Adaptive Services Overview

The Adaptive Services PIC (AS PIC) allows you to provide multiple services on a single PIC by configuring a set of services and applications. The AS PIC offers a special range of services you configure in one or more service sets.

You can install the AS PIC in any M-series router. The M7i router includes an integrated version of the AS PIC as an optional component, which offers all the features of the standalone version at a reduced bandwidth.

NOTE: To take advantage of all the features available on the AS PIC, you must install it in an Enhanced FPC in an M-series router equipped with an Internet Processor II ASIC, or a similarly equipped T-series routing platform. To find out whether your router hardware is suitably equipped, you can use the show chassis command. For more information, see the JUNOS Internet Software Protocols, Class of Service, Chassis, and Management Command Reference.

The following services are configured within a service set and are available only on the Adaptive Services PIC:

• Stateful firewall—A type of firewall filter that considers state information derived from previous communications and other applications when evaluating traffic.
• Network Address Translation (NAT)—A security procedure for concealing host addresses on a private network behind a pool of public addresses.
• Intrusion detection services (IDS)—A set of tools for detecting, redirecting, and preventing certain kinds of network attack and intrusion.
• Internet Protocol Security (IPSec)—A set of tools for configuring manual or dynamic security associations (SAs) for encryption of data traffic.

The configuration for these services comprises a series of rules that you can arrange in order of precedence as a rule set. Each rule follows the structure of a firewall filter, with a from statement containing input or match conditions and a then statement containing actions to be taken if the match conditions are met.

The following services are also configured on the AS PIC, but do not use the rule set definition:

• Layer 2 Tunneling Protocol (L2TP)—A tool for setting up secure tunnels using Point-to-Point Protocol (PPP) encapsulation across Layer 2 networks.
• Voice services—A feature that uses the compressed real-time transport protocol (RTP) to enable voice over IP traffic to use low-speed links more effectively.

In addition, JUNOS software includes the following tools for configuring services:

• Application protocols definition—Allows you to configure properties of application protocols that are subject to processing by router services, and group the application definitions into application sets.
• Service-set definition—Allows you to configure combinations of directional rules and default settings that control the behavior of each service in the service set.

This chapter includes the following topics:

• Services Configuration Flow
• Stateful Firewall Overview
• Network Address Translation Overview
• IPSec Overview
• Layer 2 Tunneling Protocol Overview
• Voice Services Overview
• Examples: Services Interfaces Configuration