[edit system ntp]server address <key key-number> <version value> <prefer>; authentication-key key-number type type value password;boot-server address;trusted-key [ key-numbers ];

Specify the address of the system acting as the time server. You must specify an address, not a hostname.

To include an authentication key in all messages sent to the time server, include the key option. The key corresponds to the key number you specify in the authentication-key statement, as described in Configuring NTP Authentication Keys.

By default, the router or switch sends NTP version 4 packets to the time server. To set the NTP version level to 1, 2, or 3, include the version option.

If you configure more than one time server, you can mark one server preferred by including the prefer option.

For information about how to configure trusted keys, see Configuring NTP Authentication Keys. For information about how to configure an NTP boot server, see Synchronizing and Coordinating Time Distribution Using NTP. For information about how to configure the router or switch to operate in server mode, see Configuring the Router or Switch to Operate in Server Mode.

The following example shows how to configure the router or switch to operate in client mode:

[edit system ntp]authentication-key 1 type md5 value "$9$EgfcrvX7VY4ZEcwgoHjkP5Q3CuREyv87";boot-server 10.1.1.1;server 10.1.1.1 key 1 prefer;trusted-key 1;

Configuring the Router or Switch to Operate in Symmetric Active Mode

To configure the local router or switch to operate in symmetric active mode, include the peer statement at the [edit system ntp] hierarchy level:

[edit system ntp]peer address <key key-number> <version value> <prefer>;

Specify the address of the remote system. You must specify an address, not a hostname.

To include an authentication key in all messages sent to the remote system, include the key option. The key corresponds to the key number you specify in the authentication-key statement, as described in Configuring NTP Authentication Keys.

By default, the router or switch sends NTP version 4 packets to the remote system. To set the NTP version level to 1, 2 or 3, include the version option.

If you configure more than one remote system, you can mark one system preferred by including the prefer option:

peer address <key key-number> <version value> prefer;

Configuring the Router or Switch to Operate in Broadcast Mode

To configure the local router or switch to operate in broadcast mode, include the broadcast statement at the [edit system ntp] hierarchy level:

[edit system ntp]broadcast address <key key-number> <version value> <ttl value>;

Specify the broadcast address on one of the local networks or a multicast address assigned to NTP. You must specify an address, not a hostname. If the multicast address is used, it must be 224.0.1.1.

By default, the router or switch sends NTP version 4 packets to the remote system. To set the NTP version level to 1, 2, or 3, include the version option.

Configuring the Router or Switch to Operate in Server Mode

In server mode, the router or switch acts as an NTP server for clients when the clients are configured appropriately. The only prerequisite for “ server mode” is that the router or switch must be receiving time from another NTP peer or server. No other configuration is necessary on the router or switch.

To configure the local router or switch to operate as an NTP server, include the following statements at the [edit system ntp] hierarchy level:

[edit system ntp]authentication-key key-number type type value password;server address <key key-number> <version value> <prefer>; trusted-key [ key-numbers ];

Specify the address of the system acting as the time server. You must specify an address, not a hostname.

By default, the router or switch sends NTP version 4 packets to the time server. To set the NTP version level to 1,or 2, or 3, include the version option.

If you configure more than one time server, you can mark one server preferred by including the prefer option.

For information about how to configure trusted keys, see Configuring NTP Authentication Keys. For information about how to configure the router or switch to operate in client mode, see Configuring the Router or Switch to Operate in Client Mode.

The following example shows how to configure the router or switch to operate in server mode:

[edit system ntp]authentication-key 1 type md5 value "$9$txERuBEreWx-wtuLNdboaUjH.T3AtOESe";server 172.17.27.46 prefer;trusted-key 1

Monday, 13 July 2015

ISSU

Unified ISSU

A unified in-service software upgrade (unified ISSU) enables you to upgrade between two different Junos OS releases with no disruption on the control plane and with minimal disruption of traffic. Unified ISSU is supported only on dual Routing Engine platforms. In addition, the graceful Routing Engine switchover (GRES) and nonstop active routing (NSR) must be enabled.

A unified ISSU provides the following benefits:

Eliminates network downtime during software image upgrades
Reduces operating costs, while delivering higher service levels
Allows fast implementation of new features

A unified ISSU has the following caveats:

The master Routing Engine and backup Routing Engine must be running the same software version before you can perform a unified ISSU.
Graceful Routing Engine switchover (GRES) (check it with show system switchover)and NSR nonstop active routing must be enabled. (note NSR is not supported in all devices.
You cannot take any PICs online or offline during a unified ISSU.
You can verify the unified ISSU compatibility of the software, hardware, and the configuration on a device by issuing the request system software validate in-service-upgrade command. This command runs the validation checks, and shows whether the operating system, device components, and configurations are ISSU compatible or not. See request system software validate-in-service-upgrade for more information.
Unicast RPF-related statistics are not saved across a unified ISSU, and the unicast RPF counters are reset to zero during a unified ISSU.
BGP session uptime and downtime statistics are not synchronized between the primary and backup Routing Engines during NSR and ISSU. The backup Routing Engine maintains its own session uptime based on the time when the backup first becomes aware of the established sessions. For example, if the backup Routing Engine is rebooted (or if you run restart routing on the backup Routing Engine), the backup's uptime is a short duration, because the backup has just learned about the established sessions. If the backup is operating when the BGP sessions first come up on the primary, the uptime on the primary and the uptime on the backup are almost the same duration. After a Routing Engine switchover, the new master continues from the time left on the standby Routing Engine.
You must disable the unconditional-src-learn statement at the [edit interfaces interface-name unit 0 family inet] hierarchy level before the unified ISSU process begins and enable it after the unified ISSU process is complete. Note that the unconditional-src-learn statement is disabled by default.
Starting with Junos OS Release 13.2, unified ISSU is supported on PTX5000 routers with the FPC-PTX-P1-A FPC. However, you can perform unified ISSU only from Junos OS Release 13.2 to 13.3 and from Junos OS Release 14.1 to a later release. You must not perform unified ISSU from Junos OS Release 13.2 or 13.3 to 14.1 and later releases.
LACP is not supported during unified ISSU on PTX Series routers. You must disable the lacp statement at the [edit interfaces interface-name aggregated-ether-options] hierarchy level before the unified ISSU process begins and enable it after the unified ISSU process is complete.

