junos-network

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Juniper JunOS Network Automation

Juniper JunOS 网络自动化

MCP Server

Field	Value
Repository	Juniper/junos-mcp-server
Transport	stdio (default for CLI), streamable-http (for IDE)
Python	3.10+ (3.11 recommended)
Protocol	SSH → NETCONF → PyEZ (junos-eznc)
Dependencies	`junos-eznc>=2.7.4` , `jxmlease>=1.0.3` , `lxml>=6.0.0` , `mcp[cli]>=1.12.2` , `ncclient>=0.6.15` , `paramiko>=3.5.1`
Install	`git clone` + `pip install -r requirements.txt` or `pip install .`
Entry Point	`junos-mcp-server -f devices.json -t stdio` or `python3 jmcp.py -f devices.json -t stdio`
Container	`docker build -t junos-mcp-server .` (python:3.11-slim based)

字段	取值
代码仓库	Juniper/junos-mcp-server
传输方式	stdio（CLI默认方式）, streamable-http（适用于IDE）
Python版本	3.10+（推荐3.11）
协议	SSH → NETCONF → PyEZ (junos-eznc)
依赖项	`junos-eznc>=2.7.4` , `jxmlease>=1.0.3` , `lxml>=6.0.0` , `mcp[cli]>=1.12.2` , `ncclient>=0.6.15` , `paramiko>=3.5.1`
安装方式	`git clone` + `pip install -r requirements.txt` 或 `pip install .`
启动入口	`junos-mcp-server -f devices.json -t stdio` 或 `python3 jmcp.py -f devices.json -t stdio`
容器化部署	`docker build -t junos-mcp-server .` （基于python:3.11-slim镜像）

Device Inventory

设备清单

Devices are defined in a

devices.json

file (not environment variables):

json

{
  "core-rtr-01": {
    "ip": "10.0.0.1",
    "port": 22,
    "username": "netops",
    "auth": {
      "type": "ssh_key",
      "private_key_path": "/home/user/.ssh/junos_key"
    }
  },
  "edge-rtr-02": {
    "ip": "10.0.0.2",
    "port": 22,
    "username": "admin",
    "auth": {
      "type": "password",
      "password": "changeme"
    }
  }
}

SSH key authentication is strongly recommended for production. Jumphost/ProxyCommand is supported via

ssh_config

field.

设备信息定义在

devices.json

文件中（不支持环境变量配置）：

json

{
  "core-rtr-01": {
    "ip": "10.0.0.1",
    "port": 22,
    "username": "netops",
    "auth": {
      "type": "ssh_key",
      "private_key_path": "/home/user/.ssh/junos_key"
    }
  },
  "edge-rtr-02": {
    "ip": "10.0.0.2",
    "port": 22,
    "username": "admin",
    "auth": {
      "type": "password",
      "password": "changeme"
    }
  }
}

生产环境强烈推荐使用SSH密钥认证。支持通过

ssh_config

字段配置跳板机/ProxyCommand。

Environment Variables

环境变量

Variable	Default	Purpose
`JUNOS_DEVICES_FILE`	`devices.json`	Path to device inventory JSON
`JUNOS_TIMEOUT`	`360`	Default command timeout in seconds

变量名	默认值	用途
`JUNOS_DEVICES_FILE`	`devices.json`	设备清单JSON文件的路径
`JUNOS_TIMEOUT`	`360`	默认命令超时时间（秒）

Tools (10)

工具集（10个）

Device Inventory (3 tools)

设备清单工具（3个）

Tool	Parameters	Description
`get_router_list`	—	List all available Junos routers (passwords/keys filtered from output)
`add_device`	`device_name?` , `device_ip?` , `device_port?` , `username?` , `ssh_key_path?`	Add a new Junos device interactively (streamable-http only)
`reload_devices`	`file_name`	Reload the device dictionary from a new JSON file

工具	参数	描述
`get_router_list`	—	列出所有可用的Junos路由器（输出会自动过滤密码/密钥信息）
`add_device`	`device_name?` , `device_ip?` , `device_port?` , `username?` , `ssh_key_path?`	交互式添加新的Junos设备（仅支持streamable-http传输方式）
`reload_devices`	`file_name`	从新的JSON文件重新加载设备字典

