Network Management
SUMMARY This section provides an overview of the Junos OS (operating system).
Device Management Functions in Junos OS
After installing a device into your network, you need to manage the device within your network. Device management can be divided into five tasks:
Fault management—Monitor the device; detect and fix faults.
Configuration management—Configure device attributes.
Accounting management—Collect statistics for accounting purposes.
Performance management—Monitor and adjust device performance.
Security management—Control device access and authenticate users.
The Junos® operating system (Junos OS) network management features work in conjunction with an operations support system (OSS) to manage the devices within the network. Junos OS can assist you in performing these management tasks, as described in Table 1.
Task |
Junos OS Feature |
---|---|
Fault management |
Monitor and see faults using:
|
Configuration management |
|
Accounting management |
Perform the following accounting-related tasks:
|
Performance management |
You can monitor performance in the following ways:
|
Security management |
Assure security in your network in the following ways:
|
Device and Network Management Features
Juniper devices support features that allow you to manage the system performance, fault monitoring, and remote access.
You can use CLI operational mode commands to monitor the system health and performance of your network. Monitoring tools and commands display the current state of the device. You can filter the output to a file. Diagnostic tools and commands test the connectivity and reachability of hosts in the network.
This topic describes the functions available. To use the CLI operational tools, you must have the appropriate access privileges.
Table 2 lists the network management features.
Feature |
Typical Uses |
Documentation |
---|---|---|
Alarms and LEDs on the switch—Display status of hardware components and indicate warning or error conditions. |
Fault management |
|
Firewall filters—Control the packets that are sent to and from the network, balance network traffic, and optimize performance. |
Performance management |
|
In-band management—Enables connection to the switch using the same interfaces through which customer traffic flows. Communication between the switch and a remote console is enabled using SSH and Telnet services. SSH provides secure encrypted communications, whereas Telnet provides unencrypted, and therefore less secure, access to the switch. |
Remote access management |
|
Juniper Networks Junos OS automation scripts—Configuration and operation automation tools provided by Junos OS include commit scripts, operation scripts, event scripts, and event policies. Commit scripts enforce custom configuration rules, whereas operation scripts, event policies, and event scripts automate network troubleshooting and management. |
|
|
Junos OS command-line interface (CLI)— CLI configuration statements enable you to configure the switch based on your networking requirements, such as security, service, and performance. |
|
|
Junos Space software—Multipurpose GUI-based network management system includes a base platform, the Network Application Platform, and other optional applications such as Ethernet Design, Service Now, Service Insight, and Virtual Control. Note:
Junos Space does not support the OCX Series. |
|
|
Junos XML API—XML representation of Junos OS configuration statements and operational mode commands. The Junos XML API also includes tag elements that are the counterpart to Junos CLI configuration statements. |
|
|
NETCONF XML management protocol—XML-based management protocol that client applications use to
request and change configuration information on routing, switching,
and security platforms running Junos OS. The NETCONF XML management
protocol defines basic operations that are equivalent to Junos OS
CLI configuration mode commands. Client applications use the
protocol operations to display, edit, and commit configuration
statements (among other operations), as administrators use CLI
configuration mode commands such as |
|
|
Operational mode commands:
|
|
|
Out-of-band management—Enables connection to the switch through a management interface. Out-of-band management is supported on two dedicated management Ethernet interfaces as well as on the console and auxiliary ports. The management Ethernet interfaces connect directly to the Routing Engine. Transit traffic is not allowed through the interfaces, which ensures the congestion or failures in the transit network do not affect the management of the switch. |
Remote access management |
|
SNMP Configuration Management MIB—Provides notification for configuration changes in the form of SNMP traps. Each trap contains the time at which the configuration change was committed, the name of the user who made the change, and the method by which the change was made. History of the last 32 configuration changes is placed in jnxCmChgEventTable. |
Configuration management |
|
SNMP MIBs and traps—Enable the monitoring of network
devices from a central location. Use SNMP requests such as The QFX3500 switch supports SNMP Version 1 (v1), v2, and v3, and both standard and Juniper Networks enterprise-specific MIBs and traps. |
Fault management |
|
System log messages—Log details of system and user events, including errors. You can specify the severity and type of system log messages you wish to view or save, and configure the output to be sent to local or remote hosts. |
|
Tracing and Logging Operations
Tracing and logging operations enable you to track events that occur in the switch—both normal operations and error conditions—and to track the packets that are generated by or passed through the switch. The results of tracing and logging operations are placed in /var/log directory on the switch.