After the request system software in-service-upgrade command is issued, the following process occurs.

Note: In the illustrations below, a solid line indicates the high-speed internal link between a Routing Engine and a Packet Forwarding Engine. A dotted line indicates the chassis process (chassisd), another method of communication between a Routing Engine and a Packet Forwarding Engine. RE0m and RE1s indicate master and backup (or standby) Routing Engines, respectively.

Note: The following process pertains to all supported routing platforms except the TX Matrix router and TX Matrix Plus router. For information about the unified ISSU process on the TX Matrix router, see Unified ISSU Process on the TX Matrix Router. For more information about the unified ISSU process on the TX Matrix Plus router, see Unified ISSU Process on the TX Matrix Plus Router and on the TX Matrix Plus Router with 3D SIBs. On most routers, the Packet Forwarding Engine resides on an FPC. However, on an M120 router, the Forwarding Engine Board (FEB) replaces the functions of a Packet Forwarding Engine. In the illustrations and steps, when considering an M120 router, you can regard the PFE as an FPC. As an additional step on an M120 router, after the FPCs and PICs have been upgraded, the FEBs are upgraded.

The master Routing Engine validates the router configuration to ensure that it can be committed when you use the new software version. Checks are made for disk space available for the /var file system on both Routing Engines, for unsupported configurations, and for unsupported Physical Interface Cards (PICs). If there is not sufficient disk space available on either of the Routing Engines, the unified ISSU process fails and returns an error message saying that the Routing Engine does not have enough disk space available. However, unsupported PICs do not prevent a unified ISSU. The software issues a warning to indicate that these PICs will restart during the upgrade. Similarly, an unsupported protocol configuration does not prevent a unified ISSU. The software issues a warning that packet loss may occur for the protocol during the upgrade.
When the validation succeeds, the kernel state synchronization daemon (ksyncd) synchronizes the kernel on the backup Routing Engine with the master Routing Engine.
The backup Routing Engine is upgraded with the new software image. Before being upgraded, the backup Routing Engine gets the configuration file from the master Routing Engine and validates the configuration to ensure that it can be committed using the new software version. After being upgraded, it is resynchronized with the master Routing Engine. In the illustration, an apostrophe ( ' ) indicates that the device is running the new version of software.
The chassis process (chassisd) on the master Routing Engine prepares other software processes for the unified ISSU. When all the processes are ready, chassisd sends an ISSU_PREPARE message to the FPCs installed in the router.
The Packet Forwarding Engine on each FPC saves its state and downloads the new software image from the backup Routing Engine. Next, each Packet Forwarding Engine sends an ISSU_READY message to the chassis process (chassisd).
After receiving an ISSU_READY message from a Packet Forwarding Engine, the chassis process (chassisd) sends an ISSU_REBOOT message to the FPC on which the Packet Forwarding Engine resides. The FPC reboots with the new software image. After the FPC is rebooted, the Packet Forwarding Engine restores the FPC state and a high-speed internal link is established with the backup Routing Engine running the new software. The chassis process (chassisd) is also reestablished with the master Routing Engine.
After all Packet Forwarding Engines have sent a READY message using the chassis process (chassisd) on the master Routing Engine, other software processes are prepared for a Routing Engine switchover. The system is ready for a switchover at this point.

Note: For M120 routers, the FEBs are upgraded at this point. When all FEBs have been upgraded, the system is ready for a switchover.
The Routing Engine switchover occurs, and the backup Routing Engine becomes the new master Routing Engine.
The new backup Routing Engine is now upgraded to the new software image. (This step is skipped if you have not specified the no-old-master-upgrade option.)
When the backup Routing Engine has been successfully upgraded, the unified ISSU is complete.

Performing a Unified ISSU

You can perform a unified ISSU in one of three ways:

Upgrading and Rebooting Both Routing Engines Automatically

When you issue the request system software in-service-upgrade command with the reboot option, the system automatically upgrades both Routing Engines to the newer software and reboots both Routing Engines. This option enables you to complete the unified ISSU with a single command.

To perform a unified ISSU using the request system software in-service-upgrade package-name reboot command, complete the following steps:

Download the software package from the Juniper Networks Support website, http://www.juniper.net/support/. Choose the Canada and U.S., Worldwide, or Junos-FIPS edition. Place the package on a local server. To download the package, you must have a service contract and an access account. If you do not have an access account, complete the registration form at the Juniper Networks website: https://www.juniper.net/registration/Register.jsp.
Copy the package to the router. We recommend that you copy it to the /var/tmp directory, which is a large file system on the hard disk.

user@host>file copy ftp://username:prompt@ftp.hostname.net/filename/var/tmp/filename

To verify the current software version running on both Routing Engines, on the master Routing Engine issue the show version invoke-on all-routing-engines command. The following example shows that both Routing Engines are running an image of Junos OS, Release 9.0, that was built on December 11, 2007:

