Page 2
END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at http://www.juniper.net/support/eula/.
Installation ............19 Managing Software Installation on NFX250 Network Services Platform ..19 Upgrading an Image on the Disaggregated Junos OS Platform .
Page 4
JDM User Guide for NFX250 Network Services Platform Accessing the ipsec-nm from the JDM CLI ......30 Understanding User Accounts .
Page 6
Configuring Service Chaining Using DHCP Services on VLANs ....155 Example: Configuring Service Chaining Using VLANs on NFX250 Network Services Platform ............156 Example: Configuring Service Chaining Using SR-IOV on NFX250 Network Services Platform .
Page 11
Table 20: Physical CPU Allocation for NFX250-LS1 ..... . . 107 Table 21: Physical CPU Allocation for NFX250 ......108...
Page 12
JDM User Guide for NFX250 Network Services Platform Table 25: show security ike sa Output Fields ......198 Table 26: show security ike sa detail Output Fields .
® To obtain the most current version of all Juniper Networks technical documentation, see the product documentation page on the Juniper Networks website at http://www.juniper.net/techpubs/ If the information in the latest release notes differs from the information in the documentation, follow the product Release Notes.
JDM User Guide for NFX250 Network Services Platform If the example configuration does not start at the top level of the hierarchy, the example is a snippet. In this case, use the command. These procedures are load merge relative described in the following sections.
JDM User Guide for NFX250 Network Services Platform Table 2: Text and Syntax Conventions Convention Description Examples Bold text like this Represents text that you type. To enter configuration mode, type the configure command: user@host> configure Fixed-width text like this Represents output that appears on the user@host>...
We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can provide feedback by using either of the following methods: Online feedback rating system—On any page of the Juniper Networks TechLibrary site http://www.juniper.net/techpubs/index.html , simply click the stars to rate the content, and use the pop-up form to provide us with information about your experience.
JDM User Guide for NFX250 Network Services Platform Find CSC offerings: http://www.juniper.net/customers/support/ Search for known bugs: https://prsearch.juniper.net/ Find product documentation: http://www.juniper.net/documentation/ Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/ Download the latest versions of software and review release notes: http://www.juniper.net/customers/csc/software/...
(disaggregation) of the tightly bound Junos OS software and proprietary hardware into virtualized components that can potentially run not only on Juniper Networks hardware, but also, on white boxes or bare-metal servers. In this new architecture, the Juniper Device Manager (JDM) is a virtualized root container that manages software components.
Note that some implementations of the basic architecture include a Packet Forwarding Engine as well as the usual Linux platform hardware ports. This allows better integration of the Juniper Networks data plane with the bare-metal hardware of a generic platform. The disaggregated Junos OS architecture enables JDM to handle virtualized network functions such as a firewall or Network Address Translation (NAT) functions.
Page 23
This supports the chaining of services as traffic enters and exits the device. JDM provides users with a familiar Junos OS CLI and handles all interactions with underlying Linux kernel to maintain the “look and feel” of a Juniper Networks device. Some of the benefits of the disaggregated Junos OS are: The whole system can be managed like managing a server platform.
JDM User Guide for NFX250 Network Services Platform Disaggregated Junos OS VMs Cloud computing enables applications to run in a virtualized environment, both for end-user server functions and network functions needed to connect scattered endpoints across a large data center, or even among multiple data centers. Applications and network functions can be implemented by virtualized network functions (VNFs).
JDM User Guide for NFX250 Network Services Platform fashion, and each container has its own user space that cannot be used by other containers. Although is a popular container management system to run containers Docker on a physical server, there are alternatives such as Drawbridge or Rocket to consider.
JDM User Guide for NFX250 Network Services Platform Related Understanding Disaggregated Junos OS on page 3 Documentation Understanding Physical and Virtual Components on page 12 Disaggregated Junos OS VMs on page 6 Understanding SR-IOV Usage on page 10 Comparing Virtio and SR-IOV on page 11...
