Juniper networks JUNOS OS 10.4 FOR EX REV 1 User Manual

Junos

Protected System Domain Configuration Guide

Release

10.4

Published: 2010-10-04

Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net

This productincludes the Envoy SNMP Engine, developed by Epilogue Technology,an Integrated Systems Company. Copyright © 1986-1997, Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the public domain.

This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation and software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California. Copyright © 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.

GateD software copyright © 1995, the Regents of the University. All rights reserved. Gate Daemon was originated and developed through release 3.0 by Cornell University and its collaborators. Gated is based on Kirton’s EGP, UC Berkeley’s routing daemon (routed), and DCN’s HELLO routing protocol. Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD software copyright © 1988, Regents of the University of California. All rights reserved. Portions of the GateD software copyright © 1991, D. L. S. Associates.

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

Junos®OS Protected System Domain Configuration Guide

Writing: Andrea Couvrey, Justine Tamaro Editing: Nancy Kurahashi, Sonia Saruba Cover Design: Edmonds Design

Revision History October 2010— Revision 1 Junos 10.4

The information in this document is current as of the date listed in the revision history.

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. The Junos OS has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

END USER LICENSE AGREEMENT

READ THIS END USER LICENSE AGREEMENT (“AGREEMENT”) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE.

BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) CONSENT TO BE BOUND BY THISAGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMSCONTAINED HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS.

1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) or Juniper Networks (Cayman) Limited (ifthe Customer’s principal officeis locatedoutside the Americas) (such applicableentity being referred to herein as“Juniper”), and (ii) theperson or organization thatoriginally purchasedfrom Juniperor anauthorized Juniperresellerthe applicable license(s) for use of the Software (“Customer”) (collectively, the “Parties”).

2. The Software. In this Agreement, “Software” means the program modules and features of the Juniper or Juniper-supplied software, for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller, or which was embedded by Juniper in equipment which Customer purchased from Juniper or an authorized Juniper reseller. “Software” also includes updates, upgrades and new releases of such software. “Embedded Software” means Software which Juniper has embedded in or loaded onto the Juniper equipment and any updates, upgrades, additions or replacements which are subsequently embedded in or loaded onto the equipment.

3. License Grant. Subject to payment of the applicable fees and thelimitations andrestrictions setforth herein,Juniper grantsto Customer a non-exclusive and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the following use restrictions:

a. Customer shall use Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased by Customer from Juniper or an authorized Juniper reseller.

b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units for which Customer has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey Access Client software only, Customer shall use such Software on a single computer containing a single physical random access memory space and containing any number of processors. Use of the Steel-Belted Radius or IMS AAA software on multiple computers or virtual machines (e.g., Solaris zones) requires multiple licenses, regardless of whether such computers or virtualizations are physically contained on a single chassis.

c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may specify limitsto Customer’s useof the Software. Suchlimits mayrestrict use to amaximum numberof seats, registered endpoints,concurrent users, sessions, calls, connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase of separate licenses to use particular features, functionalities, services, applications, operations, or capabilities, or provide throughput, performance, configuration, bandwidth, interface, processing, temporal, or geographical limits. In addition, such limits may restrict the use of the Software to managing certain kinds of networks or require the Software to be used only in conjunction with other specific Software. Customer’s use of the Software shall be subject to all such limitations and purchase of all applicable licenses.

d. For any trial copy of the Software, Customer’s right to use the Software expires 30 days after download, installation or use of the Software. Customer may operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may not extend or create an additional trial period by re-installing the Software after the 30-day trial period.

e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customer ’s enterprise network. Specifically, service provider customers are expressly prohibited from using the Global Enterprise Edition of the Steel-Belted Radius software to support any commercial network access services.

The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase the applicable license(s) for the Software from Juniper or an authorized Juniper reseller.

4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees not to and shall not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized copies of the Software (except as necessary for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of the Software,in any form, to any third party; (d) remove any proprietary notices,labels, ormarks onor in anycopy of the Software orany product in which the Software is embedded; (e) distribute any copy of the Software to any third party, including as may be embedded in Juniper equipment sold inthe secondhand market; (f) useany ‘locked’ or key-restrictedfeature,function, service, application, operation, or capability without first purchasing the applicable license(s) and obtaining a valid key from Juniper, even if such feature, function, service, application, operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to any third party; (h) use the

Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller; (i) use Embedded Software on non-Juniper equipment; (j) use Embedded Software (or make it available for use) on Juniper equipment that the Customer did not originally purchase from Juniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarking of the Software to any third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expressly provided herein.

5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper, Customer shall furnish such records to Juniper and certify its compliance with this Agreement.