{backup}

user@host> show version invoke-on all-routing-engines

re0:
--------------------------------------------------------------------------
Hostname: host
Model: m320
JUNOS Base OS boot [9.0-20071211.2]
JUNOS Base OS Software Suite 9.0-20071211.2]
JUNOS Kernel Software Suite [9.0-20071211.2]
JUNOS Crypto Software Suite [9.0-20071211.2]
JUNOS Packet Forwarding Engine Support (M/T Common) [9.0-20071211.2]
JUNOS Packet Forwarding Engine Support (M320) [9.0-20071211.2]
JUNOS Online Documentation [9.0-20071211.2]
JUNOS Routing Software Suite [9.0-20071211.2]

re1:
--------------------------------------------------------------------------
Hostname: host1
Model: m320
JUNOS Base OS boot [9.0-20071211.2]
JUNOS Base OS Software Suite [9.0-20071211.2]
JUNOS Kernel Software Suite [9.0-20071211.20]
JUNOS Crypto Software Suite [9.0-20071211.2]
JUNOS Packet Forwarding Engine Support (M/T Common) [9.0-20071211.2]
JUNOS Packet Forwarding Engine Support (M320) [9.0-20071211.2]
JUNOS Online Documentation [9.0-20071211.2]
JUNOS Routing Software Suite [9.0-20071211.2]

On the master Routing Engine, issue the request system software in-service-upgrade package-name reboot command. The following example upgrades the current version to an image of Junos OS, Release 9.0, that was built on January 14, 2008:

{master}

user@host> request system software in-service-upgrade
/var/tmp/jinstall-9.0-20080114.2-domestic-signed.tgz reboot

ISSU: Validating Image
PIC 0/3 will be offlined (In-Service-Upgrade not supported)
Do you want to continue with these actions being taken ? [yes,no] (no) yes 

ISSU: Preparing Backup RE
Pushing bundle to re1
Checking compatibility with configuration
Initializing...
Using jbase-9.0-20080114.2
Verified manifest signed by PackageProduction_9_0_0
Using /var/tmp/jinstall-9.0-20080114.2-domestic-signed.tgz
Verified jinstall-9.0-20080114.2-domestic.tgz signed by PackageProduction_9_0_0
Using jinstall-9.0-20080114.2-domestic.tgz
Using jbundle-9.0-20080114.2-domestic.tgz
Checking jbundle requirements on /
Using jbase-9.0-20080114.2.tgz
Verified manifest signed by PackageProduction_9_0_0
Using jkernel-9.0-20080114.2.tgz
Verified manifest signed by PackageProduction_9_0_0
Using jcrypto-9.0-20080114.2.tgz
Verified manifest signed by PackageProduction_9_0_0
Using jpfe-9.0-20080114.2.tgz
Using jdocs-9.0-20080114.2.tgz
Verified manifest signed by PackageProduction_9_0_0
Using jroute-9.0-20080114.2.tgz
Verified manifest signed by PackageProduction_9_0_0
Hardware Database regeneration succeeded
Validating against /config/juniper.conf.gz
mgd: commit complete
Validation succeeded
Installing package '/var/tmp/jinstall-9.0-20080114.2-domestic-signed.tgz' ...
Verified jinstall-9.0-20080114.2-domestic.tgz signed by PackageProduction_9_0_0
Adding jinstall...
Verified manifest signed by PackageProduction_9_0_0

WARNING:     This package will load JUNOS 9.0-20080114.2 software.
WARNING:     It will save JUNOS configuration files, and SSH keys
WARNING:     (if configured), but erase all other files and information
WARNING:     stored on this machine.  It will attempt to preserve dumps
WARNING:     and log files, but this can not be guaranteed.  This is the
WARNING:     pre-installation stage and all the software is loaded when
WARNING:     you reboot the system.

Saving the config files ...
NOTICE: uncommitted changes have been saved in /var/db/config/juniper.conf.pre-install
Installing the bootstrap installer ...

WARNING:     A REBOOT IS REQUIRED TO LOAD THIS SOFTWARE CORRECTLY. Use the
WARNING:     'request system reboot' command when software installation is
WARNING:     complete. To abort the installation, do not reboot your system,
WARNING:     instead use the 'request system software delete jinstall'
WARNING:     command as soon as this operation completes.

Saving package file in /var/sw/pkg/jinstall-9.0-20080114.2-domestic-signed.tgz ...
Saving state for rollback ...
Backup upgrade done
Rebooting Backup RE

Rebooting re1
ISSU: Backup RE Prepare Done
Waiting for Backup RE reboot
GRES operational
Initiating Chassis In-Service-Upgrade
Chassis ISSU started
ISSU: Backup RE Prepare Done
ISSU: Preparing Daemons
ISSU: Daemons Ready for ISSU
ISSU: Starting Upgrade for FRUs
ISSU: Preparing for Switchover
ISSU: Ready for Switchover
Checking In-Service-Upgrade status
  Item           Status                  Reason
  FPC 0          Online (ISSU)        
  FPC 1          Online (ISSU)        
  FPC 2          Online (ISSU)        
  FPC 6          Online (ISSU)        
  FPC 7          Online (ISSU)        
Resolving mastership...
Complete. The other routing engine becomes the master.
ISSU: RE switchover Done
ISSU: Upgrading Old Master RE
Installing package '/var/tmp/paKEuy' ...
Verified jinstall-9.0-20080114.2-domestic.tgz signed by PackageProduction_9_0_0
Adding jinstall...
Verified manifest signed by PackageProduction_9_0_0

WARNING:     This package will load JUNOS 9.0-20080114.2 software.
WARNING:     It will save JUNOS configuration files, and SSH keys
WARNING:     (if configured), but erase all other files and information
WARNING:     stored on this machine.  It will attempt to preserve dumps
WARNING:     and log files, but this can not be guaranteed.  This is the
WARNING:     pre-installation stage and all the software is loaded when
WARNING:     you reboot the system.

Saving the config files ...
NOTICE: uncommitted changes have been saved in /var/db/config/juniper.conf.pre-install
Installing the bootstrap installer ...

WARNING:     A REBOOT IS REQUIRED TO LOAD THIS SOFTWARE CORRECTLY. Use the
WARNING:     'request system reboot' command when software installation is
WARNING:     complete. To abort the installation, do not reboot your system,
WARNING:     instead use the 'request system software delete jinstall'
WARNING:     command as soon as this operation completes.