While support for virtio is nearly universal, support for SR-IOV varies by NIC hardware and platform. The Juniper Networks NFX250 Network Services Platform supports SR-IOV capabilities and allows 16 partitions on each physical NIC port.
SRX device (vSRX) or the Junos Control Plane (JCP). The JCP works with the JDM to make the device resemble a dedicated Juniper Networks platform, but one with a lot more flexibility. Much of this flexibility comes from the ability to support one or more VNFs that implement a virtualized network function (VNF).
JDM User Guide for NFX250 Network Services Platform Generally, there are a fixed number of CPU cores, and a finite amount of disk space. But in a virtual environment, resource allocation and use is more complex. Virtual resources such as interfaces, disk space, memory, or cores are parceled out among the VNFs running at the time, as determined by the VNF image.
This topic lists the commands to be used for installing a software package and upgrading an image on NFX250 Network Services Platform and rebooting the NFX250 platform. It also lists the commands to be used for formatting and reverting the system to factory state.
JDM User Guide for NFX250 Network Services Platform NOTE: commands work only for primary zeroize clean-install installation and do not work for backup installation. CAUTION: commands might remove all user zeroize clean-install installed software packages, VNF files of the user, and so on. After completing these operations, you must fetch these information and reinstall the software.
Page 40
JDM User Guide for NFX250 Network Services Platform the upgrade Host OS upgrade staged. Reboot the system to complete installation! Rebooting ... System going down for reboot in 30 seconds... System reboot in progress... Shutting down virtual-machines... Waiting for virtual-machines to shutdown, retry = 0...
Page 42
JDM User Guide for NFX250 Network Services Platform NOTE: The time taken to reboot the system depends on the number of active VNFs. The system is rebooted only after all the active VNFs are shut down. Related Upgrading an Image on the Disaggregated Junos OS Platform on page 20...
JDM User Guide for NFX250 Network Services Platform Understanding the JDM CLI Junos Device Manager (JDM) can be configured using the JDM CLI. In most cases, you are logged into the JDM CLI by default when you access a disaggregated Junos OS platform.
JDM User Guide for NFX250 Network Services Platform NOTE: Only a root user can use this option. Accessing the ipsec-nm from the JDM CLI To access the ipsec-nm from the JDM CLI, enter the ssh ipsec-nm statement at the JDM CLI prompt: root@jdm>...
The jmgmt0 interface in a disaggregated Junos OS platform is analogous to the em0, me0, or fxp0 interfaces on a Juniper Networks switch or a router running traditional Junos OS software. To use jmgmt0 as a management port, you must configure a logical interface (jmgmt0.0) on it with a valid IP address.
JDM User Guide for NFX250 Network Services Platform Configuring the Out-of-Band Management Interface with IPv4 Addressing for JDM To configure the management interface with IPv4 addressing: Configure the logical interface and the IP address: root@jdm# set interfaces jmgmt0 unit 0 family inet address ipv4-address/mask Set the default route: root@jdm# set routing-options static route 0.0.0.0/0 nexthop ipv4-address...
JDM User Guide for NFX250 Network Services Platform root# set interfaces service-interface-name unit 0 family ethernet-switching interface-mode trunk For example: [edit] root# set interfaces sxe-0/0/0 unit 0 family ethernet-switching interface-mode trunk Configure the management VLAN and add the physical network interface and the service interface as members of the VLAN:.
JDM User Guide for NFX250 Network Services Platform The configured port only accepts NETCONG-over-SSH connections. Regular SSH connections to the port are ignored. Related Understanding the JDM CLI on page 28 Documentation Accessing the JDM Shell, JDM CLI, and JCP Prompts in a Disaggregated Junos OS...
SNMP implementation of JDM and hypervisor. For JCP, see the Junos documentation. On the NFX250 platform, JDM plays the role of the SNMP agent and at the same time it acts as an SNMP proxy for the hypervisor (host OS). When SNMP is configured in JDM, hypervisor also takes the same SNMP configuration.
