Junos Overview

Junos® OS
Overview for Junos OS
Published
2023-03-14
ii
Juniper Networks, Inc.

1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc.
in the United States and other countries. All other trademarks, service marks, registered marks, or registered service
marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.
Junos® OS Overview for Junos OS

Copyright © 2023 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related
limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use
with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License
Agreement ("EULA") posted at https://support.juniper.net/support/eula/. By downloading, installing or using such
software, you agree to the terms and conditions of that EULA.
iii
Table of Contents
About This Guide | ix
1 Understanding Junos OS
Junos OS Software Overview | 2
About the Overview for Junos OS | 2
Junos OS Overview | 3
Junos OS Architecture Overview | 5
Router Hardware Components | 7
Junos OS Routing Engine Components and Processes | 9
Junos OS Routing Processes | 11
Default Directories for Junos OS File Storage on the Network Device | 22
Junos OS Support for IPv4, IPv6, and MPLS Routing Protocols | 24
Junos OS Routing and Forwarding Tables | 26
Routing Policy Overview | 27
Junos OS Support for VPNs | 28
Configuring FIB Localization | 29
FIB Localization Overview | 29
Example: Configuring Packet Forwarding Engine FIB Localization | 30
Requirements | 31
Overview | 31
Configuration | 31
Verification | 34
Junos OS Security Overview | 38
Junos OS Features for Device Security | 38
Junos OS Default Settings for Device Security | 43
Junos OS Configuration Overview | 44

iv
Junos OS Configuration Basics | 44
Methods for Configuring Junos OS | 45
Junos OS Configuration from External Devices | 48
The Commit Model for Configurations | 48
Configuration Groups Overview | 50
2 Configuring and Administering Junos Devices

Configuring Junos Devices | 53
Initial Router or Switch Configuration Using Junos OS | 53
Configuring Junos OS for the First Time on a Device with a Single Routing Engine | 54
Configuring Junos OS for the First Time on a Device with Dual Routing Engines | 59
How to Improve Commit Time When Using Configuration Groups | 65
Creating and Activating a Candidate Configuration | 66
Format for Specifying IP Addresses, Network Masks, and Prefixes in Junos OS Configuration
Statements | 66
Format for Specifying Filenames and URLs in Junos OS CLI Commands | 67
Mapping the Name of the Router to IP Addresses | 68
Configuring Automatic Mirroring of the CompactFlash Card on the Hard Drive | 69
Using Junos OS to Specify the Number of Configurations Stored on the CompactFlash Card | 70
Back Up Configurations to an Archive Site | 71
Configure the Transfer of the Active Configuration | 71
Configuring Junos OS to Set Console and Auxiliary Port Properties | 73
Monitoring Junos Devices | 75
Junos OS Tools for Monitoring | 75
Tracing and Logging Junos OS Operations | 76
Understanding Dropped Packets and Untransmitted Traffic Using show Commands | 78
Log a User Out of the Device | 82
Managing Junos OS Processes | 83

v
Saving Core Files from Junos OS Processes | 83
Viewing Core Files from Junos OS Processes | 84
Disabling Junos OS Processes | 85
Configuring Failover to Backup Media If a Junos OS Process Fails | 85
Using Virtual Memory for Process Configuration Data | 86
3 Configuration Statements and Operational Commands

Configuration Statements | 88
backup-router | 89
commit (System) | 90
compress-configuration-files (System) | 93
configuration-database | 95
domain-name | 98
domain-search | 99
fib-local | 101
fib-remote | 102
filter | 103
host-name | 104
inet6-backup-router | 105
location (System) | 107
memory-enhanced | 109
management-instance | 110
max-configurations-on-flash | 112
mirror-flash-on-disk | 113
name-server (System Services) | 115
non-subscriber-no-reply | 117
no-route-localize | 118
vi
pic-console-authentication | 119
port (Syslog) | 121
ports | 122
processes | 124
proxy (System) | 126
redundancy-interface-process | 127
root-authentication | 129
route (chassis) | 131
route-localization | 132
routing (System Processes) | 133
saved-core-context | 135
saved-core-files | 137
static-host-mapping | 138
vpn-label | 140
File Management Commands | 142
file archive | 142
file compare | 146
file copy | 149
file list | 153
file rename | 156
file show | 158
System Software Administrative Commands | 161
clear system reboot | 162
request flight-recorder set high-cpu | 166
request message | 169
request system configuration database resize | 171

vii
request system halt | 174
request system logout | 181
request system partition abort | 183
request system partition hard-disk | 186
request system power-off | 190
request system process terminate | 197
request system reboot (Junos OS) | 198
request system snapshot (Junos OS) | 209
request system software abort | 220
request system software add (Junos OS) | 223
request system zeroize (Junos OS) | 241
show chassis hardware | 245
show flight-recorder status | 273
show host | 276
show log | 278
show system connections | 285
show system name-resolution | 294
show version (Junos OS) | 297
start shell | 300
System Software Monitoring Commands | 303
show fib-local-accounting ip | 304
show system commit | 305
show system configuration database usage | 310
show system information | 312
show system processes | 313
show system queues | 332

viii
show system reboot | 338
show system snapshot (Junos OS) | 343
show system software | 347
show system statistics | 352
show system storage | 372
show system switchover | 380
show system uptime | 390
show system virtual-memory | 397
show task | 410
show task io | 414
show task logical-system-mux | 417
show task memory | 420
show task replication | 426

ix
About This Guide
Use this guide to get familiar with the various functions of Junos OS devices, and learn how to
configure, monitor, and manage them.
1 PART
Understanding Junos OS
Junos OS Software Overview | 2
Junos OS Security Overview | 38
Junos OS Configuration Overview | 44

2
CHAPTER 1
Junos OS Software Overview
IN THIS CHAPTER
About the Overview for Junos OS | 2
Configuring FIB Localization | 29
About the Overview for Junos OS
The Overview for Junos OS is intended to provide a technical and detailed exploration of Junos OS,
explaining both concepts and operational principles, as well as how to configure and use Juniper
Networks devices.
In this guide, we cover:
• Understanding Junos OS
• Security management
• Device configuration
• Device monitoring
3
• Managing network devices
• Using configuration statements and operational commands
For a basic introduction to Junos OS, see the Getting Started Guide for Junos OS. It provides a high-level
description of Junos OS, describes how to access devices, and provides simple step-by-step instructions
for initial device configuration.
For introductory and overview information specific to Junos OS Evolved, see Introducing Junos OS
Evolved. This guide will acquaint you with Junos OS Evolved, the next generation Junos OS, and explain
its strengths, similarities to, and differences from Junos OS.
To learn how to use the Junos OS command-line interface (CLI) and understand more advanced Junos
OS topics, see the CLI User Guide. This guide explains how to use the CLI, enter configuration
statements, manage configurations, and enter operational commands for monitoring Junos OS
networking devices.
RELATED DOCUMENTATION
CLI User Guide

Getting Started Guide for Junos OS
Introducing Junos OS Evolved
Junos OS Overview
Juniper Networks provides high-performance network devices that create a responsive and trusted
environment for accelerating the deployment of services and applications over a single network. The
Junos operating system (Junos OS) is the foundation of these high-performance networks. Unlike other
complex, monolithic software architectures, Junos OS incorporates key design and developmental
differences to deliver increased network availability, operational efficiency, and flexibility. These key
advantages are:
• One operating system
• Concurrent software releases
• Modular software architecture
One Operating System
Unlike other network operating systems that share a common name but splinter into many different
programs, Junos OS is a cohesive operating system that is supported across all devices and product
4
lines. This enables Juniper Networks engineers to develop software features once and share the features
across product lines simultaneously. Because features are common to a single source, generally these
features are implemented the same way for all of the product lines, reducing the training required to
learn different tools and methods for each product.
Concurrent Software Releases
Each new mainline version of Junos OS is released concurrently for all product lines. Each new Junos OS
release includes working features released in previous versions of the software and must achieve zero
critical regression errors. Any deprecated features or functions are not only announced, but any needed
workarounds or solutions are provided. This discipline ensures reliable operations for the entire release.
Modular Software Architecture
Although individual architecture modules of Junos OS communicate through well-defined interfaces,

each module runs in its own protected memory space, preventing one module from disrupting another.
It also enables the independent restart of each module as necessary. This is in contrast to monolithic
operating systems for which a malfunction in one module can ripple to other modules, possibly causing
a full system crash or restart. This modular Junos OS architecture provides a high level of performance,
high availability, security, and device scalability not found in other operating systems.
Generally, Junos OS is preinstalled on your Juniper Networks device when you receive it from the
factory. When you first power on the device, all software starts automatically. You then configure the
software so that the device can participate in your network. However, if needed, you can order Juniper
Networks devices without any software installed, for additional flexibility.
You can upgrade the device software as new features are added or software problems are fixed. You
obtain new software by downloading images from the Juniper Networks Support website onto your
device or another system on your local network, then install the software upgrade on the device.
Juniper Networks devices run only binaries supplied by Juniper Networks. Each Junos OS image
includes a digitally signed manifest of executables, which are registered with the system only if the
signature can be validated. Junos OS will not execute any binary without a registered fingerprint. This
feature protects the system against unauthorized software and activity that might compromise the
integrity of your network devices.

Junos OS Commit Model for Configurations
5

Junos OS Architecture Overview
IN THIS SECTION
Routing Process Architecture | 5
This topic provides an overview of the Junos OS routing process architecture:
Routing Process Architecture
The routing process is handled by the following two components (see Figure 1 on page 6):
• Routing Engine
• Packet Forwarding Engine
Because this architecture separates control operations such as routing updates and system management
from packet forwarding, the router can deliver superior performance and highly reliable Internet
operation.
6
Figure 1: Product Architecture
Packet Forwarding Engine
The Packet Forwarding Engine uses application-specific integrated circuits (ASICs) to perform Layer 2
and Layer 3 packet switching, route lookups, and packet forwarding. The Packet Forwarding Engine
forwards packets between input and output interfaces.
Routing Engine
The Routing Engine controls the routing updates and the system management. The Routing Engine
consists of routing protocol software processes running inside a protected memory environment on a
general-purpose computer platform. The Routing Engine handles all of the routing protocol processes
7
and other software processes that control the routers’ interfaces, some of the chassis components,
system management, and user access to the router. These routers and software processes run on top of
a kernel that interacts with the Packet Forwarding Engine.
The Routing Engine has these features:
• Routing protocol packets processing—All routing protocol packets from the network are directed to
the Routing Engine, and therefore do not unnecessarily delay the Packet Forwarding Engine.
• Software modularity—Software functions are in separate processes, so a failure of one process has
little or no effect on other software processes.
• In-depth IP functionality—Each routing protocol is implemented with a complete set of IP features

and provides full flexibility for advertising, filtering, and modifying routes. Routing policies are set
according to route parameters, such as prefix, prefix lengths, and Border Gateway Protocol (BGP)
attributes.
• Scalability—Junos OS routing tables are designed to hold all the routes used in current and near-
future networks. Additionally, Junos OS can efficiently support large numbers of interfaces and
virtual circuits.
• Storage and change management—Configuration files, system images, and microcode are held and
maintained in one primary and two secondary storage systems, permitting local or remote upgrades.
• Monitoring efficiency and flexibility—Alarms are generated and packets are counted without
adversely affecting packet forwarding performance.
The Routing Engine constructs and maintains one or more routing tables. From the routing tables, the
Routing Engine derives a table of active routes, called the forwarding table, which is then copied into the
Packet Forwarding Engine. The forwarding table in the Packet Forwarding Engine can be updated
without interrupting the router’s forwarding.
Router Hardware Components
Junos OS runs on all Juniper Networks devices, including both routers and switches. This section
focuses specifically on router hardware components.
Table 1 on page 8 lists the major hardware components in each router series.
8
NOTE: The ACX Series router is a single-board router with a built-in Routing Engine and one
Packet Forwarding Engine. The “pseudo” FPCs and PICs are described in ACX2000 and
ACX2100 Routers Hardware and CLI Terminology Mapping.
Table 1: Major Router Hardware Components
M Series MX Series T Series PTX Series J Series
Routing Engines X X X X X
Control Board X X X
Switch Interface Board (SIB) X X X
Forwarding Engine Board (FEB) X
Power Supply X X X X X
Cooling System X X X X X
Dense Port Concentrators (DPC) X
Switch Control Board (SCB) X
Flexible PIC Concentrators (FPC) X X X X
Physical Interface Module (PIM) X
Physical Interface Card (PIC) X X X X
Flexible PIC Concentrators (FPCs) are each populated by PICs for various interface types. On some
routers, the PICs are installed directly in the chassis.
For information about specific components in your router, refer to its hardware guide.
9
Junos OS Routing Engine Components and Processes
IN THIS SECTION
Routing Engine Kernel | 9
Initialization Process | 10
Management Process | 10
Process Limits | 10
Routing Protocol Process | 10
Interface Process | 10
Chassis Process | 11
SNMP and MIB II Processes | 11
Junos OS also runs on the Routing Engine. Junos OS consists of software processes that support
Internet routing protocols, control router interfaces and the router chassis, enable router system
management, and much more. Junos OS processes run on top of a kernel, which enables communication
between processes and provides a direct link to the Packet Forwarding Engine software. Junos OS can
be used to configure routing protocols and router interface properties, as well as to monitor and
troubleshoot protocol and network connectivity problems.
The Routing Engine software consists of several software processes that control router functionality and
a kernel that provides the communication among the processes. Following is a listing of the major
Routing Engine-related processes.
Routing Engine Kernel
The Routing Engine kernel provides the underlying infrastructure for all Junos OS processes, including
providing the link between the routing tables and the Routing Engine’s forwarding table. The kernel is
also responsible for all communication with the Packet Forwarding Engine, which includes keeping the
Packet Forwarding Engine’s copy of the forwarding table synchronized with the master copy in the
Routing Engine.
10
Initialization Process
When the device boots, an initialization process (init) starts and monitors all the other software
processes.
If a software process terminates or fails to start when called, the init process attempts to restart it a
limited number of times and logs any failure information for further investigation.
Management Process
The management process (mgd) manages the configuration of the router and all user commands. The
management process is responsible for notifying other processes when a new configuration is
committed. A dedicated management process handles Junos XML protocol XML requests from its client,
which might be the CLI or any Junos XML protocol client.
Process Limits
There are limits to the total number of Junos OS processes that can run simultaneously on a device.
There are also limits set for the maximum number of iterations of any single process. The limit for
iterations of any single process can only be reached if the limit of overall system processes is not
exceeded.
Access methods such as telnet and SSH spawn multiple system processes for each session created. For
this reason, it might not be possible to simultaneously support the maximum number of access sessions
for multiple services.
Routing Protocol Process
Within Junos OS, the routing protocol process (rpd) controls the routing protocols that run on the
device. The rpd process starts all configured routing protocols and handles all routing messages. It
maintains one or more routing tables, which consolidate the routing information learned from all routing
protocols. From this routing information, the routing protocol process determines the active routes to
network destinations and installs these routes into the Routing Engine’s forwarding table. Finally, rpd
implements routing policy, which enables you to control the routing information that is transferred
between the routing protocols and the routing table. Using routing policy, you can filter and limit the
transfer of information as well as set properties associated with specific routes.
Interface Process
The Junos OS interface process enables you to configure and control the physical interface devices and
logical interfaces present in a network device. You can configure interface properties such as the
interface location, for example, in which slot the Flexible PIC Concentrator (FPC) is installed and in
11
which location on the FPC the Physical Interface Card (PIC) is installed, as well as the interface
encapsulation and interface-specific properties. You can configure the interfaces currently present in the
device, as well as interfaces that are not present but that you might add later.
The Junos OS interface process communicates through the Junos OS kernel with the interface process
in the Packet Forwarding Engine, enabling Junos OS to track the status and condition of the network
device’s interfaces.
Chassis Process
The Junos OS chassis process (chassisd) enables you to configure and control the properties of the
device, including conditions that trigger alarms. The chassisd on the Routing Engine communicates
directly with its peer processes running on the Packet Forwarding Engine.
SNMP and MIB II Processes
Junos OS supports the Simple Network Management Protocol (SNMP), which helps administrators
monitor the state of a device. The software supports SNMP version 1 (SNMPv1), version 2 (SNMPv2,
also known as version 2c, or v2c), and version 3 (SNMPv3). The Junos OS implementation of SNMP
does not include any of the security features that were originally included in the IETF SNMP drafts but
were later dropped. The SNMP software is controlled by the Junos OS SNMP and Management
Information Base II (MIB II) processes, which consist of an SNMP master agent and various subagents.
Junos OS Routing Processes
Junos OS consists of multiple processes that run on different platforms and have unique functions. The
separation of functions provides operational stability, because each process accesses its own protected
memory space. This section provides a brief overview of Junos OS routing-specific processes.
As an example, Table 2 on page 12 describes the processes that run on MX Series 5G Universal
Routing Platforms.
12
Table 2: Junos OS Processes on MX Series Platform
Process Name Description
Clksync process (RE) clksyncd Defines the operation of synchronous Ethernet and
Precision Time Protocol (PTP) on a Juniper Networks
MX Series router. The operation includes
communication with the Packet Forwarding Engine
(clock-sync module) to program and process clock
events from the EEC clock.
Operates the PTP stack, exchanges packets, and

handles the configuration changes for the modular
MX Series (MX80).
Controls the configuration and monitoring of the

overall operation of the PTP functionality for chassis-
based MX Series platforms (MX240, MX480, and so
on).
Clock-sync process (PFE) clock-sync Programs and monitors the modular interface card
(MIC), the CPLD, and the EEC clock. Peer of the
clksyncd process module.
Captures all PTP and Synchronous Ethernet statistics

on the Packet Forwarding Engine and provides them
to the Routing Engine.
Interchassis communication iccpd Exchanges proprietary Junos OS messages between

process two Juniper Networks MX Series routers that take
part in a multichassis link aggregation group (LAG).
Statistics agent process stats-agentd Acts as a relay process to collect interface statistics
for all software development kit (SDK) applications.
Interacts with the pfed process to collect the logical

interface statistics for SDK applications.
Table 3 on page 13 lists other processes that are common across Junos OS routing platforms.
13
Table 3: Junos OS Routing-Specific Processes
Adaptive services adaptive-services Manages the configuration for stateful firewall,

process Network Address Translation (NAT), intrusion
detection service (IDS), and IP Security (IPsec)
services on the Adaptive Services PIC.
Alarm control process alarm-control Configures the system alarm.
Access Node Control ancpd-service Works with a special Internet Group Management
Protocol (ANCP) Protocol (IGMP) session to collect outgoing interface
process mapping events in a scalable manner.
Application application-identification Identifies an application using intrusion detection

identification process and prevention (IDP) to allow or deny traffic based
on applications running on standard or nonstandard
ports.
RADIUS accounting audit-process Gathers statistical data that can be used for general
process network monitoring, analyzing, and tracking usage
patterns, for billing a user based upon the amount of
time or type of services accessed.
Auto-configuration auto-configuration Configures interfaces automatically.

process
Boot process bootp Enables a router, switch, or interface to act as a

Dynamic Host Configuration Protocol (DHCP) or
bootstrap protocol (BOOTP) relay agent. DHCP
relaying is disabled.
Captive portal captive-portal-content-delivery Specifies the location to which a subscriber's initial

content delivery Internet browser session is redirected, enabling
process initial provisioning and service selection for the
subscriber.
14
Table 3: Junos OS Routing-Specific Processes (Continued)
Universal Edge Layer ce-l2tp-service (M10, M10i, M7i, and MX Series routers only)
2 Tunneling Protocol Establishes L2TP tunnels and Point-to-Point
process Protocol (PPP) sessions through L2TP tunnels.
Ethernet OAM cfm Monitors the physical link between two switches.
connectivity fault
management process
Chassis control chassis-control Manages the chassis.

process
Class of service class-of-service Controls the network device’sCoS configuration.

process
Ethernet clock clksyncd-service Uses Synchronous Ethernet (SyncE) for external

synchronization clock synchronization .
process
Craft interface I/O craft-control Controls the I/O of the craft interface.
control process
Database replication database-replication (EX Series switches and MX Series routers only)
process Manages the replication of updates from the
primary to the client in the database management
system.
Datapath trace datapath-trace-service Traces the path taken by the packet through the
process network.
Dynamic Host dhcp-service (EX Series switches and MX Series routers only)
Configuration Enables a DHCP server to allocate network IP
Protocol process addresses and deliver configuration settings to client
hosts without user intervention.
15
Diameter process diameter-service Implements the Diameter protocol which uses the
Transmission Control Protocol (TCP) and Stream
Control Transmission Protocol (SCTP) instead of
User Datagram Protocol (UDP), for monitoring the
network.
Disk monitoring disk-monitoring Checks the health of the hard drive on the Routing
process Engine.
Dynamic flow dynamic-flow-capture Controls the DFC configurations on Monitoring

capture (DFC) Services III PICs.
process
ECC parity errors ecc-error-logging Logs the ECC parity errors into the memory on the
logging process Routing Engine.
Connectivity fault ethernet-connectivity- Provides IEEE 802.1ag OAM CFM database

management (CFM) fault-management information for CFM maintenance association end
process points (MEPs) in a CFM session.
Ethernet OAM Link- ethernet-link-fault-management (EX Series switches and MX Series routers only)
Fault-Management Provides the OAM link fault management (LFM)
process information for Ethernet interfaces.
Event processing event-processing Configures the application to handle all generated

process events.
or
eventd
Firewall process firewall Manages the firewall configuration and enables

accepting or rejecting packets that are transiting an
interface on a device.
16
General general-authentication-service (EX Series switches and MX Series routers only)

authentication Manages general authentication of a user.
process
Inter-Chassis iccp-service Synchronizes data within a set of two (or more) PEs
Communication that form a redundancy group (RG).
Protocol (ICCP)
process
IDP policy process idp-policy Enables various attack detection and prevention
techniques on traffic traversing the network.
Integrated Local ilmi Provides bidirectional exchange of management

Management information between two Asynchronous Transfer
Interface process Mode (ATM) interfaces across a physical connection.
Inet process inet-process Configures the IP multicast family.
Init process init Initializes the USB modem.
Interface control interface-control Controls the router's or switch’s physical interface

process devices and logical interfaces.
Kernel replication kernel-replication Replicates the state of the backup Routing Engine
process when graceful Routing Engine switchover (GRES) is
configured.
17
Layer 2 address l2-learning Enables a network device to:

flooding and learning
process • Learn unicast media access control (MAC)
addresses to avoid flooding the packets to all the
ports in a bridge domain.
• Create a source MAC entry in its source and

destination MAC tables for each MAC address
learned from packets received on ports that
belong to the bridge domain.
Layer 2 Control l2cpd-service Enables features such as Layer 2 protocol tunneling

Protocol process and nonstop bridging.
Link Aggregation lacp The process:

Control Protocol
process • Provides a standardized means for exchanging
information between partner systems on a link.
• Allows the link aggregation control instances to

reach agreement on the identity of the Link
Aggregation Group (LAG) to which the link
belongs, and then to move the link to that LAG.
• Enables the transmission and reception

processes for the link to function in an orderly
manner.
Link management link-management Manages traffic engineering links.

process
Local policy decision local-policy-decision-function Regulates the collection of statistics related to

function process applications and application groups and tracking of
information about dynamic subscribers and static
interfaces.
18
Logical system logical-system-mux Manages multiple instances of the routing protocols

multiplexer process process (rpd) on a machine running logical routers.
or
lrmuxd
MAC validation mac-validation Configures MAC address validation that enables a

process network device to validate if received packets
contain a trusted IP source and an Ethernet MAC
source address.
Management mib-process Provides the device's MIB II agent.

Information Base II
process
Mobile IP process mobile-ip Configures Junos OS Mobile IP features.
NFS mount requests mountd-service (Some EX Series switches and MX Series routers
process only) Completes internal NFS mount requests for
MS-PIC and MS-MPC.
MPLS Periodic mpls-traceroute Enables tracing of forwarding equivalence classes

Traceroute process (FECs) for LDP Layered Service Providers (LSPs).
Multiservice process mspd Configures multiservice edge routers.
Multicast Snooping multicast-snooping (EX Series switches and MX Series routers only)
process Makes Layer 3 information, such as the MAC
addresses of members of a multicast group, known
to Layer 2 devices, such as VLAN switches.
DNS server process named-service Enables a device to resolve hostnames into

addresses.
19
Bidirectional neighbor-liveness Displays the process that specifies the maximum

Forwarding Detection length of time that the device waits for its neighbor
(BFD) process to re-establish an LDP session.
Remote NFS server nfsd-service Provides remote file access for applications that
process need NFS-based transport.
Network time ntp Provides the mechanisms to synchronize time and

process coordinate time distribution in a large, diverse
network.
Packet-triggered packet-triggered-subscribers Enables the application of policies to dynamic

dynamic subscribers subscribers that are controlled by a subscriber
and policy control termination device.
(PTCP) process
Peer selection service peer-selection-service Enables peer selection.

process
Periodic packet periodic-packet-services Processes a variety of time-sensitive periodic tasks

management process so that other processes can more optimally direct
their resources.
Packet Forwarding pfed Gathers and reports Packet Forwarding Engine

Engine process statistics.
Packet gateway pgcp-service Configures the Packet Gateway Control Protocol

service process (PGCP) that is required for the border gateway
or function (BGF) feature.
pgcpd
Pragmatic General pgm Enables a reliable transport layer for multicast

Multicast process applications.
20
PIC services logging pic-services-logging Enables PICs to send special logging information to
process the Routing Engine for archiving on the hard drive.
or
fsad (the file system access

daemon)
Point-to-Point ppp Enables transporting IP traffic across point-to-point

Protocol (PPP) links.
process
Universal edge PPP ppp-service Enables transporting IP traffic across universal edge
process routers.
Point-to-Point pppoe Allows users to connect to a network of hosts over a

Protocol over bridge or access concentrator.
Ethernet process
Process health process-monitor Extends the SNMP RMON alarm infrastructure to

monitor process provide predefined monitoring for a selected set of
or object instances (such as file system usage, CPU
usage, and memory usage) and dynamic object
pmond
instances (such as Junos OS processes).
NOTE: The process health monitor process is

enabled by default on the Routing Engines of MX
Series routers, even when no service interfaces are
configured. To disable this process, include the
disable statement at the [edit system processes
process-monitor] hierarchy level.
Redundancy interface redundancy-interface-process Serves as an active or backup process of an

management process application server and can be configured to process
traffic for more than one logical application server.
Remote operations remote-operations Provides the ping and traceroute MIBs.

process
21
Resource cleanup resource-cleanup Enables cleaning of resources by entities other than

process the application itself.
Routing process routing Directs forwarding on the basis of routing tables,

which maintain a record of the routes to various
network destinations.
Traffic sampling sampling Performs packet sampling based on particular input

control process interfaces and various fields in the packet header.
Session Border sbc-configuration-process Configures the session border controller

Control (SBC) functionality that enables delivery of voice, video,
configuration process and other multimedia services with assured quality
and security.
SDK service process sdk-service Runs on the Routing Engine and enables
communication between the SDK application and
Junos OS. Although the SDK service process is
present on the router, it is turned off by default.
Secure Neighbor secure-neighbor-discovery (EX Series switches and MX Series routers only)
Discovery (SND) Provides support for protecting NDP messages.
or
protocol process
send
Service Deployment service-deployment Enables Junos OS to work with the Session and
System (SDX) process Resource Control (SRC) software.
Simple Network snmp Enables the monitoring of network devices from a

Management central location, and provides the device’s SNMP
Protocol (SNMP) primary agent.
process
22
SONET Automatic sonet-aps Monitors any SONET interface that participates in

Protection Switching APS.
(APS) process
Static subscribers static-subscribers Associates subscribers with statically configured

process interfaces, and provides dynamic service activation
and activation for these subscribers.
Tunnel OAM process tunnel-oamd Enables the Operations, Administration, and

Maintenance of Layer 2 tunneled networks.
Virtual Router vrrp (EX Series switches and MX Series routers only)
Redundancy Protocol Enables hosts on a LAN to make use of redundant
(VRRP) process routing platforms on that LAN without requiring
more than the static configuration of a single default
route on the hosts.
Watchdog timer watchdog Enables the watchdog timer when Junos OS

process encounters a problem.
Default Directories for Junos OS File Storage on the Network Device
IN THIS SECTION
Directories on the Logical System | 23
Generally, Junos OS files are stored in the following directories on the device:
• /altconfig—When you back up the currently running and active file system partitions on the device to
standby partitions using the request system snapshot command, the /config directory is backed up to /
23
altconfig. Normally, the /config directory is on the CompactFlash card and /altconfig is on the hard
disk.
• /altroot—When you back up the currently running and active file system partitions on the router to
standby partitions using the request system snapshot command, the root file system (/) is backed up to /
altroot. Normally, the root directory is on the CompactFlash card and /altroot is on the hard drive.
• /config—This directory is located on the primary boot device, that is, on the permanent storage from
which the device booted (generally the CompactFlash card (device wd0) or internal flash storage).
This directory contains the current operational router or switch configuration and the last three
committed configurations, in the files juniper.conf, juniper.conf.1, juniper.conf.2, and juniper.conf.3,
respectively.
• /var—This directory is located either on the hard drive (device wd2) or internal flash storage. It
contains the following subdirectories:
• /home—Contains users’ home directories, which are created when you create user access
accounts. For users using SSH authentication, their .ssh file, which contains their SSH key, is
placed in their home directory. When a user saves or loads a configuration file, that file is loaded
from the user’s home directory unless the user specifies a full pathname.
• /db/config—Contains up to 46 additional previous versions of committed configurations, which

are stored in the files juniper.conf.4.gz through juniper.conf.49.gz.
• /log—Contains system log and tracing files.
• /tmp—Contains core files. The software saves up to five core files, numbered from 0 through 4.
File number 0 is the oldest core file and file number 4 is the newest core file. To preserve the
oldest core files, the software overwrites the newest core file, number 4, with any subsequent
core file.
Each device ships with removable media (device wfd0) that contains a backup copy of Junos OS.
Directories on the Logical System
In addition to saving the configuration of logical systems in the current juniper.conf file, each logical
system has an individual directory structure created in the /var/logical-systems/logical-system-name
directory.
The /var/logical-systems/logical-system-name directory contains the following subdirectories:
• /config—Contains the current operational configuration specific to the logical system.
• /log—Contains system log and tracing files specific to the logical system.
24
To maintain backward compatibility for the log files with previous versions of Junos OS, a symbolic
link (symlink) from the /var/logs/logical-system-name directory to the /var/logical-systems/logical-
system-name directory is created when a logical system is configured.
• /tmp—Contains temporary files specific to the logical system.
This file system for each logical system enables logical system users to view trace logs and modify logical
system files. Logical system administrators have full access to view and modify all files specific to the
logical system.
Logical system users and administrators can save and load configuration files at the logical-system
hierarchy level using the save and load configuration mode commands. In addition, they can also issue the
show log, monitor, and file operational mode commands at the logical-system hierarchy level.
Junos OS Support for IPv4, IPv6, and MPLS Routing Protocols
Junos OS implements full IP routing functionality, providing support for IP version 4 and IP version 6
(IPv4 and IPv6, respectively). The routing protocols are fully interoperable with existing IP routing
protocols, and they have been developed to provide the scale and control necessary for the Internet
core.
Junos OS supports the following unicast routing protocols:
• BGP—Border Gateway Protocol version 4 is an EGP that guarantees loop-free exchange of routing
information between routing domains (also called autonomous systems). BGP, in conjunction with
Junos OS routing policies, provides a system of administrative checks and balances that can be used
to implement peering and transit agreements.
• ICMP—Internet Control Message Protocol router discovery enables hosts to discover the addresses
of operational routers on the subnet.
• IS-IS—Intermediate System to Intermediate System is a link-state IGP for IP networks that uses the
SPF algorithm, which also is referred to as the Dijkstra algorithm, to determine routes. The Junos OS
supports a new and complete implementation of the protocol, addressing issues of scale,
convergence, and resilience.
25
• OSPF—Open Shortest Path First is an IGP that was developed for IP networks by the Internet
Engineering Task Force (IETF). OSPF is a link-state protocol that makes routing decisions based on
the SPF algorithm.
OSPF Version 2 supports IPv4. OSPF Version 3 supports IPv6. The fundamental mechanisms of
OSPF such as flooding, designated router (DR) election, area-based topologies, and the SPF
calculations remain unchanged in OSPF Version 3. Some differences exist either because of changes
in protocol semantics between IPv4 and IPv6, or because of the need to handle the increased
address size of IPv6.
• RIP—Routing Information Protocol version 2 is a distance-vector IGP for IP networks based on the
Bellman-Ford algorithm. RIP dynamically routes packets between a subscriber and a service provider
without the subscriber having to configure BGP or to participate in the service provider’s IGP
discovery process.
Junos OS also provides the following routing and Multiprotocol Label Switching (MPLS) applications
protocols:
• Unicast routing protocols:
• BGP
• ICMP
• IS-IS
• OSPF Version 2
• RIP Version 2
• Multicast routing protocols:
• DVMRP—Distance Vector Multicast Routing Protocol is a dense-mode (flood-and-prune)

multicast routing protocol.
• IGMP—Internet Group Management Protocol versions 1 and 2 are used to manage membership in
multicast groups.
• MSDP—Multicast Source Discovery Protocol enables multiple Protocol Independent Multicast

(PIM) sparse mode domains to be joined. A rendezvous point (RP) in a PIM sparse mode domain
has a peer relationship with an RP in another domain, enabling it to discover multicast sources
from other domains.
• PIM sparse mode and dense mode—Protocol-Independent Multicast is a multicast routing

protocol. PIM sparse mode routes to multicast groups that might span wide-area and interdomain
internets. PIM dense mode is a flood-and-prune protocol.
26
• SAP/SDP—Session Announcement Protocol and Session Description Protocol handle conference

session announcements.
• MPLS applications protocols:
• LDP—The Label Distribution Protocol provides a mechanism for distributing labels in non-traffic-
engineered applications. LDP enables routers to establish label-switched paths (LSPs) through a
network by mapping network layer routing information directly to data-link layer switched paths.
LSPs created by LDP can also traverse LSPs created by the Resource Reservation Protocol (RSVP).
• MPLS—Multiprotocol Label Switching, formerly known as tag switching, enables you to manually
or dynamically configure LSPs through a network. It lets you direct traffic through particular paths
rather than rely on the IGP least-cost algorithm to choose a path.
• RSVP—The Resource Reservation Protocol version 1 provides a mechanism for engineering

network traffic patterns that is independent of the shortest path decided upon by a routing
protocol. RSVP itself is not a routing protocol; it operates with current and future unicast and
multicast routing protocols. The primary purpose of RSVP is to support dynamic signaling for
MPLS LSPs.
Junos OS Overview
Junos OS Routing and Forwarding Tables
A major function of the Junos OS routing protocol process is to maintain the Routing Engine’s routing
tables and use these tables to determine the active routes to network destinations. The routing protocol
process then installs these routes into the Routing Engine’s forwarding table. The Junos OS kernel then
copies this forwarding table to the Packet Forwarding Engine.
The routing protocol process maintains multiple routing tables. By default, it maintains the following
three routing tables. You can configure additional routing tables to suit your requirements.
• Unicast routing table—Stores routing information for all unicast routing protocols running on the
router. BGP, IS-IS, OSPF, and RIP all store their routing information in this routing table. You can
configure additional routes, such as static routes, to be included in this routing table. BGP, IS-IS,
OSPF, and RIP use the routes in this routing table when advertising routing information to their
neighbors.
27
• Multicast routing table (cache)—Stores routing information for all the running multicast protocols.
DVMRP and PIM both store their routing information in this routing table, and you can configure
additional routes to be included in this routing table.
• MPLS routing table—Stores MPLS path and label information.
With each routing table, the routing protocol process uses the collected routing information to
determine active routes to network destinations.
For unicast routes, the routing protocol process determines active routes by choosing the most
preferred route, which is the route with the lowest preference value. By default, the route’s preference
value is simply a function of how the routing protocol process learned about the route. You can modify
the default preference value using routing policy and with software configuration parameters.
For multicast traffic, the routing protocol process determines active routes based on traffic flow and
other parameters specified by the multicast routing protocol algorithms. The routing protocol process
then installs one or more active routes to each network destination into the Routing Engine’s forwarding
table.
Routing Policy Overview
By default, all routing protocols place their routes into the routing table. When advertising routes, the
routing protocols by default advertise only a limited set of routes from the routing table. Specifically,
each routing protocol exports only the active routes that were learned by that protocol. In addition, the
interior gateway protocols (IS-IS, OSPF, and RIP) export the direct (interface) routes for the interfaces on
which they are explicitly configured.
You can control the routes that a protocol places into each table and the routes from that table that the
protocol advertises. You do this by defining one or more routing policies and then applying them to the
specific routing protocol.
Routing policies applied when the routing protocol places routes into the routing table are referred to as
import policies because the routes are being imported into the routing table. Policies applied when the
routing protocol is advertising routes that are in the routing table are referred to as export policies
because the routes are being exported from the routing table. In other words, the terms import and
export are used with respect to the routing table.
28
A routing policy enables you to control (filter) which routes a routing protocol imports into the routing
table and which routes a routing protocol exports from the routing table. A routing policy also enables
you to set the information associated with a route as it is being imported into or exported from the
routing table. Filtering imported routes enables you to control the routes used to determine active
routes. Filtering routes being exported from the routing table enables you to control the routes that a
protocol advertises to its neighbors.
A defined routing policy specifies the conditions to use to match a route and the action to perform on
the route when a match occurs. For example, when a routing table imports routing information from a
routing protocol, a routing policy might modify the route’s preference, mark the route with a color to
identify it and allow it to be manipulated later, or prevent the route from even being installed in a
routing table. When a routing table exports routes into a routing protocol, a policy might assign metric
values, modify the BGP community information, tag the route with additional information, or prevent
the route from being exported altogether. You also can define policies for redistributing the routes
learned from one protocol into another protocol.

Junos OS Support for VPNs
Junos OS supports several types of virtual private networks (VPNs), including:
• Layer 2 VPNs link a set of sites that share routing information, and whose connectivity is controlled
by a collection of policies. A Layer 2 VPN is not aware of routes within your network. It simply
provides private links between sites over the service provider’s existing public Internet backbone.
• Layer 3 VPNs are the same as a Layer 2 VPN, but it is aware of routes within your network, requiring
more configuration on the part of the service provider than a Layer 2 VPN. The sites that make up a
Layer 3 VPN are connected over a service provider’s existing public Internet backbone.
• An Ethernet VPN (EVPN) enables you to connect dispersed customer sites using a Layer 2 virtual
bridge. As with other types of VPNs, an EVPN consists of customer edge (CE) devices (host, router,
or switch) connected to provider edge (PE) routers. The PE routers can include an MPLS edge switch
(MES) that acts at the edge of the MPLS infrastructure. Either an MX Series 5G Universal Routing
Platform or a standalone switch can be configured to act as an MES. You can deploy multiple EVPNs
within a service provider network, each providing network connectivity to a customer while ensuring
that the traffic sharing on that network remains private.
29
• Interprovider VPNs supply connectivity between two VPNs in separate autonomous systems (ASs).
This functionality can be used by a VPN user with connections to several Internet service providers
(ISPs), or different connections to the same ISP in various geographic regions.
• Carrier-of-carrier VPNs allow a VPN service provider to supply VPN service to a someone who is also
a service provider. The latter service provider supplies Internet or VPN service to an end user.
Configuring FIB Localization
IN THIS SECTION
FIB Localization Overview | 29
FIB Localization Overview

On Juniper Networks devices, the forwarding table on the Packet Forwarding Engine, also referred to as
forwarding information base (FIB), maintains the complete set of active IPv4 (inet) and IPv6 (inet6)
routes. In Junos OS Release 11.4 and later, you can configure FIB localization for a Packet Forwarding
Engine. FIB-localization characterizes Packet Forwarding Engines in a router as either “FIB-remote” or
“FIB-local”.
FIB-local Packet Forwarding Engines install all routes from the default inet and inet6 route tables into
the Packet Forwarding Engine forwarding hardware. FIB-remote Packet Forwarding Engines do not
install all the routes for the inet and inet6 routing tables. However, they do maintain local and multicast
routes.
FIB-remote Packet Forwarding Engines create a default (0/0) route in the Packet Forwarding Engine
forwarding hardware for the inet and inet6 table. The default route references a next-hop or a unilist of
next-hops that identify the FIB-local Packet Forwarding Engines that can perform full IP table lookups
for received packets.
FIB-remote Packet Forwarding Engines forward received packets to the set of FIB-local Packet
Forwarding Engines. The FIB-local Packet Forwarding Engines then perform full IP longest-match lookup
30
on the destination address and forward the packet appropriately. The packet might be forwarded out of
an egress interface on the same FIB-local Packet Forwarding Engine that performed the lookup or an
egress interface on a different FIB-local or FIB-remote Packet Forwarding Engine. The packet might also
be forwarded out of an FPC where FIB localization is not configured. The packet might also be received
locally at the Routing Engine.
When FIB localization is configured on a router with some Flexible PIC Concentrators (FPCs) being FIB-
remote and some others being FIB-local, packets arriving on the interface of the FIB-remote FPC are
forwarded to one of the FIB-local FPCs for route lookup and forwarding.
The advantage of configuring FIB localization is that it enables upgrading the hardware forwarding table
capacity of FIB-local Packet Forwarding Engines while not requiring upgrades to the FIB-remote Packet
Forwarding Engines. In a typical network deployment, FIB-local Packet Forwarding Engines are core-
facing, while FIB-remote Packet Forwarding Engines are edge-facing. The FIB-remote Packet Forwarding
Engines also load-balance traffic over the available set of FIB-local Packet Forwarding Engines.
FIB localization is currently supported on specific Junos OS devices, including the T320, T640, T1600,
and MX Series routers. To see if your hardware supports FIB localization, see the Juniper Networks
Feature Explorer.
NOTE: On MX Series routers, you can configure multiservices Dense Port Concentrators (DPCs)
as FIB-remote. However, only Modular Port Concentrators (MPCs) can be configured as FIB-
local. FIB-localization is supported only for redundant link services intelligent queuing interfaces
that carry Multilink Point-to-Point Protocol (MLPPP) traffic.
Example: Configuring Packet Forwarding Engine FIB Localization
IN THIS SECTION
Requirements | 31
Overview | 31
Configuration | 31
Verification | 34
This example shows how to configure Packet Forwarding Engine FIB localization.
31
Requirements
Before you begin:
1. Configure device interfaces and loopback interface addresses.
2. Configure static routes.
3. Configure OSPF and OSPFv3 and make sure that OSPF adjacencies and OSPF routes to loopback
addresses are established.
This example uses the following hardware and software components:
• A T320, T640,T1600, or MX Series router.
• Junos OS Release 11.4 or later running on the router for T-Series routers. Junos OS Release 12.3 or
later running on the router for MX Series routers.
Overview
In this example, you configure the chassis for IPv4 and IPv6 routes and FIB localization on Router R0
and then configure the edge-facing Packet Forwarding Engines on FPC0 as fib-remote and the core-facing
Packet Forwarding Engines on FPC1 and FPC2 as fib-local. You then configure a routing policy named
fib-policy with the no-route-localize option to ensure that all routes from a specified route filter are
installed on the FIB-remote FPC.
Configuration
IN THIS SECTION
Procedure | 31
Procedure
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any
line breaks, change any details necessary to match your network configuration, and then copy and paste
the commands into the CLI at the [edit] hierarchy level.
32
NOTE: Configuring FIB local results in a reboot of the related line card to activate the changes.
R0
set chassis fpc 0 route-localization fib-remote

set chassis fpc 1 route-localization fib-local
set chassis fpc 2 route-localization fib-local
set chassis route-localization inet
set chassis route-localization inet6
set policy-options policy-statement fib-policy term a from route-filter 10.4.4.4/32 exact
set policy-options policy-statement fib-policy term a then no-route-localize
set policy-options policy-statement fib-policy term b from route-filter fec0:4444::4/128 exact
set policy-options policy-statement fib-policy term b then no-route-localize
set policy-options policy-statement fib-policy then accept
set routing-options forwarding-table export fib-policy
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For
information about navigating the Junos OS CLI, see the Junos OS CLI User Guide.
To configure Packet Forwarding Engine FIB localization:
1. Configure route localization or FIB localization for IPv4 and IPv6 traffic.
[edit chassis]
user@R0# set route-localization inet
user@R0# set route-localization inet6
2. Configure the Packet Forwarding Engine of an FPC as either fib-local or fib-remote.
[edit chassis]
user@R0# set fpc 0 route-localization fib-remote
user@R0# set fpc 1 route-localization fib-local
user@R0# set fpc 2 route-localization fib-local
33
3. Configure the routing policy by including the no-route-localize statement to enable the forwarding
table policy to mark route prefixes such that the routes are installed into forwarding hardware on the
FIB-remote Packet Forwarding Engines.
[edit policy-options]
user@R0# set policy-statement fib-policy term a from route-filter 10.4.4.4/32 exact
user@R0# set policy-statement fib-policy term a then no-route-localize
user@R0# set policy-statement fib-policy term b from route-filter fec0:4444::4/128 exact
user@R0# set policy-statement fib-policy term b then no-route-localize
user@R0# set policy-statement fib-policy then accept
4. Enable the routing policy in the forwarding table by configuring the forwarding table with the fib-
policy statement.
[edit routing-options]
user@R0# set forwarding-table export fib-policy
NOTE: At least, one Packet Forwarding Engine must be configured as fib-local for the commit
operation to be successful. If you do not configure fib-local for the Packet Forwarding Engine,
the CLI displays an appropriate error message and the commit fails.
Results
From configuration mode, confirm your configuration by entering the show chassis and show policy-options
commands. If the output does not display the intended configuration, repeat the instructions in this
example to correct the configuration.
user@R0# show chassis

fpc 0 {
route-localization fib-remote;
}
fpc 1 {
route-localization fib-local;
}
fpc 2 {
route-localization fib-local;
}
route-localization {
34
inet;
inet6;
}
user@R0# show policy-options

policy-statement fib-policy {
term a {
from {
route-filter 10.4.4.4/32 exact;
}
then no-route-localize;
}
term b {
from {
route-filter fec0:4444::4/128 exact;
}
then no-route-localize;
}
then accept;
}
}
Verification
IN THIS SECTION
Verifying Policy Configuration | 35
Verifying FIB-Localization Configuration | 35
Verifying Routes After the Policy Is Applied | 36
Confirm that the configuration is working properly.

35
Verifying Policy Configuration
Purpose
Verify that the configured policy exists.
Action
Issue the show policy fib-policy command to check that the configured policy fib-policy exists.
user@R0> show policy fib-policy

Policy fib-policy:
Term a:
from
route filter:
10.4.4.4/32 exact
then no-route-localize
Term b:
from
route filter:
fec0:4444::4/128 exact
then no-route-localize
Term unnamed:
then accept
Verifying FIB-Localization Configuration
Purpose
Verify FIB-localization configuration details by using the show route localization and show route localization
detail commands.
Action
user@R0> show route localization

FIB localization ready FPCs (and FIB-local Forwarding Engine addresses)
FIB-local: FPC2(4,5)
36
FIB-remote: FPC0, FPC1

Normal: FPC3, FPC4, FPC5, FPC6, FPC7
user@R0> show route localization detail

FIB localization ready FPCs (and FIB-local Forwarding Engine addresses)
FIB-local: FPC2(4,5)
Normal: FPC3, FPC4, FPC5, FPC6, FPC7
FIB localization configuration
Protocols: inet, inet6
FIB-local: FPC2
Forwarding Engine addresses
FPC0: 1
FPC1: 2
FPC2: 4, 5
FPC3: 6
FPC4: 8
FPC5: 11
FPC6: 13
FPC7: 15
Verifying Routes After the Policy Is Applied
Purpose
Verify that routes with the no-route-localize policy option are installed on the fib-remote FPC.
Action
user@R0> show route 10.4.4.4/32 extensive
inet.0: 30 destinations, 30 routes (29 active, 0 holddown, 1 hidden)

10.4.4.4/32 (1 entry, 1 announced)
TSI:
KRT in-kernel 10.4.4.4/32 -> {10.130.0.2 Flags no-localize}
^^^^^^^^^^^^^^^^^
37
*Static Preference: 5
Next hop type: Router, Next hop index: 629
Next-hop reference count: 3
Next hop: 10.130.0.2 via ge-1/0/4.0, selected
State: <Active Int="">
Age: 10:33
Task: RT
Announcement bits (1): 0-KRT
AS path: I</Active
>
fib-local | 101
fib-remote | 102
38
CHAPTER 2
Junos OS Security Overview
IN THIS CHAPTER
Junos OS Default Settings for Device Security | 43
Junos OS Features for Device Security
IN THIS SECTION
Methods of Remote Access for Device Management | 39
Junos OS Supported Protocols and Methods for User Authentication | 39
Junos OS Plain-Text Password Requirements | 40
Junos OS Support for Routing Protocol Security Features and IPsec | 41
Junos OS Support for Firewall Filters | 41
Junos OS Support Distributed Denial-of-Service Protection | 42
Junos OS Auditing Support for Security | 42
Device security consists of three major elements: Physical security of the hardware, operating system
security, and security that can be affected through configuration.
Physical security involves restricting access to the device. Exploits that can easily be prevented from
remote locations are extremely difficult or impossible to prevent if an attacker can gain access to the
device’s management port or console. The inherent security of Junos OS also plays an important role in
router security. Junos OS is extremely stable and robust, and provides features to protect against
attacks, allowing you to configure the device to minimize vulnerabilities.
The following are Junos OS features available to improve device security:

39
Methods of Remote Access for Device Management
When you first install Junos OS, all remote access to the device is disabled, thereby ensuring that
remote access is possible only if deliberately enabled by an authorized user. You can establish remote
communication with a device in one of the following ways:
• Out-of-band management: Enables connection to the device through an interface dedicated to

device management. Juniper Networks devices support out-of-band management with a dedicated
management Ethernet interface, as well as EIA-232 console and auxiliary ports. On all devices other
than the TX Matrix Plus, T1600, T1600 or T4000 devices connected to a TX Matrix Plus device in a
routing matrix, and PTX Series Packet Transport Routers, the management interface is fxp0. On a TX
Matrix Plus, T1600, T1600 or T4000 devices in a routing matrix, and PTX Series Packet Transport
Routers, the management Ethernet Interface is labeled em0. The management Ethernet interface
connects directly to the Routing Engine. No transit traffic is allowed through this interface, providing
complete separation of customer and management traffic and ensuring that congestion or failures in
the transit network do not affect the management of the device.
• Inband management: Enables connection to the devices using the same interfaces through which
customer traffic flows. Although this approach is simple and requires no dedicated management
resources, it has two disadvantages:
• Management flows and transit traffic flows are mixed together. Any attack traffic that is mixed
with the normal traffic can affect the communication with the device.
• The links between device components might not be totally trustworthy, leading to the possibility
of wiretapping and replay attacks.
For management access to the device, the standard ways to communicate with the device from a remote
console are with Telnet and SSH. SSH provides secure encrypted communications and is therefore
useful for inband device management. Telnet provides unencrypted, and therefore less secure, access to
the device.
Junos OS Supported Protocols and Methods for User Authentication
On a device, you can create local user login accounts to control who can log in to the device and the
access privileges they have. A password, either an SSH key or a Message Digest 5 (MD5) password, is
associated with each login account. To define access privileges, you create login classes into which you
group users with similar jobs or job functions. You use these classes to explicitly define what commands
their users are and are not allowed to issue while logged in to the device.
The management of multiple devices by many different personnel can create a user account
management problem. One solution is to use a central authentication service to simplify account
management, creating and deleting user accounts only on a single, central server. A central
authentication system also simplifies the use of one-time password systems such as SecureID, which
40
offer protection against password sniffing and password replay attacks (attacks in which someone uses a
captured password to pose as a device administrator).
Junos OS supports two protocols for central authentication of users on multiple devices:
• Terminal Access Controller Access Control System Plus (TACACS+).
• Remote Authentication Dial-In User Service (RADIUS), a multivendor IETF standard whose features
are more widely accepted than those of TACACS+ or other proprietary systems. All one-time-
password system vendors support RADIUS.
Junos OS also supports the following authentication methods:
• Internet Protocol Security (IPsec). IPsec architecture provides a security suite for the IPv4 and IPv6
network layers. The suite provides such functionality as authentication of origin, data integrity,
confidentiality, replay protection, and nonrepudiation of source. In addition to IPsec, Junos OS
supports the Internet Key Exchange (IKE), which defines mechanisms for key generation and
exchange, and manages security associations (SAs).
• MD5 authentication of MSDP peering sessions. This authentication provides protection against
spoofed packets being introduced into a peering session.
• SNMPv3 authentication and encryption. SNMPv3 uses the user-based security model (USM) for
message security and the view-based access control model (VACM) for access control. USM specifies
authentication and encryption. VACM specifies access-control rules.
Junos OS Plain-Text Password Requirements
Junos OS has special requirements when you create plain-text passwords on a device. The default
requirements for plain-text passwords are as follows:
• The password must be between 6 and 128 characters long.
• You can include uppercase letters, lowercase letters, numbers, punctuation marks, and any of the
following special characters:
!@#$%^&*,+=<>:;
Control characters are not recommended.
• The password must contain at least one change of case or character class.
You can change the requirements for plain-text passwords.
You can include the plain-text-password statement at the following hierarchy levels:
• [edit system diag-port-authentication]
• [edit system pic-console-authentication]

41
• [edit system root-authentication]
• [edit system login user username authentication]
Junos OS Support for Routing Protocol Security Features and IPsec
The main task of a device is to forward user traffic toward its intended destination based on the
information in the device’s routing and forwarding tables. You can configure routing policies that define
the flows of routing information through the network, controlling which routes the routing protocols
place in the routing tables and which routes they advertise from the tables. You can also use routing
policies to change specific route characteristics, change the BGP route flap-damping values, perform
per-packet load balancing, and enable class of service (CoS).
Attackers can send forged protocol packets to a device with the intent of changing or corrupting the
contents of its routing table or other databases, which can degrade the functionality of the device. To
prevent such attacks, you must ensure that devices form routing protocol peering or neighboring
relationships with trusted peers. One way to do this is by authenticating routing protocol messages. The
Junos OS BGP, IS-IS, OSPF, RIP, and RSVP protocols all support HMAC-MD5 authentication, which uses
a secret key combined with the data being protected to compute a hash. When the protocols send
messages, the computed hash is transmitted with the data. The receiver uses the matching key to
validate the message hash.
Junos OS supports the IPsec security suite for the IPv4 and IPv6 network layers. The suite provides such
functionality as authentication of origin, data integrity, confidentiality, replay protection, and
nonrepudiation of source. Junos OS also supports IKE, which defines mechanisms for key generation
and exchange, and manages SAs.
Junos OS Support for Firewall Filters
Firewall filters allow you to control packets transiting the device to a network destination and packets
destined for and sent by the device. You can configure firewall filters to control which data packets are
accepted on and transmitted from the physical interfaces, and which local packets are transmitted from
the physical interfaces and the Routing Engine. Firewall filters provide a means of protecting your device
from excessive traffic. Firewall filters that control local packets can also protect your device from
external aggressions, such as DoS attacks.
To protect the Routing Engine, you can configure a firewall filter only on the device’s loopback interface.
Adding or modifying filters for each interface on the device is not necessary. You can design firewall
filters to protect against ICMP and Transmission Control Protocol (TCP) connection request (SYN) floods
and to rate-limit traffic being sent to the Routing Engine.
42
Junos OS Support Distributed Denial-of-Service Protection
A denial-of-service attack is any attempt to deny valid users access to network or server resources by
using up all the resources of the network element or server. Distributed denial-of-service attacks involve
an attack from multiple sources, enabling a much greater amount of traffic to attack the network. The
attacks typically use network protocol control packets to trigger a large number of exceptions to the
device’s control plane. This results in an excessive processing load that disrupts normal network
operations.
Junos OS DDoS protection enables the device to continue functioning while under an attack. It
identifies and suppresses malicious control packets while enabling legitimate control traffic to be
processed. A single point of DDoS protection management enables network administrators to customize
profiles for their network control traffic. Protection and monitoring persists across graceful Routing
Engine switchover (GRES) and unified in-service-software-upgrade (ISSU) switchovers. Protection is not
diminished as the number of subscribers increases.
To protect against DDoS attacks, you can configure policers for host-bound exception traffic. The
policers specify rate limits for individual types of protocol control packets or for all control packet types
for a protocol. You can monitor policer actions for packet types and protocol groups at the level of the
device, Routing Engine, and line cards. You can also control logging of policer events.
Flow detection is an enhancement to DDoS protection that supplements the DDoS policer hierarchies
by using a limited amount of hardware resources to monitor the arrival rate of host-bound flows of
control traffic. Flow detection is much more scalable than a solution based on filter policers. Filter
policers track all flows, which consumes a considerable amount of resources. In contrast, flow detection
only tracks flows it identifies as suspicious, using far fewer resources to do so.
The flow detection application has two interrelated components, detection and tracking. Detection is
the process where flows suspected of being improper are identified and subsequently controlled.
Tracking is the process where flows are tracked to determine whether they are truly hostile and when
these flows recover to within acceptable limits.
Junos OS Auditing Support for Security
Junos OS logs significant events that occur on the device and within the network. Although logging itself
does not increase security, you can use the system logs to monitor the effectiveness of your security
policies and device configurations. You can also use the logs when reacting to a continued and
deliberate attack as a means of identifying the source address, device, or port of the attacker’s traffic.
You can configure the logging of different levels of events, from only critical events to all events,
including informational events. You can then inspect the contents of the system log files either in real
time or later.
Debugging and troubleshooting are much easier when the timestamps in the system log files of all
devices are synchronized, because events that span the network might be correlated with synchronous
43
entries in multiple logs. Junos OS supports the Network Time Protocol (NTP), which you can enable on
the device to synchronize the system clocks of devices and other networking equipment. By default,
NTP operates in an unauthenticated mode. You can configure various types of authentication, including
an HMAC-MD5 scheme.
Overview of IPsec
Junos OS System Log Overview
Junos OS Default Settings for Device Security
Junos OS protects against common network device security weaknesses with the following default
settings:
• Junos OS does not forward directed broadcast messages. Directed broadcast services send ping
requests from a spoofed source address to a broadcast address and can be used to attack other
Internet users. For example, if broadcast ping messages were allowed on the 200.0.0.0/24 network, a
single ping request could result in up to 254 responses to the supposed source of the ping. The
source would actually become the victim of a denial-of-service (DoS) attack.
• Generally, by default, only console access to the device is enabled. Remote management access to
the device and all management access protocols, including Telnet, FTP, and SSH (Secure Shell), are
disabled by default, unless the device setup specifically includes a factory-installed DHCP
configuration.
• Junos OS does not support the SNMP set capability for editing configuration data. Although the
software supports the SNMP set capability for monitoring and troubleshooting the network, this
support exposes no known security issues. (You can configure the software to disable this SNMP set
capability.)
• Junos OS ignores martian (intentionally non-routable) IP addresses that contain the following
prefixes: 0.0.0.0/8, 127.0.0.0/8, 128.0.0.0/16, 191.255.0.0/16, 192.0.0.0/24, 223.255.55.0/24, and
240.0.0.0/4. Martian addresses are reserved host or network addresses about which all routing
information should be ignored.
44
CHAPTER 3
Junos OS Configuration Overview
IN THIS CHAPTER
The Commit Model for Configurations | 48
Configuration Groups Overview | 50
Junos OS Configuration Basics
Usually, your Juniper Networks device comes with Junos OS installed on it, unless you specifically order
it without the operating system. When Junos OS is pre-installed, you simply power on the device and all
software starts automatically. You just need to configure the device so it will be ready to participate in
the network.
To configure the Junos OS, you must specify a hierarchy of configuration statements which define the
preferred software properties. You can configure all properties of the Junos OS, including interfaces,
general routing information, routing protocols, and user access, as well as some system hardware
properties. After you have created a candidate configuration, you commit the configuration to be
evaluated and activated by Junos OS.

