Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Next Gen Services Overview

 

This topic provides an overview of Next Gen Services and includes the following topics

MX Series 5G Universal Router Services Overview

MX Series 5G Universal routers support several types of Services interfaces, which provide specific capabilities for inspecting, monitoring and manipulating traffic as it transits an MX Series router. Services can be categorized into Adaptive Services and Next Gen Services, with each category providing Inline services interfaces and Multiservices interfaces options. Table 1 lists the cards that provide these services.

Note

The MX-SPC3 replaces MS- type cards providing a significant overall performance improvement together with high-end scale and capacity.

Table 1: MX Series 5G Universal Router Services

MX Series 5G Universal Routing Platform

Adaptive Services

Next Gen Services

MPC

si-1/0/0

Inline services

MS-DPC

ms-1/0/0

MS-MPC

ms-1/0/0

MS-MIC

ms-1/0/0

MPC

si-1/0/0

Inline services

MX-SPC3

vms-1/0/0

  • Adaptive Services can run on MS-DPC, MS-MPC, and MS-MIC cards using Multiservices (MS) PICs or Adaptive Services (AS) PICs.

  • Next Gen Services can run on MPC cards and the MX-SPC3 security services card.

Inline services are configured on MX Series Modular Port Concentrators (MPC)s. Inline services interfaces, are virtual physical interfaces that reside on the Packet Forwarding Engine. They provide high performance processing on traffic transiting the MPC, and allow you to maximize your chassis slot capacity and utilization.

Multiservices Security cards (MS-DPC, MS-MPC, MS-MIC or MX-SPC3), provide services that can be applied to any traffic transiting the MX chassis beyond just an individual MPC. They also provide dedicated processing to support a variety of security features at scale and high performance.

Adaptive Services Overview

Adaptive Services run inline on MPCs and on MS-DPC, MS-MPC, and MS-MIC Multiservice security cards. Adaptive Services (AS) PICs and Multiservices PICs enable you to perform multiple services on the same PIC by configuring a set of services and applications. The AS and Multiservices PICs offer a range of services that you can configure in one or more service sets.

Note

On Juniper Networks MX Series 5G Universal Routing Platforms, the MS-DPC provides essentially the same capabilities as the MS-MPC. The interfaces on both platforms are configured in the same way.

Inline Services

Adaptive Services also use inline services interfaces to provide inline services. Inline services interfaces are virtual interfaces that reside on the Packet Forwarding Engine.

You configure inline services only on MPCs using the naming convention si-fpc/pic/port rather than the ms-fpc/pic/port naming convention.

For more information about Adaptive Services including inline services, see Adaptive Services Overview.

Next Gen Services

Next Gen Services provide the combined capabilities of MX and SRX security services enabling you to inspect, monitor and manipulate traffic as it transits the MX Series router. Next Gen Services are supported both inline on Modular Port Concentrators (MPCs) and the MX-SPC3 security services card in MX240, MX480 and MX960 routers. Please refer to Table 2, which provides a summary of Next Gen Services that are supported both inline and on the MX-SPC3 card. Both Inline and MX-SPC3 based services can be used at the same time.

You configure Next Gen Services on the MX-SPC3 security services card using the virtual multiservices naming convention: vms-fpc/pic/port.

Summary of Services Supported on MX Series 5G Universal Routers

Table 2 provides a summary of the services supported under Next Gen Services.

Table 2: Summary of Services Supported on MX Series 5G Universal Routing Platform

Next Gen Services: Inline (si-) Interface and MX-SPC3

Service Feature

Inline Services

MX-SPC3

Junos OS Release

Sub-Service

Junos OS Release

Sub-Service

CGNAT

19.3R2

20.2R1

  • Basic-NAT44 and NAT66

  • Static Destination NAT

  • Twice-NAT44 Basic

  • 6rd Softwires

  • NPTv6

  • MAP-E

19.3R2

20.2R1

  • Basic-NAT44

  • Basic-NAT66

  • Dynamic-NAT44

  • Static Destination NAT

  • Basic-NAT-PT

  • NAPT-PT

  • NAPT44

  • NAPT66

  • Port Block Allocation

  • Deterministic-nat44 and nat64

  • End Point Independent Mapping (EIM)/End Point Independent Filtering (EIF)