6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Software for Customer’s internal business purposes.

7. Ownership. Juniper and Juniper’s licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software, associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copies of the Software.

8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty statementthat accompanies the Software (the“Warranty Statement”). Nothing in this Agreementshall give riseto any obligationto support the Software. Support services may be purchased separately. Any such support shall be governed by a separate, written support services agreement. TO THE MAXIMUM EXTENT PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR COSTS ORPROCUREMENT OFSUBSTITUTE GOODSOR SERVICES,OR FORANY SPECIAL, INDIRECT, ORCONSEQUENTIAL DAMAGES ARISING OUTOF THIS AGREEMENT,THE SOFTWARE,OR ANY JUNIPEROR JUNIPER-SUPPLIEDSOFTWARE. INNO EVENT SHALLJUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW, JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOES JUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT ERROR OR INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Juniper’s or its suppliers’ or licensors’ liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gave rise to the claim, or if the Software is embedded in another Juniper product, the price paid by Customer for such other product. Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same reflect an allocation of risk between the Parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the same form an essential basis of the bargain between the Parties.

9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customer’s possession or control.

10. Taxes. All license fees payable under this agreement are exclusive of tax. Customer shall be responsible for paying Taxes arising from the purchase of the license, or importation or use of the Software. If applicable, valid exemption documentation for each taxing jurisdiction shall be provided to Juniper prior to invoicing, and Customer shall promptly notify Juniper if their exemption is revoked or modified. All payments made by Customer shall be net of any applicable withholding tax. Customer will provide reasonable assistance to Juniper in connection with such withholding taxes by promptly: providing Juniper with valid tax receipts and other required documentation showing Customer’s payment of any withholding taxes; completing appropriate applications that would reduce the amount of withholding tax to be paid; and notifying and assisting Juniper in any audit or tax proceeding related to transactions hereunder. Customer shall comply with all applicable tax laws and regulations, and Customer will promptly pay or reimburse Juniper for all costs and damages related to any liability incurred by Juniper as a result of Customer’s non-compliance or delay with its responsibilities herein. Customer’s obligations under this Section shall survive termination or expiration of this Agreement.

11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such restrictions, laws or regulations, or without all necessary approvals. Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software without an export license.

12. Commercial Computer Software. The Software is “commercial computer software” and is provided with restricted rights. Use, duplication, or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS

227.7201 through 227.7202-4, FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable.

13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program, on payment of applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable terms and conditions upon which Juniper makes such information available.

14. Third Party Software. Any licensor of Juniper whose software is embeddedin the Software and any supplier of Juniper whose products or technology are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement, and such licensor or vendor shall have the right to enforcethis Agreement in its own name as if it were Juniper. In addition, certain thirdparty software may be provided with the Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent portions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for such portions publicly available (such as the GNU General Public License (“GPL”) or the GNU Library General Public License (“LGPL”)), Juniper will make such source code portions (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA 94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of the LGPL

at http://www.gnu.org/licenses/lgpl.html .

15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles. The provisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes arising under this Agreement, the Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal courts within Santa Clara County, California. This Agreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software, and supersedes all prior and contemporaneous agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and the Parties agree that the English version will govern. (For Canada: Les parties aux présentés confirment leur volonté que cette convention de même que tous les documents y compris tout avis qui s'y rattaché, soient redigés en langue anglaise. (Translation: The parties confirm that this Agreement and all related documentation is and will be in the English language)).

Abbreviated Table of Contents

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix

Part 1 Product Overview

Chapter 1 JCS1200 Chassis and T Series Routers as a Single Platform . . . . . . . . . . . . . 3

Chapter 2 JCS1200 and T Series Platform Software Views . . . . . . . . . . . . . . . . . . . . . . . 17

Chapter 3 JCS1200 Platform Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Part 2 Configuration Overview

Chapter 4 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Chapter 5 Configuration Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Part 3 Configuring the JCS1200 Platform

Chapter 6 Configuring Basic System Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Chapter 7 Configuring the Routing Engines on the JCS1200 Platform . . . . . . . . . . . . . 49

Chapter 8 Summary of JCS Management Module Configuration Commands . . . . . . . 53

Part 4 Configuring the Junos OS

Chapter 9 Configuring an RSD and Creating PSDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Chapter 10 Configuring Basic System Properties on a New PSD . . . . . . . . . . . . . . . . . . . 87

Chapter 11 Configuring Shared Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Chapter 12 Configuring Inter-PSD Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Chapter 13 Summary of Junos Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . 113

Part 5 Configuration Examples

Chapter 14 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Part 6 Managing the JCS1200 Platform

