Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Viewing and Modifying TLB Service Instances

 

After you create the traffic load balancer (TLB) software service instance to balance user session traffic among a group of available servers that provide shared services using the Service Designer workspace, you can view and modify the components or elements of the service instance by using the Service Edit workspace.

You can perform the following tasks with the Service Edit page for TLB:

  • View the list of configured TLB templates.

  • Modify an existing TLB template to meet the network needs and deployment scenarios.

  • Delete an existing template.

  • Transfer the service instance for deployment on a device.

Viewing TLB Service Instances

To view the list of TLB service instances:

  1. From the View selector, select Gateway View or Service View. The workspaces that are applicable to this view are displayed. In Gateway view, the devices in the entire network are displayed, organized by the device types and the device models within each device type. In Service View, the different types of services are displayed in the View pane.
  2. From the Junos Space user interface, click the Deploy icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  3. From the View pane, select the All Network item in Gateway view. Click the plus sign (+) beside the All Network item in the View pane to expand the tree and select the device node you want.

    Alternatively, from the View pane, click the plus sign (+) beside All Services to expand the tree and select the type of service.

  4. From the task pane, select Service Edit. The Service Instances page is displayed.
  5. If you are in Gateway view, click the plus sign (+) next to Service Edit to expand the tree in the task pane and view the list of filter templates.
  6. In the Service Edit page, from the tree that lists the SDGs, select All Service Gateways, or the SDG or SDG pair for which you want to view the previously configured policy or filter templates. This step is applicable only if you selected Gateway View.

    The page is divided into two panes. The list of SDGs are displayed on the left pane. You can drill-down to the SDG or pair of SDGs for which you want to process policies or filters. The policy and filter rules are displayed in the right pane.

  7. Alternatively, from the View selector, select Service View. The workspaces that are applicable to this view are displayed. From the Junos Space user interface, click the Build icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane. Click the plus sign in the View pane to expand the All Services tree and select the type of service. From the task pane, select Manage Service Templates.

    The Service Instances page is displayed in the right pane, listing all the previously defined service instances.

  8. Select TLB to open the Service Edit > TLB page on the right pane.
  9. In the Service Instances page, from the tree that lists the SDGs, select All Service Gateways, or the SDG or SDG pair for which you want to view the previously configured policy or filter templates.

    The page is divided into two panes. The list of SDGs are displayed on the left pane. You can drill-down to the SDG or pair of SDGs for which you want to process policies or filters. The policy and filter rules are displayed in the right pane.

The following fields are displayed on the Service Edit > TLB page:

Table 1: TLB Service Edit Page

Field

SDG Host

Instance Name

OS Version

Group Name

Reference Host

Real Servers

Network Monitoring

Groups

Virtual Servers

Deployment Plans

Select a policy or a filter and click the Expand All icon, and all rules corresponding to that policy or filter are expanded.

Select a policy or filter and click the Collapse All icon to collapse all rules.

Enter the term that you want to specify as the filter criterion in the Filter field and click the Filter icon to sort and display only the services that are of interest.

Modifying TLB Service Instances

On the Service Designer page, you can view the collection of service instances defined for several applications, such as stateful firewall or CGNAT.

To modify service instance instances, such as ADC, SFW, CGNAT, or TLB templates:

  1. From the View selector, select Gateway View or Service View. The workspaces that are applicable to this view are displayed. In Gateway view, the devices in the entire network are displayed, organized by the device types and the device models within each device type. In Service View, the different types of services are displayed in the View pane.
  2. From the Junos Space user interface, click the Deploy icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  3. From the View pane, select the All Network item in Gateway view. Click the plus sign (+) beside the All Network item in the View pane to expand the tree and select the device node you want.

    Alternatively, from the View pane, click the plus sign (+) beside All Services to expand the tree and select the type of service.

  4. From the task pane, select Service Edit. The Service Instances page is displayed.
  5. If you are in Gateway view, click the plus sign (+) next to Service Edit to expand the tree in the task pane and view the list of filter templates.
  6. In the Service Edit page, from the tree that lists the SDGs, select All Service Gateways, or the SDG or SDG pair for which you want to view the previously configured policy or filter templates. This step is applicable only if you selected Gateway View.

    The page is divided into two panes. The list of SDGs are displayed on the left pane. You can drill-down to the SDG or pair of SDGs for which you want to process policies or filters. The policy and filter rules are displayed in the right pane.