  • Persistent NAT – Application Pool Pairing (APP)

  • Twice-NAT44 – Basic, Dynamic and NAPT

  • Port Control Protocol (PCP) – v1 and v2

  • NAT64

  • XLAT-464

  • NPTv6

  • DS-Lite

Traffic Load Balancer

19.3R2

 

19.3R2

 

SecIntel (SkyATP IP Threat Feeds)

19.3R2

 

N/A

 

Stateful Firewall Services

N/A

 

19.3R2

 

Intrusion Detection Services (IDS)

N/A

 

19.3R2

 

DNS Request Filtering

N/A

 

19.3R2

 

Aggregated Multiservices Interfaces

N/A

 

19.3R2

 

Inter-chassis High Availability

N/A

 

19.3R2

CGNAT, Stateful Firewall, IDS

URL Filtering

N/A

20.1R1

JFlow

20.1R1

N/A

RPM and TWAMP

20.1R1

N/A

Video Monitoring

20.1R1

N/A

Next Gen Services Documentation

You can run Next Gen Services on the MX240, MX480, and MX960 if you have the MX-SPC3 services card installed in the router. Refer to our TechLibrary for all MX router documentation. For Next Gen Services, refer to the following documentation:

Enabling Next Gen Services

To run Next Gen Services, you must enable it on the MX Series router. This enables the operating system to run it’s own operating system (OS) for Next Gen Services.

There are specific steps you’ll need to take if you’re migrating your services from legacy services cards to the MX-SPC3. The Next Gen Services CLI differs from these legacy services. For more information, see Configuration Differences Between Adaptive Services and Next Gen Services on the MX-SPC3.

Compatibility with Other Services Cards

The MX-SPC3 services card is compatible end-to-end with the MX Series Switch Fabrics, Routing Engines and MS-MPC line cards as described in Table 3.

Table 3: MX-SPC3 Services Card Compatibility with MX Series Switch Fabrics, Routing Engines and MPC Line Cards

Switch Fabric

Route Engine

MPC Line Cards

SCBE

RE-S-1800X4-16G-UPG-BB

RE-S-1800X4-32G-UB

MPC2E-3D

MPC2-3D-NG

MPC3E and MPC3E-3D-NG

MPC4E-3D

MPC-3D-16XGE

 

SCBE2

RE-S-1800X4-16G-UPG-BB

RE-S-1800X4-32G-UB

RE-S-X6-64G-UB

MPC2E-3D

MPC2-3D-NG

MPC3E and MPC3E-3D-NG

MPC4E-3D

MPC5E and MPC5EQ

MPC7E, MPC7EQ, and MPC-3D-16XGE

MPC-3D-16XGE

 
 

Configuring the MX-SPC3 Services Card

The interfaces on the MX-SPC3 services card are referred to as a virtual multi service (vms) PIC. When you configure an MX-SPC3 interface, you specify the interface as a vms- interface as follows:

Aside from the CLI differences, you need to be aware of the basic hardware differences between multiservices (MS) type (MS-DPC, MS-MPC, and MS-MIC) cards and the MX-SPC3 services card. MS type cards contain four CPU complexes whereas the MX-SPC3 card, while more powerful, contains two CPU complexes. Each CPU complex services a single PIC, meaning that MS type cards support four PICs whereas the MX-SPC3 supports two PICs. MS type cards use special multiservices (MS) and adaptive services (AS) PICs, whereas the PICs on the MX-SPC3 card are integrated.

Because the number of PICs directly affects the number of interfaces, you might need to add logical units to each interface on the MX-SPC3 to increase the number of interfaces to four. For example, if you currently use all four interfaces on the MS type card and you have a service set per interface, you can create two logical units per interface on the MX-SPC3 to bring the total number of interfaces to four, and then reassociate the four service sets to these four logical interfaces.

Methods for Applying Services to Traffic

When you configure Next Gen Services, you can apply those services with either of the following methods:

  • Apply the configured services to traffic that flows through a particular interface on the MX router.

  • Apply the configured services to traffic that is destined for a particular next hop.