JDM User Guide for NFX250 Network Services Platform Configuring SNMP v3 In contrast to SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2), SNMP version 3 (SNMPv3) supports authentication and encryption. SNMPv3 uses the user-based security model (USM) for message security and the view-based access control model (VACM) for access control.
JDM User Guide for NFX250 Network Services Platform NOTE: Ensure that you reboot the system after enabling or disabling the ipsec-nm mode for the changes to take effect. Related Understanding Disaggregated Junos OS on page 3 Documentation Viewing and Managing Centralized Log Files in a Disaggregated Junos OS Platform On a disaggregated Junos OS platform, a centralized logging server collects all system logs for all computing entities in the disaggregated Junos OS.
JDM User Guide for NFX250 Network Services Platform Synchronizing Time Using NTP You can synchronize time on the following components of the NFX platform using Network Time Protocol (NTP): Junos Control Plane (JCP) - JCP runs the NTP server, and synchronizes time using the external NTP servers that are configured.
Hierarchy Level [edit system services] Release Information Statement introduced in Junos OS Release 15.1X53-D45 for the NFX250 Network Services Platform. Description An option that toggles between set of configuration options used for the existing VNF configuration options and for the VNF orchestration that is based on vlan-aware bridges.
Chapter 4: Management Configuration Statements and Operational Commands https Syntax https; Hierarchy Level [edit system services] Release Information Statement introduced in Junos OS Release 15.1X53-D45 for the NFX250 Network Services Platform. Description Enable HTTPS services. Required Privilege system—To view this statement in the configuration. Level...
{ file-name; size file-size; Hierarchy Level [edit system services] Release Information Statement introduced in Junos OS Release 15.1X53-D45 for the NFX250 Network Services Platform. Description Allow NETCONF connections. Options ssh —Allow NETCONF connection over SSH. port-number—Identifier of the service port.
Hierarchy Level [edit system] Release Information Statement introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services Platform. Description Network Time Protocol (NTP) is used to synchronize the system clocks of routers, switches, and other network equipment. It provides the mechanisms to synchronize time and coordinate time distribution in a large, diverse network.
Hierarchy Level [edit system services] Release Information Statement introduced in Junos OS Release 15.1X53-D45 for the NFX250 Network Services Platform. Description Initiate outbound SSH connection. Options client- id—Identifier of a client application that initiates the SSH connection.
Hierarchy Level [edit system services] Release Information Statement introduced in Junos OS Release 15.1X53-D45 for the NFX250 Network Services Platform. Description An option that is used for initial boot up and configuration of the device when the client device is switched on.
Hierarchy Level [edit system services] Release Information Statement introduced in Junos OS Release 15.1X53-D45 for the NFX250 Network Services Platform. Description Allow remote procedure call (RPC ) over HTTP or HTTPS connection Options control—Control of the REST API process.
Page 72
Hierarchy Level [edit] Release Information Statement introduced in Junos OS Release 15.1X53-D45 for the NFX250 Network Services Platform. Description Configure system management properties. Options client- id—Identifier of a client application that initiates the SSH connection. address—Address of the client to which the connection must be established.
Hierarchy Level [edit system] Release Information Statement introduced in Junos OS Release 15.1X53-D45 for the NFX250 Network Services Platform. Description An option that is used for the phone-home trace operations. Options traceoptions—Options that are available for the phone-home trace operations.
Syntax upgrade-image-before-configuration; Hierarchy Level [edit system] Release Information Statement introduced in Junos OS Release 15.1X53-D45 for the NFX250 Network Services Platform. Description An option to upgrade the image before applying the configuration received from the Network Activator. Required Privilege system—To view this statement in the configuration.
Syntax show connections Release Information Command introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services Platform. Description Displays information such as network connection, function, interface name, and the connection status for the following types of cross-connect:...
Syntax show forwarding-options analyzer [analyzer-instance-name] Release Information Command introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Displays information about the VNF analyzers that are configured for port mirroring on a disaggregated Junos OS platform.