45
Methods for Configuring Junos OS
IN THIS SECTION
Junos OS Command-Line Interface | 46
ASCII File | 46
J-Web Package | 46
Junos XML Management Protocol Software | 47
NETCONF XML Management Protocol Software | 47
Configuration Commit Scripts | 47
Depending on specific device support, you can use the methods shown in Table 4 on page 45 to
configure Junos OS. For more information, see the Juniper Networks Feature Explorer.
Table 4: Methods for Configuring Junos OS
Method Description
Command-line interface Create the configuration for the device using the CLI. You can enter commands from a
(CLI) single command line, and scroll through recently executed commands.
ASCII file Load an ASCII file containing a configuration that you created earlier, either on this
system or on another system. You can then activate and run the configuration file, or
you can edit it using the CLI and then activate it.
J-Web graphical user Use the J-Web GUI to configure the device. J-Web enables you to monitor, configure,
interface (GUI) troubleshoot, and manage the router on a client by means of a Web browser. The J-
Web GUI is supported on only certain Juniper Networks devices. For more
information, see the Juniper Networks Feature Explorer.
Junos XML Client applications use the Junos XML management protocol to monitor and configure
management protocol Juniper Networks devices. The Junos XML management protocol is customized for
(API) Junos OS, and operations in the API are equivalent to those in the CLI.
46
Table 4: Methods for Configuring Junos OS (Continued)
Method Description
NETCONF application Client applications use the NETCONF XML management protocol to monitor and
programming interface configure supported devices. The NETCONF XML management protocol includes
(API) features that accommodate the configuration data models of multiple vendors.
Configuration commit Create scripts that run at commit time to enforce custom configuration rules. Commit
scripts scripts are written in Python, Stylesheet Language Alternative syntaX (SLAX), or
Extensible Stylesheet Language Transformations (XSLT).
The following sections describe the methods you can use to configure Junos OS:
Junos OS Command-Line Interface
The Junos OS CLI is a straightforward terminal-based command interface. You use Emacs-style keyboard
sequences to move around on a command line and scroll through a buffer that contains recently
executed commands. You type commands on a single line, and the commands are executed when you
press the Enter key. The CLI also provides command help and command completion.
ASCII File
You can load an ASCII file containing a configuration that you created earlier, either on this system or
another system. You can then activate and run the configuration file as is, or you can edit it using the CLI
and then activate it.
J-Web Package
As an alternative to entering CLI commands, Junos OS supports the J-Web GUI. The J-Web user
interface enables you to monitor, configure, troubleshoot, and manage the router on a client by means
of a Web browser with Hypertext Transfer Protocol (HTTP) or HTTP over Secure Sockets Layer (HTTPS)
enabled.
The J-Web user interface is an optional, licensed software package (jweb package) on M Series and
TSeries routers. The jweb package is not included in jinstall and jbundle software bundles. It must be
installed separately. To install the package on M Series and T Series routers, follow the procedure
described in the Software Installation and Upgrade Guide.
J-Web supports weak (56-bit) encryption by default. This enables non-US customers to install J-Web
and use HTTPS connections for J-Web access. US customers can also install the jcrypto strong
encryption package. This package automatically overrides the weak encryption.
47
NOTE: Because the J-Web package is bundled separately from other packages, it is possible to
have a version mismatch between J-Web and other Junos OS packages you have installed.
To check for a version mismatch, use the show system alarms CLI command. If the version number
does not match exactly, a system alarm appears.
Junos XML Management Protocol Software
The Junos XML Management Protocol is an XML-based protocol that client applications use to monitor
and configure Juniper Networks devices. It uses an XML-based data encoding for the configuration data
and remote procedure calls. This API is customized for Junos OS, and operations in the API are
equivalent to CLI commands.
NETCONF XML Management Protocol Software
The NETCONF XML management protocol is an XML-based protocol that client applications use to
monitor and configure network devices. It uses an XML-based data encoding for the configuration data
and remote procedure calls. NETCONF includes features that accommodate the configuration data
models of multiple vendors. Juniper Networks provides a set of Perl modules that enable Perl client
applications to communicate with the NETCONF server on Junos devices. The Perl modules enable you
to develop custom applications for configuring and monitoring Junos devices.
Configuration Commit Scripts
You can create and use scripts that run at commit time to enforce custom configuration rules. If a
configuration breaks the custom rules, the script can generate actions that the Junos OS performs.
These actions include:
• Generating custom error messages
• Generating custom warning messages
• Generating custom system log messages
• Making changes to the configuration
Configuration commit scripts also enable you to create macros, which expand simplified custom aliases
for frequently used configuration statements into standard Junos OS configuration statements. Commit
scripts are written in Python, Stylesheet Language Alternative syntaX (SLAX), or Extensible Stylesheet
Language Transformations (XSLT).
48
CLI Explorer
CLI User Guide
Junos OS Automation Scripting User Guide
NETCONF XML Management Protocol Developer Guide
Software Installation and Upgrade Guide
Junos OS Configuration from External Devices
You can configure Junos OS network device from a system console connected to the console port or by
using Telnet to access the device remotely. External management hardware can be connected to the
Routing Engine and the Junos OS through these ports:
• Console port
• Auxiliary port
• Ethernet management port
NOTE: See hardware guide for your particular Junos OS device for instructions about how to
connect external hardware to the console, auxiliary, and/or Ethernet management ports.
Capabilities and features can vary depending on device model.

The Commit Model for Configurations
The device configuration is saved using a commit model—a candidate configuration is modified as
desired and then committed to the system. When a configuration is committed, the device checks the
configuration for syntax errors, and if no errors are found, the configuration is saved as juniper.conf.gz
and activated. The formerly active configuration file is saved as the first rollback configuration file
49
(juniper.conf.1.gz), and any other rollback configuration files are incremented by 1. For example,
juniper.conf.1.gz is incremented to juniper.conf.2.gz, making it the second rollback configuration file.
The device can have a maximum of 49 rollback configurations (numbered 1 through 49) saved on the
system.
On the device, the current configuration file and the first three rollback files (juniper.conf.gz.1,
juniper.conf.gz.2, juniper.conf.gz.3) are located in the /config directory. (The remaining rollback files, 4
through 49, are located in /var/db/config.)
If the recovery configuration file rescue.conf.gz exists, this file is also located in the /config directory.
The factory default files are located in the /etc/config directory.
There are two mechanisms used to propagate the configurations between Routing Engines within a
device:
• Synchronization: Propagates a configuration from one Routing Engine to a second Routing Engine
within the same device chassis.
To synchronize configurations, use the commit synchronize CLI command. If one of the Routing Engines
is locked, the synchronization fails. If synchronization fails because of a locked configuration file, you
can use the commit synchronize force command. This command overrides the lock and synchronizes the
configuration files.
• Distribution: Propagates a configuration across the routing plane on a multichassis device.

Distribution occurs automatically. There is no user command available to control the distribution
process. If a configuration is locked during a distribution of a configuration, the locked configuration
does not receive the distributed configuration file, so the synchronization fails. You need to clear the
lock before the configuration and resynchronize the routing planes.
NOTE: When you use the commit synchronize force CLI command on a multichassis platform, the
forced synchronization of the configuration files does not affect the distribution of the
configuration file across the routing plane. If a configuration file is locked on a device remote
from the device where the command was issued, the synchronization fails on the remote
device. You need to clear the lock and reissue the synchronization command.
Configuring Junos OS for the First Time on a Device with a Single Routing Engine
50
Configuration Groups Overview
IN THIS SECTION
How Configuration Groups Work | 50
Inheritance Model | 50
Configure Configuration Groups | 51
This topic provides an overview of configuration groups and the inheritance model in the Junos OS CLI.
How Configuration Groups Work
Configuration groups enable you to create a group containing configuration statements and to direct the
inheritance of that group’s statements in the rest of the configuration. The same group can be applied to
different sections of the configuration. Different sections of one group’s configuration statements can
be inherited in different places in the configuration.
Configuration groups enable you to create smaller, more logically constructed configuration files, making
it easier to configure and maintain Juniper Networks devices. For example, you can group statements
that are repeated in many places in the configuration, such as when configuring interfaces. By grouping
statements, you can limit configuration updates to just the group.
You can also use wildcards in a configuration group. Any object that matches the wildcard expression
inherits the group configuration data.
The configuration group mechanism is separate from the grouping mechanisms used elsewhere in the
configuration, such as BGP groups. Configuration groups provide a generic mechanism that you can use
throughout the configuration but that are known only to the CLI. The individual software processes that
perform the actions directed by the configuration receive the expanded form of the configuration; they
have no knowledge of configuration groups.
Inheritance Model
Configuration groups use true inheritance, which involves a dynamic, ongoing relationship between the
source of the configuration data and the target of that data. The target automatically inherits data values
that you change in the configuration group. The target does not need to contain the inherited
information. However, the inherited values can be overridden in the target without affecting the source
from which they were inherited.
51
This inheritance model enables you to see only the instance-specific information without seeing the
inherited details. A command pipe in configuration mode enables you to display the inherited data.
Configure Configuration Groups
For areas of your configuration to inherit configuration statements, you must first put the statements
into a configuration group. You then apply that group to the levels in the configuration hierarchy that
require the statements.
For areas of your configuration to inherit configuration statements:
1. Configure statements into a configuration group. To configure configuration groups and inheritance,
you can include the groups statement at the [edit] hierarchy level:
[edit]
groups {
group-name {
configuration-data;
}
}
2. Apply the configuration group from step 1 to the levels in the configuration hierarchy that require the
statements.
Include the apply-groups [ group-names ] statement anywhere in the configuration where the
configuration statements contained in a configuration group are needed.
2 PART
Configuring and Administering Junos

Devices
Configuring Junos Devices | 53
Monitoring Junos Devices | 75
Managing Junos OS Processes | 83

53
CHAPTER 4
Configuring Junos Devices
IN THIS CHAPTER
How to Improve Commit Time When Using Configuration Groups | 65
Creating and Activating a Candidate Configuration | 66
Statements | 66
Mapping the Name of the Router to IP Addresses | 68
Back Up Configurations to an Archive Site | 71
Initial Router or Switch Configuration Using Junos OS
This topic provides an overview of initial network device configuration tasks using Junos OS.
When you turn on a device for the first time, Junos OS automatically boots and starts. You must enter
basic configuration information so the device is on the network and you can log in to it over the
network.
To configure the device initially, you must connect through the console port.
When you first connect to the console of a device that has not yet been configured, log in as the user
root. At first, the root account requires no password. You can see that you are the user root, because the
command prompt shows the username root@#.
54
You must start the Junos OS command-line interface (CLI) using the command cli. The command
prompt root@> indicates that you are the user root and that you are in Junos OS operational mode. Enter
Junos OS configuration mode by typing the command configure. The command prompt root@# indicates
that you are in the Junos OS configuration mode.
When you first configure a device, you should configure the following basic properties:
• Device hostname
• Domain name
• IP address of the device management Ethernet interface. To find the management Ethernet interface
that you should use for configuration, see Supported Routing Engines by Router.
• IP address of a backup router
• IP address of one or more DNS name servers on your network
• Password for the root account
Supported Routing Engines by Router
Junos OS Configuration Using the CLI
Configuring Junos OS for the First Time on a Device with a Single Routing
Engine
To configure the Junos OS for the first time on a router with a single Routing Engine and no base
configuration, follow these steps:
1. Connect to the device through the console port.

2. Power on the device and wait for it to boot.
The Junos OS boots automatically. The boot process is complete when you see the login: prompt
on the console.
3. Log in as the user root.
Initially, the root user account requires no password. You can see that you are the root user, because
the prompt on the device shows the username root@#.
55
4. Start the Junos OS command-line interface (CLI):
root@# cli
root@>
5. Enter Junos OS configuration mode:
cli> configure
[edit]
root@#
6. Configure the hostname of the device. We do not recommend spaces in the router name. However,
if the name does include spaces, enclose the entire name in quotation marks (" ").
[edit]
root@# set system host-name hostname
7. Set the root password, entering either a clear-text password that the system will encrypt, a
password that is already encrypted, or an SSH public key string.
Choose one of the following:
a. To enter a clear-text password, use the following command:
[edit]
root@# set system root-authentication plain-text-password
New password: type password
Retype new password: retype password
b. To enter a password that is already encrypted, use the following command:
[edit]
root@# set system root-authentication encrypted-password encrypted-password
c. To enter an SSH public key, use the following command:
[edit]
root@# set system root-authentication ssh-rsa key
56
8. Configure the device domain name:
[edit]
root@# set system domain-name domain-name
NOTE: Before you begin the next step, see Supported Routing Engines by Router to find the
management Ethernet interface that you should use to perform this configuration.
9. Configure the IP address and prefix length for the device management Ethernet interface. The
management Ethernet interface provides a separate out-of-band management network for the
device.
• For devices that use management Ethernet interface fxp0:
[edit]
root@# set interfaces fxp0 unit 0 family inet address address/prefix-length
• For devices that use management Ethernet interface em0:
[edit]
root@# set interfaces em0 unit 0 family inet address address/prefix-length
10. Configure the IP address of a backup or default network device. Choose a device that is directly
connected to the local router by way of the management interface. This backup is used only when
it is booting and only or when the Junos routing software (the routing protocol process, rpd) is not
running.
For devices with two Routing Engines, the backup Routing Engine, RE1, uses the backup device as a
default gateway after the device boots. This enables you to access the backup Routing Engine. (RE0
is the default primary Routing Engine.)
NOTE: The backup Routing Engine does not support more than 16 backup routing
destinations. If you configure more than 16 destinations on the backup Routing Engine, the
57
Junos OS ignores any destination addresses after the sixteenth address and displays a
commit-time warning message to this effect.
[edit]
root@# set system backup-router address
11. Configure the IP address of a DNS server. The router uses the DNS name server to translate
hostnames into IP addresses.
[edit]
root@# set system name-server address
12. Optionally, display the configuration statements:
[edit]
root@ show
system {
host-name hostname;
domain-name domain.name;
backup-router address;
root-authentication {
(encrypted-password "password" | public-key);
ssh-dsa "public-key";
ssh-ecdsa "public-key";
ssh-rsa "public-key";
}
name-server {
address;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address address ;
}
}
}
}
}
58
On devices that use management Ethernet interface em0, you will see em0 in place of fxp0 in the
show command output.
13. Commit the configuration, which activates the configuration on the device:
[edit]
root@# commit
After committing the configuration, you see the newly configured hostname appear after the
username in the prompt—for example, user@hostname#.
A basic configuration for Junos OS is now set on the device.
If you want to configure additional Junos OS properties at this time, remain in the CLI configuration
mode and add the necessary configuration statements. You need to commit your configuration
changes to activate them on the device.
14. Exit from the CLI configuration mode.
[edit]
root@hostname# exit
root@hostname>
15. Back up the configuration.

After you have committed the configuration and are satisfied that the new configuration is
successfully running, you should issue the request system snapshot command to back up the new
software to the /altconfig file system. If you do not issue the request system snapshot command, the
configuration on the alternate boot device will be out of sync with the configuration on the primary
boot device.
The request system snapshot command causes the root file system to be backed up to /altroot, and /
config to be backed up to /altconfig. The root and /config file systems are on the device’s
CompactFlash card, and the /altroot and /altconfig file systems are on the device’s hard drive.
NOTE: After you issue the request system snapshot command, you cannot easily return to the
previous configuration, because the running copy and the backup copies are identical.

59
Statements | 66
Configuring Junos OS for the First Time on a Device with Dual Routing
Engines
If a device has dual Routing Engines, you can create configuration groups and use the same
configuration for both Routing Engines. This ensures that the configuration will not change during a
failover scenario because of the identical configuration shared between the Routing Engines.
Configure the hostnames and addresses of the two Routing Engines using configuration groups at the
[edit groups] hierarchy level. Use the reserved configuration group re0 for the Routing Engine in slot 0
and re1 for the Routing Engine in slot 1 to define Routing Engine-specific parameters. Configuring re0
and re1 groups enables both Routing Engines to use the same configuration file.
Use the apply-groups statement to apply the apply the configuration to the device.
The commit synchronize command commits the same configuration on both Routing Engines. The command
makes the active or applied configuration the same for both Routing Engines with the exception of the
groups, re0 being applied to only RE0 and re1 being applied only to RE1. If you do not synchronize the
configurations between two Routing Engines and one of them fails, the router may not forward traffic
correctly, because the backup Routing Engine may have a different configuration.
To initially configure a device with dual Routing Engines that have no base configuration, follow these
steps:
1. If you have not already done so, refer "Configuring Junos OS for the First Time on a Device with a
Single Routing Engine" on page 54 and follow the steps to initially configure the backup Routing
Engine.
2. Create the configuration group re0. The re0 group is a special group designator that is only used by
RE0 in a redundant routing platform.
[edit]
root@host# set groups re0
60
3. Navigate to the groups re0 level of the configuration hierarchy.
[edit]
root@host# edit groups re0
4. Specify the device hostname.
[edit groups re0]

root@host# set system host-name host-name
NOTE: The hostname specified in the device configuration is not used by the DNS server to
resolve to the correct IP address. This hostname is used to display the name of the Routing
Engine in the CLI. For example, the hostname appears at the command-line prompt when
you are logged in to the CLI:
user-name@host-name>
5. Configure the IP address and prefix length for the device management Ethernet interface. The
management Ethernet interface provides a separate out-of-band management network for the
device.
• For devices using the management Ethernet interface fxp0:
[edit groups]
root@host# set interfaces fxp0 unit 0 family inet address address/prefix-length
• For devices that use the management Ethernet interface em0:
[edit groups]
root@host# set interfaces em0 unit 0 family inet address address/prefix-length
61
6. Set the loopback interface address for the re0 configuration group:
[edit groups]
root@host# set re0 interfaces lo0 unit 0 family inet address address/prefix-length
7. Return to the top level of the hierarchy.
[edit groups re0]

root@host# top
The next steps repeat for re1 the same steps as were done for the re0 configuration group.
8. Create the configuration group re1.
[edit]
root@host# set groups re1
9. Navigate to the groups re1 level of the configuration hierarchy.
[edit]
root@host# edit groups re1
10. Specify the device hostname.
[edit groups re1]

root@host# set system host-name host-name
11. Configure the IP address and prefix length for the device management Ethernet interface.
• For devices that use the management Ethernet interface fxp0:
[edit groups]
root@host# set interfaces fxp0 unit 0 family inet address address/prefix-length
62
• For devices that use the management Ethernet interface em0:
[edit groups]
root@host# set interfaces em0 unit 0 family inet address address/prefix-length
12. Set the loopback interface address for re1 configuration group:
[edit groups]
root@host# set re1 interfaces lo0 unit 0 family inet address address/prefix-length
13. Once both configuration groups have been set up, return to the top level of the hierarchy.
[edit groups re0]

root@host# top
14. Use the apply-groups statement to apply the configuration to the device.
[edit]
root@host# set apply-groups [ re0 re1 ]
15. Configure Routing Engine redundancy:
[edit]
root@host# set chassis redundancy routing-engine 0 master
root@host# set chassis redundancy routing-engine 1 backup
16. Save the configuration change on both Routing Engines:
[edit]
user@host> commit synchronize
After the configuration changes are saved, complete the management console configuration.
1. Set the root password by choosing one of the following:
• To enter a clear-text password, use the following command:
[edit]
root@host# set system root-authentication plain-text-password
63
New password: type password

Retype new password: retype password
• To enter a password that is already encrypted, use the following command:
[edit]
root@host# set system root-authentication encrypted-password encrypted-password
• To enter an SSH public key, use the following command:
[edit]
root@host# set system root-authentication ssh-rsa key
2. Configure the IP address of the DNS server.
[edit ]
root@host# set system name-server address
3. Configure the router domain name:
[edit ]
root@host# set system domain-name domain-name
4. Configure the IP address of a backup or default network device. A backup device is used only while
the routing protocol process is not running. Choose a backup device that is directly connected to the
local device by way of the management interface. The device uses this backup only when it is
booting and or when the Junos routing software (the routing protocol process, rpd) is not running.
For more information, see Configuring a Backup Router.
For devices with two Routing Engines, the backup Routing Engine, RE1, uses the backup as a default
gateway after the device boots. This enables you to access the backup Routing Engine. (RE0 is the
default primary Routing Engine.)
NOTE: The backup router Routing Engine does not support more than 16 backup
destinations. If you configure more than 16 destinations on the backup Routing Engine, the
64
Junos OS ignores any destination addresses after the sixteenth address and displays a
commit-time warning message to this effect.
[edit]
root@host# set system backup-router address
5. Optionally, display the configuration statements:
[edit]
root@ show
system {
host-name hostname;
domain-name domain.name;
backup-router address;
(encrypted-password "password" | public-key);
ssh-dsa "public-key";
ssh-ecdsa "public-key";
ssh-rsa "public-key";
}
name-server {
address;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address address ;
}
}
}
}
}
On devices that use management Ethernet interface em0, you will see em0 in place of fxp0 in the
show command output.
65
6. After you are satisfied that the configuration is successfully running, issue the request system snapshot
command to back up the new configuration on both primary and backup Routing Engines.
{master}
user@host> request system snapshot
The root file system is backed up to /altroot, and /config is backed up to /altconfig. The root and /
config file systems are on the device’s CompactFlash card, and the /altroot and /altconfig file
systems are on the device’s hard drive.
NOTE: After you issue the request system snapshot command, you cannot return to the previous
configuration, because the running copy and backup copy are identical.
For information about creating configuration groups, see Junos OS CLI User Guide.
For information about configuring high availability features for redundant Routing Engine systems and
the re0 group, see Junos OS High Availability User Guide.

Statements | 66
How to Improve Commit Time When Using Configuration Groups
You use configuration groups to apply configurations across other hierarchies without re-entering
configuration data. You can specify every configuration detail in a configuration groups. You can also use
wildcards in configuration groups to configure ranges of data, without detailing each configuration line.
Another way to use configuration groups is to create an inheritance path that includes a long string of
configurations to be applied.
66
When a configuration that uses configuration groups is committed, the commit process expands and
reads all the configuration data of the group into memory to apply the configurations as intended. The
commit performance can be negatively affected if many configuration groups are being applied,
especially if the configuration groups use wildcards extensively.
If your system uses many configuration groups that use wildcards, you can configure the persist-groups-
inheritance statement at the [edit system commit] hierarchy level to improve commit time performance.
Using this option enables the system to build the inheritance path for each configuration group inside
the database rather than in the process memory. This change can improve commit time performance.
However, it can also increase the database size.
Creating and Activating a Candidate Configuration
You can enter software configuration statements using the CLI to create a candidate configuration that
contains a hierarchy of statements. To have a candidate configuration take effect, you commit the
changes. At this point, the candidate file is checked for proper syntax, activated, and marked as the
current, operational software configuration file. If multiple users are editing the configuration, when you
commit the candidate configuration, all changes made by all the users take effect.
The CLI always maintains a copy of previously committed versions of the software configuration. If you
need to return to a previous configuration, you can do this from within the CLI.
Junos OS Commit Model for Configurations
Format for Specifying IP Addresses, Network Masks, and Prefixes in

Junos OS Configuration Statements
Many statements in the Junos OS configuration include an option to specify an IP address or route
prefix. This option is represented as destination-prefix/prefix-length. Specifically, the route prefix, followed
by a slash and the destination prefix length. For example, 192.168.1.10/32.
You enter all IP addresses in classless mode. You can enter the IP address with or without a prefix length,
in standard dotted notation (for example, 1.2.3.4), or hexadecimal notation as a 32-bit number in
network-byte order (for example, 0x01020304). If you omit any octets, they are assumed to be zero.
Specify the prefix length as a decimal number from 1 through 32.
67
Format for Specifying Filenames and URLs in Junos OS CLI Commands
In some CLI commands and configuration statements—including file copy, file archive, load, save, set
system login user username authentication load-key-file, and request system software add—you can include a
filename. On a routing matrix, you can include chassis information (for example, lcc0, lcc0-re0, or lcc0-re1)
as part of the filename.
You can specify a filename or URL in one of the following ways:
• filename—A file in the user’s current directory on the local CompactFlash card (not applicable on the
QFX Series). You can use wildcards to specify multiple source files or a single destination file.
Wildcards are not supported in FTP.
NOTE: Wildcards are supported only by the file (compare | copy | delete | list | rename | show)
commands. When you issue the file show command with a wildcard, it must resolve to one
filename.
• path/filename—A file on the local flash drive.
• filename or path/filename—File on the local hard drive. You can also specify a file on a local Routing
Engine for a specific T640 router or a T1600 router in a routing matrix:
user@host> file delete lcc0-re0:/var/tmp/junk
• a:filename or a:path/filename—A file on the local removable media. The default path is / (the root-level
directory). The removable media can be in MS-DOS or UNIX (UFS) format.
• hostname:/path/filename, hostname:filename, hostname:path/filename, or “scp://hostname/path/filename”—File

on an scp/ssh server. This form is not available in the worldwide version of Junos OS. The default
path is the user’s home directory on the remote system. You can also specify hostname as
username@hostname.
• ftp://hostname/path/filename—File on an FTP server. You can also specify hostname as

username@hostname or username:password@hostname. The default path is the user’s home
directory. To specify an absolute path, the path must start with %2F; for example, ftp://
hostname/%2Fpath/filename. To have the system prompt you for the password, specify prompt in
68
place of the password. If a password is required and you do not specify the password or prompt, an
error message is displayed:
user@host> file copy ftp://[email protected]/filename

file copy ftp.hostname.net: Not logged in.
user@host> file copy ftp://username:[email protected]/filename
Password for [email protected]:
• http://hostname/path/filename—A file on an HTTP server. You can also specify hostname as

username@hostname or username:password@hostname. If a password is required and you omit it,
you are prompted for it.
NOTE: You cannot specify a HTTP(s) URL for a file as a destination, because HTTP(s) URLs are
not writable. However you can specify HTTP(s) URL for a file as a source.
• re0:/path/filename or re1:/path/filename—A file on a local Routing Engine. You can also specify a
file on a local Routing Engine for a specific T640 router or a T1600 router in a routing matrix:
user@host> show log lcc0-re1:chassisd

Statements | 66
Mapping the Name of the Router to IP Addresses
While using the Domain Name System (DNS) is an easier and more scalable way to resolve IP addresses
from hostnames, you might want to manually map the hostname to a static IP address for the following
reasons:
• You might not have a DNS entry for the device.
• You might not want the computer to contact the DNS server to resolve a particular IP address—you
might use this particular IP address frequently, or it might be just for testing or development
purposes.
69
To map a device’s hostname to one or more IP addresses:
1. Include the inet statement at the [edit system static-host-mapping hostname] hierarchy level.
user@host# set system static-host-mapping hostname inet < ip-addresses >
2. Verify the configuration with the show command.
[edit system]
user@host# show
static-host-mapping {
hostname {
inet [ ip-addresses ];
}
}
Configuring a Device’s Unique Identity for the Network

Configuring a DNS Name Server for Resolving Hostnames into Addresses
Configuring Automatic Mirroring of the CompactFlash Card on the Hard

Drive
You can direct the device hard drive to automatically mirror the contents of the CompactFlash card.
When you include the mirror-flash-on-disk statement, the hard drive maintains a synchronized mirror
copy of the CompactFlash card contents. Data written to the CompactFlash card is simultaneously
updated in the mirrored copy of the hard drive. If the CompactFlash card fails to read data, the hard
drive automatically retrieves its mirrored copy of the CompactFlash card.
NOTE: We recommend that you disable flash-to-disk mirroring when you upgrade or downgrade
the router.
You cannot issue the request system snapshot command while flash-to-disk mirroring is enabled.
70
To configure the mirroring of the CompactFlash card to the hard drive, include the mirror-flash-on-disk
statement at the [edit system] hierarchy level:
[edit system]
mirror-flash-on-disk;
NOTE: After you have enabled or disabled the mirror-flash-on-disk statement, you must reboot
the device for your changes to take effect. To reboot, issue the request system reboot command.
NOTE: This feature is not supported in Junos OS Release 20.1.
Using Junos OS to Specify the Number of Configurations Stored on the

CompactFlash Card
By default, Junos OS saves the current configuration and three previous versions of the committed
configuration on the CompactFlash card, with an additional 46 older versions stored on the hard drive.
The currently operational Junos OS configuration is stored in the file juniper.conf.gz, and the last three
committed configurations are stored in the files juniper.conf.1.gz, juniper.conf.2.gz, and
juniper.conf.3.gz. These four files are located in the CompactFlash card in the directory /config.
In addition to saving the current configuration and the current operational version, you can also specify
how many previous versions of the committed configurations you want stored on the CompactFlash
card in the directory /config. The remaining previous versions of committed configurations (4 through
49) are stored in the directory /var/db/config on the hard disk. This is useful when you have very large
configurations that might not fit on the CompactFlash card.
71
To specify how many previous versions of the committed configurations you want stored on the
CompactFlash card, include the max-configurations-on-flash statement at the [edit system] hierarchy level:
[edit system]
max-configurations-on-flash number;
number is a value from 0 through 49.
Back Up Configurations to an Archive Site
IN THIS SECTION
Configure the Transfer of the Active Configuration | 71
You can configure a device to transfer its configuration to an archive file periodically.
Configure the Transfer of the Active Configuration

If you want to back up your device’s current configuration to an archive site, you can configure the
device to transfer its active configuration by FTP, HTTP, or secure copy (SCP) periodically or after each
commit.
To configure the device to transfer its active configuration to an archive site, include statements at the
[edit system archival configuration] hierarchy level:
[edit system archival configuration]

archive-sites {
ftp://username@host<:port>/url-path;
http://username@host<:port>/url-path;
scp://username@host<:port>/url-path;
}
routing-instance routing-instance;
72
transfer-interval interval;
transfer-on-commit;
To configure the device to periodically transfer its active configuration to an archive site, include the
transfer-interval statement at the [edit system archival configuration] hierarchy level:

transfer-interval interval;
The interval is a period of time ranging from 15 through 2880 minutes.
To configure the device to transfer the configuration to an archive site each time you commit the
configuration, include the transfer-on-commit statement at the [edit system archival configuration] hierarchy
level:

transfer-on-commit;
When you configure the device to transfer its configuration files, you specify an archive site to which
the files are transferred. If you specify more than one archive site, the device attempts to transfer files to
the first archive site in the list, moving to the next site only if the transfer fails.
When you use the archive-sites statement, you can specify a destination as an FTP URL, HTTP URL, or
SCP-style remote file specification. The URL type file:// is also supported. When you specify the archive
site, do not add a forward slash (/) to the end of the URL.
To configure the archive site, include the archive-sites statement at the [edit system archival configuration]
hierarchy level:

archive-sites {
file://<path>/<filename>;
ftp://username@host<:port>/url-path password password;
http://username@host<:port>/url-path password password;
scp://username@host<:port>/url-path password password;
}
73
NOTE: When specifying a URL in a statement using an IPv6 host address, you must enclose the
entire URL in quotation marks ("") and enclose the IPv6 host address in brackets ([ ]). For
example, "ftp://username<:password>@[ipv6-host-address]<:port>/url-path"
If the network device reaches the archive server through a specific routing instance, configure the
routing-instance statement at the [edit system archival configuration] hierarchy level, and specify the
routing instance.

The destination filename is saved in the following format, where n corresponds to the number of the
compressed configuration rollback file that has been archived:
<router-name>_YYYYMMDD_HHMMSS_juniper.conf.n.gz
NOTE: The time included in the destination filename is in Coordinated Universal Time (UTC).
Configuring Junos OS to Set Console and Auxiliary Port Properties
Most Juniper Networks devices have a console port and an auxiliary port for connecting terminals to the
router or switch. The console port is enabled by default, and its speed is 9600 baud. The auxiliary port is
disabled by default.
To configure the properties for the console and auxiliary ports, include the ports statement at the [edit
system] hierarchy level:
[edit system]
ports {
auxiliary {
disable;
insecure;
type terminal-type;
}
74
console {
authentication-order;
disable;
insecure;
log-out-on-disconnect;
type terminal-type;
}
}
By default, the terminal type is set to unknown. To change the terminal type, include the type statement,
specifying a terminal-type of ansi, vt100, small-xterm, or xterm. The first three terminal types set a screen size
of 80 columns by 24 lines. The last type, xterm, sets the size to 80 columns by 65 rows.
By default, the console session is not logged out when the data carrier is lost on the console modem
control lines. To change this default and log out the session automatically when the data carrier on the
console port is lost, include the log-out-on-disconnect statement. You can use the show system users
command to verify the console session is logged out.
By default, terminal connections to the console and auxiliary ports are secure. When you configure the
console as insecure, root logins are not allowed to establish terminal connections. In addition,
superusers and anyone with a user identifier (UID) of 0 are not allowed to establish terminal connections
in multiuser mode when you configure the console as insecure. To disable root login connections to the
console and auxiliary ports, include the insecure statement. This option can be used to prevent someone
from attempting password recovery by booting into single-user mode, if they do not know the root
password.
To disable console login, include the disable statement. By default, console login is enabled.
NOTE: For Common Criteria compliance, the console port must be disabled.

75
CHAPTER 5
Monitoring Junos Devices
IN THIS CHAPTER
Junos OS Tools for Monitoring | 75
Tracing and Logging Junos OS Operations | 76
Understanding Dropped Packets and Untransmitted Traffic Using show Commands | 78
Junos OS Tools for Monitoring
The primary method of monitoring and troubleshooting Junos OS, routing protocols, network
connectivity, and the device hardware is to enter commands from the CLI. The CLI enables you to
display information in the routing tables and routing protocol-specific data, and to check network
connectivity using ping and traceroute commands.
The J-Web GUI is a Web-based alternative to using CLI commands to monitor, troubleshoot, and
manage the device.
Junos OS includes SNMP software, which enables you to manage routers. The SNMP software consists
of an SNMP master agent and a MIB II agent, and supports MIB II SNMP version 1 traps and version 2
notifications, SNMP version 1 Get and GetNext requests, and version 2 GetBulk requests.
The software also supports tracing and logging operations so that you can track events that occur—both
normal device operations and error conditions—and track the packets that are generated by or pass
through the device. Logging operations use a syslog-like mechanism to record system-wide, high-level
operations, such as interfaces going up or down and users logging in to or out of the device. Tracing
operations record more detailed messages about the operation of routing protocols, such as the various
types of routing protocol packets sent and received, and routing policy actions.

76
Tracing and Logging Junos OS Operations
Tracing and logging operations allow you to track events that occur in the device—both normal
operations and error conditions—and to track the packets that are generated by or passed through the
device. The results of tracing and logging operations are placed in files in the /var/log directory.
Remote Tracing
Junos OS provides an option to do remote tracing for specific processes, which greatly reduces use of
device internal storage for tracing and is analogous to remote system logging. You configure remote
tracing system-wide using the tracing statement at the [edit system] hierarchy level. By default, remote
tracing is not configured. You can disable remote tracing for specific processes using the no-remote-trace
statement at the [edit process-name traceoptions] hierarchy level. This feature does not alter local tracing
functionality in any way, and logging files are stored on the device.
Junos OS supports remote tracing for the following processes:
• chassisd—Chassis-control process
• eventd—Event-processing process
• cosd—Class-of-service process
• spd—Adaptive-services process
To enable system-wide remote tracing, include the destination-override syslog host statement at the [edit
system tracing] hierarchy level. This specifies the remote host running the system log process (syslogd),
which collects the traces. Traces are written to file(s) on the remote host per the syslogd configuration
in /etc/syslog.conf. By default remote tracing is not configured.
To override the system-wide remote tracing configuration for a particular process, include the no-remote-
trace statement at the [edit process-name traceoptions] hierarchy. When no-remote-trace is enabled, the
process does local tracing.
NOTE: When remote tracing is configured, traces will go to the remote host.
To collect traces, use the local0 facility as the selector in /etc/syslog.conf on the remote host. To
separate traces from various processes into different files, include the process name or trace-file name if
it is specified at the [edit process-name traceoptions file] hierarchy level, in the Program field in /etc/
syslog.conf. If your syslog server supports parsing hostname and program name, then you can separate
traces from the various processes.
Logging Operations
77
Logging operations use a system logging mechanism similar to the UNIX syslogd utility to record system-
wide, high-level operations, such as interfaces going up or down and users logging in to or out of the
device. You configure these operations by using the syslog statement at the [edit system] hierarchy level,
as described in Junos OS System Log Overview, and by using the options statement at the [edit routing-
options] hierarchy level, as described in the Junos OS Routing Protocols Library for Routing Devices.
Tracing Operations
Tracing operations record more detailed messages about the operation of routing protocols, such as the
various types of routing protocol packets sent and received, and routing policy actions. You configure
tracing operations using the traceoptions statement. You can define tracing operations in different
portions of the router configuration:
• Global tracing operations: Define tracing for all routing protocols. You define these tracing operations
at the [edit routing-options] hierarchy level of the configuration.
• Protocol-specific tracing operations: Define tracing for a specific routing protocol. You define these
tracing operations in the [edit protocols] hierarchy when configuring the individual routing protocol.
Protocol-specific tracing operations override any equivalent operations that you specify in the global
traceoptions statement. If there are no equivalent operations, they supplement the global tracing
options. If you do not specify any protocol-specific tracing, the routing protocol inherits all the global
tracing operations.
• Tracing operations within individual routing protocol entities: Some protocols allow you to define
more granular tracing operations. For example, in Border Gateway Protocol (BGP), you can configure
peer-specific tracing operations. These operations override any equivalent BGP-wide operations or, if
there are no equivalents, supplement them. If you do not specify any peer-specific tracing
operations, the peers inherit, first, all the BGP-wide tracing operations and, second, the global tracing
operations.
• Interface tracing operations: Define tracing for individual router interfaces and for the interface
process itself. You define these tracing operations at the [edit interfaces] hierarchy level of the
configuration as described in the Junos OS Network Interfaces Library for Routing Devices.
Junos OS Network Interfaces Library for Routing Devices

Junos OS Routing Protocols Library for Routing Devices
Junos OS System Log Overview
78
Understanding Dropped Packets and Untransmitted Traffic Using show

Commands
Starting with Junos OS Release 14.2, packets that need to be forwarded to the adjacent network
element or a neighboring device along a routing path might be dropped by a device owing to several
factors. Some of the causes for such a loss of traffic or a block in transmission of data packets include
overloaded system conditions, profiles and policies that restrict the bandwidth or priority of traffic,
network outages, or disruption with physical cable faults. You can use a number of show commands to
determine and analyze the statistical counters and metrics related to any traffic loss and take an
appropriate corrective measure. The fields displayed in the output of the show commands help in
diagnosing and debugging network performance and traffic-handling efficiency problems.
The following show commands and associated fields applicable for dropped packets enable you to view
and analyze some of the system parameters for errors or disruption in transmitted packets.
show interfaces extensive—Display input and output packet errors or drops. Following are some of the show
interfaces extensive input counters and their definitions.
Following are definitions for some of the output counters for show interfaces extensive:
Following are definitions for some of the Queue counters for show interfaces extensive (both outbound
and inbound). This includes CoS queue number and its associated user-configured forwarding class
name, and is displayed on IQ2 interfaces.
Errors Sum of the incoming frame terminates and FCS errors.
Drops Number of packets dropped by the input queue of the I/O Manager ASIC. If the
interface is saturated, this number increments once for every packet that is dropped
by the ASIC's RED mechanism.
Framing errors Number of packets received with an invalid frame checksum (FCS).
Runts Number of frames received that are smaller than the runt threshold.
Policed discards Number of frames that the incoming packet match code discarded because they
were not recognized or not of interest. Usually, this field reports protocols that the
Junos OS does not handle.
L3 incompletes Number of incoming packets discarded because they failed Layer 3 (usually IPv4)
sanity checks of the header. For example, a frame with less than 20 bytes of
available IP header is discarded. L3 incomplete errors can be ignored by configuring
the ignore-l3-incompletes statement.
79
L2 channel errors Number of times the software did not find a valid logical interface for an incoming
frame.
L2 mismatch Number of malformed or short packets that caused the incoming packet handler to
timeouts discard the frame as unreadable.
FIFO errors Number of FIFO errors in the receive direction that are reported by the ASIC on the
PIC. If this value is ever nonzero, the PIC is probably malfunctioning.
Resource errors Error counter specific to the platform.
For example on MX series routers, resource errors count PFE oversubscription

drops.
Carrier Number of times the interface has gone from down to up. This number does not
transitions normally increment quickly, increasing only when the cable is unplugged, the far-
end system is powered down and then up, or another problem occurs. If the number
of carrier transitions increments quickly (perhaps once every 10 seconds), the cable,
the far-end system, or the PIC or PIM is malfunctioning.
Errors Sum of the outgoing frame terminates and FCS errors.
Drops Number of packets dropped by the output queue of the I/O Manager ASIC. If the
interface is saturated, this number increments once for every packet that is dropped
by the ASIC's RED mechanism.
Collisions Number of Ethernet collisions. The Gigabit Ethernet PIC supports only full-duplex
operation, so for Gigabit Ethernet PICs, this number should always remain 0. If it is
nonzero, there is a software bug.
Aged packets Number of packets that remained in shared packet SDRAM so long that the system
automatically purged them. The value in this field should never increment. If it does,
it is most likely a software bug or possibly malfunctioning hardware.
FIFO errors Number of FIFO errors in the send direction as reported by the ASIC on the PIC. If
this value is ever nonzero, the PIC is probably malfunctioning.
HS link CRC Number of errors on the high-speed links between the ASICs responsible for
errors handling the router interfaces.
MTU errors Number of packets whose size exceeded the MTU of the interface.
Resource errors Error counter specific to the platform.
Queued packets Number of queued packets.

80
Transmitted Number of transmitted packets.

packets
Dropped packets Number of packets dropped by the ASIC's RED mechanism.
show interfaces queue—Display class-of-service (CoS) queue information for physical interfaces. Following
are some of the show interfaces queue output fields and their definitions.
Queued packets Number of queued packets.
Transmitted Number of transmitted packets.

packets
Dropped packets Number of packets dropped by the ASIC's RED mechanism.
Tail-dropped Number of packets dropped because of tail drop.

packets
RL-dropped Number of packets dropped due to rate limiting. For rate-limited interfaces hosted
packets on MICs, MPCs, and Enhanced Queuing DPCs only, this statistic is not included in
the queued traffic statistics.
RED-dropped Number of packets dropped because of random early detection (RED).

packets
On M320 and M120 routers and most T Series routers, just the total number of
dropped packets is displayed. For other M Series routers, as well as MX Series
routers with enhanced DPCs, T Series routers with enhanced FPCs, and all J Series
routers, the output classifies dropped packets into the following catetories:
• Low, non-TCP—Number of low-loss priority non-TCP bytes dropped because of

RED.
• Low, TCP—Number of low-loss priority TCP packets dropped because of RED.
• High, non-TCP—Number of high-loss priority non-TCP packets dropped because of

RED.
• High, TCP—Number of high-loss priority TCP packets dropped because of RED.
show class-of-service fabric statistics summary—Display class-of-service (CoS) switch fabric queue drop
statistics. Following are the fabric queue statistics for dropped traffic:
Packets Dropped packet count for high-priority and low-priority queues.
Bytes Dropped byte count for high-priority and low-priority queues.
pps Dropped packets-per-second count for high-priority and low-priority queues.

81
bps Dropped bits-per-second count for high-priority and low-priority queues.
show pfe statistics traffic fpc—Display packet drops related to the entire FPC. Following are the FPC-
level statistics for Packet Forwarding Engine hardware discards:
The following statistics are related to Packet Forwarding Engine local traffic for show pfe statistics traffic
fpc:
Timeout Number of packets discarded because of timeouts.
Truncated key Number of packets discarded because of truncated keys.
Bits to test Number of bits to test.
Data error Number of packets discarded because of data errors.
Stack underflow Number of packets discarded because of stack underflows.
Normal discard Number of packets discarded because of discard routes. Packets are dropped
silently without being further processed by the host. Normal discards are
reported when packets match a firewall filter term that has an action of discard
or when the final result of the route look-up is a next hop of discard.
Extended discard Number of packets discarded because of illegal next hops. Packets are dropped
silently but are also sent to the Routing Engine for further processing. Extended
discards are reported when packets match a firewall filter term that has an
action of discard and an additional action that requires Routing Engine
processing, such as log, count, sample, or syslog.
Invalid interface Number of packets discarded because of invalid incoming interfaces.
Info cell drops Number of information cell drops.
Fabric drops Number of fabric drops.
Local packets input Number of incoming packets from the local network.
Local packets output Number of outgoing packets dispatched to a host in the local network.
Software input high Number of incoming software packets of high-priority, dropped during
drops transmission.
Software input Number of incoming software packets of medium-priority, dropped during

medium drops transmission.
82
Software input low Number of incoming software packets of low-priority, dropped during
drops transmission.
Software output Number of outgoing software packets that were dropped during transmission.
drops
Hardware input Number of incoming hardware packets that were dropped during transmission.
drops
The preceding commands represent only the main parameters that you can use to identify and monitor
traffic drops or errors. Depending on your specific deployment scenario and network conditions, you
might need to view the output of other relevant show commands to evaluate different factors that might
be resulting in traffic transmission losses.
Log a User Out of the Device
Sometimes you may need to disconnect a user session if it does not terminate after a user logs out, or
you may otherwise want to log a user out for some other reason.
To log a user out of all terminal sessions on a router, enter the following Junos OS CLI command:
user@host> request system logout username
user@host> show system users

10:07PM up 13 days, 1:25, 2 users, load averages: 0.17, 0.05, 0.02
USER TTY FROM LOGIN@ IDLE WHAT
harry p0 hpot-lt.cmpy.net 10:07PM - -cli (cl
lisa p1 hpot-lt.cmpy.net 10:06PM - -cli (cl
user@host> request system logout user harry

user@host> show system users
10:07PM up 13 days, 1:25, 1 user, load averages: 0.24, 0.06, 0.02

USER TTY FROM LOGIN@ IDLE WHAT
lisa p1 hpot-lt.cmpy.net 10:06PM - -cli (cl
The sample output for the first show system users command shows there were two users on the router,
harry and lisa. The request system logout user command was issued to log out user harry. Because there is
no output to indicate that harry was logged out, the show system users command was issued again to
verify that user harry was actually logged out of the router, while the user lisa remains logged in.
83
CHAPTER 6
Managing Junos OS Processes
IN THIS CHAPTER
Viewing Core Files from Junos OS Processes | 84
Using Virtual Memory for Process Configuration Data | 86
Saving Core Files from Junos OS Processes
By default, when an internal Junos OS process generates a core file, the file and associated context
information are saved for debugging purposes in a compressed tar file named process-name.core.core-
number.tgz in the /var/tmp/ and /var/crash/ directories. For Junos OS Evolved, the output is saved in
the /var/core/ directory for Routing Engine core files and /var/lib/ftp/in/ for FPC core files. The
contextual information includes the configuration and system log message files.
To disable the saving of core files and associated context information, include the no-saved-core-context
statement at the [edit system] hierarchy level:
[edit system]
no-saved-core-context;
To save the core files only, include the saved-core-files statement at the [edit system] hierarchy level and
specify the number of files to save:
[edit system]
saved-core-files number;
number is the number of core files to save and can be a value from 1 through 10.
84
To save the core files along with the contextual information, include the saved-core-context statement at
the [edit system] hierarchy level:
[edit system]
saved-core-context;
Viewing Core Files from Junos OS Processes
When an internal Junos OS process generates a core file, you can find the output at /var/crash/
and /var/tmp/. For Junos OS Evolved, you can find the output core files at /var/core/ for Routing
Engine core files and /var/lib/ftp/in/ for FPC core files. Using these directories provides a quick method
of finding core issues across large networks.
Use the CLI command show system core-dumps to view core files.
root@host> show system core-dumps

-rw------- 1 root wheel 268369920 Jun 18 17:59 /var/crash/vmcore.0
-rw-rw---- 1 root field 3371008 Jun 18 17:53 /var/tmp/rpd.core.0
-rw-r--r-- 1 root wheel 27775914 Jun 18 17:59 /var/crash/kernel.0
Saving Core Files from Junos OS Processes

85
Disabling Junos OS Processes
CAUTION: Never disable any of the software processes unless instructed to do so by a

Customer Support engineer.
To disable a software process, specify the appropriate option in the processes statement at the [edit
system] hierarchy level:
[edit system]
processes {
process-name (enable | disable);
}
NOTE: The process-name variable is one of the valid process names. You can obtain a complete list
of process names by using the CLI command completion feature.
processes | 124
Configuring Failover to Backup Media If a Junos OS Process Fails
For network devices with redundant Routing Engines, you can configure the device to switch to backup
media that contains a version of the system if a software process fails repeatedly, or to the other
Routing Engine.
To configure automatic switchover to backup media if a software process fails, include the failover
statement at the [edit system processes process-name] hierarchy level. If this statement is configured for a
86
process, and that process fails four times within 30 seconds, the device reboots from either the
alternative media or the other Routing Engine.:
[edit system processes]

process-name failover (alternate-media | other-routing-engine);
The value for process-name should be one of the valid process names.

Using Virtual Memory for Process Configuration Data
Configuration data for each process in Junos OS is stored in memory that is mapped within the address
space of each process, requiring a fixed maximum space to be reserved in each process. This scheme
works well until a process is managing many functions at commit time and negatively impacts the
commit time, or simply needs more memory than the default allotment. For example, the rpd process
might be managing many routes and require more space to store important information about the
routes.
In circumstances that require more than the maximum memory-mapped size, you can use virtual-memory-
mapping at the [edit system configuration-database] hierarchy level to make more memory available for the
configuration database per process.
You can configure a portion of virtual memory at a fixed size for the initial portion of the configuration
database, and you can specify an amount to be used for page-pooling. Page-pooling uses a small amount
of memory to bring database pages into memory as needed, rather than mapping the entire
configuration database into the virtual memory space for the process.
3 PART
Configuration Statements and

Operational Commands
Configuration Statements | 88
File Management Commands | 142
System Software Administrative Commands | 161
System Software Monitoring Commands | 303

88
CHAPTER 7
Configuration Statements
IN THIS CHAPTER
backup-router | 89
commit (System) | 90
compress-configuration-files (System) | 93
configuration-database | 95
domain-name | 98
domain-search | 99
fib-local | 101
fib-remote | 102
filter | 103
host-name | 104
inet6-backup-router | 105
location (System) | 107
memory-enhanced | 109
management-instance | 110
max-configurations-on-flash | 112
mirror-flash-on-disk | 113
name-server (System Services) | 115
non-subscriber-no-reply | 117
pic-console-authentication | 119
port (Syslog) | 121
ports | 122
processes | 124
proxy (System) | 126
redundancy-interface-process | 127
root-authentication | 129
89
route (chassis) | 131
routing (System Processes) | 133
static-host-mapping | 138
vpn-label | 140
backup-router
IN THIS SECTION
Syntax | 89
Hierarchy Level | 89
Description | 90
Options | 90
Required Privilege Level | 90
Release Information | 90
Syntax
backup-router address <destination destination-address>;
Hierarchy Level
[edit system]
90
Description
Set a default router (running IP version 4 [IPv4]) to use while the local router (running IPv4) is booting
and if the routing protocol processes fail to start. The Junos OS removes the route to this router as soon
as the software starts.
Options
address Address of the default router.
destination (Optional) Destination address that is reachable through the backup router. You can
destination- include this option to achieve network reachability while loading, configuring, and
address
recovering the router, but without the risk of installing a default route in the
forwarding table.
• Default: All hosts (default route) are reachable through the backup router.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.
Configuring a Backup Router
commit (System)
IN THIS SECTION
Syntax | 91
91
Description | 91
Options | 91
Syntax
commit {
commit-synchronize-server;
delta-export;
fast-synchronize;
notification;
peers;
peers-synchronize;
persist-groups-inheritance | no-persist-groups-inheritance;
server;
synchronize;
}
The parameters for fast-synchronize and synchronize do not apply for the SRX Series.
Hierarchy Level
[edit system]
Description
Configure options for Junos OS commit.
Options
commit-synchronize-server—(Optional) Specify traceoptions for commit synchronize server actions.

