Goodbye to Juniper
Goodbye to Juniper
And, so the big fish eat the little fish, and so it goes on. This happened for our spin-outs, where Zonefox was acquired by Fortinet and Symphonic by Ping ID. I am sure that Cyacomb and MemCrypt will follow a similar track.
So, when it comes to innovation, it is often small and agile companies that can disrupt a market, but in the end, it is the companies that require these companies. It happened recently when Cisco acquired the cybersecurity punk Splunk. Now, it’s the turn of Juniper, and which stood up against Cisco Systems and won a significant part of the networking industry [here]:
It perhaps cuts-out another competitor in the network market.
Overall, the deal values Juniper at $14 billion, and fits into the edge-to-the-cloud market. The acquisition especially focuses on the usage of AI to manage complex workloads, along with enhanced security implementations.
I like Juniper configurations as they feel more like an operating system than Cisco commands. In fact, I think there’s a better structure to the commands. Here is an example of setting the IP address on a Juniper device (for lo0, em0 and em1) [here]:
root@> configure
[edit]
root@# set system host-name fred
root@# set domain-name fred.com
root@# set backup-router 1.2.3.4
root@# set system login user fred class superuser
root@# set system login user fred authentication plain-text-password
New Password:
root@# set interface lo0 unit 0 family inet address 1.2.3.4/24
root@# set interface em0 unit 0 family inet address 1.2.3.5/24
root@# set interface em1 unit 0 family inet address 2.3.4.6/24
root@# commit
[edit]
root@# show
root@fred# exit
Exiting configuration mode
root@fred>We can show the status of the interfaces with:
fred@fred> show interfaces terse
Interface Admin Link Proto Local Remote
dsc up up
em0 up up
em0.0 up up inet 192.168.0.150/24
em1 up up
em1.0 up up inet 192.168.1.150/24
gre up up
ipip up up
lo0 up up
lo0.16384 up up inet 127.0.0.1 --> 0/0
lo0.16385 up up inet
lsi up up
mtun up up
pimd up up
pime up up
tap up up
fred@fred> show interfaces brief
Physical interface: dsc, Enabled, Physical link is Up
Type: Software-Pseudo, Link-level type: Unspecified, MTU: Unlimited,
Clocking: Unspecified, Speed: Unspecified
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps
Physical interface: em0, Enabled, Physical link is Up
Type: Ethernet, Link-level type: Ethernet, MTU: 1514, Clocking: Unspecified,
Speed: 1000mbps
Device flags : Present Running
Interface flags: SNMP-Traps
Logical interface em0.0
Flags: SNMP-Traps Encapsulation: ENET2
inet 192.168.0.150/24
Physical interface: em1, Enabled, Physical link is Up
Type: Ethernet, Link-level type: Ethernet, MTU: 1514, Clocking: Unspecified,
Speed: 1000mbps
Device flags : Present Running
Interface flags: SNMP-Traps
Logical interface em1.0
Flags: SNMP-Traps Encapsulation: ENET2
inet 192.168.1.150/24
Physical interface: gre, Enabled, Physical link is Up
Type: GRE, Link-level type: GRE, MTU: Unlimited, Speed: Unlimited
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps
Physical interface: ipip, Enabled, Physical link is Up
Type: IPIP, Link-level type: IP-over-IP, MTU: Unlimited, Speed: Unlimited
Device flags : Present Running
Interface flags: SNMP-Traps
Physical interface: lo0, Enabled, Physical link is Up
Type: Loopback, Link-level type: Unspecified, MTU: Unlimited,
Clocking: Unspecified, Speed: Unspecified
Device flags : Present Running Loopback
Interface flags: SNMP-Traps
Logical interface lo0.16384
Flags: SNMP-Traps Encapsulation: Unspecified
inet 127.0.0.1 --> 0/0
Logical interface lo0.16385
Flags: SNMP-Traps Encapsulation: Unspecified
inet
Physical interface: lsi, Enabled, Physical link is Up
Type: Software-Pseudo, Link-level type: LSI, MTU: 1496, Clocking: Unspecified,
Speed: Unlimited
Device flags : Present Running
Interface flags: SNMP-Traps
Physical interface: mtun, Enabled, Physical link is Up
Type: Multicast-GRE, Link-level type: GRE, MTU: Unlimited, Speed: Unlimited
Device flags : Present Running
Interface flags: SNMP-Traps
Physical interface: pimd, Enabled, Physical link is Up
Type: PIMD, Link-level type: PIM-Decapsulator, MTU: Unlimited,
Speed: Unlimited
Device flags : Present Running
Interface flags: SNMP-Traps
Physical interface: pime, Enabled, Physical link is Up
Type: PIME, Link-level type: PIM-Encapsulator, MTU: Unlimited,
Speed: Unlimited
Device flags : Present Running
Interface flags: SNMP-Traps
Physical interface: tap, Enabled, Physical link is Up
Type: Software-Pseudo, Link-level type: Interface-Specific, MTU: Unlimited,
Clocking: Unspecified, Speed: Unlimited
Device flags : Present Running
Interface flags: SNMP-TrapsHere’s the setup for a default gateway [here]:
This challenge defines the default gateway for any data packets which cannot be routed. The command is:
set routing-options static route 0.0.0.0/0 next-hop 2.3.5.7
where 0.0.0.0/0 matches any address, and the next-hop (or default gateway) is 2.3.5.7.