Saving package file in /var/sw/pkg/jinstall-9.0-20080114.2-domestic-signed.tgz ...
cp: /var/tmp/paKEuy is a directory (not copied).
Saving state for rollback ...
ISSU: Old Master Upgrade Done
ISSU: IDLE
Shutdown NOW!
Reboot consistency check bypassed - jinstall 9.0-20080114.2 will complete installation upon reboot
[pid 30227]

*** FINAL System shutdown message from root@host ***

System going down IMMEDIATELY
                                                                               
Connection to host closed.

When the new backup (old master) Routing Engine is rebooted, you are logged out from the router.

After waiting a few minutes, log in to the router again. You are logged in to the new backup Routing Engine (re0). To verify that both Routing Engines have been upgraded, issue the following command:

{backup}

user@host> show version invoke-on all-routing-engines

re0:
--------------------------------------------------------------------------
Hostname: host
Model: m320
JUNOS Base OS boot [9.0-20080114.2]
JUNOS Base OS Software Suite 9.0-20080114.2]
JUNOS Kernel Software Suite [9.0-20080114.2]
JUNOS Crypto Software Suite [9.0-20080114.2]
JUNOS Packet Forwarding Engine Support (M/T Common) [9.0-20080114.2]
JUNOS Packet Forwarding Engine Support (M320) [9.0-20080114.2]
JUNOS Online Documentation [9.0-20080114.2]
JUNOS Routing Software Suite [9.0-20080114.2]

re1:
--------------------------------------------------------------------------
Hostname: host1
Model: m320
JUNOS Base OS boot [9.0-20080114.2]
JUNOS Base OS Software Suite [9.0-20080114.2]
JUNOS Kernel Software Suite [9.0-20080114.2]
JUNOS Crypto Software Suite [9.0-20080114.2]
JUNOS Packet Forwarding Engine Support (M/T Common) [9.0-20080114.2]
JUNOS Packet Forwarding Engine Support (M320) [9.0-20080114.2]
JUNOS Online Documentation [9.0-20080114.2]
JUNOS Routing Software Suite [9.0-20080114.2]

To make re0 the master Routing Engine, issue the following command:

{backup}

user@host> request chassis routing-engine master
acquire

Attempt to become the master routing engine ? [yes,no] (no) yes 

Resolving mastership...
Complete. The local routing engine becomes the master.

{master}
user@host>

if for any reason ISSU procedure stops progressing complete

open a new session on the master ROuting Engine and Issue the request system

 software abort in-service-upgrade command

Issue the request system snapshot command on each Routing Engine to back up the system software to the router’s hard disk.

Note: The root file system is backed up to /altroot, and /config is backed up to /altconfig. After you issue the request system snapshot command, the router’s flash and hard disks are identical. You can return to the previous version of the software only by booting the router from removable media.

Upgrading Both Routing Engines and Rebooting the New Backup Routing Engine Manually

When you issue the request system software in-service-upgrade command without any options, the system upgrades and reboots the new master Routing Engine to the newer software. The new software is placed on the new backup (old master) Routing Engine; however, to complete the upgrade, you must issue the request system reboot command on the new backup Routing Engine.

To perform a unified ISSU using the request system software in-service-upgrade package-name command without any options, complete the following steps:

Download the software package from the Juniper Networks Support website, http://www.juniper.net/support/. Choose the Canada and U.S., Worldwide, or Junos-FIPS edition. Place the package on a local server. To download the package, you must have a service contract and an access account. If you do not have an access account, complete the registration form at the Juniper Networks website: https://www.juniper.net/registration/Register.jsp.
Copy the package to the router. We recommend that you copy it to the /var/tmp directory, which is a large file system on the hard disk.

user@host>file copy ftp://username:prompt@ftp.hostname.net/filename/var/tmp/filename

To verify the current software version running on both Routing Engines, on the master Routing Engine, issue the show version invoke-on all-routing-engines command. The following example shows that both Routing Engines are running Junos OS Release 9.0R1:

{master}

user@host> show version invoke-on all-routing-engines

re0:
--------------------------------------------------------------------------
Hostname: host
Model: m320
JUNOS Base OS boot [9.0R1]
JUNOS Base OS Software Suite [9.0R1]
JUNOS Kernel Software Suite [9.0R1]
JUNOS Crypto Software Suite [9.0R1]
JUNOS Packet Forwarding Engine Support (M/T Common) [9.0R1]
JUNOS Packet Forwarding Engine Support (M320) [9.0R1]
JUNOS Online Documentation [9.0R1]
JUNOS Routing Software Suite [9.0R1]

re1:
--------------------------------------------------------------------------
Hostname: host1
Model: m320
JUNOS Base OS boot [9.0R1]
JUNOS Base OS Software Suite [9.0R1]
JUNOS Kernel Software Suite [9.0R1]
JUNOS Crypto Software Suite [9.0R1]
JUNOS Packet Forwarding Engine Support (M/T Common) [9.0R1]
JUNOS Packet Forwarding Engine Support (M320) [9.0R1]
JUNOS Online Documentation [9.0R1]
JUNOS Routing Software Suite [9.0R1]

On the master Routing Engine, issue the request system software in-service-upgrade package-name command. The following example upgrades the current version to Junos OS Release 9.0R1.2:

user@host> request system software in-service-upgrade
/var/tmp/jinstall-9.0R1.2-domestic-signed.tgz

ISSU: Validating Image
FPC 4 will be offlined (In-Service-Upgrade not supported)
Do you want to continue with these actions being taken ? [yes,no] (no) yes 

