Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


IPsec Security Services

Read this topic to understand how the cloud-native router integrates with Juniper's cSRX to provide IPsec security services.

Juniper Cloud-Native Router (JCNR) offers containerized routing functionality for both cloud-based and on-premise 5G environments. There is a growing demand for integrating security services with JCNR. This functionality can be achieved using host-based service chaining. Starting Release 23.4, the cloud-native router is integrated with Juniper's containerized SRX (cSRX) platform to provide security services such as IPsec.


Let us consider an IPsec security services use case with JCNR. In the figure below, the cloud-native router connects the provider edge (PE) routers in a service provider network. The customer edge (CE) routers or devices in the source network securely transfer data to the destination CEs via an IPsec tunnel. In the given scenario, the IPsec tunnel initiates from the cloud-native router's security services (cSRX) and terminates on the destination CEs. The cloud-native router and its peer PE provides the underlay connectivity to the IPsec tunnel.

The cloud-native router is chained with a security service instance (cSRX) in the same Kubernetes cluster. The cSRX instance runs as a pod service in L3 mode. Please review the Deploying cSRX with JCNR topic for details on how to deploy cSRX for service chaining with JCNR.


A cloud-native router instance is service chained with only one instance of cSRX and therefore supports only one IPsec tunnel.