Chapter 15 Managing the JCS1200 Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Chapter 16 Summary of JCS Management Module Monitoring Commands . . . . . . . . 209

Part 7 Managing RSDs and PSDs

Chapter 17 Managing the Junos OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Part 8 Appendix

Appendix A Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

JUNOS 10.4 Protected System Domain Configuration Guide

Part 9 Indexes

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

Index of Statements and Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix

JUNOS Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix

Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx

Supported Routing Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

Using the Indexes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

Using the Examples in This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

Merging a Full Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

Merging a Snippet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii

Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii

Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii

Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii

Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv

Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv

Part 1 Product Overview

Chapter 1 JCS1200 Chassis and T Series Routers as a Single Platform . . . . . . . . . . . . . 3

Product Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

JCS1200 Chassis and T Series Core Routers as a Single Platform . . . . . . . . . . 3

Root System Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Protected System Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Shared Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Inter-PSD Forwarding Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Route Reflection Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Connections Between JCS1200 and T Series Chassis . . . . . . . . . . . . . . . . . . . 11

Benefits of JCS1200 and T Series as a Single Platform . . . . . . . . . . . . . . . . . . 13

Network Consolidation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Enhanced Security and Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Cost Efficiency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Faster Deployment of New Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Chapter 2 JCS1200 and T Series Platform Software Views . . . . . . . . . . . . . . . . . . . . . . . 17

Software Views Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

JCS Administration View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Types of JCS Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

How Command Targets and User Permissions Impact Views . . . . . . . . . . . . . 18

RSD Administration View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Access Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Management Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

JUNOS 10.4 Protected System Domain Configuration Guide

PSD Administration View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Access Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Management Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Chapter 3 JCS1200 Platform Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

JCS1200 Platform Hardware Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Default Hardware Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Routing Engines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Management Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Switch Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Media Tray . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Power Supply Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Fan Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

JCS1200 Software Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

JCS Management Module CLI Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Logging In to the JCS Management Module CLI . . . . . . . . . . . . . . . . . . . . . . . 24

Getting Help on JCS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Setting the JCS Management Module Command Target . . . . . . . . . . . . . . . . 25

JCS Switch Module Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

JCS1200 Platform Graceful Routing Engine (GRES) Switchover . . . . . . . . . . . . . . 27

Graceful Routing Engine Switchover Overview . . . . . . . . . . . . . . . . . . . . . . . . 27

Graceful Routing Engine Switchover PIC Support . . . . . . . . . . . . . . . . . . . . . . 27

Part 2 Configuration Overview

Chapter 4 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Verifying the FPC BootROM Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Keeping the JCS Management Module Default SNMP Setting . . . . . . . . . . . . . . . 32

Chapter 5 Configuration Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Configuration Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Step One: Configure the JCS1200 Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Step Two: Configure the T Series Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Step Three: Configure Basic System Properties on a New PSD . . . . . . . . . . . 34

Step Four: Configure Shared Interfaces (Optional) . . . . . . . . . . . . . . . . . . . . . 35

Part 3 Configuring the JCS1200 Platform

Chapter 6 Configuring Basic System Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Configuring JCS Management Module Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Restoring the Default JCS Management Module Configuration . . . . . . . . . . . 40

Configuring the JCS Management Module Ethernet Interface . . . . . . . . . . . . 40

Configuring the Switch Module Ethernet Interface . . . . . . . . . . . . . . . . . . . . . 41

Configuring User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Configuring the NTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Configuring the Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Table of Contents

Configuring the System Name and Contact Information . . . . . . . . . . . . . . . . 43

Configuring SNMP Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Configuring the SNMP Community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Configuring Alert Entries for SNMP Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Configuring Monitored Alerts for SNMP Traps . . . . . . . . . . . . . . . . . . . . . . . . . 45

Configuring SSH Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Generating the Host Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Adding the User Public Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Configuring the JCS Switch Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Chapter 7 Configuring the Routing Engines on the JCS1200 Platform . . . . . . . . . . . . . 49

Upgrading a JCS1200 Route Reflector to 64-Bit Junos OS . . . . . . . . . . . . . . . . . . 49

Downloading 64-Bit Junos OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Installing 64-Bit Junos OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Configuring the Routing Engine Parameters (Blade Bay Data) . . . . . . . . . . . . . . . 51

Configuring the Routing Engine (Blade) Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Chapter 8 Summary of JCS Management Module Configuration Commands . . . . . . . 53

alertentries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

baydata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

env . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

ifconfig (JCS Management Module) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

ifconfig (JCS Switch Module) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

monalerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

mt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

ntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

sshcfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Part 4 Configuring the Junos OS

Chapter 9 Configuring an RSD and Creating PSDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