CLI Execution (2 tools)

CLI执行工具（2个）

Tool	Parameters	Description
`execute_junos_command`	`router_name` , `command` , `timeout?`	Execute a JunOS CLI command on a single router
`execute_junos_command_batch`	`router_names` , `command` , `timeout?`	Execute the same command on multiple routers in parallel

工具	参数	描述
`execute_junos_command`	`router_name` , `command` , `timeout?`	在单台路由器上执行JunOS CLI命令
`execute_junos_command_batch`	`router_names` , `command` , `timeout?`	在多台路由器上并行执行相同命令

Configuration Management (3 tools)

配置管理工具（3个）

Tool	Parameters	Description
`get_junos_config`	`router_name`	Retrieve the full running configuration ( `show configuration \| display set` )
`junos_config_diff`	`router_name` , `version?`	Compare current config against a rollback version (1-49)
`load_and_commit_config`	`router_name` , `config_text` , `config_format?` , `commit_comment?`	Load and commit configuration (formats: set, text, xml)

工具	参数	描述
`get_junos_config`	`router_name`	获取完整的运行配置（ `show configuration \| display set` 格式）
`junos_config_diff`	`router_name` , `version?`	对比当前配置与指定回滚版本（1-49）的差异
`load_and_commit_config`	`router_name` , `config_text` , `config_format?` , `commit_comment?`	加载并提交配置（支持格式：set、text、xml）

Template & Facts (2 tools)

模板与设备信息工具（2个）

Tool	Parameters	Description
`render_and_apply_j2_template`	`template_content` , `vars_content` , `router_name?` , `router_names?` , `apply_config?` , `dry_run?` , `commit_comment?`	Render Jinja2 template with YAML variables; optionally apply to one or many routers with dry-run support
`gather_device_facts`	`router_name` , `timeout?`	Gather device facts: hostname, model, serial, version, uptime, RE info

工具	参数	描述
`render_and_apply_j2_template`	`template_content` , `vars_content` , `router_name?` , `router_names?` , `apply_config?` , `dry_run?` , `commit_comment?`	使用YAML变量渲染Jinja2模板；可选择将模板应用到单台或多台路由器，支持预演模式
`gather_device_facts`	`router_name` , `timeout?`	采集设备信息：主机名、型号、序列号、版本、运行时长、RE信息

Safety Features

安全特性

Command Blocklist (

block.cmd

)

命令黑名单（

block.cmd

）

The server ships with a blocklist that prevents destructive CLI commands:

```
request system reboot
```
```
request system halt
```
```
request system power-cycle
```
```
request system power-off
```
```
request system zeroize
```

Custom patterns (regex) can be added to

block.cmd

服务器内置黑名单，可阻止破坏性CLI命令：

```
request system reboot
```
```
request system halt
```
```
request system power-cycle
```
```
request system power-off
```
```
request system zeroize
```

可在

block.cmd

中添加自定义正则表达式规则。

Configuration Blocklist (

block.cfg

)

配置黑名单（

block.cfg

）

Prevents dangerous configuration changes:

```
set system root-authentication
```
— blocks root password changes

set system login user ... authentication

— blocks user credential changes

Custom patterns (regex) can be added to

block.cfg

阻止危险的配置变更：

```
set system root-authentication
```
— 阻止修改root密码

set system login user ... authentication

— 阻止修改用户凭证

可在

block.cfg

中添加自定义正则表达式规则。

Credential Filtering

凭证过滤

get_router_list

automatically strips passwords and SSH key paths before returning device data.

get_router_list

会自动在返回设备数据前剔除密码和SSH密钥路径信息。

Workflows

工作流

1. JunOS Device Discovery

1. JunOS设备发现

get_router_list → inventory all available Junos routers
→ gather_device_facts(router) per device → hostname, model, serial, version, uptime
→ Cross-reference with NetBox/Nautobot → flag discrepancies
→ GAIT

get_router_list → 盘点所有可用的Junos路由器
→ 为每台设备执行gather_device_facts(router) → 获取主机名、型号、序列号、版本、运行时长
→ 与NetBox/Nautobot交叉核对 → 标记不一致项
→ 记录到GAIT

