INDUSTRY INTERNSHIP SUMMARY REPORT Juniper Networking BACHELOR OF TECHNOLOGY in COMPUTER SCIENCE AND ENGINEERING Submitted by APURV BHUSHAN SINGH (20SCSE1010901) GALGOTIAS UNIVERSITY SCHOOL OF COMPUTING SCIENCE AND ENGINEERID GREATER NOIDA, UTTAR PRADESHCHAPTER TABLE OF CONT TITLE PAGE NO Abstract List of Figures & List of Tables List of Abbreviations Introduction 1.1 Objective of the project 1.2 Problem statement and research objectives 1.3 Description of Domain 1.4A brief introduction about an organization. ‘Technical Deseription System Design 3.1 General Architecture 3.2 Design Phase 3.2.1 Data flow diagram 3.2.2 UML Diagrams 3.3 Methodology System Implementation Results and Discussions Conclusion and Future Work Appendices- 7.1 Source Code 7.2 Learning Experiences 7.3 SWOT Analysis ReferencesABSTRACT. If you are familiar with networking books, you might be a little surprised by the starting topic in Chapter 1. It is not the Open Systems Interconnection (OSI) model common to books in our industry, but instead the software that operates the router. In the following chapters, we dive headfirst into the details of running a network using the JUNOS software. This philosophy of knowing the basics is quite ingrained in the Juniper Networks Education courseware and certification exams, so we follow that assumption Juniper Networks provides high-performance network devices that create a responsive and trusted environment for accelerating the deployment of services and applications over a single network. The Junos operating system (Junos OS) is the foundation of these high-performance networks. Unlike other complex, monolithic software architectures, Junos OS incorporates key design and developmental differences to deliver increased network availal ity, operational efficiency, and flexibility. These key advantages are: One operating system, Concurrent software releases and Modular software architecture. Overview for Junos OS is intended to provide a technical and detailed exploration of Junos OS, explaining both concepts and operational principles, as well as how to configure and use Juniper Networks devices. In this report, we cover: + Understanding Junos OS + Security management + Device configuration + Device monitoring + Managing network devices + Using configuration statements and operational commandsThe JUNOS software is actually made up of multiple pieces working together to control the router’s functions. Each section of the software is referred to as a package and contains files specific to its particular function. The current packages found in each copy of the JUNOS. software are: Ikernel- The jkernel package contains the basic components of the JUNOS software operating system, Jbase- The jbase package contains additions to the JUNOS software since the last revision of the jkernel package Jroute- The jroute package contains the software that operates on the Routing Engine. This controls the Unicast routing protocols, the multicast routing protocols, and the Multiprotocol Label Switching (MPLS) signaling protocols. The package also contains the software for some daemons, such as mgd. Ipfe- The jpfe package contains the Embedded OS software that controls the components of the Packet Forwarding Engine. Idoes- The jdoes package contains the complete JUNOS software documentation set. Jerypto- The jerypto package contains software that controls various security functions, such as IP Security (IPSec) and Secure Shell (SSH). This package is available only in U.S. and Canadian versions of the software. Joundle- The jbundle package is a single file that contains all of the other packages we discussed previously. The JUNOS software boot sequence Removable Solid-State Media Flash Drive Primary Secondary Boot Media Boot Media At this point, we have the router booted and the appropriate software loaded on it. It is now time to monitor and configure the router using the command-line interface (CLI). The JUNOS software CLI contains two main modes: operational and configuration. The names adequately describe the functions permitted within each environment. Operational mode displays the current router status, and you use itfor verifying and troubleshooting the router. Configuration mode, on the other hand, provides you with a method for altering the current environment. FIGURE 1.3 Configuration mode hierarchy directories top chassis protocols system aggregated-devices bop backup-router alara connections dhep-relay foc dvmrp diag-port-authentication redundancy ign imet6-backup-router isis location lacircuit login Asp name-server apis atp msdp ports ospf processes pim radius-server rip Foot-authentication ripng services router-advertisement }— static-host-mapping router-discovery syslog rsvp tacplus-server sap veepCHAPTER 1 INTRODUCTION ‘The Components of a Juniper Networks Router — Juniper Networks router design Packet Forwarding Engine ‘The Routing Engine in a Juniper Networks router is the central location for control of the system. This is where the intelligence of the router operates. You perform software upgrades and maintenance on the