Overview:
root@> configure
[edit]
root@# set system host-name fred
root@# set domain-name fred.com
root@# set interface em0 unit 0 family inet address 1.2.3.5/24
root@# set interface em1 unit 0 family inet address 2.3.4.6/24
root@# set routing-options static route 0.0.0.0/0 next-hop 2.3.5.7
root@# commit
[edit]
root@# show
root@fred# exit
Exiting configuration mode
root@fred>
Commands:
root@> configure
[edit]
root@# set system host-name fred
root@# set domain-name fred.com
root@# set interface em0 unit 0 fam inet address 1.2.3.4/24
fred@fred# set ?
Possible completions:
> access Network access configuration
> accounting-options Accounting data configuration
> applications Define applications by protocol characteristics
+ apply-groups Groups from which to inherit configuration data
> chassis Chassis configuration
> class-of-service Class-of-service configuration
> event-options Event processing configuration
> firewall Define a firewall configuration
> forwarding-options Configure options to control packet forwarding
> groups Configuration groups
> interfaces Interface configuration
> logical-routers Logical routers
> policy-options Routing policy option configuration
> protocols Routing protocol configuration
> routing-instances Routing instance configuration
> routing-options Protocol-independent routing option configuration
> services Service PIC applications settings
> snmp Simple Network Management Protocol configuration
> system System parameters
fred@fred# set routing-options ?
Possible completions:
> aggregate Coalesced routes
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> auto-export Export routes between routing instances
> autonomous-system Autonomous system number
> confederation Confederation autonomous system number
> dynamic-tunnels Dynamic tunnel definitions
> fate-sharing Fate-sharing links or nodes database
> flow Locally defined flow routing information
> forwarding-table Forwarding table management options
> generate Route of last resort
> graceful-restart Graceful or hitless routing restart options
+ instance-export Export policy for instance RIBs
+ instance-import Import policy for instance RIBs
> interface-routes Define routing table groups for interface routes
> martians Invalid routes
> maximum-paths Maximum number of paths
> maximum-prefixes Maximum number of prefixes
> multicast Global multicast options
> options Miscellaneous options
> ppm Set periodic packet management properties
> resolution Route next-hop resolution options
> rib Routing table options
> rib-groups Group of routing tables
route-distinguisher-id Identifier used in route distinguishers for routing instances
route-record Enable route recording
router-id Router identifier
> source-routing Source-routing options
> static Static routes
> traceoptions Global routing protocol trace options
fred@fred# set routing-options static ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> defaults Global route options
rib-group Routing table group
> route Static route
fred@fred# set routing-options static route 0.0.0.0/0 ?
Possible completions:
active Remove inactive route from forwarding table
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> as-path Autonomous system path
> bfd-liveness-detection Bidirectional Forwarding Detection (BFD) options
> color Color (preference) value
> color2 Color (preference) value 2
+ community BGP community identifier
discard Drop packets to destination; send no ICMP unreachables
install Install route into forwarding table
> lsp-next-hop LSP next hop
> metric Metric value
> metric2 Metric value 2
> metric3 Metric value 3
> metric4 Metric value 4
+ next-hop Next hop to destination
next-table Next hop to another table
no-install Don't install route into forwarding table
no-readvertise Don't mark route as eligible to be readvertised
no-resolve Don't allow resolution of indirectly connected next hops
no-retain Don't always keep route in forwarding table
> p2mp-lsp-next-hop Point-to-multipoint LSP next hop
passive Retain inactive route in forwarding table
> preference Preference value
> preference2 Preference value 2
> qualified-next-hop Next hop with qualifiers
readvertise Mark route as eligible to be readvertised
receive Install a receive route for the destination
reject Drop packets to destination; send ICMP unreachables
resolve Allow resolution of indirectly connected next hops
retain Always keep route in forwarding table
> tag Tag string
> tag2 Tag string 2
fred@fred# set routing-options static route 0.0.0.0/0 next-hop ?
Possible completions:
<value> Next hop to destination
[ Open a set of values
fred@fred# set routing-options static route 0.0.0.0/0 next-hop 0 ?
Possible completions:
<[Enter]> Execute this command
active Remove inactive route from forwarding table
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> as-path Autonomous system path
> bfd-liveness-detection Bidirectional Forwarding Detection (BFD) options
> color Color (preference) value
> color2 Color (preference) value 2
+ community BGP community identifier
install Install route into forwarding table
> lsp-next-hop LSP next hop
> metric Metric value
> metric2 Metric value 2
> metric3 Metric value 3
> metric4 Metric value 4
+ next-hop Next hop to destination
no-install Don't install route into forwarding table
no-readvertise Don't mark route as eligible to be readvertised
no-resolve Don't allow resolution of indirectly connected next hops
no-retain Don't always keep route in forwarding table
> p2mp-lsp-next-hop Point-to-multipoint LSP next hop
passive Retain inactive route in forwarding table
> preference Preference value
> preference2 Preference value 2
> qualified-next-hop Next hop with qualifiers
readvertise Mark route as eligible to be readvertised
resolve Allow resolution of indirectly connected next hops
retain Always keep route in forwarding table
> tag Tag string
> tag2 Tag string 2
| Pipe through a command
root@# commit
[edit]
root@fred# exit
Exiting configuration mode
fred@fred> show route terse
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 0.0.0.0/0 S 5 >2.3.5.7
* 192.168.0.0/24 D 0 >em0.0
* 192.168.0.150/32 L 0 Local
* 192.168.1.0/24 D 0 >em1.0
* 192.168.1.150/32 L 0 Local
root@fred>Finally, here is a fun test for Juniper:
https://asecuritysite.com/tests/fun?sortBy=jun
or a normal test:
https://asecuritysite.com/tests/tests?sortBy=jun
If you want to learn a bit more about Juniper, try here: