Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    CFEB Overview

    Monitor the CFEB so that it can provide route lookup, filtering, and switching on incoming data packets and direct outbound packets to the appropriate interface for transmission to the network.

    The CFEB processes 16 Mpps. The CFEB performs the following functions:

    • Route lookups—Performs route lookups using the forwarding table stored in synchronous SRAM (SSRAM).
    • Management of shared memory —Uniformly allocates incoming data packets throughout the router’s shared memory.
    • Transfer of outgoing data packets—Passes data packets to the destination FIC or PIC when the data is ready to be transmitted.
    • Transfer of exception and control packets—Passes exception packets to the microprocessor on the CFEB, which processes almost all of them. The remainder are sent to the Routing Engine for further processing. Any errors originating in the Packet Forwarding Engine and detected by the CFEB are sent to the Routing Engine using system log messages.
    • (M7i router only) Built-in tunnel interface—Encapsulates arbitrary packets inside a transport protocol, providing a private, secure path through an otherwise public network.

      The built-in tunnel interface on the CFEB is configured the same way as a PIC. For information about configuring the built-in tunnel interface, see the Junos OS Services Interfaces Configuration Guide.

    • (M7i router only) Optional Adaptive Services PIC–Integrated (ASP–I)—Provides one or more services on one PIC. See “Adaptive Services PIC–Integrated (ASP–I)” on page 11 for more information.

    Figure 1 shows the M7i router CFEB component.

    Figure 1: M7i Router CFEB

    M7i Router CFEB

    Figure 2 shows the M7i router CFEB with ASP-I.

    Figure 2: M7i Router CFEB with ASP-I

    M7i Router CFEB with
ASP-I

    The ASP–I is an optional component of the CFEB. The ASP–I is similar to the standalone Adaptive Services PIC, but operates at a reduced bandwidth. The ASP–I enables you to perform one or more services on the same PIC by configuring a set of services and applications.

    The ASP–I provides the following services:

    • Stateful firewall—A type of firewall filter that considers state information derived from previous communications and other applications when evaluating traffic.
    • Network Address Translation (NAT)—A security procedure for concealing host addresses on a private network behind a pool of public addresses.
    • Intrusion detection services (IDS)—A set of tools for detecting, redirecting, and preventing certain kinds of network attack and intrusion.

    The configuration for these three services comprises a series of rules that you can arrange in order of precedence as a rule set. Each rule follows the structure of a firewall filter, with a from statement containing input or match conditions and a then statement containing actions to be taken if the match conditions are met. For information about configuring interfaces on the ASP–I, see the Junos OS Services Interfaces Configuration Guide.

    Figure 3 shows the M10i router CFEB component.

    Figure 3: M10i Router CFEB Component

    M10i Router CFEB Component

    You can install one CFEB in the M7i router from the rear of the router above the power supplies. You can install one or two CFEBs from the rear of the M10i router chassis above the fan tray (see Figure 4).

    Figure 4: M7i and M10i Router CFEB Location

    M7i and M10i Router
CFEB Location
     

    Related Documentation

     

    Published: 2012-08-20