Monitoring System Software
The show system commands focus on system software components. For example if a service fails on a box, the daemon should produce a core file that would be viewable from the show system core-dumps command (shows any core dumps currently viewable on the box).
show system alarms can let you know what alarms are going off on the box in real time. – can tell you about failed disks.etc – good for checking devices on the fly for issues.
show system boot-messages shows you the dmessages, if there were issues or quirks on startup this will show you.
show system license tells you when you have license issues, if you need to upgrade.etc
show system storage can tell you if you have any issues with the storage. If your flash is failing or if your SSD is starting to run out of space. (in linux this is df -h combined with the mount command, kinda neat)
show system process extensive might be invoked when a system is performing poorly and you’re trying to work out why. It will break down how much memory/cpu.etc is being used by each process so you can find any misbehaving services. (top in linux)
Monitoring System Hardware
There is a show chassis command that gives you information on the hardware of the system and what’s going on with it.
show chassis alarms gives you information on what might have failed or if the device is having hardware issues, for instance if a power supply has failed, high temps, line card failures.etc
show chassis environment
show chasssis hardware
If you’re getting support from Junos these ones are mandatory. Environment gives us all the fan speeds, temp sensors.etc and show chassis hardware gives us all the information on the hardware, every line card, interface card, the serial number (support will need this), RE type, firmware.etc
show chassis fpc gives you the state of your line cards, along with memory and cpu stats for the line cards. This doesn’t directly relate to forwarding performance though.
show chassis cluster – if you have multiple SRX’s acting as a single node you can run this command to check that.
show chassis routing-engine – can be used to show the overall memory and CPU utilisation.
Managing System Components (Outside config mode)
Request Commands – need to be careful, as you can have a serious impact on the box. You can use it to shut down the device gracefully (with either request system halt or power-off). You can update or add new junos packages with request system software add junos-package-name.tgz.
You can restart a line card using request chassis fpc slot x restart
A less dangerous request command is requests system configuration rescue save which allows you to save the current config as a special file and this rollback file will never be thrown away / pushed out the stack like standard old commits.
On some devices there is a rescue button on the outside of the device, so in theory it can be brought back to the safe rescue state by someone in person without giving them switch access
Monitoring System Interfaces
You can use show interfaces commands to verify interface status and view interface details, just like on Cisco (just without the ip keyword after show).
show interfaces extensive (Gives you ALL the info, even more than detailed)
show interfaces diagnostics optics ge-0/0/0 (Really good command, when there is a device on the end that is not behaving you can run this command and, without disrupting service, you can get the optical levels for both transmit and receive. – When fibre links are dodgy try using this command.
There is also the monitor interface ge-0/0/0 command which allows you to view interface usage details in real time, how much data is coming in, going out.etc
A variation of this is monitor interface traffic which does something similar but gives you one line per interface, maybe useful if you’re looking at how much total data is going through a switch and which ports are most active?
Common Ops Tools
Outside of the standard kit (ping, telnet, traceroute.etc)
Ping – Very simple command, on Junos you can add the rapid keyword after the ip address, and it will send a number of packets quickly to see if there is any loss. ping 8.8.8.8 rapid count 100. There are more options that can be enabled too (put ? on the end to see them)
traceroute – tells you all the hops towards a targeted interface. You can turn off DNS resolution, change the source.etc same as on the ping command. traceroute monitor x.x.x.x can be useful too – it is the same as MyTraceRoute (MTR) in linux.
telnet – not as secure as ssh but still very useful. Can specify the source address, which port you’re telnetting to. SSH works the same on these Junos devices, and a routing instance can be specified.
Quick note about routing instances, when you are typing a show command. (e.g. show ospf neighbor) you can add the instance command onto the end of it (confusing as other commands use routing-instance but it means the same thing).
Operational and Troubleshooting Commands
monitor traffic interface – though it sounds a lot like monitor interface traffic it is a different command (bit confusing). It’s basically tcpdump though. You love tcpdump. Example:
monitor traffic interface ge-0/0/0.0 no-resolve
Okay it’s not quite as good as TCPdump – you can’t sniff out traffic going through it. It does let you look at all the management stuff though, if there are telnet settings, ospf changes.etc.
If you want to record the output of this command to look through later, you can append the command with write-file FILENAME.pcap and load it into wireshark.
Password Recovery
If you connect your device to the serial port or a Junos router, and find there is a password on there you didn’t expect, you can do something about it.
Start by interrupting the boot process while it is still booting by spamming the space key while it is still booting.
Once you have cli access you can run boot -s which boots the device in single user mode, disabling the requirement for a password to get into the unix shell. The normal dmessages will scroll by.
Eventually it will prompt you to type ‘recovery’ for root password recovery. (Alternatively if you just want to get into the linux shell you can press enter). From there you are in as the root user, and can configure a new password:
configure set system root-authentication plain-text-password (enter new password when asked) commit exit exit y
How to upgrade a Junos OS device (With a USB)
From shell first you have to mount the USB drive, first thing to do here is to list all of the directly attached storage devices using both before you plug in your USB, and after so you can see how it changes:
ls /dev/da*
So once you have identified the device in this folder (might be something like /dev/da1s1) we then need to create a directory to mount our USB to. (The mount -t flag lets us specify the filesystem we want to mount it as. USB should be in FAT32 format, if it’s in NTFS it will need to be reformatted. – the msdosf tells the device it is in FAT32 format.)
mkdir /tmp/usb mount -t msdosfs /dev/da1s1 /tmp/usb
Make sure that the USB is mounted by typing: ls /tmp/usb and make a note of the software package filename.
Once that USB is mounted properly and you’ve confirmed the filename you will need to install the software from operational mode of the CLI using:
request system software add /tmp/usb/<Junos Package Filename>
If you are installing this software from an ftp server you can instead just run this command from operational mode:
request system software add ftp://username:password@X.X.X.X/filepath
Once Junos has done its checks, and confirmed that your config is compatible with the new version of Junos you are asked to reboot your system for the new image to take effect. This is done with the standard:
request system reboot
That should be it, once the device reboots it should be on the new version of Junos that you told it to update to.
Snapshots:
Once the device has been rebooted you can, should you desire, create a snapshot of they system and save it on the USB stick (reformatting it in the process – you can also save it to the internal flash but there’s often not a lot of storage on Junos devices). This will not work if the USB stick is mounted however (a reboot will sort that). So from operational mode run:
request system snapshot media usb