Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


APM Installation

APM Installation Overview

Juniper Address Pool Manager (APM) is an automated, centralized, container-based cloud-native application that network operators and administrators use to manage IP address resources. APM works with managed broadband network gateways (BNGs) to monitor address pools on BNGs. When the number of free addresses drops below a set threshold, the BNG raises an alarm. The alarm triggers APM to allocate unused prefixes from its global list of prefixes and provision a subset of the prefixes to the BNG as new pools.


The term BNG in this document also applies to the BNG CUPS Controller.

You can deploy APM on any hardware that meets the requirements. The following sections describe:

  • APM hardware and software requirements

  • How to install APM

  • How to adjust APM setup parameters

  • How to create certificates

APM Installation Requirements

To install APM, you need the following hardware and software:

APM Hardware Requirements

You can install APM on a physical machine or on a virtual machine. Confirm that your equipment meets the following minimum requirements:

Primary Node

  • RAM: 30 GB

  • Disk space: 120 GB of free disk storage in the root filesystem

  • CPU cores: 4; hyperthreading preferred

Each Worker Node (minimum of three)

  • RAM: 62 GB
  • Disk space: 64 GB of free disk storage in the root filesystem

  • CPU cores: 7; hyperthreading preferred

APM Software Requirements

APM requires the following:

  • Ubuntu version 18.04 LTS or later
  • Domain name

We recommend that you install Ubuntu as one large disk partition. If you use multiple partitions, APM data is written to the /var/local directory.

Additional Requirements

The BNG is a Juniper Networks MX Series router, a Juniper BNG CUPS Controller (BNG CUPS Controller), or a Juniper Networks vMX Virtual Router running a supported Junos OS release.

For APM, confirm the following:

  • The APM application has access to the Internet during installation.

  • You have a user account with permissions to download the APM software package. Download and install the APM software from a machine that will not be part of the Kubernetes cluster.

APM Installation Package

The APM software package installs the Kubernetes cluster and the APM application in a Docker container. It automatically configures the following environment for the APM application:

  • A persistent volume of 5 gibibytes (GiB) or larger for the APM database to store snapshots and transaction logs to provide persistent recovery. The persistent volume must have read-write-many (RWX) access.

  • A persistent volume of 100 mebibytes (MiB) or larger for APM to store dynamic configuration files for configuration recovery. The persistent volume must have read-write-many (RWX) access.

  • A persistent volume of 1 gibibytes (GiB) to store logs if persistent file-based logging is selected during the startup.

  • Docker and the local Docker image store. Use a private Docker registry for the container images used by the worker nodes in a cluster.

You can choose which volume plug-in to use for the persistent volume. However, the plug-in must support read-write-many (RWX) access, because both the primary nodes and the worker nodes will write to the persistentVolumeClaim.

You can also choose whether to set the reclaim policy for the persistent volumes appropriate to your overall storage management strategy. Claims against these persistent volumes are withdrawn only when you uninstall APM.

Set Up SSH Access to the Nodes

SUMMARY  If you haven't already established SSH access, use this procedure to set up secure shell (SSH) access between the account executing bbecloudsetup and the root users of each cluster node.

  1. Generate a SSH key pair. Enter a passphrase as prompted.
    The ssh-keygen command creates both a public key and a private key.
  2. Copy the public keyfile to each node. For example, the following command copies the file to the primary node. Repeat the step for the other worker nodes.

Install APM

SUMMARY Use this procedure to install APM.

Before you begin, confirm that you have met the hardware and software requirements for the APM installation. You must have root-level SSH access to all the nodes. Also, be sure to have the following information on hand when you start your installation:

  • Kubernetes registry location
  • Registry name
  • Registry port
  • Name of the persistent volumes used for configuration files and database storage.
  • IP address of the controller. By default, APM uses the IP address of the primary node.
  • Security key and certificate. We recommend that you use a secure connection between APM and the BNG. For information about creating a self-signed certificate, see Create Certificates.

Install the BBE Cloud Environment and the APM Application

The BBE cloud environment utility is an installation tool that you use to establish the application environment for the APM application.
  1. Download the APM software package from the Juniper Networks software download page, and save it to a server that will not be part of the Kubernetes cluster.