System Domains Configuration Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Configuring an RSD and Creating PSDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Chapter 10 Configuring Basic System Properties on a New PSD . . . . . . . . . . . . . . . . . . . 87

Configuring a PSD with a Single Routing Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Configuring a PSD with Redundant Routing Engines . . . . . . . . . . . . . . . . . . . . . . . 89

Chapter 11 Configuring Shared Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Interfaces Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Configuring Shared Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Before You Configure Shared Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Configuring Shared Interfaces on the RSD . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Configuring Shared Interfaces on a PSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

JUNOS 10.4 Protected System Domain Configuration Guide

Configuring Firewall Filters on Shared Interfaces . . . . . . . . . . . . . . . . . . . . . . 102

Configuring CoS Features on Shared Interfaces . . . . . . . . . . . . . . . . . . . . . . 104

Chapter 12 Configuring Inter-PSD Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Interface Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Configuring Inter-PSD Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Before You Configure Inter-PSD Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . 108

Configuring Inter-PSD Forwarding on a PSD . . . . . . . . . . . . . . . . . . . . . . . . . 108

Chapter 13 Summary of Junos Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . 113

control-plane-bandwidth-percent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

control-slot-numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

control-system-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

fpcs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

interface-shared-with . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

peer-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

peer-psd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

protected-system-domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

root-domain-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

shared-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

system-domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Part 5 Configuration Examples

Chapter 14 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Example: Configuring a JCS1200 Platform and a Single T Series Router . . . . . . . 123

Example: Configuring a JCS1200 Platform and Multiple T Series Routers . . . . . . 128

Example: Configuring Shared Interfaces (SONET) . . . . . . . . . . . . . . . . . . . . . . . . 136

Example: Configuring Shared Interfaces (Ethernet) . . . . . . . . . . . . . . . . . . . . . . . 147

Example: Configuring Route Reflection—Roadmap . . . . . . . . . . . . . . . . . . . . . . . 157

Example: Configuring the JCS1200 Platform as a Route Reflector . . . . . . . . . . . . 157

Example: Configuring Client-to-Client Reflection (OSPF) . . . . . . . . . . . . . . . . . . 166

Example: Consolidating a Layer 2 VPN Network . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Part 6 Managing the JCS1200 Platform

Chapter 15 Managing the JCS1200 Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

JCS Management Module Verification Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Displaying Vital Product Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

Clearing the Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Displaying the Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Displaying Power Domain Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Displaying System Component Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Displaying a List of Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

Displaying Temperature Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Displaying Voltage Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Chapter 16 Summary of JCS Management Module Monitoring Commands . . . . . . . . 209

boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

clearlog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Table of Contents

displaylog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

fuelg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

read . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

temps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

volts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

write . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

Part 7 Managing RSDs and PSDs

Chapter 17 Managing the Junos OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Logging In to a PSD from the RSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Junos OS Verification Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Displaying Hardware Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Displaying Configured PSDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

Displaying Routing Engine Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Displaying Ethernet Switch Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Displaying Shared Interface Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Displaying Inter-PSD Forwarding Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Part 8 Appendix

Appendix A Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Troubleshooting a Routing Engine on the JCS1200 Platform . . . . . . . . . . . . . . . . 253

Restarting a Routing Engine on the JCS1200 Platform . . . . . . . . . . . . . . . . . . . . 254

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Part 9 Indexes

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

Index of Statements and Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

JUNOS 10.4 Protected System Domain Configuration Guide

List of Figures

Part 1 Product Overview

Chapter 1 JCS1200 Chassis and T Series Routers as a Single Platform . . . . . . . . . . . . . 3

Figure 1: Protected System Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Figure 2: Shared Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Figure 3: Typical Network of Route Reflectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Figure 4: Route Reflectors on the JCS1200 Platform . . . . . . . . . . . . . . . . . . . . . . . . 9

Figure 5: Route Reflector Partitioning on the JCS1200 Platform . . . . . . . . . . . . . . 10

Figure 6: Route Reflector Interfaces and Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Figure 7: JCS Switch Module Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Figure 8: Connections Between JCS1200 and T Series Platforms . . . . . . . . . . . . . 12

Figure 9: Network Consolidation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Chapter 3 JCS1200 Platform Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Figure 10: JCS Management Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Figure 11: JCS Media Tray . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Part 4 Configuring the Junos OS

Chapter 12 Configuring Inter-PSD Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Figure 12: Example: Inter-PSD Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Part 5 Configuration Examples

Chapter 14 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Figure 13: Example: Shared Interfaces (SONET) . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Figure 14: Example: Shared Interfaces (Gigabit Ethernet) . . . . . . . . . . . . . . . . . . 148

