Adaptive Services Overview

The Adaptive Services (AS) Physical Interface Card (PIC) and MultiServices PICs provide adaptive services interfaces, which allow you to coordinate multiple services on a single PIC by configuring a set of services and applications. The AS and MultiServices PICs offers a special range of services you configure in one or more service sets.

The AS PIC is available in two versions that differ in memory size:

• The Adaptive Services PIC with 256 megabytes (MB) of memory is supported on all M-series routing platforms except the M320 router.
• The Adaptive Services II PIC with 512 MB of memory is supported on all M-series and T-series routing platforms, including the M320 router.

The M7i router includes the Adaptive Services Module (ASM), an integrated version of the AS PIC as an optional component, which offers all the features of the standalone version at a reduced bandwidth.

NOTE: To take advantage of the features available on the AS PIC, you must install it in an Enhanced Flexible PIC Concentrator (FPC) in an M-series router equipped with an Internet Processor II application-specific integrated circuit (ASIC), or a similarly equipped T-series routing platform. To find out whether your router hardware is suitably equipped, use the show chassis hardware command. For more information, see the JUNOS System Basics and Services Command Reference.

The MultiServices PIC is available in three versions, the MultiServices 100, the MultiServices 400, and the MultiServices 500, which differ in memory size and performance. All versions offer enhanced performance in comparison with AS PICs. MultiServices PICs are supported on M-series and T-series routing platforms except M7i, M10i, and M20 routers.

The following services are configured within a service set and are available only on adaptive services interfaces:

• Stateful firewall—A type of firewall filter that considers state information derived from previous communications and other applications when evaluating traffic.
• Network Address Translation (NAT)—A security procedure for concealing host addresses on a private network behind a pool of public addresses.
• Intrusion detection service (IDS)—A set of tools for detecting, redirecting, and preventing certain kinds of network attack and intrusion.
• Internet Protocol Security (IPSec)—A set of tools for configuring manual or dynamic security associations (SAs) for encryption of data traffic.
• Class of service (CoS) —A subset of CoS functionality for services interfaces, limited to DiffServ code point (DSCP) marking and forwarding-class assignment. CoS BA classification is not supported on services interfaces.

The configuration for these services comprises a series of rules that you can arrange in order of precedence as a rule set. Each rule follows the structure of a firewall filter, with a from statement containing input or match conditions and a then statement containing actions to be taken if the match conditions are met.

The following services are also configured on the AS and MultiServices PICs, but do not use the rule set definition:

• Layer 2 Tunneling Protocol (L2TP)—A tool for setting up secure tunnels using Point-to-Point Protocol (PPP) encapsulation across Layer 2 networks.
• Link Services Intelligent Queuing (LSQ)—Interfaces that support JUNOS software class-of-service (CoS) components, link fragmentation and interleaving (LFI) (FRF.12), Multilink Frame Relay (MLFR) user-to-network interface (UNI) network-to-network interface (NNI) (FRF.16), and Multilink PPP (MLPPP).
• Voice services—A feature that uses the Compressed Real-Time Transport Protocol (CRTP) to enable voice over IP traffic to use low-speed links more effectively.

In addition, JUNOS software includes the following tools for configuring services:

• Application protocols definition—Allows you to configure properties of application protocols that are subject to processing by router services, and group the application definitions into application sets.
• Service-set definition—Allows you to configure combinations of directional rules and default settings that control the behavior of each service in the service set.
  

  NOTE: Logging of adaptive services interfaces messages to an external server by means of the fxp0 port is not supported on M-series routers. The architecture does not support system logging traffic out of a management interface. Instead, access to an external server is supported on a Packet Forwarding Engine interface.

  
  

This chapter includes the following topics:

• Enabling Service Packages
• Services Configuration Procedure
• Packet Flow Through the Adaptive Services or MultiServices PIC
• Stateful Firewall Overview
• Network Address Translation Overview
• IPSec Overview
• Layer 2 Tunneling Protocol Overview
• Voice Services Overview
• Class of Service Overview
• Examples: Services Interfaces Configuration