Configuring a Next-Hop Service Set

A next-hop service set is a route-based method of applying a particular service. Only packets destined for a specific next hop are serviced by the creation of explicit static routes. This configuration is useful when services need to be applied to an entire virtual private network (VPN) routing and forwarding (VRF) table, or when routing decisions determine that services need to be performed.

When a next-hop service is configured, the AS or MultiServices PIC is considered to be a two-legged module with one leg configured to be the inside interface (inside the network) and the other configured as the outside interface (outside the network).

To configure the domain, include the service-domain statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level:

The service-domain setting must match the configuration for the next-hop service inside and outside interfaces. To configure the inside and outside interfaces, include the next-hop-service statement at the [edit services service-set service-set-name] hierarchy level. The interfaces you specify must be logical interfaces on the same AS PIC. You cannot configure unit 0 for this purpose, and the logical interface you choose must not be used by another service set.

Traffic on which the service is applied is forced to the inside interface using a static route. For example:

After the service is applied, traffic exits by way of the outside interface. A lookup is then performed in the Packet Forwarding Engine (PFE) to send the packet out of the AS or MultiServices PIC.

The reverse traffic enters the outside interface, is serviced, and sent to the inside interface. The inside interface forwards the traffic out of the AS or MultiServices PIC.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.