61. Unified ISSU
Let’s now talk about a unified ISIS u. This topic is an extension to the topic of upgrading Junos that we talked about in the last video. Let’s talk about this. Unified ISIS u stands for unified inservice software upgrade. This feature allows you to upgrade your Junos device between two different Junos releases with no disruption on the control plane and with minimal disruption of traffic. This is only supported on dual routing engine platforms. So on Junos devices that have to routing engines, the unified ISIS you feature can be used to upgrade the Junos software. Without disrupting the control plane and the flow of traffic. Unified ISIS, you depends on two other features. The first one is graceful routing engine switchover. Also known as G.R. E.S.. And the second one is nonstop active routing.
Also known as FSR. So as a prerequisite, both these features must be turned on. For us to be able to use the unified ISIS you feature. Also, to perform unified ISIS, you, the master and the backup routing engines must be running the same software version. The advantage of using unified ISIS you is that it eliminates network downtime during the software image upgrade process. It also allows you to maintain high service levels because we are not disrupting the flow of traffic. And it also allows you to quickly implement new features.
Let’s talk about the first feature that needs to be enabled to perform unified ISIS you, which is graceful routing engine switchover. This feature enables a device with redundant routing engines to continue forwarding packets, even if one routing engine fails. Traffic is not interrupted and the device is not rebooted. So if you have a Junos device with two routing engines, if you have this feature turned on and if one of the routing engine fails, the flow of traffic will not be interrupted. The Mastership is transferred to the backup routing engine.
If the master routing engine kernel stops operating, the master routing engine experiences a hardware failure or the administrator initiates Emanuels switch over. In any of these situations, the mastership will be transferred from the current master routing engine to the backup routing engine. Some other high points, graceful routing, engine switchover, preserves interface and kernel related information. However, the control plane is not preserved, causing routing to be impacted. And this is one of the limitation of GRV.
Yes. Even though it preserves interface and kernel information control, plane information is lost. This means when Mastership is transferred to the backup routing, engine routing associations will have to be re computed because we’ve lost the control plan information to overcome this limitation, which is to preserve routing during a switchover. Jigar, yes, may be combined with non-stop active routing or A.R..
Some more points to keep in mind. With graceful routing engines switch over the packet forwarding engine disconnects from the old master routing engine and reconnects to the new mast routing engine. This is why the device is still able to forward traffic, even if the master routing engine fails. The packet forwarding engine does not reboot and traffic is not interrupted. Let’s now talk about nonstop active routing with A.R. or nonstop active routing enabled, the Junos device is able to save routing protocol information during a switchover. So this feature allows us to address the limitation with GRV. Yes. This is achieved by running the routing protocol daemon or our PD on the backup routing engine. As a result, the routing platform does not need to rely on other routers to restore the routing protocol information because it is already running the routing protocol daemon on the backup routing engine.
So when we want to upgrade a Junos device with dual routing engines, we have three options. The first option is where we are performing the upgrade without any features enabled. In this case, the physical interfaces will be taken offline, which means traffic will be interrupted. The packet forwarding engines will be restarted. To transfer the Mastership, the backup routing engine will restart the routing protocol process. The new master routing engine will discover all hardware and interfaces. The switchover will take several minutes. And when the switchover is completed, routing information will convert and traffic will be resumed. The second option is to perform the upgrade with graceful routing engines, which over enabled.
With this option enabled, the interface and kernel information is preserved. However, control plan information is not. The new master routing engine will restart the routing protocol process, in this case, the switchover is faster because the packet forwarding engines are not restarted. But an important thing to keep in mind is that because the control plane information is not preserved, the routing associations will have to be computed again.
The third option is to perform the upgrade with graceful routing engines, switchover and non-stop active routing enabled. In this case, interface and Carnel information is preserved. Routing protocol information is saved during the switchover. This means the routing associations with other devices on the network is maintained and traffic is not interrupted during the switchover process at the JND CIA level. We only need to know about this at a conceptual level. We’re not required to know how to configure this. So the key takeaway from this video is to know the different ways in which a dual routing engine platform can be upgraded. What is unified ISIS you and what are the dependencies to perform a unified ISIS? You.