92
delta-export—(Optional) Configure system commit to export only the changes made in the candidate
configuration instead of exporting the entire candidate configuration to the configuration database. This
helps to reduce the time taken to commit the configuration changes..
fast-synchronize—(Optional) Configure commits to run in parallel (simultaneously) on both the primary and
backup Routing Engines to reduce the time required for commit synchronization. The fast-synchronize
configuration is valid only on systems with two Routing Engines. (Option not available for SRX Series.)
notification—(Optional) Notify applications upon commit completion.
peers—(Optional) Specify the host names or IP addresses of the MC-LAG peers and the user
authentication details for the users administering the MC-LAG peers that are participating in commit
synchronization.
NOTE: Starting in Junos OS Release 17.1R1, the peers option at the [edit system commit] hierarchy
level is not supported in batch configuration mode.
peers-synchronize—(Optional) Configure a commit synchronization on MC-LAG peers.
persist-group-inheritance—(Optional) Configure this option to improve commit performance for systems

that use many configuration groups that use wildcards. This option causes the full inheritance paths of
the configuration groups to be built in the database instead of in the process memory. To disable this
option, use no-persist-groups-inheritance. Starting in Junos OS Evolved Release 19.2R1 and Junos OS
Release 19.4R1, this option is enabled by default. Junos OS Evolved requires this feature to be enabled.
The no-persist-groups-inheritance option to disable persist-group-inheritance is not supported in Junos OS
Evolved.
server—(Optional) Configure a default batch commit.
synchronize—(Optional) For devices with multiple Routing Engines only. Configure the commit command
to automatically perform a commit synchronize action between dual Routing Engines within the same
chassis. The Routing Engine on which you execute the commit command (the requesting Routing
Engine) copies and loads its candidate configuration to the other (the responding) Routing Engine. Each
Routing Engine then performs a syntax check on the candidate configuration file being committed. If no
errors are found, the configuration is activated and becomes the current operational configuration on
both Routing Engines. (Option not available for SRX Series.)
The remaining statements are explained separately. See CLI Explorer.
maintenance—To view this statement in the configuration.

maintenance-control—To add this statement to the configuration.
93
Release Information
Statement introduced in Junos OS Release 7.4.
Option persist-groups-inheritance added in Junos OS Release 13.2.
Option delta-export added in Junos OS Release 14.2.
Option peers added in Junos OS Release 14.2R6.
Option peers-synchronize added in Junos OS Release 14.2R6.
Option no-persist-groups-inheritance added in Junos OS Evolved Release 19.2R1 and Junos OS Release
19.4R1.
Improving Commit Time When Using Configuration Groups

server
synchronize
compress-configuration-files (System)
IN THIS SECTION
Syntax | 94
Description | 94
Default | 94
Options | 94
94
Syntax
(compress-configuration-files | no-compress-configuration-files);
Hierarchy Level
[edit system]
Description
Compress the current operational configuration file. By default, the current operational configuration file
is compressed, and is stored in the file juniper.conf, in the /config file system, along with the last three
committed versions of the configuration. However, with large networks, the current configuration file
might exceed the available space in the /config file system. Compressing the current configuration file
allows the file to fit in the file system, typically reducing the size of the file by 90 percent. The current
configuration file is compressed on the second commit of the configuration after the first commit is
made to include the compress-configuration-files statement.
NOTE: We recommend that you enable compression of the router configuration files to minimize
the amount of disk space that they require.
Default
The current operational configuration file is compressed.
Options
This command has no options.

95
Release Information
Compressing the Current Configuration File
configuration-database
IN THIS SECTION
Syntax | 95
Description | 96
Options | 96
Syntax
configuration-database {
ephemeral {
allow-commit-synchronize-with-gres;
commit-synchronize-model (asynchronous | synchronous);
delete-ephemeral-default;
ignore-ephemeral-default;
instance instance-name;
}
extend-size;
max-db-size max-db-size;
resize {
database-size-diff size MB;
database-size-on-disk size MB;
96
}
virtual-memory-mapping {
process process name {
fixed-size size KB;
page-pooling-size size KB;
}
}
}
Hierarchy Level
[edit system]
Description
Define parameters for the configuration databases.
Configure the virtual-memory-mapping statement hierarchy to increase the memory space available for the
configuration database size per process, as needed, by using virtual memory mapping and page-pooling.
Configure the ephemeral statement hierarchy to specify options for the ephemeral configuration database.
Configure the resize statement hierarchy when it is necessary to resize the configuration database.
Options
ephemeral Configure settings for the ephemeral configuration database. commit-synchronize-model

specifies the commit model used to synchronize ephemeral data to the backup Routing
Engine during a commit synchronize operation; instance sets the instance name; allow-
commit-synchronize-with-gres enables a device to synchronize ephemeral configuration data
to the other Routing Engine when GRES is enabled on the device and a commit
synchronize operation is requested; and ignore-ephemeral-default disables the default
instance of the ephemeral configuration database.
extend-size Increase the memory space available for the configuration database, per process, up to
1.5 GB. The extended default size is based on the original default database size. A device
with a default database size of 409.99 MB will extend to a maximum of 1049.99 MB, and
a device with a default database size of 665.99 MB will extend to a maximum of
1305.99.
97
The extend-size and max-db-size statements are mutually exclusive and cannot be
configured together.
You must reboot the router after committing this statement to make the change effective.
Any operation on the system configuration-database extend-size configuration statement such

as, deactivate, delete, or set, generates the following warning message:
Change in 'system configuration-database extend-size' will be effective at next reboot only.
NOTE: The extend-size configuration statement is supported for Junos OS Evolved

starting in release 22.1.
You should remove the extend-size statement before performing a rollback from
Junos OS Evolved release 22.1 or later to any release prior to 22.1.
max-db-size Configures the maximum database size. max-db-size and extend-size are mutually exclusive
and cannot be configured together.
resize Resizes the configuration database. The database will be resized automatically during the
commit based on the values specified in the database-size-diff and database-size-on-disk
attributes. The system will display Database resize completed when the configuration
database has been successfully resized.
virtual- Define parameters for using virtual memory mapping for the configuration database on a
memory- per-process basis. You can define a fixed size for the initial portion of the database and
mapping
configure a page-pooling size for the remaining portion of the database. The parameter
process sets the process name, while fixed-size sets the size in kilobytes to directly map for
the initial portion of the configuration database for the specified process and page-pooling-
size sets the size in kilobytes to use for page-pooling the remaining data in the database,
with the valid range being from 512KB to 680MB for each.
NOTE: Junos OS Evolved does not support the virtual-memory-mapping option.
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.

98
Release Information
Example: Configuring Virtual Memory for Process Configuration Data
domain-name
IN THIS SECTION
Syntax | 98
Description | 98
Options | 99
Syntax
domain-name domain-name;
Hierarchy Level
[edit system]
Description
Configure the name of the domain in which the router or switch is located. This is the default domain
name that is appended to hostnames that are not fully qualified.
99
Options
domain-name Name of the domain.
NOTE: The length of the domain name cannot exceed 255 characters.
Release Information
domain-search
IN THIS SECTION
Syntax | 99
Description | 100
Options | 100
Syntax
domain-search [domain-list ];
100
Hierarchy Level
[edit system],
[edit system services dhcp],
[edit system services dhcp pool],
[edit system services dhcp static-binding]
Description
Configure a list of domains to search (in the case where you want to configure access to multiple DNS
servers for redundancy, and/or to resolve hosts that the previous server could not).
Options
domain-list List of domain servers to search. The list can contain up to six domain names, separated by
a space, with a total of up to 256 characters.
For example to search domain1.net, and if it fails to resolve the host, domain2.net, and if fails to resolve the
host, domain3.net, you would configure the following domain list at the domain-search hierarchy level:
[edit system]
set domain-search [domain1.net domain2.net domain3.net]
Release Information

101
fib-local
IN THIS SECTION
Syntax | 101
Description | 101
Syntax
fib-local;
Hierarchy Level
[edit chassis fpc fpc-number route-localization]
Description
Configure the Packet Forwarding Engine on an FPC as FIB-local.
NOTE: At least, one Packet Forwarding Engine must be configured as fib-local for the commit
operation to be successful. If you do not configure fib-local for the Packet Forwarding Engine, the
CLI displays an appropriate error message and the commit fails.
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.

102
Release Information
fib-remote
IN THIS SECTION
Syntax | 102
Description | 102
Syntax
fib-remote;
Hierarchy Level
[edit chassis fpc fpc-number route-localization]
Description
Configure the Packet Forwarding Engine on an FPC as FIB-remote.

103
Release Information
filter
IN THIS SECTION
Syntax | 103
Description | 104
Syntax
filter;
Hierarchy Level
[edit chassis memory-enhanced]

104
Description
Enables storing of firewall filters across multiple static RAM (SRAM) segments, resulting in proper
utilization of SRAM segments. This feature is useful in routers with small routing tables and large firewall
filters. This statement is supported on T Series routers.
Release Information
Statement added in Junos OS Release 11.1.
Allocating More Memory for Routing Tables, Firewall Filters, and Layer 3 VPN Labels
host-name
IN THIS SECTION
Syntax | 105
Description | 105
Options | 105

105
Syntax
host-name hostname;
Hierarchy Level
[edit system]
Description
Set the hostname of the router or switch.
Options
hostname Name of the router or switch.
Release Information
inet6-backup-router
IN THIS SECTION
Syntax | 106
Description | 106
106
Options | 106
Syntax
inet6-backup-router address <destination destination-address>;
Hierarchy Level
[edit system]
Description
Set a default router (running IP version 6 [IPv6]) to use while the local router or switch (running IPv6) is
booting and if the routing protocol processes fail to start. The Junos OS removes the route to this router
or switch as soon as the software starts.
Options
address Address of the default router.
destination (Optional) Destination address that is reachable through the backup router. You can
destination- include this option to achieve network reachability while loading, configuring, and
address
recovering the router or switch, but without the risk of installing a default route in
the forwarding table.
• Default: All hosts (default route) are reachable through the backup router.

107
Release Information
location (System)
IN THIS SECTION
Syntax | 107
Description | 108
Options | 108
Syntax
location {
altitude feet;
building name;
country-code code;
floor number;
hcoord horizontal-coordinate;
lata transport-area;
latitude degrees;
longitude degrees;
npa-nxx number;
postal-code postal-code;
rack number;
vcoord vertical-coordinate;
}
108
Hierarchy Level
[edit system]
Description
Configure the system location in various formats.
Options
altitude feet Number of feet above sea level.
building name Name of building. The name of the building can be 1 to 28 characters in
length. If the string contains spaces, enclose it in quotation marks (" ").
country-code code Two-letter country code.
floor number Floor in the building.
hcoord horizontal-coordinate Bellcore Horizontal Coordinate.
lata transport-area Local Access Transport Area.
latitude degrees Latitude in degree format.
longitude degrees Longitude in degree format.
npa-nxx number First six digits of the phone number (area code and exchange).
postal-code postal-code Postal code.
rack number Rack number.
vcoord vertical-coordinate Bellcore Vertical Coordinate.

109
Release Information
Specifying the Device Physical Location
memory-enhanced
IN THIS SECTION
Syntax | 109
Description | 110
Syntax
memory-enhanced {
filter;
route;
vpn-label;
}
Hierarchy Level
[edit chassis]
110
Description
Allocate more jtree memory for routing tables and Layer 3 VPNs.
NOTE: The memory-enhanced statement supports MX Series routers with DPC (I-chip based) line
cards only.
The remaining statements are explained separately.
Release Information
management-instance
IN THIS SECTION
Syntax | 111
Description | 111
Options | 111

111
Syntax
management-instance;
Hierarchy Level
[edit system]
Description
Enable a dedicated management virtual routing and forwarding (VRF) instance. The name of the
dedicated management instance is reserved and hardcoded as mgmt_junos; you cannot configure any other
routing instance by the name mgmt_junos.
The management Ethernet interface (usually named fxp0 or em0) provides the out-of-band management
network for the router. There is no clear separation between either out-of-band management traffic and
in-band protocol control traffic, or user traffic at the routing-instance or routing table level. The
management-instance configuration statement confines the management interface in the dedicated
management instance mgmt_junos, and it enables an administrative routing table dedicated to management
tasks for the network device.
For more information about configuring management-instance and the mgmt_junos routing instance, see
Management Interface in a Non-Default Instance.
Options
Release Information
Statement introduced in Junos OS Release 17.3R1.

112
max-configurations-on-flash
IN THIS SECTION
Syntax | 112
Description | 112
Options | 112
Syntax
max-configurations-on-flash number;
Hierarchy Level
[edit system]
Description
Specify the number of configurations stored on the CompactFlash card.
Options
number The number of configurations stored on the CompactFlash card.
• Range: 0 through 49. The most recently saved configuration is number 0, and the oldest
saved configuration is number 49.

113
Release Information
mirror-flash-on-disk
IN THIS SECTION
Syntax | 113
Description | 114
Options | 114
Syntax
mirror-flash-on-disk;
Hierarchy Level
[edit system]
114
Description
Configure the hard disk to automatically mirror the contents of the CompactFlash card. The hard disk
maintains a synchronized mirror copy of the CompactFlash card contents. Data written to the
CompactFlash card is simultaneously updated in the mirrored copy of the hard disk. If the CompactFlash
card fails to read data, the hard disk automatically retrieves its mirrored copy of the CompactFlash card.
CAUTION: We recommend that you disable flash disk mirroring when you upgrade or
downgrade the router.
You cannot issue the request system snapshot command while the mirror-flash-on-disk
statement is enabled.
NOTE: After you have enabled or disabled the mirror-flash-on-disk statement, you must reboot
the router for your changes to take effect. To reboot, issue the request system reboot command.
Options
Release Information
Statement deprecated for Junos OS with Upgraded FreeBSD in Junos OS Release 15.1.
NOTE: To determine which platforms run Junos OS with Upgraded FreeBSD, see the table listing
the platforms currently running Junos OS with upgraded FreeBSD in Release Information for
Junos OS with Upgraded FreeBSD.
115
name-server (System Services)
IN THIS SECTION
Syntax | 115
Description | 116
Options | 116
Syntax
name-server {
address {
}
}
Hierarchy Level
[edit system],
[edit system services dhcp pool],
[edit system services dhcp static-binding]
116
Description
Configure one or more Domain Name System (DNS) name servers.
Options
address Address of the name server. To configure multiple name servers, include a maximum of
three address options.
routing- Configure name of the routing instance through which the name server is reachable.
instance
routing-
instance
NOTE: The only routing instance supported is mgmt_junos. Also, this routing
instance command is not supported on SRX Series devices.
Release Information
routing-instance options introduced in Junos OS Release 19.2R1 under the [edit system] hierarchy level
only.
Configuring a DNS Name Server for Resolving Hostnames into Addresses

117
non-subscriber-no-reply
IN THIS SECTION
Syntax | 117
Description | 117
Options | 117
Syntax
non-subscriber-no-reply;
Hierarchy Level
[edit system arp]
Description
Enable this option to drop ARP requests from non-subscribers when a user route is dynamically added
for a subscriber. Configuring this statement suppresses the ARP response from the kernel when there is
an ARP request for a loopback interface from static DHCP subscribers using a common LAN segment
between two devices. However, this configuration might not be effective if the subscriber configuration
has suppressed either a destination Layer 2 route or an access Layer 3 route.
Options

118
Release Information
Statement introduced in Junos OS Release 13.3R9.
autoinstallation
no-route-localize
IN THIS SECTION
Syntax | 118
Description | 119
Syntax
no-route-localize;
Hierarchy Level
[edit policy-options policy-statement policy-name term term-name then]

119
Description
Enforce installation of routes on all FIB-remote Packet Forwarding Engines.
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
Release Information
pic-console-authentication
IN THIS SECTION
Syntax | 120
Description | 120
Default | 120
Options | 120

120
Syntax
pic-console authentication {
(encrypted-password "password");
}
Hierarchy Level
[edit system]
Description
Configure console access to Physical Interface Cards (PICs).
Default
Disabled. By default, there is no password setting for console access.
Options
encrypted- Use MD5 or other encrypted authentication. Specify the MD5 or other password. You
password " can specify only one encrypted password.
password"
You cannot configure a blank password for encrypted-password using blank quotation
marks (" "). You must configure a password whose number of characters range from 1
through 128 characters and enclose the password in quotation marks.
Release Information

121

Configuring Password Authentication for Console Access to PICs
port (Syslog)
IN THIS SECTION
Syntax | 121
Description | 121
Options | 121
Syntax
port port number;
Hierarchy Level
[edit system syslog host hostname | other-routing-engine| scc-master)]
Description
Specify the port number for the remote syslog server.
Options
port number Port number of the remote syslog server.

122
• Range: 0 through 65535
• Default: 514
Release Information
syslog (System)
host (System)
ports
IN THIS SECTION
Syntax | 122
Description | 123
Options | 123
Syntax
ports {
auxiliary {
123
disable;
insecure;
type terminal-type;
port-type (mini-usb | rj45);
}
console {
disable;
insecure;
log-out-on-disconnect;
type terminal-type;
}
}
Hierarchy Level
[edit system]
Description
Configure the properties of the console and auxiliary ports. The ports are located on the router’s craft
interface.
See the switch’s hardware documentation for port locations.
Options
Release Information

124
processes
IN THIS SECTION
Syntax | 124
Description | 124
Default | 125
Options | 125
Syntax
processes {
process-name (enable | disable) failover (alternate-media | other-routing-engine);
timeout seconds;
}
Hierarchy Level
[edit system]
Description
Configure which Junos OS processes are running on the router or switch.

125
CAUTION: Never disable any of the software processes unless instructed to do so by a

customer support engineer.
Default
All processes are enabled by default.
Options
(enable | (Optional) Enable or disable a specified process.

disable)
failover (Optional) For routers or switches with redundant Routing Engines only, switch to
(alternate- backup media if a process fails repeatedly. If a process fails four times within 30
media | other-
routing-engine) seconds, the router or switch reboots from the alternate media or the other Routing
Engine.
process-name One of the valid process names. You can obtain a complete list of process names by
using the CLI command completion feature. After specifying a process name,
command completion also indicates any additional options for that process.
timeout (Optional) How often the system checks the watchdog timer, in seconds. If the
seconds watchdog timer has not been checked in the specified number of seconds, the system
reloads. If you set the time value too low, it is possible for the system to reboot
immediately after it loads.
• Values: 15, 60, or 180
• Default: 180 seconds (rounded up to 291 seconds by the Junos kernel)
Release Information

126
proxy (System)
IN THIS SECTION
Syntax | 126
Description | 126
Options | 127
Syntax
proxy {
server (hostname | ip-address);
port port-number;
username username;
password password;
}
Hierarchy Level
[edit system]
Description
Configure the proxy server properties for a device.

127
Options
server Configure the server by hostname or IP address.
port Set the port number for the proxy server ranging from 0 through 65535.
username Specify the user name configured in the proxy server.
password Specify the password associated with the username for the proxy server.
Release Information
Example: Configuring a Proxy Server for License Updates
redundancy-interface-process
IN THIS SECTION
Syntax | 128
Description | 128
Options | 128

128
Syntax
redundancy-interface-process {
command binary-file-path;
disable;
failover (alternate-media | other-routing-engine);
}
Hierarchy Level
[edit system processes]
Description
Specify as an active or backup process of an application server, configure to process traffic for more than
one logical application server.
Options
command binary- Path to the binary process.

file-path
disable Disable the redundancy interface management process.
failover Configure the device to reboot if the software process fails four times within 30
seconds, and specify the software to use during the reboot.
alternate-media Configure the device to switch to backup media that contains a version of the
system if a software process fails repeatedly.
other-routing- Instruct the secondary Routing Engine to take primary role if a software process
engine fails. If this statement is configured for a process, and that process fails four times
within 30 seconds, then the device reboots from the secondary Routing Engine.

129
Release Information
root-authentication
IN THIS SECTION
Syntax | 129
Description | 130
Options | 130
Syntax
encrypted-password "password";
no-public-keys
ssh-ecdsa name {
from from;
}
ssh-ed25519 name {
from from;
}
ssh-rsa name {
from from;
}
}
130
Hierarchy Level
[edit system]
Description
Configure the authentication methods for the root-level user, whose username is root.
You can use the ssh-ecdsa, ssh-ed25519, or ssh-rsa statements to directly configure SSH ECDSA, ED25519,
or RSA keys to authenticate root logins. You can configure more than one public key for SSH
authentication of root logins as well as for user accounts. When a user logs in as root, the public keys are
referenced to determine whether the private key matches any of them.
Options
encrypted-password Specify the MD5 or other password. You can specify only one encrypted
"password" password. You cannot configure a blank password using blank quotation
marks (" "). You must configure a password whose number of characters
range from 1 through 128 characters and enclose the password in quotation
marks.
no-public-keys Disable SSH public key-based authentication.
ssh-ecdsa name from Use an SSH ECDSA public key. You can specify one or more public keys.
from
ssh-ed25519 name Use an SSH ED25519 public key. You can specify one or more public keys.
from from
ssh-rsa name from from Use an SSH RSA public key. You can specify one or more public keys.
Release Information

131
class (Defining Login Classes)

user (Access)
route (chassis)
IN THIS SECTION
Syntax | 131
Description | 131
Syntax
route;
Hierarchy Level
Description
Allocate more jtree memory for routing tables over firewall filters.

132
Release Information
route-localization
IN THIS SECTION
Syntax | 132
Description | 132
Options | 133
Syntax
route-localization {
inet;
inet6;
}
Hierarchy Level
[edit chassis]
Description
Configure FIB localization for IPv4 and IPv6 routes.

133
Options
inet Configure FIB localization for IPv4 routes.
inet6 Configure FIB localization for IPv6 routes.
Release Information
routing (System Processes)
IN THIS SECTION
Syntax | 134
Description | 134
Default | 134
Options | 134

134
Syntax
routing {
force-32-bit | force-64-bit | auto-64-bit;
}
Hierarchy Level
[edit system processes],

[edit logical-systems logical-system name system processes]
Description
Configure routing protocols process (rpd) mode.
Default
force-32-bit mode is used in Junos 15.1F2 and prior releases
auto-64-bit mode is used starting in Junos 15.1F3
Options
auto-64-bit (Optional) Enable to use 64-bit mode. If the system is 64-bit capable and has at least 16 GB
of RAM, then auto-64-bit will cause the Routing Engine to run in 64-bit mode. Otherwise, it
will run in 32-bit mode.
NOTE: This option is not applicable for logical systems.

Starting in Junos 15.1F3, 15.1R2, 15.1R3, and 15.2R1, 64-bit mode is enabled by
default on systems that support it and which have at least 16 GB of RAM.
force-32-bit (Optional) Enable to always use 32-bit mode.

135
NOTE: For MX Series routers, virtual private LAN service (VPLS) dynamic profiles
are not supported with the 64-bit mode routing protocol process (rpd). To enable
VPLS dynamic profiles configuration, configure the routing process to use 32-bit
mode.
force-64-bit (Optional) Enable to always use 64-bit mode.
TIP: You need not restart the routing protocol process (rpd) to use the 64-bit mode. However,
forcing rpd from 32-bit to 64-bit or 64-bit-to 32-bit will restart the rpd process, which can
impact the routing protocols. For this reason, it is recommended to perform these changes in a
maintenance window.
Release Information
Statement introduced in Junos OS Release 13.3 R4.

processes | 124
saved-core-context
IN THIS SECTION
Syntax | 136
136
Description | 136
Options | 136
Syntax
(saved-core-context | no-saved-core-context);
Hierarchy Level
[edit system]
Description
Configure whether the router saves core files generated by internal Junos processes, along with
contextual information (system log files and a copy of the current configuration):
• saved-core-context—The router saves each cores file and its associated context in a compressed tar file
named /var/tmp/process-name.core.core-number.tgz.
• no-saved-core-context—The router does not save cores files and their associated context.
Options
These commands have no options.

137
Release Information
saved-core-files
IN THIS SECTION
Syntax | 137
Description | 137
Options | 138
Syntax
saved-core-files number;
Hierarchy Level
[edit system]
Description
Save core files generated by internal Junos processes, but not the associated contextual information
(configuration and system log files).
138
Options
number Maximum number of core files to save. The valid range is from 1 through 10.
Release Information
static-host-mapping
IN THIS SECTION
Syntax | 139
Description | 139
Default | 139
Options | 139

139
Syntax
static-host-mapping {
hostname {
alias [ aliases ];
inet [ addresses ];
inet6 [ addresses];
sysid system-identifier;
}
}
Hierarchy Level
[edit system]
Description
(Optional) Statically map a hostname to one or more IP addresses and aliases, and configure an
International Organization for Standardization (ISO) system identifier (system ID).
Default
If you do not statically map the hostname, the mapping is generated dynamically, based on the system
configuration. For instance, if you omit the static-host-mapping hostname sysid statement, the IS-IS system
ID is dynamically generated from the host portion of the ISO address configured on the loopback
interface (lo0) and is mapped to the host-name statement configured at the [edit system] hierarchy level.
Options
alias alias Alias for the hostname.
hostname Fully qualified hostname.
inet address IP address. You can specify one or more IP addresses for the host.
sysid system- ISO system identifier (system ID). This is the 6-byte portion of the Intermediate
identifier System-to-Intermediate System (IS-IS) network service access point (NSAP). We
recommend that you use the host’s IP address represented in binary-coded decimal
140
(BCD) format. For example, the IP address 208.197.169.18 is 2081.9716.9018

in BCD.
Release Information
vpn-label
IN THIS SECTION
Syntax | 140
Description | 141
Syntax
vpn-label;
Hierarchy Level

141
Description
Allocate more jtree memory for Layer 3 VPN labels.
Release Information
142
CHAPTER 8
File Management Commands
IN THIS CHAPTER
file archive | 142
file compare | 146
file copy | 149
file list | 153
file rename | 156
file show | 158
file archive
IN THIS SECTION
Syntax | 142
Description | 143
Options | 143
Output Fields | 143
Sample Output | 144
Syntax
file archive destination destination source source

<compress>
143
<exclude> filepattern
<routing-instance>
<source-address>
Description
Archive, and optionally compress, one or multiple local system files as a single file, locally or at a remote
location.
For information on valid filename and URL formats, see "Format for Specifying Filenames and URLs in
Junos OS CLI Commands" on page 67.
Options
destination destination Destination of the archived file or files. Specify the destination as a URL
or filename. The Junos OS adds one of the following suffixes if the
destination filename does not already have it:
• For archived files—The suffix .tar
• For archived and compressed files—The suffix .tgz
source source Source of the original file or files. Specify the source as a URL or
filename.
compress (Optional) Compress the archived file with the GNU zip (gzip)
compression utility. The compressed files have the suffix .tgz.
exclude (Optional) Specify the file pattern to exclude. exclude helps to exclude
files that delay compression or files that need not be compressed.
routing-instance routing- (Optional) Name of the routing-instance.
instance-name
source-address address (Optional) Local address to use in originating the connection.
maintenance
Output Fields
When you enter this command, you are provided feedback on the status of your request.
144
Sample Output
file archive (Multiple Files)
The following sample command archives all messages files in the local directory /var/log/ as the single
file messages-archive.tar.
user@host> file archive source /var/log/messages* destination /var/log/messages-archive.tar

/usr/bin/tar: Removing leading / from absolute path names in the archive.
user@host>
file archive (Single File)
The following sample command archives a single messages file in the local directory /var/log/ as the
single file messages-archive.tar.
user@host> file archive source /var/log/messages destination /var/log/messages-archive.tar

user@host>
file archive (with Compression)
The following sample command archives and compresses all messages files in the local directory /var/
log/ as the single file messages-archive.tar.
user@host> file archive compress source /var/log/messages* destination /var/log/messages-

archive.tgz
user@host>
145
File Archive Using Secure Copy Protocol (scp) with ’source-address’ and ’routing-instance’
options
To use the scp command to archive a file with the source-address and routing-instance options, enter the
following command:
user@host> file archive source source destination scp:// destination source-address address
routing-instance instance-name
File Archive Compress (with Exclude Option)
The following sample command archives and compresses all messages files in the local directory /var/
log/ and excludes the single file pattern specified.
user@host>file archive compress source /var/log destination /var/tmp/sample exclude trace*

/bin/tar: Removing leading `/' from member names
/bin/tar: /var/log/journal/dbf38b9cae4d11ec862e4fb4fcef8787/system.journal: file changed as we
read it
Release Information
Command introduced before Junos OS Release 7.4.
exclude option added in Junos OS Release 20.3R1 and Junos OS Evolved Release 20.3R1.
routing-instance option added in Junos OS Release 18.4R1.
source-address option added in Junos OS Release 18.4R1.

146
file compare
IN THIS SECTION
Syntax | 146
Description | 146
Options | 147
Output Fields | 147
Sample Output | 147
Syntax
file compare (files filename filename)

<context | unified>
<ignore-white-space>
Description
Compare two local files and describe the differences between them in default, context, or unified output
styles:
• Default—In the first line of output, c means lines were changed between the two files, d means lines
were deleted between the two files, and a means lines were added between the two files. The
numbers preceding this alphabetical marker represent the first file, and the lines after the
alphabetical marker represent the second file. A left angle bracket (<) in front of output lines refers to
the first file. A right angle bracket (>) in front of output lines refers to the second file.
• Context—The display is divided into two parts. The first part is the first file; the second part is the
second file. Output lines preceded by an exclamation point (!) have changed. Additions are marked
with a plus sign (+), and deletions are marked with a minus sign (-).
• Unified—The display is preceded by the line number from the first and the second file (xx,xxx,x).
Before the line number, additions to the file are marked with a plus sign (+), and deletions to the file
147
are marked with a minus sign (-). The body of the output contains the affected lines. Changes are
viewed as additions plus deletions.
Options
files filename Names of two local files to compare.
context (Optional) Display output in context format.
ignore-white-space (Optional) Ignore changes in the amount of white space.
unified (Optional) Display output in unified format.
none
Output Fields
Sample Output
file compare files
user@host> file compare files /tmp/one /tmp/two

100c100
< full-name "File 1";
---
> full-name "File 2";
102c102
< class foo; # 'foo' is not defined
---
> class super-user;
file compare files context
user@host> file compare files /tmp/one /tmp/two context

*** /tmp/one Wed Dec 3 17:12:50 2003
148
--- /tmp/two Wed Dec 3 09:13:14 2003

***************
*** 97,104 ****
}
}
user bill {
! full-name "Bill Smith";
! class foo; # 'foo' is not defined
authentication {
encrypted-password $ABC123;
}
--- 97,105 ----
}
}
user bill {
! full-name "Bill Smith";
! uid 1089;
! class super-user;
authentication {
}
file compare files unified
user@host> file compare files /tmp/one /tmp/two unified

--- /tmp/one Wed Dec 3 17:12:50 2003
+++ /tmp/two Wed Dec 3 09:13:14 2003
@@ -97,8 +97,9 @@
}
}
user bill {
- full-name "Bill Smith";
- class foo; # 'foo' is not defined
+ full-name "Bill Smith";
+ uid 1089;
+ class super-user;
authentication {
}
149
file compare files unified ignore-white-space
user@host> file compare files /tmp/one /tmp/two unified ignore-white-space

--- /tmp/one Wed Dec 3 09:13:10 2003
+++ /tmp/two Wed Dec 3 09:13:14 2003
@@ -99,7 +99,7 @@
user bill {
full-name "Bill Smith";
uid 1089;
- class foo; # 'foo' is not defined
+ class super-user;
authentication {
encrypted-password $ABC123; # SECRET-DATA
}
Release Information

file copy
IN THIS SECTION
Syntax | 150
Description | 150
Options | 150
Sample Output | 151

150
Syntax
file copy source destination

<source-addresssource-address>
<staging-directory directory-location>
Description
Copy files from one location to another location on the local device or to a location on a remote device
reachable by the local device.
For information on valid file name and URL formats, see "Format for Specifying Filenames and URLs in
Junos OS CLI Commands" on page 67.
CAUTION: Starting with Junos OS Release 15.1, the sslv3-support option is not available
for configuration with the set system services xnm-ssl and file copy commands. SSLv3 is no
longer supported and available.
For all releases prior to and including Junos OS Release 14.2, SSLv3 is disabled by
default at runtime. The sslv3-support option is hidden and deprecated in Junos OS
Release 14.2 and earlier releases. However, you can use the set system services xnm-ssl
sslv3-support command to enable SSLv3 for a Junos XML protocol client application to
use as the protocol to connect to the Junos XML protocol server on a router, and you
can use the file copy source destination sslv3-support command to enable the copying of
files from an SSLv3 URL.
Using SSLv3 presents a potential security vulnerability, and we recommend that you not
use SSLv3. For more details about this security vulnerability, see the Juniper Networks
Knowledge Base articlehere.
NOTE: If you define an ordered set of ciphers, key exhange methods, or message authentication
codes (MACs) at the [edit system services ssh] hierarchy level, the newly-defined set is used when
copying files using secure copy protocol (scp). For more information, see Configuring the SSH
Service to Support Legacy Cryptography.
Options
source Specify the source URL.

151
destination Specify the destination URL.
source-addresssource-address (Optional) Specify the local address to use in originating the connection.
staging-directory directory- (Optional) Specify the staging directory on Routing Engine

location
NOTE: If you are using a literal IPv6 address in your command entry, the address must be
enclosed in [ ] brackets. This conforms to RFC 2732.
maintenance
Sample Output
Following are some file copy examples.
Copy a File from the Local Device to a Personal Computer
user@host> file copy /var/tmp/rpd.core.4 mypc:/c/junipero/tmp
...transferring.file...... | 0 KB | 0.3 kB/s | ETA: 00:00:00 | 100%
Copy a Configuration File between Routing Engines
The following sample command copies a configuration file from Routing Engine 0 to Routing Engine 1:
user@host> file copy /config/juniper.conf re1:/var/tmp/copied-juniper.conf

152
Copy a File Using File Transfer Protocol which Requires a Password
You can use FTP with the file copy command for additional privacy. You will be prompted for a
password. The password will display using * symbols when viewing interactive logs. Enter the following
command to enable FTP:
root@host> file copy filename ftp://user@hostname/filename
In the following example, /config/juniper.conf is the local file and hostname is the FTP server:
root@host> file copy /config/juniper.conf ftp://user@hostname/juniper.conf

Password: ******
Receiving ftp: //user@hostname/juniper.conf (2198 bytes): 100%
2198 bytes transferred in 0.0 seconds (2.69 MBps)
NOTE: Starting in Junos OS Evolved release 22.2R2, the password prompt has changed from
Password for user@hostname: to Password:
Copy a File Using a Staging Directory
The following sample command copies a file using a staging directory
user@host> file copy re1:/var/tmp/junos-install-x.log /root/ staging-directory /var/tmp/tmp1
Release Information
source-address option added in Junos OS Release 7.4.
staging-directory option added in Junos OS Release 17.3R1.

153
file list
IN THIS SECTION
Syntax | 153
Description | 153
Options | 153
Additional Information | 154
Sample Output | 154
Syntax
file list <detail | recursive> <path>
Description
Display a list of files on the local router or switch.
Options
none Display a list of files in the default directory. The default directory is the home directory of
the user logged in to the router or switch.
detail (Optional) Display detailed information about the files. The output is similar to what is
displayed by the Linux ls -l command.
recursive (Optional) Display detailed information about the files in the directory and all subdirectories
below it.
path (Optional) List the files in a specified directory path. The path name cannot contain any
special characters (![ =;|(){}]).
154
Additional Information
To view available directories, enter a space and then a slash (/) after the file list command. To view files
within a specific directory, include a slash followed by the directory and, optionally, subdirectory name
after the file list command.
maintenance
Sample Output
file list
The following command lists the contents of the /var/tmp directory.
user@host> file list /var/tmp
/var/tmp:
trace_debug
package.log
pics/
downloads/
file list (detailed)
The following command lists detailed information about the contents of the /var/tmp directory.
user@host> file list /var/tmp detail
/var/tmp/:
total blocks: 4276224
-rw-r--r-- 1 user group 1362 Oct 16 11:11 trace_debug
-rw-r--r-- 1 user group 108 Aug 9 2016 package.log
drwxrwxrwx 2 user group 512 Jun 30 2016 pics/
drwxr-xr-x 3 user group 512 Aug 9 2016 downloads/
total files: 2
155
file list (recursive)
The following command lists detailed information about the contents of the /var/tmp directory and all
subdirectories below it.
user@host> file list /var/tmp recursive
/var/tmp/:
-rw-r--r-- 1 user group 1362 Oct 16 11:11 trace_debug
-rw-r--r-- 1 user group 108 Aug 9 2016 package.log
drwxrwxrwx 2 user group 512 Jun 30 2016 pics/
drwxr-xr-x 3 user group 512 Aug 9 2016 downloads/
total files: 2
/var/tmp/pics:
-rw-r--r-- 1 user group 1910 Oct 15 2016 image3.png
-rw-r--r-- 1 user group 1852 Oct 15 2016 image2.png
-rw-r--r-- 1 user group 1310 Aug 9 2016 image1.png
total files: 3
/var/tmp/downloads:
total blocks: 24
-rw-r--r-- 1 user group 108 Aug 21 2016 package2.log
-rw-r--r-- 1 user group 108 Aug 9 2016 package1.log
drwxr-xr-x 2 user group 512 Aug 9 2016 sub-download/
total files: 2
/var/tmp/downloads/sub-download:
total blocks: 16
total files: 0
Release Information

156
file rename
IN THIS SECTION
Syntax | 156
Description | 156
Options | 156
Output Fields | 156
Sample Output | 157
Syntax
file rename source destination
Description
Rename a file on the local router or switch.
Options
destination New name for the file.
source Original name of the file. For a routing matrix, the filename must include the chassis
information.
maintenance
Output Fields
157
Sample Output
file rename
The following example lists the files in /var/tmp, renames one of the files, and then displays the list of
files again to reveal the newly named file.

dcd.core
rpd.core
snmpd.core
user@host> file rename /var/tmp/dcd.core /var/tmp/dcd.core.990413

dcd.core.990413
rpd.core
snmpd.core
file rename (Routing Matrix)
The following example lists the files in /var/tmp, renames one of the files, and then displays the list of
files again to reveal the newly named file.
user@host> file list lcc0-re1:/var/tmp

lcc0-re1:
--------------------------------------------------------------------------
/var/tmp:
.pccardd
sartre.conf
snmpd
syslogd.core-tarball.0.tgz
user@host> file rename lcc0-re0:/var/tmp/snmpd /var/tmp/snmpd.rr

user@host> file list lcc0-re1:/var/tmp
lcc0-re1:
158
--------------------------------------------------------------------------
/var/tmp:
.pccardd
sartre.conf
snmpd.rr
syslogd.core-tarball.0.tgz
Release Information
file show
IN THIS SECTION
Syntax | 158
Description | 158
Options | 159
Output Fields | 159
Sample Output | 159
Syntax
file show filename

<encoding (base64 | raw)>
Description
Display the contents of a file.

159
Options
filename Name of a file. For a routing matrix, the file name must include the chassis
information.
encoding (base64 | (Optional) Encode file contents with base64 encoding or show raw text.
raw)
maintenance
Output Fields
Sample Output
file show
user@host> file show /var/log/messages

Apr 13 21:00:08 dev1 /kernel: so-1/1/2: loopback suspected; going to standby.
Apr 13 21:00:40 dev1 /kernel: so-1/1/2: loopback suspected; going to standby.
Apr 13 21:02:48 dev1 last message repeated 4 times
Apr 13 21:07:04 dev1 last message repeated 8 times
Apr 13 21:07:13 dev1 /kernel: so-1/1/0: Clearing SONET alarm(s) RDI-P
Apr 13 21:07:29 dev1 /kernel: so-1/1/0: Asserting SONET alarm(s) RDI-P
...
file show (Routing Matrix)
user@host> file show lcc0-re0:/var/tmp/.gdbinit

lcc0-re0:
--------------------------------------------------------------------------
####################################################################
# Settings
####################################################################
set print pretty

160
####################################################################
# Basic stuff
####################################################################
define msgbuf
printf "%s", msgbufp->msg_ptr
end
# hex dump of a block of memory
# usage: dump address length
define dump
p $arg0, $arg1
set $ch = $arg0
set $j = 0
set $n = $arg1
while ($j < $n)
#printf "%x %x ",&$ch[$j],$ch[$j]
printf "%x ",$ch[$j]
set $j = $j + 1
if (!($j % 16))
printf "\n"
end
end
end
Release Information

161
CHAPTER 9
System Software Administrative Commands
IN THIS CHAPTER
request message | 169
request system configuration database resize | 171
request system logout | 181
request system power-off | 190
request system process terminate | 197
request system reboot (Junos OS) | 198
request system software abort | 220
request system software add (Junos OS) | 223
request system zeroize (Junos OS) | 241
show chassis hardware | 245
show host | 276
show log | 278
show system connections | 285
show version (Junos OS) | 297
start shell | 300

162
clear system reboot
IN THIS SECTION
Syntax | 162
Syntax (EX Series Switches) | 162
Syntax (TX Matrix Router) | 163
Syntax (TX Matrix Plus Router) | 163
Syntax (QFX Series) | 163
Description | 163
Options | 163
Output Fields | 165
Sample Output | 165
Syntax
clear system reboot

<both-routing-engines>
Syntax (EX Series Switches)
clear system reboot

<all-members>
<local>
<member member-id>
163
Syntax (TX Matrix Router)
clear system reboot

<all-chassis | all-lcc | lcc number | scc>
Syntax (TX Matrix Plus Router)
clear system reboot

<all-chassis | all-lcc | lcc number | sfc number>
Syntax (QFX Series)
clear system reboot

<infrastructure name>
<interconnect-device name>
<node-group name>
Description
Clear any pending system software reboots or halts. When issued on a TX Matrix router without any
options, the default behavior clears all pending system software reboots or halts on all T640 routers
connected to the TX Matrix router. When issued on a TX Matrix Plus router without any options, the
default behavior clears all pending system software reboots or halts on all T1600 or T4000 routers
connected to the TX Matrix Plus router.
Options
none Clear all pending system software reboots or halts.
all-chassis (TX Matrix routers and TX Matrix Plus routers only) (Optional) Clear all halt or
reboot requests for all the Routing Engines in the chassis.
all-lcc (TX Matrix routers and TX Matrix Plus routers only) (Optional) On a TX Matrix
router, clear all halt or reboot requests for all T640 routers (or line-card chassis)
164
connected to the TX Matrix router. On a TX Matrix Plus router, clear all halt or
reboot requests on the l connected T1600 or T4000 LCCs.
all-members (EX4200 switches only) (Optional) Clear all halt or reboot requests on all members
of the Virtual Chassis configuration.
both-routing- (Systems with multiple Routing Engines) (Optional) Clear all halt or reboot requests
engines on both Routing Engines. On a TX Matrix router, clear both Routing Engines on all
chassis connected to the TX Matrix router. Likewise, on a TX Matrix Plus router,
clear both Routing Engines on all chassis connected to the TX Matrix Plus router.
infrastructure (QFabric systems) (Optional) Clear all halt or reboot requests on the fabric control
name Routing Engines or fabric manager Routing Engines.
interconnect- (QFabric systems) (Optional) Clear all halt or reboot requests on the Interconnect
device name device.
lcc number (TX Matrix routers and TX Matrix Plus routers only) (Optional) On a TX Matrix
router, clear all halt or reboot requests for a specific T640 router that is connected
to the TX Matrix router. On a TX Matrix Plus router, clear all halt or reboot requests
for a specific router that is connected to the TX Matrix Plus router.
Replace number with the following values depending on the LCC configuration:
• 0 through 3, when T640 routers are connected to a TX Matrix router in a

routing matrix.
• 0 through 3, when T1600 routers are connected to a TX Matrix Plus router in a

routing matrix.
• 0 through 7, when T1600 routers are connected to a TX Matrix Plus router with
3D SIBs in a routing matrix.
• 0, 2, 4, or 6, when T4000 routers are connected to a TX Matrix Plus router with

local (EX4200 switches only) (Optional) Clear all halt or reboot requests on the local
Virtual Chassis member.
member member- (EX4200 switches only) (Optional) Clear all halt or reboot requests on the specified
id member of the Virtual Chassis configuration. Replace member-id with a value from 0
through 9.
node-group name (QFabric systems) (Optional) Clear all halt or reboot requests on the Node group.
165
scc (TX Matrix routers only) (Optional) Clear all halt or reboot requests for the TX
Matrix router (or switch-card chassis).
sfc number (TX Matrix Plus routers only) (Optional) Clear all halt or reboot requests for the TX
Matrix Plus router. Replace number with 0.
maintenance
Output Fields
Sample Output
clear system reboot
user@host> clear system reboot

reboot requested by root at Sat Dec 12 19:37:34 1998
[process id 17855]
Terminating...
clear system reboot (TX Matrix Router)
user@host> clear system reboot

scc-re0:
--------------------------------------------------------------------------
No shutdown/reboot scheduled.
lcc0-re0:
--------------------------------------------------------------------------
lcc2-re0:
--------------------------------------------------------------------------
166
clear system reboot (QFX Series)
user@switch> clear system reboot node-group node1

Release Information
sfc option introduced for the TX Matrix Plus router in Junos OS Release 9.6.
request system reboot

Routing Matrix with a TX Matrix Plus Router Solutions Page
request flight-recorder set high-cpu
IN THIS SECTION
Syntax | 166
Description | 167
Options | 167
Output Fields | 168
Sample Output | 169
Syntax
request flight-recorder set high-cpu

<disable>
167
<backoff-duration seconds>
<collect-core>
<cpu-threshold percentage>
<logical-system>
<num-snapshots number>
<polling-frequency frequency>
Description
Enable flight recorder tool to collect snapshots of historical data on when the CPU utilization for the
routing protocol process on a device was high and what processes caused the high utilization. The
detection of high CPU usage enables faster resolution of issues.
The recorded snapshots and core files are saved as log files in a folder under the /var/log/
flight_recorder/ directory. The log files are listed in the order of time stamp saved. The folder format is
Flr_MONTH_DD_YYYY_HH:MM:SS; for example, Flr_May_09_2018_02:20:50. Each log file in the directory includes the
following information:
• Output from the show task accounting detail command (after enabling and waiting for 10 seconds).
• Output from the show task jobs command.
• Running core data stored in a separate core log file, if enabled.
Options
none Enable flight recorder tool to collect snapshots of data used for detecting high CPU
utilization. The recorded snapshots and core files are saved as log files in a folder
under the /var/log/flight_recorder/.
disable Disable flight recorder tool that has been enabled using the request flight-recorder set
high-cpu command.
• Default: Disabled.
backoff- (Optional) Specify the time interval in seconds between two snapshots of data.
duration
seconds • Default: 100 seconds.
• Range: 10 through 1000.
collect-core (Optional) Perform snapshot collection of the running core with every snapshot of
data taken.
168
When the collect-core option is enabled, the data snapshots are stored in a separate
core log file in a folder under the /var/log/flight_recorder/ directory. The folder
format is Flr_MONTH_DD_YYYY_HH:MM:SS; for example, Flr_May_09_2018_02:20:50.
cpu-threshold (Optional) Specify the maximum value of CPU utilization in percentage, beyond which
percentage the collection of data is triggered.
• Default: 80
logical-system (Optional) Enable data collection on logical systems.
num-snapshots (Optional) Specify the number of snapshots of data to be collected before quitting the
number collection process.
• Default: 0
polling- (Optional) Specify the time in seconds for polling for high CPU utilization.
frequency
seconds • Default: 10 seconds.
root
Output Fields
169
Sample Output
request flight-recorder set high-cpu (Enable flight-recorder)
user@host> request flight-recorder set high-cpu cpu-threshold 10 polling-frequency 5 backoff-

duration 10 collect-core num-snapshots 1
Please wait....Starting flight-recorder process.
request flight-recorder set high-cpu disable (When flight-recorder is enabled)
user@host> request flight-recorder set high-cpu disable

Disabling Done
request flight-recorder set high-cpu disable (When flight-recorder is disabled)
user@host> request flight-recorder set high-cpu disable

Flight Recorder is not running!
Release Information
Command introduced in Junos OS Release 18.2R1.
request message
IN THIS SECTION
Syntax | 170
Description | 170
170
Options | 170
Output Fields | 170
Sample Output | 171
Syntax
request message all message "text"

request message message "text" (terminal terminal-name | user user-name)
Description
Display a message on the screens of all users who are logged in to the router or switch or on specific
screens.
Options
all Display a message on the terminal of all users who are currently logged in.
message "text" Message to display.
terminal terminal-name Name of the terminal on which to display the message.
user user-name Name of the user to whom to direct the message.
maintenance
Output Fields
171
Sample Output
request message message
user@host> request message message "Maintenance window in 10 minutes" user maria

Message from user@host on ttyp0 at 20:27 ...
Maintenance window in 10 minutes
EOF
Release Information
request system configuration database resize
IN THIS SECTION
Syntax | 171
Description | 172
Options | 172
Output Fields | 173
Sample Output | 173
Syntax

<force>
<re0 | re1>
<routing-engine backup | master | both | local>
172
Description
You might require to perform a resizing of the configuration database as a result of performing frequent
load replacement operations which replaces the configuration hierarchy with the new configuration.
When this occurs, deleted objects store in the database, and the memory allocated in the database is
freed after the commit is completed. However, during this process the database size on disk can grow
although the actual configuration size is actually less.
The request system configuration database resize command provides you with a manual method to resize the
configuration database. The system will display Database resize completed when the configuration database
has been successfully resized.
Use the show system configuration database usage command to display configuration database disk space
usage statistics. The Current database size on disk field will display the change in database size related
to the use of the resize command. See show system configuration database usage.
Options
force (Optional) If there are uncommitted changes and you execute the request system configuration
database resize command, the command will fail and an error will be generated (error:
Database resize failed, Configuration Database Modified.). To execute the command when this
occurs, use the force option to discard the uncommitted changes.
re0 | re1 (Optional) If a router has dual Routing Engines, re0 and re1 identify the specific routing
engine that is to execute the request system configuration database resize command. re0 is for
the Routing Engine in slot 0 and re1 is for the Routing Engine in slot 1.
routing- (Optional) To execute the request system configuration database resize command on a specific
engine routing engine, or on both routing engines, in a redundant configuration you can specify
one of the following:
• backup—Resizes the configuration database on the backup routing engine in a

redundant configuration.
• primary—Resizes the configuration database on the primary routing engine in a

redundant configuration.
• both—Resizes the configuration database on both routing engines.
• local—Resizes the configuration database on the local routing engine.

173
Include below is a set of usage guidelines when using the request system configuration database resize
command:
• All other configuration sessions will be closed on the routing engine to remove the old mappings to
the configuration database.
• This command cannot be run from configuration mode.
• Do not execute the request system configuration database resize command when a commit is in progress.
• During the time when the request system configuration database resize command is in progress, a new
configuration session cannot be opened. A warning message will appear instructing you that the
configuration database is being resized (warning: Database is being resized).
• If there are uncommitted changes and the command is executed, the command will fail and an error
will be generated (error: Database resize failed, Configuration Database Modified.). To execute the
command when this occurs, use the force option to discard the uncommitted changes.
• To execute the command on both routing engines use the request system configuration database resize
routing-engine both command.
• Do not terminate the command when it is in progress (for example, by specifying Ctrl+c or Ctrl+z).
maintenance
Output Fields
Sample Output
user@host> show system configuration database usage

Maximum size of the database: 1309.99 MB
Current database size on disk: 500.00 MB
Actual database usage: 176.81 MB
Available database space: 1133.18 MB
user@host> request system configuration database resize

174
Database resize completed

Available database space: 1133.52 M
Release Information
request system halt
IN THIS SECTION
Syntax | 175
Syntax (PTX Series) | 175
Syntax (MX Series Router) | 176
Syntax (SRX Series) | 176
Description | 177
Options | 177
Output Fields | 179
Sample Output | 179

175
Syntax
request system halt

<at time>
<backup-routing-engine>
<other-routing-engine>
<in minutes>
<media (compact-flash | disk | removable-compact-flash | usb)>
<message "text">
request system halt

<all-members>
<at time>
<in minutes>
<local>
<media (external | internal)>
<member member-id>
<message "text">
<slice slice>
Syntax (PTX Series)
request system halt

<at time>
<in minutes>
<media (compact-flash | disk)>
<message "text">
176
Syntax (MX Series Router)
request system halt

<all-members>
<at time>
<in minutes>
<local>
<member member-id>
<message "text">
Syntax (QFX Series)
request system halt

<all-members>
<at time>
<director-device director-device-id>
<in minutes>
<local>
<media >
<member member-id>
<message "text">
<slice slice>
Syntax (SRX Series)
request system halt

<at time>
<in minutes>
<media (compact-flash | disk | usb)>
<message "text">
177
Description
Stop the device software.
NOTE: When you issue this command on an individual component—for example, a Node device
—in a QFabric system, you will receive a warning that says “Hardware-based members will halt,
Virtual Junos Routing Engines will reboot.” If you want to halt only one member of a Node group,
issue this command with the member option on the Node device CLI, because you cannot issue this
command from the QFabric CLI. Also, issuing this command might cause traffic loss on an
individual component.
When you issue this command on a QFX5100 switch, you are not prompted to reboot. You must
power cycle the switch to reboot.
NOTE: For the routers with the Routing Engines RE-S-2x00x6, RE-PTX-2x00x8, and RE-
S-2x00x8, this command is deprecated and might be removed completely in a future release.
On these routers, this command is replaced with the request vmhost halt command which provides
similar functionality.
Options
none Stop the router or switch software immediately.
all-members (Optional) Halt all members of the Virtual Chassis configuration.
at time (Optional) Time at which to stop the software, specified in one of the following
ways:
• now—Stop the software immediately. This is the default.
• +minutes—Number of minutes from now to stop the software.
• yymmddhhmm—Absolute time at which to stop the software, specified as year, month,

day, hour, and minute.
• hh:mm—Absolute time on the current day at which to stop the software.
backup-routing- (Optional) Halt the backup Routing Engine. This command halts the backup Routing
engine Engine, regardless from which Routing Engine the command is executed. For
example, if you issue the command from the primary Routing Engine, the backup
178
Routing Engine is halted. If you issue the command from the backup Routing Engine,
the backup Routing Engine is halted.
both-routing- (Optional) Halt both Routing Engines at the same time.

engines
director-device (QFabric systems only) Halt a specific Director device.
director-device-
id
local (Optional) Halt the local Virtual Chassis member.
in minutes (Optional) Number of minutes from now to stop the software. This option is an alias
for the at +minutes option.
media (compact- (Optional) Boot medium for the next boot.

flash | disk)
media (external | (EX Series and QFX Series switches and MX Series routers only) (Optional) Halt the
internal) boot media:
• external—Halt the external mass storage device.
• internal—Halt the internal flash device.
media (compact- (SRX Series only) (Optional) Boot media for the next boot.
flash | disk | usb)
• compact-flash— Standard boot from a flash device.
• disk— Boot from a hard disk.
• usb— Boot from a USB device.
member (Optional) Halt the specified member of the Virtual Chassis configuration. For an MX
member-id Series Virtual Chassis, member-id can only be 0 or 1.
message "text" (Optional) Message to display to all system users before stopping the software.
other-routing- (Optional) Halt the other Routing Engine from which the command is issued. For
engine example, if you issue the command from the primary Routing Engine, the backup
Routing Engine is halted. Similarly, if you issue the command from the backup
Routing Engine, the primary Routing Engine is halted.
slice slice (EX Series and QFX Series switches only) (Optional) Halt a partition on the boot
media. This option has the following suboptions:
• 1—Halt partition 1.
179
• 2—Halt partition 2.
• alternate—Reboot from the alternate partition.
On the M7i router, the request system halt command does not immediately power down the Packet
Forwarding Engine. The power-down process can take as long as 5 minutes.
maintenance
Output Fields
Sample Output
request system halt
user@host> request system halt

Halt the system ? [yes,no] (no) yes
*** FINAL System shutdown message from root@section2 ***

System going down IMMEDIATELY
Terminated
...
syncing disks... 11 8 done
The operating system has halted.
Please press any key to reboot.
request system halt (SRX Series)
user@host> request system halt

Halt the system ? [yes,no] (no) yes
*** FINAL System shutdown message from user@host ***

180
Shutdown NOW!
[pid 7560]
user@host> Dec 8 08:57:37 Waiting (max 60 seconds) for system process `vnlru' to stop...done
Waiting (max 60 seconds) for system process `vnlru_mem' to stop...done
Waiting (max 60 seconds) for system process `bufdaemon' to stop...done
Waiting (max 60 seconds) for system process `syncer' to stop...
Syncing disks, vnodes remaining...2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 done
syncing disks... All buffers synced.