Figure 15: Example: Route Reflection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Figure 16: Example: Configuring Client-to-Client Reflection (OSPF) . . . . . . . . . . 167

Figure 17: Typical Layer 2 VPN Network Topology . . . . . . . . . . . . . . . . . . . . . . . . . 178

Figure 18: Consolidated Layer 2 VPN Network Topology . . . . . . . . . . . . . . . . . . . . 178

JUNOS 10.4 Protected System Domain Configuration Guide

List of Tables

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix

Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii

Part 1 Product Overview

Chapter 1 JCS1200 Chassis and T Series Routers as a Single Platform . . . . . . . . . . . . . 3

Table 2: PICs Supporting Shared Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Chapter 3 JCS1200 Platform Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Table 3: Syntax Conventions for JCS Management Module CLI Help . . . . . . . . . . 25

Table 4: Target Paths for JCS Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Part 3 Configuring the JCS1200 Platform

Chapter 7 Configuring the Routing Engines on the JCS1200 Platform . . . . . . . . . . . . . 49

Table 5: Format Requirements for Blade Bay Data . . . . . . . . . . . . . . . . . . . . . . . . . 51

Chapter 8 Summary of JCS Management Module Configuration Commands . . . . . . . 53

Table 6: alertentries Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Table 7: baydata Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Table 8: config Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Table 9: ifconfig Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Table 10: ifconfig Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Table 11: monalerts Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Table 12: ntp Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Table 13: snmp Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Table 14: sshcfg Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Table 15: users Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Part 4 Configuring the Junos OS

Chapter 12 Configuring Inter-PSD Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Table 16: Example: Inter-PSD Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Part 5 Configuration Examples

Chapter 14 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Table 17: JCS Chassis Routing Engine Assignments . . . . . . . . . . . . . . . . . . . . . . . 129

Table 18: T320 Router Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Table 19: T640 Router Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Table 20: T1600 Router Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Table 21: Chassis Parameters for Route Reflection . . . . . . . . . . . . . . . . . . . . . . . . 158

JUNOS 10.4 Protected System Domain Configuration Guide

Table 22: Chassis Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Part 6 Managing the JCS1200 Platform

Chapter 15 Managing the JCS1200 Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Table 23: Summary of Commonly Used JCS Management Module Verification

Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Chapter 16 Summary of JCS Management Module Monitoring Commands . . . . . . . . 209

Table 24: displaylog Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Table 25: fuelg Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Table 26: info Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Table 27: temps Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Table 28: volts Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

Part 7 Managing RSDs and PSDs

Chapter 17 Managing the Junos OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Table 29: Commands Used to Verify PSD and RSD Status . . . . . . . . . . . . . . . . . 238

About This Guide

This preface provides the following guidelines for using the Junos®OS Protected System Domain Configuration Guide:

•

JUNOS Documentation and Release Notes on page xix

•

Objectives on page xx

•

Audience on page xx

•

Supported Routing Platforms on page xxi

•

Using the Indexes on page xxi

•

Using the Examples in This Manual on page xxi

•

Documentation Conventions on page xxiii

•

Documentation Feedback on page xxiii

•

Requesting Technical Support on page xxiii

JUNOS Documentation and Release Notes

For a list of related JUNOS documentation, see

http://www.juniper.net/techpubs/software/junos/ .

If the information in the latest release notes differs from the information in the documentation, follow the JUNOS Release Notes.

To obtain the most current version of all Juniper Networks®technical documentation, see the product documentation page on the Juniper Networks website at

http://www.juniper.net/techpubs/.

Juniper Networks supports a technical bookprogram to publishbooks by JuniperNetworks engineers and subject matter experts with book publishers around the world. These books go beyond the technical documentation to explore the nuances of network architecture, deployment, and administration using the Junos operating system (Junos OS) and Juniper Networks devices. In addition, the Juniper Networks Technical Library, published in conjunction with O'Reilly Media, explores improving network security, reliability, and availability using Junos OS configuration techniques. All the books are for sale at technical bookstores and book outlets around the world. The current list can be viewed at http://www.juniper.net/books .

JUNOS 10.4 Protected System Domain Configuration Guide

Objectives

This guide is designed to provide an overview of the Juniper Networks JCS1200 Control System and the concept of Protected System Domains (PSDs). The JCS1200 platform, which contains up to 12 Routing Engines (or 6 redundant Routing Engine pairs) running Junos OS, is connected to up to three T Series routers , including any combination of T320 Core Routers, T640 Core Routers, and T1600 Core Routers.

The Junos OS running on a pair of redundant Routing Engines on a T Series router is considered a Root System Domain (RSD). In the RSD configuration, you create a PSD by assigning one or more Flexible PIC Concentrators (FPCs) on a T Series router to a Routing Engine (or redundant Routing Engine pair) on the JCS1200 platform. Each PSD has the same capabilities and functionality as a physical router, with its own control plane, forwarding plane, and administration.