62. Root Password Recovery
Let’s now talk about root password recovery. Let’s say you’ve forgotten the root password for your Junos device. Or maybe you’ve lost the root password for your Junos device. How would we recover the root password? That’s what we’re going to talk about in this video. There’s a sequence of steps that we need to follow. Let’s talk about the steps first and then we’ll get to the terminal and see it live in action. So step number one is to connect to the device using the serial console port and reboot the device. The process of resetting your root password has to be done by establishing a console connection because as part of the root password recovery process, we will be rebooting the device a couple of times. So in order to have a persistent connection, we will need to connect using the console port. When the system reboots, press spacebar when prompted. This will take you to the lower prompt at the lower prompt will enter the command booth hyphen s that will boot the device into a single user mode. Then we’ll enter recovery. When prompted. This will complete the board process and put you in the operational mode at the operational mode will type configure to enter the configuration mode. And then we’ll use the command set system, route authentication, plain text password to set the root password. Finally will commit and reboot the device.
Now that we’ve understood the steps. Let’s get to a Junos terminal and give this a try. All right, I’m here at the Junos terminal. The first step is to reboot the device in your case. If you’ve forgotten the rude password of the device and you do not have another user name configured on the device, you will need to reboot the device by physically powering it off and powering it back on. Right now, I’m going to use the command to reboot the device, which is a request system reboot. Now, the reason you see all these characters over here is because I have a 0 connection on the device. So it makes up these characters over here. As long as you’re typing the command correctly, it’s all fine. So I’ll reboot the device using the command request system reboot. Say yes. The device is now shutting down. The device is now being powered on. Now we’ll need to press spacebar when prompted. We can see here we’ve been prompted to press spacebar, if you can follow along with me here.
We were prompted to enter a space bar here, but this is not the place to press spacebar. We will be prompted one more time. And that’s when we’ll press the space. Marcie. All right. That’s the prompt and I’ve pressed the spacebar key. You can see here the prompt was hit. Enter the boot immediately or spacebar for command prompt. I press spacebar. And now we can see the loader prompt over here. We’ll use the command boot hyphen s to boot the device into single user mode. And now we are prompted to enter the full pat name of Shell or the recovery command for root password recovery. So let’s use that command recovery and press enter. OK. So the boot sequence has completed. Make a note of the message here. It says, Once in the sea, Allai, you will need to enter a configuration mode using the configure command to make any required changes, for example, to reset the root password type configure and then type set system root authentication, plain text password and commit. When you accept this Selye, you will be asked if you want to reboot the system.
So let’s do that. Let’s enter the configuration mode with the configure command. And now we’ll use the command set system route authentication, plain password. I’ll press enter. And provide the password a couple of times. And now we’ll commit the configuration. When that’s completed, we’ll go back to the operational mode and use the command request system reboot to reboot the device. That completes the root password recovery process. From the GFCI examination standpoint, it is important to remember the seven steps that are required to reset the root password.
63. Important Commands
Let’s look at some important Junos commands that will not only help us from the examination standpoint, but will also help us to better manage the device. Some of these commands may also be talked about in the upcoming videos. While some of these commands you will only see in this video. The goal here is to make sure that we know the important commands that will help us in better managing the device and will also be helpful from the examination standpoint. Let’s get to the terminal. OK. I’m here at the Junos terminal, and I mean the operational mode, almost all the commands that we’re going to talk about are from the operational mode. We’ll start with the clear command. We’ll do a question mark here. Now, you’ll notice we can clear information for a variety of services. We can clear firewall counters. We can clear interface counters. We can also clear logs. Let’s take a look at that. So if we wanted to clear the log files, we could do clear log. Question mark. And here’s all the log files on my system. I can provide the log file, name and press enter. So that will clear my log file.