Uptime: 2d16h25m9s
recorded reboot as normal shutdown
The operating system has halted.

Please press any key to reboot.
request system halt (In 2 Hours)
The following example, which assumes that the time is 5 PM (1700), illustrates three different ways to
request that the system stop 2 hours from now:
user@host> request system halt at +120

user@host> request system halt in 120
user@host> request system halt at 19:00
request system halt (Immediately)
user@host> request system halt at now

181
request system halt (At 1:20 AM)
To stop the system at 1:20 AM, enter the following command. Because 1:20 AM is the next day, you
must specify the absolute time.
user@host> request system halt at yymmdd120

request system halt at 120
Halt the system at 120? [yes,no] (no) yes
Release Information
other-routing-engine option introduced in Junos OS Release 8.0.
director-device option introduced for QFabric systems in Junos OS Release 12.2.
backup-routing-engine option introduced in Junos OS Release 13.1.
clear system reboot

request system power-off
request vmhost halt
request system logout
IN THIS SECTION
Syntax | 182
Description | 182
Options | 182
Output Fields | 182
Sample Output | 183

182
Syntax
request system logout (pid pid | terminal terminal | user username)

<all>
Description
Log out users from the router or switch and the configuration database. If a user held the configure
exclusive lock, this command clears the exclusive lock.
Options
all (Optional) Log out all sessions owned by a particular PID, terminal session, or user.
(On a TX Matrix or TX Matrix Plus router, this command is broadcast to all chassis.)
pid pid Log out the user session using the specified management process identifier (PID).
The PID type must be management process.
terminal Log out the user for the specified terminal session.
terminal
user username Log out the specified user.
configure
Output Fields
183
Sample Output
request system logout
user@host> request system logout user test all

Connection closed by foreign host.
Release Information
request system partition abort
IN THIS SECTION
Syntax | 184
Description | 184
Options | 184
Output Fields | 186
Sample Output | 186

184
Syntax



<all-members>
<local>
<member member-id>
Description
Terminate a previously scheduled storage media partition operation. If the command is issued between
the time of a partition request and a reboot, the partition request is terminated and the storage media is
not affected.
Options
all-chassis (TX Matrix and TX Matrix Plus routers only) (Optional) Terminate a previously scheduled
partition operation for all chassis.
all-lcc (TX Matrix and TX Matrix Plus routers only) (Optional) On a TX Matrix router, terminate
a previously scheduled partition operation on all T640 routers ( line-card chassis)
connected to the TX Matrix router. On a TX Matrix Plus router, terminate a previously
185
scheduled partition operation on all routers ( line-card chassis) connected to the TX

Matrix Plus router.
all-members (MX Series routers only) (Optional) Terminate a previously scheduled partition operation
for all members of the Virtual Chassis configuration.
lcc number (TX Matrix and TX Matrix Plus routers only) (Optional) On a TX Matrix Plus router,
terminate a previously scheduled partition operation on a specific T640 router that is
connected to the TX Matrix router. On a TX Matrix Plus router, terminate a previously
scheduled partition operation on a specific router that is connected to the TX Matrix
Plus router.
• 0 through 3, when T640 routers are connected to a TX Matrix router in a routing

matrix.

routing matrix.
• 0 through 7, when T1600 routers are connected to a TX Matrix Plus router with 3D
SIBs in a routing matrix.
• 0, 2, 4, or 6, when T4000 routers are connected to a TX Matrix Plus router with 3D

local (MX Series routers only) (Optional) Terminate a previously scheduled partition operation
for the local Virtual Chassis member.
member (MX Series routers only) (Optional) Terminate a previously scheduled partition operation
member-id for the specified member of the Virtual Chassis configuration. Replace member-id with a
value of 0 or 1.
scc (TX Matrix routers only) (Optional) Terminate a previously scheduled partition operation
on the TX Matrix router (or switch-card chassis).
sfc number (TX Matrix Plus routers only) (Optional) Terminate a previously scheduled partition
operation on the TX Matrix Plus router (or switch-fabric chassis). Replace number with 0.
maintenance
186
Output Fields
Sample Output
request system partition terminate
user@host> request system partition abort

The hard disk is no longer scheduled to be partitioned.
Release Information
Command deprecated for Junos OS with Upgraded FreeBSD in Junos OS Release 15.1.
request system partition hard-disk
IN THIS SECTION
Syntax | 187

187
Description | 188
Options | 188
Output Fields | 189
Sample Output | 189
Syntax



<all-members>
<local>
<member member-id>
188
Description
Set up the hard disk for partitioning. After this command is issued, the hard disk is partitioned the next
time the system is rebooted. When the hard disk is partitioned, the contents of /altroot and /altconfig
are saved and restored. All other data on the hard disk is at risk of being lost.
Options
all-chassis (TX Matrix routers and TX Matrix Plus routers only) (Optional) Schedule a partition of the
hard disk for all routers in the chassis at its next reboot.
all-lcc (TX Matrix and TX Matrix Plus routers only) (Optional) On a TX Matrix router, schedule a
partition of the hard disk on all T640 routers connected to the TX Matrix router at their
next reboot. On a TX Matrix Plus router, schedule a partition of the hard disk on all
connected LCCs.
all-members (MX Series routers only) (Optional) Schedule a partition of the hard disk for all members
of the Virtual Chassis configuration.
lcc number (TX Matrix routers and TX Matrix Plus routers only) (Optional) On a TX Matrix Plus
router, schedule a partition of the hard disk on a specific T640 router connected to the
TX Matrix router. On a TX Matrix Plus router, schedule a partition of the hard disk on a
specific router that is connected to the TX Matrix Plus router.

matrix.

routing matrix.

local (MX Series routers only) (Optional) Schedule a partition of the hard disk for the local
member of the Virtual Chassis.
member (MX Series routers only) (Optional) Schedule a partition of the hard disk for the specified
member-id member of the Virtual Chassis configuration. Replace member-id with a value of 0 or 1.
189
scc (TX Matrix routers only) (Optional) Schedule a partition of the hard disk on the T640
router connected to the TX Matrix router (or switch-card chassis).
sfc number (TX Matrix Plus routersonly) (Optional) Schedule a partition of the hard disk on the
connected T1600 or T4000 LCCs connected to the TX Matrix Plus router . Replace number
with 0.
To immediately partition the hard disk, use the request system reboot command. To cancel the partition
request, use the request system partition abort command.
maintenance
Output Fields
Sample Output
user@host> request system partition hard-disk

WARNING: The hard disk is about to be partitioned. The contents
WARNING: of /altroot and /altconfig will be saved and restored.
WARNING: All other data is at risk. This is the setup stage, the
WARNING: partition happens during the next reboot.
Setting up to partition the hard disk ...
WARNING: A REBOOT IS REQUIRED TO PARTITION THE HARD DISK. Use the

WARNING: 'request system reboot' command when you are ready to proceed
WARNING: with the partitioning. To abort the partition of the hard disk
WARNING: use the 'request system partition abort' command.
190
Release Information
Command deprecated for Junos OS with Upgraded FreeBSD in Junos OS Release 15.1.

IN THIS SECTION
Syntax | 191
Description | 193
Options | 193
Output Fields | 196
Sample Output | 196

191
Syntax

<at time>
<in minutes>
<message "text">

<all-members>
<at time>
<in minutes>
<local>
<member member-id>
<message "text">
<slice slice>

<at time>
<in minutes>
192

<message "text">

<at time>
<in minutes>
<message "text">

<all-members>
<at time>
<in minutes>
<local>
<member member-id>
<message "text">
Syntax (QFX Series)

<at time>
<in minutes>
<message "text">
<slice slice>
193
Description
Power off the Routing Engines.
NOTE: When you issue this command on an individual component in a QFabric system, you will
receive a warning that says “Hardware-based members will halt, Virtual Junos Routing Engines
will reboot.” If you want to halt only one member, use the member option. You cannot issue this
command from the QFabric CLI.
NOTE: For a standalone chassis (such as MX Series, PTX Series, and T Series routers), the request
to power off the system is applicable only to the Routing Engines. When you request to power
off both Routing Engines, all the FPCs in the chassis shut down after approximately 10 minutes
and the chassis fans run at full speed. The FPCs shut down because they no longer have
communication with the Routing Engines and an Inter-Integrated Circuit (l2C) timeout occurred.
NOTE: For the routers with Routing Engines RE-S-2x00x6, RE-PTX-2x00x8, and RE-S-2x00x8,
this command is deprecated and might be removed completely in a future release.
On these routers, this command is replaced with the request vmhost power-off command which
provides similar functionality.
Options
none Power off the router or switch software immediately.
all-chassis (Optional) (TX Matrix and TX Matrix Plus router only) Power off all Routing Engines in
the chassis.
all-lcc (Optional) (TX Matrix and TX Matrix Plus router only) On a TX Matrix router, power off
all T640 routers (or line-card chassis) connected to the TX Matrix router. On a TX
Matrix Plus router, power off all T1600 routers (or line-card chassis) connected to the
TX Matrix Plus router.
all-members (EX4200 switches and MX Series routers only) (Optional) Power off all members of the
Virtual Chassis configuration.
at time (Optional) Time at which to power off the software, specified in one of the following
ways:
194
• now—Power off the software immediately. This is the default.
• +minutes—Number of minutes from now to power off the software.
• yymmddhhmm—Absolute time at which to power off the software, specified as year,

month, day, hour, and minute.
• hh:mm—Absolute time on the current day at which to power off the software.
both-routing- (Optional) Power off both Routing Engines at the same time.
engines
in minutes (Optional) Number of minutes from now to power off the software. This option is an
alias for the at +minutes option.
lcc number (Optional) (TX Matrix and TX Matrix Plus router only) On a TX Matrix router, power off
a T640 router that is connected to the TX Matrix router. On a TX Matrix Plus router,
power off a specific router that is connected to the TX Matrix Plus router.

matrix.

routing matrix.

local (EX4200 switches and MX Series routers only) (Optional) Power off the local Virtual
Chassis member.
media (Optional) Boot medium for the next boot.

(compact-
flash | disk)
media (EX Series and QFX Series switches and MX Series routers only) (Optional) Power off
(external | the boot media:
internal)
• external—Power off the external mass storage device.
• internal—Power off the internal flash device.

195
member (EX4200 switches and MX Series routers only) (Optional) Power off the specified
member-id member of the Virtual Chassis configuration. For EX4200 switches, replace member-id
with a value from 0 through 9. For an MX Series Virtual Chassis, replace member-id with a
value of 0 or 1.
message (Optional) Message to display to all system users before powering off the software.
"text"
other- (Optional) Power off the other Routing Engine from which the command is issued. For
routing- example, if you issue the command from the primary Routing Engine, the backup
engine
Routing Engine is halted. Similarly, if you issue the command from the backup Routing
Engine, the primary Routing Engine is halted.
scc (Optional) (TX Matrix router only) Power off only the primary Routing Engine or the
backup Routing Engine on the TX Matrix router (or switch-card chassis). If you issue the
command from the primary Routing Engine, the primary SCC is powered off. If you issue
the command from the backup Routing Engine, the backup SCC is powered off.
sfc number (Optional) (TX Matrix Plus router only) Power off only the primary Routing Engine or the
backup Routing Engine on the TX Matrix Plus router (or switch-fabric chassis). If you
issue the command from the primary Routing Engine, the primary SFC is powered off. If
you issue the command from the backup Routing Engine, the backup SFC is powered
off. Replace number with zero.
slice slice (EX Series and QFX Series switches only) (Optional) Power off a partition on the boot
media. This option has the following suboptions:
• 1—Power off partition 1.
• 2—Power off partition 2.
On a routing matrix composed of a TX Matrix router and T640 routers, if you issue the request system
power-off command on the TX Matrix primary Routing Engine, all the primary Routing Engines connected
to the routing matrix are powered off. If you issue this command on the backup Routing Engine, all the
backup Routing Engines connected to the routing matrix are powered off.
Likewise, on a routing matrix composed of a TX Matrix Plus router and T1600 routers, if you issue the
request system power-off command on the TX Matrix Plus primary Routing Engine, all the primary Routing
Engines connected to the routing matrix are powered off. If you issue this command on the backup
Routing Engine, all the backup Routing Engines connected to the routing matrix are powered off.
196
If you issue the request system power-off both-routing-engines command on the TX Matrix or TX Matrix Plus
router, all the Routing Engines on the routing matrix are powered off.
maintenance
Output Fields
Sample Output
user@host> request system power-off message “This router will be powered off in 30 minutes.
Please save your data and log out immediately.”
warning: This command will not halt the other routing-engine.
If planning to switch off power, use the both-routing-engines option.
Power Off the system ? [yes,no] (no) yes
*** FINAL System shutdown message from remote@nutmeg ***

This router will be powered off in 30 minutes. Please save your data and log out
immediately.
Shutdown NOW!
[pid 5177]
Release Information
Command introduced in Junos OS Release 8.0.

197
request system process terminate
IN THIS SECTION
Syntax | 197
Description | 197
Options | 197
Output Fields | 198
Sample Output | 198
Syntax
request system process terminate process-id
Description
Terminate any process that you specify with the process identification number (process ID or pid). The
request system process terminate command is an alternative to using the restart command. The restart
command terminates and restarts a process that you specify by process name, but limits you to only
certain well-known processes.
CAUTION: Caution: Never terminate a software process unless instructed to do so by a

customer support engineer. Restarting processes could cause unknown system behavior
resulting in partial or complete traffic loss.
Use the show system processes command to display a list of processes by process ID.
Options
process-id Identification number for a process.

198
maintenance
Output Fields
When you enter this command, you are not provided feedback on the status of your request. You can
use the show system processes extensive command to confirm the process that was terminated.
Sample Output
request system process terminate
user@host> request system process terminate 1514
Release Information

request system reboot (Junos OS)
IN THIS SECTION
Syntax | 199
Syntax (EX Series Switches and EX Series Virtual Chassis) | 199
Syntax (MX Series Routers and MX Series Virtual Chassis, EX9200 Switches and EX9200 Virtual
Chassis) | 200
Syntax (QFabric Systems) | 200
Syntax (QFX Series Switches and QFX Series Virtual Chassis, Virtual Chassis Fabric) | 200
199
Description | 201
Options | 202
Output Fields | 206
Sample Output | 206
Syntax

<at time>
<in minutes>
<message "text">
Syntax (EX Series Switches and EX Series Virtual Chassis)

<all-members | local | member member-id>
<at time>
<in minutes>
<media (external | internal)> | <media (compact-flash | disk | removable-compact-flash | usb)>
<message "text">
<slice slice>
200
Syntax (MX Series Routers and MX Series Virtual Chassis, EX9200 Switches and
EX9200 Virtual Chassis)

<at time>
<in minutes>
<media (external | internal)> | <media (compact-flash | disk | usb)> | <junos | network | oam |
usb>
<message "text">
Syntax (QFabric Systems)

<all <graceful>>
<at time>
<director-device name>
<director-group <graceful>>
<fabric <graceful>>
<in minutes>
<in-service>
<media>
<message “text”>
<node-group name>
<slice slice>
Syntax (QFX Series Switches and QFX Series Virtual Chassis, Virtual Chassis Fabric)

<at time>
<in minutes>
<in-service>
<hypervisor>
<junos | network | oam | usb>
201
<message “text”>
<slice slice>

<at time>
<in minutes>
<message "text">

<at time>
<in minutes>
<message "text">
<partition (1 | 2 | alternate)>
Description
Use this command to reboot the device software.
This command can be used on standalone devices and on devices supported in a Virtual Chassis, Virtual
Chassis Fabric, or QFabric system.
Starting with Junos OS Release 15.1F3, the request system reboot command reboots only the guest
operating system on the PTX5000 with RE-PTX-X8-64G and, MX240, MX480, and MX960 with RE-S-
X6-64G.
Starting with Junos OS Release 15.1F5, the request system reboot command reboots only the guest
operating system on the MX2010, and MX2020 with REMX2K-X8-64G.
202
Starting from Junos OS Release 17.2R1, PTX10008 routers do not support the request system reboot
command. Starting from Junos OS Release 17.4R1, PTX10016 routers do not support the request system
reboot command. Use the request vmhost reboot command instead of the request system reboot command on
the PTX10008 and PTX10016 routers to reboot the Junos OS software package or bundle on the
router. See request vmhost reboot.
Starting from Junos OS Release 19.1R1, the PTX10002-60C router and the QFX10002-60C switch do
not support the request system reboot command. Use the request vmhost reboot command instead of the
request system reboot command on these devices to reboot the Junos OS software package or bundle on
the device. See request vmhost reboot.
On a QFabric system, to avoid traffic loss on the network Node group, switch mastership of the Routing
Engine to the backup Routing Engine, and then reboot.
Options
The options described here are not all supported on every platform or release of Junos OS. Refer to the
Syntax sections for the options commonly available on each type of platform.
none Reboot the software immediately.
all-chassis (Optional) On a TX Matrix router or TX Matrix Plus router, reboot all routers
connected to the TX Matrix or TX Matrix Plus router, respectively.
all-lcc (Optional) On a TX Matrix router or TX Matrix Plus router, reboot all line card chassis
connected to the TX Matrix or TX Matrix Plus router, respectively.
all-members | (Optional) Specify which member of the Virtual Chassis to reboot:

local | member
member-id • all-members—Reboots each switch that is a member of the Virtual Chassis.
• local—Reboots only the local switch (switch where you are logged in).
• member member-id—Reboots the specified member switch of the Virtual Chassis
at time (Optional) Time at which to reboot the software, specified in one of the following
ways:
• now—Stop or reboot the software immediately. This is the default.
• +minutes—Number of minutes from now to reboot the software.
• yymmddhhmm—Absolute time at which to reboot the software, specified as year,

month, day, hour, and minute.
203
• hh:mm—Absolute time on the current day at which to stop the software, specified in
24-hour time.
both-routing- (Optional) Reboot both Routing Engines at the same time.

engines
fast-boot (Optional, QFX Series) Minimizes traffic loss and downtime of network ports by
leaving the network ports up during the system reboot.
hypervisor (Optional) Reboot Junos OS, host OS, and any installed guest VMs.
in minutes (Optional) Number of minutes from now to reboot the software. The minimum value
is 1. This option is an alias for the at +minutes option.
in-service (Optional) Enables you to reset the software state (no software version change) of the
system with minimal disruption in data and control traffic.
junos (Optional) Reboot from the Junos OS (main) volume.
lcc number —(Optional) Line-card chassis (LLC) number.

matrix.

routing matrix.

media (Optional) Use the indicated boot medium for the next boot.
(compact-flash |
disk |
removable-
compact-flash |
usb)
media (external (Optional) Use the indicated boot medium for the next boot:
| internal)
• external—Reboot the device using a software package stored on an external boot
source, such as a USB flash drive.
204
• internal—Reboot the device using a software package stored in an internal memory

source.
message "text" (Optional) Message to display to all system users before stopping or rebooting the
software.
network (Optional) Reboot using the Preboot Execution Environment (PXE) boot method over
the network.
oam (Optional) Reboot from the maintenance volume (OAM volume, usually the compact
flash drive).
other-routing- (Optional) Reboot the other Routing Engine from which the command is issued. For
engine example, if you issue the command from the primary Routing Engine, the backup
Routing Engine is rebooted. Similarly, if you issue the command from the backup
Routing Engine, the primary Routing Engine is rebooted.
partition (Optional) Reboot using the specified partition on the boot media. This option is
partition equivalent to the slice option that is supported on some devices. Specify one of the
following partition values:
• 1—Reboot from partition 1.
scc (Optional) Reboot the Routing Engine on the TX Matrix switch-card chassis. If you
issue the command from re0, re0 is rebooted. If you issue the command from re1, re1
is rebooted.
sfc number (Optional) Reboot the Routing Engine on the TX Matrix Plus switch-fabric chassis. If
you issue the command from re0, re0 is rebooted. If you issue the command from re1,
re1 is rebooted. Replace number with 0.
slice slice (Optional) Reboot using the specified partition on the boot media. This option was
originally the partitiion option but was renamed to slice on EX Series and QFX Series
switches. Specify one of the following slice values:
• alternate—Reboot from the alternate partition (which did not boot the switch at
the last bootup).
205
NOTE: The slice option is not supported on QFX Series switches that have no
alternate slice when Junos OS boots as a Virtual Machine (VM). To switch to
the previous version of Junos OS, issue the request system software rollback
command.
usb (Optional) Reboot from a USB device.
The following options are available only on QFabric Systems:
all (Optional) Reboots the software on the Director group, fabric control Routing Engines,
fabric manager Routing Engines, Interconnect devices, and network and server Node
groups.
director-device (Optional) Reboots the software on the Director device and the default partition
name (QFabric CLI).
director-group (Optional) Reboots the software on the Director group and the default partition
(QFabric CLI).
fabric (Optional) Reboots the fabric control Routing Engines and the Interconnect devices.
node-group (Optional) Reboots the software on a server Node group or a network Node group.
name
graceful (Optional) Enables the QFabric component to reboot with minimal impact to network
traffic. This sub-option is only available for the all, fabric, anddirector-group options.
Reboot requests are recorded in the system log files, which you can view with the show log command (see
show log). Also, the names of any running processes that are scheduled to be shut down are changed.
You can view the process names with the show system processes command (see "show system processes"
on page 313).
On a TX Matrix or TX Matrix Plus router, if you issue the request system reboot command on the primary
Routing Engine, all the primary Routing Engines connected to the routing matrix are rebooted. If you
issue this command on the backup Routing Engine, all the backup Routing Engines connected to the
routing matrix are rebooted.
206
NOTE: Before issuing the request system reboot command on a TX Matrix Plus router with no
options or the all-chassis, all-lcc, lcc number, or sfc options, verify that primary Routing Engine for
all routers in the routing matrix are in the same slot number. If the primary Routing Engine for a
line-card chassis is in a different slot number than the primary Routing Engine for a TX Matrix
Plus router, the line-card chassis might become logically disconnected from the routing matrix
after the request system reboot command.
NOTE: To reboot a router that has two Routing Engines, reboot the backup Routing Engine (if
you have upgraded it) first, and then reboot the primary Routing Engine.
maintenance
Output Fields
Sample Output
user@host> request system reboot

Reboot the system ? [yes,no] (no)
request system reboot (at 2300)
user@host> request system reboot at 2300 message ?Maintenance time!?

Reboot the system ? [yes,no] (no) yes
shutdown: [pid 186]

*** System shutdown message from [email protected] ***
System going down at 23:00
207
request system reboot (in 2 Hours)
The following example, which assumes that the time is 5 PM (17:00), illustrates three different ways to
request the system to reboot in two hours:
user@host> request system reboot at +120

user@host> request system reboot in 120
user@host> request system reboot at 19:00
request system reboot (Immediately)
user@host> request system reboot at now
request system reboot (at 1:20 AM)
To reboot the system at 1:20 AM, enter the following command. Because 1:20 AM is the next day, you
must specify the absolute time.
user@host> request system reboot at 06060120

request system reboot at 120
Reboot the system at 120? [yes,no] (no) yes
request system reboot in-service
user@switch> request system reboot in-service

Reboot the system ? [yes,no] yes
[Feb 22 02:37:04]:ISSU: Validating Image
PRE ISSR CHECK:

---------------
PFE Status : Online
Member Id zero : Valid
VC not in mixed or fabric mode : Valid
Member is single node vc : Valid
BFD minimum-interval check done : Valid
208
GRES enabled : Valid

NSR enabled : Valid
drop-all-tcp not configured : Valid
Ready for ISSR : Valid
warning: Do NOT use /user during ISSR. Changes to /user during ISSR may get lost!
Current image is jinstall-jcp-i386-flex-18.1.img
[Feb 22 02:37:14]:ISSU: Preparing Backup RE
Prepare for ISSR
[Feb 22 02:37:19]:ISSU: Backup RE Prepare Done
Spawning the backup RE
Spawn backup RE, index 1 successful
Starting secondary dataplane
Second dataplane container started
GRES in progress
Waiting for backup RE switchover ready
GRES operational
Copying home directories
Copying home directories successful
Initiating Chassis In-Service-Upgrade for ISSR
Chassis ISSU Started
[Feb 22 02:42:55]:ISSU: Preparing Daemons
[Feb 22 02:43:00]:ISSU: Daemons Ready for ISSU
[Feb 22 02:43:05]:ISSU: Starting Upgrade for FRUs
[Feb 22 02:43:15]:ISSU: FPC Warm Booting
[Feb 22 02:44:16]:ISSU: FPC Warm Booted
[Feb 22 02:44:27]:ISSU: Preparing for Switchover
[Feb 22 02:44:31]:ISSU: Ready for Switchover
Checking In-Service-Upgrade status
Item Status Reason
FPC 0 Online (ISSU)
Send ISSR done to chassisd on backup RE
Chassis ISSU Completed
Removing dcpfe0 eth1 128.168.0.16 IP
Bringing down bme00
Post Chassis ISSU processing done
[Feb 22 02:44:33]:ISSU: IDLE
Stopping primary dataplane
Clearing ISSU states
Console and management sessions will be disconnected. Please login again.
device_handoff successful ret: 0
Shutdown NOW!
[pid 14305]
209
*** FINAL System shutdown message from root@sw-duckhorn-01 ***
Release Information
Option other-routing-engine introduced in Junos OS Release 8.0.
Option sfc introduced for the TX Matrix Plus router in Junos OS Release 9.6.
Option partition changed to slice in Junos OS Release 10.0 for EX Series switches.
Option both-routing-engines introduced in Junos OS Release 12.1.
Option fast-boot introduced in Junos OS Release 14.1X53-D10 for QFX Series.

request vmhost reboot
request system snapshot (Junos OS)
IN THIS SECTION
Syntax (ACX Series Routers) | 210
Syntax (EX Series Switches; for EX4600, see QFX Series Syntax) | 210
Syntax (MX Series Routers) | 210
Syntax (PTX Series) | 211
Syntax (QFX Series, OCX1100, and EX4600) | 211
Syntax (TX Matrix Routers) | 211

210
Syntax (TX Matrix Plus Routers) | 211
Description | 212
Options | 212
Output Fields | 216
Sample Output | 216
Syntax (ACX Series Routers)
request system snapshot

<media type>
<partition>
Syntax (EX Series Switches; for EX4600, see QFX Series Syntax)

<media type>
<partition>
<re0 | re1 | routing-engine routing-engine-id>
<slice alternate>
Syntax (MX Series Routers)

<all-members>
<config-partition>
<local>
<member member-id>
<media usb-port-number>
211
<partition>
<root-partition>
Syntax (PTX Series)

<partition>
Syntax (QFX Series, OCX1100, and EX4600)

<config-partition>
<partition>
<root-partition>
<slice alternate>
Syntax (TX Matrix Routers)

<config-partition>
<partition>
<root-partition>
Syntax (TX Matrix Plus Routers)

<config-partition>
<partition>
<root-partition>
212
Description
• On routers running Junos OS, back up the currently running and active file system partitions to
standby partitions that are not running. Specifically, the root file system (/) is backed up to /altroot,
and /config is backed up to /altconfig. The root and /config file systems are on the router's flash
drive, and the /altroot and /altconfig file systems are on the router's hard drive.
• On switches running Junos OS, take a snapshot of the files currently used to run the switch—the
complete contents of the root (/) , /altroot, /config, /var, and /var-tmp directories, which include the
running version of Junos OS, the active configuration, and log files.
System snapshot is not supported on QFX10000 and QFX5110-48s-4c switches.
Starting with Junos OS Release 15.1F3, the command request system snapshot creates a snapshot of the
guest OS image only for the PTX5000 with RE-DUO-C2600-16G, and the MX240, MX480, and MX960
routers with RE-S-1800X4-32G-S.
Starting with Junos OS Release 15.1F5, the command request system snapshot creates a snapshot of the
guest OS image only for the MX2010 and MX2020 routers with REMX2K-1800-32G-S.
On these routers, in order to create snapshot of the host OS image along with Junos OS image, use the
request vmhost snapshot command.
CAUTION: After you run the request system snapshot command, you cannot return to the
previous version of the software, because the running and backup copies of the
software are identical.
Options
The specific options available depend upon the router or switch:
none Back up the currently running software as follows:
• On the router, back up the currently running and active file system partitions to
standby partitions that are not running. Specifically, the root file system (/) is backed
up to /altroot, and /config is backed up to /altconfig. The root and /config file systems
are on the router's flash drive, and the /altroot and /altconfig file systems are on the
router's hard drive.
213
• On the switch, take a snapshot of the files currently used to run the switch and copy
them to the media that the switch did not boot from. If the switch is booted from
internal media, the snapshot is copied to external (USB) media. If the switch is booted
from external (USB) media, the snapshot is copied to internal media.
• If the snapshot destination is external media but a USB flash drive is not
connected, an error message is displayed.
• If the automatic snapshot procedure is already in progress, the command returns

the following error: Snapshot already in progress. Cannot start manual snapshot. For
additional information about the automatic snapshot feature, see Configuring
Dual-Root Partitions.
all-chassis | (TX Matrix and TX Matrix Plus router only) (Optional)

all-lcc | lcc
number • all-chassis—On a TX Matrix router, archive data and executable areas for all Routing
Engines in the chassis. On a TX Matrix Plus router, archive data and executable areas
for all Routing Engines in the chassis.
• all-lcc—On a TX Matrix router, archive data and executable areas for all T640 routers
(or line-card chassis) connected to a TX Matrix router. On a TX Matrix Plus router,
archive data and executable areas for all routers (or line-card chassis) connected to a
• lcc number—On a TX Matrix router, archive data and executable areas for a specific
T640 router (or line-card chassis) that is connected to a TX Matrix router. On a TX
Matrix Plus router, archive data and executable areas for a specific router (line-card
chassis) that is connected to a TX Matrix Plus router.

matrix.

routing matrix.

all-members | (EX Series Virtual Chassis, MX Series routers, QFX Series switches, QFabric System, and
local | member OCX1100 only) (Optional) Specify where to place the snapshot (archive data and
member-id
executable areas) in a Virtual Chassis:
214
• all-members—Create a snapshot (archive data and executable areas) for all members of
the Virtual Chassis.
• local—Create a snapshot (archive data and executable areas) on the member of the
Virtual Chassis that you are currently logged into.
• member member-id—Create a snapshot (archive data and executable areas) for the
specified member of the Virtual Chassis.
config- (EX Series Virtual Chassis, MX Series routers, QFX Series switches, QFabric System,
partition OCX1100, and T and TX Series routers only) Create a snapshot of the configuration
partition only and store it onto the default /altconfig on the hard disk device or an /
altconfig on a USB device. Option deprecated for Junos OS with Upgraded FreeBSD in
Junos OS Release 15.1.
To determine which platforms support Junos OS with upgraded FreeBSD, see Feature
Explorer and enter one of the following:
• For non-virtualized, enter freebsd and select Junos kernel upgrade to FreeBSD 10+.
• For virtualized, enter virtualization and select Virtualization of the Routing Engine.
media type (ACX Series, M320, T640, and MX Series routers) (Optional) Specify the boot device the
software is copied to:
• compact-flash—Copy software to the primary compact flash drive.
• external—(Switches only) Copy software to an external mass storage device, such as a

USB flash drive. If a USB drive is not connected, the switch displays an error message.
• internal—Copy software to an internal flash drive.
• removable-compact-flash—Copy software to the removable compact flash drive.
• usb—(ACX Series, M320, T640, and, except for MX104, MX Series routers) Copy
software to the device connected to the USB port.
• usb0—(MX104 routers only) Copy software to the device connected to the USB0 port.
• usb1—(MX104 routers only) Copy software to the device connected to the USB1 port.
partition (Optional) Repartition the flash drive before a snapshot occurs. If the partition table on
the flash drive is corrupted, the request system snapshot command fails and reports errors.
The partition option is only supported for restoring the software image from the hard
drive to the flash drive.
215
(Routers only) You cannot issue the request system snapshot command when you enable
flash disk mirroring. We recommend that you disable flash disk mirroring when you
upgrade or downgrade the software.
(EX Series switches only) If the snapshot destination is the media that the switch did not
boot from, you must use the partition option.
re0 | re1 | (EX6200 and EX8200 switches only) Specify where to place the snapshot in a redundant
routing- Routing Engine configuration.
engine
routing- • re0—Create a snapshot on Routing Engine 0.
engine-id
• re1—Create a snapshot on Routing Engine 1.
• routing-engine routing-engine-id—Create a snapshot on the specified Routing Engine.
root- (M, MX, T, and TX Series routers; EX Series Virtual Chassis; QFX Series switches; QFabric
partition System; and OCX1100 only) Create a snapshot of the root partition only and store it onto
the default /altroot on the hard disk device or an /altroot on a USB device. Option
deprecated for Junos OS with Upgraded FreeBSD in Junos OS Release 15.1.
To determine which platforms run Junos OS with Upgraded FreeBSD, see the information
in Release Information for Junos OS with Upgraded FreeBSD.
slice (EX Series switches, EX Series Virtual Chassis, QFX Series switches, QFabric System, and
alternate OCX1100 only) (Optional) Take a snapshot of the active root partition and copy it to the
alternate slice on the boot media.
Option deprecated for Junos OS with Upgraded FreeBSD in Junos OS Release 15.1.
To determine which platforms support Junos OS with upgraded FreeBSD, see Feature
Explorer and enter one of the following:
scc (TX Matrix router only) (Optional) Archive data and executable areas for a TX Matrix
router (or switch-card chassis).
sfc number (TX Matrix Plus router only) (Optional) Archive data and executable areas for a TX Matrix
Plus router (or switch-fabric chassis). Replace number with 0.
216
• (Routers only) Before you upgrade the software on the router, when you have a known stable system,
issue the request system snapshot command to back up the software, including the configuration, to
the /altroot and /altconfig file systems. After you have upgraded the software on the router and are
satisfied that the new packages are successfully installed and running, issue the request system snapshot
command again to back up the new software to the /altroot and /altconfig file systems.
• (Routers only) You cannot issue the request system snapshot command when you enable flash disk
mirroring. We recommend that you disable flash disk mirroring when you upgrade or downgrade the
software.
• (TX Matrix and TX Matrix Plus router only) On a routing matrix, if you issue the request system snapshot
command on the primary Routing Engine, all the primary Routing Engines connected to the routing
matrix are backed up. If you issue this command on the backup Routing Engine, all the backup
Routing Engines connected to the routing matrix are backed up.
maintenance
Output Fields
Sample Output
request system snapshot (Routers)

umount: /altroot: not currently mounted
Copying / to /altroot.. (this may take a few minutes)
umount: /altconfig: not currently mounted
Copying /config to /altconfig.. (this may take a few minutes)
The following filesystems were archived: / /config

217
request system snapshot (EX Series Switches)
user@switch> request system snapshot partition

Clearing current label...
Partitioning external media (/dev/da1) ...
Partitions on snapshot:
Partition Mountpoint Size Snapshot argument

s1a /altroot 179M none
s2a / 180M none
s3d /var/tmp 361M none
s3e /var 121M none
s4d /config 60M none
Copying '/dev/da0s1a' to '/dev/da1s1a' .. (this may take a few minutes)
Copying '/dev/da0s3d' to '/dev/da1s3d' .. (this may take a few minutes)
Copying '/dev/da0s3e' to '/dev/da1s3e' .. (this may take a few minutes)
Copying '/dev/da0s4d' to '/dev/da1s4d' .. (this may take a few minutes)
The following filesystems were archived: /altroot / /var/tmp /var /config
request system snapshot partition (EX4600, QFX Series, QFabric System, and OCX1100)
user@switch> request system snapshot partition

Clearing current label...
Partitioning external media (da1) ...
Verifying compatibility of destination media partitions...
Running newfs (334MB) on external media / partition ...
Running newfs (404MB) on external media /config partition ...
Running newfs (222MB) on external media /var partition ...
Copying '/dev/da0s3e' to '/dev/da1s3e' .. (this may take a few minutes)
Copying '/dev/da0s2f' to '/dev/da1s1f' .. (this may take a few minutes)
The following filesystems were archived: / /config /var
request system snapshot (When the Partition Flag Is On)
user@host> request system snapshot partition

Performing preliminary partition checks ...
Partitioning ad0 ...
218
umount: /altroot: not currently mounted

Copying / to /altroot.. (this may take a few minutes)
request system snapshot (MX104 Routers When Media Device is Missing)
user@host > request system snapshot media usb0

error: usb0 media missing or invalid
request system snapshot (When Mirroring Is Enabled)

Snapshot is not possible since mirror-flash-on-disk is configured.
request system snapshot all-lcc (Routing Matrix)
user@host> request system snapshot all-lcc

lcc0-re0:
--------------------------------------------------------------------------
Copying '/' to '/altroot' .. (this may take a few minutes)
Copying '/config' to '/altconfig' .. (this may take a few minutes)
lcc2-re0:
--------------------------------------------------------------------------
Copying '/' to '/altroot' .. (this may take a few minutes)
Copying '/config' to '/altconfig' .. (this may take a few minutes)
request system snapshot all-members (Virtual Chassis)
user@switch> request system snapshot all-members media internal
fpc0:
--------------------------------------------------------------------------
219

The following filesystems were archived: /
fpc1:
--------------------------------------------------------------------------
fpc2:
--------------------------------------------------------------------------
fpc3:
--------------------------------------------------------------------------
fpc4:
--------------------------------------------------------------------------
fpc5:
--------------------------------------------------------------------------
Release Information
Options <config-partition> and <root-partition> introduced in Junos OS Release 13.1 for M Series, MX
Series, T Series, and TX Series routers.
Option media usb-port-number introduced in Junos OS Release 13.2 for MX104 routers.
Options <config-partition>, <root-partition>, and <slice> deprecated for Junos OS with Upgraded FreeBSD
in Junos OS Release 15.1
To determine which platforms support Junos OS with upgraded FreeBSD, see Feature Explorer and
enter one of the following:
220
request system snapshot (Junos OS with Upgraded FreeBSD)

No Link Title
request system software abort
IN THIS SECTION
Syntax | 220
Description | 220
Options | 221
Output Fields | 221
Sample Output | 221
Syntax
request system software abort in-service-upgrade
Description
Terminate a unified in-service software upgrade (ISSU). The unified ISSU must be in progress and you
must issue this command from a router session other than the one on which you issued the request system
in-service-upgrade command that launched the unified ISSU.
221
Options
view
Output Fields
When you enter the request system software abort command on a new router session, you are provided
feedback on the status of your request in the router session on which you issued the request system
software in-service-upgrade command.
Sample Output
request system software abort (New Router Session)
user@host> request system software abort
request system software in-service-upgrade (Unified ISSU Session)
user@host> request system software in-service-upgrade /var/tmp/jinstall-9.0-20080117.0-domestic-

signed.tgz
ISSU: Preparing Backup RE
Pushing bundle to re1
Checking compatibility with configuration Initializing...
Using jbase-9.0-20080116.2
Verified manifest signed by PackageProduction_9_0_0 Using /var/tmp/jinstall-9.0-20080117.0-
domestic-signed.tgz
Verified jinstall-9.0-20080117.0-domestic.tgz signed by PackageProduction_9_0_0 Using
jinstall-9.0-20080117.0-domestic.tgz
Using jbundle-9.0-20080117.0-domestic.tgz
Checking jbundle requirements on /
Using jbase-9.0-20080117.0.tgz
Verified manifest signed by PackageProduction_9_0_0 Using jkernel-9.0-20080117.0.tgz Verified
manifest signed by PackageProduction_9_0_0 Using jcrypto-9.0-20080117.0.tgz Verified manifest
signed by PackageProduction_9_0_0 Using jpfe-9.0-20080117.0.tgz Using jdocs-9.0-20080117.0.tgz
Verified manifest signed by PackageProduction_9_0_0 Using jroute-9.0-20080117.0.tgz Verified
222
manifest signed by PackageProduction_9_0_0 Hardware Database regeneration succeeded Validating

against /config/juniper.conf.gz
mgd: commit complete
Validation succeeded
Installing package '/var/tmp/jinstall-9.0-20080117.0-domestic-signed.tgz'
...
Verified jinstall-9.0-20080117.0-domestic.tgz signed by PackageProduction_9_0_0 Adding
jinstall...
Verified manifest signed by PackageProduction_9_0_0
WARNING: This package will load JUNOS 9.0-20080117.0 software.

WARNING: It will save JUNOS configuration files, and SSH keys
WARNING: (if configured), but erase all other files and information
WARNING: stored on this machine. It will attempt to preserve dumps
WARNING: and log files, but this can not be guaranteed. This is the
WARNING: pre-installation stage and all the software is loaded when
WARNING: you reboot the system.
Saving the config files ...

NOTICE: uncommitted changes have been saved in /var/db/config/juniper.conf.pre-install
Installing the bootstrap installer ...
WARNING: A REBOOT IS REQUIRED TO LOAD THIS SOFTWARE CORRECTLY. Use the

WARNING: 'request system reboot' command when software installation is
WARNING: complete. To abort the installation, do not reboot your system,
WARNING: instead use the 'request system software delete jinstall'
WARNING: command as soon as this operation completes.
Saving package file in

/var/sw/pkg/jinstall-9.0-20080117.0-domestic-signed.tgz ...
Saving state for rollback ...
Backup upgrade done
Rebooting Backup RE
Rebooting re1
error: ISSU Aborted! Backup RE maybe in inconsistent state, Please restore backup RE
ISSU: IDLE
{master}
user@host>
223
Release Information
Command introduced in JUNOS Release 9.0.
request system software in-service-upgrade

show chassis in-service-upgrade
Getting Started with Unified In-Service Software Upgrade
Example: Performing a Unified ISSU
request system software add (Junos OS)
IN THIS SECTION
Syntax | 224
Syntax (OCX Series) | 227
Description | 227
Options | 228
Output Fields | 234
Sample Output | 234

224
Syntax
request system software add package-name

<best-effort-load>
<delay-restart>
<device-alias alias-name>
<force>
<no-copy>
<no-validate>
<re0 | re1>
<reboot>
<satellite slot-id>
<set [package-name1 package-name2]>
<unlink>
<upgrade-group [all |upgrade-group-name]>
<upgrade-with-config>
<satellite slot-id>
<validate>
<version version-string>

<best-effort-load>
<delay-restart>
<force>
<no-copy>
<no-validate>
<re0 | re1>
<reboot>
<validate>
<validate-on-host hostname>
<validate-on-routing-engine routing-engine>
225

<best-effort-load>
<delay-restart>
<force>
<lcc number | scc>
<no-copy>
<no-validate>
<re0 | re1>
<reboot>
<unlink>
<validate>

<best-effort-load>
<delay-restart>
<force>
<lcc number | sfc number>
<no-copy>
<no-validate>
<re0 | re1>
<reboot>
<unlink>
<validate>
226

<best-effort-load>
<delay-restart>
<device-alias alias-name>
<force>
<member member-id>
<no-copy>
<no-validate>
<re0 | re1>
<reboot>
<satellite slot-id>
<upgrade-group [all |upgrade-group-name]>
<unlink>
<validate>
<version version-string>
Syntax (QFX Series)

<best-effort-load>
<component all>
<delay-restart>
<force>
<force-host>
<no-copy>
<partition>
<reboot>
<unlink>
227
Syntax (OCX Series)

<best-effort-load>
<delay-restart>
<force>
<force-host>
<no-copy>
<no-validate>
<reboot>
<unlink>
<validate>
Description
Install a software package or bundle on the device.
We recommend that you always download the software image to /var/tmp only. On EX Series and QFX
Series switches, you must use the /var/tmp directory. Other directories are not supported.
When you are upgrading to a different release of Junos OS, you usually use the validate option on this
command. The validate option checks the candidate software against the current configuration of the
device to ensure they are compatible. (Validate is the default behavior when the software package being
added is a different release.) However, there are circumstances under which you cannot validate the
running configuration in this way. One such circumstance is when you are upgrading to Junos OS with
upgraded FreeBSD from Junos OS based on FreeBSD 6.1. Another such circumstance is when you are
updating between different releases of Junos OS with upgraded FreeBSD, and the newest version of
FreeBSD uses system calls that are not available in earlier versions of FreeBSD.
Therefore, you cannot use the validate option when upgrading to Junos Release 21.2R1, because this
release runs on FreeBSD 12; previous releases with upgraded FreeBSD run either FreeBSD 10 or 11.
If you are upgrading between releases that cannot use direct validation, you need to specify one of the
following on the request system software add operational mode command when you upgrade:
• The no-validate option—this option does not validate the software package against the current
configuration. Therefore, the current configuration might fail once you upgrade the system. Choose
this option for the first time you upgrade a system to the newer version.
• The validate-on-host option—this option validates the software package by comparing it to the running
configuration on a remote Junos OS host. Be sure to choose a host that you have already upgraded
to the newer version of software.
228
• The validate-on-routing-engine option—(for systems with redundant REs) this option validates the
software package by comparing it to the running configuration on a Routing Engine in the same
chassis. Use this option when you have already upgraded the other Routing Engine to the newer
version.
For information on valid filename and URL formats, see Format for Specifying Filenames and URLs in
Junos OS CLI Commands.
Any configuration changes performed after inputting the request system software add command will be lost
when the system reboots with an upgraded version of Junos OS.
Starting from Junos OS Release 17.2R1, PTX10008 routers do not support the request system software add
command. Starting from Junos OS Release 17.4R1, PTX10016 routers do not support the request system
software add command. Use the request vmhost software add command instead of the request system software
add command on the PTX10008 and PTX10016 routers to install or upgrade the Junos OS software
package or bundle on the router. See request vmhost software add.
When graceful Routing Engine switchover (GRES) is enabled on a device, you must perform a unified in-
service software upgrade (ISSU) operation to update the software running on the device. With GRES
enabled, if you attempt to perform a software upgrade by entering the request system software add package-
name command, an error message is displayed stating that only in-service software upgrades are
supported when GRES is configured. In such a case, you must either remove the GRES configuration
before you attempt the upgrade or perform a unified ISSU.
Starting with Junos OS Release 15.1F3, the statement request system software add installs a software
package for the guest OS only for the PTX5000 router with RE-DUO-C2600-16G, and for MX240,
MX480, and MX960 routers with RE-S-1800X4-32G-S.
Starting with Junos OS Release 15.1F5, the statement request system software add installs a software
package for the guest OS only for the MX2010 and MX2020 routers with REMX2K-1800-32G-S.
On these routers, in order to install both Junos software and host software packages, use the request
vmhost software add command.
Options
package-name Location from which the software package or bundle is to be installed.
In Junos OS, package-name can be either the URL of a remote location or the
pathname of a local package. But Junos OS Evolved does not support a remote iso
for upgrade, so “URL” is removed from the help string in the CLI.
For example:
229
• /var/tmp/package-name—For a software package or bundle that is being

installed from a local directory on the router or switch.
• protocol://hostname/pathname/package-name—For a software package or

bundle that is to be downloaded and installed from a remote location. Replace
protocol with one of the following:
• ftp—File Transfer Protocol.

Use ftp://hostname/pathname/package-name. To specify authentication
credentials, use ftp://<username>:<password>@hostname/pathname/
package-name. To have the system prompt you for the password, specify
prompt in place of the password. If a password is required, and you do not
specify the password or prompt, an error message is displayed.
• http—Hypertext Transfer Protocol.

Use http://hostname/pathname/package-name. To specify authentication
credentials, use http://<username>:<password>@hostname/pathname/
package-name. If a password is required and you omit it, you are prompted
for it.
• scp—Secure copy (not available for limited editions).

Use scp://hostname/pathname/package-name. To specify authentication
credentials, use scp://<username>:<password>@hostname/pathname/
package-name.
• The pathname in the protocol is the relative path to the user’s home directory
on the remote system and not the root directory.
• Do not use the scp protocol in the request system software add command to
download and install a software package or bundle from a remote location. The
previous statement does not apply to the QFabric switch. The software
upgrade is handled by the management process (mgd), which does not support
scp.
Use the file copy command to copy the software package or bundle from the
remote location to the /var/tmp directory on the hard disk:
file copy scp://source/package-name /var/tmp
Then install the software package or bundle using the request system software add
command:
request system software add /var/tmp/package-name
best-effort-load (Optional) Activate a partial load and treat parsing errors as warnings instead of
errors.
230
component all (QFabric systems only) (Optional) Install the software package on all of the QFabric
components.
delay-restart (Optional) Install a software package or bundle, but do not restart software
processes.
device-alias alias- (Junos Fusion only) (Optional) Install the satellite software package onto the
name specified satellite device using the satellite device’s alias name.
force (Optional) Force the addition of the software package or bundle (ignore warnings).
force-host (Optional) Force the addition of the host software package or bundle
(ignore warnings) on the QFX5100 device.
lcc number (TX Matrix routers and TX Matrix Plus routers only) (Optional) In a routing matrix
based on the TX Matrix router, install a software package or bundle on a T640
router that is connected to the TX Matrix router. In a routing matrix based on the
TX Matrix Plus router, install a software package or bundle on a router that is
connected to the TX Matrix Plus router.

routing matrix.

routing matrix.
• 0 through 7, when T1600 routers are connected to a TX Matrix Plus router

with 3D SIBs in a routing matrix.
• 0, 2, 4, or 6, when T4000 routers are connected to a TX Matrix Plus router

member member- (MX Series routers only) (Optional) Install a software package on the specified
id Virtual Chassis member. Replace member-id with a value of 0 or 1.
partition (QFX3500 switches only) (Optional) Format and repartition the media before
installation.
satellite slot-id (Junos Fusion only) (Optional) Install the satellite software package onto the
specified satellite device using the satellite devices FPC slot identifier.
scc (TX Matrix routers only) (Optional) Install a software package or bundle on a
Routing Engine on a TX Matrix router (or switch-card chassis).
231
sfc number (TX Matrix Plus routers only) (Optional) Install a software package or bundle on a
Routing Engine on a TX Matrix Plus router. Replace number with 0.
no-copy (Optional) Install a software package or bundle, but do not save copies of the
package or bundle files.
no-validate (Optional) When loading a software package or bundle with a different release,
suppress the default behavior of the validate option.
To upgrade to Junos OS Release 21.2R1, you cannot use the validate option.
Instead, choose one of the following options:
• no-validate
• validate-on-host
• validate-on-routing-engine
Software packages from unidentified providers cannot be loaded. To authorize

providers, include the provider-id statement at the [edit system extensions provider]
hierarchy level.
re0 | re1 (Optional) On routers or switches that support dual or redundant Routing Engines,
load a software package or bundle on the Routing Engine in slot 0 (re0) or the
Routing Engine in slot 1 (re1).
reboot (Optional) After adding the software package or bundle, reboot the system. On a
QFabric switch, the software installation is not complete until you reboot the
component for which you have installed the software.
set [package- (Mixed EX4200 and EX4500 Virtual Chassis, M Series, MX Series, and T Series
name1package- routers only) (Optional) Install multiple packages at same time:
name2]
• In the case of mixed EX4200 and EX4500 Virtual Chassis, install two software
packages—a package for an EX4200 switch and the same release of the
package for an EX4500 switch—to upgrade all member switches in a mixed
EX4200 and EX4500 Virtual Chassis.
• In the case of M Series, MX Series, and T Series routers, install multiple (two or
more) software packages and software add-on packages at the same time. The
variable package-name can either be a list of installation packages, each
separated by a blank space, or the full URL to the directory or tar file
containing the list of installation packages.
232
In each case, installation-package can either be a list of installation packages, each

separated by a blank space, or the full URL to the directory or tar file containing
the list of installation packages.
Use the request system software add set command to retain any SDK configuration by
installing the SDK add-on packages along with the core Junos OS installation
package.
unlink (Optional) On M Series, T Series, and MX Series routers, use the unlink option to
remove the software package from this directory after a successful upgrade is
completed.
upgrade-group [ all (Junos Fusion only) (Required to configure a Junos Fusion using autoconversion or
|upgrade-group- manual conversion) Associate a satellite software image with a satellite software
name]
upgrade group. The satellite software package is associated with the specified
satellite software upgrade group using the upgrade-group-name, or for all satellite
software upgrade groups in a Junos Fusion when the all keyword is specified.
A satellite software upgrade group is a group of satellite devices in a Junos Fusion

that are designated to upgrade to the same satellite software version using the
same satellite software package. See , Understanding Software in a Junos Fusion
Provider EdgeUnderstanding Software in a Junos Fusion Enterprise, and Managing
Satellite Software Upgrade Groups in a Junos Fusion.
upgrade-with- (Optional) Install one or more configuration files.

config
Configuration files specified with this option must have the extension .text or .xml
and have the extension specified. Using the extension .txt will not work.
validate (Optional) Validate the software package or bundle against the current
configuration as a prerequisite to adding the software package or bundle. This is
the default behavior when the software package or bundle being added is a
different release.
To upgrade to Junos OS Release 21.2R1, you cannot use the validate option.
Instead, choose one of the following options:
• no-validate
• validate-on-host
• validate-on-routing-engine
The validate option only works on systems that do not have graceful-switchover
(GRES) enabled. To use the validate option on a system with GRES, either disable
233
GRES for the duration of the installation, or install using the command request
system software in-service-upgrade , which requires nonstop active routing (NSR) to
be enabled when using GRES.
validate-on-host (Optional) Validate the software package by comparing it to the running

hostname configuration on a remote Junos OS host. Specify a host, replacing hostname with
the remote hostname. You can optionally provide the username that will be used
to log in to the remote host by specifying the hostname in the format user@hostname.
validate-on- (Optional) Validate the software bundle or package by comparing it to the running
routing-engine configuration on a Junos OS Routing Engine on the same chassis. Specify a
routing-engine
Routing Engine, replacing routing-engine with the routing engine name.
Before upgrading the software on the router or switch, when you have a known stable system, issue the
request system snapshot command to back up the software, including the configuration, to the /altroot
and /altconfig file systems. After you have upgraded the software on the router or switch and are
satisfied that the new package or bundle is successfully installed and running, issue the request system
snapshot command again to back up the new software to the /altroot and /altconfig file systems.
The request system snapshot command is currently not supported on the QFabric system. Also, you cannot
add or install multiple packages on a QFabric system.
After you run the request system snapshot command, you cannot return to the previous version of the
software because the running and backup copies of the software are identical.
If you are upgrading more than one package at the same time, delete the operating system package,
jkernel, last. Add the operating system package, jkernel, first and the routing software package, jroute,
last. If you are upgrading all packages at once, delete and add them in the following order:
user@host> request system software add /var/tmp/jbase

user@host> request system software add /var/tmp/jkernel
user@host> request system software add /var/tmp/jpfe
user@host> request system software add /var/tmp/jdocs
user@host> request system software add /var/tmp/jroute
user@host> request system software add /var/tmp/jcrypto
By default, when you issue the request system software add package-name command on a TX Matrix primary
Routing Engine, all the T640 primary Routing Engines that are connected to it are upgraded to the same
version of software. If you issue the same command on the TX Matrix backup Routing Engine, all the
T640 backup Routing Engines that are connected to it are upgraded to the same version of software.
234
Likewise, when you issue the request system software add package-name command on a TX Matrix Plus
primary Routing Engine, all the T1600 or T4000 primary Routing Engines that are connected to it are
upgraded to the same version of software. If you issue the same command on the TX Matrix Plus backup
Routing Engine, all the T1600 or T4000 backup Routing Engines that are connected to it are upgraded
to the same version of software.
Before installing software on a device that has one or more custom YANG data models added to it, back
up and remove the configuration data corresponding to the custom YANG data models from the active
configuration. For more information see Managing YANG Packages and Configurations During a
Software Upgrade or Downgrade.
maintenance
Output Fields
Sample Output
request system software add validate
user@host> request system software add validate /var/tmp/ jinstall-7.2R1.7-domestic-signed.tgz

Checking compatibility with configuration
Initializing...
Using jbase-7.1R2.2
Using /var/tmp/jinstall-7.2R1.7-domestic-signed.tgz
Verified jinstall-7.2R1.7-domestic.tgz signed by PackageProduction_7_2_0
Using /var/validate/tmp/jinstall-signed/jinstall-7.2R1.7-domestic.tgz
Using /var/validate/tmp/jinstall/jbundle-7.2R1.7-domestic.tgz
Checking jbundle requirements on /
Using /var/validate/tmp/jbundle/jbase-7.2R1.7.tgz
Using /var/validate/tmp/jbundle/jkernel-7.2R1.7.tgz
Using /var/validate/tmp/jbundle/jcrypto-7.2R1.7.tgz
Using /var/validate/tmp/jbundle/jpfe-7.2R1.7.tgz
Using /var/validate/tmp/jbundle/jdocs-7.2R1.7.tgz
Using /var/validate/tmp/jbundle/jroute-7.2R1.7.tgz
Validating against /config/juniper.conf.gz
235
Validating against /config/rescue.conf.gz

Installing package '/var/tmp/jinstall-7.2R1.7-domestic-signed.tgz' ...
Verified jinstall-7.2R1.7-domestic.tgz signed by PackageProduction_7_2_0
Adding jinstall...
WARNING: This package will load JUNOS 7.2R1.7 software.