ISSU: Preparing Backup RE
Pushing bundle to re1
Checking compatibility with configuration
Initializing...
Using jbase-9.0-20080117.0
Verified manifest signed by PackageProduction_9_0_0
Using /var/tmp/jinstall-9.0R1.2-domestic-signed.tgz
Verified jinstall-9.0R1.2-domestic.tgz signed by PackageProduction_9_0_0
Using jinstall-9.0R1.2-domestic.tgz
Using jbundle-9.0R1.2-domestic.tgz
Checking jbundle requirements on /
Using jbase-9.0R1.2.tgz
Verified manifest signed by PackageProduction_9_0_0
Using jkernel-9.0R1.2.tgz
Verified manifest signed by PackageProduction_9_0_0
Using jcrypto-9.0R1.2.tgz
Verified manifest signed by PackageProduction_9_0_0
Using jpfe-9.0R1.2.tgz
Using jdocs-9.0R1.2.tgz
Verified manifest signed by PackageProduction_9_0_0
Using jroute-9.0R1.2.tgz
Verified manifest signed by PackageProduction_9_0_0
Hardware Database regeneration succeeded
Validating against /config/juniper.conf.gz
mgd: commit complete
Validation succeeded
Installing package '/var/tmp/jinstall-9.0R1.2-domestic-signed.tgz' ...
Verified jinstall-9.0R1.2-domestic.tgz signed by PackageProduction_9_0_0
Adding jinstall...
Verified manifest signed by PackageProduction_9_0_0

WARNING:     This package will load JUNOS 9.0R1.2 software.
WARNING:     It will save JUNOS configuration files, and SSH keys
WARNING:     (if configured), but erase all other files and information
WARNING:     stored on this machine.  It will attempt to preserve dumps
WARNING:     and log files, but this can not be guaranteed.  This is the
WARNING:     pre-installation stage and all the software is loaded when
WARNING:     you reboot the system.

Saving the config files ...
NOTICE: uncommitted changes have been saved in /var/db/config/juniper.conf.pre-install
Installing the bootstrap installer ...

WARNING:     A REBOOT IS REQUIRED TO LOAD THIS SOFTWARE CORRECTLY. Use the
WARNING:     'request system reboot' command when software installation is
WARNING:     complete. To abort the installation, do not reboot your system,
WARNING:     instead use the 'request system software delete jinstall'
WARNING:     command as soon as this operation completes.

Saving package file in /var/sw/pkg/jinstall-9.0R1.2-domestic-signed.tgz ...
Saving state for rollback ...
Backup upgrade done
Rebooting Backup RE

Rebooting re1
ISSU: Backup RE Prepare Done
Waiting for Backup RE reboot
GRES operational
Initiating Chassis In-Service-Upgrade
Chassis ISSU started
ISSU: Backup RE Prepare Done
ISSU: Preparing Daemons
ISSU: Daemons Ready for ISSU
ISSU: Starting Upgrade for FRUs
ISSU: Preparing for Switchover
ISSU: Ready for Switchover
Checking In-Service-Upgrade status
  Item           Status                  Reason
  FPC 0          Online (ISSU)        
  FPC 1          Online (ISSU)        
  FPC 2          Online (ISSU)        
  FPC 3          Online (ISSU)        
  FPC 4          Offline                 Offlined by cli command
  FPC 5          Online (ISSU)        
Resolving mastership...
Complete. The other routing engine becomes the master.
ISSU: RE switchover Done
ISSU: Upgrading Old Master RE
Installing package '/var/tmp/paeBi5' ...
Verified jinstall-9.0R1.2-domestic.tgz signed by PackageProduction_9_0_0
Adding jinstall...
Verified manifest signed by PackageProduction_9_0_0

WARNING:     This package will load JUNOS 9.0R1.2 software.
WARNING:     It will save JUNOS configuration files, and SSH keys
WARNING:     (if configured), but erase all other files and information
WARNING:     stored on this machine.  It will attempt to preserve dumps
WARNING:     and log files, but this can not be guaranteed.  This is the
WARNING:     pre-installation stage and all the software is loaded when
WARNING:     you reboot the system.

Saving the config files ...
NOTICE: uncommitted changes have been saved in /var/db/config/juniper.conf.pre-install
Installing the bootstrap installer ...

WARNING:     A REBOOT IS REQUIRED TO LOAD THIS SOFTWARE CORRECTLY. Use the
WARNING:     'request system reboot' command when software installation is
WARNING:     complete. To abort the installation, do not reboot your system,
WARNING:     instead use the 'request system software delete jinstall'
WARNING:     command as soon as this operation completes.

Saving package file in /var/sw/pkg/jinstall-9.0R1.2-domestic-signed.tgz ...
cp: /var/tmp/paeBi5 is a directory (not copied).
Saving state for rollback ...
ISSU: Old Master Upgrade Done
ISSU: IDLE

Issue the show version invoke-on all-routing-engines command to verify that the new backup (old master) Routing Engine (re0), is still running the previous software image, while the new master Routing Engine (re1) is running the new software image:

{backup}

user@host> show version

re0:
--------------------------------------------------------------------------
Hostname: user
Model: m320
JUNOS Base OS boot [9.0R1]
JUNOS Base OS Software Suite [9.0R1]
JUNOS Kernel Software Suite [9.0R1]
JUNOS Crypto Software Suite [9.0R1]
JUNOS Packet Forwarding Engine Support (M/T Common) [9.0R1]
JUNOS Packet Forwarding Engine Support (M320) [9.0R1]
JUNOS Online Documentation [9.0R1]
JUNOS Routing Software Suite [9.0R1]
labpkg [7.0]
JUNOS Installation Software [9.0R1.2]

re1:
--------------------------------------------------------------------------
Hostname: user1
Model: m320
JUNOS Base OS boot [9.0R1.2]
JUNOS Base OS Software Suite [9.0R1.2]
JUNOS Kernel Software Suite [9.0R1.2]
JUNOS Crypto Software Suite [9.0R1.2]
JUNOS Packet Forwarding Engine Support (M/T Common) [9.0R1.2]
JUNOS Packet Forwarding Engine Support (M320) [9.0R1.2]
JUNOS Online Documentation [9.0R1.2]
JUNOS Routing Software Suite [9.0R1.2]

At this point, if you choose not to install the newer software version on the new backup Routing Engine (re1), you can issue the request system software delete jinstall command on it. Otherwise, to complete the upgrade, go to the next step.