The Junos OS supports remote tracing for the following processes:
chassisd—Chassis-control process
eventd—Event-processing process
cosd—Class-of-service process
You configure remote tracing using the tracing
statement at the [edit
system]
hierarchy level.
The tracing
statement is not supported on the
QFX3000 QFabric system.
You can disable remote tracing for specific processes on the switch using the
no-remote-trace
statement at the [edit
process-name traceoptions]
hierarchy level.
Logging operations use system logging mechanism similar to the UNIX syslogd utility to record
systemwide, high-level operations, such as interfaces going up or down and users logging
in to or out of the switch. You configure these operations by using the
syslog
statement at the [edit system]
hierarchy
level and by using the options
statement at the [edit
ethernet-switching-options]
hierarchy level.
Tracing operations record more detailed information about the operations of the switch, including
packet forwarding and routing information. You can configure tracing operations using
the traceoptions
statement.
The traceoptions
statement is not supported
on the QFX3000 QFabric system.
You can define tracing operations in different portions of the switch configuration:
SNMP agent activity tracing operations—Define tracing of the activities of SNMP agents on the switch. You can configure SNMP agent activity tracing operations at the
[edit snmp]
hierarchy level.Global switching tracing operations—Define tracing for all switching operations. You configure global switching tracing operations at the
[edit ethernet-switching-options]
hierarchy level.Protocol-specific tracing operations—Define tracing for a specific routing protocol. You configure protocol-specific tracing operations in the
[edit protocols]
hierarchy. Protocol-specific tracing operations override any equivalent operations that you specify in the globaltraceoptions
statement.Tracing operations within individual routing protocol entities—Some protocols allow you to define more granular tracing operations. For example, in Border Gateway Protocol (BGP), you can configure peer-specific tracing operations. These operations override any equivalent BGP-wide operations. If you do not specify any peer-specific tracing operations, the peers inherit, first, all the BGP-wide tracing operations and, second, the global tracing operations.
Interface tracing operations—Define tracing for individual interfaces and for the interface process itself. You define interface tracing operations at the
[edit interfaces]
hierarchy level.Remote tracing—To enable system-wide remote tracing, configure the
destination-override syslog host
statement at the[edit system tracing]
hierarchy level. This specifies the remote host running the system log process (syslogd), which collects the traces. Traces are written to files on the remote host in accordance with the syslogd configuration in /etc/syslog.conf. By default, remote tracing is not configured.To override the system-wide remote tracing configuration for a particular process, include the
no-remote-trace
statement at the[edit process-name traceoptions]
hierarchy. Whenno-remote-trace
is enabled, the process does local tracing.To collect traces, use the local0 facility as the selector in the /etc/syslog.conf file on the remote host. To separate traces from various processes into different files, include the process name or trace-file name (if it is specified at the [edit
process-name traceoptions file
] hierarchy level) in the Program field in the /etc/syslog.conf file. If the system log server supports parsing hostname and program name, then you can separate traces from the various processes.
During a commit check, warnings about the traceoptions
configuration (for example, mismatch in trace file sizes or number
of trace files) are not displayed on the console. However, these warnings
are logged in the system log messages when the new configuration is
committed.
Junos Space Support for Network Management
The Juniper Networks Junos Space application, running on a Junos Space Virtual Appliance, is a comprehensive platform for building and deploying applications. This supports for collaboration, productivity, and network infrastructure and operations management. Junos Space provides a runtime environment implemented as a fabric of virtual and physical appliances.
Preparing the Device for Junos Space Management
Prerequisites
Ensure that the configuration on the QFX Series device meets the following requirements for device discovery in Junos Space:
The device configuration has a static management IP address that is reachable from the Junos Space server.
There is a user with full administrative privileges for Junos Space administration.