Saving package file in /var/sw/pkg/jinstall-7.2R1.7-domestic-signed.tgz ...

request system software add /var/tmp/ no-validate
user@host> request system software add no-validate /var/tmp/junos-install-mx-x86-32-15.1R1.9.tgz

Installing package '/var/tmp/junos-install-mx-x86-32-15.1R1.9.tgz' ...
Verified manifest signed by PackageProductionEc_2015
Verified manifest signed by PackageProductionRSA_2015
Verified contents.iso
Verified issu-indb.tgz
Verified junos-x86-32.tgz
Verified kernel
Verified metatags
Verified package.xml
Verified pkgtools.tgz
camcontrol: not found
236
camcontrol: not found

Verified manifest signed by PackageProductionEc_2015
Saving package file in /var/sw/pkg/junos-install-x86-32-
domestic-20150618.043753_builder_junos_151_r1.tgz ...
request system software add no-copy no-validate reboot
user@host> request system software add no-copy no-validate junos-install-srx-x86-64-17.3R1.tgz

reboot
Verified junos-install-srx-x86-64-17.3R1 signed by PackageProductionEc_2017 method
ECDSA256+SHA256
Verified manifest signed by PackageProductionEc_2017 method ECDSA256+SHA256
Checking PIC combinations
Verified fips-mode signed by PackageProductionEc_2017 method ECDSA256+SHA256
Adding fips-mode-x86-32-20170728.153050_builder_junos_173_r1 ...
Verified jail-runtime signed by PackageProductionEc_2017 method ECDSA256+SHA256
Adding jail-runtime-x86-32-20170725.352915_builder_stable_10 ...
Verified jdocs signed by PackageProductionEc_2017 method ECDSA256+SHA256
Adding jdocs-x86-32-20170728.153050_builder_junos_173_r1 ...
Verified jfirmware signed by PackageProductionEc_2017 method ECDSA256+SHA256
Adding jfirmware-x86-32-17.3R1 ...
Verified jpfe-X signed by PackageProductionEc_2017 method ECDSA256+SHA256
Adding jpfe-X-x86-32-20170728.153050_builder_junos_173_r1 ...
Verified jpfe-X960 signed by PackageProductionEc_2017 method ECDSA256+SHA256
Adding jpfe-X960-x86-32-20170728.153050_builder_junos_173_r1 ...
Verified jpfe-common signed by PackageProductionEc_2017 method ECDSA256+SHA256
Adding jpfe-common-x86-32-20170728.153050_builder_junos_173_r1 ...
Verified jpfe-fips signed by PackageProductionEc_2017 method ECDSA256+SHA256
Verified jpfe-wrlinux signed by PackageProductionEc_2017 method ECDSA256+SHA256
Adding jpfe-wrlinux-x86-32-20170728.153050_builder_junos_173_r1 ...
Verified jsd-jet-1 signed by PackageProductionEc_2017 method ECDSA256+SHA256
Adding jsd-x86-32-17.3R1-jet-1 ...
request system software add validate-on-host
user@host> request system software add validate-on-host user@xyz :/var/tmp/

jinstall-15.1-20150516_ib_15_2_psd.0-domestic-signed.tgz
237
user@host> request system software add validate-on-host user@xyz :/var/tmp/

jinstall-15.1-20150516_ib_15_2_psd.0-domestic-signed.tgz
Extracting JUNOS version from package...
Connecting to remote host xyz...
Password:
Sending configuration to xyz...
Validating configuration on xyz...
PACKAGETYPE: not found
Checking compatibility with configuration
Initializing...
Using jbase-15.1-20150516_ib_15_2_psd.0
Verified manifest signed by PackageDevelopmentEc_2015
Using jruntime-15.1-20150516_ib_15_2_psd.0
Using jkernel-15.1-20150516_ib_15_2_psd.0
Using jroute-15.1-20150516_ib_15_2_psd.0
Using jcrypto-15.1-20150516_ib_15_2_psd.0
Using jweb-15.1-20150516_ib_15_2_psd.0
Using /var/packages/jtools-15.1-20150516_ib_15_2_psd.0
Using /var/tmp/config.tgz
Hardware Database regeneration succeeded
Validating against /config/juniper.conf.gz
mgd: warning: schema: init: 'logical-systems-vlans' contains-node 'juniper-config vlans': not
found
Installing package '/var/tmp/jinstall-15.1-20150516_ib_15_2_psd.0-domestic-signed.tgz' ...
Verified jinstall-15.1-20150516_ib_15_2_psd.0-domestic.tgz signed by PackageDevelopmentEc_2015
Adding jinstall...
WARNING: The software that is being installed has limited support.

WARNING: Run 'file show /etc/notices/unsupported.txt' for details.
WARNING: This package will load JUNOS 15.1-20150516_ib_15_2_psd.0 software.

238


Saving package file in /var/sw/pkg/jinstall-15.1-20150516_ib_15_2_psd.0-domestic-signed.tgz ...

request system software add (Mixed EX4200 and EX4500 Virtual Chassis)
user@switch> request system software add set [/var/tmp/jinstall-ex-4200-11.1R1.1-domestic-

signed.tgz /var/tmp/jinstall-ex-4500-11.1R1.1-domestic-signed.tgz]
...
request system software add component all (QFabric Systems)
user@switch> request system software add /pbdata/packages/jinstall-qfabric-12.2X50-D1.3.rpm

component all
...
request system software add upgrade-group (Junos Fusion)
user@aggregation-device> request system software add /var/tmp/satellite-3.0R1.1-signed.tgz

upgrade-group group1
239
request system software add no-validate (SRX Series device)
user@host> request system software add /var/tmp/junos-

srxsme-20.4I-20200810_dev_common.0.0833.tgz no-copy no-validate
Formatting alternate root (/dev/ad0s2a)...
/dev/ad0s2a: 600.0MB (1228732 sectors) block size 16384, fragment size 2048
using 4 cylinder groups of 150.00MB, 9600 blks, 19200 inodes.
super-block backups (for fsck -b #) at:
32, 307232, 614432, 921632
Installing package '/altroot/cf/packages/install-tmp/junos-20.4I-20200810_dev_common.0.0833' ...
Verified junos-boot-srxsme.tgz signed by PackageDevelopmentECP256_2020 method ECDSA256+SHA256
Verified junos-srxsme-domestic signed by PackageDevelopmentECP256_2020 method ECDSA256+SHA256
Verified manifest signed by PackageDevelopmentECP256_2020 method ECDSA256+SHA256
WARNING: The software that is being installed has limited support.

WARNING: Run 'file show /etc/notices/unsupported.txt' for details.
JUNOS 20.4I-20200810_dev_common.0.0833 will become active at next reboot

WARNING: A reboot is required to load this software correctly
WARNING: Use the 'request system reboot' command
WARNING: when software installation is complete
user@host> request system software add /var/tmp/junos-srxsme-19.4R1.3.tgz no-copy no-validate

WARNING: Package junos-19.4R1.3 version 19.4R1.3 is not compatible with current loader
WARNING: Automatic recovering loader, please wait ...
Upgrading Loader...
#####################################
Verifying the loader image... OK
WARNING: The new boot firmware will take effect when the system is rebooted.
WARNING: Loader recover finish.
Formatting alternate root (/dev/ad0s1a)...
/dev/ad0s1a: 598.5MB (1225692 sectors) block size 16384, fragment size 2048
using 4 cylinder groups of 149.62MB, 9576 blks, 19200 inodes.
super-block backups (for fsck -b #) at:
32, 306464, 612896, 919328
Installing package '/altroot/cf/packages/install-tmp/junos-19.4R1.3' ...
Verified junos-boot-srxsme-19.4R1.3.tgz signed by PackageProductionEc_2019 method
ECDSA256+SHA256
Verified junos-srxsme-19.4R1.3-domestic signed by PackageProductionEc_2019 method
ECDSA256+SHA256
Verified junos-boot-srxsme-19.4R1.3.tgz signed by PackageProductionEc_2019 method
240
ECDSA256+SHA256 V
erified junos-srxsme-19.4R1.3-domestic signed by PackageProductionEc_2019 method ECDSA256+SHA256
JUNOS 19.4R1.3 will become active at next reboot
WARNING: A reboot is required to load this software correctly
WARNING: Use the 'request system reboot' command
WARNING: when software installation is complete Saving state for rollback ...
request system software add (SRX Series device)
user@host> request system software add /var/tmp/junos-srxsme-19.4R2.3.tgz

WARNING: Package junos-19.4R2.3 version 19.4R2.3 is not compatible with this system.
WARNING: Please install a package with veloadr support, 20.3 or higher.
Release Information
best-effort-load and unlink options added in Junos OS Release 7.4.
sfc option introduced in Junos OS Release 9.6 for the TX Matrix Plus router.
set [package-name1package-name2] option added in Junos OS Release 11.1 for EX Series switches. Added in
Junos OS Release 12.2 for M Series, MX Series, and T Series routers.
On EX Series switches, the set [package-name1package-name2] option allows you to install only two software
packages on a mixed EX4200 and EX4500 Virtual Chassis. Whereas, on M Series, MX Series, and T
Series routers, the set [package-name1package-name2package-name3] option allows you to install multiple
software packages and software add-on packages at the same time.
upgrade-with-config and upgrade-with-config-format format options added in Junos OS Release 12.3 for M
Series routers, MX Series routers, and T Series routers, EX Series Ethernet switches, and QFX Series
devices.
device-alias, satellite, upgrade-group, and version options introduced in Junos OS Release 14.2R3 for Junos
Fusion.
validate-on-host and validate-on-routing-engine options added in Junos OS Release 15.1F3 for PTX5000
routers and MX240, MX480, and MX960 routers.
upgrade-with-config-format format option deleted in Junos OS Release 16.1 for M Series routers, MX Series
routers, and T Series routers, EX Series Ethernet switches, and QFX Series devices.
241

request system software rollback
request system storage cleanup
Installing Software Packages on QFX Series Devices (Junos OS)
Upgrading Software on a QFabric System
Managing Satellite Software Upgrade Groups in a Junos Fusion
request system software add (Maintenance)
request system zeroize (Junos OS)
IN THIS SECTION
Syntax | 241
Description | 241
Options | 243
Sample Output | 243
Syntax
request system zeroize

<media>
<local>
Description
Use this command to remove all configuration information on the Routing Engines and reset all key
values on the device where you run the command.
242
• If the device has dual Routing Engines, the command is broadcast to all Routing Engines on the
device.
• In a Virtual Chassis or Virtual Chassis Fabric (VCF) composed of EX Series switches (except EX8200
Virtual Chassis) or QFX Series switches, this command operates only on the member switch where
you run the command, even if that switch is in the primary Routing Engine role. The command is not
forwarded to the backup Routing Engine member or to member switches in the line-card role. To
apply this command to more than one member of an EX Series or QFX Series Virtual Chassis or VCF,
we recommend you remove and disconnect each of those members from the Virtual Chassis or VCF,
and then run the command on each isolated switch individually.
This command removes all data files, including customized configuration and log files, by unlinking the
files from their directories. The command removes all user-created files from the system, including all
plain-text passwords, secrets, and private keys for SSH, local encryption, local authentication, IPsec,
RADIUS, TACACS+, and SNMP.
This command reboots the device and sets it to the factory default configuration. After the reboot, you
cannot access the device through the management Ethernet interface. Log in through the console as root
and start the Junos OS CLI by typing cli at the prompt.
If the configuration contains the commit synchronize statement at the [edit system] hierarchy level, and you
issue a commit in the primary Routing Engine, the primary configuration is automatically synchronized
with the backup. If the backup Routing Engine is down when you issue the commit, the Junos OS displays
a warning and commits the candidate configuration in the primary Routing Engine. When the backup
Routing Engine comes up, its configuration will automatically be synchronized with the primary. A newly
inserted backup Routing Engine or a Routing Engine that comes up after running the request system
zeroize command also automatically synchronizes its configuration with the primary Routing Engine
configuration.
Starting with Junos OS Release 15.1F3, the request system zeroize command removes all configuration
information on the guest OS for the PTX5000 router with RE-DUO-C2600-16G, and MX240, MX480,
and MX960 with RE-S-1800X4-32G-S.
Starting with Junos OS Release 15.1F5, the request system zeroize command removes all configuration
information on the guest OS for the MX2010 and MX2020 with REMX2K-1800-32G-S.
On these routers, in order to remove all configuration information on both guest OS and host OS, use
the request vmhost zeroize command.
To completely erase user-created data so that it is unrecoverable, use the media option.
243
Options
media (Optional) In addition to removing all configuration and log files, causes memory and the media
to be scrubbed, removing all traces of any user-created files. Every storage device attached to
the system is scrubbed, including disks, flash drives, removable USBs, and so on. The duration of
the scrubbing process is dependent on the size of the media being erased. As a result, the
request system zeroize media operation can take considerably more time than the request system
zeroize operation. However, the critical security parameters are all removed at the beginning of
the process.
On QFX Series platforms running Junos OS Release 14.1X53 or earlier, the media option is not
available. On QFX Series platforms running releases later than Junos OS Release 14.1X53 that
do not have the upgraded FreeBSD kernel (10+), the media option is available, but if you use it,
the system will issue a warning that the media option is not supported and will continue with the
zeroize operation. On platforms that are not QFX Series platforms, the media option is not
available in Junos OS Release 17.2 or later with Junos with upgraded FreeBSD.
local (Optional) Remove all the configuration information and restore all the key values on the active
Routing Engine.
Specifying this option has no effect on switches in a Virtual Chassis or VCF composed of EX
Series switches (except EX8200 Virtual Chassis) or QFX switches, because in these
configurations, the request system zeroize command only operates locally by default.
maintenance
Sample Output
request system zeroize
user@host> request system zeroize

warning: System will be rebooted and may not boot without configuration
Erase all data, including configuration and log files? [yes,no] (no) yes
0 1 1 0 0 0 done
syncing disks... All buffers synced.

Uptime: 5d19h20m26s
244
recorded reboot as normal shutdown

Rebooting...
U-Boot 1.1.6 (Mar 11 2011 - 04:39:06)
Board: EX4200-24T 2.11

EPLD: Version 6.0 (0x85)
DRAM: Initializing (1024 MB)
FLASH: 8 MB
Firmware Version: --- 01.00.00 ---

USB: scanning bus for devices... 2 USB Device(s) found
scanning bus for storage devices... 1 Storage Device(s) found
ELF file is 32 bit

Consoles: U-Boot console
FreeBSD/PowerPC U-Boot bootstrap loader, Revision 2.4

([email protected], Fri Mar 11 03:03:36 UTC 2011)
Memory: 1024MB
bootsequencing is enabled
bootsuccess is set
new boot device = disk0s1:
Loading /boot/defaults/loader.conf
/kernel data=0x915c84+0xa1260 syms=[0x4+0x7cbd0+0x4+0xb1c19]
Hit [Enter] to boot immediately, or space bar for command prompt.

Booting [/kernel]...
Kernel entry at 0x800000e0 ...
GDB: no debug ports present
KDB: debugger backends: ddb
KDB: current backend: ddb
Copyright (c) 1996-2011, Juniper Networks, Inc.
All rights reserved.
Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
JUNOS 11.1R1.8 #0: 2011-03-09 20:14:25 UTC
[email protected]:/volume/build/junos/11.1/release/11.1R1.8/obj-powerpc/bsd/kernels/
JUNIPER-EX/kernel
Timecounter "decrementer" frequency 50000000 Hz quality 0
cpu0: Freescale e500v2 core revision 2.2
245
cpu0: HID0 80004080

...
Release Information
Option media added in Junos OS Release 11.4 for EX Series switches.
Option local added in Junos OS Release 14.1.

Reverting to the Default Factory Configuration for the EX Series Switch
Reverting to the Rescue Configuration for the EX Series Switch
Reverting to the Default Factory Configuration
Reverting to the Rescue Configuration
Reverting to the Default Factory Configuration by Using the request system zeroize Command
show chassis hardware
IN THIS SECTION
Syntax | 246
Syntax (EX Series Devices, MX104, MX204, MX2010, MX2020, MX10003, MX10008, and MX2008
Universal Routing Platforms) | 246
Syntax (MX Series Devices) | 247
Description | 247
Options | 248

246
Output Fields | 250
Sample Output | 254
show chassis hardware (SRX5800) | 269
Syntax

<detail | extensive>
<clei-models>
<models>
Syntax (EX Series Devices, MX104, MX204, MX2010, MX2020, MX10003,

MX10008, and MX2008 Universal Routing Platforms)

<clei-models>
<models>
<satellite [slot-id slot-id |device-alias alias-name]>

<clei-models>
<models>
<lcc number | scc>
247

<clei-models>
<models>
<lcc number | sfc number>
Syntax (MX Series Devices)

<clei-models>
<models>
<all-members>
<local>
<member member-id>
Syntax (QFX Series)

<clei-models>
<node-device name>
<models>
Description
Display a list of all Flexible PIC Concentrators (FPCs) and PICs installed in the router or switch chassis,
including the hardware version level and serial number.
In the EX Series switch command output, FPC refers to the following:
• On EX2200 switches, EX3200 switches, EX4200 standalone switches, and EX4500 switches—Refers
to the switch; FPC number is always 0.
• On EX4200 switches in a Virtual Chassis configuration—Refers to the member of a Virtual Chassis;

FPC number equals the member ID, from 0 through 9.
248
• On EX8208 and EX8216 switches—Refers to a line card; FPC number equals the slot number for the
line card.
On QFX3500, QFX5100, and OCX Series standalone switches, and PTX1000 devices both the FPC and
FPC number are always 0.
On T4000 Type 5 FPCs, there are no top temperature sensor or bottom temperature sensor parameters. Instead,
fan intake temperature sensor and fan exhaust temperature sensors parameters are displayed.
Starting from Junos OS Release 11.4, the output of the show chassis hardware models operational mode
command displays the enhanced midplanes FRU model numbers (CHAS-BP3-MX240-S, CHAS-BP3-
MX480-S or CHAS-BP3-MX960-S) based on the router. Prior to release 11.4, the FRU model numbers
are left blank when the router has enhanced midplanes. Note that the enhanced midplanes are
introduced through the Junos OS Release 13.3, but can be supported on all Junos OS releases.
Starting with Junos OS Release 14.1, the output of the show chassis hardware detail | extensive | clei-
models | models operational mode command displays the new DC power supply module (PSM) and power
distribution unit (PDU) that are added to provide power to the high-density FPC (FPC2-PTX-P1A) and
other components in a PTX5000 Packet Transport Router.
Options
none Display information about hardware. For a TX Matrix router, display information
about the TX Matrix router and its attached T640 devices. For a TX Matrix Plus
router, display information about the TX Matrix Plus router and its attached
devices.
clei-models (Optional) Display Common Language Equipment Identifier (CLEI) barcode and
model number for orderable field-replaceable units (FRUs).
detail (Optional) Include RAM and disk information in output.
extensive (Optional) Display ID EEPROM information.
all-members (MX Series devices only) (Optional) Display hardware-specific information for all
the members of the Virtual Chassis configuration.
interconnect- (QFabric systems only) (Optional) Display hardware-specific information for the
device name Interconnect device.
lcc number (TX Matrix devices and TX Matrix Plus router only) (Optional) On a TX Matrix
router, display hardware information for a specified T640 router (line-card chassis)
that is connected to the TX Matrix router. On a TX Matrix Plus router, display
hardware information for a specified router (line-card chassis) that is connected to
the TX Matrix Plus router.
249
• 0 through 3, when T640 devices are connected to a TX Matrix router in a

routing matrix.
• 0 through 3, when T1600 devices are connected to a TX Matrix Plus router in

a routing matrix.
• 0 through 7, when T1600 devices are connected to a TX Matrix Plus router

• 0, 2, 4, or 6, when T4000 devices are connected to a TX Matrix Plus router

local (MX Series devices only) (Optional) Display hardware-specific information for the
local Virtual Chassis members.
member member-id (MX Series devices and EX Series switches) (Optional) Display hardware-specific
information for the specified member of the Virtual Chassis configuration. Replace
member-id variable with a value 0 or 1.
models (Optional) Display model numbers and part numbers for orderable FRUs and, for
components that use ID EEPROM format v2, the CLEI code.
node-device name (QFabric systems only) (Optional) Display hardware-specific information for the
Node device.
satellite [slot-id (Junos Fusion only) (Optional) Display hardware information for the specified
slot-id | device-alias satellite device in a Junos Fusion, or for all satellite devices in the Junos Fusion if
alias-name]
no satellite devices are specified.
scc (TX Matrix router only) (Optional) Display hardware information for the TX Matrix
router (switch-card chassis).
sfc number (TX Matrix Plus router only) (Optional) Display hardware information for the
TX Matrix Plus router (switch-fabric chassis). Replace number variable with 0.
The show chassis hardware detail command now displays DIMM information for the following Routing
Engines, as shown in Table 5 on page 250.
250
Table 5: Routing Engines Displaying DIMM Information
Routing Engines Devices
RE-S-1800x2 and RE-S-1800x4 MX240, MX480, and MX960 devices
RE-A-1800x2 M120 and M320 devices
In Junos OS Release 11.4 and later, the output for the show chassis hardware models operational mode
command for MX Series devices display the enhanced midplanes FRU model numbers—CHAS-BP3-
MX240-S, CHAS-BP3-MX480-S, or CHAS-BP3-MX960-S—based on the router. In releases before Junos
OS Release 11.4, the FRU model numbers are left blank when the router has enhanced midplanes. Note
that the enhanced midplanes are introduced through Junos OS Release 13.3, but can be supported on all
Junos OS releases.
Starting with Junos OS Release 17.3R1, the output of the show chassis hardware command displays the
mode in which vMX is running (performance mode or lite mode) in the part number field for the FPC.
RIOT-PERF indicates performance mode and RIOT-LITE indicates lite mode.
Starting with Junos OS Release 22.2R1, the RE-S-X6-128G-K Routing Engine (RE) is supported for
MX240, MX480, and MX960 devices. View the details of the RE in the command output.
view
Output Fields
Table 6 on page 250 lists the output fields for the show chassis hardware command. Output fields are listed
in the approximate order in which they appear.
Table 6: show chassis hardware Output Fields
Field Name Field Description Level of Output
Item Show information about the device hardware. All levels
Version Revision level of the chassis component. All levels
Part number Part number of the chassis component. All levels

251
Table 6: show chassis hardware Output Fields (Continued)
Serial number Serial number of the chassis component. The serial number of the All levels
backplane is also the serial number of the router chassis. Use this serial
number when you need to contact Juniper Networks Customer Support
about the router or switch chassis.
Assb ID or (extensive keyword only) Identification number that describes the FRU extensive
Assembly ID hardware.
Assembly Version (extensive keyword only) Version number of the FRU hardware. extensive
Assembly Flags (extensive keyword only) Flags. extensive
FRU model number (clei-models, extensive, and models keyword only) Model number of the none specified
FRU hardware component.
CLEI code (clei-models and extensive keyword only) Common Language Equipment none specified
Identifier code. This value is displayed only for hardware components
that use ID EEPROM format v2. This value is not displayed for
components that use ID EEPROM format v1.
EEPROM Version ID EEPROM version used by the hardware component: 0x00 (version 0), extensive
0x01 (version 1), or 0x02 (version 2).
252
Description Brief description of the hardware item: All levels
• Type of power supply.
• Type of PIC. If the PIC type is not supported on the current software
release, the output states Hardware Not Supported.
• Type of FPC: FPC Type 1, FPC Type 2, FPC Type 3, FPC Type 4 , or FPC
TypeOC192.
On EX Series switches, a brief description of the FPC.
The following list shows the PIM abbreviation in the output and the
corresponding PIM name.
• 2x FE—Either two built-in Fast Ethernet interfaces (fixed PIM) or

dual-port Fast Ethernet PIM
• 4x FE—4-port Fast Ethernet ePIM
• 1x GE Copper—Copper Gigabit Ethernet ePIM (one 10-Mbps, 100-

Mbps, or 1000-Mbps port)
• 1x GE SFP—SFP Gigabit Ethernet ePIM (one fiber port)
• 2x Serial—Dual-port serial PIM
• 2x T1—Dual-port T1 PIM
• 2x E1—Dual-port E1 PIM
• 2x CT1E1—Dual-port channelized T1/E1 PIM
• 1x T3—T3 PIM (one port)
• 1x E3—E3 PIM (one port)
• 4x BRI S/T—4-port ISDN BRI S/T PIM
• 4x BRI U—4-port ISDN BRI U PIM
• 1x ADSL Annex A—ADSL 2/2+ Annex A PIM (one port, for POTS)
253
• 1x ADSL Annex B—ADSL 2/2+ Annex B PIM (one port, for ISDN)
• 2x SHDSL (ATM)—G SHDSL PIM (2-port two-wire module or 1-

port four-wire module)
• 1x TGM550—TGM550 Telephony Gateway Module (Avaya VoIP

gateway module with one console port, two analog LINE ports,
and two analog TRUNK ports)
• 1x DS1 TIM510—TIM510 E1/T1 Telephony Interface Module

(Avaya VoIP media module with one E1 or T1 trunk termination
port and ISDN PRI backup)
• 4x FXS, 4xFX0, TIM514—TIM514 Analog Telephony Interface

Module (Avaya VoIP media module with four analog LINE ports
and four analog TRUNK ports)
• 4x BRI TIM521—TIM521 BRI Telephony Interface Module (Avaya

VoIP media module with four ISDN BRI ports)
• Crypto Accelerator Module—For enhanced performance of

cryptographic algorithms used in IP Security (IPsec) services
• MPC M 16x 10GE—16-port 10-Gigabit Module Port Concentrator that

supports SFP+ optical transceivers. (Not on EX Series switches.)
• For hosts, the Routing Engine type.
• For small form-factor pluggable transceiver (SFP) modules, the type

of fiber: LX, SX, LH, or T.
• LCD description for EX Series switches (except EX2200 switches).
• MPC2—1-port MPC2 that supports two separate slots for MICs.
• MPC3E—1-port MPC3E that supports two separate slots for MICs

(MIC-3D-1X100GE-CFP and MIC-3D-20GE-SFP) on MX960,
MX480, and MX240 devices. The MPC3E maps one MIC to one PIC
(1 MIC, 1 PIC), which differs from the mapping of legacy MPCs.
• 100GBASE-LR4, pluggable CFP optics

254
• Supports the Enhanced MX Switch Control Board with fabric

redundancy and existing SCBs without fabric redundancy.
• Interoperates with existing MX Series line cards, including Flexible

Port Concentrators (FPC), Dense Port Concentrators (DPCs), and
Modular Port Concentrators (MPCs).
• MPC4E—Fixed configuration MPC4E that is available in two flavors:

MPC4E-3D-32XGE-SFPP and MPC4E-3D-2CGE-8XGE on MX2020,
MX960, MX480, and MX240 devices.
• LCD description for MX Series devices
Sample Output
show chassis hardware (MX240, MX480, MX960 Devices)
user@host> show chassis hardware
Hardware inventory:
Item Version Part number Serial number Description
Chassis JN1230686AFB MX480
Midplane REV 05 710-017414 ACRB7717 MX480 Midplane
FPM Board REV 02 710-017254 CADF2017 Front Panel Display
PEM 0 Rev 03 740-022697 QCS1142C0HJ PS 1.2-1.7kW; 100-240V AC in
PEM 1 Rev 01 740-022697 QCS1035C0CM PS 1.2-1.7kW; 100-240V AC in
Routing Engine 0 REV 06 711-145342 CASE0160 RE-S-X6-128G-K
CB 0 REV 05 750-055976 CAES7891 Enhanced MX SCB 2
CB 1 REV 12 750-062572 CALM3310 Enhanced MX SCB 2
Fan Tray Enhanced Left Fan Tray
show chassis hardware (MX10008 Router)

255
Hardware inventory:
Chassis DE538 JNP10008 [MX10008]
Midplane REV 27 750-054097 ACPD6954 Midplane 8
Routing Engine 0 BUILTIN BUILTIN RE X10
Routing Engine 1 BUILTIN BUILTIN RE X10 128
CB 0 REV 10 750-079562 CAKF2158 Control Board
CB 1 REV 05 711-065897 CAJG2680 Control Board
FPC 1 REV 04 750-084779 CAKN5706 JNP10K-LC2101
CPU REV 05 750-073391 CAKJ2864 LC 2101 PMB
PIC 0 BUILTIN BUILTIN 4xQSFP28 SYNCE
Xcvr 0 REV 01 740-046565 XXL0BQM QSFP+-40G-SR4
Xcvr 1 REV 01 740-032986 QB350242 QSFP+-40G-SR4
Xcvr 2 REV 01 740-054053 QE408285 QSFP+-4X10G-SR
Xcvr 3 REV 01 740-046565 QF3300Z9 QSFP+-40G-SR4
Xcvr 0 REV 01 740-067442 QJ2200LD QSFP+-40G-SR4
Xcvr 1 REV 01 740-038153 APF170500382DP QSFP+-40G-CU3M
Xcvr 2 REV 01 740-067442 QI4302LC QSFP+-40G-SR4
Xcvr 0 REV 01 740-067442 1ACP1335119 QSFP+-40G-SR4
Xcvr 1 REV 01 740-067442 1ACP1313156 QSFP+-40G-SR4
Xcvr 2 REV 01 740-067442 QK050040 QSFP+-40G-SR4
Xcvr 3 REV 01 740-067442 QJ2201BG QSFP+-40G-SR4
Xcvr 0 REV 01 740-058734 1ECQ12400CS QSFP-100GBASE-SR4
Xcvr 1 REV 01 740-046565 QF3300ZX QSFP+-40G-SR4
Xcvr 2 REV 01 740-061405 1ECQ12510FH QSFP-100G-SR4-T2
Xcvr 3 REV 01 740-032986 QB491182 QSFP+-40G-SR4
Xcvr 0 REV 01 740-067442 QJ2200D5 QSFP+-40G-SR4
Xcvr 1 REV 01 740-054053 XXS0L95 QSFP+-4X10G-SR
Xcvr 0 REV 01 740-054053 QE251550 QSFP+-4X10G-SR
Xcvr 1 REV 01 740-054053 XZB01D5 QSFP+-4X10G-SR
Xcvr 3 REV 01 740-046565 QI1402F9 QSFP+-40G-SR4
FPD Board REV 07 711-054687 ACPF2896 Front Panel Display
PEM 1 REV 02 740-049388 1EDL62102PR Power Supply AC
PEM 2 REV 02 740-049388 1EDL60300H2 Power Supply AC
PEM 4 REV 02 740-049388 1EDL603003Z Power Supply AC
PEM 5 REV 01 740-049388 1EDL339001B Power Supply AC
FTC 0 REV 14 750-050108 ACNW3344 Fan Controller 8
FTC 1 REV 14 750-050108 ACPE3978 Fan Controller 8
256
Fan Tray 0 REV 09 760-054372 ACNV5507 Fan Tray 8

Fan Tray 1 REV 09 760-054372 ACNV5371 Fan Tray 8
SFB 0 REV 25 750-050058 ACPH6821 Switch Fabric (SIB) 8
SFB 1
SFB 2 REV 24 750-050058 ACNZ0641 Switch Fabric (SIB) 8
SFB 3 REV 27 750-050058 ACPH9127 Switch Fabric (SIB) 8
SFB 5 REV 24 750-050058 ACNX7396 Switch Fabric (SIB) 8
show chassis hardware (PTX10008 Router)
root@host> show chassis hardware

Hardware inventory:
Chassis DK404 JNP10008 [PTX10008]
Midplane REV 28 750-054097 ACPP2394 Midplane 8
Routing Engine 0 BUILTIN BUILTIN RE-PTX-2X00x4
Routing Engine 1 BUILTIN BUILTIN RE-PTX-2X00x4
CB 0 REV 04 750-068820 ACPT5303 Control Board
CB 1 REV 04 750-068820 ACPR1627 Control Board
FPC 6 REV 13 750-068822 ACPB2753 LC1102 - 12C / 36Q /
14 4X
CPU BUILTIN BUILTIN FPC CPU
PIC 0 BUILTIN BUILTIN 12x100GE/36x40GE/
144x10 GE
Xcvr 0 REV 01 740-067442 XV304N6 QSFP+-40G-SR4
Xcvr 1 REV 01 740-067442 XV30A5M QSFP+-40G-SR4
Xcvr 2 REV 01 740-067442 XV300HC QSFP+-40G-SR4
Xcvr 3 REV 01 740-067443 XU20L17 QSFP+-40G-SR4
Xcvr 4 REV 01 740-067442 XV303XG QSFP+-40G-SR4
Xcvr 5 REV 01 740-067443 XV306QC QSFP+-40G-SR4
Xcvr 6 REV 01 740-067442 XV303Y7 QSFP+-40G-SR4
Xcvr 7 REV 01 740-067443 XX60DMR QSFP+-40G-SR4
Xcvr 9 REV 01 740-067443 XX60DNY QSFP+-40G-SR4
Xcvr 10 REV 01 740-054053 QF4605WF QSFP+-4X10G-SR
Xcvr 13 REV 01 740-058734 1ECQ115007D QSFP-100GBASE-SR4
Xcvr 15 REV 01 740-046565 QH06035R QSFP+-40G-SR4
Xcvr 16 REV 01 740-046565 QH0602KC QSFP+-40G-SR4
Xcvr 17 REV 01 740-046565 QH0507PA QSFP+-40G-SR4
Xcvr 18 REV 01 740-046565 QH06035M QSFP+-40G-SR4
Xcvr 24 REV 01 740-046565 QH0507QL QSFP+-40G-SR4
Xcvr 25 REV 01 740-067443 XV20CWP QSFP+-40G-SR4
257
Xcvr 34 REV 01 740-046565 QH06035U QSFP+-40G-SR4

Xcvr 35 REV 01 740-067443 XX60DN9 QSFP+-40G-SR4
FPC 7 REV 41 750-051357 ACPL3446 LC1101 - 30C / 30Q / 96X
PIC 0 BUILTIN BUILTIN 30x100GE/30x40GE/96x10GE
Xcvr 0 REV 01 740-067443 XX60DPC QSFP+-40G-SR4
Xcvr 1 REV 01 740-054053 QF4605W7 QSFP+-4X10G-SR
Xcvr 2 REV 01 740-067443 XX60DP8 QSFP+-40G-SR4
Xcvr 3 REV 01 740-067442 XV30FYM QSFP+-40G-SR4
Xcvr 4 REV 01 740-067442 1ACP133406Z QSFP+-40G-SR4
Xcvr 5 REV 01 740-067443 XX60DP5 QSFP+-40G-SR4
Xcvr 8 REV 01 740-046565 QH060355 QSFP+-40G-SR4
Xcvr 12 REV 01 740-058734 1ECQ115008C QSFP-100GBASE-SR4
Xcvr 15 REV 01 740-046565 QH0602KG QSFP+-40G-SR4
Xcvr 16 REV 01 740-046565 QH0602LG QSFP+-40G-SR4
Xcvr 17 REV 01 740-046565 QH06035S QSFP+-40G-SR4
Xcvr 18 REV 01 740-046565 QH0602KS QSFP+-40G-SR4
Xcvr 24 REV 01 740-067443 QI2902DP QSFP+-40G-SR4
Power Supply 2 REV 02 740-049388 1EDL70200NP Power Supply AC
Power Supply 3 REV 02 740-049388 1EDL603005C Power Supply AC
Power Supply 4 REV 02 740-049388 1EDL70200P1 Power Supply AC
Power Supply 5 REV 02 740-049388 1EDL70200B7 Power Supply AC
FTC 0 REV 16 750-050108 ACPK8682 Fan Controller 8
FTC 1 REV 16 750-050108 ACPR9530 Fan Controller 8
Fan Tray 0 REV 10 760-054372 ACPR9509 Fan Tray 8
Fan Tray 1 REV 10 760-054372 ACPV7260 Fan Tray 8
SIB 1 REV 28 750-050058 ACPV6306 Switch Fabric 8
SIB 2 REV 28 ACPR2569 Switch Fabric 8
SIB 3 REV 28 750-05 ACPW7402 Switch Fabric 8
SIB 4 REV 28 750-050058 ACPR2577 Switch Fabric 8
FPD Board REV 07 711-054687 ACPM4965 Front Panel Display
show chassis hardware (PTX10016 Router Junos OS Evolved Release)

Hardware inventory:
Chassis DY814 JNP10016 [PTX10016]
Midplane 0 REV 02 750-085608 BCAW3258 Midplane 16
FPM 0 REV 01 711-086964 BCAR0775 Front Panel Display
PSM 0 Rev 03 740-069994 1F269200046 JNP10K 5500W AC/HVDC Power Supply Unit
258
PSM 1 Rev 03 740-069994 1F269170144 JNP10K 5500W AC/HVDC Power Supply Unit
PSM 2 REV 02 740-049388 1EDL60300C6 JNP10K 5500W AC/HVDC Power Supply Unit
PSM 3 REV 02 740-049388 1EDL603005X JNP10K 5500W AC/HVDC Power Supply Unit
PSM 4 REV 02 740-049388 1EDL6170275 JNP10K 5500W AC/HVDC Power Supply Unit
PSM 5 REV 02 740-049388 1EDL61701WD JNP10K 5500W AC/HVDC Power Supply Unit
Routing Engine 0 BUILTIN BUILTIN JNP10K-RE1-E
CB 0 REV 15 750-079562 BCAW3941 Control Board
Routing Engine 1 BUILTIN BUILTIN JNP10K-RE1-E
FPC 0 REV 07 750-093524 BCAY8271 JNP10K-LC1201
CPU REV 14 710-001726 HM1084 FPC CPU
FPC 10 REV 07 750-093524 BCAY8277 JNP10K-LC1201CPU REV 05
710-010169 HZ3219 FPC CPU-Enhanced
SIB 0 REV 02 750-083426 BCAV7680 SIB-JNP10016
FTC 0 REV 10 750-086270 BCAV0609 Fan Controller 16
Fan Tray 0 REV 02 750-103311 BCAY1793 Fan Tray 16
Fan Tray 1 REV 02 750-103311 BCAY1797 Fan Tray 16
show chassis hardware clei-models (PTX10016 Router)
user@host> show chassis hardware clei-models

Hardware inventory:
Item Version Part number CLEI code FRU model number
Midplane REV 24 750-077138 CMMUN00ARA JNP10016
CB 0 REV 04 711-065897 PROTOXCLEI PROTO-ASSEMBLY
CB 1 REV 05 711-065897 PROTOXCLEI PROTO-ASSEMBLY
FPC 2
PIC 0 BUILTIN
FPC 4 REV 35 750-071976 CMUIANABAA JNP10K-LC1101
PIC 0 BUILTIN
FPC 5 REV 13 750-068822 CMUIAM9BAC QFX10000-36Q
PIC 0 BUILTIN
FPC 6 REV 41 750-071976 CMUIANABAB JNP10K-LC1101
PIC 0 BUILTIN
PIC 0 BUILTIN
259

PIC 0 BUILTIN
PIC 0 BUILTIN
PIC 0 BUILTIN
PIC 0 BUILTIN
PIC 0 BUILTIN
PIC 0 BUILTIN
Power Supply 0 REV 01 740-073147 CMUPADPBAA JNP10K-PWR-DC
Fan Tray 0 QFX5100-FAN-AFO
Fan Tray 1 QFX5100-FAN-AFO
SIB 0 REV 15 750-077140 CMUCAH6CAA JNP10016-SF
FPD Board REV 07 711-054687
show chassis hardware (QFX5700 Router)

Hardware inventory:
Chassis EC819 JNP5700 [QFX5700]
…..
…..
…..
Routing Engine 0 BUILTIN BUILTIN JNP5700-RCB
260
Routing Engine 1 BUILTIN BUILTIN JNP5700-RCB

CB 0 REV 15 750-079562 BCAV5526 Control Board
show chassis hardware (SRX5800 Router)

Hardware inventory:
Chassis JN1080B50AFA MX960
Midplane REV 02 710-013698 CC6226 MX960 Backplane
Fan Extender REV 02 710-018051 JY5235 Extended Cable Manager
FPM Board REV 01 710-014974 JS4207 Front Panel Display
PEM 0 Rev 01 740-080280 1F238510008 MX960-UNIVERSAL-HV-PSM
show chassis hardware detail (EX9251 Switch)
user@switch> show chassis hardware

Hardware inventory:
Chassis BLANK EX9251
Routing Engine 0 BUILTIN BUILTIN RE-S-2X00x6
CB 0 REV 05 750-069579 CAGT1382 EX9251
FPC 0 BUILTIN BUILTIN MPC
PIC 0 BUILTIN BUILTIN 4XQSFP28 PIC
Xcvr 0 REV 01 740-044512 APF14500007NHC QSFP+-40G-CU50CM
Xcvr 2 REV 01 740-046565 QH21035H QSFP+-40G-SR4
PIC 1 BUILTIN BUILTIN 8XSFPP PIC
Xcvr 0 REV 01 740-031980 AA15393URH7 SFP+-10G-SR
Xcvr 1 REV 01 740-031980 AA162832LVG SFP+-10G-SR
Xcvr 2 REV 01 740-031980 MXA0NKJ SFP+-10G-SR
Xcvr 3 REV 01 740-031980 MXA0K75 SFP+-10G-SR
Xcvr 4 REV 01 740-021308 MXA138L SFP+-10G-SR
Xcvr 5 REV 01 740-021308 13T511102684 SFP+-10G-SR
261
Xcvr 6 REV 01 740-021308 MXA138E SFP+-10G-SR

Xcvr 7 REV 01 740-021308 MXA152N SFP+-10G-SR
PEM 0 REV 02 740-070749 1F186390060 AC AFO 650W PSU
PEM 1 REV 02 740-070749 1F186390045 AC AFO 650W PSU
Fan Tray 0 Fan Tray, Front to Back Airflow - AFO
show chassis hardware extensive (T640 Router)
user@host> show chassis hardware extensive

Hardware inventory:
Chassis T640
Jedec Code: 0x7fb0 EEPROM Version: 0x01
P/N: ........... S/N: ...........
Assembly ID: 0x0507 Assembly Version: 00.00
Date: 00-00-0000 Assembly Flags: 0x00
Version: ...........
ID: Gibson LCC Chassis
Board Information Record:
Address 0x00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
I2C Hex Data:
Address 0x00: 7f b0 01 ff 05 07 00 00 00 00 00 00 00 00 00 00
Address 0x10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Address 0x20: ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00
Address 0x30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Address 0x40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Midplane REV 04 710-002726 AX5633
Jedec Code: 0x7fb0 EEPROM Version: 0x01
P/N: 710-002726. S/N: AX5633.
Assembly ID: 0x0127 Assembly Version: 01.04
Date: 06-27-2001 Assembly Flags: 0x00
Version: REV 04.....
ID: Gibson Backplane
Board Information Record:
Address 0x00: ad 01 08 00 00 90 69 0e f8 00 ff ff ff ff ff ff
I2C Hex Data:
Address 0x00: 7f b0 01 ff 01 27 01 04 52 45 56 20 30 34 00 00
Address 0x10: 00 00 00 00 37 31 30 2d 30 30 32 37 32 36 00 00
Address 0x20: 53 2f 4e 20 41 58 35 36 33 33 00 00 00 1b 06 07
Address 0x30: d1 ff ff ff ad 01 08 00 00 90 69 0e f8 00 ff ff
262
Address 0x40: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
FPM GBUS REV 02 710-002901 HE3245
...
FPM Display REV 02 710-002897 HA4873
...
CIP REV 05 710-002895 HA4729
...
PEM 1 RevX02 740-002595 MD21815 Power Entry Module
...
SCG 0 REV 04 710-003423 HF6023
...
SCG 1 REV 04 710-003423 HF6061
...
Routing Engine 0 REV 01 740-005022 210865700292 RE-3.0
...
CB 0 REV 06 710-002728 HE3614
...
FPC 1 REV 01 710-002385 HE3009 FPC Type 1
... REV 06 710-001726 HC0010
show chassis hardware interconnect-device (QFabric Systems)
user@switch> show chassis hardware interconnect-device interconnect1

Hardware inventory:
Chassis REV 07 QFX_olive
Midplane REV 07 750-021261 BH0208188289 QFX Midplane
CB 0 REV 07 750-021261 BH0208188289 QFXIC08-CB4S
show chassis hardware lcc (TX Matrix Router)
user@host> show chassis hardware lcc 0

lcc0-re0:
--------------------------------------------------------------------------
Hardware inventory:
Chassis 65751 T640
Midplane REV 03 710-005608 RA1408 T640 Backplane
FPM GBUS REV 09 710-002901 RA2784 T640 FPM Board
FPM Display REV 05 710-002897 RA2825 FPM Display
263
CIP REV 06 710-002895 HT0684 T Series CIP

PEM 0 Rev 11 740-002595 PM18483 Power Entry Module
PEM 1 Rev 11 740-002595 qb13984 Power Entry Module
SCG 0 REV 11 710-003423 HT0022 T640 Sonet Clock Gen.
Routing Engine 0 REV 13 740-005022 210865700363 RE-3.0 (RE-600)
CB 0 REV 03 710-007655 HW1195 Control Board (CB-T)
FPC 1 REV 05 710-007527 HM3245 FPC Type 2
CPU REV 14 710-001726 HM1084 FPC CPU
PIC 0 REV 02 750-007218 AZ1112 2x OC-12 ATM2 IQ, SMIR
PIC 1 REV 02 750-007745 HG3462 4x OC-3 SONET, SMIR
PIC 2 REV 14 750-001901 BA5390 4x OC-12 SONET, SMIR
PIC 3 REV 09 750-008155 HS3012 2x G/E IQ, 1000 BASE
SFP 0 NON-JNPR P1186TY SFP-S
SFP 1 REV 01 740-007326 P11WLTF SFP-SX
MMB 1 REV 02 710-005555 HL7514 MMB-288mbit
PPB 0 REV 04 710-003758 HM4405 PPB Type 2
PPB 1 REV 04 710-003758 AV1960 PPB Type 2
FPC 2 REV 08 710-010154 HZ3578 E-FPC Type 3
CPU REV 05 710-010169 HZ3219 FPC CPU-Enhanced
PIC 0 REV 02 750-009567 HX2882 1x 10GE(LAN),XENPAK
SFP 0 REV 01 740-009898 USC202U709 XENPAK-LR
PIC 1 REV 03 750-003336 HJ9954 4x OC-48 SONET, SMSR
PIC 2 REV 01 750-004535 HC0235 1x OC-192 SM SR1
PIC 3 REV 07 750-007141 HX1699 10x 1GE(LAN), 1000 BASE
SFP 0 REV 01 740-007326 2441042 SFP-SX
SFP 1 REV 01 740-007326 2441027 SFP-SX
MMB 0 REV 03 710-010171 HV2365 MMB-5M3-288mbit
MMB 1 REV 03 710-010171 HZ3888 MMB-5M3-288mbit
SPMB 0 REV 09 710-003229 HW5245 T Series Switch CPU
SIB 3 REV 07 710-005781 HR5927 SIB-L8-F16
B Board REV 06 710-005782 HR5971 SIB-L8-F16 (B)
SIB 4 REV 07 710-005781 HR5903 SIB-L8-F16
B Board REV 06 710-005782 HZ5275 SIB-L8-F16 (B)
show chassis hardware models (MX2010 Router)
user@host > show chassis hardware models

Hardware inventory:
Item Version Part number Serial number FRU model number
FPM Board REV 06 711-032349 ZX8744 711-032349
PSM 4 REV 0C 740-033727 VK00254 00000000000000000000000
264
PSM 5 REV 0B 740-033727 VG00015 00000000000000000000000

PSM 6 REV 0B 740-033727 VH00097 00000000000000000000000
PSM 7 REV 0C 740-033727 VJ00151 00000000000000000000000
PSM 8 REV 0C 740-033727 VJ00149 00000000000000000000000
PDM 0 REV 0B 740-038109 WA00008
PDM 1 REV 0B 740-038109 WA00014
Routing Engine 0 REV 02 740-041821 9009094134 RE-S-1800X4-16G-S
Routing Engine 1 REV 02 740-041821 9009094141 RE-S-1800X4-16G-S
CB 0 REV 08 750-040257 CAAB3491 750-040257
CB 1 REV 08 750-040257 CAAB3489 750-040257
SFB 0 REV 06 711-032385 ZV1828 711-032385
SFB 1 REV 07 711-032385 ZZ2568 711-032385
SFB 2 REV 07 711-032385 ZZ2563 711-032385
SFB 3 REV 07 711-032385 ZZ2564 711-032385
SFB 4 REV 07 711-032385 ZZ2580 711-032385
SFB 5 REV 07 711-032385 ZZ2579 711-0323856
SFB 6 REV 07 711-032385 CAAB4882 711-044170
SFB 7 REV 07 711-032385 CAAB4898 711-044170
FPC 0 REV 33 750-028467 CAAB1919 MPC-3D-16XGE-SFPP
FPC 1 REV 21 750-033205 ZG5027 MX-MPC3-3D
MIC 0 REV 03 750-033307 ZV6299 MIC3-3D-10XGE-SFPP
MIC 1 REV 03 750-033307 ZV6268 MIC3-3D-10XGE-SFPP
FPC 8 REV 22 750-031089 ZT9746 MX-MPC2-3D
MIC 0 REV 26 750-028392 ABBS1150 MIC-3D-20GE-SFP
MIC 1 REV 26 750-028387 ABBR9582 MIC-3D-4XGE-XFP
FPC 9 REV 11 750-036284 ZL3591 MPCE-3D-16XGE-SFPP
ADC 0 REV 05 750-043596 CAAC2073 750-043596
ADC 1 REV 01 750-043596 ZV4117 750-043596
ADC 8 REV 01 750-043596 ZV4107 750-043596
ADC 9 REV 02 750-043596 ZW1555 750-043596
Fan Tray 0 REV 2A 760-046960 ACAY0015
show chassis hardware node-device (QFabric Systems)
user@switch> show chassis hardware node-device node1

Routing Engine 0 BUILTIN BUILTIN QFX Routing Engine
node1 REV 05 711-032234 ED3694 QFX3500-48S4Q-AFI
265

PIC 0 BUILTIN BUILTIN 48x 10G-SFP+
Xcvr 8 REV 01 740-030658 AD0946A028B SFP+-10G-USR
show chassis hardware scc (TX Matrix Router)
user@host> show chassis hardware scc

scc-re0:
--------------------------------------------------------------------------
Hardware inventory:
Chassis TX Matrix
Midplane REV 04 710-004396 RB0014 SCC Midplane
FPM GBUS REV 04 710-004617 HW9141 SCC FPM Board
FPM Display REV 04 710-004619 HS5950 SCC FPM
CIP 0 REV 01 710-010218 HV9151 SCC CIP
CIP 1 REV 01 710-010218 HV9152 SCC CIP
PEM 1 Rev 11 740-002595 QB13977 Power Entry Module
Routing Engine 0 REV 05 740-008883 P11123900153 RE-4.0 (RE-1600)
CB 0 REV 01 710-011709 HR5964 Control Board (CB-TX)
SPMB 0 REV 09 710-003229 HW5293 T Series Switch CPU
SIB 3
SIB 4 REV 01 710-005839 HW1177 SIB-S8-F16
B Board REV 01 710-005840 HW1202 SIB-S8-F16 (B)
show chassis hardware sfc (TX Matrix Plus Router)
user@host> show chassis hardware sfc 0

sfc0-re0:
--------------------------------------------------------------------------
Hardware inventory:
Chassis JN112F007AHB TXP
Midplane REV 05 710-022574 TS4027 SFC Midplane
FPM Display REV 03 710-024027 DX0282 TXP FPM Display
CIP 0 REV 04 710-023792 DW4889 TXP CIP
CIP 1 REV 04 710-023792 DW4887 TXP CIP
PEM 0 Rev 07 740-027463 UM26368 Power Entry Module
Routing Engine 0 REV 01 740-026942 737A-1064 SFC RE
Routing Engine 1 REV 01 740-026942 737A-1082 SFC RE
266
CB 0 REV 09 710-022606 DW6099 SFC Control Board

CB 1 REV 09 710-022606 DW6096 SFC Control Board
SPMB 0 BUILTIN SFC Switch CPU
SPMB 1 BUILTIN SFC Switch CPU
SIB F13 0 REV 04 710-022600 DX0841 F13 SIB
B Board REV 03 710-023431 DX0966 F13 SIB Mezz
SIB F13 1 REV 04 750-024564 DW5776 F13 SIB
B Board REV 03 710-023431 DW9028 F13 SIB
SIB F13 3 REV 04 750-024564 DW5762 F13 SIB
SIB F13 4 REV 04 750-024564 DW5797 F13 SIB
SIB F13 6 REV 04 750-024564 DW5770 F13 SIB
B Board REV 03 710-023431 DW9079 F13 SIB Mezz
SIB F13 7 REV 04 750-024564 DW5758 F13 SIB
SIB F13 8 REV 04 750-024564 DW5761 F13 SIB
SIB F13 9 REV 04 750-024564 DW5754 F13 SIB
SIB F13 11 REV 04 710-022600 DX0826 F13 SIB
B Board REV 03 710-023431 DX0967 F13 SIB Mezz
SIB F13 12 REV 04 750-024564 DW5794 F13 SIB
SIB F2S 0/0 REV 05 710-022603 DW7897 F2S SIB
B Board REV 05 710-023787 DW7657 NEO PMB
B Board REV 05 710-023787 DW7556 F2S SIB Mezz
267

Fan Tray 0 REV 06 760-024497 DV7831 Front Fan Tray
Fan Tray 1 REV 06 760-024497 DV9614 Front Fan Tray
Fan Tray 2 REV 06 760-024502 DV9618 Rear Fan Tray
show chassis hardware (ACX7100-48L)

Hardware inventory:
Chassis YW0220320039 JNP7100-48L
[ACX7100-48
L]
PSM 1 REV 04 740-085431 1ED79520221 PSU 1600W AC, Front
to Back
Airflow
Routing Engine 0 REV 04 611-112446 YY0220320013 RE-JNP-7100
CB 0 REV 05 650-113149 YW0220320039 Control Board
268
FPC 0 BUILTIN BUILTIN ACX7100-48L

PIC 0 BUILTIN BUILTIN MRATE- 48xSFP56 +
6xQSF P56-
DD
Xcvr 0 REV 01 740-068639 1A1M31A311008 SFP28-25G-BASE-SR
Xcvr 1 REV 01 740-030658 AA1230AZYWW SFP+-10G-USR
Xcvr 2 REV 01 740-031980 AP42G0C SFP+-10G-SR
Xcvr 3 REV 01 740-031980 ARN2FS9 SFP+-10G-SR
Xcvr 4 REV 01 740-031980 AP4150P SFP+-10G-SR
Xcvr 5 REV 01 740-031980 123363A01134 SFP+-10G-SR
Xcvr 6 REV 01 740-031980 B11E02539 SFP+-10G-SR
Xcvr 7 REV 01 740-031980 ARQ0WRX SFP+-10G-SR
Xcvr 12 REV 01 740-031980 193363A00707 SFP+-10G-SR
Xcvr 15 REV 01 740-031980 AMS15RT SFP+-10G-SR
Xcvr 18 REV 01 740-068639 1A1M31A5370MX SFP28-25G-BASE-SR
Xcvr 19 REV 01 740-068639 1A1M31A5370MS SFP28-25G-BASE-SR
Xcvr 21 REV 01 740-068639 1A1M31A5370MW SFP28-25G-BASE-SR
Xcvr 22 REV 01 740-068639 1A1M31A5370MT SFP28-25G-BASE-SR
Xcvr 43 REV 01 740-031980 CH09KN1H4 SFP+-10G-SR
Xcvr 44 REV 01 740-031980 AMB0TC1 SFP+-10G-SR
Xcvr 46 REV 01 740-031980 AP40WQN SFP+-10G-SR
Xcvr 47 REV 01 740-031980 APR1BCS SFP+-10G-SR
Xcvr 48 REV 01 740-054053 XXH0KH1 QSFP+-4X10G-SR
Xcvr 49 REV 01 740-058734 1ECQ144605L QSFP-100GBASE-SR4
Xcvr 50 REV 01 740-054053 XWP0Q7D QSFP+-4X10G-SR
Xcvr 51 REV 01 740-058734 1ECQ144604H QSFP-100GBASE-SR4
Xcvr 52 REV 01 740-054053 XXH0KGC QSFP+-4X10G-SR
Xcvr 53 REV 01 740-058734 1ECQ144605K QSFP-100GBASE-SR4
Fan Tray 0 JNP7100 Fan Tray,
Front to
Back Airflow - AFO
Front to
Back Airflow - AFO
Front to
Back Airflow - AFO
Front to
Back Airflow - AFO
Front to
Back Airflow - AFO
269

Front to
Back Airflow - AFO
show chassis hardware (MX204)
The show chassis hardware command output does not include information about the fan tray serial number
and part number of MX204 routers. This does not affect the fan's functionality.