2. JunOS Health Check

2. JunOS健康检查

get_router_list → identify target routers
→ execute_junos_command_batch(routers, "show chassis alarms") → alarm check
→ execute_junos_command_batch(routers, "show system processes extensive") → CPU/memory
→ execute_junos_command_batch(routers, "show interfaces terse") → interface status
→ execute_junos_command_batch(routers, "show bgp summary") → BGP peer health
→ Severity-sort findings → GAIT

get_router_list → 确定目标路由器
→ 执行execute_junos_command_batch(routers, "show chassis alarms") → 告警检查
→ 执行execute_junos_command_batch(routers, "show system processes extensive") → CPU/内存状态
→ 执行execute_junos_command_batch(routers, "show interfaces terse") → 接口状态
→ 执行execute_junos_command_batch(routers, "show bgp summary") → BGP对等体健康状态
→ 按严重程度排序检查结果 → 记录到GAIT

3. JunOS Configuration Audit

3. JunOS配置审计

get_router_list → select target routers
→ get_junos_config(router) → retrieve running config
→ junos_config_diff(router, version=1) → check for uncommitted or recent changes
→ Compare against golden config templates → flag deviations
→ GAIT

get_router_list → 选择目标路由器
→ 执行get_junos_config(router) → 获取运行配置
→ 执行junos_config_diff(router, version=1) → 检查未提交或近期变更
→ 与黄金配置模板对比 → 标记偏差项
→ 记录到GAIT

4. JunOS Configuration Deployment

4. JunOS配置部署

ServiceNow CR must be in Implement state
→ get_junos_config(router) → baseline current config
→ render_and_apply_j2_template(template, vars, router, dry_run=true) → preview changes
→ render_and_apply_j2_template(template, vars, router, apply_config=true, commit_comment="CR-12345") → apply
→ get_junos_config(router) → verify post-change config
→ execute_junos_command(router, "show bgp summary") → verify protocol health
→ GAIT

ServiceNow变更请求必须处于实施状态
→ 执行get_junos_config(router) → 获取当前配置基线
→ 执行render_and_apply_j2_template(template, vars, router, dry_run=true) → 预览变更
→ 执行render_and_apply_j2_template(template, vars, router, apply_config=true, commit_comment="CR-12345") → 应用配置
→ 执行get_junos_config(router) → 验证变更后的配置
→ 执行execute_junos_command(router, "show bgp summary") → 验证协议健康状态
→ 记录到GAIT

5. JunOS Batch Operations

5. JunOS批量操作

get_router_list → filter to target group (e.g., all edge routers)
→ execute_junos_command_batch(routers, "show version") → version inventory
→ execute_junos_command_batch(routers, "show ospf neighbor") → protocol health
→ Aggregate results → severity-sort → GAIT

get_router_list → 筛选目标设备组（如所有边缘路由器）
→ 执行execute_junos_command_batch(routers, "show version") → 版本盘点
→ 执行execute_junos_command_batch(routers, "show ospf neighbor") → 协议健康状态
→ 汇总结果 → 按严重程度排序 → 记录到GAIT

6. JunOS Rollback Investigation

6. JunOS回滚调查

junos_config_diff(router, version=1) → compare against last committed config
→ junos_config_diff(router, version=2) → compare against version before that
→ Identify what changed, when, and the impact
→ execute_junos_command(router, "show system commit") → commit history
→ GAIT

执行junos_config_diff(router, version=1) → 与上一次提交的配置对比
→ 执行junos_config_diff(router, version=2) → 与更早版本的配置对比
→ 确定变更内容、时间及影响
→ 执行execute_junos_command(router, "show system commit") → 查看提交历史
→ 记录到GAIT

