58. Junos Naming Convention
Let’s talk about the Junos naming convention. So in this lecture, we’ll understand how Junos names its software images. There’s a lot of important points that we’re going to cover in this video. So make sure you have a pen and a paper to take the notes or make sure are bookmarking at the relevant places. Let’s begin the Junos naming convention prior to release. Fifteen . one used to be package hyphen release hyphen edition. Starting with Junos Reles. Fifteen . one, the Junos naming convention has been updated as prefix hyphen architecture hyphen API hyphen release hyphen edition. Sometimes it could also be like this prefix hyphen media, which is the additional element there hyphen architecture, hyphen, API, hyphen, Reles, hyphen addition. Let’s understand each of these elements in detail, starting with prefix. The prefix is the name of the Junos package. Here’s an example. Junos hyphen install hyphen SRX. Fifty six hundred. The next element in there is Medio.
Keep in mind this element may not always be present in the software image name. This is only used when the image is not for use with the request sys software add command. The request systems software add command is used to update or upgrade the Junos operating system. We’ll be talking about this in one of the upcoming videos. But keep in mind, when you see the media element in the software image name. That means that image cannot be used with this command request system. Software add. The possible values for media include USP. This is for images that you would install from a USB drive or the other possible value is net. And this is for images that you would install from the loader prompt. So what is the loader prompt? Well, when you’re booting the Junos device, you’ll reach a point where you can hit spacebar to abort the boot process when you abort the boot process. You see the loader prompt. This is usually used to recover a corrupted Junos image.
So there are two possible values for media. The first one is USP and the second one is net. Here’s an example. Junos hyphen install hyphen media hyphen USP. And then you have the rest of the portion of that image name. So if you see the element called media, that means that image file cannot be used with the request. Sys software ad command. The next element is architecture. This indicates the C.P.U architecture of the platform, possible values include X 86 for Intel based platforms and arm for advanced risk machines based platform, also known as an ARM platform. The next element is FBI, which stands for application binary interface. And this indicates the word LAN of the C.P.U architecture. The word length is the maximum number of bits that ACP you can process at a time. So API or application binary interface will indicate the word length or the maximum number of bits that the C.P.U can process at a time.
There are two possible values. It can be 32 for 32 bit architectures and 64 for 64 bit architectures. The next element is release. This includes the major and minor release numbers they’re released type, which can be arbi your eye, the bill number and the spin no. The release type R stands for released software. B stands for beta level software and AI stands for internal software. In some situations, you might also see s, which is reserved for service releases, the next element is addition. This can be either null or empty or limited. No, or empty is for standard domestic versions, domestic versions is for United States and Canada and for all other customers that have a valid encryption agreement with Juniper. The domestic version supports strong encryption capabilities, for example, strong encryption for IPSEC and SSH H. The other possible addition is limited. This indicates versions which are built for jurisdictions with limits on data plane encryption. So this is for all other customers that are not going to use the domestic version. Let’s look at an example. So here we have the first one. This is the domestic version. Keep in mind, when you don’t see the addition explicitly mentioned at the end of the release number.
That’s the domestic version. If it’s a limited version, you will see that mentioned at the end of their release. No. Moving on, a third less common addition called FIP Yes exists and this provides advanced network security for customers who must comply with and operate in a federal information processing standards also known as FIP s 140 hyphen two environment. FIP says, provides things like enforced security measures for remote access. It provides specific system logging and error messages. It also has requirements for enhanced password creation and encryption standards, etc.. Starting with Junos. Fifteen . one f IBS is packaged in the domestic version. So the addition name will not include the keyword called FIP s. It’s part of the domestic version itself. And when users are upgrading the Junos, always using the domestic version, they will have the option to flip between a regular image and FIP s compliant image. Another important thing to keep in mind is that the key word signed used to be there in the earlier versions of the Junos image names.