RSDs and PSDs can run different versions of Junos OS. Each RSD and PSD must be running Junos OS Release 9.4 or later.

Audience

Different PSDs can share interfaces on a single Physical Interface Card (PIC) owned by the RSD. The RSD and PSDs must be running Junos OS Release 9.3 or later.

NOTE: This guide documents Release 10.3 of the Junos OS. For additional

information about the Junos OS—either corrections to or information that might have been omitted from this guide—see the software release notes at

http://www.juniper.net/.

This guide is designed for network administrators who are configuring and monitoring a Juniper Networks T Series router and JCS1200 platform.

To use this guide, you need a broad understanding of networks in general, the Internet in particular, networking principles, and network configuration. You must also be familiar with one or more of the following Internet routing protocols:

•

Border Gateway Protocol (BGP)

•

Distance Vector Multicast Routing Protocol (DVMRP)

•

Intermediate System-to-Intermediate System (IS-IS)

•

Internet Control Message Protocol (ICMP) router discovery

•

Internet Group Management Protocol (IGMP)

•

Multiprotocol Label Switching (MPLS)

•

Open Shortest Path First (OSPF)

•

Protocol-Independent Multicast (PIM)

•

Resource Reservation Protocol (RSVP)

•

Routing Information Protocol (RIP)

•

Simple Network Management Protocol (SNMP)

Personnel operating the equipment must be trained and competent; must not conduct themselves in a careless, willfully negligent, or hostile manner; and must abide by the instructions provided by the documentation.

Supported Routing Platforms

For the features described in this manual, the Junos OS currently supports the following routing platforms:

•

T320 Core Routers, T640 Core Routers, and T1600 Core Routers

•

Juniper Networks JCS1200 Control System

Using the Indexes

This guide contains two indexes: a complete index of all index entries, and an index of statements and commands only.

About This Guide

The complete index points to pages in the statement summary chapters. The index entry for each configuration statement contains at least two entries:

•

The first entry points to the statement summary section.

•

The second entry, usage guidelines, points to the section in a configuration guidelines chapter that describes how to use the statement.

Using the Examples in This Manual

If you want to use the examples in this manual, you can use the load merge or the load

merge relative command. These commands cause the software to merge the incoming

configuration into the current candidate configuration. If the example configuration contains the top level of the hierarchy (or multiple hierarchies), the example is a full example. In this case, use the load merge command.

If the example configuration does not start at the top level of the hierarchy, the example is a snippet. In this case, use the load merge relative command. These procedures are described in the following sections.

Merging a Full Example

To merge a full example, follow these steps:

1. From the HTML or PDF version of the manual, copy a configuration example into a

text file, save the file with a name, and copy the file to a directory on your routing platform.

For example, copy thefollowing configuration to a file and name the file ex-script.conf. Copy the ex-script.conf file to the /var/tmp directory on your routing platform.

JUNOS 10.4 Protected System Domain Configuration Guide

system {

scripts {

commit {

file ex-script.xsl;

}

} interfaces {

fxp0 {

disable; unit 0 {

family inet {

address 10.0.0.1/24;

}

2. Merge the contents of the file into your routing platform configuration by issuing the

load merge configuration mode command:

[edit] user@host# load merge /var/tmp/ex-script.conf load complete

Merging a Snippet

To merge a snippet, follow these steps:

1. From the HTML or PDF version of the manual, copy a configuration snippet into a text

file, save the file with a name, and copy the file to a directory on your routing platform.

For example, copy the following snippet to a file and name the file

ex-script-snippet.conf. Copy the ex-script-snippet.conf file to the /var/tmp directory

on your routing platform.

commit {

file ex-script-snippet.xsl; }

2. Move to the hierarchy level that is relevant for this snippet by issuing the following

configuration mode command:

[edit] user@host# edit system scripts [edit system scripts]

3. Merge the contents of the file into your routing platform configuration by issuing the

load merge relative configuration mode command:

[edit system scripts] user@host# load merge relative /var/tmp/ex-script-snippet.conf load complete

For more information about the load command, see the Junos OS CLI User Guide.

Documentation Conventions

Table 1 on page xxiii defines notice icons used in this guide.