    APM is available as an archive compressed TAR file (.tgz). The .tgz file contains two Debian packages:

    • bbecloudsetup.deb—The cloud environment utility sets up the Kubernetes cluster consisting of one primary node and three worker nodes.
    • apm.deb—The APM Debian file creates and installs APM in the /var/local/apm directory. The APM Debian package installs all the necessary external module dependencies that are used in the operation of APM.
  2. Unpack the APM TAR (.tgz) file. The filename includes the release number as part of the name. The release number has the format -m.n.r, where:
    • m is the main release number of the product.
    • n is the minor release number of the product.
    • r is the revision number.
  3. Unpack and install the bbecloudsetup.deb file.
  4. Run bbecloudsetp and install APM. During the installation, enter the required information when prompted:
    • BBE application list
    • Path to the application packages (.deb)
    • DNS name for the primary node
    • DNS names for the worker node. You must have at least three worker nodes.

    If you have not been instructed to install disaggregated BNG (dbng), enter n when prompted to install dbng.

  5. (Optional) After you've successfully created the Kubernetes environment, remove the BBE cloud environment utility.
  6. Log in to the primary node of the cluster and verify the APM installation.
  7. Run setup to configure your installation.

    The setup command does all of the following:

    • Checks the runtime environment compatibility for APM. It also verifies that the supported versions of Ubuntu and Docker are installed.

    • Loads the container images to the local Docker repository.

    • Initializes the APM configuration.

    • The APM setup command in Release 3.1.0 provides these prompts during the setup:

      • Enable persistent logging.
      • Export logs to a syslog server. If you enter Y, you are prompted to provide the server address or domain name.
      • Enter the name for the persistent volume. The setup script verifies that the persistent volume is of sufficient size to support the log file size and the number of files.
      • Configure the number of provisioning workers. The default number of workers for the provisioning service is three. As entities connect to APM, they are load-balanced across the set of provisioning workers in the provisioning microservice. Make sure that number of provisioning workers does not exceed the number of available CPUs on a given worker node.
  8. Verify the installation.
    • Verify the APM version.

    • Verify that all Kubernetes objects are in present or bound state.

Configure and Start APM

SUMMARY Use this procedure to configure and start APM.

  1. Enter apm start to start APM services. For example:

    This command starts the APM services in the order of dependency. Essential services (db and cmgd) start before the other services.


    By default, APM starts from factory defaults. The configuration is reset to its initial state, any persistent state database (DB) and any persistent logs are cleared. In APM Release 3.1.0, after the initial setup, you can use apm start –-retain for APM to retain its previous state.

  2. Enter apm status to verify that the APM services are up and running. For example:

    Collect the logs for a service and contact the Juniper Networks Technical Assistance Center (JTAC) when either of the following occurs:

    • The service is not running.

    • The service’s uptime compared to other services indicates that it has restarted.

Create Certificates

SUMMARY  Use this procedure to create a self-signed SSL certificate and a public-private keypair for use on APM, on the BNGs, or on the BNG CUPS Controller.

APM supports using Transport Layer Security (TLS) to establish a secure communication channel with the BNG. TLS requires that the SSL certificate be signed by a certificate authority (CA) for encrypted communication. For the certificates, use OpenSSL on a Linux machine to create all the working keys and certificate files. Create a root CA certificate and use it to sign both the APM certificate and the BNG certificate. When you create the certificates, you are prompted to enter the following information about your company and organization that help identify the certificate:
  • Two-letter country code
  • State or province name
  • Locality (city, town, and so on)
  • Organization name
  • Organization unit name
  • Common name
  • E-mail address
  • Challenge password
  • An optional company name

Create a Root CA Certificate

  1. Generate a 4096-bit private key for the root CA. This key is used to create the CA certificate.
  2. Create the X.509 root CA certificate. Enter information about your organization as prompted.

    We do not recommend using a challenge password when you create your certificate.

Generate a Key and a Self-Signed Certificate for APM

  1. Generate a 4096-bit private key for APM.
  2. Generate a certificate signing request (CSR) for APM. Enter information about your organization as prompted.

    We do not recommend using a challenge password when you create your certificate.

  3. Create the certificate for the BNG router. Use the root CA to sign the BNG CSR.

Generate a Key and a Self-Signed Certificate for BNG

  1. Generate a 4096-bit private key for the BNG router.
  2. Generate a CSR for the BNG. Enter information about your organization as prompted.

    The common name on the certificate must be the same as the entity-name that you set in the entity configuration statement for APM.

  3. Create the certificate for the BNG. Use the root CA to sign the BNG CSR.
  4. Create a Privacy Enhanced Mail (PEM) certificate that contains both the BNG certificate and private key.

Use the certificate and key files to configure a secure gRPC connection with the BNG router. See Configure the BNG Router.