But the latest versions do not use the key word signed because all Junos images are now signed for validation. Now that we’ve understood all of this, let’s tied together with an example. So here’s an example image name Junos hyphen install hyphen S.R. X fifty six hundred. Hyphen X eighty six. Hyphen sixty four. Hyphen seventeen .. Three are one .. Nine . t gz. Let’s break this down into the elements. The prefix name is Junos install SRX X 56 unread. The architecture is X 86. The FBI is 64. The release number is 17. Doch three or one . nine, which means the major version is 17. The minor version is three are stands for released software. One is the bill number and nine is the spin. No. The addition in this case is domestic, because the addition element is null or empty. Now, let me ask you some questions here. Is this image signed? The answer is yes, because all Junos images are now signed for validation. Can this image be used with the request system, software, ad command? The answer is yes. When you don’t see the media element in the image name.
That means it can be used with the request system, software, ad command. Does this image support strong encryption? The answer is yes, because this is the domestic edition. It supports strong encryption. Can this be used in a FIP s environment? The answer is yes, because all domestic images support FIP s. Let’s look at one more example. So here’s the image name Junos, Install Media USP, SRX, fifty six hundred x 86, 64, 17 dark are one . nine Ltd that I am or GZ. The prefix name is Junos Install SRX fifty hundred, the media type is USP. Architecture is X eighty six. API is sixty four. Release number is 17. . three are one. . nine. So the major version is 17 and minor version is three. R stands for released software. The build number is one and the speed number is nine. In this case, the addition is limited. So let me ask you the same questions again. Is the image signed? The answer is yes, because all Junos images are signed for validation. Can this image be used with the request systems, software, ad command? The answer is no. Because here the media element is present in the image name, so it cannot be used with that command. Does this image support strong encryption? The answer is no. This is a limited version. Only the domestic versions support strong encryption. Can this be used in a FIP environment? The answer is no. If IP is compliant, images are the ones that are included with the domestic version. This one is a limited version. The Junos naming convention topic is very important from the examination perspective. Make sure that you are able to identify the different elements from the Junos image name.
59. Snapshots
In one of the upcoming videos will understand how to upgrade the Junos operating system. But before we do that, it is important that we backup the current configuration. So if the upgrade process fails, we can use the backup to restore the configuration and the Junos software. This is done using snapshots. When Junos is installed all stored files on the device except the Juniper Dock con file and the SSH files are removed. So when you upgrade the operating system on a Junos device, all the files stored on the device except Juniper ., conv and SSH files will be deleted. Creating a snapshot will allow you to back up your current configuration. This will allow you to return to their current software configuration after the Junos installation is complete. So let’s say we try to upgrade the operating system on the Junos device. And for some reason, we run into issues. We are not able to complete the upgrade process. In that case, we can use this snapshot to restore the original configuration of the device. Snapshots can be created using the command request system snapshot.
The snapshot is stored on internal media or on a USB storage device. And this snapshot can also be used as Bhoot information for the Junos device. So let’s say we try to power on the Junos device. But the device is not able to boot up. Maybe the image is corrupted. In that case, we can use this snapshot as the backup or the secondary boot volume. In fact, this is a Junos recommendation. Junos recommends that for media redundancy, a secondary storage medium like the USB storage device should always be attached to the SRX device. Now let’s get to the terminal and see how to create a snapshot. All right. I’m back here at the Junos terminal. I already have a USP device connected to my SARS X firewall. So I’m going to start with show log messages just to take a look at the messages. So show log messages. Pipe last, which will only show me the last portion of the output. And we can see here that I already have the USB device plugged in. So let’s start with the snapshot process. The command is a request system snapshot. Let’s start with a question mark. Now, we have a few options here. The first option is factory. Using this option will only include the files which were shipped with the factory default configuration. The next option is media, which allows you to specify the media on which you want to store that snapshot. We only have two options here. We can use internal or USP. The key word internal will cause the snapshot to be saved on the internal flash memory and USP can be used to save the snapshot on a USB storage device.
I’m gonna say USP. Question mark. We also have this option called partition, which can be used to partition the media. We can also use the keyword slice, which is used to write the snapshot to a specified partition. Right now we’re not gonna use those options. We’re only going to say a request system’s snapshot media USP and I’m going to press enter. The snapshot creation process has started on the first step, the required partitions will be created on the USV device. So we can see here that four partitions have been created on the USP device. We can see the partition names over here and the mount points for each of the partitions. Now, the snapshot creation process can take a while. It can take a few minutes. Some want to pause the video here. We’ll continue. When the process is completed. All right. The process has been completed. It took about a couple of minutes for the files to be copied, so the snapshot has now been copied on the USB drive. Let’s take a look at the snapshot. We can do show system snapshot and we can specify the media as USP. And we should be able to see that information. All right, so we can see the snapshot information over here.
