Exploring Junos' On-Box Scripting Capabilities

Junos OS, the operating system that powers Juniper Networks' wide range of networking devices, offers a powerful feature known as on-box scripting. This feature allows network administrators to automate tasks, customize behaviors, and extract operational data from the device. This blog post will delve into the details of Junos' on-box scripting capabilities, a topic that is crucial for students studying for the JNCIS-ENT certification.

What is On-Box Scripting?

On-box scripting refers to the ability to run scripts directly on a Juniper device. These scripts can be written in SLAX, XSLT, or Python, and can be used to automate operational and configuration tasks, respond to certain events, or extract and format operational data.

SLAX and XSLT Scripts

SLAX and XSLT are XML-based scripting languages. Junos OS uses XML for its configuration and operational data, which makes these languages a natural fit for on-box scripting.

Here's an example of a simple SLAX script that displays the interfaces that are currently up:

version 1.0;

ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";

import "../import/junos.xsl";

match / {
    <op-script-results> {
        var $interfaces = jcs:input("show interfaces terse | match up");
        for-each ($interfaces//physical-interface[normalize-space(admin-status)='up']) {
            <interface> {
                <name> expr { name } </name>
                <admin-status> expr { admin-status } </admin-status>
                <oper-status> expr { oper-status } </oper-status>

This script uses the jcs:input function to execute the show interfaces terse | match up command and store the result in the $interfaces variable. It then loops over the physical-interface elements in the result where the admin-status is 'up', and for each such interface, it outputs an interface element with name, admin-status, and oper-status sub-elements.

Python Scripts

Starting from Junos OS 15.1, Python is also supported for on-box scripting. Python scripts have access to the Junos PyEZ library, which provides a high-level, Pythonic interface to Junos devices.

Here's the equivalent Python script for the above SLAX script:

from jnpr.junos import Device
from lxml import etree

with Device() as dev:
    interfaces = dev.rpc.get_interface_information(terse=True)
    for interface in interfaces.xpath('.//physical-interface[normalize-space(admin-status)="up"]'):
        print(etree.tostring(interface, pretty_print=True))

This script uses the Device class from the jnpr.junos module to connect to the local device. It then calls the get_interface_information method of the Device instance to execute the show interfaces terse command and store the result in the interfaces variable. It then loops over the physical-interface elements in the result where the admin-status is 'up', and for each such interface, it prints the XML representation of the interface.


On-box scripting is a powerful feature of Junos OS that can greatly simplify and automate the management of Juniper devices. Whether you prefer the XML-based SLAX and XSLT languages or the more general-purpose Python language, on-box scripting provides you with the tools to customize your device's behavior to your needs. As you prepare for your JNCIS-ENT certification, make sure to get hands-on experience with on-box scripting, as it is a key skill for any Juniper network engineer.

© Ben Jacobson.RSS