If you’re in a production environment before you execute this command, make sure you have a backup for the log. Similarly, we could also do clear interfaces and we can see a clear interface statistics. And we can provide the interface name in this case, for example, Giese 0 0 1.0. And that will clear the counters for that interface. We could also do. Clear system. And here we have a few options, like we can clear pending permits. We can clear log in state, for example. Clear system log in. And if we have locked out users, we can say. Clear system, log in, lock out. We could also clear pending reboots on the device. The other important comment is file commands. I’ll start with file space question mark. If you wanted to see the contents of a file, you could do file show and then the file name if you wanted to list the files in a directory. You can do file list. For example, I want to see what files do we have in the/fee or/Tempy directory. And there we can see the files. We can also delete a file.
So file, delete. And the path for that file. If you want it to copy your file. We could do file copy and then we can provide the source. You are of that file. Some other operations that we can perform include rename so we can provide the source file name that we want to rename a couple of other interesting commands with the file key word ah, make directory and delete a directory that will allow you to create or delete a directory. The other interesting comment is the monitor command that allows you to monitor statistics and traffic and real time. For example, if I do monitor traffic, I can press enter over here and that’s going to show me traffic in real time on the device. This is very useful for troubleshooting purposes. Control to exit out. We could also monitor and interface if you wanted to monitor interface and we can provide the interface name. Let’s try this one. And we can see here we are monitoring the interface in real time. And you’ll notice that counters are taking. There is also an option to freeze the frame if you wanted to. So if I press F here, you’ll notice the counters have frozen. And if he wanted to continue, we can see a T. And now the counters will continue to increment. I’ll press cue to quit. And a couple of more monitor commands that are useful. You can do monitor start and that will allow you to monitor a log file in real time. Let’s give that a try.
Monitors start messages and that will show you all messages being logged to the messages log file. And if you wanted to see what files you’re monitoring, you could do monitor list. And we can see here we are monitoring the messages file over here, the command that I just tried right now has been logged to that file. If we wanted to stop monitoring, we can do. Monitor, stop. And that will stop the monitoring. Another useful command is paying. We can just ping and the IP address. Or we could do ping IP address and we can specify the count. Meaning the number of requests that we want to send. For example, ping count three. And that will send three packets or three requests. And the ping will stop automatically. Another variation to this is the rapid keyword. So let’s do. Paying for two, two, two. Let’s do count one hundred and then let’s use the rapid keyword here, which is used to send rapid requests, rapid. And you’ll notice the ping is much faster. Ping also has some other options that we can use, like, for example, we can do IPv6 ping. We can set the size of the request packets. We can provide a source address. We can set the TTL value, etc.. Then we have the request commands. Let’s give that a try. Let’s do request. Question. And you’ll notice there’s a bunch of options that we can use here. Request DTP can be used to perform the FCP related operations like request DTP client renew. And that will renew the IP addresses of your DTP clients.
We could also do request system. And here we have quite a few options, like we can choose to log out a user. We can choose the power of the device, reboot the device, hold the device. You also have the option to manage your licenses over here. So request system license. And you can see we can add licenses from a file or from a server. Another interesting option here is a request. Message. This can be used to send a message. Scuse me there. Let’s do it one more time. Request message. This can be used to send a message to other users on the device. The operational mode also has certain set commands, in fact, very few of them. If we do set space question mark, we can set the Chessie properties, CLI properties and the system date and time. Some other utilities available over here in the operational mode include S.H. that allows you to assess Sage into another device. We could also do Telnet if we wanted to Telnet into another device. And we also have support for FPP, even though you don’t see that option over here.
When I do a question mark, you’ll notice we don’t have the option called FPP, but we could do FPP from here so we can do FPP and we can provide the IP address of the host where we want to FCP. You also have the choice route option that allows you to trace the hops between your device and a target machine so we can do a trace route. And then the IP address, if you do not want to resolve your IP addresses, you can see no result. And that will cause the trace route to complete much faster. One last come, we’ll talk about very interesting comment, and that’s show security flow session, this command will show you all the sessions established on the device. Let’s do that. Show security flow session. And here we can see the session information. So I can see that there’s an ICMP session going on here. And we also have some TCAP related sessions over here. So those are some of the important commands on the SRS device. A lot of these commands will be very useful for managing the SRX device in a production environment. And you’ll also find these commands useful from the examination perspective.