Table 1: Notice Icons

About This Guide

DescriptionMeaningIcon

Indicates important features or instructions.Informational note

Indicates a situation that might result in loss of data or hardware damage.Caution

Alerts you to the risk of personal injury or death.Warning

Documentation Feedback

We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can send your comments to

techpubs-comments@juniper.net, or fill out the documentation feedback form at

https://www.juniper.net/cgi-bin/docbugreport/. If you are using e-mail, be sure to include

the following information with your comments:

•

Document or topic name

•

URL or page number

•

Software release version (if applicable)

Requesting Technical Support

Technical productsupport is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or JNASC support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC.

Alerts you to the risk of personal injury from a laser.Laser warning

•

JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User Guide located at

http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf .

•

Product warranties—For product warranty information, visit

http://www.juniper.net/support/warranty/ .

JUNOS 10.4 Protected System Domain Configuration Guide

•

JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features:

•

Find CSC offerings: http://www.juniper.net/customers/support/

•

Search for known bugs: http://www2.juniper.net/kb/

•

Find product documentation: http://www.juniper.net/techpubs/

•

Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/

•

Download the latest versions of software and review release notes:

http://www.juniper.net/customers/csc/software/

•

Search technical bulletins for relevant hardware and software notifications:

https://www.juniper.net/alerts/

•

Join and participate in the Juniper Networks Community Forum:

http://www.juniper.net/company/communities/

•

Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/

To verifyservice entitlement by product serialnumber,use ourSerial NumberEntitlement (SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/

Opening a Case with JTAC

You can open a case with JTAC on the Web or by telephone.

•

Use the Case Management tool in the CSC at http://www.juniper.net/cm/ .

•

Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

For international or direct-dial options in countries without toll-free numbers, see

http://www.juniper.net/support/requesting-support.html .

PART 1

Product Overview

•

JCS1200 Chassis and T Series Routers as a Single Platform on page 3

•

JCS1200 and T Series Platform Software Views on page 17

•

JCS1200 Platform Components on page 21

JUNOS 10.4 Protected System Domain Configuration Guide

CHAPTER 1

JCS1200 Chassis and T Series Routers as a Single Platform

•

Product Overview on page 3

Product Overview

The JCS1200 chassis and T Series routers as a single platform include the following components and product benefits:

•

JCS1200 Chassis and T Series Core Routers as a Single Platform on page 3

•

Root System Domains on page 4

•

Protected System Domains on page 4

•

Shared Interfaces on page 5

•

Inter-PSD Forwarding Overview on page 8

•

Route Reflection Overview on page 8

•

Connections Between JCS1200 and T Series Chassis on page 11

•

Benefits of JCS1200 and T Series as a Single Platform on page 13

JCS1200 Chassis and T Series Core Routers as a Single Platform

The Juniper Networks JCS1200 Control System (JCS) chassis interconnected with up to three T Series routing chassis enables thecontrol plane (route processing) and forwarding plane (packet forwarding) to be scaled independently within a single platform. The JCS1200 chassis houses up to 6 redundant RoutingEngine pairs or up to 12 single Routing Engines running Junos OS. Matched with one or more Flexible PIC Concentrators (FPCs) on a T Series router, the selected Routing Engine pair (or single Routing Engine) forms a secure, virtual hardware router,or Protected System Domain (PSD). A PSD has the same capabilities as a separate, physical router with its own control plane, configuration file, routing tables, interfaces, and secure access.

Existing Juniper Networks technology already separates the tasks of the Routing Engine from the Packet Forwarding Engine on a single routing platform. Each component performs its primary tasks independently, while constantly communicating through a high-speed internal link. This arrangement provides streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. Now, with Routing Engines located in a separate chassis, the JCS1200 platform provides a greatly

JUNOS 10.4 Protected System Domain Configuration Guide

expanded control plane capacity without sacrificing any forwarding slots in the T Series router. All memory-intensive processing occurs on the RoutingEngines on the JCS chassis, whereasthe FPCson theT Series router are dedicated to efficient high-speed forwarding.

Documentation

Root System Domains

Root System Domains on page 4•

• Protected System Domains on page 4

• Shared Interfaces on page 5

• Connections Between JCS1200 and T Series Chassis on page 11

• Benefits of JCS1200 and T Series as a Single Platform on page 13

The Root System Domain (RSD) is the Junos OS running on a pair of redundant Routing Engines on a T Series router connected to the switch fabric on the JCS1200 platform. The configuration on these Routing Engines provides:

•

The RSD identifier

•

The parameters used to create Protected System Domains (PSDs) under the RSD, namely:

•

Which Routing Engine or redundant Routing Engine pair on the JCS1200 platform is assigned to the PSD.

•

Which Flexible PIC Concentrator (FPC) or FPCs on the T Series router are assigned to the PSD.