Now we can use the information stored on the USB device to restore the configuration in case the Junos device is unable to boot. Maybe we tried to upgrade the operating system on the device and the image got corrupted. For example, in that case, the Junos devices enable to boot. So we can use the information stored on this USB drive to boot the SRX device and restore the configuration. We can also use the snapshot as the second reboot image. Let’s give that a try. So I’m going to say request system reboot. This command is used to reboot the device. And when I do a question mark here, we can specify the media that should be used for the next boot. So I’m going to say media and let’s do USP. Normally, the device will boot with the information from the internal flash memory. But now we are going to use the snapshots stored on the USP to boot the device. Let’s give that a try. Request system snapshot, reboot media, USP. And now we can press enter here. When the device reboots, it is going to use the information stored on the USB drive. I’m going to press enter here. It says, do you want to reboot the system? We’ll say yes. And I’ve lost my connection now. So that means the device is being rebooted. I’m going to pause here for another couple of minutes. Wait until the device comes back online. And then we’ll perform some commands. All right. The device is back online.
I can see the lights flashing on the device. So let’s try to connect. The command is SS age username and IP address. All right. I’ve logged in and straight away we can see a message here or a notice here that says that the system is running on alternate media device. And here we can see the device information, which is the USP device. Now, I’m going to enter the operational mode and I’m going to try the command show system boot messages, which will show us all the messages that were generated when the device was being rebooted. So here’s all the messages, and here we can see that the device has been rebooted from the USB device. So creating a snapshot of your Junos device is a recommended best practice. It not only allows you to backup and restore your configuration, but also allows you to use the snapshot as a backup or a second reboot volume in case your device is not able to bood, using the information on the internal flash media.
60. Upgrading Junos
All right, let’s talk about upgrading Junos. Let’s understand the steps that we need to follow to upgrade the software on a Junos device. Precisely. There are eight steps that we need to follow. The first step is to connect to the console port. And this is because if you’re connected using an in band connection, meaning if you’re connected using one of the traffic ports, your connection will be lost during the upgrade process. But if you’re connected through the console port, you have an out-of-band connection that will remain persistent throughout the entire upgrade process. So first step, make sure you’re connected to the device using the console port. Step number two is to backup the active file system using the request system snapshot command. So if we have a system snapshot and let’s say the upgrade process did not go well, we can use that snapshot to restore the device. So it’s important that you backup the active file system by creating a snapshot. Next, you need to determine the Junos version running on your device, using the show version command. Once you have that information, you’ll need to download the install package from Juniper’s Web site. Let’s take a look at this.
All right, I’m here at the Junos terminal. From the operational mode, I’ll use the command show version and press enter. And that shows me the model number and the software version running on my device. In this case, I’m using a V asare X model and the software version is 19 . one, R one, . six. This information is important for us to know what software we need to download from Juniper’s Web site. Now that we have this information, let’s head over to Juniper’s Web site and see how we can download the software. I’m here at Juniper’s Web site. I’ve clicked on support and then clicked on all downloads from here, we can search for a product name and download relevant software for that product. Let’s say we wanted to upgrade a firewall, having the model number SRX one 10. In that case, we can type the product model number, which is SRX one 10. We’ll select the product. And down here, we can see the install packages available for this product, so we can see the description here. The release number, the file date, the size of the file. And here we can see the checksums, which can be used to verify the integrity of the file. So go ahead and download the package needed to upgrade the software on your Junos device. Before you can download, you’ll need to make sure you have a valid account type on Juniper’s Web site that allows you to download the software. Back over here. Once you’ve downloaded the software, you’ll need to copy the package to the/v e r/TMB directory. And this can be done using the file copy command. Once you’ve copied the file, you then need to verify the check some of the package. Back to the device.