Chapter 4: Management Configuration Statements and Operational Commands show system inventory hardware cpu Syntax show system inventory hardware cpu Release Information Command introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Display system CPU statistics for a disaggregated Junos OS platform. Required Privilege...
Page 80
JDM User Guide for NFX250 Network Services Platform Table 5: show system inventory hardware cpu Output Fields (continued) Field Name Field Description Fields for CPU Statistics User Time The amount of user time, in seconds. The amount of system time, in seconds.
JDM User Guide for NFX250 Network Services Platform show system inventory hardware memory Syntax show system inventory hardware memory Release Information Command introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Display hardware memory statistics for a disaggregated Junos OS platform. Required Privilege...
Syntax show system inventory hardware network Release Information Command introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Display details such as MAC address pool and internal IP address range for VNFs and the number of free Virtual Functions available per Physical Function for VNFs for a disaggregated Junos OS platform.
Syntax show system inventory hardware storage Release Information Command introduced in Junos OS Release 15.1X53-D40 or the NFX250 Network Services Platform. Description Display hardware storage details such as the list of partitions, disk usage per partition, and disk I/O statistics for a disaggregated Junos OS platform.
Syntax show system inventory software vnf Release Information Command introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Display the list of the virtual network functions available on a disaggregated Junos OS platform.
Syntax show system services ipsec-nm Release Information Command introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Display details such as status and mode of an ipsec-nm docker container for a disaggregated Junos OS platform.
Syntax show system visibility cpu Release Information Command introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Display details such as per CPU statistics, per CPU usage, and CPU pinning for a disaggregated Junos OS platform.
Syntax show system visibility host Release Information Command introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Display details such as the host uptime, number of tasks, CPU statistics, list of disk partitions, disk usage, disk I/O statistics, list of network interfaces, and per port statistics for a disaggregated Junos OS platform.
Page 96
JDM User Guide for NFX250 Network Services Platform Table 12: show system visibility host Output Fields (continued) Field Name Field Description Fields for Host CPU Information User Time The amount of user time, in seconds. The amount of system time, in seconds.
Syntax show system visibility jcp Release Information Command introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Display details such as CPU statistics, memory usage, internal IP address, list of network interfaces, interface statistics, and the list of disks for Junos VM.
Syntax show system visibility jdm Release Information Command introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Display details such as uptime, number of tasks, CPU statistics, disk usage, disk I/O statistics, memory usage, the list of network interfaces, and internal IP address for JDM container.
Page 104
JDM User Guide for NFX250 Network Services Platform Table 14: show system visibility jdm Output Fields (continued) Field Name Field Description Fields for JDM Disk Usage Information Total The total amount of disk usage space, in mebibytes (MiB). The amount of used disk usage space, in mebibytes (MiB).
Syntax show system visibility memory Release Information Command introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Display the details about virtual memory and shared memory for a disaggregated Junos OS platform.
Page 108
JDM User Guide for NFX250 Network Services Platform Table 15: show system visibility memory Output Fields (continued) Field Name Field Description The total amount of free swap memory, in kibibytes (KiBs). Free The percentage of buffer swap memory used. Percent Used...
Syntax show system visibility network Release Information Command introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Display details such as the list of MAC addresses assigned to VNF interfaces, the list of internal IP addresses for VNFs, the list of VFs used by VNFs, and the list of VNF interfaces for a disaggregated Junos OS platform.
Page 110
JDM User Guide for NFX250 Network Services Platform Table 16: show system visibility network Output Fields (continued) Field Name Field Description The names of the Physical Functions available. The names of the Virtual Functions available for each Physical Function. Fields for List of Free Virtual Functions The names of the Physical Functions available.
Syntax show system visibility storage Release Information Command introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Display details such as the list of disk partitions, the list of per disk I/O statistics, and the list of VNF disks for a disaggregated Junos OS platform.
Syntax show system visibility vnf vnf name Release Information Command introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description If a VNF name is not specified, display the details of the VNFs present on the system.
