Understand the Junos Configuration Process
Juniper engineers have worked closely with early customers in designing the Junos command-line interface (CLI), and those early users requested a wealth of smart features. Today, Junos can help you avoid a great deal of hassle and headache due to human error. Many different studies show that more than 60 percent of network downtime can be attributed to human factors (a.k.a., absent-minded errors).
The essential difference between using Junos and many other network operating systems is that you don’t make changes to the actual configuration on the device, but to a candidate configuration that you can later check and then decide to commit.
You can think of the candidate configuration as your scratch pad for entering your device configuration and making any needed changes, additions or deletions. While you always enter your configuration or its changes as a candidate file, the candidate doesn’t actually run your device.
When you are ready to make your candidate the running configuration of your device, you can compare and test the candidate. Then you can activate it as the new running configuration, all at once, with the commit step. You’ll find the Junos operating system configuration process reassuring.
So, how can the Junos CLI help you avoid being “3 a.m. stupid,” any time of the day? Here’s a short list of command-line features that can help in that regard:
show | compare: Use to see the exact changes you made and to look for typos or omissions. For example, if you copy a portion of the configuration to a new interface, show | compare highlights the changes so that you can detect whether you’ve left anything out.
commit check: When your changes are ready (or any time while entering changes), use commit check to find out whether the CLI understands everything you’ve entered. The system verifies the logic and completeness of your new configuration entries without activating any changes. If the CLI finds a problem, it lets you know.
commit confirmed: When you’re ready to activate your candidate as the active configuration, you have two options: commit and commit confirmed. commit confirmed is the better choice because it saves you from requiring physical access to the box in case your changes accidently isolate your device. Remember that if you don’t confirm your changes (by entering commit or commit check) within ten minutes of activation (or another interval that you can set), the device reverts back to the prior configuration.
rollback: The Junos CLI gives you one last safety feature that not only helps protect you, but also makes changes easier. rollback lets you restore the rescue or any of the prior 50 configurations (the rescue configuration is a user-predefined, known working configuration). Using rollback is much quicker than undoing one command at a time in the command-line interface.
The confirmed command is there to help you. We’ve heard stories about folks who didn’t bother using this option — and then later were stuck trying to figure out how to fix what they had just done that isolated a remote site. Get in the habit of taking the little extra step to commit confirmed.