Juniper JNCIA-Junos: Junos OS Fundamentals, Routing, and Network Configuration

Junos is built on FreeBSD and separates the control plane (Routing Engine — RE) from the forwarding plane (Packet Forwarding Engine — PFE). This separation means a CLI crash or software issue does not interrupt packet forwarding — a key reliability advantage. RE runs the routing protocols, management plane, and produces the forwarding table (FIB) that is pushed to the PFE. CLI modes: Operational mode (prompt ends with >) — show and diagnose commands, monitor traffic; Configuration mode (prompt ends with #) — edit the candidate configuration. Enter with 'configure' or 'configure exclusive' (prevent others from editing simultaneously). The candidate configuration: Junos uses a two-stage commit model — you edit the candidate configuration (staging area), then commit to apply to the active configuration. Rollback: Junos automatically saves the last 50 committed configurations — rollback 1 reverts to the previous commit. This is a safety net that Cisco IOS does not have. Key operational commands: show interfaces, show route, show bgp summary, show ospf neighbor, show chassis hardware, request system reboot.

Junos configurations are hierarchical — organised into stanzas with brackets. The root stanza contains: system (hostname, login, NTP, syslog), interfaces (all physical and logical interface config), routing-options (static routes, router-id, autonomous-system), protocols (OSPF, BGP, IS-IS, MPLS), policy-options (routing policies and community definitions), firewall (stateless packet filters). Interface configuration: set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24 — ge-0/0/0 is the physical interface, unit 0 is the logical unit (analogous to Cisco's subinterface), family inet is IPv4, family inet6 is IPv6. Routing policy: Junos uses a match-then action model — policy terms match routes based on prefix, community, AS path, or other attributes, then apply actions (accept, reject, modify attributes). Export policies control what routes are advertised; import policies control what routes are accepted. Default routing policy: OSPF and IS-IS accept all routes learned by default; BGP rejects all routes by default (must have an explicit export policy to advertise routes in BGP).

Junos supports OSPF, IS-IS, BGP, and RIP. OSPF configuration in Junos: set protocols ospf area 0 interface ge-0/0/0.0 — interfaces are added to OSPF areas explicitly. OSPF passive interface: set protocols ospf area 0 interface lo0.0 passive — announces the loopback but does not form adjacency. Verify: show ospf neighbor (adjacency states), show ospf database (LSDB). BGP: set protocols bgp group external type external neighbor 10.0.0.1 peer-as 65001 — group model groups peers with common attributes (type, local-as, export/import policies). BGP groups reduce configuration repetition for large numbers of peers. Route redistribution: export policy at the protocol level — create a policy that matches connected routes or static routes, then apply as export policy to OSPF or BGP. Static routes: set routing-options static route 0.0.0.0/0 next-hop 10.0.0.1 — qualified next-hop allows floating static routes (different preferences). Junos preference (administrative distance): direct 0, OSPF internal 10, IS-IS L1 15, IS-IS L2 18, OSPF external 150, BGP 170.

Security basics for JNCIA level. Firewall filters (stateless access control lists in Junos — applied to interfaces, not policies like SRX security policies). Filter structure: term > from (match conditions: source-address, destination-address, protocol, destination-port) > then (action: accept, reject, discard, count, log). Apply to interface as input (traffic coming in) or output (traffic leaving). Prefix lists and route filters in routing policies. Junos SRX security zones: the SRX series uses a zone-based security model — interfaces are assigned to security zones (trust, untrust, DMZ), security policies control traffic between zones. Default zone-to-zone policy is implicit deny. High availability: Juniper Virtual Chassis (EX switches — stack up to 10 switches as one logical device, single management plane, split-plane redundancy), Juniper Virtual Chassis Fabric (VCF — spine-leaf topology for data centres). Chassis Cluster (SRX — active/passive or active/active HA for firewalls, synchronised sessions, configuration, and routes through dedicated HA link and fabric link).