Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Setting Up Logical Systems

 

Logical Systems enable you to create an interface and configure IP addresses. It shows how to add users to a user logical system. For more information, see the following topics:

Using Junos OS to Configure Logical System Administrators

Using Junos OS, you can partition a single router or switch into multiple logical devices that perform independent routing or switching tasks. When creating logical systems, you must configure logical system administrators and interfaces, assign logical interfaces to logical systems, and configure various other logical system statements.

The master administrator can assign one or more logical system administrators to each logical system. Once assigned to a logical system, administrators are restricted to viewing only configurations of the logical system to which they are assigned and accessing only the operational commands that apply to that particular logical system. This restriction means that these administrators cannot access global configuration statements, and all command output is restricted to the logical system to which the administrators are assigned.

To configure logical system administrators, include the logical-system logical-system-name statement at the [edit system login class class-name] hierarchy level and apply the class to the user. For example:

Fully implementing logical systems requires that you also configure any protocols, routing statements, switching statements, and policy statements for the logical system.

Example: Creating an Interface on a Logical System

This example shows how to create an interface on a logical system.

Requirements

For the interface on the logical system to have connectivity, the corresponding physical interface must be administratively up, and the physical link must be up. You can verify the status of the physical interface by running the show interfaces terse command.

Overview

In logical systems, you must treat each interface like a point-to-point connection because you can only connect one logical tunnel interface to another at any given time. Also, you must select an interface encapsulation type, specify a DLCI number or VLAN identifier, configure a corresponding protocol family, and set the logical interface unit number of the peering lt interface.

To configure the interface encapsulation type, include the dlci, encapsulation, family, peer-unit, and vlan-id statements at the following hierarchy levels:

  • M Series, MX Series, or T Series router (master administrator only)—[edit interfaces lt-fpc/pic/0 unit unit-number]

  • Logical system—[edit logical-systems logical-system-name interfaces lt-fpc/pic/0 unit unit-number]

    Note

    When you configure IPv6 addresses on a logical tunnel interface, you must configure unique IPv6 link-local addresses for any logical interfaces that peer with one another. To configure a link-local address, you must be the master administrator. Include a second IPv6 address with the address statement at the [edit interfaces lt-fpc/pic/port unit unit-number family inet6] hierarchy level. Link-local addresses typically begin with the numbers fe80 (such as fe80::1111:1/64).

In this example, you create the fe-1/1/3 physical interface on the main router. You can also add values for properties that you need to configure on the physical interface, such as physical encapsulation, VLAN tagging (enabling), and link speed.

The example then shows how to assign logical interfaces to a logical system. Once you do this, the logical interfaces are considered part of the logical system.

Any logical interface unit can only be assigned to one system, including the main router. For example, if you configure logical unit 3 in the main router, you cannot configure logical unit 3 in a logical system.

In this example, you create logical unit 0 on Logical System LS1. You can also add values for properties that you need to configure on the logical interface, such as logical interface encapsulation, VLAN ID number, and protocol family.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure an interface on a logical system:

  1. As the master administrator, configure the physical interface on the main router.

  2. Create the logical system interface on the logical unit.

  3. If you are done configuring the device, commit the configuration.

Verification

To verify that the configuration is working properly, issue the show interfaces command.

Configuring Logical System Interface Properties

With Junos OS, you can partition a single physical router into multiple logical devices that perform independent routing tasks. Because logical systems perform a subset of the tasks once handled by the physical router, logical systems offer an effective way to maximize the use of a single router.

  1. Configure the physical interface that needs to be partitioned into multiple logical systems.
  2. Create the logical system interface on the logical unit.
  3. Configure the required properties for the logical system.

Example: Connecting a Logical System to a Physical Router

This example shows how to configure an interface on a logical system to connect to a separate router. The separate router can be a physical router or a logical system on a physical router.

Requirements

PICs must be installed on the two routers.

Overview

In this example, Logical System LS1 is configured on Router R1. The Logical System LS1 has a direct connection to Router R2.

Figure 1 shows the topology used in this example.

Figure 1: Logical System Connected to a Physical Router
Logical System Connected
to a Physical Router

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Router R1

Device R2

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To connect a logical system to a physical router:

  1. On Router R1, configure the interface.

  2. On Router R1, configure the Logical System LS1 interface.

  3. On Device R2, configure the interface to Logical System LS1.

  4. If you are done configuring the devices, commit the configurations.

Verification

Confirm that the configuration is working properly.

Verifying Connectivity

Purpose

Make sure that the devices can ping each other.

Action

user@R2> ping 10.0.45.2
user@R1> set cli logical-system LS1
user@R1:LS1> ping 10.0.45.1

Example: Connecting Logical Systems Within the Same Device Using Logical Tunnel Interfaces on MX Series Routers and EX Series Switches

This example shows how to configure logical tunnel interfaces to connect two logical systems that are configured in a single router.

Requirements

On M Series and T Series routers, you can create a logical tunnel interface if you have a Tunnel Services PIC installed on an Enhanced FPC in your routing platform.

On M40e routers, you can create a logical tunnel interface if you have a Tunnel Services PIC. (An Enhanced FPC is not required.)

On an M7i router, logical tunnel interfaces can be created by using the integrated Adaptive Services Module.

On an MX Series router, the master administrator can configure logical tunnel interfaces by including the tunnel-services statement at the [edit chassis fpc slot-number pic number] hierarchy level.