Routing Engine. In addition, you interface with the Routing Engine for monitoring and configuring the router. ‘The hardware in a Juniper Networks Routing Engine is generally composed of the most common components available at its time of construction. As the cost of hardware decreases over time, you can expect that newer versions of the Routing Engine will contain more powerful hardware. Regardless, the requirements of the router design allow the Routing Engine to function quite well using the hardware described here. ‘The Packet Forwarding Engine is the central location for data packet forwarding through the router. The router’s throughput speed and capacity are controlled by the specially designed hardware, which sets a Juniper Networks router apart from its competitors. The switching control board contains a PowerPC CPU and 64MB of RAM that operates the components of the circuit board itself, but doesn’t participate in packet forwarding. An additional 8MB (or 16MB in recent versions of the circuit board) of synchronized static random access memory (SSRAM) contains the forwarding table for the router. The Internet Processor ASIC is located on the control board and accesses the forwarding table for route lookups. Additionally, the control board contains an ASIC designed for packet storage memory manage.CHAPTER 2 TECHNICAL DESCRIPTION Interfaces — A Juniper Networks platform contains two types of interfaces. Permanent interfaces are always present in cach router, while transient interfaces are inserted in or removed from the router by a user. The permanent interfaces on a Juniper Networks platform perform two vital roles—management and operation, The management functionality is performed primarily by the fxp0 interface. This Management Ethernet interface provides you with an out-of-band method for connecting to the router. This connection uses utilities such as Secure Shell (SSH) and Telnet to allow a remote user to manage and configure the router When you talk about a router’s interfaces, you often mean the interfaces that receive a user's data packet and then transmit that packet toward the final destination, For a Juniper Networks platform, these are transient interfaces. These interfaces are physically located on a Physical Interface Card (PIC) and can be inserted and removed from the router at any time. This property gives them their transient nature T1600 Router 1600 Router (cc 0) (ec 1) TX Matrix Plus Router (sro) 1600 Router T1600 Router Node (LCC 2) (ec 3) Data path. —— Control pathProtocol-Independent Routing In Junos OS, routing capabilities and features that are not specific to any particular routing protocol are collectively called protocol-independent routing properties. These features often interact with routing protocols. In many cases, you combine protocol-independent properties and routing policy to achieve a goal. For example, you define a static route using protocol- independent properties, and then, using a routing policy, you can redistribute the static route into a routing protocol, such as BGP, OSPF, or IS-IS. Protocol-independent routing properties include: Static, aggregate, and generated routes + Bidirectional Forwarding Detection on static routes + Global preference + Martian routes + Routing tables and routing information base (RIB) groups Routing Policy — A routing policy enables you to control (filter) which routes a routing protocol imports into the routing table and which routes a routing protocol exports from the routing table. A routing policy also enables you to set the information associated with a route as it is being imported into or exported from the routing table. Filtering imported routes enables you to control the routes used to determine active routes. Filtering routes being exported from the routing table enables you to control the routes that a protocol advertises to its neighbors. ‘A defined routing policy specifies the conditions to use to match a route and the action to perform on the route when a match occurs. For example, when a routing table imports routing information from a routing protocol, a routing policy might modify the route’s preference, mark the route with a color to identify it and allow it to be manipulated later, or prevent the route from even being installed in a routing table. When a routing table exports routes into a routing protocol, a policy might assign metric values, modify the BGP community information, tag the route with additional information, or prevent the route from being exported altogether, You also can define policies for redistributing the routes learned trom one protocol into another protocol.Neighbors Neighbors Import Policy 1 Export Policy 1 Import Policy 2 Export Policy 2 Neighbors eer ary acts Control iane Control Piane (Routing Protocole) ue sag Reouting Protocol) ad Routing Information Protocol — Routing Information Protocol (RIP) is a distance-vector routing protocol. Routers running the distance-vector protocol send all or a portion of their routing tables in routing-update messages to their neighbors. ‘You can use RIP to configure the hosts as part of a RIP network. This type of routing requires little maintenance and also automatically reconfigures routing tables when your network changes or network communication stops. RIPV2 was added to the System product so you ean send and receive RIP packets to update routes throughout your network. Hop count is the number of routers occurring in between the source and destination network. The path with the lowest hop count is considered as the best route to reach a network and therefore placed in the routing table. RIP prevents routing loops by limiting the number of hops allowed in a path from source and destination. The maximum hop count allowed for RIP is 15 and a hop count of 16 is considered as network unreachable. 