  7. Alternatively, from the View selector, select Service View. The workspaces that are applicable to this view are displayed. From the Junos Space user interface, click the Build icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane. Click the plus sign in the View pane to expand the All Services tree and select the type of service. From the task pane, select Manage Service Templates.

    The Service Instances page is displayed in the right pane, listing all the previously defined service instances.

  8. In Service View of Deploy mode, from the task pane, select Deploy Service > Service Edit.

    The Service Instances page is displayed in the right pane, listing all the previously defined service instances.

  9. From the View pane, perform one of the following tasks:
    • Click the ADC button.

      The list of ADC service instances is displayed. You need not click this button if you are launching the Service Designer page for the first time or are navigating to this page from another mode or a different page. You need to click this button only if you are viewing the other service instances, such as CGNAT or TLB.

    • Click the SFW button.

      The list of SFW templates is displayed.

    • Click the TLB button.

      The list of TLB templates is displayed.

    • Click the CGNAT button.

      The list of CGNAT templates is displayed.

  10. Click the Lock icon above the table of listed packet filters. The Select Reference Config dialog box is displayed.
  11. From the Service Gateway Name drop-down list, select the SDG group to which the packet filter must be applied.
  12. From the Host Name drop-down list, select the hostname of the SDG.
  13. In the Select Common Components section, select the check boxes beside the service modules or components, such as packet filters, SFW rules, or CGNAT rules, that are displayed. The displayed components depend on the attributes that are previously defined for that selected packet filter. For example, if the service policy is for stateful firewall, SFW rules and SFW rule sets are shown. Select the check box beside Config Category to select all the service components.
  14. Click Save to save the modified association.
  15. Select the check box beside the template you want to modify.
  16. Open the Modify menu above the list of templates to modify an existing template, and select the component or service attribute, such as application or rule, that you want to edit.
  17. Perform one of the following from the drop-down menu displayed for each component:
    • To retrieve the service component and import into the database of Edge Services Director, select Import Object. The Import Services dialog box appears. You can import the service instances assigned to SDGs or choose from a list of all of the predefined templates in the database. Also, you can either import all of the components of a service or specific components.

    • To create the component afresh, select Create New. The Create page corresponding to the service component appears. You can define the attributes for the service component in the same manner as you define the elements during the creation of a service instance.

Creating a Deploy Plan and Provisioning Services Immediately

To deploy a deployment plan and policies immediately:

  1. From the View selector, select Gateway View or Service View. The workspaces that are applicable to this view are displayed. In Gateway view, the devices in the entire network are displayed, organized by the device types and the device models within each device type. In Service View, the different types of services are displayed in the View pane.
  2. From the Junos Space user interface, click the Deploy icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  3. From the View pane, select the All Network item in Gateway view. Click the plus sign (+) beside the All Network item in the View pane to expand the tree and select the device node you want.

    Alternatively, from the View pane, click the plus sign (+) beside All Services to expand the tree and select the type of service.

  4. From the task pane, select Service Edit. The Service Instances page is displayed.
  5. If you are in Gateway view, click the plus sign (+) next to Service Edit to expand the tree in the task pane and view the list of filter templates.
  6. In the Service Edit page, from the tree that lists the SDGs, select All Service Gateways, or the SDG or SDG pair for which you want to view the previously configured policy or filter templates. This step is applicable only if you selected Gateway View.

    The page is divided into two panes. The list of SDGs are displayed on the left pane. You can drill-down to the SDG or pair of SDGs for which you want to process policies or filters. The policy and filter rules are displayed in the right pane.

  7. Select a service template and click the Lock icon above the table of listed templates.
  8. Alternatively, in Service View of Deploy mode, from the task pane, select Service Edit. The Service Instances page is displayed.
  9. Click the plus sign (+) next to Service Instance to expand the tree in the task pane and view the list of filter templates.
  10. Select TLB to open the Service Edit > TLB page on the right pane.
  11. In the Service Instances page, select a service instance and click the Lock icon.

    The corresponding service instance is locked and is available for modifications.

  12. Click the Send for Deployment button.
    • If you create a deployment plan from Gateway view of Deploy mode, the Deployment Plan Summary dialog box appears, with the service name, type, and status listed.

      Click Send to create a deployment plan.