Reboot the new backup Routing Engine (re0) by issuing the request system reboot command:

{backup}

user@host> request system reboot

Reboot the system ? [yes,no] (no) yes 

Shutdown NOW!
Reboot consistency check bypassed - jinstall 9.0R1.2 will complete installation upon reboot
[pid 6170]

{backup}
user@host>
System going down IMMEDIATELY
                                                                               
Connection to host closed by remote host.
Connection to host closed.

If you are not on the console port, you are disconnected from the router session.

After waiting a few minutes, log in to the router again. You are logged in to the new backup Routing Engine (re0). To verify that both Routing Engines have been upgraded, issue the following command:

{backup}

user@host> show version invoke-on all-routing-engines

re0:
--------------------------------------------------------------------------
Hostname: host
Model: m320
JUNOS Base OS boot [9.0R1.2]
JUNOS Base OS Software Suite [9.0R1.2]
JUNOS Kernel Software Suite [9.0R1.2]
JUNOS Crypto Software Suite [9.0R1.2]
JUNOS Packet Forwarding Engine Support (M/T Common) [9.0R1.2]
JUNOS Packet Forwarding Engine Support (M320) [9.0R1.2]
JUNOS Online Documentation [9.0R1.2]
JUNOS Routing Software Suite [9.0R1.2]

re1:
--------------------------------------------------------------------------
Hostname: host1
Model: m320
JUNOS Base OS boot [9.0R1.2]
JUNOS Base OS Software Suite [9.0R1.2]
JUNOS Kernel Software Suite [9.0R1.2]
JUNOS Crypto Software Suite [9.0R1.2]
JUNOS Packet Forwarding Engine Support (M/T Common) [9.0R1.2]
JUNOS Packet Forwarding Engine Support (M320) [9.0R1.2]
JUNOS Online Documentation [9.0R1.2]
JUNOS Routing Software Suite [9.0R1.2]

To make re0 the master Routing Engine, issue the following command:

{backup}

user@host> request chassis routing-engine master
acquire

Attempt to become the master routing engine ? [yes,no] (no) yes 

Resolving mastership...
Complete. The local routing engine becomes the master.

{master}
user@host>

Issue the request system snapshot command on each Routing Engine to back up the system software to the router’s hard disk.

Upgrading and Rebooting Only One Routing Engine

When you issue the request system software in-service-upgrade command with the no-old-master-upgrade option, the system upgrades and reboots only the new master Routing Engine. To upgrade the new backup (former master) Routing Engine, you must issue the request system software add command.

To perform a unified ISSU using the request system software in-service-upgrade package-name no-old-master-upgrade commands, complete the following steps:

Download the software package from the Juniper Networks Support website, http://www.juniper.net/support/. Choose the Canada and U.S., Worldwide, or Junos-FIPS edition. Place the package on a local server. To download the package, you must have a service contract and an access account. If you do not have an access account, complete the registration form at the Juniper Networks website: https://www.juniper.net/registration/Register.jsp.
Copy the package to the router. We recommend that you copy it to the /var/tmp directory, which is a large file system on the hard disk.

user@host>file copy ftp://username:prompt@ftp.hostname.net/filename/var/tmp/filename

{backup}

user@host> show version invoke-on all-routing-engines

re0:
--------------------------------------------------------------------------
Hostname: host
Model: m320
JUNOS Base OS boot [9.0-20071211.2]
JUNOS Base OS Software Suite 9.0-20071211.2]
JUNOS Kernel Software Suite [9.0-20071211.2]
JUNOS Crypto Software Suite [9.0-20071211.2]
JUNOS Packet Forwarding Engine Support (M/T Common) [9.0-20071211.2]
JUNOS Packet Forwarding Engine Support (M320) [9.0-20071211.2]
JUNOS Online Documentation [9.0-20071211.2]
JUNOS Routing Software Suite [9.0-20071211.2]

re1:
--------------------------------------------------------------------------
Hostname: host1
Model: m320
JUNOS Base OS boot [9.0-20071211.2]
JUNOS Base OS Software Suite [9.0-20071211.2]
JUNOS Kernel Software Suite [9.0-20071211.20]
JUNOS Crypto Software Suite [9.0-20071211.2]
JUNOS Packet Forwarding Engine Support (M/T Common) [9.0-20071211.2]
JUNOS Packet Forwarding Engine Support (M320) [9.0-20071211.2]
JUNOS Online Documentation [9.0-20071211.2]
JUNOS Routing Software Suite [9.0-20071211.2]

On the master Routing Engine, issue the request system software in-service-upgrade package-name no-old-master-upgrade command. The following example upgrades the current version to an image of Junos OS Release 9.0 that was built on January 16, 2008:

{master}

user@host> request system software in-service-upgrade
/var/tmp/jinstall-9.0-20080116.2-domestic-signed.tgz no-old-master-upgrade

ISSU: Validating Image
ISSU: Preparing Backup RE
Pushing bundle to re1
Checking compatibility with configuration
Initializing...
Using jbase-9.0-20080116.2
Verified manifest signed by PackageProduction_9_0_0
Using /var/tmp/jinstall-9.0-20080116.2-domestic-signed.tgz
Verified jinstall-9.0-20080116.2-domestic.tgz signed by PackageProduction_9_0_0
Using jinstall-9.0-20080116.2-domestic.tgz
Using jbundle-9.0-20080116.2-domestic.tgz
Checking jbundle requirements on /
Using jbase-9.0-20080116.2.tgz
Verified manifest signed by PackageProduction_9_0_0
Using jkernel-9.0-20080116.2.tgz
Verified manifest signed by PackageProduction_9_0_0
Using jcrypto-9.0-20080116.2.tgz
Verified manifest signed by PackageProduction_9_0_0
Using jpfe-9.0-20080116.2.tgz
Using jdocs-9.0-20080116.2.tgz
Verified manifest signed by PackageProduction_9_0_0
Using jroute-9.0-20080116.2.tgz
Verified manifest signed by PackageProduction_9_0_0
Hardware Database regeneration succeeded
Validating against /config/juniper.conf.gz
mgd: commit complete
Validation succeeded
Installing package '/var/tmp/jinstall-9.0-20080116.2-domestic-signed.tgz' ...
Verified jinstall-9.0-20080116.2-domestic.tgz signed by PackageProduction_9_0_0
Adding jinstall...
Verified manifest signed by PackageProduction_9_0_0

