Setting Up and Running the Application

This topic describes how to set up a sample configuration to run the application.

Test Tool and Equipment

The tools and hardware used in these sample setups are:

To run the jnx-gateway application, use a static tunnel configuration with your own traffic generator. The application's management module runs on the Juniper Networks router, in the Routing Engine, for overall management of the gateway functionality.

Configuration

This setup uses statically configured GRE and IP-in-IP tunnels with a traffic generator. It has the following components:

The configuration for the router is as follows (note that you will use your own provider ID in place of provider-id):

user@host# show system
  system {
      extensions {
          providers {
              provider-id;
          }
      }
  }
[edit]
user@host# show chassis
fpc 0 {
    pic 1 {
        adaptive-services {
            service-package {
                extension-provider {
                    control-cores 3;
                    data-cores 4;
                    package jnx-gateway-ctrl;
                    package jnx-gateway-data;
                }
            }
        }
    }
}

[edit]
user@host# show interfaces
ms-0/1/0 {
    unit 0 {
        family inet {
            address 5.5.5.1/32;
        }
    }
    unit 1 {
        family inet;
    }
    unit 2 {
        family inet;
    }
}

fe-1/2/0 {
    unit 0 {
        family inet {
             address 1.1.1.1/24 {
                arp 1.1.1.100 mac 00:01:02:03:04:05;
            }

        }
    }
}
fe-1/2/1 {
    unit 0 {
        family inet {
            address 2.2.2.1/24 {
                arp 2.2.2.100 mac 00:01:02:03:04:05;
            }

        }
    }
}

[edit]
user@host#show policy-options
policy-statement dummy {
    then reject;
}

[edit]
user@host# show routing-instances
vrf-1 {
    instance-type vrf;
    interface fe-1/2/0.0;
    interface ms-0/1/0.0;
    interface ms-0/1/0.1;
    route-distinguisher 1:1;
    vrf-import dummy;
    vrf-export dummy;
    routing-options {
    static {
        route 100.100.100.1/32 next-hop ms-0/1/0.1;
    }
}

}
vrf-2 {
    instance-type vrf;
    interface fe-1/2/1.0;
    interface ms-0/1/0.2;
    route-distinguisher 1:2;
    vrf-import dummy;
    vrf-export dummy;
    static {
        route 200.200.200.1/32 next-hop ms-0/1/0.2;
    }
}


[edit]
user@host# show sdk
jnpr {
    jnx-gateway {
        data {
            policy sample_test {
                interface-name ms-0/1/0.1;
                session {
                    client-id 10.11.12.13;
                    client-start-port 5000;
                    client-port-range 2;
                    server-id 15.15.15.1;
                    server-port 10000;
                }
                ingress-tunnel {
                    gre-gateway 1.1.1.100;
                    ingress-self-ip 100.100.100.1;
                    routing-instance vrf-1;
                    start-gre-key 1;
                }
                egress-tunnel {
                    egress-self-ip 200.200.200.1;
                    ipip-gateway 2.2.2.100;
                    routing-instance vrf-2;
                }
            }
        }
    }
}

[edit]
user@host#

The configuration for an ART traffic generator is as follows:

For ingress:

Configure the ART to generate the packet, which will be injected into the router. Create a GRE packet that encapsulates the IP packet. Configure the packet as follows:

Outer IP Packet:
Ethernet:
source address : default
destination address : ethernet address of IO(ge/fe) port of the router (\c fe-1/2/0) which is connected to ART.

IP packet:
Source address: 1.1.1.100 (which the address of GRE gateway)
Destination address: 100.100.1000.1 (ingress-self-ip specified in data policy)
TTL: 64
Protocol: GRE

GRE packet:
k-flag: set it to 1 (specifies that GRE key present in the packet)
key: set it to 1 (specifies the GRE key value)
Protocol type: IPV4

Inner IP Packet:
source ip: 10.11.12.13 (same as client-id of data policy)
destination ip: 15.15.15.1 (same as server-id of data policy)
protocol: UDP
source port: 5000 (same as client-start-port of data policy)
destination port:10000 (same as server-port of data policy)

For egress:

Configure the ART to generate an IP-in-IP packet, as follows:

Outer IP packet:
Ethernet:
Source address: default
Destination address : ethernet address of IO(ge/fe) port of the router (fe-1/2/1)

IP packet:
Source address: 2.2.2.100 (which is the address of IPinIP gateway)
Destination address: 200.200.200.1 (egress-self-ip specified in data policy)
TTL: 64
Protocol: IP

Inner IP Packet:
source ip: 15.15.15.1 (opposite of ingress configuration)
destination ip: 10.11.12.13 
protocol: UDP
source port: 10000 
destination port: 5000 

Starting the Application

To prepare to start the application:

  1. Install the JUNOS Software package as described in the Installation Guide.

  2. Create a sandbox on the VMware virtual machine and build the gateway package as described in Build and Packaging Procedure.

  3. Copy the package onto the router.

  4. Configure the extension provider statement in the CLI, as follows:

    set system extension provider provider-id
    commit

  5. Install the gateway package on the router:

    request system software add /var/tmp/jnx-gateway-bundletimestamp.tgz

  6. Configure the chassis hierarchy on the router:

    set chassis fpc fpc-slot-number pic pic-slot-number adaptive-services service-package extension-provider control-cores 3

    set chassis fpc fpc-slot-number pic pic-slot-number adaptive-services service-package extension-provider data-cores 4

    commit

  7. Start the traffic generator.

To verify your setup with the static configuration, you can do the following:

Interacting with the Application

The sample application configures a number of CLI commands you can use to view output. These commands and their output are shown here.

User Profiles

Follow these steps to see user profiles:

  1. Execute the set command to configure the user information:

    set sdk jnpr jnx-gateway user test address-range 1.1.1.0/24
    set sdk jnpr jnx-gateway user test egress-vrf vrf-2
    set sdk jnpr jnx-gateway user test ip-ip 2.2.2.100
    commit

  2. Execute the show command to verify the user profiles were created:
    show jnx-gateway user-profiles

Tunnels

You can see the tunnels by executing the following commands.

Statistics

A number of commands let you see the statistics the application gathers:

Interaction Among the Modules


2007-2009 Juniper Networks, Inc. All rights reserved. The information contained herein is confidential information of Juniper Networks, Inc., and may not be used, disclosed, distributed, modified, or copied without the prior written consent of Juniper Networks, Inc. in an express license. This information is subject to change by Juniper Networks, Inc. Juniper Networks, the Juniper Networks logo, and JUNOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Generated on Sun May 30 20:26:47 2010 for Juniper Networks Partner Solution Development Platform JUNOS SDK 10.2R1 by Doxygen 1.4.5