    • If you create a deployment plan from Service view of Deploy mode, the Edit Service Instance page is displayed. You can modify the SDGs associated with the service instance and also modify the service instance attributes as necessary by either clicking the buttons corresponding to the various settings at the top of the wizard page to directly traverse to the page you want to modify or clicking the navigation buttons at the bottom of the wizard page to go to the different pages of the wizard. Click Finish to create a deployment plan.

    The configuration deployment job runs. To view the status or results of the deployment job, you can view the Deployment Plans page. In the Deployment Plans page, the Provision Status and Message columns are updated indicating the progress of commission. If the deploy is successful, the status denotes Commissioned. If the deploy fails, the status changes to Commission Failed.

    Alternatively, you can select Discard changes from the Actions menu to ignore the modifications done to a policy or filter template.

Filtering TLB Service Instances

You can use the enhanced search utility on the Service Edit page for TLB service instances to effectively, quickly identify and segregate the policies and filters of relevance and interest.

The Service Edit page provides advanced search options for the TLB service instances. Enter the term that you want to specify as the filter criterion in the Filter field and click the Filter icon.

You can perform advanced searches for the following fields:

  • SDG Hostname

  • Instance name of the service

The following advanced search criteria are available:

  • Wildcard search for rule names using an asterisk (*) is allowed.

  • Edge Services Director supports AND and OR operations between search items. The default behavior is OR.

  • For rule name search, only the OR operation is allowed, because a policy cannot have multiple rule names.

  • For zone search, only the OR operation is allowed. Wildcard search is supported.

  • For service and address fields, OR and AND operations are allowed.

  • Multiple groups can be grouped using parenthesis. Grouping can be used during filed or keyword searches as well.

  • Negate (-) symbol can be used to exclude objects that contain a specific term name.

  • The plus (+) operator can be used to specify that the term after the + symbol existing the field value to be filtered along with other searched items.

  • Escaping special characters are part of the search syntax. The supported special characters are + - && || ! ( ) { } [ ] ^ " ~ * ? : \.

Note

Use the AND operator to find rules that match all values for a given set of fields. Use the OR operator to find rules that match any of the values for a given set of fields.

  1. From the View selector, select Gateway View or Service View. The workspaces that are applicable to this view are displayed. In Gateway view, the devices in the entire network are displayed, organized by the device types and the device models within each device type. In Service View, the different types of services are displayed in the View pane.
  2. From the Junos Space user interface, click the Deploy icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  3. From the View pane, select the All Network item in Gateway view. Click the plus sign (+) beside the All Network item in the View pane to expand the tree and select the device node you want.

    Alternatively, from the View pane, click the plus sign (+) beside All Services to expand the tree and select the type of service.

  4. From the task pane, select Service Edit. The Service Instances page is displayed.
  5. If you are in Gateway view, click the plus sign (+) next to Service Edit to expand the tree in the task pane and view the list of filter templates.
  6. In the Service Edit page, from the tree that lists the SDGs, select All Service Gateways, or the SDG or SDG pair for which you want to view the previously configured policy or filter templates. This step is applicable only if you selected Gateway View.

    The page is divided into two panes. The list of SDGs are displayed on the left pane. You can drill-down to the SDG or pair of SDGs for which you want to process policies or filters. The policy and filter rules are displayed in the right pane.

  7. Also, from the View selector, you can select select Service View. The workspaces that are applicable to this view are displayed. From the Junos Space user interface, click the Build icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane. Click the plus sign in the View pane to expand the All Services tree and select the type of service. From the task pane, select Manage Service Templates.

    The Service Instances page is displayed in the right pane, listing all the previously defined service instances.

  8. Alternatively, from the Junos Space user interface, click the Deploy icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  9. Select Service Edit from the task pane. The Service Edit page is displayed.
  10. Click the plus sign (+) next to the policy and filter template to expand the tree in the task pane and view the list of filter templates.
  11. From the task pane, select TLB to open the TLB page on the right pane.
  12. Enter the term that you want to specify as the filter criterion in the Filter field and click the Filter icon.

Managing TLB Service Instance Locks

All the locked policies can be viewed in a single page. You can display the list of SFW, CGNAT, or packet filter templates that are locked by filtering them separately. Such a page shows all the locks only if the user has the unlock task assigned; otherwise, a user sees only the locks that pertain to them.

