Setting Up and Running the Application

This topic describes how to set up a sample configuration to run the application.

Test Tool and Equipment

The tools and hardware used in these sample setups are:

Router: M10i
PIC: Multiservices 100 PIC
Linux VM
FE/GE I/O cards

To run the jnx-gateway application, use a static tunnel configuration with your own traffic generator. The application's management module runs on the Juniper Networks router, in the Routing Engine, for overall management of the gateway functionality.

Configuration

This setup uses statically configured GRE and IP-in-IP tunnels with a traffic generator. It has the following components:

The traffic generator is an ART or IXIA machine that communicates with the router through two FE/GE ports to inject data packets into the system.
The corresponding interfaces on the router are fe-1/2/0 and fe-1/2/1.
The control module is configured to run on a Multiservices PIC (in this example, ms-0/1/0.1).
The data module is configured to run on the same PIC (ms-0/1/0.2).

The configuration for the router is as follows (note that you will use your own provider ID in place of provider-id):

user@host# show system
  system {
      extensions {
          providers {
              provider-id;
          }
      }
  }
[edit]
user@host# show chassis
fpc 0 {
    pic 1 {
        adaptive-services {
            service-package {
                extension-provider {
                    control-cores 3;
                    data-cores 4;
                    package jnx-gateway-ctrl;
                    package jnx-gateway-data;
                }
            }
        }
    }
}

[edit]
user@host# show interfaces
ms-0/1/0 {
    unit 0 {
        family inet {
            address 5.5.5.1/32;
        }
    }
    unit 1 {
        family inet;
    }
    unit 2 {
        family inet;
    }
}

fe-1/2/0 {
    unit 0 {
        family inet {
             address 1.1.1.1/24 {
                arp 1.1.1.100 mac 00:01:02:03:04:05;
            }

        }
    }
}
fe-1/2/1 {
    unit 0 {
        family inet {
            address 2.2.2.1/24 {
                arp 2.2.2.100 mac 00:01:02:03:04:05;
            }

        }
    }
}

[edit]
user@host#show policy-options
policy-statement dummy {
    then reject;
}

[edit]
user@host# show routing-instances
vrf-1 {
    instance-type vrf;
    interface fe-1/2/0.0;
    interface ms-0/1/0.0;
    interface ms-0/1/0.1;
    route-distinguisher 1:1;
    vrf-import dummy;
    vrf-export dummy;
    routing-options {
    static {
        route 100.100.100.1/32 next-hop ms-0/1/0.1;
    }
}

}
vrf-2 {
    instance-type vrf;
    interface fe-1/2/1.0;
    interface ms-0/1/0.2;
    route-distinguisher 1:2;
    vrf-import dummy;
    vrf-export dummy;
    static {
        route 200.200.200.1/32 next-hop ms-0/1/0.2;
    }
}


[edit]
user@host# show sdk
jnpr {
    jnx-gateway {
        data {
            policy sample_test {
                interface-name ms-0/1/0.1;
                session {
                    client-id 10.11.12.13;
                    client-start-port 5000;
                    client-port-range 2;
                    server-id 15.15.15.1;
                    server-port 10000;
                }
                ingress-tunnel {
                    gre-gateway 1.1.1.100;
                    ingress-self-ip 100.100.100.1;
                    routing-instance vrf-1;
                    start-gre-key 1;
                }
                egress-tunnel {
                    egress-self-ip 200.200.200.1;
                    ipip-gateway 2.2.2.100;
                    routing-instance vrf-2;
                }
            }
        }
    }
}

[edit]
user@host#

The configuration for an ART traffic generator is as follows:

For ingress:

Configure the ART to generate the packet, which will be injected into the router. Create a GRE packet that encapsulates the IP packet. Configure the packet as follows:

Outer IP Packet:
Ethernet:
source address : default
destination address : ethernet address of IO(ge/fe) port of the router (\c fe-1/2/0) which is connected to ART.