Because you can connect up to three T Series routers to the JCS1200 chassis, you can configure up to three RSDs. The PSD identifiers must be unique for each RSD. That is, PSD1 can only belong to RSD1, and not to RSD2 or RSD3.

Documentation

JCS1200 Chassis and T Series Core Routers as a Single Platform on page 3•

• Protected System Domains on page 4

• Shared Interfaces on page 5

• Connections Between JCS1200 and T Series Chassis on page 11

• Benefits of JCS1200 and T Series as a Single Platform on page 13

Protected System Domains

A Protected System Domain (PSD) is a redundant Routing Engine pair (or single Routing Engine) on the JCS1200 platform matched with one or more Flexible PIC Concentrators (FPCs) on a T Series router. In Figure 1on page 5, FPC1 and FPC2 and the Routing Engines in slots 1 and 2 belong to PSD1. In contrast, PSD2 is made up of the FPCs in slots 3 and 4 on the T Series router and the Routing Engines in slots 3 and 4 on the JCS1200 chassis.

Chapter 1: JCS1200 Chassis and T Series Routers as a Single Platform

Figure 1: Protected System Domain

Any number of FPCs can be assigned to a PSD. Only one redundant Routing Engine pair (or single Routing Engine) can be assigned to a PSD.

Documentation

NOTE: When an FPC is not assigned to a PSD, it belongs to the Root System Domain (RSD) by default. A Physical Interface Card (PIC) on an FPC owned by the RSD can be configured as an interface that is shared by multiple PSDs. For more information, see “Shared Interfaces” on page 5.

You create each PSD under the RSD configuration through the Junos OS running on the Routing Engines on the T Series router. Once a PSD is configured, you access it as you would any separate physical router by connecting to the console port on the master Routing Engine on the JCS1200 chassis for the PSD you want to configure. Using the Junos OS, configure basis system properties, such as hostname, domain name, Ethernet management IP address, and so on. You can also download a configuration file to the PSD.

A PSD detects and manages only its own Routing Engines in the JCS1200 chassis and the assigned FPCs and PICs in the T Series router. In addition, failures on one PSD do not affect other PSDs.

Root System Domains on page 4•

• Shared Interfaces on page 5

• Connections Between JCS1200 and T Series Chassis on page 11

• Benefits of JCS1200 and T Series as a Single Platform on page 13

Shared Interfaces

A single Physical Interface Card (PIC) can host a physical interface that is shared by different Protected System Domains (PSDs). The Flexible PIC Concentrator (FPC) and

g016952

Protected System Domain 1

Tunnel PIC

Protected System Domain 2

Root System Domain

OC192

Shared physical interface

Logical interfaces

Cross-connect

Tunnel PIC

logical

interface 1

logical

interface 2

logical

interface 3

JUNOS 10.4 Protected System Domain Configuration Guide

the physical shared interface are owned by the Root System Domain (RSD). However, the logical interfaces configured under the shared interface are assigned to and owned by different PSDs. By sharing a single interface among multiple PSDs, the cost of traffic forwarding is reduced and resources can be allocated flexibly at a more granular level.

Any FPC that has not been assigned to a specific PSD can be used to host shared interfaces. Onthe RSD, multiple logical interfaces areconfigured on the physical interface and each individual logical interface is assigned to a different PSD. On the PSD, each assigned logical interface is configured and peered with an uplink tunnel interface (ut-fpc/pic/slot), which transports packets between the PSD and the shared interface on the RSD. See Figure 2 on page 6.

Figure 2: Shared Interfaces

NOTE:

When applied to shared interfaces:

•

Junos features that are configured under logical interfaces, such as class-of-service(CoS) classifiers and rewrites, firewallfilters, and policers, are configured on the PSD.

•

Junos features that are configured under physical interfaces, such as drop profiles and schedule maps, are configured on the RSD.

The packets belonging to a shared interface pass between the Packet Forwarding Engine on the PIC in the RSD and the Packet Forwarding Engine on the uplink tunnel PIC in the PSD through a cross-connect in the forwarding fabric.

+ 260 hidden pages

Juniper networks JUNOS OS 10.4 FOR EX REV 1 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Abbreviated Table of Contents

Table of Contents

List of Figures

List of Tables

About This Guide

JUNOS Documentation and Release Notes

Objectives

Audience

Supported Routing Platforms

Using the Indexes

Using the Examples in This Manual

Merging a Full Example

Merging a Snippet

Documentation Conventions

Documentation Feedback

Requesting Technical Support

Self-Help Online Tools and Resources

Opening a Case with JTAC

Product Overview

JCS1200 Chassis and T Series Core Routers as a Single Platform

Root System Domains

Protected System Domains

Shared Interfaces