Now, let’s say you’ve copied the file to the/v e r/TMB directory. By the way, to copy the file, you would use the command file. Copy. And then you can provide the source, you, Orell, from where you want to copy the file. Now, let’s assume that you’ve already copied the file. You can use the command file list,/V.A. R/Tempy to view the files in that directory. Once we have the file in that directory, we then need to verify the checksum and the command to do that is file checksum. Question mark. We can select the hashing algorithm to generate the hash MDT five, SHAA one or SHA two, five, six. Let’s say MDT five. And let’s do a question mark. And here we can provide a path to the file. I haven’t copied the file to the/V.A. are/Tempe directory, but we can still use this command on another file to see what the output looks like. So we could do/we are/Tempe and I’m just gonna provide another file name just to see what the output looks like. In your case, you would replace the file name with the name of the package that you will be installing for the upgrade process. I’ll press enter. And here we can see the hash. This is a very important step. The reason is when you’re copying files over a network, there is a possibility of the file getting corrupted if the file is corrupted.
The upgrade process will not complete successfully. So it is important that we verify the checksum before we initiate the upgrade process. Once you have the check some value, go back to Juniper’s Web site and verify that the check some matches with the checksum provided by Juniper. Back over here. Once we’ve verified the checksum, the next step is to initiate the upgrade. The command to do that is request sys software add. And then the path to the package name, which is /. We are/tmb/package name. And finally, we need to reboot the device. Back over here. So let’s give that a try. The command is request system software and let’s do a question mark here. So we have a few options available. We can do ad, which is to add the extension or the upgrade package. Delete is the opposite of that. Rollback is used when you want to rollback the upgrade that you performed.
And the validate command can be used to verify that the package that you’re trying to install is compatible with your current configuration. So to upgrade, we would say request system software add, and then we would provide the path to the package which is /, we are/TMB. And then the file name. We have some other options as well. For example, we can say no copy in this case. It does not save copies of the package file. If you do not want to validate the package with the current configuration, you could say no, validate if you would like to initiate a reboot after the installation process. You could use the reboot. Keever and we can also use the validate keyword over here once the installation process is complete. You’ll need to reboot the SRX device and the command for that is request system reboot. And then we can press enter over here. That should complete the installation process. A few other things to keep in mind before you upgrade the software on your Junos device.
The first thing you want to make sure is that there is enough storage available on the Junos device. A few other things you want to keep in mind when you’re performing the upgrade. What if you do not have enough storage available on the device? And this is quite possible. If you have a device that is being used for quite some time, you may not have enough storage available on the device to copy the installation package. So in that case, we can start with the command show systems storage and this will show you the available storage on the device. In this case, I can see that I have about eleven gigs of storage available. Now, let’s say you do not have enough storage available to copy the upgrade file. One of the things that we can do is try to clean up some of the old files. The command to do that would be request systems storage. And if we do a question mark here, we should see the option called the clean up. But before we execute this command, we can also do a dry run, which will tell you what are the files that will be deleted if you choose to perform a clean up. All right.
So these are the files that will be deleted if we choose to perform the cleanup. So this is one of the ways in which we can free up some storage on the Junos device. Another way to free up some space is to delete some of the log files. So if you want to view all the log files, you could do file list,/V.A. R/log. And that will show you all the log files if you want to delete some of those log files. You could do file, delete and/feet or/log. And then the logged name as a best practice. It is recommended that you have a backup for the logs that you’re deleting. If you do not want to delete the log file, but you only want to clear the contents of the file. You could use the command clear log. And then we can provide the log name over here. For example, if I wanted to clear the messages file, I could say clear log messages, press, enter. And now the messages file will still remain there.
Only the contents of that file will be cleared. So those are some of the ways in which you can free up some storage on your Junos device. Back over here, a few other things to keep in mind when upgrading the software on your Junos device. By default, Junos will validate the software package against the current configuration. This is to ensure that the device can reboot successfully after the software packages installed. Like upgrading. We also have the option to downgrade the software on a Junos device. So when the software is upgraded, Junos will automatically create a backup image of the software that was previously installed. And this is in addition to installing the requested software upgrade. The backup image can be used to downgrade only to the software release that was installed on the device before the current release. And the command to downgrade is request systems software rollback. The commands that were discussed in this video are very important from the examination perspective. It is important that we know the commands that can be used to upgrade or downgrade the software, the commands that can be used to free up the storage on the device and the command that can be used to verify the check some of a file.