Synopses & Reviews
Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks.
Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat management, and WAN acceleration. Junos Security is a clear and detailed roadmap to the SRX product lines.
- Get up to speed on Junipers multi-function SRX platforms and SRX Junos software
- Explore case studies and troubleshooting tips from engineers with extensive SRX experience
- Become familiar with SRX security policy, Network Address Translation, and IPSec VPN configuration
- Learn about routing fundamentals and high availability with SRX platforms
- Discover what sets SRX apart from typical firewalls
- Understand the operating system that spans the entire Juniper Networks networking hardware portfolio
- Learn about the more commonly deployed branch series SRX as well as the large Data Center SRX firewalls
"I know these authors well. They are out there in the field applying the SRX's industry-leading network security to real world customers everyday. You could not learn from a more talented team of security engineers."
--Mark Bauhaus, EVP and General Manager, Juniper Networks
Whether your network is a complex carrier or just a few machines supporting a small enterprise, JUNOS High Availability will help you build reliable and resilient networks that include Juniper Networks devices. With this book's valuable advice on software upgrades, scalability, remote network monitoring and management, high-availability protocols such as VRRP, and more, you'll have your network uptime at the five, six, or even seven nines -- or 99.99999% of the time.
Rather than focus on "greenfield" designs, the authors explain how to intelligently modify multi-vendor networks. You'll learn to adapt new devices to existing protocols and platforms, and deploy continuous systems even when reporting scheduled downtime. JUNOS High Availability will help you save time and money.
- Manage network equipment with Best Common Practices
- Enhance scalability by adjusting network designs and protocols
- Combine the IGP and BGP networks of two merging companies
- Perform network audits
- Identify JUNOScripting techniques to maintain high availability
- Secure network equipment against breaches, and contain DoS attacks
- Automate network configuration through specific strategies and tools
This book is a core part of the Juniper Networks Technical Library™.
Whether a business's network is a complex carrier network or just a few machines supporting a small enterprise, "JUNOS High Availability" can help developers to build reliable and resilient networks that won't fall prey to costly outages.
This book teaches engineers how to build extremely reliable networks that won't fall prey to costly outages, by addressing both Juniper and Cisco equipment. Whether a business network comprises just a few machines or a complex enterprise system, network outages cost valuable time and money. This book offers valuable advice for building reliable networks, from the smallest offices to the largest carriers. It addresses software upgrades, remote network monitoring and management, high-availability protocols such as VRRP, scalability, and much more.
About the Author
James Sonderegger (JNCIE-M #130, JNCIS-FWV, JNCIS-ER, and Juniper Certified Instructor) holds a MS in IT Management and is a Resident Engineer Manager on Juniper Networks' Professional Services Team. James spent five years as an Engineer in Residence for Federal customers and has been in the networks industry for the last twelve years. His former employers include The Analysis Corporation (TAC), Ericsson IP Infrastructure, and Automated Data Processing. James was a co-author on "Juniper Networks Reference Guide. Routing, Configuration, and Architecture", ISBN 0201775921, Addison-Wesley Publishing, 2002.
Orin Blomberg (CCNP, CCSP, CCIP, CCVP, CCDP, JNCIS-M, JNCIS-FWV, JNCIS-ER, JNCIA-IDP, JNCI) is the technical lead for SSL VPNs and remote access at the Washington State Department of Information Service. His primary responsibilities include providing remote access and secure connectivity for state agencies, county, city governments, and tribal nation governments, as well as connectivity to federal agencies. His former employers include General Dynamics C4 Systems, Ericsson IP Infrastructure, and the US Army.
Kieran Milne (JNCIE-M #380, JNCIS-ER, JNCIA-WX, JNCIA-EX, JNCIA-E, JNCI, CCNA, Nortel NCTS) is a training developer and technical trainer within the Education Services department at Juniper Networks. With over ten years of experience in the networking industry, Kieran has taught all over the world, in both corporate and college settings. Before joining Juniper Networks, Kieran spent time at Nortel Networks and Alcatel. He is the author of the O'Reilly book JUNOS Networking Essentials, and contributes to exam development for the Juniper Networks Technical Certification Program. Kieran lives and works out of Canada.
Senad Palislamovic (JNCIE-M #145 and JNCIS-E) is a Professional Services Engineer at Juniper Networks, where he consults, designs, and implements MPLS enabled NGEN services for largest global ASPs and financial networks. He has also worked as a JTAC Engineer troubleshooting major ISPs' networks. Before JTAC, Senad held various network positions at Weber State University where he designed and implemented scalable network solutions. Senad holds B.S Degree in Telecommunications and IS&T from Weber State University and has over 10 years of experience in various enterprise and ISP networking technologies. He lives in New York with his wife Samera.