Page 116
JDM User Guide for NFX250 Network Services Platform Table 18: show system visibility vnf Output Fields (continued) Field Name Field Description Fields for VNF Memory Usage Name Name of the VNF. The maximum amount of memory, in kibibytes (KiBs). Maximum Memory The total amount of used memory, in kibibytes (KiBs).
Page 118
JDM User Guide for NFX250 Network Services Platform Sample Output show system visibility vnf user@jdm> show system visibility vnf List of VNFs ----------------------------------------------------------- Name State ---- -------------------------------------- --------------- vnf1 Running VNF Memory Usage ----------------------------------------------------------------------------- Name Maximum Memory (KiB) Used Memory (KiB)
Understanding Virtual Network Functions Virtualized network functions (VNFs) include all virtual entities that can be launched and managed from the Juniper Device Manager (JDM). Currently, virtual machines (VMs) are the only VNF type that is supported. There are several components in a JDM environment: JDM—Manages the life cycle for all service VMs.
JDM User Guide for NFX250 Network Services Platform All VMs run in isolation and a state change in one VM does not affect another VM. When the system restarts, the service VMs are brought online as specified in the persistent configuration file.
Some of the physical CPUs are reserved by the system. Except for the following physical CPUs, all others are available for user-defined VNFs: Table 20 on page 107 provides the list of physical CPUs that are reserved for NFX250-LS1. Table 20: Physical CPU Allocation for NFX250-LS1 CPU Core...
JDM User Guide for NFX250 Network Services Platform Table 21: Physical CPU Allocation for NFX250 CPU Core Allocation Host, JDM, and JCP Host bridge IPSec For more information, see the following: show system inventory hardware cpu show system inventory hardware memory...
JDM User Guide for NFX250 Network Services Platform To enable hardware-virtualization or hardware-acceleration for VNF CPUs, type the following command: user@jdm# set virtual-network-functions vnf-name virtual-cpu features hardware-virtualization Allocating Memory for a VNF To specify the maximum primary memory that the VNF can use, enter the following...
Page 130
JDM User Guide for NFX250 Network Services Platform NOTE: The interfaces attached to the VNF are persistent across VNF restarts. If the VNF supports hot-plugging, you can attach the interfaces when the VNF is in state. Otherwise, add the interfaces, and then running restart the VNF.
JDM User Guide for NFX250 Network Services Platform user@jdm# delete virtual-network-functions vnf-name interfaces interface-name mac-address mac-address NOTE: To delete or modify the MAC address of a VNF interface, you must stop the VNF, make the necessary changes, and then start the VNF.
JDM User Guide for NFX250 Network Services Platform user@jdm> ssh vnf-name To access a VNF using a virtual console: user@jdm> request virtual-network-functions vnf-name console NOTE: to exit the virtual console. ctrl-] Do not use Telnet session to run the command.
Page 141
Chapter 6: Virtual Network Functions Configuration Statements and Operational Commands Hierarchy Level [edit] Release Information Statement introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services Platform. Description Connects any two VNF interfaces, VLANs on physical interfaces such as hsxe0 and hsxe1,...
Syntax features { hugepages; Hierarchy Level [edit virtual-network-functions] Release Information Statement introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Displays the supported features of a VNF. Options features—Features of a VNF. hugepages—Option to support memory pages with a size of 2 MB and 1 GB.
Hierarchy Level [edit] Release Information Statement introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Configures an analyzer for port mirroring and configures port mirroring for either ingress or egress traffic of a VNF interface to an analyzer VNF.
Syntax hugepages; Hierarchy Level [edit virtual-network-functions] Release Information Statement introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description An option to support of 2 MB and 1 GB size memory pages. Required Privilege routing—To view this statement in the configuration.
[qcow2 | raw]; Hierarchy Level [edit virtual-network-functions] Release Information Statement introduced in Junos OS Release 15.1X53-D45 for the NFX250 Network Services Platform. Description Specify the VNF image source file. VNF image is virtual hard disk, which contains the bootable file-system for the VNF.
