Configuring the SDX Client

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]

JUNOSe 8.1.x Broadband Access Configuration Guide > Configuring Remote Access > Configuring the SDX Client
Configuring the SDX Client

The JUNOSe software has an embedded client that interacts with the Juniper Networks SDX application, enabling the SDX application to manage the router's policy and QoS configuration.

The connection between the router and the SDX application uses the Common Open Policy Service (COPS) protocol and is fully compliant with the COPS usage for policy provisioning (COPS-PR) specification. The router's SDX client functions as the COPS client, or policy enforcement point (PEP). The SDX application functions as the COPS server, or policy decision point (PDP).

Table 9 provides common terms used in the COPS environment.

Table 9: SDX Client and COPS Terminology

Term

Description

COPS

Common Open Policy Service; query-and-response protocol used to exchange policy information between a policy server and its clients.

COPS-PR

COPS usage for policy provisioning; the PEP requests policy provisioning when the operational state of interface and DHCP addresses changes.

PDP

Policy decision point; the COPS server. which makes policy decisions for itself and for clients that request decisions. The SDX application is the PDP.

PEP

Policy enforcement point; the COPS client, which enforces policy decisions. The JUNOSe COPS interface is a PEP.

PIB

Policy Information Base; a collection of sets of attributes that represent configuration information for a device.

SDX

Service Deployment System; functions as a COPS PDP.

XDR

External Data Representation Standard; a standard for the description and encoding of data. XDR can be used to transfer data between computers.

The JUNOSe software's COPS-PR implementation uses the outsourcing model that is described in RFC 3084. In this model, the PEP delegates responsibility to the PDP to make provisioning decisions on the PEP's behalf.

The provisioning is event-driven and is based on policy requests rather than on an action taken by an administrator—the provisioning is initiated when the PDP receives external requests and PEP events. Provisioning can be performed in bulk (for example, an entire QoS configuration) or in smaller segments (for example, updating a marking filter). The following list shows the interaction between the PEP and the PDP during the COPS-PR operation.

Initial connection

PEP starts the COPS-PR connection with the PDP.

PDP requests synchronization.

PEP sends all currently provisioned policies to PDP.

Change of interface state

PEP requests provisioning of an interface from the PDP.

PDP determines policies and sends provisioning data to the PEP.

PEP provisions the policies.

PDP requests policy provisioning

PDP determines new policies and sends provisioning data to the PEP.

PEP provisions the policies.

The information exchange between the PDP and PEP consists of data that is modeled in Policy Information Bases (PIBs) and is encoded using the standard ASN.1 basic encoding rules (BERs). The JUNOSe software's COPS-PR support uses a proprietary PIB. The proprietary PIB consists of a series of tables designed to replicate and enhance the XDR functionality that is supported in previous JUNOSe software releases, including the proprietary accounting and address assignment mechanisms. The XDR-encoded commands for the SDX application continue to be supported.

The proprietary PIB provides the Policy Manager and QoS Manager functionality shown in the following lists.

Policy Manager

Committed access rate

Packet filtering

Policy routing

QoS classification and marking

Rate limiting

Traffic class

QoS Manager

Queues

Schedulers

Traffic classes

You can configure SDX clients on a per-virtual-router basis. To configure the SDX client:
Enable the SDX client. With the CLI sscc enable command you can specify either BER-encoded information exchange for COPS-PR or XDR exchange for COPS.
host1(config)#sscc enable cops-pr
Specify the IP addresses of up to three SDX servers (primary, secondary, and tertiary). You can optionally specify the port on which the servers listen for activity.
host1(config)#sscc primary address 
host1(config)#sscc secondary address 192.168.12.1 port 3288
(Optional) Enable policy and QoS configuration support for IPv6 interfaces.
host1(config)#sscc protocol ipv6
(Optional) Specify on which router the TCP/COPS connection is to be established.
host1(config)#sscc transportRouter chicago
(Optional) Specify a fixed source address for the TCP/COPS connection created for an SDX client session.
host1(config)#sscc sourceAddress 10.9.123.8
(Optional) Specify a fixed source interface for the TCP/COPS connection.
host1(config)#sscc sourceInterface atm 3/0
(Optional) Specify the delay period during which the SDX client waits for a response from the SDX server.
host1(config)#sscc retryTimer 120
sscc address
Use to configure the SDX client with the IP addresses of the SDX servers and the ports on which the servers listen for activity.

