Configuring Port Control Protocol
This topic describes how to configure port control protocol (PCP). PCP is supported on the MS-DPC, MS-100, MS-400, and MS-500 MultiServices PICS. Starting in Junos OS Release 17.4R1, PCP for NAPT44 is also supported on the MS-MPC and MS-MIC. Starting in Junos OS Release 18.2R1, PCP on the MS-MPC and MS-MIC supports DS-Lite. In Junos OS Release 18.1 and earlier releases, PCP on the MS-MPC and MS-MIC does not support DS-Lite.
Perform the following configuration tasks:
Configuring PCP Server Options
- Specify a PCP server name.user @host# edit services pcp server server-name
- Set the IPv4 or IPv6 addresses of the server. For PCP
DS-Lite, the ipv6-address must match the address of the
AFTR (Address Family Transition Router or softwire concentrator).
Note Starting in Junos OS Release 18.2R1, PCP on the MS-MPC and MS-MIC supports DS-Lite. In Junos OS Release 18.1 and earlier releases, PCP on the MS-MPC and MS-MIC does not support DS-Lite.
[edit services pcp server server-name]user @host# set ipv6-address ipv6-addressor
[edit services pcp server server-name]user @host# set ipv4-address ipv4-address - For PCP DS-Lite, provide the name of the DS-Lite softwire
concentrator configuration.[edit services pcp server server-name]user @host# set softwire-concentrator softwire-concentrator-name
- Specify the minimum and maximum mapping lifetimes for
the server.[edit services pcp server server-name]user @host# set mapping-lifetime-minimum mapping-lifetime-minuser @host# set mapping-lifetime-maximum mapping-lifetime-max
- Specify the time limits for generating short lifetime
or long lifetime errors.[edit services pcp server server-name]user @host# set short-lifetime-error short-lifetime-erroruser @host# set long-lifetime-error long-lifetime-error
- (Optional)—Enable PCP options on the specified PCP
server. The following options are available—third-party and prefer-failure. The third-party option is required
to enable third-party requests by the PCP client. DS-Lite requires
the third-party option. The prefer-failure option
requests generation of an error message when the PCP client requests
a specific IP address/port that is not available, rather than assigning
another available address from the NAT pool. If prefer-failure is not specified NAPT44 assigns an available address/port from the
NAT pool based on the configured NAT options.[edit services pcp server server-name]user @host# set pcp-options third-partyuser @host# set pcp-options prefer-failure
- (Optional)—Specify which NAT pool to use for mapping.[edit services pcp server server-name]user @host# set nat-options pool-name1 <poolname2...>
Note When you do not explicitly specify a NAT pool for mapping, the Junos OS performs a partial rule match based on source IP, source port, and protocol, and the Junos OS uses the NAT pool configured for the first matching rule to allocate mappings for PCP.
You must use explicit configuration in order to use multiple NAT pools.
- (Optional)—Configure the maximum number of mappings
per client. The default is 32 and maximum is 128.[edit services pcp server server-name]user @host# set max-mappings-per-client max-mappings-per-client
Configuring a PCP Rule
A PCP rule is has the same basic options as all service set rules:
A term option that allows a single rule to have multiple applications.
A from option that identifies the traffic that is subject to the rule.
A then option that identifies what action is to be taken. In the case of a PCP rule, this option Identifies the pcp server that handles selected traffic
- Go to the [edit services pcp rule rule-name] hierarchy level and specify match-direction input.user @host# edit services pcp rule rule-nameuser @host# set match-direction input
- Go to the [edit services pcp rule rule-name term term-name] hierarchy level and provide
a term name.user @host# edit term term-name
- (Optional)—Provide a from option to filter
the traffic to be selected for processing by the rule. When you omit
the from option, all traffic handled by the service set’s
service interface is subject to the rule. The following options are
available at the [edit services pcp rule rule-name term term-name from] hierarchy level:destination-address address <except>—Traffic for the destination address or prefix is processed by the PCP rule. If you include the except option, traffic for the destination address or prefix is not processed by the PCP rule.destination-address-range high maximum-value low minimum-value <except>—Traffic for the destination address range is processed by the PCP rule. If you include the except option, traffic for the destination address range is not processed by the PCP rule.destination-port high maximum-value low minimum-value—Traffic for the destination port range is processed by the PCP rule.destination-prefix-list list-name <except>—Traffic for a destination address in the prefix list is processed by the PCP rule. If you include the except option, traffic for a destination address in the prefix list is not processed by the PCP rule.source-address address <except>—Traffic from the source address or prefix is processed by the PCP rule. If you include the except option, traffic from the source address or prefix is not processed by the PCP rule.source-address-range high maximum-value low minimum-value <except>—Traffic from the source address range is processed by the PCP rule. If you include the except option, traffic from the source address range is not processed by the PCP rule.source-prefix-list list-name <except>—Traffic from a source address in the prefix list is processed by the PCP rule. If you include the except option, traffic from a source address in the prefix list is not processed by the PCP rule.
- Set the then option to identify the target
PCP server.[edit services pcp rule rule-name term term-name]user @host# set then pcp-server server-name
Configuring a NAT Rule
To configure a NAT rule:
- Configure the NAT rule name and the match direction.[edit services nat]user@host# set rule rule-name match-direction match-direction
- Specify the NAT pool to use:[edit services nat rule-name term term-name then translated]user@host# set source-pool nat-pool-name
- Configure the translation type.[edit services nat rule-name term term-name then translated]user@host# set translation-type translation-type
- If you are using PCP with
IPv4-to-IPv4 NAT or with DS-Lite, configure endpoint-independent mapping
(EIM) and endpoint-independent filtering (EIF).[edit services nat rule-name term term-name then translated]user@host# set mapping-type endpoint-independentuser@host# set filtering-type endpoint-independent
Note The PCP mappings are not created if you do not configure EIM and EIF with PCP for IPv4-to-IPv4 NAT or for DS-Lite.
Configuring a Service Set to Apply PCP
To use PCP, you must provide the rule name (or name of a list of rule names) in the pcp-rule rule-name option.
- Go to the [edit services service-set service-set-name hierarchy level.user @host# edit services service-set service-set-name
- If this is a new service set, provide basic service set information, including interface information and any other rules that may apply.
- Specify the name of the PCP rule or rule list used to
send traffic to the specified PCP server.[edit services service-set service-set-name ]user @host# set pcp-rule rule-name | rule-listname
Your service set must also identify any required nat-rule and softwire-rule.
SYSLOG Message Configuration
A new syslog class, configuration option, pcp-logs, has been provided to control PCP log generation. It provides the following levels of logging:
protocol—All logs related to mapping creation, deletion are included at this level of logging.
protocol-error—–All protocol error related logs (such as mapping refresh failed, PCP look up failed, mapping creation failed). are included in this level of logging.
system-error—Memory and infrastructure errors are included in this level of logging.