Integration with Other Skills

与其他技能的集成

Skill	Integration
pyats-network	JunOS MCP for Juniper devices, pyATS MCP for Cisco devices — unified multi-vendor fleet management
netbox-reconcile	Cross-reference JunOS device facts (model, serial, version) against NetBox source of truth
nautobot-sot	Same as NetBox — validate Juniper device IPAM data in Nautobot
infrahub-sot	Cross-reference Infrahub node data with Juniper device inventory
itential-automation	Itential workflows can orchestrate JunOS config deployments; Junos command templates complement Itential's
servicenow-change-workflow	Gate all JunOS config commits behind ServiceNow Change Requests
gait-session-tracking	Every JunOS command, config push, and batch operation logged in GAIT
nso-device-ops	NSO for multi-vendor orchestration, JunOS MCP for direct Juniper device access
te-network-monitoring	Validate network health via ThousandEyes after JunOS config changes
fmc-firewall-ops	Correlate Juniper ACL/firewall-filter config with Cisco FMC security policies
subnet-calculator	VLSM planning for Juniper interface addressing
nvd-cve	Scan Junos OS versions against NVD vulnerability database

技能	集成方式
pyats-network	JunOS MCP用于Juniper设备管理，pyATS MCP用于Cisco设备管理——实现统一的多厂商设备集群管理
netbox-reconcile	将JunOS设备信息（型号、序列号、版本）与NetBox数据源交叉核对
nautobot-sot	与NetBox类似——验证Nautobot中Juniper设备的IPAM数据
infrahub-sot	将Infrahub节点数据与Juniper设备清单交叉核对
itential-automation	Itential工作流可编排JunOS配置部署；Junos命令模板可补充Itential的模板库
servicenow-change-workflow	所有JunOS配置提交必须经过ServiceNow变更请求的审批
gait-session-tracking	所有JunOS命令执行、配置推送、批量操作都会记录到GAIT中
nso-device-ops	NSO用于多厂商编排，JunOS MCP用于直接访问Juniper设备
te-network-monitoring	JunOS配置变更后，通过ThousandEyes验证网络健康状态
fmc-firewall-ops	将Juniper ACL/防火墙过滤配置与Cisco FMC安全策略关联分析
subnet-calculator	为Juniper接口地址规划提供VLSM计算支持
nvd-cve	扫描JunOS OS版本，对比NVD漏洞数据库

JunOS MCP vs pyATS MCP

JunOS MCP 与 pyATS MCP 对比

Capability	JunOS MCP	pyATS MCP
Vendor	Juniper only	Cisco (IOS-XE, NX-OS, IOS-XR)
Protocol	NETCONF via PyEZ	SSH + Genie parsers
CLI Execution	`execute_junos_command`	`pyats_run_command`
Batch Operations	`execute_junos_command_batch` (native parallel)	`pyats_pcall` (parallel pCall)
Config Retrieval	`get_junos_config` (set format)	`pyats_run_command("show run")`
Config Push	`load_and_commit_config` (NETCONF commit)	`pyats_configure_device` (SSH configure terminal)
Template Support	Built-in Jinja2 rendering + apply	External (Jinja2 → configure)
Config Diff	`junos_config_diff` (rollback compare)	Manual diff via show commands
Device Facts	`gather_device_facts` (PyEZ facts)	`pyats_learn("platform")`
Safety	`block.cmd` + `block.cfg` regex blocklists	Built-in destructive command blocking
MCP Tools	10	8

能力	JunOS MCP	pyATS MCP
支持厂商	仅Juniper	Cisco（IOS-XE、NX-OS、IOS-XR）
协议	基于PyEZ的NETCONF	SSH + Genie解析器
CLI执行	`execute_junos_command`	`pyats_run_command`
批量操作	`execute_junos_command_batch` （原生并行）	`pyats_pcall` （并行pCall）
配置获取	`get_junos_config` （set格式）	`pyats_run_command("show run")`
配置推送	`load_and_commit_config` （NETCONF提交）	`pyats_configure_device` （SSH配置终端）
模板支持	内置Jinja2渲染+应用	外部模板（Jinja2 → 配置）
配置对比	`junos_config_diff` （回滚版本对比）	通过show命令手动对比
设备信息采集	`gather_device_facts` （PyEZ信息）	`pyats_learn("platform")`
安全机制	`block.cmd` + `block.cfg` 正则黑名单	内置破坏性命令拦截
MCP工具数量	10个	8个