Hierarchy Level [edit virtual-network-functions] Release Information Statement introduced in Junos OS Release 15.1X53-D45 for the NFX250 Network Services Platform. Description Create an XML descriptor file to launch a VNF. You can launch a VNF by configuring the VNF name, and specifying either the path to the XML descriptor file or to an image.
Hierarchy Level [edit virtual-network-functions] Release Information Statement introduced in Junos OS Release 15.1X53-D45 for the NFX250 Network Services Platform. Description An option that enables or disables the ipsec virtual network function if the ipsec-nm option is configured in the system.
Syntax mac-address mac-address; Hierarchy Level [edit virtual-network-functions] Release Information Statement introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services Platform. Description MAC address for the VNF interfaces. Required Privilege interface—To view this statement in the configuration. Level interface-control—To add this statement to the configuration.
[access | trunk]; native-vlan-id vlan-id; Hierarchy Level [edit virtual-network-functions] Release Information Statement introduced in Junos OS Release 15.1X53-D50 for the NFX250 Network Services Platform. Description Mapping Virtual Network Functions (VNF) interfaces on platforms running disaggregated Junos OS. Options vlan-id—SR-IOV virtual function to use to attach a VNF to a physical interface.
Hierarchy Level [edit virtual-network-functions] Release Information Statement introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Configure memory parameters for VNFs on a platform that is running a disaggregated Junos OS. Options memory size—Amount of memory allocated to a VNF in kilobytes. The default size is 1 GB.
Hierarchy Level [edit interfaces interface-name] Release Information Statement introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services Platform. Description Specify the maximum transmission unit (MTU) size for the media in bytes. MTU size can be either 1500 bytes or 2048 bytes.
Syntax pci-address pci-address; Hierarchy Level [edit virtual-network-functions] Release Information Statement introduced in Junos OS Release 15.1X53-D50 for the NFX250 Network Services Platform. Description PCI address for the VNF interfaces. Required Privilege interface—To view this statement in the configuration. Level interface-control—To add this statement to the configuration.
{ file filename; Hierarchy Level [edit virtual-network-functions] Release Information Statement introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Configure storage parameters on VNFs. Options storage device-name—Name of the storage device. For example, hda, hdb, sdb, or vdb.
Syntax type linux-container | virtual-machine; Hierarchy Level [edit virtual-network-functions] Release Information Statement introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Type of the VNF. Options linux-container—The VNF type is Linux container. virtual-machine—The VNF type is virtual machine.
Hierarchy Level [edit virtual-network-functions] Release Information Statement introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Specify the number of virtual CPUs the VNF can use. By default, a VNF is assigned one virtual CPU, which is independent of any specific physical CPU.
Hierarchy Level [edit virtual-network-functions] Release Information Statement introduced in Junos OS Release 15.1X53-D45 for the NFX250 Network Services Platform. Description An option that enables or disables the vjunos virtual network function if the vjunos0 option is configured in the system.
Page 162
[access | trunk]; native-vlan-id vlan-id; Hierarchy Level [edit virtual-network-functions] Release Information Statement introduced in Junos OS Release 15.1X53-D45 for the NFX250 Network Services Platform. Description Name of the virtual network function. Options interfaces—Name of the interface. For example, em1.
Release Information Command introduced in Junos OS Release 15.1X53-D45 for the NFX250 Network Services Platform. Description Display Virtual Network Function (VNF) information. Options vnf-name—(Optional) Display information for a specific VNF.
Page 164
JDM User Guide for NFX250 Network Services Platform Table 22: show virtual-network functions Output Fields (continued) Field Name Field Description Name Name of the VNF State Status of the VNF. Possible values are Running, Shutdown, or Undefined. Liveliness Indicates whether or not the IP address of the VNF is reachable.
Chapter 6: Virtual Network Functions Configuration Statements and Operational Commands show vlans Syntax show vlans vlan-name Release Information Command introduced in Junos OS Release 15.1X53-D40 for the NFX250 Network Services Platform. Description Display the details about the VLANs. Options vlan-name—Display information for a specific VLAN.