WARNING:     This package will load JUNOS 9.0-20080116.2 software.
WARNING:     It will save JUNOS configuration files, and SSH keys
WARNING:     (if configured), but erase all other files and information
WARNING:     stored on this machine.  It will attempt to preserve dumps
WARNING:     and log files, but this can not be guaranteed.  This is the
WARNING:     pre-installation stage and all the software is loaded when
WARNING:     you reboot the system.

Saving the config files ...
NOTICE: uncommitted changes have been saved in /var/db/config/juniper.conf.pre-install
Installing the bootstrap installer ...

WARNING:     A REBOOT IS REQUIRED TO LOAD THIS SOFTWARE CORRECTLY. Use the
WARNING:     'request system reboot' command when software installation is
WARNING:     complete. To abort the installation, do not reboot your system,
WARNING:     instead use the 'request system software delete jinstall'
WARNING:     command as soon as this operation completes.

Saving package file in /var/sw/pkg/jinstall-9.0-20080116.2-domestic-signed.tgz ...
Saving state for rollback ...
Backup upgrade done
Rebooting Backup RE

Rebooting re1
ISSU: Backup RE Prepare Done
Waiting for Backup RE reboot
GRES operational
Initiating Chassis In-Service-Upgrade
Chassis ISSU started
ISSU: Backup RE Prepare Done
ISSU: Preparing Daemons
ISSU: Daemons Ready for ISSU
ISSU: Starting Upgrade for FRUs
ISSU: Preparing for Switchover
ISSU: Ready for Switchover
Checking In-Service-Upgrade status
  Item           Status                  Reason
  FPC 0          Online (ISSU)        
  FPC 1          Online (ISSU)        
  FPC 2          Online (ISSU)        
  FPC 3          Online (ISSU)        
  FPC 5          Online (ISSU)        
Resolving mastership...
Complete. The other routing engine becomes the master.
ISSU: RE switchover Done
Skipping Old Master Upgrade
ISSU: IDLE

{backup}
user@host>

You are now logged in to the new backup (old master Routing Engine). If you want to install the new software version on the new backup Routing Engine, issue the request system software add /var/tmp/jinstall-9.0-20080116.2-domestic-signed.tgz command.

Thursday, 9 July 2015

syslog sending messages to the console

sending messages to the console

root@vSRX_R2# show
user * {
    any emergency;
}
file messages {
    any any;
    authorization info;
}
file interactive-commands {
    interactive-commands any;
}

[edit system syslog]
root@vSRX_R2#

root@vSRX_R2# set system syslog console any any

[edit]
root@vSRX_R2# commit
commit complete

[edit]
root@vSRX_R2# Jul 10 01:26:35 vSRX_R2 mgd[1268]: UI_COMMIT_PROGRESS: Commit operation in progress: signaling 'Event processing process', pid 948, signal 1, status 0 with notification errors enabled
Jul 10 01:26:35 vSRX_R2 mgd[1268]: UI_COMMIT_PROGRESS: Commit operation in progress: ssync begins
Jul 10 01:26:35 vSRX_R2 mgd[1268]: UI_COMMIT_PROGRESS: Commit operation in progress: ssync ends
Jul 10 01:26:35 vSRX_R2 mgd[1268]: UI_COMMIT_PROGRESS: Commit operation in progress: commit complete
Jul 10 01:26:35 vSRX_R2 mgd[1268]: UI_COMMIT_PROGRESS: Commit operation in progress: signaling 'Alarm control process', pid 1149, signal 30, status 0 with notification errors enabled

[edit]
root@vSRX_R2#

[edit]
root@vSRX_R2#

[edit]
root@vSRX_R2# del system syslog console any any
Jul 10 01:26:48 vSRX_R2 mgd[1268]: UI_CMDLINE_READ_LINE: User 'root', command 'del system syslog console any any '
Jul 10 01:26:48 vSRX_R2 mgd[1268]: UI_CFG_AUDIT_OTHER: User 'root' delete: [system syslog console any] "any

[edit]
root@vSRX_R2# commit
Jul 10 01:26:51 vSRX_R2 mgd[1268]: UI_CMDLINE_READ_LINE: User 'root', command 'commit ' vSRX_R2 mgd[1268]: UI_COMMIT_PROGRESS: Commit operation in progress: activating '/var/etc/rc.conf.inc'
.............................
Jul 10 01:26:56 vSRX_R2 mgd[1268]: UI_COMMIT_PROGRESS: Commit operation in progress: ssync ends
Jul 10 01:26:56 vSRX_R2 mgd[1268]: UI_COMMIT_PROGRESS: Commit operation in progress: notifying daemons of new configuration
Jul 10 01:26:57 vSRX_R2 mgd[1268]: UI_COMMIT_PROGRESS: Commit operation in progress: notifying eventd(87)
commit complete

[edit]
root@vSRX_R2#

Sunday, 28 June 2015

Configuring backup router

Backup Router

When a router or switch is booting, the routing protocol process (rpd) is not running; therefore, the router or switch has no static or default routes. To allow the router or switch to boot and to ensure that the router or switch is reachable over the network if the routing protocol process fails to start properly, you configure a backup router (running IP version 4 [IPv4] or IP version 6 [IPv6]), which is a router that is directly connected to the local router or switch (that is, on the same subnet).