Hardware inventory:Item Version Part number Serial number Description
Chassis CV190 JNP204 [MX204]
Routing Engine 0 BUILTIN BUILTIN RE-S-1600x8
CB 0 REV 40 750-069579 CARN0542 JNP204 [MX204]
FPC 0 BUILTIN BUILTIN MPC
PIC 0 BUILTIN BUILTIN 4XQSFP28 PIC
Xcvr 0 REV 01 740-067443 1ACP16161C7 QSFP+-40G-SR4
Xcvr 1 REV 01 740-067443 1ACP16161E7 QSFP+-40G-SR4
Xcvr 2 REV 01 740-067443 1ACP16161DV QSFP+-40G-SR4
Xcvr 3 REV 01 740-099582 1A1CQ1B6350DC QSFP-100GBASE-SR4
PIC 1 BUILTIN BUILTIN 8XSFPP PIC
Xcvr 0 REV 01 740-031980 AJJ036G SFP+-10G-SR
Xcvr 1 REV 01 740-031980 AN20CP8 SFP+-10G-SR
PEM 1 REV 04 740-043886 1GA4A380672 JPSU-650W-DC-AFO
Fan Tray 2 Fan Tray, Front to Back Airflow -
AFO to
Back Airflow - AFO
show chassis hardware (SRX5800)
Hardware inventory:
Chassis JN1080B50AFA MX960
Midplane REV 02 710-013698 CC6226 MX960 Backplane
Fan Extender REV 02 710-018051 JY5235 Extended Cable Manager
FPM Board REV 01 710-014974 JS4207 Front Panel Display
270
PEM 0 Rev 01 740-080280 1F238510008 SRX5800-UNIVERSAL-HV-PSM

show chassis hardware (PTX10001-36MR) (400G ZR and 400G ZR-M optics)
user@host show chassis hardware

Hardware inventory:
Chassis EM436 JNP10001-36MR [PTX10001-36MR]
PSM 0 REV 07 740-073765 1GE29391099 AC AFO 3000W PSU
Routing Engine 0 REV 08 750-100243 BCBH4788 RE-JNP10001-36MR
CB 0 REV 16 750-099260 BCBJ1424 Control Board
FPC 0 BUILTIN BUILTIN FPC-JNP10001-36MR
PIC 0 BUILTIN BUILTIN 8X400GE-MR + 4X100GE-MR
Xcvr 0 REV 01 740-032986 ECX40K80042 QSFP+-40G-SR4
Xcvr 2 REV 01 740-032986 QF4804ZM QSFP+-40G-SR4
Xcvr 3 REV 01 740-046565 QD190447 QSFP+-40G-SR4
Xcvr 4 REV 01 740-038624 S1810376855-1 QSFP+-40G-CU3M
Xcvr 5 REV 01 740-032986 ECX40K80028 QSFP+-40G-SR4
Xcvr 10 REV 01 740-131169 1T1TZFA70500D QSFP56-DD-400G-ZR-M
Xcvr 0 REV 01 740-032986 XV303SF QSFP+-40G-SR4
Xcvr 1 REV 01 740-067442 QI1202B5 QSFP+-40G-SR4
Xcvr 2 XXXX NON-JNPR 204053396 QSFP56-DD-400G-ZR
Xcvr 4 REV 01 740-061405 1ECQ13150KE QSFP-100GBASE-SR4-T2
Xcvr 10 REV 01 740-131169 1T1TZFA70500C QSFP56-DD-400G-ZR-M
Xcvr 0 REV 01 740-032986 QD481959 QSFP+-40G-SR4
Xcvr 1 REV 01 740-038624 C1909242760-1 QSFP+-40G-CU3M
Xcvr 3 REV 01 740-032986 ECX02IC0146 QSFP+-40G-SR4
Xcvr 4 REV 01 740-065631 1ACS12510R3 QSFP28-100G-AOC-3M
Xcvr 5 REV 01 740-065631 1ACS1251023 QSFP28-100G-AOC-3M
Xcvr 9 REV 01 740-061405 1ECQ13150A5 QSFP-100GBASE-SR4-T2
Xcvr 10 XXXX NON-JNPR 204053387 QSFP56-DD-400G-ZR
Xcvr 11 REV 01 740-038623 MOC14256230865 QSFP+-40G-CU1M
SIB 0 BUILTIN BUILTIN SIB-JNP10001-36MR
Fan Tray 0 JNP10001 Fan Tray, Front to Back
Airflow - AFO
271
Airflow - AFO
Airflow - AFO
Airflow - AFO
Airflow - AFO
Airflow - AFO
show chassis hardware (MX304)

Hardware inventory:
Chassis EU591 JNP304 [MX304]
Routing Engine 0 REV 01 750-123749 BCBZ3334 RE 2400 8C 128G
Routing Engine 1 REV 06 750-123749 BCCE2842 RE 2400 8C 128G
CB 0 REV 01 750-123404 BCBY2022 Control Board
FPC 0 BUILTIN BUILTIN FPC-BUILTIN
CPU REV 01 750-122877 BCBX9348 JNP304 PMB
PIC 0 REV 04 750-122718 BCBY7928 MRATE LMIC 16x100G/4x400G
Xcvr 0 REV 01 740-065632 1FCS251700J QSFP28-100G-AOC-5M
Xcvr 3 REV 01 740-058734 1ACQ113404W QSFP-100GBASE-SR4
Xcvr 4 REV01 740-061002 LEO15180024 QSFP28-100G-CU5M
Xcvr 5 REV 01 740-061405 1ECQ15200A9 QSFP-100G-SR4-T2
Xcvr 7 REV 01 740-061405 1ECQ151819K QSFP-100G-SR4-T2
Xcvr 8 REV 01 740-058734 1ACQ11470MW QSFP-100GBASE-SR4
Xcvr 12 REV 01 740-065630 1FCS044402M QSFP28-100G-AOC-1M
PIC 1 REV 04 750-122718 BCBY7930 MRATE LMIC 16x100G/4x400G
Xcvr 0 REV 01 740-090165 1W1CSAA539002 QSFP56-DD-400G-AOC-3M
Xcvr 4 REV 01 740-067443 1ACP16161CQ QSFP+-40G-SR4
Xcvr 12 REV 01 740-065632 1FCS2517005 QSFP28-100G-AOC-5M
Xcvr 14 REV 01 740-061405 1F1CQ1A5201F7 QSFP-100G-SR4-T2
PEM 0 Rev 01 740-110419 1F27B040062 AC AFO 2200W Power Supply
PEM 1
Fan Tray 0 REV 02 760-126744 BCCB3869 JNP304 Fan Tray, Front to Back Airflow
Fan Tray 1 REV 02 760-126744 BCCB3870 JNP304 Fan Tray, Front to Back Airflow
Fan Tray 2 REV 01 760-126744 BCBY4493 JNP304 Fan Tray, Front to Back Airflow
272
SFB 0 REV 01 750-122847 BCBX1427 Switch Fabric Board

TIB REV 01 750-126514 BCBX9919 Timing Interface Board
show chassis hardware (ACX7509-FPC-20Y)

Hardware inventory:
FPC 5 REV 04 750-120787 CARH7889 JNP-FPC-20Y
PIC 0 BUILTIN BUILTIN 20x1/10/25/50-SFP56
Xcvr 0 REV 01 740-071562 1A1M3AA5480F8 SFP28-25G-BASE-LR
Xcvr 1 REV 01 720-120775 1P1C54A628HVN SFP56-50G-DAC-3M
Xcvr 2 REV 01 720-120775 1P1C54A629JCQ SFP56-50G-DAC-3M
Xcvr 5 REV 01 740-031980 A55B20R SFP+-10G-SR
Xcvr 6 REV 01 720-120775 1P1C54A629JCS SFP56-50G-DAC-3M
Xcvr 7 REV 01 720-120775 1P1C54A628HWR SFP56-50G-DAC-3M
Xcvr 8 REV 01 740-068639 1A1M31A31105D SFP28-25G-BASE-SR
Xcvr 9 REV 01 740-068639 1A1M31A31105A SFP28-25G-BASE-SR
Xcvr 10 REV 01 720-120775 1P1C54A628HZR SFP56-50G-DAC-3M
Xcvr 11 REV 01 720-120775 1P1C54A628J00 SFP56-50G-DAC-3M
Xcvr 12 REV 01 720-120775 1P1C54A628HW4 SFP56-50G-DAC-3M
Xcvr 16 REV 01 740-031980 MXA0NHJ SFP+-10G-SR
Xcvr 17 REV 01 740-031980 AP41HCV SFP+-10G-SR
Xcvr 18 REV 01 740-031980 A54BA6S SFP+-10G-SR
Xcvr 19 REV 01 740-031980 AP40WRE SFP+-10G-SR
Release Information
models option introduced in Junos OS Release 8.2.
sfc option introduced in Junos OS Release 9.6 for the TX Matrix Plus router.
Information for disk and usb introduced in Junos OS Release 15.1X53-D60 for QFX10002, QFX10008,
and QFX10016 switches.
pem detail output added in Junos OS Release 21.4R1 for SRX5800.

273
NOTE: Devices and routing platforms use the basic syntax, unless otherwise listed. For example,
the EX Series has an additional satellite parameter available.
show chassis power
show flight-recorder status
IN THIS SECTION
Syntax | 273
Description | 273
Options | 274
Output Fields | 274
Sample Output | 275
Syntax
Description
Display the current status of the flight recorder tool and associated parameters, such as the running
status of the tool, and the current data snapshot list.
274
Options
view
Output Fields
Table 7 on page 274 lists the output fields for the show flight-recorder status command. Output fields are
listed in the approximate order in which they appear.
Table 7: show flight-recorder status Output Fields
Field Name Field Description
Flight-recorder status State of the flight recorder tool:
• Running—The flight recorder tool is enabled using the request flight-

recorder set high-cpu command.
• Not Running—The flight recorder tool is not enabled. By default, the flight
recorder tool is disabled.
Recent Parameter Data Information about configured parameters for the flight recorder tool:
• Cpu-threshold—Specify the maximum value of CPU utilization in

percentage, beyond which the collection of data is triggered.
• Polling-frequency—Specify the time in seconds for polling for high CPU

utilization.
• Backoff-duration—Specify the time interval in seconds between two

snapshots of data.
• Num-snapshots—Specify the number of snapshots of data to be collected

before quitting the collection process.
275
Table 7: show flight-recorder status Output Fields (Continued)
Flags set Information about additional flags configured for the flight recorder tool:
• Collect-core—Perform snapshot collection of the running core with every

snapshot of data taken.
• Logical System—Enable data collection on logical systems.
Snapshot Directory Log file that is recorded and saved in the flight recorder directory.
The recorded snapshots and core log files are saved in a folder under
the /var/log/flight_recorder/ directory. The folder format is
Flr_MONTH_DD_YYYY_HH:MM:SS; for example, Flr_May_09_2018_02:20:50.
List of snapshots List of log files recorded and saved under the flight recorder directory.
Sample Output
user@host> show flight-recorder status

Flight-recorder status: Not Running!
Recent Parameter Data:

Cpu-threshold 10
Polling-frequency 5
Backoff-duration 10
Num-snapshots 3
Flags set:
Collect-core flag is set
Logical System flag is Not set (default)
Snapshot Directory : Flr_Feb_22_2018_13:26:41
List of snapshots:
flr_2018-02-22_13:26:41.txt
276
flr_2018-02-22_13:27:04.txt
flr_2018-02-22_13:27:28.txt
Release Information
show host
IN THIS SECTION
Syntax | 276
Syntax (Junos OS Evolved) | 277
Syntax | 277
Description | 277
Options | 277
Sample Output | 277
Syntax
show host hostname

<routing-instance mgmt_junos>
<server server-name>
277
Syntax (Junos OS Evolved)
show host hostname

<routing-instance mgmt_junos>
<server server-name>
Syntax
Description
Display Domain Name System (DNS) hostname information.
Options
hostname Hostname or address.
routing-instance mgmt_junos (Optional) Side host server that is running.
server server-name (Optional) Name server to use.
The show host command displays the raw data received from the name server.
view
Sample Output
show host
user@host> show host device

device.example.net has address 192.0.2.0
user@host> show host 192.0.2.0

Name: device.example.net
278
Address: 192.0.2.0
Aliases:
Release Information
routing-instance mgmt_junos option introduced in Junos OS Evolved Release 18.3R1.
routing-instance mgmt_junos option introduced in Junos OS Release 19.2R1.
show log
IN THIS SECTION
Syntax | 278
Syntax (QFX Series and OCX Series) | 279
Description | 279
Options | 279
Sample Output | 280
Syntax
show log
<filename | user <username>>
279
Syntax (QFX Series and OCX Series)
show log filename

<device-type (device-id | device-alias)>
show log
<all-lcc | lcc number | scc>
<filename | user <username>>
Description
List log files, display log file contents, or display information about users who have logged in to the
router or switch.
NOTE: On MX Series routers, modifying a configuration to replace a service interface with

another service interface is treated as a catastrophic event. When you modify a configuration,
the entire configuration associated with the service interface—including NAT pools, rules, and
service sets—is deleted and then re-created for the newly specified service interface. If there are
active sessions associated with the service interface that is being replaced, these sessions are
deleted and the NAT pools are then released, which leads to the generation of the
NAT_POOL_RELEASE system log messages. However, because NAT pools are already deleted as
a result of the catastrophic configuration change and no longer exist, the NAT_POOL_RELEASE
system log messages are not generated for the changed configuration.
Options
none List all log files.
<all-lcc | lcc (Routing matrix only)(Optional) Display logging information about all T640 routers (or
number | scc> line-card chassis) or a specific T640 router (replace number with a value from 0
through 3) connected to a TX Matrix router. Or, display logging information about
the TX Matrix router (or switch-card chassis).
device-type (QFabric system only) (Optional) Display log messages for only one of the following
device types:
280
• director-device—Display logs for Director devices.
• infrastructure-device—Display logs for the logical components of the QFabric

system infrastructure, including the diagnostic Routing Engine, fabric control
Routing Engine, fabric manager Routing Engine, and the default network Node
group and its backup (NW-NG-0 and NW-NG-0-backup).
• interconnect-device—Display logs for Interconnect devices.
• node-device—Display logs for Node devices.
NOTE: If you specify the device-type optional parameter, you must also specify
either the device-id or device-alias optional parameter.
(device-id | If a device type is specified, display logs for a device of that type. Specify either the
device-alias) device ID or the device alias (if configured).
filename (Optional) Display the log messages in the specified log file. For the routing matrix,
the filename must include the chassis information.
NOTE: The filename parameter is mandatory for the QFabric system. If you
did not configure a syslog filename, specify the default filename of messages.
user (Optional) Display logging information about users who have recently logged in to
<username> the router or switch. If you include username, display logging information about the
specified user.
trace
Sample Output
show log
user@host> show log

total 57518
-rw-r--r-- 1 root bin 211663 Oct 1 19:44 dcd
281
-rw-r--r-- 1 root bin 999947 Oct 1 19:41 dcd.0

-rw-r--r-- 1 root bin 999994 Oct 1 17:48 dcd.1
-rw-r--r-- 1 root bin 238815 Oct 1 19:44 rpd
-rw-r--r-- 1 root bin 1049098 Oct 1 18:00 rpd.0
-rw-r--r-- 1 root bin 1056309 Sep 30 18:21 rpd.3
-rw-rw-r-- 1 root bin 19656 Oct 1 19:37 wtmp
show log filename
user@host> show log rpd

Oct 1 18:00:18 trace_on: Tracing to ?/var/log/rpd? started
Oct 1 18:00:18 EVENT <MTU> ds-5/2/0.0 index 24 <Broadcast PointToPoint Multicast
Oct 1 18:00:18
Oct 1 18:00:19 KRT recv len 56 V9 seq 148 op add Type route/if af 2 addr 192.0.2.21 nhop type
local nhop 192.0.2.21
Oct 1 18:00:19 KRT recv len 56 V9 seq 149 op add Type route/if af 2 addr 192.0.2.22 nhop type
unicast nhop 192.0.2.22
Oct 1 18:00:19 KRT recv len 48 V9 seq 150 op add Type ifaddr index 24 devindex 43
Oct 1 18:00:19 KRT recv len 144 V9 seq 151 op chnge Type ifdev devindex 44
...
user@host:LSYS1> show log flow_lsys1.log

Nov 7 07:34:09 07:34:09.491800:CID-0:THREAD_ID-00:LSYS_ID-01:RT:got route table lock
Nov 7 07:34:09 07:34:09.491809:CID-0:THREAD_ID-00:LSYS_ID-01:RT:released route table lock
Nov 7 07:34:09 07:34:09.491854:CID-0:THREAD_ID-00:LSYS_ID-01:RT:cache final sw_nh 0x0

282
Nov 7 07:34:09 07:34:09.491881:CID-0:THREAD_ID-00:LSYS_ID-01:RT:cache final sw_nh 0x0

user@host:TSYS1> show log flow_tsys1.log
Nov 7 13:21:47 13:21:47.217744:CID-0:THREAD_ID-05:LSYS_ID-32:RT:<192.0.2.0/0-
>198.51.100.0/9011;1,0x0> :
Nov 7 13:21:47 13:21:47.217747:CID-0:THREAD_ID-05:LSYS_ID-32:RT:packet [84] ipid = 39281,

@0x7f490ae56d52
Nov 7 13:21:47 13:21:47.217749:CID-0:THREAD_ID-05:LSYS_ID-32:RT:---- flow_process_pkt: (thd 5):

flow_ctxt type 0, common flag 0x0, mbuf 0x4882b600, rtbl7
Nov 7 13:21:47 13:21:47.217752:CID-0:THREAD_ID-05:LSYS_ID-32:RT: flow process pak fast ifl 88

in_ifp lt-0/0/0.101
Nov 7 13:21:47 13:21:47.217753:CID-0:THREAD_ID-05:LSYS_ID-32:RT: lt-0/0/0.101:192.0.2.0-

>198.51.100.0, icmp, (0/0)
Nov 7 13:21:47 13:21:47.217756:CID-0:THREAD_ID-05:LSYS_ID-32:RT: find flow: table 0x11d0a2680,

hash 20069(0xffff), sa 192.0.2.0, da 198.51.100.0, sp 0, d0
Nov 7 13:21:47 13:21:47.217760:CID-0:THREAD_ID-05:LSYS_ID-32:RT:Found: session id 0x12. sess

tok 28685
Nov 7 13:21:47 13:21:47.217761:CID-0:THREAD_ID-05:LSYS_ID-32:RT: flow got session.
Nov 7 13:21:47 13:21:47.217761:CID-0:THREAD_ID-05:LSYS_ID-32:RT: flow session id 18
Nov 7 13:21:47 13:21:47.217763:CID-0:THREAD_ID-05:LSYS_ID-32:RT: vector bits 0x200 vector

0x84ae85f0
Nov 7 13:21:47 13:21:47.217764:CID-0:THREAD_ID-05:LSYS_ID-32:RT:set nat 0x11e463550(18) timeout

const to 2
Nov 7 13:21:47 13:21:47.217765:CID-0:THREAD_ID-05:LSYS_ID-32:RT: set_nat_timeout 2 on session 18
Nov 7 13:21:47 13:21:47.217765:CID-0:THREAD_ID-05:LSYS_ID-32:RT:refresh nat 0x11e463550(18)

timeout to 2
Nov 7 13:21:47 13:21:47.217767:CID-0:THREAD_ID-05:LSYS_ID-32:RT:insert usp tag for apps

283
Nov 7 13:21:47 13:21:47.217768:CID-0:THREAD_ID-05:LSYS_ID-32:RT:mbuf 0x4882b600, exit nh

0xfffb0006
show log filename (QFabric System)
user@qfabric> show log messages

Mar 28 18:00:06 qfabric chassisd: QFABRIC_INTERNAL_SYSLOG: Mar 28 18:00:06 ED1486 chassisd:
CHASSISD_SNMP_TRAP10: SNMP trap generated: FRU power on (jnxFruContentsIndex 8, jnxFruL1Index 1,
jnxFruL2Index 1, jnxFruL3Index 0, jnxFruName PIC: 48x 10G-SFP+ @ 0/0/*, jnxFruType 11,
jnxFruSlot 0, jnxFruOfflineReason 2, jnxFruLastPowerOff 0, jnxFruLastPowerOn 2159)
jnxFruL2Index 2, jnxFruL3Index 0, jnxFruName PIC: @ 0/1/*, jnxFruType 11, jnxFruSlot 0,
jnxFruOfflineReason 2, jnxFruLastPowerOff 0, jnxFruLastPowerOn 2191)
jnxFruL2Index 2, jnxFruL3Index 0, jnxFruName PIC: @ 0/1/*, jnxFruType 11, jnxFruSlot 0,
jnxFruOfflineReason 2, jnxFruLastPowerOff 0, jnxFruLastPowerOn 242757)
Mar 28 18:00:16 qfabric file: QFABRIC_INTERNAL_SYSLOG: Mar 28 18:00:16 ED1486 file: UI_COMMIT:
User 'root' requested 'commit' operation (comment: none)
Mar 28 18:00:50 qfabric file: QFABRIC_INTERNAL_SYSLOG: Mar 28 18:00:50 _DCF_default___NW-
INE-0_RE0_ file: UI_COMMIT: User 'root' requested 'commit' operation (comment: none)
Mar 28 18:00:50 qfabric file: QFABRIC_INTERNAL_SYSLOG: Mar 28 18:00:50 _DCF_default___NW-
INE-0_RE0_ file: UI_COMMIT: User 'root' requested 'commit' operation (comment: none)
284
show log user
user@host> show log user

usera mg2546 Thu Oct 1 19:37 still logged in
usera mg2529 Thu Oct 1 19:08 - 19:36 (00:28)
usera mg2518 Thu Oct 1 18:53 - 18:58 (00:04)
root mg1575 Wed Sep 30 18:39 - 18:41 (00:02)
root ttyp2 aaa.bbbb.com Wed Sep 30 18:39 - 18:41 (00:02)
userb ttyp1 192.0.2.0 Wed Sep 30 01:03 - 01:22 (00:19)
show log accepted-traffic (SRX4600, SRX5400, SRX5600, and SRX5800)
user@host> show log accepted-traffic

Jul 17 20:26:04 sourpunch RT_FLOW: RT_FLOW_SESSION_CREATE: session created 3.3.3.5/2-
>4.4.4.2/63 0x0 None 3.3.3.5/2->4.4.4.2/63 0x0 N/A N/A N/A N/A 17 p2 TRUST UNTRUST 2617282058
N/A(N/A) xe-7/0/0.0 UNKNOWN UNKNOWN UNKNOWN N/A N/A -1 N/A N/A N/A
Release Information
Option device-type (device-id | device-alias) is introduced in Junos OS Release 13.1 for the QFX Series.
285
syslog (System)
show system connections
IN THIS SECTION
Syntax | 285
Syntax (EX Series) | 286
Description | 287
Options | 287
Output Fields | 289
Sample Output | 290
Syntax

<extensive>
<inet | inet6>
<show-routing-instances>
286
Syntax (EX Series)

<extensive>
<all-members>
<inet | inet6>
<local>
<member member-id>

<extensive>
<inet | inet6>

<extensive>
<inet | inet6>

<extensive>
<all-members>
<inet | inet6>
<local>
<member member-id>
287
Syntax (QFX Series)

<extensive>
<inet>
<node-group name>
Syntax (OCX Series)

<extensive>
<inet>

<inet | inet6>
<node node-name>
Description
Display information about the active IP sockets on the Routing Engine. Use this command to verify
which servers are active on a system and what connections are currently in progress.
Options
none Display information about all active IP sockets on the Routing Engine.
extensive (Optional) Display exhaustive system process information, which, for TCP
connections, includes the TCP control block and MSS. This option is useful for
debugging TCP connections.
288
all-chassis (TX Matrix routers and TX Matrix Plus routers only) (Optional) Display system
connection activity for all the routers in the chassis.
router, display system connection activity for all T640 routers connected to the TX
Matrix router. On a TX Matrix Plus router, display system connection activity for
all connected T1600 or T4000 LCCs
all-members (EX4200 switches and MX Series routers only) (Optional) Display system
connection activity for all members of the Virtual Chassis configuration.
inet | inet6 (Optional) Display IPv4 connections or IPv6 connections, respectively.
infrastructure (QFabric systems only) (Optional) Display system connection activity for the fabric
name control Routing Engines or fabric manager Routing Engines.
interconnect- (QFabric systems only) (Optional) Display system connection activity for the
router, display system connection activity for a specific T640 router that is
connected to the TX Matrix router. On a TX Matrix Plus router, display system
connection activity for a specific router that is connected to the TX Matrix Plus
router.

routing matrix.

routing matrix.


local (EX4200 switches and MX Series routers only) (Optional) Display system
connection activity for the local Virtual Chassis member.
member member- (EX4200 switches and MX Series routers only) (Optional) Display system
id connection activity for the specified member of the Virtual Chassis configuration.
289
For EX4200 switches, replace member-id with a value from 0 through 9. For an MX
Series Virtual Chassis, replace member-id with a value of 0 or 1.
node node-name (Junos OS Evolved only) (Optional) Display system connection activity for the
specified node.
node-group name (QFabric systems only) (Optional) Display system connection activity for the Node
group.
scc (TX Matrix routers only) (Optional) Display system connection activity for the
TX Matrix router (or switch-card chassis).
sfc (TX Matrix routers only) (Optional) Display system connection activity for the
show-routing- (Optional) Display routing instances.

instances
By default, when you issue the show system connections command on the primary Routing Engine of a TX
Matrix router or a TX Matrix Plus router, the command is broadcast to all the primary Routing Engines of
the LCCs connected to it in the routing matrix. Likewise, if you issue the same command on the backup
Routing Engine of a TX Matrix or a TX Matrix Plus router, the command is broadcast to all backup
Routing Engines of the LCCs that are connected to it in the routing matrix.
NOTE: The device calculates the TCP MSS value as described in RFC 6691.
view
Output Fields
Table 8 on page 290 describes the output fields for the show system connections command. Output fields
are listed in the approximate order in which they appear.
290
Table 8: show system connections Output Fields
Proto Protocol of the socket: IP, TCP, or UDP for IPv4 or IPv6.
Recv-Q Number of input bytes received by the protocol and waiting to be processed
by the application.
Send-Q Number of output bytes sent by the application and waiting to be processed
by the protocol.
Local Address Local address and port of the socket, separated by a period. An asterisk (*)
indicates that the bound address is the wildcard address. Server sockets
typically have the wildcard address and a well-known port bound to them.
Foreign Address Foreign address and port of the socket, separated by a period. An asterisk (*)
indicates that the address or port is a wildcard.
Routing Instance (Displayed only when the show-routing-instance option is used.) Routing
instances associated with active IP sockets on the Routing Engine.
(state) For TCP, the protocol state of the socket.
Sample Output
user@host> show system connections

Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 2 192.0.2.16.513 192.0.2.254.894 ESTABLISHED
tcp 0 0 192.0.2.16.513 192.0.2.195.945 ESTABLISHED
tcp 0 0 *.23 *.* LISTEN
tcp 0 0 *.22 *.* LISTEN
tcp 0 0 *.513 *.* LISTEN
tcp00 *.514 *.* LISTEN
291
tcp 0 0*.21 *.* LISTEN

tcp00 *.79 *.* LISTEN
tcp 00 *.1023 *.* LISTEN
tcp 00 *.111 *.* LISTEN
udp00192.192.0.2.1634 192.0.2.249.2049
udp00192.192.0.2.1627 192.0.2.254.2049
udp00192.192.0.2.1371 192.0.2.195.2049
udp00*.* *.*
udp00*.9999 *.*
udp00 *.161 *.*
udp00192.192.0.2.1039 192.0.2.16.1023
udp00192.192.0.2.1038 192.0.2.16.1023
udp 00 192.0.2.16.1037 192.0.2.16.1023
udp00 192.0.2.16.1036 192.0.2.16.1023
udp00*.1022 *.*
udp00*.1023 *.*
udp00*.111 *.*
udp00*.* *.*
show system connections extensive
user@host> show system connections extensive
Active Internet connections (including servers)

Proto Recv-Q Send-Q Local Address Foreign
Address (state)
tcp4 0 6 192.0.2.15.23
192.0.2.138.3013 ESTABLISHED
sndsbcc: 6 sndsbmbcnt: 256 sndsbmbmax: 272000
sndsblowat: 2048 sndsbhiwat: 34000
rcvsbcc: 0 rcvsbmbcnt: 0 rcvsbmbmax: 533120
rcvsblowat: 1 rcvsbhiwat: 66640
proc id: 0 proc name:
iss: 2566994072 sndup: 2566994491
snduna: 2566994491 sndnxt: 2566994494 sndwnd: 64094
sndmax: 2566994494 sndcwnd: 6589 sndssthresh: 2720
irs: 236981199 rcvup: 236981325
rcvnxt: 236981327 rcvadv: 237046862 rcvwnd: 66640
rtt: 140058623 srtt: 15519 rttv: 908
rxtcur: 1200 rxtshift: 0 rtseq: 2566994491
rttmin: 1000 mss: 1360
292
flags: SACK_PERMIT [0x2000200]

tcp4 0 0 10.255.165.93.179
10.255.165.203.65141 ESTABLISHED
iss: 2555961065 sndup: 2555995917
irs: 2123825753 rcvup: 2123860681
rtt: 0 srtt: 3309 rttv: 72
flags: REQ_SCALE RCVD_SCALE REQ_TSTMP RCVD_TSTMP SACK_PERMIT [0x3e0]
tcp4 0 0 10.255.165.203.65141
10.255.165.93.179 ESTABLISHED
proc id: 5022 proc name: rpd
iss: 2123825753 sndup: 2123860662
irs: 2555961065 rcvup: 2555995917
tcp4 0 0 10.255.165.203.179
10.255.165.113.52404 ESTABLISHED
iss: 1109297190 sndup: 1109332099
293
irs: 1476831634 rcvup: 1476866449

show system connections show-routing-instances
user@host> show system connections show-routing-instances

Active Internet connections (including servers) (including routing-instances)
Proto Recv-Q Send-Q Local Address Foreign Address Routing Instance (state)
tcp4 0 0 192.0.2.204.23 192.0.2.19.4267 default ESTABLISHED
tcp4 0 0 192.0.2.204.58540 10.209.7.138.23 default
ESTABLISHED
tcp4 0 0 192.0.2.1.6234 192.0.2.17.1024 __juniper_private1__
ESTABLISHED
tcp4 0 0 192.0.2.4.9000 192.0.24.59103 __juniper_private1__
ESTABLISHED
tcp4 0 0 1192.0.2.4.59103 192.0.2.4.9000 __juniper_private1__
ESTABLISHED
tcp4 0 0 *.32012 *.* __juniper_private1__ LISTEN
tcp46 0 0 *.179 *.* default LISTEN
294

show system connections | find sctp
user@host> show system connections | find sctp

Active SCTP associations (including servers)
Proto Type Local Address Foreign Address (state)
sctp4 1to1 30.30.30.1.50000 20.20.20.2.62324 ESTABLISHED
20.20.20.1.50000 30.30.30.2.62324
Release Information
Options extensive and show-routing-instance deprecated in Junos OS Evolved Release 17.3.
node option introduced in Junos OS Evolved Release 18.3R1.
show system name-resolution
IN THIS SECTION
Syntax | 295
Description | 295
Options | 295
Output Fields | 295

295
Syntax
Description
Display hostname-to-IP-address mappings.
Options
view
Output Fields
Table 9 on page 295 lists the output fields for the show system name-resolution command. Output fields are
Table 9: show system name-resolution Output Fields
Last update Date and time when the hostname-to-IP address mapping were last resolved.
Refresh interval Interval for refreshing the cache with the updated hostname-to-IP address mappings.
Addresses Resolved IP addresses based on the hostname-to-IP address mappings.
Error Error message displayed if there is a DNS hostname lookup failure.

296
Table 9: show system name-resolution Output Fields (Continued)
Last change Timestamp for the last change in the hostname-to-IP address mappings.
command-name
user@host> show system name-resolution
Hostname to IP-address mappings:

--------------------------------------------------
Last update: Mon Sep 29 18:42:21 2008
Refresh interval: 600 secs
Host: ntp1
Addresses:
3.3.3.11
Last change: Mon Sep 29 18:42:20 2008
Host: radauth1
Error: Host name lookup failure
Host: radacct1
Error: Host name lookup failure
Host: snmp1
Addresses:
4.4.4.1
4.4.4.2
Host: sys1
Addresses:
192.168.68.69
Release Information

297
show version (Junos OS)
IN THIS SECTION
Syntax | 297
Description | 298
Options | 299
Syntax
show version
<brief | detail>
show version
<all-members>
<brief | detail>
<local>
<member member-id>
show version
<brief | detail>
<all-members>
298
<local>
<member member-id>
Syntax (QFX Series)
show version
<brief | detail>
<component component-name | all>
Syntax (SRX Series)
show version
<brief | detail>
<node node-id | local | primary>
Description
Display the hostname and version information about the software running on the router or switch.
Beginning in Junos OS Release 13.3, the show version command output includes the Junos field that
displays the Junos OS version, including any selective upgrade (JSU) packages, running on the device.
This field provides a consistent means of identifying the Junos OS version, rather than extracting that
information from the list of installed sub-packages.
Table 10: Common Package Prefixes for Junos OS
Junos OS Package Prefix Junos OS Architecture
jinstall-* Junos OS for M Series, MX Series, and T Series, routers
junos-install-* Junos OS based on an upgraded FreeBSD kernel instead of older versions of FreeBSD
junos-vmhost-install-* Junos OS with upgraded FreeBSD on a VM Host

299
Options
none Display standard information about the hostname and version of the software
running on the router or switch.
brief | detail (Optional) Display the specified level of output.
all-members (EX4200 switches and MX Series routers only) (Optional) Display standard
information about the hostname and version of the software running on all
members of the Virtual Chassis configuration.
component all (QFabric systems only) (Optional) Display the host name and version information
about the software running on all the components on the QFabric system.
component (QFabric systems only) (Optional) Display the host name and version information
component-name about the software running on a specific QFabric system component. Replace
component-name with the name of the QFabric system component. The
component-name can be the name of a diagnostics Routing Engine, Director group,
fabric control Routing Engine, fabric manager Routing Engine, Interconnect device,
or Node group.
local (EX4200 switches and MX Series routers only) (Optional) Display standard
information about the hostname and version of the software running on the local
member (EX4200 switches and MX Series routers only) (Optional) Display standard
member-id information about the hostname and version of the software running on the
specified member of the Virtual Chassis configuration. For EX4200 switches,
replace member-id with a value from 0 through 9. For an MX Series Virtual Chassis,
replace member-id with a value of 0 or 1.
node (all | node- (Optional) Display version information for the specified node or all nodes.
name)
primary (SRX Series only) Display the software version on the primary node.
view
Release Information

300
start shell
IN THIS SECTION
Syntax | 300
Description | 300
Options | 301
Output Fields | 301
Sample Output | 301
Syntax
start shell (csh | sh)

<user username>
Description
Exit from the CLI environment and create a UNIX-level shell. To return to the CLI, type exit from the
shell.
Juniper Networks does not provide support for operations in the shell.
NOTE:
• To issue this command, the user must have the required login access privileges configured by
including the permissions statement at the [edit system login class class-name] hierarchy level.
• UNIX wheel group membership or permissions are no longer required to issue this command.
301
Options
csh Create a UNIX C shell.
sh Create a UNIX Bourne shell.
user username (Optional) Start the shell as another user.
When you are in the shell, the shell prompt has the following format:
username@hostname%
An example of the prompt is:
root@host%
shell or maintenance
Output Fields
Sample Output
start shell csh
user@host> start shell csh

%
exit
%
username@hostname% start shell sh

%
302
exit
user@host>
Release Information

303
CHAPTER 10
System Software Monitoring Commands
IN THIS CHAPTER
show fib-local-accounting ip | 304
show system commit | 305
show system configuration database usage | 310
show system information | 312
show system queues | 332
show system reboot | 338
show system software | 347
show system statistics | 352
show system storage | 372
show system switchover | 380
show system uptime | 390
show system virtual-memory | 397
show task | 410
show task io | 414
show task replication | 426

304
show fib-local-accounting ip
IN THIS SECTION
Syntax | 304
Description | 304
Sample Output | 304
Syntax
Description
Display the number of packets that were sent to an anchor MPC due to FIB localization.
view
Sample Output
user@host> show fib-local-accounting ip

PFE 0
fe_addr packets bytes
28 0 0
29 0 0
30 0 0
31 0 0
PFE 1
305
fe_addr packets bytes

28 0 0
29 0 0
30 0 0
31 0 0
Release Information
fib-remote | 102
fib-local | 101
show system commit
IN THIS SECTION
Syntax | 305
Description | 306
Options | 306
Output Fields | 306
Sample Output | 308
Syntax
show system commit

<revision | server | synchronize-server pending-jobs | include-configuration-revision>
306
Description
Display the system commit history and pending commit operations.
Options
none Display the last 50 commit operations on the static configuration database,
starting with the most recent.
revision (Optional) Display the revision number of the active configuration of the Routing
Engine(s).
server (Optional) Display the commit server status.
NOTE: By default, the status of the commit server is “Not running”. The
commit server starts running only when a commit job is added to the batch.
synchronize-server (Optional) Display the pending commit synchronize operations for all instances of
pending-jobs the ephemeral configuration database on an MX Series Virtual Chassis or a device
with dual Routing Engines. This option can only be executed on the primary
Routing Engine of the Virtual Chassis primary router or the dual Routing Engine
system.
include- (Optional) Display configuration revision information including the revision

configuration- identifier string for each commit record.
revision
view
Output Fields
Table 11 on page 307 describes the output fields for the show system commit command. Output fields are
307
Table 11: show system commit Output Fields
Field Name Field Description Level of

Output
<number> Displays the last 50 commit operations listed, most recent to first. The identifier none
<number> designates a configuration created for recovery using the request system
configuration rescue save command.
<time-stamp> Date and time of the commit operation. none
<root>/ User who executed the commit operation. none

<username>
<method> Method used to execute the commit operation: none
• CLI—CLI interactive user performed the commit operation.
• Junos XML protocol—Junos XML protocol client performed the commit

operation.
• synchronize—The commit synchronize command was performed on the other

Routing Engine.
• snmp—An SNMP set request caused the commit operation.
• button—A button on the router or switch was pressed to commit a rescue

configuration for recovery.
• autoinstall—A configuration obtained through autoinstallation was

committed.
• other—When there is no login name associated with the session, the values
for user and client default to root and other. For example, during a reboot
after package installation, mgd commits the configuration as a system commit,
and there is no login associated with the commit.
<rollback Identifies whether commit confirmed is issued. It is removed once commit or commit none
pending> check is issued or commit confirmed is rolled back after rollback timeout.
308
Sample Output
show system commit
user@host> show system commit

0 2003-07-28 19:14:04 PDT by root via other
1 2003-07-25 22:01:36 PDT by user via cli
3 2003-07-25 21:30:13 PDT by root via button
5 2003-07-25 05:33:21 PDT by root via autoinstall
...
rescue 2002-05-10 15:32:03 PDT by root via other
show system commit (At a Particular Time)

commit requested by root via cli at Tue May 7 15:59:00 2002
show system commit (At the Next Reboot)

commit requested by root via cli at reboot
show system commit (Rollback Pending)

0 2022-05-06 06:33:42 PDT by root via cli commit confirmed, rollback in 10mins
show system commit (QFX Series)
user@switch> show system commit

0 2011-11-25 19:17:49 PST by root via cli
309
show system commit synchronize-server pending-jobs
user@host> show system commit synchronize-server pending-jobs

Job Id Commit Synchronize Model Database Version
36 Asynchronous Commit ephemeral 130
show system commit include-configuration-revision
user@host> show system commit include-configuration-revision

0 2020-08-02 00:42:58 IST by user via cli re0-1596309177-4
3 2020-08-02 00:42:40 IST by user via other re0-1596309160-1
Release Information
Option server introduced in Junos OS Release 12.1 for the PTX Series router.
Option revision introduced in Junos OS Release 14.1.
Option synchronize-server introduced in Junos OS Release 17.2R1 and Junos OS Evolved Release 22.1R1.
Option include-configuration-revision introduced in Junos OS Release 20.4R1 and Junos OS Evolved

Release 20.4R1.
clear system commit

show system commit revision
310
show system configuration database usage
IN THIS SECTION
Syntax | 310
Description | 310
Options | 310
Output Fields | 310
Sample Output | 311
Syntax
Description
Display configuration database disk space usage statistics.
Options
maintenance
Output Fields
Table 12 on page 311 describes the output fields for the show system configuration database usage command.
Output fields are listed in the approximate order in which they appear.
311
Table 12: show system configuration database usage Output Fields
Maximum size of the database Display the maximum available space on the disk to store the configuration
database
Current database size on disk Display the total space on the disk used by the current configuration database
Actual database usage Display the actual space on the disk used by the current configuration data
Available database space Display the free space available on the disk to store the configuration database
Sample Output

Available database space: 664.51 MB
Release Information
Overview for Junos OS

312
show system information
IN THIS SECTION
Syntax | 312
Description | 312
Options | 312
Sample Output | 313
Syntax
Description
Display high-level system information for the device including the model number, device family, Junos
OS release, and hostname.
Options
none Display system information for the device.
view
313
Sample Output
user@host> show system information

Model: mx960
Family: junos
Junos: 17.2R1
Hostname: host
Release Information
show system processes
IN THIS SECTION
Syntax | 314
Syntax (EX Series Switches and MX Series Routers) | 314
Syntax (QFX Series Switches) | 314
Syntax (TX Matrix Routers) | 315
Description | 315
Options | 316
Output Fields | 323
Sample Output | 329

314
Syntax

<brief | detail | extensive | summary>
<health (pid process-identifer | process-name process-name)>
<providers>
<resource-limits (brief | detail) process-name>
<wide>
Syntax (EX Series Switches and MX Series Routers)

<all-members>
<local>
<member member-id>
<providers>
<wide>
Syntax (QFX Series Switches)

<all-members>
host-processes (brief|detail )
<local>
<member member-id>
<providers>
<wide>
315
Syntax (OCX Series)

<brief | detail | extensive | summary >
host-processes (brief|detail )
<providers>
<resource-limits>
<wide>
Syntax (TX Matrix Routers)

<all-chassis| all-lcc | lcc number | scc>
<wide>

<all-chassis| all-lcc | lcc number | sfc number>
<wide>

<node node-name>
<wide>
Description
Display information about software processes that are running on the router or switch and that have
controlling terminals.
316
Options
none Display standard information about system processes.
brief | detail | (Optional) Display the specified level of detail.

extensive | summary
adaptive-services (Optional) Display the configuration management process that manages the
configuration for stateful firewall, Network Address Translation (NAT), intrusion
detection services (IDS), and IP Security (IPsec) services on the Adaptive
Services PIC.
alarm-control (Optional) Display the process to configure the system alarm.
all-chassis (TX Matrix routers and TX Matrix Plus routers only) (Optional) Display standard
system process information about all the T640 routers (in a routing matrix based
on the TX Matrix router) or all the T1600 or T4000 routers (in a routing matrix
based on the TX Matrix Plus router) in the chassis.
all-lcc (TX Matrix routers and TX Matrix Plus router only) (Optional) Display standard
system process information for all T640 routers (or line-card chassis) connected
to the TX Matrix router. Display standard system process information for all
connected T1600 or T4000 LCCs.
all-members (EX4200 switches, QFX Series Virtual Chassis, and MX Series routers )
(Optional) Display standard system process information for all members of the
Virtual Chassis configuration.
ancpd-service Display the Access Node Control Protocol (ANCP) process, which works with a
special Internet Group Management Protocol (IGMP) session to collect outgoing
interface mapping events in a scalable manner.
application- Display the process that identifies an application using intrusion detection and
identification prevention (IDP) to allow or deny traffic based on applications running on
standard or nonstandard ports.
audit-process (Optional) Display the RADIUS accounting process.
auto-configuration Display the Interface Auto-Configuration process.
bootp Display the process that enables a router, switch, or interface to act as a
Dynamic Host Configuration Protocol (DHCP) or bootstrap protocol (BOOTP)
relay agent. DHCP relaying is disabled.
317
captive-portal- Display the HTTP redirect service by specifying the location to which a
content-delivery subscriber's initial Web browser session is redirected, enabling initial
provisioning and service selection for the subscriber.
ce-l2tp-service (Optional) (M10, M10i, M7i, and MX Series routers only) Display the Universal
Edge Layer 2 Tunneling Protocol (L2TP) process, which establishes L2TP tunnels
and Point-to-Point Protocol (PPP) sessions through L2TP tunnels.
cfm Display Ethernet Operations, Administration, and Maintenance (OAM)

connectivity fault management (CFM) process, which can be used to monitor
the physical link between two switches.
chassis-control (Optional) Display the chassis management process.
class-of-service (Optional) Display the class-of-service (CoS) process, which controls the router's
or switch’s CoS configuration.
clksyncd-service Display the external clock synchronization process, which uses synchronous
Ethernet (SyncE).
craft-control Display the process for the I/O of the craft interface.
database-replication (EX Series switches and MX Series routers only) (Optional) Display the database
replication process.
datapath-trace- Display the packet path tracing process.

service
dhcp-service (EX Series switches and MX Series routers only) (Optional) Display the Dynamic
Host Configuration Protocol process, which enables a DHCP server to allocate
network IP addresses and deliver configuration settings to client hosts without
user intervention.
diameter-service (Optional) Display the diameter process.
disk-monitoring (Optional) Display the disk monitoring process, which checks the health of the
hard disk drive on the Routing Engine.
dynamic-flow- (Optional) Display the dynamic flow capture (DFC) process, which controls DFC
capture configurations on Monitoring Services III PICs.
ecc-error-logging (Optional) Display the error checking and correction (ECC) process, which logs
ECC parity errors in memory on the Routing Engine.
318
ethernet- Display the process that provides IEEE 802.1ag OAM connectivity fault
connectivity-fault- management (CFM) database information for CFM maintenance association end
management
points (MEPs) in a CFM session.
ethernet-link-fault- (EX Series switches and MX Series routers only) (Optional) Display the process
management that provides the OAM link fault management (LFM) information for Ethernet
interfaces.
event-processing (Optional) Display the event process (eventd).
firewall (Optional) Display the firewall management process, which manages the firewall
configuration and enables accepting or rejecting packets that are transiting an
interface on a router or switch.
general- (EX Series switches and MX Series routers only) (Optional) Display the general
authentication- authentication process.
service
health (pid process- (Optional) Display process health information, either by process id (PID) or by
identifer | process- process name.
name process-name)
host-processes Display process information of processes running on the host system.
(On OCX Series only) The following options are available:
• brief | detail—(Optional) Display the specified level of detail.
iccp-service Display the Inter-Chassis Communication Protocol (ICCP) process.
idp-policy Display the intrusion detection and prevention (IDP) protocol process.
ilmi Display the Integrated Local Management Interface (ILMI) protocol process,
which provides bidirectional exchange of management information between
two ATM interfaces across a physical connection.
inet-process Display the IP multicast family process.
init Display the process that initializes the USB modem.
interface-control (Optional) Display the interface process, which controls the router's or switch’s
physical interface devices and logical interfaces.
kernel-replication (Optional) Display the kernel replication process, which replicates the state of
the backup Routing Engine when graceful Routing Engine switchover (GRES) is
configured.
319
l2-learning (Optional) Display the Layer 2 address flooding and learning process.
l2cpd-service Display the Layer 2 Control Protocol process, which enables features such as
Layer 2 protocol tunneling and nonstop bridging.
lacp (Optional) Display the Link Aggregation Control Protocol (LACP)process. LACP
provides a standardized means for exchanging information between partner
systems on a link to allow their link aggregation control instances to reach
agreement on the identity of the LAG to which the link belongs, and then to
move the link to that LAG, and to enable the transmission and reception
processes for the link to function in an orderly manner.
router, display standard system process information for a specific T640 router
standard system process information for a specific router that is connected to

routing matrix.

in a routing matrix.