Guardrails

操作准则

Always call
get_router_list
first — verify the target device exists before executing commands
Always baseline before changes — call
```
get_junos_config
```
before any
```
load_and_commit_config
```
or template apply
Use dry_run for templates — set
```
dry_run=true
```
on
```
render_and_apply_j2_template
```
to preview changes before committing

Gate config changes — all

load_and_commit_config

and

render_and_apply_j2_template(apply_config=true)

calls must have a ServiceNow CR in

Implement

state

Use batch for fleet ops — prefer
```
execute_junos_command_batch
```
over looping
```
execute_junos_command
```
for multi-router operations
Set reasonable timeouts — default is 360s; reduce for simple show commands, increase for large config operations
Include commit comments — always provide a
```
commit_comment
```
referencing the ServiceNow CR number
Verify after config pushes — call
```
get_junos_config
```
and protocol-specific show commands after changes
Respect the blocklists —
```
block.cmd
```
and
```
block.cfg
```
prevent destructive operations; do not bypass them
Record in GAIT — every command, config push, batch operation, and template rendering must be logged

先调用
get_router_list
—— 执行命令前先验证目标设备是否存在
变更前先获取基线配置 —— 执行
```
load_and_commit_config
```
或模板应用前，先调用
```
get_junos_config
```
模板使用预演模式 —— 在
```
render_and_apply_j2_template
```
中设置
```
dry_run=true
```
，预览变更后再提交
配置变更需审批 —— 所有
```
load_and_commit_config
```
和
```
render_and_apply_j2_template(apply_config=true)
```
调用必须关联处于“实施”状态的ServiceNow变更请求
批量操作优先使用批量工具 —— 多路由器操作时，优先使用
```
execute_junos_command_batch
```
而非循环调用
```
execute_junos_command
```
设置合理超时时间 —— 默认超时360秒；简单show命令可缩短超时，大型配置操作可延长超时
添加提交备注 —— 必须提供
```
commit_comment
```
，关联ServiceNow变更请求编号
配置推送后验证 —— 变更后调用
```
get_junos_config
```
和协议特定的show命令进行验证
遵守黑名单规则 ——
```
block.cmd
```
和
```
block.cfg
```
用于阻止破坏性操作，请勿绕过
所有操作记录到GAIT —— 所有命令执行、配置推送、批量操作、模板渲染都必须记录到GAIT中

junos-network

Original

Translation

Juniper JunOS Network Automation

Juniper JunOS 网络自动化

MCP Server

MCP Server

Device Inventory

设备清单

Environment Variables

环境变量

Tools (10)

工具集（10个）

Device Inventory (3 tools)

设备清单工具（3个）

CLI Execution (2 tools)

CLI执行工具（2个）

Configuration Management (3 tools)

配置管理工具（3个）

Template & Facts (2 tools)

模板与设备信息工具（2个）

Safety Features

安全特性

Command Blocklist (block.cmd)

命令黑名单（block.cmd）

Configuration Blocklist (block.cfg)

配置黑名单（block.cfg）

Credential Filtering

凭证过滤

Workflows

工作流

1. JunOS Device Discovery

1. JunOS设备发现

2. JunOS Health Check

2. JunOS健康检查

3. JunOS Configuration Audit

3. JunOS配置审计

4. JunOS Configuration Deployment

4. JunOS配置部署

5. JunOS Batch Operations

5. JunOS批量操作

6. JunOS Rollback Investigation

6. JunOS回滚调查

Integration with Other Skills

与其他技能的集成

JunOS MCP vs pyATS MCP

JunOS MCP 与 pyATS MCP 对比

Guardrails

操作准则

Command Blocklist (
`block.cmd`
)

命令黑名单（
`block.cmd`
）

Configuration Blocklist (
`block.cfg`
)

配置黑名单（
`block.cfg`
）