Table of Contents
Preface; What Is High Availability?; How to Use This Book; What's in This Book?; Conventions Used in This Book; Using Code Examples; Safari® Books Online; Comments and Questions; Acknowledgments; JUNOS HA Concepts; Chapter 1: High Availability Network Design Considerations; 1.1 Why Mention Cost in a Technical Book?; 1.2 A Simple Enterprise Network; 1.3 Redundancy and the Layered Model; 1.4 What Does It All Mean?; Chapter 2: Hardware High Availability; 2.1 Divide and Conquer; 2.2 Packet Flows; 2.3 Redundancy and Resiliency; Chapter 3: Software High Availability; 3.1 Software Architecture; 3.2 One OS to Rule Them; 3.3 Automation of Operations; Chapter 4: Control Plane High Availability; 4.1 Under the Hood of the Routing Engine; 4.2 Graceful Routing Engine Switchover; 4.3 Graceful Restart; 4.4 MPLS Support for Graceful Restart; 4.5 Non-Stop Active Routing; 4.6 Non-Stop Bridging; 4.7 Choosing Your High Availability Control Plane Solution; Chapter 5: Virtualization for High Availability; 5.1 Virtual Chassis in the Switching Control Plane; 5.2 Control System Chassis; JUNOS HA Techniques; Chapter 6: JUNOS Pre-Upgrade Procedures; 6.1 JUNOS Package Overview; 6.2 Pre-Upgrade Verifications; 6.3 Moving Services Away from a Router; Chapter 7: Painless Software Upgrades; 7.1 Snapshots; 7.2 Software Upgrades with Unified ISSU; 7.3 Software Upgrades Without Unified ISSU; 7.4 Snapshots Redux; 7.5 Image Upgrade Tweaks and Options; 7.6 J Series Considerations; Chapter 8: JUNOS Post-Upgrade Verifications; 8.1 Post-Upgrade Verification; 8.2 Fallback Procedures; 8.3 Applicability; Chapter 9: Monitoring for High Availability; 9.1 I Love Logs; 9.2 Simple Network Management Protocol; 9.3 Traffic Monitoring; Chapter 10: Management Interfaces; 10.1 A GUI for Junior Techs; 10.2 Mid-Level Techs and the CLI; 10.3 Deep Magic for Advanced Techs; Chapter 11: Management Tools; 11.1 JUNOScope; 11.2 Juniper AIS; 11.3 Partner Tools; Chapter 12: Managing Intradomain Routing Table Growth; 12.1 Address Allocation; 12.2 Address Aggregation; Chapter 13: Managing an Interdomain Routing Table; 13.1 Enterprise Size and Effective Management; 13.2 Border Gateway Protocol (BGP); Network Availability; Chapter 14: Fast High Availability Protocols; 14.1 Protocols for Optical Networks; 14.2 Rapid Spanning Tree Protocol; 14.3 Interior Gateway Protocols; 14.4 Bidirectional Forwarding Detection; 14.5 Virtual Router Redundancy Protocol; 14.6 MPLS Path Protection; Chapter 15: Transitioning Routing and Switching to a Multivendor Environment; 15.1 Industry Standards; 15.2 Multivendor Architecture for High Availability; 15.3 Routing Protocol Interoperability; Chapter 16: Transitioning MPLS to a Multivendor Environment; 16.1 Multivendor Reality Check; 16.2 MPLS Signaling for High Availability; 16.3 MPLS Transition Case Studies; Chapter 17: Monitoring Multivendor Networks; 17.1 Are You In or Out?; 17.2 SNMP Configuration; 17.3 Syslog Configuration; 17.4 Configuration Management; 17.5 Configuration for AAA; 17.6 JUNOS GUI Support; 17.7 What IS Normal?; Chapter 18: Network Scalability; 18.1 Hardware Capacity; 18.2 Network Scalability by Design; Chapter 19: Choosing, Migrating, and Merging Interior Gateway Protocols; 19.1 Choosing Between IS-IS and OSPF; 19.2 Migrating from One IGP to Another; 19.3 Merging Networks Using a Common IGP; Chapter 20: Merging BGP Autonomous Systems; 20.1 Planning the Merge; 20.2 Merging Our ASs Off; 20.3 Monitoring the Merge; Chapter 21: Making Configuration Audits Painless; 21.1 Why Audit Configurations?; 21.2 Configuration Auditing 101; 21.3 Auditing Configurations; 21.4 Performing and Updating Audits; Chapter 22: Securing Your Network Equipment Against Security Breaches; 22.1 Authentication Methods; 22.2 Hardening the Device; 22.3 Firewall Filters; Chapter 23: Monitoring and Containing DoS Attacks in Your Network; 23.1 Attack Detection; 23.2 Taking Action When a DoS Attack Occurs; 23.3 Attack Prevention; 23.4 Gathering Evidence; Chapter 24: Goals of Configuration Automation; 24.1 CLI Configuration Automation; 24.2 Automating Remote Configuration; Chapter 25: Automated Configuration Strategies; 25.1 Configuration Change Types; 25.2 Automation Strategies; Appendixes; System Test Plan; Physical Inspection and Power On; Check General System Status; Check Routing Engine and Storage Media; Test Optical Interfaces; Failover and Redundancy Tests; Final Burn-In Check; Configuration Audit; Audit Responsibilities; Audit Response Key; Audit Checklist; Audit Interval; High Availability Configuration Statements; Routing Engine and Switching Control Board; Graceful Routing Engine Switchover; Nonstop Bridging Statements; Nonstop Active Routing; Graceful Restart; VRRP; Unified In-Service Software Upgrade (ISSU); Colophon;