• 0, 2, 4, or 6, when T4000 routers are connected to a TX Matrix Plus router

local (EX4200 switches, QFX Series Virtual Chassis, and MX Series routers) (Optional)
Display standard system process information for the local Virtual Chassis
member.
local-policy-decision- Display the process for the Local Policy Decision Function, which regulates
function collection of statistics related to applications and application groups and
tracking of information about dynamic subscribers and static interfaces.
logical-system-mux Display the logical router multiplexer process (lrmuxd), which manages the
multiple instances of the routing protocols process (rpd) on a machine running
logical routers.
320
mac-validation Display the MAC validation process, which configures MAC address validation
for subscriber interfaces created on demux interfaces in dynamic profiles on MX
Series routers.
member member-id (EX4200 switches, QFX Series Virtual Chassis, and MX Series routers) (Optional)
Display standard system process information for the specified member of the
Virtual Chassis configuration. For EX4200 switches, replace member-id with a
value from 0 through 9. For an MX Series Virtual Chassis, replace member-id with
a value of 0 or 1.
mib-process (Optional) Display the MIB II process, which provides the router's MIB II agent.
mobile-ip (Optional) Display the Mobile IP process, which configures Junos OS Mobile IP
features.
mountd-service (EX Series switches and MX Series routers only) (Optional) Display the service
for NFS mounts requests.
mpls-traceroute (Optional) Display the MPLS Periodic Traceroute process.
mspd (Optional) Display the Multiservice process.
multicast-snooping (EX Series switches and MX Series routers only) (Optional) Display the multicast
snooping process, which makes Layer 2 devices such as VLAN switches aware
of Layer 3 information, such as the media access control (MAC) addresses of
members of a multicast group.
named-service (Optional) Display the DNS Server process, which is used by a router or a switch
to resolve hostnames into addresses.
neighbor-liveness Display the process, which specifies the maximum length of time that the router
waits for its neighbor to re-establish an LDP session.
nfsd-service (Optional) Display the Remote NFS Server process, which provides remote file
access for applications that need NFS-based transport.
ntp Display the Network Time Protocol (NTP) process, which provides the
mechanisms to synchronize time and coordinate time distribution in a large,
diverse network.
packet-triggered- Display the packet-triggered subcribers and policy control (PTSP) process, which
subscribers allows the application of policies to dynamic subscribers that are controlled by a
subscriber termination device.
321
peer-selection- (Optional) Display the Peer Selection Service process.

service
periodic-packet- Display the Periodic packet management process, which is responsible for
services processing a variety of time-sensitive periodic tasks so that other processes can
more optimally direct their resources.
pfe Display the Packet Forwarding Engine management process.
pgcp-service (Optional) Display the pgcpd service process running on the Routing Engine.
pgm Display the Pragmatic General Multicast (PGM) protocol process, which enables
a reliable transport layer for multicast applications.
pic-services-logging (Optional) Display the logging process for some PICs. With this process, also
known as fsad (the file system access daemon), PICs send special logging
information to the Routing Engine for archiving on the hard disk.
ppp (Optional) Display the Point-to-Point Protocol (PPP) process, which is the
encapsulation protocol process for transporting IP traffic across point-to-point
links.
ppp-service Display the Universal edge PPP process, which is the encapsulation protocol
process for transporting IP traffic across universal edge routers.
pppoe (Optional) Display the Point-to-Point Protocol over Ethernet (PPPoE) process,
which combines PPP that typically runs over broadband connections with the
Ethernet link-layer protocol that allows users to connect to a network of hosts
over a bridge or access concentrator.
process-monitor Display the process health monitor process (pmond).
providers (Optional) Display provider processes.
redundancy- (Optional) Display the ASP redundancy process.

interface-process
remote-operations (Optional) Display the remote operations process, which provides the ping and
traceroute MIBs.
resource-cleanup Display the resource cleanup process.
resource-limits (brief | (Optional) Display process resource limits.

detail) process-name
routing (Optional) Display the routing protocol process.
322
sampling (Optional) Display the sampling process, which performs packet sampling based
on particular input interfaces and various fields in the packet header.
sbc-configuration- Display the session border controller (SBC) process of the border signaling
process gateway (BSG).
scc (TX Matrix routers only) (Optional) Display standard system process information
for the TX Matrix router (or switch-card chassis).
sdk-service Display the SDK Service process, which runs on the Routing Engine and is
responsible for communications between the SDK application and Junos OS.
Although the SDK Service process is present on the router, it is turned off by
default.
secure-neighbor- (EX Series switches and MX Series routers only) (Optional) Display the secure
discovery Neighbor Discovery Protocol (NDP) process, which provides support for
protecting NDP messages.
send (Optional) Display the Secure Neighbor Discovery Protocol (SEND) process,
which provides support for protecting Neighbor Discovery Protocol (NDP)
messages.
service-deployment (Optional) Display the service deployment process, which enables Junos OS to
work with the Session and Resource Control (SRC) software.
sfc number (TX Matrix Plus routers only) (Optional) Display system process information for
the TX Matrix Plus router. Replace number with 0.
snmp Display the SNMP process, which enables the monitoring of network devices
from a central location and provides the router's or switch’s SNMP primary
agent.
sonet-aps Display the SONET Automatic Protection Switching (APS) process, which
monitors any SONET interface that participates in APS.
static-subscribers (Optional) Display the Static subscribers process, which associates subscribers
with statically configured interfaces and provides dynamic service activation and
activation for these subscribers.
tunnel-oamd (Optional) Display the Tunnel OAM process, which enables the Operations,
Administration, and Maintenance of Layer 2 tunneled networks. Layer 2
protocol tunneling (L2PT) allows service providers to send Layer 2 protocol data
units (PDUs) across the provider’s cloud and deliver them to Juniper Networks
EX Series Ethernet Switches that are not part of the local broadcast domain.
323
vrrp (EX Series switches and MX Series routers only) (Optional) Display the Virtual
Router Redundancy Protocol (VRRP) process, which enables hosts on a LAN to
make use of redundant routing platforms on that LAN without requiring more
than the static configuration of a single default route on the hosts.
watchdog Display the watchdog timer process, which enables the watchdog timer when
Junos OS encounters a problem.
wide (Optional) Display process information that might be wider than 80 columns.
node node-name Specify a name if you want to view the system process details for that node.
Example: re0.
By default, when you issue the show system processes command on the primary Routing Engine of a TX
view
Output Fields
The following table describes the output fields for the show system processes command. Output fields are
Table 13: show system processes Output Fields
last pid Last process identifier assigned to the process. brief extensive
summary
load averages Three load averages followed by the current time. brief extensive
summary
324
Table 13: show system processes Output Fields (Continued)
processes Number of existing processes and the number of processes in each brief extensive
state (sleeping, running, starting, zombies, and stopped). summary
CPU (For systems running Junos OS with upgraded FreeBSD only) extensive
Breakdown of the percent usage on a per-CPU basis into the following
categories: % user, % nice, % system, % interrupt, % idle.
NOTE: This field shows up in the second frame of output.
To see which platforms run Junos OS with upgraded FreeBSD, see

Release Information for Junos OS with Upgraded FreeBSD.
NOTE: On ACX Series routers running Junos OS Evolved, the show

system process command might report CPU utilization spikes greater
than 100%. This kind of CPU utilization is normal behavior, and no user
action is required. The CPU utilization spikes represent the sum of
individual processor threads and not of the entire system CPU capacity.
Mem Information about physical and virtual memory allocation. brief extensive
summary
325
Active Memory allocated and actively used by the program. brief extensive
summary
When the system is under memory pressure, the pageout process
reuses memory from the free, cache, inact and, if necessary, active
pages. When the pageout process runs, it scans memory to see which
pages are good candidates to be unmapped and freed up. Thus, the
distinction between Active and Inact memory is only used by the
pageout process to determine which pool of pages to free first at the
time of a memory shortage.
The pageout process first scans the Inact list, and checks whether the
pages on this list have been accessed since the time they have been
listed here. The pages that have been accessed are moved from the
Inact list to the Active list. On the other hand, pages that have not been
accessed become prime candidates to be freed by the pageout process.
If the pageout process cannot produce enough free pages from the
Inact list, pages from the Active list get freed up.
Because the pageout process runs only when the system is under
memory pressure, the pages on the Inact list remain untouched – even
if they have not been accessed recently – when the amount of Free
memory is adequate.
Inact Memory allocated but not recently used or memory freed by the brief extensive
programs. Inactive memory remains mapped in the address space of one summary
or more processes and, therefore, counts toward the RSS value of those
processes.
Any amount of memory freed by the routing protocol process might still
be considered part of the RES value. Generally, the kernel delays the
migrating of memory out of the Inact queue into the Cache or Free list
unless there is a memory shortage.
Wired Memory that is not eligible to be swapped, usually used for in-kernel brief extensive
memory structures and/or memory physically locked by a process. summary
Cache Memory that is not associated with any program and does not need to brief extensive
be swapped before being reused. summary
326
Buf Size of memory buffer used to hold data recently called from the disk. brief extensive
summary
Free Memory that is not associated with any programs. Memory freed by a brief extensive
process can become Inactive, Cache, or Free, depending on the method summary
used by the process to free the memory.
Swap Information about physical and virtual memory allocation. brief extensive
summary
NOTE: Memory can remain swapped out indefinitely if it is not accessed
again. Therefore, the show system process extensive command shows
that memory is swapped to disk even though there is plenty of free
memory, and such a situation is not unusual.
PID Process identifier. detail extensive

summary
TT Control terminal name. none detail

327
STAT Symbolic process state. The state is given by a sequence of letters. The none detail
first letter indicates the run state of the process:
• D—In disk or other short-term, uninterruptible wait
• I—Idle (sleeping longer than about 20 seconds)
• R—Runnable
• S—Sleeping for less than 20 seconds
• T—Stopped
• Z—Dead (zombie)
• + —The process is in the foreground process group of its control

terminal.
• <—The process has raised CPU scheduling priority.
• >—The process has specified a soft limit on memory requirements

and is currently exceeding that limit; such a process is not swapped.
• A—The process requested random page replacement.
• E—The process is trying to exit.
• L—The process has pages locked in core.
• N—The process has reduced CPU scheduling priority.
• S—The process requested first-in, first-out (FIFO) page replacement.
• s—The process is a session leader.
• V—The process is temporarily suspended.
• W—The process is swapped out.
• X—The process is being traced or debugged.
UID User identifier. detail

328
USERNAME Process owner. extensive summary
PPID Parent process identifier. detail
CPU (D) Short-term CPU usage. detail extensive

summary
(E and S) Raw (unweighted) CPU usage. The value of this field is used
to sort the processes in the output.
RSS Resident set size. detail
WCHAN Symbolic name of the wait channel. detail
STARTED Local time when the process started running. detail
PRI Current priority of the process. A lower number indicates a higher detail extensive
priority. summary
NI or NICE UNIX "niceness" value. A lower number indicates a higher priority. detail extensive
summary
SIZE Total size of the process (text, data, and stack), in kilobytes. extensive summary
RES Current amount of program resident memory, in kilobytes. extensive summary
This is also known as RSS or Resident Set Size. The RES value includes
shared library pages used by the process. Any amount of memory freed
by the process might still be considered part of the RES value. Generally,
the kernel delays the migrating of memory out of the Inact queue into
the Cache or Free list unless there is a memory shortage. This can lead to
large discrepancies between the values reported by the routing protocol
process and the kernel, even after the routing protocol process has
freed a large amount of memory.
329
STATE Current state of the process (for example, sleep, wait, run, idle, zombie, or extensive summary
stop).
C CPU number. extensive summary
NOTE: There is no such column in output from Junos OS Evolved. To

see the CPU number, issue the show system processes wide | detail
command and look at the PSR column.
TIME (S) Number of system and user CPU seconds that the detail extensive
process has used. summary
(None, D, and E) Total amount of time that the command has been
running.
WCPU Weighted CPU usage. extensive summary
COMMAND Command that is currently running. detail extensive

summary
(MX Series routers only) When you display the software processes for
an MX Series Virtual Chassis, the show system processes command does
not display information about the relayd process.
THR Number of threads in the process extensive
Sample Output
user@host> show system processes

PID TT STAT TIME COMMAND
0 ?? DLs 0:00.70 (swapper)
1 ?? Is 0:00.35 /sbin/init --
2 ?? DL 0:00.00 (pagedaemon)
330
3 ?? DL 0:00.00 (vmdaemon)
4 ?? DL 0:42.37 (update)
5 ?? DL 0:00.00 (if_jnx)
80 ?? Ss 0:14.66 syslogd -s
96 ?? Is 0:00.01 portmap
128 ?? Is 0:02.70 cron
173 ?? Is 0:02.24 /usr/local/sbin/sshd (sshd1)
189 ?? S 0:03.80 /sbin/watchdog -t180
190 ?? I 0:00.03 /usr/sbin/tnetd -N
191 ?? S 2:24.76 /sbin/ifd -N
192 ?? S< 0:55.44 /usr/sbin/xntpd -N
195 ?? S 0:53.11 /usr/sbin/snmpd -N
196 ?? S 1:15.73 /usr/sbin/mib2d -N
198 ?? I 0:00.75 /usr/sbin/inetd -N
2677 ?? I 0:00.01 /usr/sbin/mgd -N
2712 ?? Ss 0:00.24 rlogind
2735 ?? R 0:00.00 /bin/ps -ax
1985 p0- S 0:07.41 ./rpd -N
2713 p0 Is 0:00.24 -tcsh (tcsh)
2726 p0 S+ 0:00.07 cli
show system processes brief
user@host> show system processes brief

last pid: 543; load averages: 0.00, 0.00, 0.00 18:29:47
37 processes: 1 running, 36 sleeping
Mem: 25M Active, 3976K Inact, 19M Wired, 8346K Buf, 202M Free
Swap: 528M Total, 64K Used, 528M Free
show system processes detail
user@host> show system processes detail

PID UID PPID CPU PRI NI RSS WCHAN STARTED TT STAT TIME COMMAND
11 0 0 0 155 0 64 - Wed16 - RL 6411:48.16 [idle]
17967 0 17936 0 24 0 96976 select Wed16 - S 138:17.79 /usr/sbin/chassisd -N
0 0 0 0 -16 0 384 swapin Wed16 - DLs 0:22.33 [kernel]
1 0 0 0 20 0 600 wait Wed16 - ILs 0:00.11 /sbin/init --
2 0 0 0 -16 0 16 jfe_job_ Wed16 - DL 0:30.05 [jfe_job_0_0]
331

10 0 0 0 -16 0 16 audit_wo Wed16 - DL 0:00.00 [audit]
18 0 0 0 -64 0 656 - Wed16 - WL 4:47.14 [intr]
19 0 0 0 -8 0 48 - Wed16 - DL 0:02.31 [geom]
20 0 0 0 -16 0 16 crypto_w Wed16 - DL 0:00.00 [crypto]
21 0 0 0 -16 0 16 crypto_r Wed16 - DL 0:00.00 [crypto returns]
22 0 0 0 -16 0 32 - Wed16 - DL 0:00.01 [cam]
show system processes extensive
user@host> show system processes extensive

Mem: 241M Active, 99M Inact, 78M Wired, 325M Cache, 69M Buf, 1251M Free
Swap: 2048M Total, 2048M Free
PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND
11 root 1 171 52 0K 12K RUN 807.5H 98.73% idle
13 root 1 -20 -139 0K 12K WAIT 36:17 0.00% swi7: clock sio
1499 root 1 96 0 7212K 3040K select 34:01 0.00% license-check
1621 root 1 96 0 20968K 11216K select 20:25 0.00% mib2d
1465 root 2 8 -88 115M 11748K nanslp 14:32 0.00% chassisd
1478 root 1 96 0 6336K 3816K select 11:28 0.00% ppmd
20 root 1 -68 -187 0K 12K WAIT 10:28 0.00% irq10: em0 em1+++*
1490 root 1 96 0 11792K 4336K select 9:44 0.00% shm-rtsdbd
1618 root 1 96 0 39584K 7464K select 8:47 0.00% pfed
1622 root 1 96 0 15268K 10988K select 6:16 0.00% snmpd
1466 root 1 96 0 7408K 2896K select 5:44 0.00% alarmd
7 root 1 -16 0 0K 12K client 5:09 0.00% ifstate notify
1480 root 1 96 0 5388K 2660K select 4:29 0.00% ksyncd
12 root 1 -40 -159 0K 12K WAIT 4:15 0.00% swi2: netisr 0
332
1462 root 1 96 0 1836K 1240K select 3:57 0.00% bslockd

55 root 1 -16 0 0K 12K - 3:44 0.00% schedcpu
1392 root 1 16 0 0K 12K bcmsem 3:37 0.00% bcmLINK.0
47 root 1 -16 0 0K 12K psleep 3:25 0.00% vmkmemdaemon
36 root 1 20 0 0K 12K syncer 2:46 0.00% syncer
1484 root 1 96 0 7484K 3428K select 2:38 0.00% clksyncd
1616 root 1 96 0 4848K 2848K select 2:18 0.00% irsd
1487 root 1 96 0 32800K 6992K select 2:10 0.00% smid
1623 root 1 96 0 34616K 5464K select 2:01 0.00% dcd
15 root 1 -16 0 0K 12K - 1:59 0.00% yarrow
49 root 1 -16 0 0K 12K . 1:51 0.00% ddostasks
Release Information
Option sfc introduced for the TX Matrix Plus router in Junos OS Release 9.6.
Enhanced output regarding per CPU usage introduced in Junos OS Release 16.1R3 for Junos OS with
upgraded FreeBSD.

show system queues
IN THIS SECTION
Syntax | 333
Description | 333
Options | 334
333
Output Fields | 335
Sample Output | 337
Syntax
show system queues
show system queues

<all-chassis| all-lcc | lcc number | scc>
show system queues

show system queues

<all-members>
<local>
<member member-id>
Description
Display queue statistics.

334
Options
all-chassis (TX Matrix routers and TX Matrix Plus routers only) (Optional) On a TX Matrix router,
display system queue statistics for all the T640 routers in the chassis that are connected
to the TX Matrix router. On a TX Matrix Plus router, display system queue statistics for
all the T1600 or T4000 routers in the chassis that are connected the TX Matrix Plus
router.
all-lcc (TX Matrix routers and TX Matrix Plus routers only) (Optional) Display system queue
statistics for all LCC chassis attached to the TX Matrix or TX Matrix Plus router.
all-members (MX Series routers only) (Optional) Display system queue statistics for all members of
the Virtual Chassis configuration.
lcc number (TX Matrix routers and TX Matrix Plus routers only) (Optional) On a TX Matrix router,
display system queue statistics for a specific T640 router that is connected to the TX
Matrix router. On a TX Matrix Plus router, display system queue statistics for a specific
connected router that is connected to the TX Matrix Plus router.

matrix.

routing matrix.

local (MX Series routers only) (Optional) Display system queue statistics for the local Virtual
Chassis member.
member (MX Series routers only) (Optional) Display system queue statistics for the specified
member-id member of the Virtual Chassis configuration. Replace member-id with a value of 0 or 1.
scc (TX Matrix routers only) (Optional) Display queue statistics for the TX Matrix router.
sfc number (TX Matrix Plus routers only) (Optional) Display system queue statistics for the TX Matrix
Plus router. Replace number with 0.
335
By default, when you issue the show system queues command on the primary Routing Engine of a TX Matrix
router or a TX Matrix Plus router, the command is broadcast to all the primary Routing Engines of the
LCCs connected to it in the routing matrix. Likewise, if you issue the same command on the backup
maintenance
Output Fields
Table 14 on page 336 lists the output fields for the show system queues command. Output fields are listed in
the approximate order in which they appear.
336
Table 14: show system queues Output Fields
Output interface Interface on the device on which the queue exists:
• fxp0—Management Ethernet interface.
• fxp1—Internal Ethernet interface.
• ipip, lsi, tap, mt, mtun, pimd, and pime—Internally generated interface and not
configurable.
• dsc—Discard interface.
• em—Management and internal Ethernet interfaces.
• gre—Internally generated interface that is configurable only as the control channel for
Generalized MPLS (GMPLS).
• ge—Gigabit Ethernet interface.
• xe—10-Gigabit Ethernet interface.
• lo—Loopback interface; the Junos OS automatically configures one loopback

interface (lo0).
• lsq—Link services IQ interface.
• lt—Logical tunnel interface.
• gr, ip, sp—Services interfaces.
• irb—integrated routing and bridging interface.
• vtep—Virtual Tunnel End Point (VTEP).
• ppd and ppe—Interfaces used to enable a cluster to act as a rendezvous point (RP) or
first hop router in the multicast domain.
bytes Number of bytes in the queue.
max Maximum number of bytes allowed in the queue.
packets Number of packets in the queue.

337
Table 14: show system queues Output Fields (Continued)
max Maximum number of packets allowed in the queue.
drops Number of packets dropped from the queue.
Sample Output
show system queues
user@host> show system queues

output interface bytes max packets max drops
fxp0 0 1250000 0 4166 6
fxp1 0 1250000 0 4166 19
lsi 0 12500 0 41 0
dsc 0 0 0 0 0
Release Information

338
show system reboot
IN THIS SECTION
Syntax | 338
Syntax (EX Series and MX Series) | 338
Syntax (QFX Series and OCX Series) | 339
Description | 339
Options | 339
Sample Output | 342
Syntax
show system reboot

Syntax (EX Series and MX Series)
show system reboot

<all-members>
<local>
<member member-id>
339
show system reboot

show system reboot

<all-chassis| all-lcc | lcc number | sfc number>
Syntax (QFX Series and OCX Series)
show system reboot

<node-device name>
show system reboot
Description
Display pending system reboots or halts.
Options
none Display pending reboots or halts on the active Routing Engine.
For Junos OS Evolved, the show system reboot command is applicable to all nodes
(Routing Engines and FPCs). There is no system reboot command for a specific
340
Routing Engine. Hence, the show system reboot command shows the pending reboot for
the system and not for a specific Routing Engine.
all-chassis (TX Matrix routers and TX Matrix Plus routers only) (Optional) On a TX Matrix
router, display halt or reboot request information for all the T640 routers in the
chassis that are connected to the TX Matrix router. On a TX Matrix router, display
halt or reboot request information for all the T1600 or T4000 routers in the chassis
that are connected to the TX Matrix Plus router.
all-members (EX4200 switches and MX Series routers only) (Optional) Display halt or reboot
request information for all members of the Virtual Chassis configuration.
all-lcc (TX Matrix routers and TX Matrix Plus router only) (Optional) On a TX Matrix router,
display system halt or reboot request information for all T640 routers connected to
the TX Matrix router. On a TX Matrix Plus router, display halt or reboot request
information for all connected T1600 or T4000 LCCs.
both-routing- (Systems with multiple Routing Engines) (Optional) Display halt or reboot request
engines information on both Routing Engines.
NOTE: Junos OS Evolved does not support the both-routing-engines option.
infrastructure (QFabric systems only) (Optional) Display reboot request information on the fabric
name manager Routing Engines and fabric control Routing Engines.
interconnect- (QFabric systems only) (Optional) Display reboot request information on the
router, display halt or reboot request information for a specific T640 router that is
connected to the TX Matrix router. On a TX Matrix Plus router, display halt or reboot
request information for a specific router that is connected to the TX Matrix Plus
router.

matrix.

routing matrix.
341

local (EX4200 switches and MX Series routers only) (Optional) Display halt or reboot
request information for the local Virtual Chassis member.
member (EX4200 switches and MX Series routers only) (Optional) Display halt or reboot
member-id request information for the specified member of the Virtual Chassis configuration.
For EX4200 switches, replace member-id with a value from 0 through 9. For an MX
Series Virtual Chassis, replace member-id with a value of 0 or 1.
node-group (QFabric systems only) (Optional) Display reboot request information on the Node
name group.
scc (TX Matrix router only) (Optional) Display halt or reboot request information for the
sfc (TX Matrix Plus router only) (Optional) Display halt or reboot request information for
By default, when you issue the show system reboot command on a TX Matrix or TX Matrix Plus primary
Routing Engine, the command is broadcast to all the T640 (in a routing matrix based on the TX Matrix
router) or T1600 (in a routing matrix based on the TX Matrix Plus router) primary Routing Engines
connected to it. Likewise, if you issue the same command on the TX Matrix or TX Matrix Plus backup
router) or T1600 (in a routing matrix based on the TX Matrix Plus router) backup Routing Engines that
are connected to it.
For Junos OS Evolved, the show system reboot command is applicable to all nodes (Routing Engines and
FPCs). There is no system reboot command for a specific Routing Engine. Hence, the show system reboot
command shows the pending reboot for the system and not for a specific Routing Engine.
maintenance
342
Sample Output
show system reboot
user@host> show system reboot

reboot requested by root at Wed Feb 10 17:40:46 1999
[process id 17885]
show system reboot all-lcc (TX Matrix Router)
user@host> show system reboot all-lcc

lcc0-re0:
--------------------------------------------------------------------------
lcc2-re0:
--------------------------------------------------------------------------
show system reboot sfc (TX Matrix Plus Router)
user@host> show system sfc 0

show system reboot (QFX3500 Switch)
user@switch> show system reboot

Release Information
343
show system snapshot (Junos OS)
IN THIS SECTION
Syntax | 343
Description | 343
Options | 344
Output Fields | 344
Sample Output | 345
Syntax
show system snapshot
show system snapshot

Description
This command displays information about the backup software:
• On the routers, this command display information about the backup software, which is located in
the /altroot, and /altconfig file systems or on the alternate media.
344
• On the switches, this command display information about the backup of the root file system (/) and
directories /altroot,/config, /var, and /var/tmp, which are located either on an external USB flash
drive or in internal flash memory.
To back up software, use the request system snapshot command.
Options
none Display information about the backup software.
all-members | (EX Series switch Virtual Chassis only) (Optional) Display the snapshot in a Virtual
local | member Chassis:
member-id
• all-members—Display the snapshot for all members of the Virtual Chassis.
• local—Display the snapshot on the member of the Virtual Chassis that you are
currently logged into.
• member member-id—Display the snapshot for the specified member of the Virtual
Chassis.
media (external (EX Series switch only) (Optional) Display the destination media location for the
| internal) snapshot. The external option specifies the snapshot on an external mass storage
device, such as a USB flash drive. The internal option specifies the snapshot on an
internal memory source, such as internal flash memory. If no additional options are
specified, the command displays the snapshot stored in both slices.
view
Output Fields
Table 15 on page 344 lists the output fields for the show system snapshot command. Output fields are listed
Table 15: show system snapshot Output Fields
Creation date Date and time of the last snapshot.

345
Table 15: show system snapshot Output Fields (Continued)
JUNOS version on snapshot Junos OS release number of individual software

packages.
Sample Output
show system snapshot (Router)
user@host> show system snapshot

Information for snapshot on hard-disk
Creation date: Oct 5 13:53:29 2005
JUNOS version on snapshot:
jbase : 7.3R2.5
jcrypto: 7.3R2.5
jdocs : 7.3R2.5
jkernel: 7.3R2.5
jpfe : M40-7.3R2.5
jroute : 7.3R2.5
show system snapshot media external (Switch)
user@switch> show system snapshot media external

Information for snapshot on external (/dev/da1s1a) (backup)
Creation date: Mar 19 03:37:18 2012
jbase : ex-12.1I20120111_0048_user
jcrypto-ex: 12.1I20120111_0048_user
jdocs-ex: 12.1I20120111_0048_user
jroute-ex: 12.1I20120111_0048_user
jswitch-ex: 12.1I20120111_0048_user
jweb-ex: 12.1I20120111_0048_user
Information for snapshot on external (/dev/da1s2a) (primary)
jbase : ex-12.2I20120305_2240_user
346
jcrypto-ex: 12.2I20120305_2240_user
jdocs-ex: 12.2I20120305_2240_user
jroute-ex: 12.2I20120305_2240_user
jswitch-ex: 12.2I20120305_2240_user
jweb-ex: 12.2I20120305_2240_user
show system snapshot media internal (Switch)
user@switch> show system snapshot media internal

Information for snapshot on internal (/dev/da0s1a) (backup)
jbase : 11.1R1.9
jcrypto-ex: 11.1R1.9
jdocs-ex: 11.1R1.9
jkernel-ex: 11.1R1.9
jroute-ex: 11.1R1.9
jswitch-ex: 11.1R1.9
jweb-ex: 11.1R1.9
jpfe-ex42x: 11.1R1.9
Information for snapshot on internal (/dev/da0s2a) (primary)
jbase : 11.2-20110330.0
jcrypto-ex: 11.2-20110330.0
jdocs-ex: 11.2-20110330.0
jkernel-ex: 11.2-20110330.0
jroute-ex: 11.2-20110330.0
jswitch-ex: 11.2-20110330.0
jweb-ex: 11.2-20110330.0
jpfe-ex42x: 11.2-20110330.0
Release Information
Option slice deprecated for Junos OS with Upgraded FreeBSD in Junos OS Release 15.1. You can find
which platforms run Junos OS with Upgraded FreeBSD here: Release Information for Junos OS with
Upgraded FreeBSD.
347
show system software
IN THIS SECTION
Syntax | 347
Description | 348
Options | 349
Output Fields | 350
Sample Output | 350
Syntax

<detail>

<all-members>
<detail>
348
<local>
<member member-id>

<detail>

<detail>
Syntax (QFX Series)

<detail>
<node-group name>

<add-restart>
<list>
Description
Display the Junos OS extensions loaded on your router or switch.

349
Options
none Display standard information about all loaded Junos OS extensions.
add-restart (Junos OS Evolved only) (Optional) Display all console messages from the last in-
service software upgrade (ISSU).
software information for all the T640 routers (TX Matrix Router) or all the routers
(TX Matrix Plus Router) in the chassis.
router, display system software information for all T640 routers connected to the
TX Matrix router. On a TX Matrix Plus router, display system software information
for all connected T1600 or T4000 LCCs.
all-members (EX4200 switches only) (Optional) Display the system software running on all
members of the Virtual Chassis configuration.
detail (Optional) Display detailed information about available Junos OS extensions.
infrastructure (QFabric systems only) (Optional) Display the system software running on the fabric
name control Routing Engine and the fabric manager Routing Engine.
interconnect- (QFabric systems only) (Optional) Display the system software running on the
router, display system software information for a specific T640 router that is
connected to the TX Matrix router. On a TX Matrix Plus router, display system
software information for a specific router that is connected to the TX Matrix Plus
router.

routing matrix.

routing matrix.
350

local (EX4200 switches only) (Optional) Display the system software running on the local
member member- (EX4200 switches only) (Optional) Display the system software running on the
id specified member of the Virtual Chassis configuration. Replace member-id with a
value from 0 through 9.
node-group name (QFabric systems only) (Optional) Display the system software running on the Node
group.
scc (Routing matrix only) (Optional) Display the system software running on a
sfc (TX Matrix Plus routers only) (Optional) Display system software information for
maintenance
Output Fields
When you enter this command, you are provided a list of Junos OS packages installed on the router and
their corresponding Junos OS release number.
Sample Output
user@host> show system software

Information for jbase:
Comment:
JUNOS Base OS Software Suite [7.2R1.7]
Information for jcrypto:

351
Comment:
JUNOS Crypto Software Suite [7.2R1.7]
Information for jdocs:
Comment:
JUNOS Online Documentation [7.2R1.7]
Information for jkernel:
Comment:
JUNOS Kernel Software Suite [7.2R1.7]
Information for jpfe:
Comment:
JUNOS Packet Forwarding Engine Support (M20/M40) [7.2R1.7]
Information for jroute:
Comment:
JUNOS Routing Software Suite [7.2R1.7]
Information for junos:
Comment:
JUNOS Base OS boot [7.2R1.7]
Release Information

352
show system statistics
IN THIS SECTION
Syntax | 352
Description | 353
Options | 353
Sample Output | 356
Syntax

<all-members>
<local>
<member member-id>
353



<all-members>
<local>
<member member-id>
<extended <ipv4 | ipv6>>
Syntax (QFX Series)
Description
Display system-wide protocol-related statistics.
Options
none Display system statistics for all the following protocols:
• arp—Address Resolution Protocol

354
backup - Statistics of backup JunosVM or RE

•
• bridge—IEEE 802.1 Bridging
• clns—Connectionless Network Service
• esis—End System-to-Intermediate System
• ethoamcfm—Ethernet OAM protocol for connectivity fault management
• ethoamlfm—Ethernet OAM protocol for link fault management
• extended—System statistics for IPv4 and IPv6 traffic
• icmp—Internet Control Message Protocol
• icmp6—Internet Control Message Protocol version 6
• igmp—Internet Group Management Protocol
• ip—Internet Protocol version 4
• ip6—Internet Protocol version 6
• jsr—Juniper Socket Replication
jtd - Show jtd statistics

•
• mpls—Multiprotocol Label Switching
• rdp—Reliable Datagram Protocol
• tcp—Transmission Control Protocol
• tnp—Trivial Network Protocol
• ttp—TNP Tunneling Protocol
• tudp—Trivial User Datagram Protocol
• udp—User Datagram Protocol
• vpls—Virtual Private LAN Service

355
all-chassis (TX Matrix and TX Matrix Plus routers only) (Optional) Display system statistics for a
protocol for all the routers in the chassis.
all-lcc (TX Matrix and TX Matrix Plus routers only) (Optional) On a TX Matrix router, display
system statistics for a protocol for all T640 routers (or line-card chassis) connected to the
TX Matrix router. On a TX Matrix Plus router, display system statistics for a protocol for all
routers (line-card chassis) connected to the TX Matrix Plus router
all- (EX4200 switches and MX Series routers only) (Optional) Display system statistics for a
members protocol for all members of the Virtual Chassis configuration.
lcc number (TX Matrix and TX Matrix Plus routers only) (Optional) On a TX Matrix router, display
system statistics for a protocol for a specific T640 router that is connected to the TX
Matrix router. On a TX Matrix Plus router, display system statistics for a protocol for a
specific router that is connected to the TX Matrix Plus router.

matrix.
• 0 through 3, when T1600 routers are connected to a TX Matrix Plus router in a routing
matrix.

local (EX4200 switches and MX Series routers only) (Optional) Display system statistics for a
protocol for the local Virtual Chassis member.
member (EX4200 switches and MX Series routers only) (Optional) Display system statistics for a
member-id protocol for the specified member of the Virtual Chassis configuration. For EX4200
switches, replace member-id with a value from 0 through 9. For an MX Series Virtual
Chassis, replace member-id with a value of 0 or 1.
scc (TX Matrix routers only) (Optional) Display system statistics for a protocol for the TX
sfc number (TX Matrix Plus routers only) (Optional) Display system statistics for a protocol for the
TX Matrix Plus router (or switch-fabric chassis). Replace number with 0.
356
By default, when you issue the show system statistics command on a TX Matrix or TX Matrix Plus primary
router) or T1600 (in a routing matrix based on the TX Matrix Plus router) primary Routing Engines
connected to it. Likewise, if you issue the same command on the TX Matrix or TX Matrix Plus backup
router) or T1600 (in a routing matrix based on the TX Matrix Plus router) backup Routing Engines that
are connected to it.
view
Sample Output
user@host> show system statistics

ip:
3682087 total packets received
0 bad header checksums
0 with size smaller than minimum
0 with data size < data length
0 with header length < data size
0 with data length < header length
0 with incorrect version number
0 packets destined to dead next hop
0 fragments received
0 fragments dropped (dup or out of space)
0 fragments dropped (queue overflow)
0 fragments dropped after timeout
0 fragments dropped due to over limit
0 packets reassembled ok
3664774 packets for this host
17316 packets for unknown/unsupported protocol
0 packets forwarded
0 packets not forwardable
0 redirects sent
6528 packets sent from this host
0 packets sent with fabricated ip header
357
0 output packets dropped due to no bufs

0 output packets discarded due to no route
0 output datagrams fragmented
0 fragments created
0 datagrams that can't be fragmented
0 packets with bad options
1123 packets with options handled without error
0 strict source and record route options
0 loose source and record route options
0 record route options
0 timestamp options
0 timestamp and address options
0 timestamp and prespecified address options
0 option packets dropped due to rate limit
1123 router alert options
0 multicast packets dropped (no iflist)
0 packets dropped (src and int don't match)
icmp:
0 drops due to rate limit
0 calls to icmp_error
0 errors not generated because old message was icmp
Output histogram:
echo reply: 75
0 messages with bad code fields
0 messages less than the minimum length
0 messages with bad checksum
0 messages with bad source address
0 messages with bad length
0 echo drops with broadcast or multicast destination address
0 timestamp drops with broadcast or multicast destination address
Input histogram:
echo: 75
router advertisement: 130
75 message responses generated
tcp:
3844 packets sent
3618 data packets (1055596 bytes)
0 data packets (0 bytes) retransmitted
0 resends initiated by MTU discovery
205 ack-only packets (148 packets delayed)
0 URG only packets
0 window probe packets
0 window update packets
358
1079 control packets

5815 packets received
3377 acks (for 1055657 bytes)
24 duplicate acks
0 acks for unsent data
2655 packets (15004 bytes) received in-sequence
1 completely duplicate packet (0 bytes)
0 old duplicate packets
0 packets with some dup. data (0 bytes duped)
0 out-of-order packets (0 bytes)
0 packets (0 bytes) of data after window
0 window probes
7 window update packets
0 packets received after close
0 discarded for bad checksums
0 discarded for bad header offset fields
0 discarded because packet too short
1 connection request
32 connection accepts
0 bad connection attempts
0 listen queue overflows
33 connections established (including accepts)
30 connections closed (including 0 drops)
27 connections updated cached RTT on close
27 connections updated cached RTT variance on close
0 connections updated cached ssthresh on close
0 embryonic connections dropped
3374 segments updated rtt (of 3220 attempts)
0 retransmit timeouts
0 connections dropped by rexmit timeout
0 persist timeouts
0 connections dropped by persist timeout
344 keepalive timeouts
0 keepalive probes sent
0 connections dropped by keepalive
1096 correct ACK header predictions
1314 correct data packet header predictions
32 syncache entries added
0 retransmitted
0 dupsyn
0 dropped
32 completed
0 bucket overflow
359
0 cache overflow
0 reset
0 stale
0 aborted
0 badack
0 unreach
0 zone failures
0 cookies sent
0 cookies received
0 ACKs sent in response to in-window but not exact RSTs
0 ACKs sent in response to in-window SYNs on established connections
0 rcv packets dropped by TCP due to bad address
0 out-of-sequence segment drops due to insufficient memory
1058 RST packets
0 ICMP packets ignored by TCP
0 send packets dropped by TCP due to auth errors
0 rcv packets dropped by TCP due to auth errors
udp:
3658884 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
3657342 dropped due to no socket
3657342 broadcast/multicast datagrams dropped due to no socket
0 dropped due to full socket buffers
0 not for hashed pcb
4291311496 delivered
1551 datagrams output
ipsec:
0 inbound packets processed successfully
0 inbound packets violated process security policy
0 inbound packets with no SA available
0 invalid inbound packets
0 inbound packets failed due to insufficient memory
0 inbound packets failed getting SPI
0 inbound packets failed on AH replay check
0 inbound packets failed on ESP replay check
0 inbound AH packets considered authentic
0 inbound AH packets failed on authentication
0 inbound ESP packets considered authentic
0 inbound ESP packets failed on authentication
0 outbound packets processed successfully
0 outbound packets violated process security policy
360
0 outbound packets with no SA available

0 invalid outbound packets
0 outbound packets failed due to insufficient memory
0 outbound packets with no route
igmp:
17186 messages received
0 messages received with too few bytes
0 messages received with bad checksum
0 membership queries received
0 membership queries received with invalid field(s)
0 membership reports received
0 membership reports received with invalid field(s)
0 membership reports received for groups to which we belong
0 membership reports sent
arp:
2 ARP requests received
2028 ARP replies received
3156 resolution requests received
0 unrestricted proxy requests
0 received proxy requests
0 proxy requests not proxied
0 with bogus interface
787 with incorrect length
712 for non-IP protocol
0 with unsupported op code
0 with bad protocol address length
0 with bad hardware address length
0 with multicast source address
7611 with multicast target address
0 with my own hardware address
14241699 for an address not on the interface
0 with a broadcast source address
0 with source address duplicate to mine
29929250 which were not for me
0 packets discarded waiting for resolution
6 packets sent after waiting for resolution
17812 ARP requests sent
2 ARP replies sent
0 requests for memory denied
0 requests dropped on entry
0 requests dropped during retry
ip6:
361

0 with data size < data length
0 with bad options
0 fragments received
0 fragments dropped (dup or out of space)
0 fragments dropped after timeout
0 fragments that exceeded limit
0 packets reassembled ok
0 packets forwarded
0 packets not forwardable
0 redirects sent
0 packets sent from this host
0 packets sent with fabricated ip header
0 output packets dropped due to no bufs, etc.
0 output packets discarded due to no route
0 output datagrams fragmented
0 fragments created
0 datagrams that can't be fragmented
0 packets that violated scope rules
0 multicast packets which we don't join
Mbuf statistics:
0 packets whose headers are not continuous
0 tunneling packets that can't find gif
0 packets discarded due to too may headers
0 failures of source address selection
0 forward cache hit
0 forward cache miss
0 packets destined to dead next hop
0 option packets dropped due to rate limit
0 packets dropped (src and int don't match)
0 packets dropped due to bad protocol
icmp6:
0 calls to icmp_error
0 errors not generated because old message was icmp error or so
0 errors not generated because rate limitation
0 messages with bad code fields
0 messages < minimum length
0 bad checksums
0 messages with bad length
Histogram of error messages to be generated:
362
0 no route
0 administratively prohibited
0 beyond scope
0 address unreachable
0 port unreachable
0 packet too big
0 time exceed transit
0 time exceed reassembly
0 erroneous header field
0 unrecognized next header
0 unrecognized option
0 redirect
0 unknown
0 message responses generated
0 messages with too many ND options
ipsec6:
0 inbound packets processed successfully
0 inbound packets violated process security policy
0 inbound packets with no SA available
0 invalid inbound packets
0 inbound packets failed due to insufficient memory
0 inbound packets failed getting SPI
0 inbound packets failed on AH replay check
0 inbound packets failed on ESP replay check
0 inbound AH packets considered authentic
0 inbound AH packets failed on authentication
0 inbound ESP packets considered authentic
0 inbound ESP packets failed on authentication
0 outbound packets processed successfully
0 outbound packets violated process security policy
0 outbound packets with no SA available
0 invalid outbound packets
0 outbound packets failed due to insufficient memory
0 outbound packets with no route
clnl:
0 packets delivered
0 too small
0 bad header length
0 bad checksum
0 bad version
0 unknown or unsupported protocol
0 bogus sdl size
363
0 no free memory in socket buffer

0 send packets discarded
0 sbappend failure
0 mcopy failure
0 address fields were not reasonable
0 segment information forgotten
0 forwarded packets
0 total packets sent
0 output packets discarded
0 non-forwarded packets
0 packets fragmented
0 fragments sent
0 fragments discarded
0 fragments timed out
0 fragmentation prohibited
0 packets reconstructed
0 packets destined to dead nexthop
0 packets discarded due to no route
0 Error pdu rate drops
0 ER pdu generation failure
esis:
0 total pkts received
0 total packets consumed by protocol
0 pdus received with bad checksum
0 pdus received with bad version number
0 pdus received with bad type field
0 short pdus received
0 bogus sdl size
0 bad header length
0 unknown or unsupported protocol
0 no free memory in socket buffer
0 send packets discarded
0 sbappend failure
0 mcopy failure
0 ISO family not configured
tnp:
146776365 unicast packets received
0 broadcast packets received
0 fragmented packets received
0 hello packets dropped
0 fragments dropped
0 fragment reassembly queue flushes
0 hello packets received
364
0 control packets received

49681642 rdp packets received
337175 udp packets received
96757548 tunnel packets received
0 input packets discarded with no protocol
98397591 unicast packets sent
0 broadcast packets sent
0 fragmented packets sent
0 hello packets dropped
0 fragments dropped
0 hello packets sent
0 control packets sent
49681642 rdp packets sent
337175 udp packets sent
48378774 tunnel packets sent
0 packets sent with unknown protocol
rdp:
49681642 input packets
0 discards for bad checksum
0 discards bad sequence number
0 refused connections
2031964 acks received
49692 retransmits
49681642 output packets
24815968 acks sent
28 connects
0 closes
22783990 keepalives received
22783990 keepalives sent
tudp:
0 with incomplete header
0 with bad data length field
0 with bad checksum
0 dropped due to no socket
0 broadcast/multicast datagrams dropped due to no socket
337175 delivered
337175 datagrams output
ttp:
398749 packets sent
0 packets sent while unconnected
365
0 packets sent while interface down

0 packets sent couldn't get buffer
0 packets sent couldn't find neighbor
44696687 L2 packets received
0 unknown L3 packets received
3682087 IPv4 L3 packets received
0 MPLS L3 packets received
0 MPLS->IPv4 L3 packets received
0 IPv4->MPLS L3 packets received
0 VPLS L3 packets received
0 IPv6 L3 packets received
0 ARP L3 packets received
0 CLNP L3 packets received
0 TNP L3 packets received
0 NULL L3 packets received
0 cyclotron cycle L3 packets received
0 cyclotron send L3 packets received
0 packets received while unconnected
0 packets received from unknown ifl
0 input packets couldn't get buffer
0 input packets with bad type
0 input packets with discard type
0 Input packets with bad tlv header
70633 Input packets with bad tlv type
68877 Input packets dropped based on tlv result
0 input packets for which rt lookup is bypassed
mpls:
0 total mpls packets received
0 packets forwarded
0 packets dropped
0 with header too small
0 after tagging, can't fit link MTU
0 with IPv4 explicit NULL tag
0 with IPv4 explicit NULL cksum errors
0 with router alert tag
0 lsp ping packets (ttl-expired/router alert)
0 with ttl expired
0 with tag encoding error
0 packets discarded, no route
jsr:
Handle-inf:o
0 Handles in use
0 Handles allocated so far
366
0 Handles freed so far

0 Handles in delayed free state
IHA:
0 IHA invalid subtype messages
0 IHA invalid length messages
0 IHA invalid version messages
0 IHA too short messages
0 IHA invalid dst handle messages
0 IHA invalid src handle messages
0 IHA unmatched src handle messages
0 IHA invalid messages for primary
0 IHA invalid messages for secondary
0 IHA invalid messages for current state
0 IHA messages sent for subtype init
0 IHA messages rcvd for subytpe init
0 IHA message timeouts
0 IHA socket unreplicate messages
SDRL:
0 SDRL socket teardowns
0 SDRL socket teardown failures
0 SDRL socket unreplicates
0 SDRL socket unreplicate failures
0 SDRL external timeouts
0 SDRL internal timeouts
0 SDRL ipc messages sent
0 SDRL ipc send failures
0 SDRL ipc messages recvd
0 SDRL ipc messages recvd
0 SDRL primary replication messages sent
0 SDRL primary replication message send failures
0 SDRL primary ack messages received
0 SDRL primary ack message receive failures
0 SDRL primary sock replication inits
0 SDRL primary sock replication init failures
0 SDRL primary throttle remove messages
367
0 SDRL primary throttle remove failures

0 SDRL primary init handshake messages
0 SDRL primary init handshake failures
0 SDRL secondary replication messages received
0 SDRL secondary replication message receive failures
0 SDRL secondary replication acks sent
0 SDRL secondary replication ack send failures
0 SDRL secondary sock splits
0 SDRL secondary sock split failures
0 SDRL secondary sock merges
0 SDRL secondary sock merge failures
0 SDRL secondary sockets closed
0 SDRL secondary rcv snoop fd close failures
0 SDRL secondary snd snoop fd close failures
0 SDRL secondary init handshake messages
0 SDRL secondary init handshake failures
PRL:
0 PRL packets enqueued
0 PRL packets failed to enqueue
0 PRL packets dequeued
0 PRL packets failed to dequeue
0 PRL queue entry allocations
0 PRL queue entry frees
0 calls to layer 4 input handlers
0 failed calls to layer 4 input handlers
0 PRL queue drains
0 PRL replication timeouts
0 PRL replication messages sent
0 PRL replication message send failures
0 PRL acknowledgment messages sent
0 PRL acknowledgement message send failures
0 PRL replication messages received
0 PRL replication message receive failures
0 PRL acknowledgement messages received
0 PRL acknowledgement receive failures
0 PRL messages with bad IPC type
0 PRL messages with no handler
2 PRL global state initializations
1 PRL global state cleanups
0 PRL per-socket state creations
0 PRL per-socket state creation failures
0 PRL per-socket state cleanups
0 PRL socket closes
368
0 PRL socket merges

0 PRL socket unreplicates
0 PRL primary socket replication initializations
0 PRL secondary socket replication initializations
0 PRL primary socket replication activations
0 PRL secondary socket replication activations
0 packets received from peers
0 PRL packets receive operations from peer failed
0 PRL buffer pullup failures
0 new pkts dropped on secondary socket
PSRM:
0 PSRM replication timeouts
0 PSRM replication messages sent
0 PSRM replication message send failures
0 PSRM acknowledgment messages sent
0 PSRM acknowledgement message send failures
0 PSRM flow control messages sent
0 PSRM flow control message send failures
0 PSRM replication messages received
0 PSRM replication message receive failures
0 PSRM acknowledgment messages received
0 PSRM acknowledgment message receive failures
0 PSRM flow control messages received
0 PSRM flow control message receive failures
0 SRM messages with bad IPC type
0 PSRM messages with no handler
2 PSRM global state initializations
1 PSRM global state cleanups
0 PSRM per-socket state creations
0 PSRM per-socket state creation failures
0 PSRM per-socket state cleanups
0 PSRM socket closes
0 PSRM socket merges
0 PSRM socket unreplicates
0 PSRM primary socket replication initializations
0 psrm-secondary-socket-replication-initializations
0 PSRM primary socket replication activations
0 secondary socket replication activations
0 PSRM tcpcb updates
0 PSRM buffer pullup failures
73 PSRM tcp timestamp msg recv counters
0 PSRM tcp timestamp msg recv failures
0 PSRM tcp timestamp msg send counters
369
0 PSRM tcp timestamp msg send failures

TCP:
0 TCP out-of-order packets on JSR sockets
vpls:
0 packets with no logical interface
0 packets with no family
0 packets with no route table
0 packets with no auxiliary table
0 packets with no corefacing entry
0 packets with no CE-facing entry
0 mac route learning requests
0 mac routes learnt
0 requests to learn an existing route
0 learning requests while learning disabled on interface
0 learning requests over capacity
0 mac routes moved
0 requests to move static route
0 mac route aging requests
0 mac routes aged
0 bogus address in aging requests
0 requests to age static route
0 requests to re-ageout aged route
0 requests involving multiple peer FEs
0 aging acks from PFE
0 aging non-acks from PFE
0 aging requests timed out waiting on FEs
0 aging requests over max-rate
0 errors finding peer FEs
Sctp:
195 sinput-packets
195 datagrams
9 packets that had data
9 input SACK chunks
9 input DATA chunks
0 duplicate DATA chunks
27 input HB chunks
27 HB-ACK chunks
0 input ECNE chunks
0 input AUTH chunks
370
0 chunks missing AUTH

0 invalid HMAC ids received
0 invalid secret ids received
0 auth failed
7 fast path receives all one chunk
0 fast path multi-part data
209 output packets
9 output SACKs
9 output DATA chunks
0 retransmitted DATA chunks
0 fast retransmitted DATA chunks
0 FR's that happened more than once to same chunk
153 output HB chunks
0 output ECNE chunks
0 output AUTH chunks
9 ip_output error counter
0 from middle box
0 from end host
0 with data
0 non-data, non-endhost
0 non-endhost, bandwidth rep only
0 not enough for chunk header
0 not enough data to confirm
0 where process_chunk_drop said break
0 failed to find TSN
0 attempt reverse TSN lookup
0 e-host confirms zero-rwnd
0 midbox confirms no space
0 data did not match TSN
0 TSN's marked for Fast Retran
0 iterator timers fired
1 T3 data time outs
0 window probe (T3) timers fired
0 INIT timers fired
7 sack timers fired
0 shutdown timers fired
157 heartbeat timers fired
0 a cookie timeout fired
0 an endpoint changed its cookiesecret
0 PMTU timers fired
0 shutdown ack timers fired
0 shutdown guard timers fired
0 stream reset timers fired
371
0 early FR timers fired

0 an asconf timer fired
0 auto close timer fired
0 asoc free timers expired
1 inp free timers expired
0 packet shorter than header
0 checksum error
0 no endpoint for port
0 bad v-tag
0 bad SID
0 no memory
0 number of multiple FR in a RTT window
9 RFC813 allowed sending
0 RFC813 does not allow sending
0 times max burst prohibited sending
0 look ahead tells us no memory in interface
0 numbers of window probes sent
0 times an output error to clamp down on next user send
1 times sctp_senderrors were caused from a user
0 number of in data drops due to chunk limit reached
0 number of in data drops due to rwnd limit reached
0 times a ECN reduced the cwnd
195 used express lookup via vtag
0 collision in express lookup
0 times the sender ran dry of user data on primary
0 sacks the slow way
0 window update only sacks sent
0 sends with sinfo_flags !=0
0 unordered sends
0 sends with EOF flag set
0 sends with ABORT flag set
188 times protocol drain called
0 times we did a protocol drain
0 times recv was called with peek
197 cached chunks used
0 cached stream oq's used
0 unread messages abandonded by close
0 send burst avoidance, already max burst inflight to net
0 send cwnd full avoidance, already max burst inflight to net
0 number of map array over-runs via fwd-tsn's
372
Release Information
Command introduced before JUNOS Release 7.4.
sfc option introduced for the TX Matrix Plus router in JUNOS Release 9.6.
show system storage
IN THIS SECTION
Syntax | 372
Syntax (EX Series Switches and MX Series Routers) | 373
Syntax | 373
Syntax (TX Matrix Plus Router and TX Matrix Plus Router with 3D SIBs) | 374
Description | 374
Options | 374
Output Fields | 376
Sample Output | 377
Syntax
show system storage

<detail>
<invoke-on (all-routing-engines | other-routing-engine)>
373
Syntax (EX Series Switches and MX Series Routers)
show system storage

<detail>
<all-members>
<local>
<member member-id>
Syntax
Syntax (QFX Series)
show system storage

<detail>
<node-group name>
Syntax (SRX Series)
show system storage

<detail>
<partitions>
For more information, see show system storage partitions (View SRX Series).
show system storage

<detail>
374
Syntax (TX Matrix Plus Router and TX Matrix Plus Router with 3D SIBs)
show system storage

<detail>
<all-chassis | all-lcc | lcc number | sfc number> p
show system storage

<detail>
<node node-name>
Description
Display statistics about the amount of free disk space in the router's or switch’s file systems.
Options
none Display standard information about the amount of free disk space in the router's or
switch’s file systems.
detail (Optional) Display detailed output.
invoke-on all- (Optional) Display the system storage information on all primary and backup
routing-engines Routing Engines on a routing matrix based on the TX Matrix or TX Matrix Plus
router or on a router that has dual Routing Engines.
invoke-on other- (Optional) Display the system storage information on the other Routing Engine. For
routing-engines example, if you issue this command on the primary Routing Engine on an M320
router, the JUNOS Software displays the system storage information on the backup
Routing Engine. On a routing matrix based on the TX Matrix or TX Matrix Plus
router, if you issue this command on the TX Matrix or TX Matrix Plus router’s
primary Routing Engine, the JUNOS Software displays all the system storage
information on all the backup Routing Engines.
storage statistics for all the routers in the chassis.
375
router, display system storage statistics for all T640 routers connected to the TX
Matrix router. On a TX Matrix Plus router, display system storage statistics for all
routers connected to the TX Matrix Plus router.
all-members (EX4200 switches and MX Series routers only) (Optional) Display system storage
statistics for all members of the Virtual Chassis configuration.
infrastructure (QFabric systems only) (Optional) Display system storage statistics for the fabric
name control Routing Engines or fabric manager Routing Engines.
interconnect- (QFabric systems only) (Optional) Display system storage statistics for the
router, display system storage statistics for a specific T640 router that is connected
to the TX Matrix router. On a TX Matrix Plus router, display system storage
statistics for a specific router that is connected to the TX Matrix Plus router.

routing matrix.

routing matrix.

local (EX4200 switches and MX Series routers only) (Optional) Display system storage
statistics for the local Virtual Chassis member.
member member- (EX4200 switches and MX Series routers only) (Optional) Display system storage
id statistics for the specified member of the Virtual Chassis configuration. For EX4200
switches, replace member-id with a value from 0 through 9. For an MX Series Virtual
Chassis, replace member-id with a value of 0 or 1.
node (Junos OS Evolved only) (Optional) Display system storage statistics for the
specified node.
376
node-group name (QFabric systems only) (Optional) Display system storage statistics for the Node
group.
scc (TX Matrix routers only) (Optional) Display system storage statistics for the TX
sfc number (TX Matrix Plus routers only) (Optional) Display system storage statistics for the TX
Matrix Plus router. Replace number with 0.
By default, when you issue the show system storage command on the primary Routing Engine of a TX
view
Output Fields
Table 16 on page 376 describes the output fields for the show system storage command. Output fields are
Table 16: show system storage Output Fields
Field Name Field Description Level of Detail
Filesystem Name of the filesystem. all
Size Size of the filesystem. Size is reported in human readable standard output
form (GB or MB, etc.).
1024-blocks Size of the filesystem. Size is reported in 1024-bytes (1KB) detail

blocks.
Used Amount of space used in the filesystem. all (see note)

377
Table 16: show system storage Output Fields (Continued)
Field Name Field Description Level of Detail
Avail Amount of space available in the filesystem. all (see note)
Capacity Percentage of the filesystem space that is being used. all
Mounted on Directory in which the filesystem is mounted. all
NOTE: In detailed output, the output is in bytes, whereas in regular output, the size is in human-readable form (like GB
or MB, etc.).
Sample Output
show system storage
user@host> show system storage

Filesystem Size Used Avail Capacity Mounted on
/dev/ad0s1a 77M 37M 34M 52% /
devfs 16K 16K 0B 100% /dev/
/dev/vn0 12M 12M 0B 100% /packages/mnt/jbase
/dev/vn1 39M 39M 0B 100% /packages/mnt/jkernel-7.2R1.7
/dev/vn2 12M 12M 0B 100% /packages/mnt/jpfe-M40-7.2R1.7
/dev/vn3 2.3M 2.3M 0B 100% /packages/mnt/jdocs-7.2R1.7
/dev/vn4 14M 14M 0B 100% /packages/mnt/jroute-7.2R1.7
/dev/vn5 4.5M 4.5M 0B 100% /packages/mnt/jcrypto-7.2R1.7
mfs:172 1.5G 4.0K 1.3G 0% /tmp
/dev/ad0s1e 12M 20K 11M 0% /config
procfs 4.0K 4.0K 0B 100% /proc
/dev/ad1s1f 9.4G 4.9G 3.7G 57% /var
show system storage (SRX Series)
user@host> show system storage

/dev/da0s1a 2.4G 369M 1.9G 16% /
378
devfs 1.0K 1.0K 0B 100% /dev

/dev/md0 20M 11M 6.7M 63% /junos
/cf/packages 2.4G 369M 1.9G 16% /junos/cf/packages
devfs 1.0K 1.0K 0B 100% /junos/cf/dev
/dev/md1 1.2G 1.2G 0B 100% /junos
/cf 20M 11M 6.7M 63% /junos/cf
devfs 1.0K 1.0K 0B 100% /junos/dev/
/cf/packages 2.4G 369M 1.9G 16% /junos/cf/packages1
procfs 4.0K 4.0K 0B 100% /proc
/dev/bo0s3e 185M 74K 170M 0% /config
/dev/bo0s3f 2.1G 1.7G 219M 89% /cf/var
/dev/md2 1.0G 90M 859M 10% /mfs
/cf/var/jail 2.1G 1.7G 219M 89% /jail/var
/cf/var/log 2.1G 1.7G 219M 89% /jail/var/log
devfs 1.0K 1.0K 0B 100% /jail/dev
/dev/md3 1.8M 4.0K 1.7M 0% /jail/mfs
show system storage node
user@host> show system storage node re1

/dev/root 44M 44M 0 100% /pivot
devtmpfs 7.8G 0 7.8G 0% /dev
/dev/sda2 16G 4.9G 11G 33% /soft
/dev/sda5 3.0G 122M 2.7G 5% /etc
/dev/sda6 1000M 1.3M 932M 1% /config
/dev/sda7 16G 9.4G 5.4G 64% /var
/dev/sda1 189M 5.3M 170M 4% /boot
/dev/loop0 1.8G 1.8G 0 100% /pivot/data/junos-install-qfx-
x86-64-16.2I20170508115447_evo-builder/ccd-ptx-re64
/dev/loop1 14M 14M 0 100% /pivot/data/junos-install-qfx-
x86-64-16.2I20170508115447_evo-builder/perl-5.20.0
x86-64-16.2I20170508115447_evo-builder/java
/dev/loop3 2.4M 2.4M 0 100% /pivot/data/junos-install-qfx-
x86-64-16.2I20170508115447_evo-builder/modules
x86-64-16.2I20170508115447_evo-builder/zookeeper
x86-64-16.2I20170508115447_evo-builder/python-2.7
379
x86-64-16.2I20170508115447_evo-builder/dev
x86-64-16.2I20170508115447_evo-builder/jimbase
x86-64-16.2I20170508115447_evo-builder/osbase
x86-64-16.2I20170508115447_evo-builder/initrd
unionfs 5.2G 2.4G 2.7G 48% /
/tmp 7.8G 4.0K 7.8G 1% /tmp
run 7.8G 7.1M 7.8G 1% /run
tmpfs 7.8G 1.2G 6.7G 15% /dev/shm
tmpfs 7.8G 0 7.8G 0% /sys/fs/cgroup
tmpfs 1.6G 0 1.6G 0% /run/user/0
show system storage node detail
user@host> show system storage node re1 detail

Filesystem 1024-blocks Used Avail Capacity Mounted on
/dev/root 44376 44376 0 100% /pivot
devtmpfs 8103560 0 8103560 0% /dev
/dev/sda2 16513960 5057236 10601480 33% /soft
/dev/sda5 3055376 124232 2757476 5% /etc
/dev/sda6 1023892 1308 953772 1% /config
/dev/sda7 16310696 9809324 5656368 64% /var
/dev/sda1 193242 5418 173561 4% /boot
/dev/loop0 1816864 1816864 0 100% /pivot/data/junos-install-qfx-
x86-64-16.2I20170508115447_evo-builder/ccd-ptx-re64
x86-64-16.2I20170508115447_evo-builder/perl-5.20.0
x86-64-16.2I20170508115447_evo-builder/java
x86-64-16.2I20170508115447_evo-builder/modules
x86-64-16.2I20170508115447_evo-builder/zookeeper
380

x86-64-16.2I20170508115447_evo-builder/dev
x86-64-16.2I20170508115447_evo-builder/jimbase
x86-64-16.2I20170508115447_evo-builder/osbase
x86-64-16.2I20170508115447_evo-builder/initrd
unionfs 5412608 2481464 2757476 48% /
/tmp 8127388 4 8127384 1% /tmp
run 8127388 7216 8120172 1% /run
tmpfs 8127388 1190096 6937292 15% /dev/shm
tmpfs 8127388 0 8127388 0% /sys/fs/cgroup
tmpfs 1625480 0 1625480 0% /run/user/0
Release Information
Option invoke-on (all-routing-engines | other-routing-engine) introduced in Junos OS Release 14.1

show system storage partitions
show system switchover
IN THIS SECTION
Syntax | 381

381
Description | 382
Options | 382
Output Fields | 384
Sample Output | 386
Syntax



<all-members>
<local>
<member member-id>
382
Description
Display whether graceful Routing Engine switchover is configured, the state of the kernel replication
(ready or synchronizing), any replication errors, and whether the primary and standby Routing Engines
are using compatible versions of the kernel database.
NOTE: Issue the show system switchover command only on the backup Routing Engine. This
command is not supported on the primary Routing Engine because the kernel-replication process
daemon does not run on the primary Routing Engine. This process runs only on the backup
Routing Engine.
Beginning Junos OS Release 9.6, the show system switchover command has been deprecated on the primary
Routing Engine on all routers other than a TX Matrix (switch-card chassis) or a TX Matrix Plus (switch-
fabric chassis) router.
However, in a routing matrix, if you issue the show system switchover command on the primary Routing
Engine of the TX Matrix router (or switch-card chassis), the CLI displays graceful switchover information
for the primary Routing Engine of the T640 routers (or line-card chassis) in the routing matrix. Likewise,
if you issue the show system switchover command on the primary Routing Engine of a TX Matrix Plus router
(or switch-fabric chassis), the CLI displays output for the primary Routing Engine of T1600 or T4000
routers in the routing matrix.
Options
all-chassis (TX Matrix routers and TX Matrix Plus routers only) (Optional) On a TX Matrix router,
display graceful Routing Engine switchover information for all Routing Engines on the TX
Matrix router and the T640 routers configured in the routing matrix. On a TX Matrix Plus
router, display graceful Routing Engine switchover information for all Routing Engines on
the TX Matrix Plus router and the T1600 or T4000 routers configured in the routing
matrix.
all-lcc (TX Matrix routers and TX Matrix Plus routers only) (Optional) On a TX Matrix router,
display graceful Routing Engine switchover information for all T640 routers (or line-card
chassis) connected to the TX Matrix router. On a TX Matrix Plus router, display graceful
Routing Engine switchover information for all connected T1600 or T4000 LCCs.
Note that in this instance, packets get dropped. The LCCs perform GRES on their own
chassis (GRES cannot be handled by one particular chassis for the entire router) and
synchronization is not possible as the LCC plane bringup time varies for each LCC.
Therefore, when there is traffic on these planes, there may be a traffic drop.
383
all- (MX Series routers only) (Optional) Display graceful Routing Engine switchover
members information for all Routing Engines on all members of the Virtual Chassis configuration.
lcc number (TX Matrix routers and TX Matrix Plus routers only) (Optional) On a TX Matrix router,
display graceful Routing Engine switchover information for a specific T640 router
connected to the TX Matrix router. On a TX Matrix Plus router, display graceful Routing
Engine switchover information for a specific router connected to the TX Matrix Plus
router.

matrix.
• 0 through 3, when T1600 routers are connected to a TX Matrix Plus router in a routing
matrix.

local (MX Series routers only) (Optional) Display graceful Routing Engines switchover
information for all Routing Engines on the local Virtual Chassis member.
member (MX Series routers only) (Optional) Display graceful Routing Engine switchover
member-id information for all Routing Engines on the specified member of the Virtual Chassis
configuration. Replace member-id with a value of 0 or 1.
scc (TX Matrix router only) (Optional) Display graceful Routing Engine switchover information
for the TX Matrix router (or switch-card chassis).
sfc (TX Matrix Plus routers only) (Optional) Display graceful Routing Engine switchover
information for the TX Matrix Plus router.
If you issue the show system switchover command on a TX Matrix backup Routing Engine, the command is
broadcast to all the T640 backup Routing Engines that are connected to it.
Likewise, if you issue the show system switchover command on a TX Matrix Plus backup Routing Engine, the
command is broadcast to all the T1600 or T4000 backup Routing Engines that are connected to it.
384
If you issue the show system switchover command on the active Routing Engine in the primary router of an
MX Series Virtual Chassis, the router displays a message that this command is not applicable on this
member of the Virtual Chassis.
view
Output Fields
Table 17 on page 384 describes the output fields for the show system switchover command. Output fields
are listed in the approximate order in which they appear.
Table 17: show system switchover Output Fields
Graceful switchover Display graceful Routing Engine switchover status:
• On—Indicates graceful-switchover is specified for the routing-options configuration

command.
• Off—Indicates graceful-switchover is not specified for the routing-options configuration

command.
Configuration State of the configuration database:

database
• Ready—Configuration database has synchronized.
• Synchronizing—Configuration database is synchronizing. Displayed when there are

updates within the last 5 seconds.
• Synchronize failed—Configuration database synchronize process failed.