You can specify primary, secondary, and tertiary servers, and the port numbers on which each listens for activity. By default, the server listens on port 3288.

Example
host1(config)#sscc primary address 192.168.128.10 port 3288
Use the no version to remove a specific SDX server (primary, secondary, or tertiary) from the list of servers.
sscc enable
Use to enable the SDX client's COPS support in the router.

Use with the cops-pr keyword to enable COPS-PR support; omit the cops-pr keyword to enable XDR-based COPS support.

Example
host1(config)#sscc enable cops-pr
Use the no version to disable the feature.
sscc protocol ipv6
Use to configure IPv6 support on the SDX client. IPv6 support enables policy and QoS configuration on IPv6 interfaces. The IPv6 support is in addition to the default IPv4 support.

The SDX client does not support IPv6 policy and QoS configuration when in the XDR mode.

Example
host1(config)#sscc protocol ipv6
Use the no version to disable IPv6 support on the SDX client.
sscc retryTimer
Use to specify the delay period (in the range 5-300 seconds) during which the SDX client waits for a response from the SDX server.

If only a primary server is configured, the client resends the request to the primary server.

The client attempts to connect to a tertiary server only if both the primary and secondary SDX server are unavailable. For example, if the client is connected to the SDX secondary server when the delay period expires, the client first tries to connect to the primary server before trying the tertiary server. The client waits for the length of the delay period before each attempt.

Example
host1(config)#sscc retryTimer 90
Use the no version to restore the default value, 90 seconds.
sscc sourceAddress
Use to specify a fixed source address for the TCP/COPS connection created for an SDX client session. This is the local address.

If you do not specify a source address, the TCP/COPS connection is not bound to a specific source (that is, local) address.

Example
host1(config)#sscc sourceAddress 10.9.123.8
Use the no version to remove the specified address.
sscc sourceInterface
Use to specify a fixed source interface for the TCP/COPS connection created for an SDX client session. This is a local interface.

You may need to set a source interface in cases where a firewall, access control list, or policy configuration exists; and it is important to know what the interface is, or you need to set the interface independently from other protocols that have conflicting requirements.

If you do not specify a source interface, the TCP/COPS connection is not bound to a specific source (that is, local) interface.

Example
host1(config)#sscc sourceInterface atm 3/0
Use the no version to remove the source interface.
sscc transportRouter
Use to specify on which router the TCP/COPS connection is to be established.

The router can be the same as or different from the router the SDX client session is created in and associated with.

If you do not specify the transport router for an SDX client session, the transport router defaults to the router associated with the session.

Example
host1(config)#sscc transportRouter chicago
Use the no version to remove the specified SDX client transport router.

Term	Description
COPS	Common Open Policy Service; query-and-response protocol used to exchange policy information between a policy server and its clients.
COPS-PR	COPS usage for policy provisioning; the PEP requests policy provisioning when the operational state of interface and DHCP addresses changes.
PDP	Policy decision point; the COPS server. which makes policy decisions for itself and for clients that request decisions. The SDX application is the PDP.
PEP	Policy enforcement point; the COPS client, which enforces policy decisions. The JUNOSe COPS interface is a PEP.
PIB	Policy Information Base; a collection of sets of attributes that represent configuration information for a device.
SDX	Service Deployment System; functions as a COPS PDP.
XDR	External Data Representation Standard; a standard for the description and encoding of data. XDR can be used to transfer data between computers.

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]