Plugin Configuration

For introductory information about plugins, see Plugin Functionality and Service Chaining.

If your plugin will work with services and service sets, you first configure them in your command-line interface (CLI) configuration. For example:

services {
   acme-svc1 {
       */ rules for this service */
   }
   acme-svc2 {
       */ rules for this service */
   }
   service-set sset1 {

         extension-service acme-svc1 {    
              /* customer-specific-rules-here*/ ;
         } 

         extension-service acme-svc2 {    
              /* customer-specific-rules-here*/;
         } 


         service-order {
              acme-svc1;
              acme-svc2;
         }
         interface-service {        // Indicates the service is interface-style
            service-interface {
                ms-x/y/0.0;         // Specifies the Multiservices PIC on which to load this
                                    // policy 
            }
        }
   }
}

service-order defines the order in which services are applied for this service set. For all packets matching this service set, acme-svc1 is applied first, then acme-svc2. This ability to chain services is a major benefit to using plugins.

The chassis configuration includes values for the object cache and policy database size that you should also set. (For more information about the object cache, see Memory Management):

chassis {
    fpc 5 {
        pic 3 {
            adaptive-services {
                service-package {
                    extension-provider {
                        control-cores 1;
                        data-cores 6;
                        object-cache-size 512;
                        policy-db-size 128
                }
            }
        }
    }
}

policy-db-size defines the size in megabytes of policies used by the services you expect your plugin to be accessing. A policy for a service includes the service, service set, flow type, and plugin IDs in addition to policy rules specific to the service. The size should be less than the value of object-cache-size.

The control-cores and data-cores settings allow you to specify the number of processing cores in the Multiservices PIC that your application will need for optimum efficiency. Each PIC contains eight processing cores, each with four hardware threads (virtual CPUs). For more information about control and data cores, see Architecture of the Multiservices PIC CPU.

The following is a more extensive example that configures a service chain. In this example, the equilibrium2-classify plugin will be executed before equilibrium2-balance plugin.

system {
    syslog {
        file messages {
            any info;
            authorization info;
        }
    }
}

chassis {
    fpc 1 {
        pic 2 {
            adaptive-services {
                service-package {
                    extension-provider {
                        control-cores 2;
                        data-cores 4;
                        object-cache-size 512;
                        package sync-equilibrium2-balance;
                        package sync-equilibrium2-classify;
                    }
                }
            }
        }
    }
}

interfaces {
    fe-1/1/0 {
        unit 0 {
            family inet {
                address 192.168.2.1/24;
            }
        }
    }
    fe-1/1/3 {
        unit 0 {
            family inet {
                service {
                    input {
                        service-set equilibrium2-ss;
                    }
                    output {
                        service-set equilibrium2-ss;
                    }
                }
                address 192.168.0.1/24;
            }
        }
    }
    ms-1/2/0 {
        unit 0 {
            family inet {
                address 192.168.1.2/32;
            }
        }
    }
    pc-1/2/0 {
        multiservice-options {
            core-dump;
            debugger-on-panic;
        }
    }
}

routing-options {
    static {
        route 192.168.0.10/32 {
            next-hop 192.168.0.2;
            retain;
        }
    }
}

services {
    service-set equilibrium2-ss {
        extension-service equilibrium2-balance {
            rule rule-balance {
                term term-web {
                    from {
                        service-gate web-gate;
                    }
                    then {
                        server-group web-server-group;
                    }
                }
                term term-secured-web {
                    from {
                        service-gate secured-web-gate;
                    }
                    then {
                        server-group secured-web-server-group;
                    }
                }
                term term-ftp {
                    from {
                        service-gate ftp-gate;
                    }
                    then {
                        server-group ftp-server-group;
                    }
                }
            }
        }
        extension-service equilibrium2-classify {
            rule rule-classify {
                term term-identify {
                    from {
                        service-gate-except public-gate;
                    }
                    then {
                        accept;
                    }
                }
                term term-web {
                    from {
                        service-type web-service;
                    }
                    then {
                        service-gate web-gate;
                    }
                }
                term term-secured-web {
                    from {
                        service-type secured-web-service;
                    }
                    then {
                        service-gate secured-web-gate;
                    }
                }
                term term-ftp {
                    from {
                        service-type ftp-service;
                    }
                    then {
                        service-gate ftp-gate;
                    }
                }
            }
        }
    }
    interface-service {
        service-interface ms-1/2/0;
    }
    service-order {
        equilibrium2-classify;
        equilibrium2-balance;
    }
}

sync {
    equilibrium2 {
        service-gate {
            public-gate {
                address 192.168.0.8;
            }
            web-gate {
                address 192.168.0.10;
            }
            secured-web-gate {
                address 192.168.0.11;
            }
            ftp-gate {
                address 192.168.0.12;
            }
        }
        balance-service {
            server-group web-server-group {
                address {
                    192.168.0.15;
                    192.168.0.16;
                    192.168.0.17;
                    192.168.0.18;
                }
                server-monitor {
                    server-connection-interval 10;
                    server-connection-timeout 10;
                    server-timeouts-allowed 5;
                    server-down-retry-interval 10;
                }
                session-timeout 60;
            }
            server-group secured-web-server-group {
                address {
                    192.168.0.25;
                    192.168.0.26;
                }
                server-monitor {
                    server-connection-interval 10;
                    server-connection-timeout 10;
                    server-timeouts-allowed 5;
                    server-down-retry-interval 10;
                }
                session-timeout 60;
            }
            server-group ftp-server-group {
                address {
                    192.168.0.35;
                    192.168.0.36;
                    192.168.0.37;
                    192.168.0.38;
                }
                server-monitor {
                    server-connection-interval 15;
                    server-connection-timeout 15;
                    server-timeouts-allowed 5;
                    server-down-retry-interval 15;
                }
                session-timeout 60;
            }
        }
        classify-service {
            service-type web-service {
                port 80;
            }
            service-type secured-web-service {
                port 443;
            }
            service-type ftp-service {
                port 21;
            }
        }
        traceoptions {
            file eq.trace;
            flag all;
        }
    }
}

Package Configuration

You must also supply a package configuration XML file so that the system can build the plugin. (For details about where to place this file and how to reference it in the package manifest, see the Installation Guide.) After installation, the system places this file in /opt/sdk/pkg/package-name.xml on the Multiservices PIC.

<pkg-config>
  <!-- Package configuration header - one per config file -->
  <header>
       <!-- config file syntax version -->
       <version>1.0</version>
       <!-- unique package name -->
       <name>jnx-msptest-plugin</name>
  </header>
 
  <!-- List of plugins -->
  <plug-in>
       <!-- unique plugin name -->
       <name>jnx-msptest-plugin1</name>
       <!-- plugin shared object path -->
       <path>/var/crash/libjnx-msptest-plugin1.so</path>
       <!-- plugin entry point, this function is called when
            plugin source is loaded -->
       <entry>jnx_msptest_plugin1_register</entry>
  </plug-in>
</pkg-config>

Programmatic Access to Configurations


2007-2009 Juniper Networks, Inc. All rights reserved. The information contained herein is confidential information of Juniper Networks, Inc., and may not be used, disclosed, distributed, modified, or copied without the prior written consent of Juniper Networks, Inc. in an express license. This information is subject to change by Juniper Networks, Inc. Juniper Networks, the Juniper Networks logo, and JUNOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Generated on Sun May 30 20:26:47 2010 for Juniper Networks Partner Solution Development Platform JUNOS SDK 10.2R1 by Doxygen 1.4.5