IP packet:
Source address: 1.1.1.100 (which the address of GRE gateway)
Destination address: 100.100.1000.1 (ingress-self-ip specified in data policy)
TTL: 64
Protocol: GRE

GRE packet:
k-flag: set it to 1 (specifies that GRE key present in the packet)
key: set it to 1 (specifies the GRE key value)
Protocol type: IPV4

Inner IP Packet:
source ip: 10.11.12.13 (same as client-id of data policy)
destination ip: 15.15.15.1 (same as server-id of data policy)
protocol: UDP
source port: 5000 (same as client-start-port of data policy)
destination port:10000 (same as server-port of data policy)

For egress:

Configure the ART to generate an IP-in-IP packet, as follows:

Outer IP packet:
Ethernet:
Source address: default
Destination address : ethernet address of IO(ge/fe) port of the router (fe-1/2/1)

IP packet:
Source address: 2.2.2.100 (which is the address of IPinIP gateway)
Destination address: 200.200.200.1 (egress-self-ip specified in data policy)
TTL: 64
Protocol: IP

Inner IP Packet:
source ip: 15.15.15.1 (opposite of ingress configuration)
destination ip: 10.11.12.13 
protocol: UDP
source port: 10000 
destination port: 5000

Starting the Application

To prepare to start the application:

Install the JUNOS Software package as described in the Installation Guide.
Create a sandbox on the VMware virtual machine and build the gateway package as described in Build and Packaging Procedure.
Copy the package onto the router.
Configure the extension provider statement in the CLI, as follows:

set system extension provider provider-id
commit
Install the gateway package on the router:

request system software add /var/tmp/jnx-gateway-bundletimestamp.tgz
Configure the chassis hierarchy on the router:

set chassis fpc fpc-slot-number pic pic-slot-number adaptive-services service-package extension-provider control-cores 3

set chassis fpc fpc-slot-number pic pic-slot-number adaptive-services service-package extension-provider data-cores 4

commit
Start the traffic generator.

To verify your setup with the static configuration, you can do the following:

Check that the the captured packet on ART port 2 is an IP-in-IP packet with all the relevant information (outer IP, inner IP packet information).

Check that GRE session with key 1 and IP-in-IP tunnel statistics are incrementing, using the CLI command:
show jnx-gateway statistics extensive

Verify from the statistics that there is no packet loss.

Interacting with the Application

The sample application configures a number of CLI commands you can use to view output. These commands and their output are shown here.

User Profiles

Follow these steps to see user profiles:

Execute the set command to configure the user information:

set sdk jnpr jnx-gateway user test address-range 1.1.1.0/24
set sdk jnpr jnx-gateway user test egress-vrf vrf-2
set sdk jnpr jnx-gateway user test ip-ip 2.2.2.100
commit
Execute the show command to verify the user profiles were created:
show jnx-gateway user-profiles

Tunnels

You can see the tunnels by executing the following commands.

show jnx-gateway gre-tunnels displays details about the GRE tunnels the application created.
show jnx-gateway ipip-tunnels displays details about the IP-in-IP tunnels the application created.

Statistics

A number of commands let you see the statistics the application gathers:

show jnx-gateway statistics displays statistics gathered about the GRE tunnel, including:
- Bytes received
- Packets received
- Bytes sent
- Packets sent
- Packets dropped
- Packets of non-existent sessions.
show jnx-gateway statistics extensive displays statistics gathered about the GRE and IP-in-IP tunnels for all VRFs, including:
- Bytes received
- Packets received
- Bytes sent
- Packets sent
- Packets dropped
- Packets of non-existent sessions.
show jnx-gateway statistics grekey 1 routing-instance vrf-1 displays statistics gathered about the specific GRE tunnel, including:
- Bytes received
- Packets received
- Bytes sent
- Packets sent
- Packets dropped
- Packets of non-existent sessions.
show jnx-gateway statistics gateway 2.2.2.1 routing-instance vrf-2 displays statistics gathered about the specific IP-in-IP tunnel, including:
- Bytes received
- Packets received
- Bytes sent
- Packets sent
- Packets dropped

Interaction Among the Modules

© 2007-2009 Juniper Networks, Inc. All rights reserved. The information contained herein is confidential information of Juniper Networks, Inc., and may not be used, disclosed, distributed, modified, or copied without the prior written consent of Juniper Networks, Inc. in an express license. This information is subject to change by Juniper Networks, Inc. Juniper Networks, the Juniper Networks logo, and JUNOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Generated on Sun May 30 20:26:47 2010 for Juniper Networks Partner Solution Development Platform JUNOS SDK 10.2R1 by Doxygen 1.4.5