Managing DMI Devices Using the SRC Software and Junos Space Overview
Using the SRC Junos Device Management Interface (DMI) router driver and Junos Space, you can manage DMI-enabled routers running Junos OS. Junos Space provides the ability to manage all Junos devices that provide a DMI. Using the Junos Space GUI, you can discover and manage DMI devices. The SRC software uses the Junos Space REST API to configure, monitor, and synchronize with DMI devices.
The SRC Junos DMI router driver provides the integration between the SRC software and Junos Space to manage Junos devices using the Junos Space REST API. The SRC Junos DMI router driver is an alternative to the SRC Junos BEEP router driver implementation, which is obsolete and is not supported on all devices running Junos OS.
All currently supported BEEP features are available with the Junos DMI router driver, including stateless firewall filters, CoS and advanced services policies (stateful firewall and NAT). As with the current Junos (BEEP) router driver, script services that use the Junos XML management protocol command channel are also supported. All drivers configured within a single SRC host are connected to the same Junos Space cluster. The Junos DMI driver is independent of the BEEP driver. Both drivers can be active at the same time but cannot be connected to the same router running Junos OS.
To provide redundancy, you can configure multiple instances of the Junos DMI driver for the same router running Junos OS. Only one driver for a given device is active at the same time.
Like all SAE router drivers, the Junos DMI driver reacts to requests from the device that signals subscribers logging in and logging out. The driver publishes Interface Tracking events, performs interface classification to determine any default policies, and initiates SAE subscriber session login and logout processing. The driver can dynamically activate, modify, and deactivate policies for existing subscriber sessions, or terminate a subscriber session. The driver can synchronize the state of a single subscriber session or all sessions.
With the Junos (BEEP) driver, because the sdxd daemon establishes the connection to the SRC software, you need to configure the SRC server on the device. You also need to create the sdx and sdx-sessions groups and add them to the apply-groups with the highest priority. However, the Junos DMI router driver initiates the connection to the Junos Space cluster and does not communicate with the router directly. As a result, no additional configuration is required on the Junos Space cluster, or on the router to specify the SRC server. For the groups and the apply-groups configuration, the Junos DMI router driver automatically configures the device.
The groups name under which you install the SRC policies is configurable. However, for backward compatibility with the Junos (BEEP) router driver, the default groups name is “sdx” and “sdx-sessions.”
For redundancy, multiple SRC hosts can be configured in a community. The community manager appoints a master to become active. The active driver connects to the Junos Space cluster and manages the router. The standby driver does not connect to Junos Space, or send any configuration to the router unless it detects the failure of the master and switches over.
Selecting an active driver requires that the network be reachable between all drivers managing a particular router.
If a community member cannot reach its peers, it appoints the local driver as an isolated master. When connectivity is restored, multiple masters may be active. The following scheme is used to resolve this issue:
If a driver is appointed and it cannot connect to the Junos Space cluster that has active connections to its device, the driver shuts down.
If two masters are active at the same time, they send pings to each other. In this case, one of the masters will be demoted and the other performs a full synchronization.
The Juniper Networks database is used to look up the endpoint address of the peers, so the drivers must be configured to use a shared Juniper Networks database (for example, by configuring the local Juniper Networks database to participate in the same directory community).