To view the locked policies:

  1. From the Junos Space user interface, click the Deploy icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  2. From the task pane, select Service Edit. The Service Instances page is displayed.
  3. Click the plus sign (+) next to Service Instance to expand the tree in the View pane and view the list of filter templates.
  4. Select TLB to open the Service Edit > TLB page on the right pane.
  5. In the Service Instances page, from the tree that lists the SDGs, select All Service Gateways, or the SDG or SDG pair for which you want to lock the filter templates.
  6. Select the check box next to the template
  7. Click the Lock icon, or right-click the policy that you want to lock, and press Lock. You can select policies that are locked by you and unlock them. To unlock your policies, you do not need any administrator privileges. To unlock policies locked by other users, you must have the task LOCK assigned to you.

User with administrator privileges can configure the lock settings. To configure the lock settings:

  1. Click Application Switcher, and go to Network Application Platform > Administration > Manage Applications.
  2. Right-click the Edge Services Director application, and select Modify Application Settings. The Modify Edge Services Director Settings page is displayed.
  3. Under the Locking option, you can configure the locking timeout value in minutes. The minimum value that you can configure is 2 minutes and the maximum 120 minutes. By default, the timeout value is configured for 5 minutes.
  4. By default, the Explicit Policy Lock for edit option is enabled. You can disable this option, if you do not want to lock the policies before editing. When this option is disabled, policies can be edited by any user. The first user gets the preference of saving the changes for a policy. The next save on the same version of a policy results in the user being asked to save policy with new name.
Note

Acquiring a policy lock or releasing a lock is audit logged. Release locking will show the reason for the release, for example, an explicit release, on save, discard, timeout, or administrator release. Administrator changes of the lock configuration are also audit logged. To see the audit logs, from the Edge Services Director task bar, select Audit Logs.

Unlocking Locked TLB Service Instances

All the locked policies can be viewed in a single page. This page is available for a user with Manage Policy Locks tasks assigned. Such a page shows all the locks only if the user has the unlock task assigned; otherwise, a user sees only the locks that pertain to them.

To view the unlocked policies:

  1. From the Junos Space user interface, click the Deploy icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  2. From the task pane, select Service Edit. The Service Instances page is displayed.
  3. Click the plus sign (+) next to Service Instance to expand the tree in the View pane and view the list of filter templates.
  4. Select TLB to open the Service Edit > TLB page on the right pane.
  5. In the Service Instances page, from the tree that lists the SDGs, select All Service Gateways, or the SDG or SDG pair for which you want to view the locked filter templates. Alternatively, click the Filter icon to open the list of filter options. From the list, select All Locked.
  6. Right-click the policy that you want to unlock, and press Unlock. You can select policies that are locked by you and unlock them. To unlock your policies, you do not need any administrator privileges. To unlock policies locked by other users, you must have the task LOCK assigned to you.

    Alternatively, select the policy you want to unlock, and click the Manage button. The Manage Instance Locks dialog box is displayed. The following fields are displayed in the dialog box:

    Table 2: Fields in the Manage Instance Locks Dialog Box

    Field

    Description

    Instance

    Name of the service instance instance.

    User

    Name of the user that has acquired the lock.

    Service Gateway Host

    Name of the service gateway with which the instance is attached.

    Last Acquired Time

    Date and time at which the lock on the template was acquired.

    Select the policy instance you want to unlock, and click the Unlock icon at the top of the dialog box. Click the Close icon to return to the services listing page.

User with administrator privileges can configure the lock settings. To configure the lock settings:

  1. Click on Application Switcher option, and go to Network Application Platform > Administration > Manage Applications.
  2. Right click the Edge Services Director application, and select Modify Application Settings. The Modify Edge Services Director Settings page is displayed.
  3. Under the Locking option, you can configure the locking timeout value in minutes. The minimum value that you can configure is 2 minutes and the maximum is 120 minutes. By default, the timeout value is configured for 5 minutes.
  4. By default, the Explicit Policy Lock for edit option is enabled. You can disable this option, if you do not want to lock the policies before editing. When this option is disabled, policies can be edited by any user. The behavior is the same as for concurrent editing. The first user gets the preference of saving the changes for a policy. The next save on the same version of a policy results in the user being asked to save the policy with a new name.
Note

Acquiring a policy lock or releasing lock is audit logged. Release locking will show the reason for the release, for example, an explicit release, on save, discard, timeout, or administrator release. Administrator changes of the lock configuration are also audit logged. To see the audit logs, from the Edge Services Director task bar, select Audit Logs.