385
Table 17: show system switchover Output Fields (Continued)
Kernel database State of the kernel database:
• Ready—Kernel database has synchronized. This message implies that the system is ready
for GRES.
• Synchronizing—Kernel database is synchronizing. Displayed when there are updates

within the last 5 seconds.
• Version incompatible—The primary and standby Routing Engines are running

incompatible kernel database versions.
• Replication error—An error occurred when the state was replicated from the primary
Routing Engine. Inspect Steady State for possible causes, or notify Juniper Networks
customer support.
Peer state Routing Engine peer state:
This field is displayed only when ksyncd is running in multichassis mode (LCC primary).
• Steady State—Peer completed switchover transition.
• Peer Connected—Peer in switchover transition.
Switchover Status Switchover Status:
• Ready—Message for system being switchover ready.
• Not Ready—Message for system not being ready for switchover.

386
Table 17: show system switchover Output Fields (Continued)
Platform Components Platform Components:
FEB1:
• Not Online—The backup FEB2 is not yet online.
• Online—The backup FEB2 is online.
FEB1-PFE0, FEB1- PFE1:
• Ready—Message for FEB1- PFE0, or FEB1- PFE1 being switchover ready. The backup
PFE is ready for switchover (does not include time for routes or nexthops for a scaled
configuration).
• Not Online—The backup PFE is not yet online.
• Sync In Progress—Two-minute synchronization in progress when information flow data-

path is programmed on the backup PFE (does not include time for routes or next-hops
programming).
Sample Output
show system switchover (Backup Routing Engine - Ready)
user@host> show system switchover

Graceful switchover: On
Configuration database: Ready
Kernel database: Ready
Peer state: Steady State
Switchover Status: Ready
Switchover Status: Ready is the way the last line of the output reads if you are running Junos OS Release
16.1R1 or later. If you are running Junos OS Release 15.x, the last line of the output reads as Switchover
Ready, for example:

387

Switchover Ready
show system switchover (Backup Routing Engine - Not Ready)

Switchover Status: Not Ready
Switchover Status: Not Ready is the way the last line of the output reads if you are running Junos OS
Release 16.1R1 or later. If you are running Junos OS Release 15.x, the last line of the output reads as
Not ready for primary role switch, try after xxx secs, for example:

Not ready for mastership switch, try after xxx secs.
show system switchover all-lcc (Routing Matrix and Routing Matrix Plus)
user@host> show system switchover all-lcc
lcc0-re0:
--------------------------------------------------------------------------
Multichassis replication: On
lcc2-re0:
--------------------------------------------------------------------------
388

<command>user@host> <user-typing>show system switchover</user-typing

> </command>
<output>lcc0-re1:
-
lcc2-re0:
-
Switchover Status: Ready</output>
</sample>
show system switchover (ACX7509)
The switchover status option for ACX7509 is only available on backup Routing Engine. The show
outputs displayed system switchover status is "Ready" and "Not Ready" are as follows:

Object database: Ready
Applications' ready state: Ready
Platform Components: Ready
FEB1 Online
FEB1-PFE0 Ready
FEB1-PFE1 Ready
389

Platform Components: Not Ready
FEB1 Not Online
FEB1-PFE0 Not Online
FEB1-PFE1 Not Online
show system switchover (Backup Routing Engine - Junos OS Evolved)
{backup}
Release Information
Command support added for ACX7509 in 22.1R1 for High Availability Platform Redundancy RCB and
FEB switchover.

No Link Title
390
show system uptime
IN THIS SECTION
Syntax | 390
Description | 392
Options | 392
Output Fields | 394
Sample Output | 395
Syntax
show system uptime
show system uptime

<all-members>
<local>
<member member-id>
391
Syntax (QFX Series)
show system uptime

<director-group name>
<node-group name>
show system uptime

show system uptime

<detail>
show system uptime

<all-members>
<invoke-on>
<local>
<member member-id>
show system uptime

<node node-name>
392
Description
Display the current time and information about how long the router or switch, router or switch software,
and routing protocols have been running.
NOTE: Time values computed from differences in timestamps can vary due to the insertion or
deletion of leap-seconds between them.
The show system uptime command is a little different in how it displays output in Junos OS Evolved. The
show system uptime command by itself shows system-wide uptime information. Use the show system uptime
node node-name command to see node-specific uptime information, where node-name can be re0 | re1 | fpc0 |
all.
Options
none Show time since the system rebooted and processes started.
all-chassis (TX Matrix routers and TX Matrix Plus routers only) (Optional) Show time since the
system rebooted and processes started on all the routers in the chassis.
router, show time since the system rebooted and processes started for all T640
routers (or line-card chassis) connected to the TX Matrix router. On a TX Matrix Plus
router, show time since the system rebooted and processes started for all connected
T1600 or T4000 LCCs.
all-members (EX4200 switches and MX Series routers only) (Optional) Show time since the
system rebooted and processes started on all members of the Virtual Chassis
configuration.
director-group (QFabric systems only) (Optional) Show time since the system rebooted and
name processes started on the Director group.
infrastructure (QFabric systems only) (Optional) Show time since the system rebooted and
name processes started on the fabric control Routing Engine and fabric manager Routing
Engine.
interconnect- (QFabric systems only) (Optional) Show time since the system rebooted and
device name processes started on the Interconnect device.
393
invoke-on (MX Series routers only) (Optional) Display the time since the system rebooted and
processes started on the primary Routing Engine, backup Routing Engine, or both,
on a router with two Routing Engines.
router, show time since the system rebooted and processes started for a specific
T640 router that is connected to the TX Matrix router. On a TX Matrix Plus router,
show time since the system rebooted and processes started for a specific router that
is connected to the TX Matrix Plus router.

matrix.

routing matrix.

local (EX4200 switches and MX Series routers only) (Optional) Show time since the
system rebooted and processes started on the local Virtual Chassis member.
member (EX4200 switches and MX Series routers only) (Optional) Show time since the
member-id system rebooted and processes started on the specified member of the Virtual
Chassis configuration. For EX4200 switches, replace member-id with a value from 0
through 9. For an MX Series Virtual Chassis, replace member-id with a value of 0 or 1.
node node-name (Junos OS Evolved only) (Optional) Display uptime information for the specified
node. When node option is not used, display uptime information for entire system.
From the system’s point of view, the system booted time is the time when the
system was assembled and is available in /var/run/system_boot_time.
node-group (QFabric systems only) (Optional) Show time since the system rebooted and
name processes started on the Node group.
scc (TX Matrix routers only) (Optional) Show time since the system rebooted and
processes started for the TX Matrix router (or switch-card chassis).
sfc number (TX Matrix Plus routers only) (Optional) Show time since the system rebooted and
processes started for the TX Matrix Plus router. Replace number with 0.
394
By default, when you issue the show system uptime command on the primary Routing Engine of a TX Matrix
router or a TX Matrix Plus router, the command is broadcast to all the primary Routing Engines of the
LCCs connected to it in the routing matrix. Likewise, if you issue the same command on the backup
view
Output Fields
Table 18 on page 394 describes the output fields for the show system uptime command. Output fields are
Table 18: show system uptime Output Fields
System booted (Only for Junos OS Evolved when node option is not used) Time system was last booted.
From the system’s point of view, the system booted time is the time when the system was
assembled and is available in /var/run/system_boot_time.
System-wide users (Only for Junos OS Evolved when node option is not used) Number of system-wide users.
Current time Current system time in UTC.
Time Source Reference time source that the system is locked to.
System booted Date and time when the Routing Engine on the router or switch was last booted and how
long it has been running.
Protocols started Date and time when the routing protocols were last started and how long they have been
running.
395
Table 18: show system uptime Output Fields (Continued)
Last configured Date and time when a configuration was last committed. Also shows the name of the user
who issued the last commit command.
time and up Current time, in the local time zone, and how long the router or switch has been operational.
users Number of users logged in to the router or switch.
load averages Load averages for the last 1 minute, 5 minutes, and 15 minutes.
Sample Output
show system uptime
user@host> show system uptime

Current time: 2017-10-13 19:45:47 UTC
Time Source: NTP CLOCK
System booted: 2017-10-12 20:51:41 UTC (22:54:06 ago)
Protocols started: 2017-10-13 19:33:45 UTC (00:12:02 ago)
Last configured: 2017-10-13 19:33:45 UTC (00:12:02 ago) by abc
12:45PM up 22:54, 2 users, load averages: 0.07, 0.02, 0.01
show system uptime node (for Junos OS Evolved)
user@host> show system uptime node re0
Current time: 2017-05-16 16:13:18 PDT

Node booted: 2017-05-10 15:45:29 PDT (6d 00:27 ago)
Last configured: 2017-05-10 15:31:46 PDT (6d 00:41 ago) by root
16:13:18 up 6 days, 27 min, 1 user, load averages: 2.69, 2.58, 2.57
396
show system uptime (QFX Series)
user@switch> show system uptime

Current time: 2017-08-27 03:12:30 PDT
System booted: 2017-08-13 17:11:54 PDT (1w6d 10:00 ago)
Protocols started: 2017-08-13 17:13:56 PDT (1w6d 09:58 ago)
Last configured: 2017-08-26 05:54:00 PDT (21:18:30 ago) by user
3:12AM up 13 days, 10:01, 3 users, load averages: 0.00, 0.00, 0.00
show system uptime (Junos OS Evolved)
user@router> show system uptime
System booted: 2019-02-20 19:17:52 PST (02:20:33 ago)

System-wide users: 7 users
Starting in Junos OS Evolved 19.1R1 release, the show system uptime output displays only the System booted
and System-wide users information. The output does not display the details such as Current time, System
booted, Protocols started, and Last configured parameters. To see node-specific uptime information, use the
node option.
show system uptime node re0 (Junos OS Evolved)
user@router> show system uptime node re0

Current time: 2019-07-09 14:24:34 PDT
Node booted: 2019-07-03 09:59:58 PDT (6d 04:24 ago)
Protocols started: 2019-07-03 10:01:41 PDT (6d 04:22 ago)
Last configured: 2019-07-03 10:01:10 PDT (6d 04:23 ago) by root
2:24PM up 6 days, 4:24, 1 user, load averages: 1.25, 0.51, 0.36
Release Information

397
10-Gigabit Ethernet LAN/WAN PIC with XFP (T640 Router)

show system virtual-memory
IN THIS SECTION
Syntax | 397
Syntax (EX Series) | 398
Description | 399
Options | 399
Output Fields | 401
Sample Output | 403
Syntax

398
Syntax (EX Series)

<all-members>
<local>
<member member-id>



<all-members>
<local>
<member member-id>
Syntax (QFX Series)

<node-group name>
399

<node node-name>
Description
Display the usage of Junos OS kernel memory listed first by size of allocation and then by type of usage.
Use the show system virtual-memory command for troubleshooting with Juniper Networks Customer
Support.
Options
none Display kernel dynamic memory usage information.
all-chassis (TX Matrix routers and TX Matrix Plus routers only) (Optional) Display kernel
dynamic memory usage information for all chassis.
router, display kernel dynamic memory usage information for all T640 routers
connected to the TX Matrix router. On a TX Matrix Plus router, display kernel
dynamic memory usage information for all connected T1600 or T4000 LCCs.
all-members (EX4200 switches and MX Series routers only) (Optional) Display kernel dynamic
memory usage information for all members of the Virtual Chassis configuration.
infrastructure (QFabric systems only) (Optional) Display kernel dynamic memory usage
name information for the fabric control Routing Engine and fabric manager Routing
Engine.
interconnect- (QFabric systems only) (Optional) Display kernel dynamic memory usage
device name information for the Interconnect device.
router, display kernel dynamic memory usage information for a specific T640 router
kernel dynamic memory usage information for a specific router that is connected to
400

routing matrix.

routing matrix.

local (EX4200 switches and MX Series routers only) (Optional) Display kernel dynamic
memory usage information for the local Virtual Chassis member.
member member- (EX4200 switches and MX Series routers only) (Optional) Display kernel dynamic
id memory usage information for the specified member of the Virtual Chassis
configuration. For EX4200 switches, replace member-id with a value from 0 through
9. For an MX Series Virtual Chassis, replace member-id with a value of 0 or 1.
node node-name (Junos OS Evolved only) (Optional) Display the kernel memory information for the
specified node. If no node is specified, information is displayed for all nodes.
node-group name (QFabric systems only) (Optional) Display kernel dynamic memory usage
information for the Node group.
scc (TX Matrix routers only) (Optional) Display kernel dynamic memory usage
information for the TX Matrix router (or switch-card chassis).
sfc number (TX Matrix Plus routers only) (Optional) Display kernel dynamic memory usage
information for the TX Matrix Plus router. Replace number with 0.
By default, when you issue the show system virtual-memory command on the primary Routing Engine of a TX
NOTE: The show system virtual-memory command with the | display XML pipe option now displays
XML output for the command in the parent tags: <vmstat-memstat-malloc>, <vmstat-memstat-zone>,
401
<vmstat-sumstat>, <vmstat-intr>, and <vmstat-kernel-state> with each child element as a separate XML
tag. In Junos OS Releases 10.1 and earlier, the | display XML option for this command does not
have an XML API element and the entire output is displayed in a single <output> tag element.
kernel direct memory map only displays for the 64-bit platform.
view
Output Fields
Table 19 on page 401 lists the output fields for the show system virtual-memory command. Output fields are
Table 19: show system virtual-memory Output Fields
Memory statistics by bucket size
Size Memory block size (bytes). The kernel memory allocator appropriates blocks of memory
whose size is exactly a power of 2.
In Use Number of memory blocks of this size that are in use (bytes).
Free Number of memory blocks of this size that are free (bytes).
Requests Number of memory allocation requests made.
HighWater Maximum value the free list can have. Once the system starts reclaiming physical memory, it
continues until the free list is increased to this value.
Couldfree Total number of times that the free elements for a bucket size exceed the high-water mark
for that bucket size.
Memory usage type by bucket size

402
Table 19: show system virtual-memory Output Fields (Continued)
Size Memory block size (bytes).
Type(s) Kernel modules that are using these memory blocks. For a definition of each type, refer to a
FreeBSD book.
Memory statistics by type
Type Kernel module that is using dynamic memory.
InUse Number of memory blocks used by this type. The number is rounded up.
MemUse Amount of memory in use, in kilobytes (KB).
HighUse Maximum memory ever used by this type.
Limit Maximum memory that can be allocated to this type.
Requests Total number of dynamic memory allocation requests this type has made.
Type Limit Number of times requests were blocked for reaching the maximum limit.
Kern Limit Number of times requests were blocked for the kernel map.
Size(s) Memory block sizes this type is using.
Memory Totals
In Use Total kernel dynamic memory in use (bytes, rounded up).
Free Total kernel dynamic memory free (bytes, rounded up).

403
Table 19: show system virtual-memory Output Fields (Continued)
Requests Total number of memory allocation requests.
ITEM Kernel module that is using memory.
Size Memory block size (bytes).
Limit Maximum memory that can be allocated to this type.
Used Number of memory blocks used by this type. The number is rounded up.
Free Number of memory blocks available to this type.
Requests Total number of memory allocation requests this type has made.
interrupt Timer events and scheduling interruptions.
total Total number of interruptions for each type.
rate Interruption rate.
Total Total for all interruptions.
Sample Output
user@host> show system virtual-memory

Memory statistics by bucket size
Size In Use Free Requests HighWater Couldfree
16 906 118 154876 1280 0
32 455 313 209956 640 0
404
64 4412 260 75380 320 20

128 3200 32 19361 160 81
256 1510 10 8844 80 4
512 446 2 5085 40 0
1K 18 2 5901 20 0
2K 1128 2 4445 10 1368
4K 185 1 456 5 0
8K 5 1 2653 5 0
16K 181 0 233 5 0
32K 2 0 1848 5 0
64K 20 0 22 5 0
128K 5 0 5 5 0
256K 2 0 2 5 0
512K 1 0 1 5 0
Memory usage type by bucket size

Size Type(s)
16 uc_devlist, nexusdev, iftable, temp, devbuf, atexit, COS, BPF,
DEVFS mount, DEVFS node, vnodes, mount, pcb, soname, proc-args, kld,
MD disk, rman, ATA generic, bus, sysctl, ippool, pfestat, ifstate,
pfe_ipc, mkey, rtable, ifmaddr, ipfw, rnode
32 atkbddev, dirrem, mkdir, diradd, freefile, freefrag, indirdep,
bmsafemap, newblk, temp, devbuf, COS, vnodes, cluster_save buffer,
pcb, soname, proc-args, sigio, kld, Gzip trees, taskqueue, SWAP,
eventhandler, bus, sysctl, uidinfo, subproc, pgrp, pfestat, itable32,
ifstate, pfe_ipc, mkey, rtable, ifmaddr, ipfw, rnode, rtnexthop
64 isadev, iftable, MFS node, allocindir, allocdirect, pagedep, temp,
devbuf, lockf, COS, NULLFS hash, DEVFS name, vnodes,
cluster_save buffer, vfscache, pcb, soname, proc-args, file,
AR driver, AD driver, Gzip trees, rman, eventhandler, bus, sysctl,
subproc, pfestat, pic, ifstate, pfe_ipc, mkey, ifaddr, rtable, ipfw
128 ZONE, freeblks, inodedep, temp, devbuf, zombie, COS, DEVFS node,
vnodes, mount, vfscache, pcb, soname, proc-args, ttys, dev_t,
timecounter, kld, Gzip trees, ISOFS node, bus, uidinfo, cred,
session, pic, itable16, ifstate, pfe_ipc, rtable, ifstat, metrics,
rtnexthop, iffamily
256 iflogical, iftable, MFS node, FFS node, newblk, temp, devbuf,
NFS daemon, vnodes, proc-args, kqueue, file desc, Gzip trees, bus,
subproc, itable16, ifstate, pfe_ipc, sysctl, rtnexthop
512 UFS mount, temp, devbuf, mount, BIO buffer, ptys, ttys, AR driver,
Gzip trees, ISOFS mount, msg, ioctlops, ATA generic, bus, proc,
pfestat, lr, ifstate, pfe_ipc, rtable, ipfw, ifstat, rtnexthop
1K iftable, temp, devbuf, NQNFS Lease, kqueue, kld, AD driver,
405
Gzip trees, sem, MD disk, bus, ifstate, pfe_ipc, ipfw

2K uc_devlist, UFS mount, temp, devbuf, BIO buffer, pcb, AR driver,
Gzip trees, ioctlops, bus, ipfw, ifstat, rcache
4K memdesc, iftable, UFS mount, temp, devbuf, kld, Gzip trees, sem, msg
8K temp, devbuf, syncache, Gzip trees
16K indirdep, temp, devbuf, shm, msg
32K pagedep, kld, Gzip trees
64K VM pgdata, devbuf, MSDOSFS mount
128K UFS ihash, inodedep, NFS hash, kld, ISOFS mount
256K mbuf, vfscache
512K SWAP
Memory statistics by type Type Kern

Type InUse MemUse HighUse Limit Requests Limit Limit Size(s)
isadev 13 1K 1K127753K 13 0 0 64
atkbddev 2 1K 1K127753K 2 0 0 32
uc_devlist 24 3K 3K127753K 24 0 0 16,2K
nexusdev 3 1K 1K127753K 3 0 0 16
memdesc 1 4K 4K127753K 1 0 0 4K
mbuf 1 152K 152K127753K 1 0 0 256K
iflogical 6 2K 2K127753K 6 0 0 256
iftable 17 9K 9K127753K 18 0 0 16,64,256,1K,4K
ZONE 15 2K 2K127753K 15 0 0 128
VM pgdata 1 64K 64K127753K 1 0 0 64K
UFS mount 12 26K 26K127753K 12 0 0 512,2K,4K
UFS ihash 1 128K 128K127753K 1 0 0 128K
MFS node 6 2K 3K127753K 35 0 0 64,256
FFS node 906 227K 227K127753K 1352 0 0 256
dirrem 0 0K 4K127753K 500 0 0 32
mkdir 0 0K 1K127753K 38 0 0 32
diradd 0 0K 6K127753K 521 0 0 32
freefile 0 0K 4K127753K 374 0 0 32
freeblks 0 0K 8K127753K 219 0 0 128
freefrag 0 0K 1K127753K 193 0 0 32
allocindir 0 0K 25K127753K 1518 0 0 64
indirdep 0 0K 17K127753K 76 0 0 32,16K
allocdirect 0 0K 10K127753K 760 0 0 64
bmsafemap 0 0K 1K127753K 72 0 0 32
newblk 1 1K 1K127753K 2279 0 0 32,256
inodedep 1 128K 175K127753K 2367 0 0 128,128K
pagedep 1 32K 33K127753K 47 0 0 64,32K
temp 1239 92K 96K127753K 8364 0 0 16,32,64K
devbuf 1413 5527K 5527K127753K 1535 0 0 16,32,64,128,256
406
lockf 38 3K 3K127753K 2906 0 0 64

atexit 1 1K 1K127753K 1 0 0 16
zombie 0 0K 2K127753K 3850 0 0 128
NFS hash 1 128K 128K127753K 1 0 0 128K
NQNFS Lease 1 1K 1K127753K 1 0 0 1K
NFS daemon 1 1K 1K127753K 1 0 0 256
syncache 1 8K 8K127753K 1 0 0 8K
COS 353 44K 44K127753K 353 0 0 16,32,64,128
BPF 189 3K 3K127753K 189 0 0 16
MSDOSFS mount 1 64K 64K127753K 1 0 0 64K
NULLFS hash 1 1K 1K127753K 1 0 0 64
DEVFS mount 2 1K 1K127753K 2 0 0 16
DEVFS name 487 31K 31K127753K 487 0 0 64
DEVFS node 471 58K 58K127753K 479 0 0 16,128
vnodes 28 7K 7K127753K 429 0 0 16,32,64,128,256
mount 15 8K 8K127753K 18 0 0 16,128,512
cluster_save buffer 0 0K 1K127753K 55 0 0 32,64
vfscache 1898 376K 376K127753K 3228 0 0 64,128,256K
BIO buffer 49 98K 398K127753K 495 0 0 512,2K
pcb 159 16K 17K127753K 399 0 0 16,32,64,128,2K
soname 82 10K 10K127753K 42847 0 0 16,32,64,128
proc-args 57 2K 3K127753K 2105 0 0 16,32,64,128,256
ptys 32 16K 16K127753K 32 0 0 512
ttys 254 33K 33K127753K 522 0 0 128,512
kqueue 5 3K 4K127753K 23 0 0 256,1K
sigio 1 1K 1K127753K 27 0 0 32
file 383 24K 24K127753K 16060 0 0 64
file desc 76 19K 20K127753K 3968 0 0 256
shm 1 12K 12K127753K 1 0 0 16K
dev_t 286 36K 36K127753K 286 0 0 128
timecounter 10 2K 2K127753K 10 0 0 128
kld 11 117K 122K127753K 34 0 0 16,32,128,1K,4K
AR driver 1 1K 3K127753K 5 0 0 64,512,2K
AD driver 2 2K 3K127753K 2755 0 0 64,1K
Gzip trees 0 0K 46K127753K 133848 0 0 32,64,128,256
ISOFS node 1136 142K 142K127753K 1189 0 0 128
ISOFS mount 9 132K 132K127753K 10 0 0 512,128K
sem 3 6K 6K127753K 3 0 0 1K,4K
MD disk 2 2K 2K127753K 2 0 0 16,1K
msg 4 25K 25K127753K 4 0 0 512,4K,16K
rman 59 4K 4K127753K 461 0 0 16,64
ioctlops 0 0K 2K127753K 992 0 0 512,2K
taskqueue 2 1K 1K127753K 2 0 0 32
407
SWAP 2 413K 413K127753K 2 0 0 32,512K

ATA generic 6 3K 3K127753K 6 0 0 16,512
eventhandler 17 1K 1K127753K 17 0 0 32,64
bus 340 30K 31K127753K 794 0 0 16,32,64,128,256
sysctl 0 0K 1K127753K 130262 0 0 16,32,64
uidinfo 4 1K 1K127753K 10 0 0 32,128
cred 22 3K 3K127753K 3450 0 0 128
subproc 156 10K 10K127753K 7882 0 0 32,64,256
proc 2 1K 1K127753K 2 0 0 512
session 12 2K 2K127753K 34 0 0 128
pgrp 16 1K 1K127753K 45 0 0 32
ippool 1 1K 1K127753K 1 0 0 16
pfestat 0 0K 1K127753K 47349 0 0 16,32,64,512
pic 5 1K 1K127753K 5 0 0 64,128
lr 1 1K 1K127753K 1 0 0 512
itable32 110 4K 4K127753K 110 0 0 32
itable16 161 26K 26K127753K 161 0 0 128,256
ifstate 694 159K 160K127753K 1735 0 0 16,32,64,128,1K
pfe_ipc 0 0K 1K127753K 56218 0 0 16,32,64,128,1K
mkey 250 4K 4K127753K 824 0 0 16,32,64
ifaddr 9 1K 1K127753K 9 0 0 64
sysctl 0 0K 1K127753K 30 0 0 256
rtable 49 6K 6K127753K 307 0 0 16,32,64,128,512
ifmaddr 22 1K 1K127753K 22 0 0 16,32
ipfw 23 10K 10K127753K 48 0 0 16,32,64,512,2K
ifstat 698 805K 805K127753K 698 0 0 128,512,2K
rcache 4 8K 8K127753K 4 0 0 2K
rnode 27 1K 1K127753K 285 0 0 16,32
metrics 1 1K 1K127753K 3 0 0 128
rtnexthop 57 9K 9K127753K 312 0 0 32,128,256,512
iffamily 12 2K 2K127753K 12 0 0 128
Memory Totals: In Use Free Requests

9311K 54K 489068
ITEM SIZE LIMIT USED FREE REQUESTS

PIPE: 192, 0, 4, 81, 4422
SWAPMETA: 160, 95814, 0, 0, 0
unpcb: 160, 0, 114, 36, 279
ripcb: 192, 25330, 5, 37, 5
syncache: 128, 15359, 0, 64, 5
tcpcb: 576, 25330, 23, 12, 32
udpcb: 192, 25330, 14, 28, 255
408
socket: 256, 25330, 246, 26, 819

KNOTE: 96, 0, 27, 57, 71
NFSNODE: 352, 0, 0, 0, 0
NFSMOUNT: 544, 0, 0, 0, 0
VNODE: 224, 0, 2778, 43, 2778
NAMEI: 1024, 0, 0, 8, 40725
VMSPACE: 192, 0, 57, 71, 3906
PROC: 448, 0, 73, 17, 3923
DP fakepg: 64, 0, 0, 0, 0
PV ENTRY: 28, 499566, 44530, 152053, 1525141
MAP ENTRY: 48, 0, 1439, 134, 351075
KMAP ENTRY: 48, 35645, 179, 119, 10904
MAP: 108, 0, 7, 3, 7
VM OBJECT: 92, 0, 2575, 109, 66912
792644 cpu context switches

9863474 device interrupts
286510 software interrupts
390851 traps
3596829 system calls
16 kernel threads created
3880 fork() calls
27 vfork() calls
0 rfork() calls
0 swap pager pageins
0 swap pager pages paged in
0 swap pager pageouts
0 swap pager pages paged out
380 vnode pager pageins
395 vnode pager pages paged in
122 vnode pager pageouts
1476 vnode pager pages paged out
0 page daemon wakeups
0 pages examined by the page daemon
101 pages reactivated
161722 copy-on-write faults
0 copy-on-write optimized faults
84623 zero fill pages zeroed
83063 zero fill pages prezeroed
7 intransit blocking page faults
535606 total VM faults taken
0 pages affected by kernel thread creation
238254 pages affected by fork()
409
2535 pages affected by vfork()

0 pages affected by rfork()
283379 pages freed
0 pages freed by daemon
190091 pages freed by exiting processes
17458 pages active
29166 pages inactive
0 pages in VM cache
10395 pages wired down
134610 pages free
4096 bytes per page
183419 total name lookups
cache hits (90% pos + 7% neg) system 0% per-directory
deletions 0%, falsehits 0%, toolong 0%
interrupt total rate

ata0 irq14 113338 3
mux irq7 727643 21
fxp1 irq10 1178671 34
sio0 irq4 833 0
clk irq0 3439769 99
rtc irq8 4403221 127
Total 9863475 286
Kernel direct memory map:

4423 pages used
4057340 pages maximum
Release Information

410
show task
IN THIS SECTION
Syntax | 410
Description | 410
Options | 410
Output Fields | 411
Sample Output | 412
Syntax
show task
<logical-system (all | logical-system-name)>
<task-name>
io
logical-system-mux
memory
replication
scheduler-slip-history
snooping
summary
Description
Display routing protocol tasks on the Routing Engine.
Options
none Display all routing protocol tasks on the Routing Engine.

411
logical-system (all | (Optional) Perform this operation on all logical systems or on a particular logical
logical-system- system.
name)
logical-system-mux Display the logical router multiplexer process (lrmuxd) per-task information.
task-name (Optional) Display information about running tasks for all tasks whose name
begins with this string (for example, BGP_Group_69_153 and BGP_Group_70_153 are both
displayed when you run the show task BGP_Group command).
io Show i/o statistics for all tasks displayed.
memory Show memory statistics for all tasks displayed.
replication Show only replication tasks.
scheduler-slip- Show the number of scheduler slips (wherein the scheduler is unable to provide
history requested CPU time to a process) that have occurred since the last RPD start,
including some scheduler slip details.
snooping Show only snooping tasks.
summary (Optional) Display summary information about running tasks.
view
Output Fields
Table 20 on page 411 describes the output fields for the show task command. Output fields are listed in
the approximate order in which they appear.
Table 20: show task Output Fields
Pri Current priority of the process. A lower number indicates a higher priority.
Task Name Name of the task.

412
Table 20: show task Output Fields (Continued)
Pro IP protocol number associated with the process.
Port TCP or UDP port number associated with the task.
So Socket number of the task.
Flags Flags for the task:
• Accept—Task is waiting for incoming connections.
• Connect—Task is waiting for a connection to be completed.
• Delete—Task has been deleted and is being cleaned up.
• LowPrio— Task will be dispatched to read its socket after other higher-priority tasks.
Sample Output
show task
user@host> show task

Pri Task Name Pro Port So Flags
10 IF
15 LABEL
15 ISO
15 INET 7
20 Aggregate
20 RT
30 ICMP 1 9
39 ISIS I/O 12
40 IS-IS 10
40 BGP RT Background <LowPrio>
40 BGP.0.0.0.0+179 179 15 <Accept LowPrio>
50 BGP_69.192.168.201.234+179 179 17 <LowPrio>
50 BGP_70.192.168.201.233+179 179 16 <LowPrio>
50 BGP_Group_69_153 <LowPrio>
413
50 BGP_Group_70_153 <LowPrio>
50 ASPaths
60 KRT 255 1
60 Redirect
70 MGMT.local 14 <LowPrio>
70 MGMT_Listen./var/run/rpd_mgmt 13 <Accept LowPrio>
70 SNMP Subagent./var/run/sub_rpd.sock 8 <LowPrio>
40 KRT IO task {krtio-th}
40 krtio-th {krtio-th}
60 krt solic client 255 85 <ReadDisableWriteDisable> {krtio-th}
13 rsvp-iobagent./var/run/sub_rpd.sock 46 <WriteDisable> {rsvp-io}
80 jtrace_jthr_task 255 85 {TraceThread}
show task scheduler-slip-history
user@host> show task scheduler-slip-history

Scheduler Slip Report:
Total number of Scheduler Slips: 11
Scheduler Slip Logs(last 64):
Timestamp Total User System
10/13/21 09:19:08 5 sec 0 sec 382 usec 0 sec 0 usec
Release Information
show task io | 414

414

show task io
IN THIS SECTION
Syntax | 414
Description | 414
Options | 415
Output Fields | 415
Sample Output | 416
Syntax
show task io
show task io
Description
Display I/O statistics for routing protocol tasks on the Routing Engine.
415
Options
none Display I/O statistics for routing protocol tasks on the Routing Engine.
logical-system (all | logical- (Optional) Perform this operation on all logical systems or on a particular
system-name) logical system.
view
Output Fields
Table 21 on page 415 describes the output fields for the show task io command. Output fields are listed
Table 21: show task io Output Fields
Reads Number of input ready notifications.
Writes Number of output ready notifications.
Rcvd Number of requests to the kernel for input.
Sent Number of requests to the kernel for output.
Dropped Number of sent requests that failed.

416
Sample Output
show task io
user@host> show task io

Task Name Reads Writes Rcvd Sent Dropped
LMP Client 1 1 0 0 0
IF 0 0 0 0 0
INET6 0 0 0 0 0
INET 0 0 0 0 0
ISO 0 0 0 0 0
Memory 0 0 0 0 0
RPD Unix Domain Server./var/ru 0 0 0 0 0
RPD Server.0.0.0.0+666 0 0 0 0 0
Aggregate 0 0 0 0 0
RT 0 0 0 0 0
ICMP 0 0 0 0 0
Router-Advertisement 0 0 0 0 0
ICMPv6 0 0 0 0 0
IS-IS I/O./var/run/ppmd_contro 1307 1 0 0 0
l2vpn global task 0 0 0 0 0
IS-IS 0 0 0 0 0
BFD I/O./var/run/bfdd_control 1307 1 0 0 0
TED 0 0 0 0 0
ASPaths 0 0 0 0 0
Resolve tree 1 0 0 0 0 0
KStat 0 0 0 0 0
KRT Request 0 0 63 0 0
KRT Ifstate 106 0 295 0 0
KRT 0 0 0 0 0
Redirect 0 0 0 0 0
KRT IO task 0 0 0 0 0 {krtio-th}
krtio-th 0 0 0 0 0 {krtio-th}
krt solic client 0 1 0 0 0 {krtio-th}
rsvp-io 83826 0 117827 139682 0 {rsvp-io}
jtrace_jthr_task 0 0 0 0 0 {TraceThread}
...
417
Release Information
show task logical-system-mux
IN THIS SECTION
Syntax | 417
Description | 417
Options | 417
Output Fields | 418
Sample Output | 419
Syntax
show task logical-system-mux <task-name>

<io>
<memory>
<replication>
<summary>
Description
Display the logical router multiplexer process (lrmuxd) per-task information.
Options
none Display all the logical router multiplexer process (lrmuxd) per-task information.
418
task-name (Optional) Display information about running tasks for all tasks whose name begins with
this string (for example, lsys_session_task:lr2 and lsys_session_task:lr1 are both displayed
when you run the show task logical-system-mux lsys command).
io Show I/O statistics for all tasks displayed.
memory Show memory statistics for all lrmuxd processes displayed.
replication Show only replication tasks.
summary Display summary information about running tasks.
view
Output Fields
Table 22 on page 418 describes the output fields for the show task logical-system-mux command. Output
fields are listed in the approximate order in which they appear.
Table 22: show task logical-system-mux Output Fields
Pri Current priority of the process. A lower number indicates a higher priority.
Pro IP number associated with the process.
Port TCP or UDP port number associated with the task.
So Socket number of the task.

419
Table 22: show task logical-system-mux Output Fields (Continued)
Flags Flags for the task:
• Accept—Task is waiting for incoming connections.
• Connect—Task is waiting for a connection to be completed.
• Delete—Task has been deleted and is being cleaned up.
• LowPrio— Task will be dispatched to read its socket after other higher-priority tasks.
Sample Output
show task logical-system-mux
user@host> show task logical-system-mux

Pri Task Name Pro Port So Flags
15 Memory
40 lsys_session_task:lr2 14 <WriteDisable>
40 lsys_session_task:lr1 11 <WriteDisable>
40 lrmuxd lsys info task
60 Mirror Task.128.0.0.6 63793 9 <WriteDisable>
70 MGMT.local 15 <WriteDisable>
70 MGMT_Listen./var/run/lrmuxd_mgmt 6 <Accept WriteDisable>
show task logical-system-mux io
user@host> show task logical-system-mux io

Task Name Reads Writes Rcvd Sent Dropped
Memory 0 0 0 0 0
lsys_session_task:lr2 7 2 0 0 0
lsys_session_task:lr1 7 2 0 0 0
lrmuxd lsys info task 0 0 0 0 0
Mirror Task.128.0.0.6 1940 1 0 0 0
MGMT.local 0 0 1 0 0
MGMT_Listen./var/run/lrmuxd_mg 12 0 12 0 0
420
show task logical-system-mux memory
user@host> show task logical-system-mux memory

Memory Size (kB) Percentage When
Currently In Use: 1483 0% now
Maximum Ever Used: 1483 0% 13/03/20 02:28:18
Available: 1589641 100% now
Release Information
show task | 410

show task io | 414
show task memory
IN THIS SECTION
Syntax | 421
Description | 421
Options | 421
Output Fields | 422
Sample Output | 424

421
Syntax
show task memory

<brief | detail | history | summary>
show task memory

<brief | detail | history | summary>
Description
Display memory utilization for routing protocol tasks on the Routing Engine.
NOTE: The show task memory command does not display all the memory used by the routing
protocol process. This value does not account for the memory used for the TEXT and STACK
segments, or the memory used by the routing protocol process’s internal memory manager.
Options
none Display standard information about memory utilization for routing protocol
tasks on the Routing Engine on all logical systems.
brief | detail | history | (Optional) Display the specified level of output. Use the history option to
summary display a history of memory utilization information.
logical-system (all | (Optional) Perform this operation on all logical systems or on a particular
logical-system-name) logical system.
view
422
Output Fields
Table 23 on page 422 describes the output fields for the show task memory command. Output fields are
Table 23: show task memory Output Fields
Memory Currently Memory currently in use. Dynamically allocated memory plus the DATA All levels
In Use segment memory in kilobytes.
Memory Maximum Maximum memory ever used. none specified,

Ever Used brief, history
Memory Available Memory currently available. none specified, brief
NOTE: The maximum currently available memory is displayed

incorrectly. On 32-bit Junos OS, the actual available memory is
2,097,152 kilobytes (2147483648 / 1024) but instead it is displayed as
2,147,484 kilobytes (2147483648 / 1000). On 64-bit Junos OS, the
actual available memory is 3,145,728 kilobytes (3221225472 / 1024)
but instead it is displayed as 3221225 kilobytes (3221225472 / 1000).
Size (kB) Memory capacity in 1000-byte kilobytes. none specified,

brief, history,
summary
Percentage Percentage of memory currently available. none specified, brief
When Timestamp. none specified,

brief, history
423
Table 23: show task memory Output Fields (Continued)
Overall Memory Memory utilization by memory size: detail

Report
• Size—Block size, in bytes.
• TXP—T indicates transient memory, X indicates exclusive memory, and

P indicates full page.
• Allocs—Number of blocks allocated for named objects.
• Mallocs—Number of blocks allocated for anonymous objects.
• Alloc Bytes—Number of blocks allocated times block size.
• MaxAllocs—Maximum value ofAllocs.
• MaxBytes—Maximum value of Alloc Bytes.
• FreeBytes—Total number of bytes unused on memory pages for this

block size.
Allocator Memory Memory utilization by named objects: detail

Report
• Size—Size of the named object in bytes.
• Alloc Size—Actual memory used by that object in bytes.
• DTXP—D indicates debug, T indicates transient memory, X indicates

exclusive memory, and P indicates full page.
• Alloc Blocks—Number of named objects allocated.
• AllocBytes—Number of blocks allocated times block size.
• MaxAlloc Blocks—Maximum value of Alloc Blocks.
• Max Alloc Bytes—Maximum value of AllocBytes.

424
Table 23: show task memory Output Fields (Continued)
Malloc Usage Memory utilization for miscellaneous use: detail

Report
• Allocs—Number of allocations.
• Bytes—Total bytes consumed.
• MaxAllocs—Maximum value of Allocs.
• MaxBytes—Maximum value of Bytes.
• FuncCalls—Cumulative number of Allocs.
Dynamically Memory allocated dynamically by the system. detail

allocated memory
Program data+BSS Program and base station subsystem (BSS) memory. detail
memory
Page data Internal memory overhead. detail

overhead
Page directory Internal memory overhead. detail

size
Total bytes in Total memory, in bytes, that is currently in use and percentage of detail
use available memory (in parentheses).
Sample Output
show task memory
user@host> show task memory

Memory Size (kB) Percentage When
Currently In Use: 29417 3% now
425
Maximum Ever Used: 33882 4% 00/02/11 22:07:03

Available: 756281 100% now
show task memory detail
user@host> show task memory detail

------------------------- Overall Memory Report -------------------------
Size TP Allocs Mallocs AllocBytes MaxAllocs MaxBytes FreeBytes
8 - 111 888 112 896 3208
12 92 149 2892 247 2964 1204
12 T - - - 5 60 -
16 7 11 288 23 368 3808
20 100 33 2660 164 3280 1436
20 T - - - 40 800 -
24 162 15 4248 177 4248 3944
24 T - - - 4 96 -
28 371 - 10388 372 10416 1900
32 6 23 928 30 960 3168
...
-------------------------------------------------------------------------
606182 715302 118810
------------------------ Allocator Memory Report ------------------------

Name Size Alloc DTP Alloc Alloc MaxAlloc MaxAlloc
Size Blocks Bytes Blocks Bytes
patroot 8 12 84 1008 87 1044
sockaddr_un.i802 8 12 2 24 2 24
cos_nhm_nh 8 12 1 12 1 12
sockaddr_un.tag 8 12 3 36 4 48
gw_entry_list 8 12 1 12 1 12
bgp_riblist_01 8 12 1 12 2 24
ospf_intf_ev 8 12 - - 6 72
krt_remnant_rt 8 12 T - - 5 60
...
-------------------------------------------------------------------------
164108 221552
-------------------------- Malloc Usage Report --------------------------

Name Allocs Bytes MaxAllocs MaxBytes FuncCalls
MGMT.local 1 8 1 8 1
BGP.0.0.0.0+179 - - 1 8 2
426
BGP RT Background 4 74748 4 74748 4

SNMP Subagent./var/run/ - 52 1 9172 56
OSPFv2 I/O./var/run/ppm 1 66536 2 66552 4551
OSPF 6 67655 7 67703 68
KRT - - 1 3784 18
ASPaths 3 80 3 80 3
-- sockaddr -- 183 2100 184 2108 1645
BFD I/O./var/run/bfdd_c 1 65535 2 65551 4555
RT 48 872 48 872 48
Scheduler 42 628 43 628 88
--Anonymous-- 56 1100 58 1140 112
--System-- 82 58364 114 60044 4654
-------------------------------------------------------------------------
337678 352398
Dynamically allocated memory: 765952 Maximum: 765952

Program data+BSS memory: 1568768 Maximum: 1568768
Page data overhead: 53248 Maximum: 53248
Page directory size: 4096 Maximum: 4096
----------
Total bytes in use: 2392064 (0% of available memory)
Release Information
show task replication
IN THIS SECTION
Syntax | 427
Description | 427
Options | 427
Output Fields | 427
Sample Output | 428

427
Syntax
show task replication
Description
Displays nonstop active routing (NSR) status. When you issue this command on the primary Routing
Engine, the status of nonstop active routing synchronization is also displayed.
CAUTION: If BGP is configured, before attempting nonstop active routing switchover,

check the output of show bgp replication to confirm that BGP routing table
synchronization has completed on the backup Routing Engine. The complete status in the
output of show task replication only indicates that the socket replication has completed
and the BGP synchronization is in progress.
To determine whether BGP synchronization is complete, you must check the Protocol
state and Synchronization state fields in the output of show bgp replication on the primary
Routing Engine. The Protocol state must be idle and the Synchronization state must be
complete. If you perform NSR switchover before the BGP synchronization has completed,
the BGP session might flap.
Options
view
Output Fields
Table 24 on page 428 lists the output fields for the show task replication command. Output fields are
428
Table 24: show task replication Output Fields
Stateful replication Displays whether or not graceful Routing Engine switchover is configured. The
status can be Enabled or Disabled.
RE mode Displays the Routing Engine on which the command is issued: Master, Backup,
or Not applicable (when the router has only one Routing Engine).
Protocol Protocols that are supported by nonstop active routing.
Synchronization Status Nonstop active routing synchronization status for the supported protocols.
States are NotStarted, InProgress, and Complete.
Synchronization states are shown for each of the supported protocols that are
running on the device at that moment.
Sample Output
show task replication (Issued on the Primary Routing Engine)
user@host> show task replication

Stateful Replication: Enabled
RE mode: Master
Protocol Synchronization Status

OSPF NotStarted
BGP Complete
IS-IS NotStarted
LDP Complete
PIM Complete
429
show task replication (Issued on the Backup Routing Engine)

RE mode: Backup
show task replication (Junos OS Evolved)
In Junos OS Evolved, both the primary and backup Routings have the same CLI output. If you configured
any protocol, you should see the synchronization state for the same.

RE mode: Master
Protocol Synchronization Status

OSPF NotStarted
BGP Complete
IS-IS NotStarted
LDP Complete
PIM Complete
Release Information
Support for logical systems introduced in Junos OS Release 13.3
Example: Configuring Nonstop Active Routing on Switches

Junos Overview

Uploaded by

Copyright:

Available Formats

Junos Overview

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Junos Overview

Uploaded by

Copyright:

Available Formats

Junos® OS

Overview for Junos OS

Juniper Networks, Inc.

Junos® OS Overview for Junos OS

YEAR 2000 NOTICE

END USER LICENSE AGREEMENT

About the Overview for Junos OS | 2

Junos OS Architecture Overview | 5

Router Hardware Components | 7

Junos OS Routing Engine Components and Processes | 9

Junos OS Routing Processes | 11

Default Directories for Junos OS File Storage on the Network Device | 22

Junos OS Support for IPv4, IPv6, and MPLS Routing Protocols | 24

Junos OS Routing and Forwarding Tables | 26

Routing Policy Overview | 27

Junos OS Support for VPNs | 28

Configuring FIB Localization | 29

FIB Localization Overview | 29

Example: Configuring Packet Forwarding Engine FIB Localization | 30

Junos OS Security Overview | 38

Junos OS Features for Device Security | 38

Junos OS Default Settings for Device Security | 43

Junos OS Configuration Overview | 44

Junos OS Configuration Basics | 44

Methods for Configuring Junos OS | 45

Junos OS Configuration from External Devices | 48

The Commit Model for Configurations | 48

Configuration Groups Overview | 50

2 Configuring and Administering Junos Devices

Initial Router or Switch Configuration Using Junos OS | 53

How to Improve Commit Time When Using Configuration Groups | 65

Creating and Activating a Candidate Configuration | 66

Format for Specifying Filenames and URLs in Junos OS CLI Commands | 67

Mapping the Name of the Router to IP Addresses | 68

Configuring Automatic Mirroring of the CompactFlash Card on the Hard Drive | 69

Back Up Configurations to an Archive Site | 71

Configure the Transfer of the Active Configuration | 71

Configuring Junos OS to Set Console and Auxiliary Port Properties | 73

Monitoring Junos Devices | 75

Junos OS Tools for Monitoring | 75

Tracing and Logging Junos OS Operations | 76

Understanding Dropped Packets and Untransmitted Traffic Using show Commands | 78

Log a User Out of the Device | 82

Managing Junos OS Processes | 83

Saving Core Files from Junos OS Processes | 83

Viewing Core Files from Junos OS Processes | 84

Disabling Junos OS Processes | 85

Configuring Failover to Backup Media If a Junos OS Process Fails | 85

Using Virtual Memory for Process Configuration Data | 86

3 Configuration Statements and Operational Commands

location (System) | 107

name-server (System Services) | 115

port (Syslog) | 121

proxy (System) | 126

route (chassis) | 131

routing (System Processes) | 133

File Management Commands | 142

file archive | 142

file compare | 146

file copy | 149