Configuring Service Chaining Using VLANs on page 154 Configuring Service Chaining Using DHCP Services on VLANs on page 155 Example: Configuring Service Chaining Using VLANs on NFX250 Network Services Platform on page 156 Example: Configuring Service Chaining Using SR-IOV on NFX250 Network Services...
JDM User Guide for NFX250 Network Services Platform Example: Configuring Service Chaining Using VLANs on NFX250 Network Services Platform This example shows how to configure service chaining using VLANs on the host bridge. Requirements on page 156 Overview on page 156...
Page 175
Chapter 7: Service Chaining This example is configured using the Juniper Device Manager (JDM) and Junos Control Plane (JCP). The key configuration elements include: The Packet Forwarding Engine’s front panel ports. The Packet Forwarding Engine’s internal-facing ports. A routing instance named host-os. The host-os routing instance is the CLI construct that provides the ability to configure host OS elements from the JDM.
Page 176
JDM User Guide for NFX250 Network Services Platform Configure the Packet Forwarding Engine’s LAN-side front panel port and add it to the LAN-side VLAN. The LAN-side port is typically an access port, but could be a trunk port if appropriate.
Documentation Disaggregated Junos OS VMs on page 6 Understanding Virtio Usage on page 8 Example: Configuring Service Chaining Using SR-IOV on NFX250 Network Services Platform This example shows how to configure service chaining using SR-IOV on platforms running the disaggregated Junos OS software.
NIC ports, it is necessary to use their abstracted versions, hsxe0 and hsxe1. This example is configured using the Juniper Device Manager (JDM) and Junos Control Plane (JCP). The key configuration elements include: The Packet Forwarding Engine’s front panel ports.
Page 180
JDM User Guide for NFX250 Network Services Platform NIC ports. Because NIC interfaces (sxe ports) cannot be configured directly, the host OS construct for these interfaces (hsxe) must be used. The VNF interfaces. In the JDM, VNF interfaces must use the format eth#, where # is from 2 through to 9.
Page 182
JDM User Guide for NFX250 Network Services Platform members Vlan11; [edit] user@jcp# show interfaces xe-0/0/13 unit 0 { family ethernet-switching { interface-mode trunk; vlan { members Vlan22; [edit] user@jcp# show interfaces sxe-0/0/0 unit 0 { family ethernet-switching { interface-mode trunk;...
The native IPSec virtual private network (VPN) supported on JUNOS is used in various Juniper products to provide secure VPN connectivity. To address certain use cases, the IPSec VPN functionality depends on various JUNOS components and interworks across the modules.
JDM User Guide for NFX250 Network Services Platform Anti-replay services Internet Key Exchange (IKE) gateway Internet Key Exchange (IKE) v1 policy in Aggressive and Main mode with pre-shared key (PSK). One IKE security associations (SA) with multiple IPSec SA based on traffic selector.
IPSec-NM supports the automated generation and negotiation of keys and security associations (SAs) using the Internet Key Exchange (IKE) protocol. This automation is termed as AutoKey IKE. Juniper Networks supports AutoKey IKE with pre-shared keys and certificates. Dynamic SAs require IKE configuration. With dynamic SAs, you can configure IKE and then the SA.
Page 192
JDM User Guide for NFX250 Network Services Platform To configure IPSec-NM as xauth client and configure IKE gateway, complete the following steps: Configure username of the xauth client: root@ipsec-nm# set security ike gateway gateway-name xauth client username xauth-client-username Configure password of the xauth client:...
Page 194
JDM User Guide for NFX250 Network Services Platform root@ipsec-nm# set security ipsec proposal ipsec-proposal-name encryption-algorithm aes-256-cbc Set a lifetime for the IPSec proposal in seconds: root@ipsec-nm# set security ipsec proposal ipsec-proposal-name lifetime-seconds 180..86400 seconds Configuring IPSec Policies An IPSec policy defines a combination of security parameters (IPSec proposals) used during IPSec negotiation.
