Configuring the Multiservices PIC

JUNOS SDK applications are installed in one or more packages with each package being configured separately.

Individual packages are treated separately regardless of the provider; therefore, multiple packages developed by the same provider are handled as independent packages.

To configure an SDK application package, include the following statements at the [edit chassis fpc slot-number pic slot-number adaptive-services service-package] hierarchy level:

[edit chassis fpc slot-number pic slot-number adaptive-services service-package]
extension-provider {
   control-cores control-number; 
   data-cores data-number; 
   data-flow-affinity {
      hash-key (layer-3 | layer-4);
   }
   forwarding-db-size size;
   object-cache-size size;
   package package-name; 
   policy-db-size size;
   wired-process-mem-size mem-size;
   syslog {
      facility {
          severity;
          destination destination;
      }
   }
}

Note:
When extension-provider is first configured, the PIC will reboot.
See the following sections for information about each of these statements:

Control and Data Cores

There are eight cores on a PIC. Some cores, called control cores, are dedicated to running control functionality for the application. Cores dedicated to processing data for the application are called data cores. You must dedicate at least one core as a control core. Although it is not mandatory to dedicate any cores as data cores, it is advisable to dedicate a minimum of five as such, depending on the nature of the application, to achieve good performance. Any cores not configured as control or data cores are treated as user cores.

Note:
If the number of control cores or data cores is changed, the PIC will reboot.

For help with architecting their applications, providers should consult with JUNOS SDK Developer Support.

Flow Affinity on the Data Plane

As of JUNOS Release 9.5, the Services SDK supports flow affinity behavior for the data CPUs. Flow affinity distribution is based on a hash distribution. Flow affinity is already the default behavior for the control CPUs, but the default behavior for distributing data packets over data cores has been in a round-robin fashion. You can change the default behavior from round-robin to flow affinity for the data cores as well, just by adding the data-flow-affinity statement at the [edit chassis fpc slot-number pic slot-number adaptive-services service-package extension-provider] hierarchy level.

Some JUNOS SDK applications may need to have the hash-key statement set (consult application-specific documentation). The options for the hash-key statement are 3-tuple hashing (source IP address, destination IP address, and IP protocol) or 5-tuple hashing (3-tuple plus source and destination TCP or UDP ports). If the hash-key statement is not configured, the default value is 5-tuple. There is no need to differentiate the hashing between control and data traffic.

Note:
Either adding the data-flow-affinity statement or removing it, will cause the PIC to reboot.

Packages on the PIC

To designate which SDK application package to load on a given PIC, include the package statement. You can load up to eight packages on a PIC; however, only one data package is allowed per PIC.

As of JUNOS Release 9.5, there is a stateful firewall plugin provided as part of jbundle. To load this plugin on the PIC, include the statement package jservices-sfw. Here is an example:

[edit]
user@host# show chassis
fpc 0;
    pic 0;
        adaptive-services;
            service-package;
                extension-provider;
                    control-cores 1;
                    data-cores 4;
                    object-cache-size 128;
                    package jservices-sfw; 
                    policy-db-size 64;
                }
            }
        }
    }
}

You can load both the jservices-sfw package and a JUNOS SDK application package on the same PIC.

Note:
If any package setting is added or removed, the PIC will reboot.

Memory Settings

Note:
If any memory settings (forwarding database, object cache, policy database, wired process memory) are changed, the PIC will reboot.

Object Cache, Policy Database, and Forwarding Database

Both the forwarding database (FDB) and the policy database (PDB) are carved out of object cache (PDB + FDB <= object cache). The FDB provides access to the route information, and the policy database defines the size of the policies in your SDK application.

Note:
You need to enable the forwarding-options sampling statement for the FDB to be created. For information on configuring this statement, see Enabling Sampling on a Multiservices PIC.
To tune SDK application performance, use the object-cache-size, forwarding-db-size, and policy-db-size statements. For object cache, specify a value that is a multiple of 128 megabytes (MB) and up to 512 MB for the Multiservices 100 PIC or up to 1280 MB for the Multiservices 400 PIC and the Multiservices DPC. However, if you set wired process memory as well, the maximum value for object cache on the Multiservices 100 PIC is 128 MB and on the Multiservices 400 PIC and the Multiservices DPC, 768 MB.

For the policy database, the current recommendations when configuring Multiservices PICs are as follows:

Stateful Firewall Plugin

When configuring the stateful firewall internal plugin, some questions remain regarding the upper limit to specify for the policy-db-size, object-cache-size, and forwarding-db-size statements when the application will use a large number of rules, causing the total memory required to approach the size of the object cache configured. The following limits, which are specific to the stateful firewall configuration, await additional review:

If the policy database is set too small, an error message will be logged in the router message file even though the commit may appear to be successful. It is necessary to check the logs to make sure that no message file error is found to be sure that the stateful firewall commit was indeed successful. The remedial action is to increase the size of the policy database.

Wired Memory

Wired process memory is memory used by the operating system that is pretty much "off limits" to another application. To reserve wired process memory, configure the wired-process-mem-size statement. In addition, you can also configure object cache.

Currently, 512 MB is the default size of wired process memory and the one size of wired process memory available.

System Log Messages

To record or view system log messages on a specific PIC, include the syslog statement.

[edit chassis fpc slot-number pic slot-number adaptive-services service-package]
extension-provider {
   syslog {
      facility {
          severity;
          destination destination;
      }
   }
}

Each system log message belongs to a facility, which is a group of messages that are either generated by the same software process or concern a similar condition or activity. Each message is also preassigned a severity level, which indicates how seriously the triggering event affects router functions.

For the JUNOS SDK, there are four values for facility that log either actions performed or errors encountered by the following entities:

The severity option has the same values as it does in the native JUNOS Software. See the following table for possible values.

Severity Levels for SDK Syslog Messages
Level Description
any

Include all severity levels.
none

Disable logging of the associated facility to a destination.
emergency

System panic or other condition that causes the routing platform to stop functioning.
alert

Conditions that require immediate correction, such as a corrupted system database.
critical

Critical conditions, such as hard errors.
error

Error conditions that generally have less serious consequences than errors in the emergency, alert, and critical levels.
warning

Conditions that warrant monitoring.
notice

Conditions that are not errors but might warrant special handling.
info

Events or nonerror conditions of interest.

Enhancements to the existing infrastructure make debugging on the Multiservices PIC easier by giving the user the option of redirecting the log messages to either the Routing Engine (routing-engine) or to the console of the PIC (pic-console). The user does not have to specify a destination for the messages; by default all messages go to /var/log on the Routing Engine.

When the syslog destination is configured to redirect the log messages to the Routing Engine, using the CLI set system syslog command (available in the native JUNOS Software) overrides the syslog settings made on the Multiservices PIC.

Other Configuration Guidelines:
Guidelines for Configuring SDK Applications

See also:
Statement Summary

Configuration Command Summary

Operational Command Reference

SDK CLI Configuration


2007-2009 Juniper Networks, Inc. All rights reserved. The information contained herein is confidential information of Juniper Networks, Inc., and may not be used, disclosed, distributed, modified, or copied without the prior written consent of Juniper Networks, Inc. in an express license. This information is subject to change by Juniper Networks, Inc. Juniper Networks, the Juniper Networks logo, and JUNOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Generated on Sun May 30 20:26:48 2010 for Juniper Networks Partner Solution Development Platform JUNOS SDK 10.2R1 by Doxygen 1.4.5