10Features of RIP 1 Updates of -~—the_-—network = are. = exchanged ~—_pperiodically. 2 Updates (routing information) are always broadcast. 3. Full routing tables are sent in updates. 4. Routers always trust routing information received from neighbor routers. This is also known as Routing on rumors. Border Gateway Protocol — BGP is used to Exchange routing information for the intemet and is the protocol used between ISP which are different ASes. ‘The protocol can connect together any internetwork of autonomous system using an arbitrary topology. The only requirement is that each AS have at least one router that is able to run BGP and that is router connect to at least one other AS’s BGP router. BGP’s main function is to exchange network reach-ability information with other BGP systems. Border Gateway Protocol constructs an autonomous systems’ graph based on the information exchanged between BGP routers. BGP Route Information Management Functions: * Route Storage: Each BGP stores information about how to reach other networks. a+ Route Update: In this task, Special techniques are used to determine when and how to use the information received from peers to properly update the routes. + Route Selection: Each BGP uses the information in its route databases to select good routes to each network on the internet network. + Route advertisement: Each BGP speaker regularly tells its peer what is knows about various networks and methods to reach them. BGP Autonomous Systems EGPs; BGP | Autonomous System 100 Autonomous System 200 Multicast is a method of group communication where the sender sends data to multiple receivers or nodes present in the network simultaneously. Multicasting is a type of one-to-many and many- to-many communication as it allows sender or senders to send data packets to multiple receivers at once across LANs or WANs. This process helps in minimizing the data frame of the network. Multicasting works in similar to Broadcasting, but in Multicasting, the information is sent to the targeted or specific members of the network. This task can be accomplished by transmitting individual copies to each user or node present in the network, but sending individual copies to cach user is inefficient and might increase the network latency. To overcome these shortcomings, multicasting allows a single transmission that can be split up among the multiple users, consequently, this reduces the bandwidth of the signal. Multicast IP Routing protocols are used to distribute data (for example, audio/video streaming broadcasts) to multiple recipients. Using multicast, a source can send a single copy of data toa single multicast address, which is then distributed to an entire group of recipients, 12A multicast group identifies a set of recipients that are interested in a particular data stream, and is, represented by an IP address from a well-defined range. Data sent to this IP address is forwarded to all members of the multicast group. Routers between the source and recipients duplicate data packets and forward multiple copies wherever the path to recipients diverges. Group membership information is used to calculate the best routers at which to duplicate the packets in the data stream to optimize the use of the network. » Reciever Sender Targetted Reciever Targetted Reciever Firewall Filters — Firewall filters provide a means of protecting your router (and switch) from excessive traffic transiting the router (and switch) to a network destination or destined for the Routing Engine. Firewall filters that control local packets can also protect your router (and switch) from extemal incidents. You can configure a firewall filter to do the following: + Restrict traffic destined for the Routing Engine based on its source, protocol, and application. + Limit the traffic rate of packets destined for the Routing Engine to protect against flood, or denial-of-service (DoS) attacks. + Address special circumstances associated with fragmented packets destined for the Routing Engine. Because the device evaluates every packet against a firewall filter 13(including fragments), you must configure the filter to accommodate fragments that do not contain packet header information. Otherwise, the filter discards all but the first fragment ofa fragmented packet. 