Overview

To connect two logical systems, you configure a logical tunnel interface on both logical systems. Then you configure a peer relationship between the logical tunnel interfaces, thus creating a point-to-point connection. Logical tunnel interfaces behave like regular interfaces. You can configure them with Ethernet, Frame Relay, or another encapsulation type. You can also configure routing protocols across them. In effect, the logical tunnel (lt) interfaces connect two logical systems within the same router. The two logical systems do not share routing tables. This means that you can run dynamic routing protocols between different logical systems within the same router.

You must treat each interface like a point-to-point connection because you can only connect one logical tunnel interface to another at any given time. Also, you must select an interface encapsulation type, configure a corresponding protocol family, and set the logical interface unit number of the peering lt interface.

In this example, the logical tunnel interfaces are configured to behave as Ethernet interfaces with the encapsulation ethernet statement. The IS-IS Protocol is enabled on the logical tunnel interfaces with the family iso statement.

When configuring logical tunnel interfaces, note the following:

  • The peering logical interfaces must have the same physical lt interface name. For example, a logical unit on lt-0/1/0 cannot peer with a logical unit on lt-0/0/10. The FPC, PIC, and port numbers must match.

  • The peering logical interfaces must be derived from the same PIC or module.

  • You can configure only one peer unit for each logical interface. For example, unit 0 cannot peer with both unit 1 and unit 2.

  • Logical tunnels are not supported with Adaptive Services, MultiServices, or Link Services PICs, but they are supported on the Adaptive Services Module on M7i routers.

Figure 2 shows the topology used in this example.

Figure 2: Connecting Two Logical Systems
Connecting Two Logical
Systems

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To connect logical system interfaces:

  1. Run the show interfaces terse command to verify that the router has a logical tunnel (lt) interface.
    user@host> show interfaces terse
  2. Configure the logical tunnel interface on Logical System LS1.

  3. Configure the logical tunnel interface on Logical System LS2.

  4. If you are done configuring the device, commit the configuration.

Verification

Confirm that the configuration is working properly.

Verifying That the Logical Systems Are Up

Purpose

Make sure that the interfaces are properly configured.

Action

user@host> show interfaces terse

Verifying Connectivity Between the Logical Systems

Purpose

Make sure that the network address appears as directly connected.

Action

user@host> show route logical-system all

Example: Connecting Logical Systems Within the Same Router Using Logical Tunnel Interfaces

This example shows how to configure logical tunnel interfaces to connect two logical systems that are configured in a single MX Series 5G Universal Routing Platform.

Requirements

The MX Series router chassis must have a DPC, MPC, or MIC installed and in the online state.

Overview

To connect two logical systems, you configure a logical tunnel interface on both logical systems. Then you configure a peer relationship between the logical tunnel interfaces, thus creating a point-to-point connection. Logical tunnel interfaces behave like regular interfaces. You can configure them with Ethernet, Frame Relay, or another encapsulation type. You can also configure routing protocols across them. In effect, the logical tunnel (lt) interfaces connect two logical systems within the same router. The two logical systems do not share routing tables. This means that you can run dynamic routing protocols between different logical systems within the same router.

You must treat each interface like a point-to-point connection because you can only connect one logical tunnel interface to another at any given time. Also, you must select an interface encapsulation type, configure a corresponding protocol family, and set the logical interface unit number of the peering lt interface.

In this example, the logical tunnel interfaces are configured to behave as Ethernet interfaces with the encapsulation ethernet statement. The IS-IS Protocol is enabled on the logical tunnel interfaces with the family iso statement.

When configuring logical tunnel interfaces, note the following:

  • The peering logical interfaces must have the same lt interface name. For example, a logical unit on lt-0/1/0 cannot peer with a logical unit on lt-0/0/10. The FPC (DPC, MPC, or MIC), PIC, and port numbers must match.

  • The peering logical interfaces must be derived from the same module.

  • You can configure only one peer unit for each logical interface. For example, unit 0 cannot peer with both unit 1 and unit 2.

Figure 3 shows the topology used in this example.

Figure 3: Connecting Two Logical Systems
Connecting Two Logical
Systems

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To connect logical system interfaces:

  1. Run the show chassis fpc command to verify that the router has a DPC, MPC, or MIC installed and is in the online state.
    user@host> show chassis fpc

    This output shows that slot 1 and slot 2 are empty. Slot 0 is online.

  2. Configure FPC slot 0 to support logical tunnel (lt) interfaces.

    This command creates several tunnel interface types, including gr, ip, and lt. For this example, the important one is the logical tunnel (lt) interface.
  3. Commit the configuration.

  4. Run the show interfaces terse command to verify that the router has a logical tunnel (lt) interface.
    user@host> show interfaces terse
  5. Configure the logical tunnel interface on Logical System LS1.

  6. Configure the logical tunnel interface on Logical System LS2.

  7. If you are done configuring the device, commit the configuration.

Verification

Confirm that the configuration is working properly.

Verifying That the Logical Systems Are Up

Purpose

Make sure that the interfaces are properly configured.

Action

user@host> show interfaces terse

Verifying Connectivity Between the Logical Systems

Purpose

Make sure that the network address appears as directly connected by running the command below. You can also ping the IP addresses to confirm the connectivity.

Action

user@host> show route logical-system all