Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     
     

    Example: Creating and Activating a NaaS Service

    This example shows how to create a Network as a Service (NaaS) service request for a tenant in a multitier application network managed by the Juniper Networks Network Director application. A multitier application network contains logical entities or tier groups that belong in different VLANs. In this example, there are three tier groups, each providing a specific function. The application tier group provides network applications support, the Web tier group provides Internet access, and the client tier group provides client support.

    The tier groups are typically connected to different physical compute servers and virtual machines (VMs). In turn, the servers and VMs are connected to devices (such as an MX router) that are managed by the Network Director. The NaaS service is provided to the servers and VMs through the revenue ports on the managed devices.

    Requirements

    This example uses the following hardware and software components:

    • Hardware components:
      • An MX Series router
      • A QFabric system
      • An SRX Series Services Gateway
      • Two compute servers and four VMs
    • Software components:
      • Junos Space Release 16.1R1
      • Network Director API Release 3.0
      • REST HTTP client software

    Before you begin to create the multitier application NaaS request, be sure that:

    • Network Director API Release 3.0 is installed and operating.
    • NaaS service is initialized (the physical network topology has been imported into the NaaS service repository and the NaaS domain is created).
    • Static configurations are pushed to network devices.

    Overview

    In this example, the multitier application network contains three tier groups. Each group belongs to a VLAN, and is connected to a physical server or a VM. To configure and manage a multitier application network using the Network Director API, you must send NaaS service requests to create resources for connectivity groups, Layer 2 and Layer 3 connectivity services, security policies, and security policy rules for the tier groups. Once the resources are created, you activate the NaaS services.

    Overview and Topology

    Figure 1 shows the topology of a multitier application network.

    Figure 1: Multitier Application Network Topology

    Multitier Application Network Topology

    This example uses the following physical components:

    • A QFabric system
    • An MX Series router
    • An SRX Series Services Gateway
    • Two physical servers
    • Four VMs (running on two other physical servers)

    This example uses the following logical components:

    • Web tier group
    • Client tier group
    • Application tier group

    Creating a Multitier Application a NaaS Service

    From your REST HTTP client, perform the following tasks.

    Note: The IP address used in this example is that of the host server on which the Network Director API software is installed.

    Creating Tenant Resources

    Step-by-Step Procedure

    This section describes the steps for creating tenantl resources.

    1. Send a POST request to create a tenant resource (if one is not already created).
      • Content type = application/vnd.juniper.nd.tenant+json;version=2;charset=UTF-8
      • URL = https://10.94.45.63/api/juniper/nd/orchestration/tenants
      • Request Parameters:
        {
            "tenant": {
                "name": "tenantA"
            }
        }
      • Response parameters:
        {
            "tenant": {
                "instanceId": "73a6cbc5-492c-413e-b66c-92c1acca1e67",
                "resourceType": "TENANT",
                "@uri": "/api/juniper/nd/orchestration/tenants/73a6cbc5-492c-413e-b66c-92c1acca1e67",
                "name": "tenantA",
                "naasServices": {
                    "@total": "0"
                }
            }
        }

    Creating a Naas Service

    Step-by-Step Procedure

    1. Send a POST request to create a NaaS service request resource that represents the multitier application network:

    Creating Endpoint Resources

    Step-by-Step Procedure

    This section describes the steps for creating endpoint resources.

    1. Send a POST request to create a port resource for webTierGroup that represents the attachment point for the host VM of the Web tier group:

    Creating the Layer 2 and Layer 3 Domains

    Step-by-Step Procedure

    This section describes the steps for creating Layer 2 and Layer 3 domains.

    1. Send a POST request to create a L2 domain:
    2. Send a POST request to create an L2Domain resource for the application tier group:
    3. Create an L3Domain resource to provide routing among the Web tier, application tier, and client group VLAN subnets:
      • Content type =
        application/vnd.juniper.nd.l3-domain+json;version=2;charset=UTF-8
      • URL = https://10.94.45.63/api/juniper/nd/orchestration/naas-services/{naas-service-id}/l3-domains/
      • Request parameters:
            "l3Domain": {
                "contains": {
                    "link": [
                        {
                            "instanceId": "6becb654-a025-48d3-9b03-8c9aca592620",
                            "resourceType": "L2_DOMAIN",
                            "name": "appTierSubnet"
                        },
                        {
                            "instanceId": "38e8414e-180a-45e7-985f-0266a9260bda",
                            "resourceType": "L2_DOMAIN",
                            "name": "webTierSubnet"
                        }
                    ]
                },
                "name": "AppWebSubnet"
            }
        }

    Creating Security Policy and Security Policy Rule Resources

    Step-by-Step Procedure

    This section describes the steps for creating security policy and security policy rule resources for defining security rules for traffic sent to appTierGroup.

    1. Send a POST request to create a security policy resource:
      • Content type =
        application/vnd.juniper.nd.security-policies+json;version=2;charset=UTF-8
      • URL = https://10.94.45.63/api/juniper/nd/orchestration/security-policies
      • {
            "policyRule": {
                "name": "web-telnet-ssh-ping-",
                "actionList": "permit",
                "statementType": "and",
                "serializedConditionList": "[[source-address,match,any], [destination-address,match,10.20.23.0/24],[application,match,HTTP], [application,match,HTTPS], [application,match,SSH], [application,match,IcmpPing], [application,match,TELNET]]",
                "policy": {
                    "instanceId": "103b33c3-7a9e-472f-adce-08e8fe2cd81d",
                    "name": "Rule2"
                },
                "order": 1
            }
        }
    2. Create a security policy rule associated with the httpOnly security policy:
      • Content type =
        application/vnd.juniper.nd.security-policy-rules+json;version=2;charset=UTF-8
      • POST https://10.94.45.63/api/juniper/nd/orchestration/policy-rules
      • Request parameters:
        {
            "policyRule": {
                "name": "web-telnet-ssh-ping-",
                "actionList": "permit",
                "statementType": "and",
                "serializedConditionList": "[[source-address,match,any], [destination-address,match,10.20.23.0/24],[application,match,HTTP], [application,match,HTTPS], [application,match,SSH], [application,match,IcmpPing], [application,match,TELNET]]",
                "policy": {
                    "instanceId": "103b33c3-7a9e-472f-adce-08e8fe2cd81d",
                    "name": "Rule2"
                },
                "order": 1
            }
        }

    Activating the NaaS Services

    Step-by-Step Procedure

    This section describes the steps for activating NaaS services.

    1. Send a PUT request:

    Verifying the NaaS Request

    Verifying That the NaaS Request Is Activated

    Purpose

    Action

    To verify that the NaaS services are activated:

    1. Send a GET request to see the current state of the NaaS services:
      • Content type =
        application/vnd.juniper.nd.naas-services+json;version=2;charset=UTF-8
      • URL = https://10.94.45.63/api/juniper/nd/orchestration/naas-services/{naas-service-id}
      • Response parameters:
        {
          "link": {
           @uri="/api/space/job-management/jobs/655450",
           "instanceId": 655450
           "resourceType":JOB
          }
        }

        The response parameter returns the link Space job. You can issue a GET request on the link URI to get the status of the operation.

      • Accept parameter: application/vnd.juniper.nd.link+json;version=2;

      The current state of the NaaS services should be activated.

     
     

    Modified: 2017-01-29