0 Dustin WV Spero tate Mond 14CHAPTER 3 CONCLUSION Juniper Networks provides high-performance network devices that create a responsive and trusted environment for accelerating the deployment of services and applications over a single network ‘The Junos operating system (Junos OS) is the foundation of these high-performance networks. Unlike other complex, monolithic software architectures, Junos OS incorporates key design and developmental differences to deliver increased network availability, operational efficiency, and flexibility. These key advantages are: © One operating system = Concurrent software releases + Modular software architecture One Operating System Unlike other network operating systems that share a common name but splinter into many different programs, Junos OS is a cohesive operating system that is supported across all devices and product lines. This enables Juniper Networks engineers to develop software features once and share the features across product lines simultaneously. Because features are common to a single source, generally these features are implemented the same way for all of the product lines, reducing the training required to learn different tools and methods for each product. Concurrent Software Releases Each new mainline version of Junos OS is released concurrently for all product lines. Each new Junos OS release includes working features released in previous versions of the software and must achieve zero critical regression errors. Any deprecated features or functions are not only announced, but any needed workarounds or solutions are provided. This discipline ensures reliable operations for the entire release Modular Sofiware Architecture Although individual architecture modules of Junos OS communicate through well-defined interfaces, each module runs in its own protected memory space, preventing one module from disrupting another. It also enables the independent restart of each module as necessary. This is in contrast to monolithic operating systems for which a malfunction in one module can ripple to 15other modules, possibly causing a full system crash or restart. This modular Junos OS architecture provides a high level of performance, high availability, security, and device scalability not found in other operating systems Generally, Junos OS is preinstalled on your Juniper Networks device when you receive it from the factory, When you first power on the device, all software starts automatically, You then configure the software so that the device can participate in your network. However, if needed, you can order Juniper Networks devices without any software installed, for additional flexibility. You can upgrade the device software as new features are added or software problems are fixed. orks. onto your device or another system on your local network, then install the software upgrade on the You obtain new software by downloading images from the Juniper upport website device. Juniper Networks devices run only binaries supplied by Juniper Networks. Each Junos OS image includes a digitally signed manifest of executables, which are registered with the system only if the signature can be validated, Junos OS will not execute any binary without a registered fingerprint. This feature protects the system against unauthorized software and activity that might compromise the integrity of your network devices. 16CHAPTER 4 APPENDICES Networking often serves as the starting point for many IT professionals. The Juniper JNCLA- Junos certification serves as the entry-level credential for Juniper certifications, requiring learners to demonstrate a working knowledge of the Juniper Networks Junos OS, networking fundamentals, as well as basic routing and switching. Roles typically affiliated with the JNCIA- Junos certification include network engineering, network administration, and more. Juniper Networks Certified Associate — Junos (JNCIA-Junos) The Juniper Networks Certified Associate ~ Junos (INCIA-Junos) certification is an entry-level certification that is designed to affirm a learner's knowledge, skills, and understanding of networking fundamentals, Junos OS fundamentals, user interfaces, Junos configuration basics, operational monitoring and maintenance, routing fundamentals, and routing policy and firewall filters. There are no formal prerequisites for the INCIA-Junos certification, but learners new to the industry may benefit from the CompTIA Network+ training and/or certification prior to pursuing the INCIA-Junos. Learners should have six months of experience working in IT, ideally in networking, prior to attempting the INCIA-Junos a7a) 21 BI 4] [5] CHAPTER 5 REFERENCES https:/earningportal juniper.net/juniper/user_activity_info.aspx?id=12035, https://www.cbtnuggets.com/blog/technology/networking/roadmap-to-success-jncia-junos INCIA Juniper™ Networks Certified Internet Associate by Joseph M. Soricelli with John L. Hammond, Galina Diker Pildush, Thomas E, Van Meter, and Todd M. Warble Copyright © 2003-6 by Juniper Networks Inc. All rights reserved. https://www juniper.net/documentation/product/us/en/junos-os/ https:/‘docs.ansible.com/ansible/latest/collections/junipernetworks/junos/index. html 18