To achieve network reachability while loading, configuring, and recovering the router or switch, but without the risk of installing a default route in the forwarding table, include the destination option. Specify the address in the format network/mask-length so that the entire network is reachable through the backup router.

By default, all hosts (default route) are reachable through the backup router. To eliminate the risk of installing a default route in the forwarding table, include the destination option, specifying an address that is reachable through the backup router. Specify the address in the format network/mask-length so that the entire network is reachable through the backup router.

Note: The routes 0.0.0.0/0 or ::/0 should not be used as a destination address in the backup router configuration. You must include a proper subnet range of /8 or higher in the destination address.

When the routing protocols start, the address of the backup router is removed from the local routing and forwarding tables. To have the address remain in these tables, configure a static route for that address by including the static statement at the [edit routing-options] hierarchy level.Back

Configuring a Backup Router Running IPv4

To configure a backup router running IPv4, include the backup-router statement at the [edit system] hierarchy level:

[edit system]backup-router address <destination destination-address>;

The following example shows how to configure a backup router running IPv4 and have its address remain in the routing and forwarding tables:

Note: The Routing Engine on the backup router only supports 16 destinations addresses. If you configure more than 16 destination addresses, the Junos OS ignores destination addresses after the sixteenth address and displays a commit-time warning message to this effect.

[edit]system {backup-router 192.168.1.254 destination 208.197.1.0/24;}routing-options {static {route 208.197.1.0/24 {next-hop 192.168.1.254;retain;}}}

To configure a backup router running IPv4:

Include the backup-router statement at the [edit system] hierarchy level.

[edit groups group-name system]backup-router address <destination destination-address>;

For example:

[edit groups re0 system]backup-router 192.168.1.254 destination 172.16.1.0/24;

[edit groups re1 system]backup-router 192.168.1.254 destination 172.16.1.0/24;
(Optional) Configure a static route to the management network.
Junos OS only uses the backup router during the boot sequence. If you want to configure a backup router for use after startup, you can set up a static route. The static route goes into effect when the routing protocol process is running.

routing-options {static {route 172.16.1.0/24 {next-hop 192.168.1.254;retain;}}}
If you used one or more configuration groups, apply the configuration groups, substituting the appropriate group names.
For example:

[edit]user@host# set apply-groups [re0 re1]
Commit the changes:

[edit]root@# commit

Saturday, 27 June 2015

start junos

Juniper Networks routers are specialized network devices that run network operating system software, which is called JUNOS software. We talk about JUNOS features that run on the J-series, M-series, and T-series router platforms. The M-series and T-series platforms are larger routers typically used by network service providers, telephone companies, large enterprise companies, and universities. The J-series routers are smaller routers designed for use by businesses and other organizations to connect multiple sites or to connect to the Internet. The JUNOS software is pre-installed on a new Juniper Networks routers: when you turn the router on, the software automatically starts running. The first task you have to perform is configuring the router.
for example

 root# cli
 root@>
 cli> configure
 [edit]
 root@# set system host-name router1
 root@# set system domain-name mynetwork.com
 root@# set interfaces fxp0 unit 0 family inet address 192.168.15.1/24
 root@# set system backup-router 192.168.15.2
 root@# set system name-server 192.168.15.3
 root@# set system root-authentication plain-text-password
 New password:
 Retype password:
 root@ show
 system {
     host-name router1 
;
     domain-name mynetwork.com;
     backup-router 192.168.15.2;
     root-authentication {
          encrypted-password "$1$ZUlES4dp$OUwWo1g7cLoV/aMWpHUnC/"; ## SECRET-DATA;
     }
     name-server {
          192.168.15.3;
 }
 interfaces {
     fxp0 {
         unit 0 {
             family inet {
                 address 192.168.15.1/24;
             }
         }
     }
 }
 root@# commit
 root@router1# exit
 root@router1>

While the configuration shown in this recipe provides the minimum needed to access the router from another system on the network, you should add a few other settings to the configuration to provide a more robust level of basic network connectivity:

 [edit]
 root@router1#  
set system ntp server 192.168.2.100
 root@router1# set system time-zone America/Los_Angeles
 root@router1#  
set system services ssh
 root@router1# set interfaces lo0 unit 0 family inet address 207.17.139.42/32
 root@router1# set system login user aviva class superuser
 root@router1# set system log user aviva authentication plain-text-password
 New password:
 Retype new password:
 root@router1# commit

P address of the router's fxp0 interface, with the

 
set interfaces fxp0

command. fxp0 is an Ethernet management interface that provides a separate out-of-band management network on the router. (The J-series routers do not have a dedicated management interface. You use one of the built-in Fast Ethernet interfaces, fe-0/0/0 or fe-0/0/1, instead.) Juniper Networks recommends that you manage all M-series and T-series routers using the fxp0 interface, which is reserved for managing the router, so no traffic is forwarded through it. As part of the physical setup for the router, you should connect fxp0 to an Ethernet network over which you can perform management tasks. Optimally, the router should also be able to reach its DNS and NTP servers through this network. If you prefer, you can use any other interface router as a management interface. For the remainder of this book, we assume that fxp0 (or fe-0/0/0 on J-series routers) is configured as the management interface.
IP address of a backup router, with the

 
set system backup-router

command. Choose a router that is directly connected to the local router. Your router uses this backup router only when it is booting and only if the JUNOS routing software (called the routing protocol process, or RPD) does not start. If RPD does not start, the router will have no static or default routes, so you will not be able to access it directly but will have to go through the backup router. When the router is booting, it creates a static route to the backup router. This route is removed from the routing table as soon as the routing software starts.
For routers with two Routing Engines, the backup Routing Engine, RE1, still uses the backup router as a default gateway after the router has booted, so you can use the backup router to log in to RE1.(RE0 is the primary, or master, Routing Engine.see next post configuring back-router