We have a large Cisco environment and are using the Orion Platform for monitoring and management (NPM, NCP, NTA, VNQM, and UDT)
We may be moving area of our environment over to Juniper.
My question is "What is your experience in using the Orion Platform to monitor and manage a Juniper Environment?"
Is the out-of-box monitoring usable, is it equal to the Cisco device support?
What about Configuration Management?
Any help with this be appreciated.
Thank you for your time and input.
We utilize Orion extensively with both Cisco and Juniper. The basic datapoints for most Juniper equipment is there, right out of the gate. For example, interface stats, hardware health, CPU, etc. We've been using Orion for more than a decade and I haven't found too much that it can't do without a bit of customization, such as using the Universal Device Poller to get non-default stats like SRX firewall sessions or individual line card hardware statistics. NCM, on the other hand, does not really know how to deal with Juniper in the sense that you cannot view a configuration, then edit it in NCM and upload that configuration change. That said, you can certainly make config changes with it, but you cannot *edit* configs in NCM and just upload the changes because of how Juniper command and config structure is different. It can be done by using NCM to save the 'set' version of the config, but then it's difficult to read.
One thing I should mention is the difference between Juniper and Cisco interfaces. In Cisco, there is, for the most part, only one "interface" to monitor. For instance, if you have an interface called 'Gi0/0/0', all you need to do to monitor everything for that interface is to add it to Orion and sit back and watch. With Juniper, there are essentially two interfaces - a physical interface and a logical interface. The physical interface is where the stats for most things come from and in most cases, is the only interface you need to monitor. Example: In a Juniper MX router, you might have an interface ge-0/0/0. Once you configure a protocol family such as 'inet', inet6', or 'bridge', another interface will pop up in your SNMP queries, ge-0/0/0.0. You don't really need to monitor that interfaces in, again, most cases. This is important because if you don't have the SLX license of Orion, this interface adds to your element count, effectively doubling your license usage.
The only time I ever monitor a logical interface on a Juniper is if the interface is VLAN tagged and that logical interface is a different VLAN. Example: ge-0/0/0.5 (VLAN ID 5), ge-0/0/1.899 (VLAN ID 899). In that case, the individual unit number does provide traffic statistics for that VLAN. The only other "useful" stats I ever really needed from logical interfaces was queue statistics for QoS monitoring. But that's a whole different beast and not exactly easy to monitor in Orion.
Piggybacking on this, SOME juniper hardware you need to monitor the physical port for things like bandwidth etc, but then there are a couple model lines where you have to monitor the logic ports instead. It's been about a year since I was working with a client who had that issue but it was super confusing for us until we were able to pin it down to that model within their environment.
On the UDT side I recall us also having to poke around quite a bit to be sure we were tracking the correct ports for MAC and User info since they didn't have unlimited licenses.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.