O'Reilly logo

Junos Security by James Quinn, Timothy Eberhard, Patricio Giecco, Brad Woodberg, Rob Cameron

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Scripting and Automation

The Junos infrastructure provides a way for users to extend the system’s functionalities. This section explores the different mechanisms supplied, with an emphasis on providing examples of how these mechanisms are commonly used.

Commit Scripts

Perhaps the simplest way to get acquainted with Junos automation is to start by looking at commit scripts.

As previously explained, several operations take place when a commit operation is executed. MGD loads the candidate configuration as shown in Figure 13-3, after which it performs a commit check, and finally, if the commit is successful, it notifies the affected daemons of the new configuration.

Commit model

Figure 13-3. Commit model

In fact, this description is incomplete. An intermediate step is performed after the candidate configuration is loaded but before the commit check is performed, as shown in Figure 13-4. In this intermediate step, a set of user-defined XSLT transformations are applied to the configuration that can be used for things such as the following:

  • Verify the configuration (e.g., you can create an XSLT template that makes sure that interfaces with an IP address configured are assigned to a security zone, or you could create a template that makes sure the default security policy is not “permit all”) and emit a warning, an error, or even a syslog message on certain conditions.

  • Modify the configuration. A common and ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required