SNMP is enabled (only if you plan on using SNMP as part of the device discovery).
In Junos Space, set up a default device management interface (DMI) schema for the QFX Series device.
To prepare the device before using Junos Space:
Perform the initial configuration of the device through the console port using the Junos OS CLI. This task includes the configuration of a static management IP address and a user with root administrative privileges.
For the QFX3500 switch, see Configuring a QFX3500 Device as a Standalone Switch.
For the QFabric system, see QFabric System Initial and Default Configuration Information and Performing the QFabric System Initial Setup on a QFX3100 Director Group.
(Optional) Configure SNMP if you plan on using SNMP to probe devices during device discovery.
See Configuring SNMP.
-
(Optional) Enable SSH if you wish to use the Secure Console feature in Junos Space.
-
In Junos Space, set up a default DMI schema. For more information about managing DMI schemas, see:
See Also
Diagnostic Tools Overview
Juniper Networks devices support a suite of J-Web tools and CLI operational mode commands for evaluating system health and performance. Diagnostic tools and commands test the connectivity and reachability of hosts in the network.
Use the J-Web Diagnose options to diagnose a device. J-Web results appear in the browser.
Use CLI operational mode commands to diagnose a device. You can view the CLI command output on the console or management device. You can filter the output to a file.
To use the J-Web user interface and CLI operational tools, you must have the appropriate access privileges.
This section contains the following topics:
J-Web Diagnostic Tools
The J-Web diagnostic tools consist of the options that appear when you select Troubleshoot and Maintain in the task bar. Table 3 describes the functions of the Troubleshoot options.
Option |
Function |
---|---|
Troubleshoot Options | |
Ping Host |
Allows you to ping a remote host. You can configure advanced options for the ping operation. |
Ping MPLS |
Allows you to ping an MPLS endpoint using various options. |
Traceroute |
Allows you to trace a route between the device and a remote host. You can configure advanced options for the traceroute operation. |
Packet Capture |
Allows you to capture and analyze router control traffic. |
Maintain Options | |
Files |
Allows you to manage log, temporary, and core files on the device. |
Upgrade |
Allows you to upgrade and manage Junos OS packages. |
Licenses |
Displays the summary of the licenses needed and used for each feature that requires a license. Allows you to add licenses. |
Reboot |
Allows you to reboot the device at a specified time. |
CLI Diagnostic Commands
The CLI commands available in operational mode allow you to perform the same monitoring, troubleshooting, and management tasks you can perform with the J-Web user interface. Instead of invoking the tools through a graphical interface, you use operational mode commands to perform the tasks.
CLI command output appears on the screen of your console or management device, or you
can filter the output to a file. For operational commands that display output, such
as the show
commands, you can redirect the output into a filter or
a file. When you display help about these commands, one of the options listed is
|
, called a pipe, which allows you to filter the command
output.
You can use the
mtrace
command to display trace information about a multicast
path from a source to a
receiver.
To view a list of top-level operational mode commands, type a question mark (?) at the command-line prompt.
You can view CLI diagnostic commands at the top level of operational mode listed in Table 4.
Command |
Function |
---|---|
Controlling the CLI Environment | |
|
Configures the CLI display. |
Diagnosis and Troubleshooting | |
|
Clears statistics and protocol database information. |
|
Traces information about multicast paths from source to receiver. |
|
Performs real-time debugging of various Junos OS components, including the routing protocols and interfaces. |
|
Determines the reachability of a remote network host. |
|
Determines the reachability of an MPLS endpoint using various options. |
|
Tests the configuration and application of policy filters and AS path regular expressions. |
|
Traces the route to a remote network host. |
Connecting to Other Network Systems | |
|
Opens secure shell connections. |
|
Opens Telnet sessions to other hosts on the network. |
Management | |
|
Copies files from one location on the device to another, from the device to a remote system, or from a remote system to the device. |
|
Restarts the various system processes, including the routing protocol, interface, and SNMP processes. |
|
Performs system-level operations, including stopping and rebooting the device and loading Junos OS images. |
|
Exits the CLI and starts a UNIX shell. |
|
Enters configuration mode. |
|
Exits the CLI and returns to the UNIX shell. |