[c-nsp] Wanting to learn Juniper...

Jonathan Crawford jj at powerset.com
Fri Apr 11 03:03:58 EDT 2008


This is all my opinion, obviously and I really don't want to start a flame war etc etc, but I cannot leave this one alone...

I have Ciscos and will continue to have them... lets face it, they are easy to get a hold of used, and for the money you cannot beat the power...

Some other nice things about JunOS... show | compare, show | compare rollback <number>, commit confirmed <timeframe>, and more.


Lets do some intuative configuation really quick (these are done off the top of my head, so errors are very possible)...

Cisco
-----

interface GigabitEthernet0/1
 ip address 10.0.0.1 255.255.255.0
 ip access-group blah out
 ! This is here, not in router ospf <process>... but you must define this interface's subnet/ip/etc in router ospf <process>.. or make it
 ! passive if another rule makes it active.
 ip ospf cost 1000
 ! This one I really don't get... why not stick to access-group?
 ipv6 traffic-filter blahv6 out
 ipv6 enable
 ipv6 address fdfb::1/64
 ! Instead of router ospf3 <process>, like router ospf <process> this is here... don't get me wrong... I like it here more.
 ! But intuative this is not... especially since router ospf <process> exists and router ospf3 <process> does not.
 ! While we are on it... ip router isis and ipv6 router isis go here as well...
 ipv6 ospf 1 area 0.0.0.0
 no shutdown

router ospf 1
 redistribute connected
 ! Have to define the network of the interface, otherwise forget it... but you cannot just specify the interface as being a member of the
 ! area...
 network 10.0.0.0 255.255.255.0 area 0.0.0.0
 ...

! We won't define blah here... but it will work anyways... in older version of IOS "work" was relative.

ipv6 access-list blahv6
 ...


JunOS
-----

interfaces {
        ge-0/0/0 {
                unit 0 {
                        family inet {
                                /* Guess where this goes for family inet6? */
                                filter {
                                        /* Fallthrough access lists */
                                        output [ blah blah2 ];
                                }
                                address 10.0.0.1/24;
                        }

                        family inet6 {
                                /* Here... same as family inet */
                                filter {
                                        output blahv6;
                                }
                                address fdfb::1/64;
                        }
                }
        }
}

protocol {
        ospf {
                /* I can do fallthrough here too */
                export [ policy-connected other-exports ];
                area 0.0.0.0 {
                        area-range 10.0.0.0/24;
                        interface ge-0/0/0.0 {
                                metric 1000;
                        }
                }
        }

        /* It exists in the same places as ospf... */
        ospf3 {
                export policy-connected;
                area 0.0.0.0 {
                        area-range fdfb::/64;
                        interface ge-0/0/0.0;
                }
        }

        /* These also live here, and follow somewhat the same format as the above... obviously not the same as needs change.  */
        bgp { ... }
        pim { ... }
        msdp { ... }
        isis { ... }
}

policy-options {
        policy-statement policy-connected {
                term connected-networks {
                        from {
                                protocol direct;
                        }
                        then accept;
                }
        }
        policy-statement other-connected { ... }
}

firewall {
        family inet {
                filter blah { ... }
        }

        family inet6 {
                filter blahv6 { ... }
        }
}

Then... when you go to do commit...

user at juniper# commit check
[ edit interfaces ge-0/0/0 unit 0 family inet ]
        'filter'
        referenced by 'blah2' is not defined




-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tolstykh, Andrew
Sent: Thursday, April 10, 2008 10:27 PM
To: Campbell, Alex; Jeff Cartier; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Wanting to learn Juniper...

That's just like your own opinion man (Big Lebowski).

Cisco IOS is in fact extremely intuitive, there is nothing intuitive
about the JunOS IMHO. I will get my JNCIE just to have it, but why in
the world would I possibly deploy it in production when Cisco's gear is
flawless? Configuration rollback and grep (OMG - what an invention -
grep!), what else? Seriously, am I missing out on something absolutely
awesome that I don't have on my 6500's? Just a personal feedback
regarding Cisco's service - they have been awesome. 24x7x365, never had
an issue with them, equipment is rock solid (one port on the 2950
shocked with the static electricity charge - Cisco replaced it without
asking any questions).

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Campbell, Alex
Sent: Thursday, April 10, 2008 8:50 PM
To: Jeff Cartier; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Wanting to learn Juniper...

I would pick up an old J-series to play with.  The JunOS CLI and
configuration structure is extremely intuitive.

Once you've found your way around the CLI, I would work through Team
Cymru's JunOS templates:
http://www.cymru.com/gillsr/documents/junos-template.htm
http://www.cymru.com/gillsr/documents/junos-bgp-template.pdf

And then pick up a copy of O'Reilly's JunOS Cookbook and Addison
Wesley's Juniper Networks Reference Guide.  The j-nsp list is very
helpful as well.

Be warned though - once you've started using JunOS you will never, ever
want to go back to IOS.


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jeff Cartier
Sent: Friday, 11 April 2008 11:21 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Wanting to learn Juniper...


I'm fairly well versed in the Cisco devices and the configuration of
those devices through the CLI using Cisco IOS...but I'm curious, and up
for the learning experience, of starting to familiarize myself with
Juniper.

I'm looking for some insight on the best approach to do this?

I prefer hands on...so I was thinking maybe some practice gear off
ebay...and if so, what model would be right for my goal.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited.  If you received this in error, please contact the sender and delete the material from any computer.

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list