JDM User Guide for NFX250 Network Services Platform Read “Overview of IP Security” on page 169 “Configuring IP Security Network Manager” on page 170 topics. Overview In this example you configure IKE, IPSec SAs, and security zones. This example configures...
Page 197
IKE_POL pre-shared-key ascii-text <enter psk> set security ike gateway GW1 ike-policy IKE_POL set security ike gateway GW1 address 2.2.2.2 set security ike gateway GW1 local-identity user-at-hostname "r0r2_store1@juniper.net" set security ike gateway GW1 external-interface ge-0/0/0 set security ike gateway GW1 local-address 3.3.3.2...
Page 198
JDM User Guide for NFX250 Network Services Platform set security ipsec proposal IPSEC_PROP authentication-algorithm hmac-sha-256-128 set security ipsec proposal IPSEC_PROP encryption-algorithm aes-256-cbc set security ipsec proposal IPSEC_PROP lifetime-seconds 2600 set security ipsec policy IPSEC_POL perfect-forward-secrecy keys group14 set security ipsec policy IPSEC_POL proposals IPSEC_PROP...
Page 209
Chapter 9: IPSec-NM Configuration Statements and Operational Commands Release Information Statement introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services Platform. Description Provides confidentiality, security, and authentication of data that is shared within a network. It also provides data security at the IP layer of the network.
Page 211
Hierarchy Level [ipsec-nm configuration security] Release Information Statement introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services Platform. Description IPSec-NM supports the automated generation and negotiation of keys and security associations (SAs) using the Internet Key Exchange (IKE) protocol. This automation is termed as AutoKey IKE.
Hierarchy Level [ipsec-nm configuration security] Release Information Statement introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services Platform. Description IPSec is a suite of related protocols for cryptographically securing communications at the IP Packet Layer. IPSec also provides methods for the manual and automatic...
Hierarchy Level [ipsec-nm configuration security] Release Information Statement introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services Platform. Description You can configure network security policies for IPSec-NM. Options from-zone —Define a policy context from this zone.
Hierarchy Level [ipsec-nm configuration security] Release Information Statement introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services Platform. Description You can configure interfaces for IPSec-NM. Required Privilege routing—To view this statement in the configuration.
Syntax show security ike sa show security ike sa detail Release Information Command introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services Platform. Description Display information about the Internet Key Exchange (IKE) Security Association (SA). Required Privilege...
Page 218
JDM User Guide for NFX250 Network Services Platform Table 26: show security ike sa detail Output Fields (continued) Field Name Field Description means that both the IKEv2 initiator and responder support message IKE Fragmentation Enabled fragmentation and have negotiated the support during the IKE_SA_INIT message exchange.
Chapter 9: IPSec-NM Configuration Statements and Operational Commands show security ike active-peer Syntax show security ike active-peer Release Information Command introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services Platform. Description Display information about IKE active peers. Required Privilege...
Syntax show security ipsec sa show security ike sa detail Release Information Command introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services Platform. Description Display information about the IPSec Security Association (SA). Required Privilege...
Page 224
JDM User Guide for NFX250 Network Services Platform Table 29: show security ipsec sa detail Output Fields (continued) Field Name Field Description The hard lifetime specifies the lifetime of the SA. Hard lifetime - Number of seconds left until the SA expires.
JDM User Guide for NFX250 Network Services Platform show security ipsec statistics Syntax show security ipsec statistics Release Information Command introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services Platform. Description Display IPSec statistics. Required Privilege view Level...
JDM User Guide for NFX250 Network Services Platform show security ipsec inactive-tunnels Syntax show security ipsec inactive-tunnels Release Information Command introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services Platform. Description Display information about IPSec tunnels that are inactive on a disaggregated Junos OS platform.
JDM User Guide for NFX250 Network Services Platform show security ipsec tunnel-events-statistics Syntax show security ipsec inactive-tunnels Release Information Command introduced in Junos OS Release 15.1X53-D47 for the NFX250 Network Services Platform. Description Display tunnel event statistics. Required Privilege view...