New Features
This section describes the features available in Juniper Paragon Automation Release 2.1.0.
Device Life-Cycle Management
Device life-cycle management (LCM) encompasses the entire life-cycle of the device, from installing the device on-site, bringing the device under management, monitoring the device when it is in production, and finally decommissioning the device.
Juniper Paragon Automaton Release 2.1.0 provides the following additional device life-cycle management features:
-
Support for aggregated Ethernet interfaces—Apart from channelized interfaces, management interfaces, and interfaces with logical units, you can configure aggregated Ethernet interfaces in a network implementation plan.
-
Customize device and interface provisioning during onboarding—You can use configuration templates within device profiles and interface profiles to configure the device infrastructure during device onboarding. Additionally, you can use the templates to customize the configurations provided in the device profiles and interface profiles.
-
Support for Cisco Systems routers—Apart from Juniper Networks' routers, you can onboard routers from Cisco Systems to Paragon Automation and manage them. In this release, support for non-Juniper devices is limited to onboarding the device and configuring the device using REST APIs. See Help > API Docs in the Paragon Automation GUI for information about Paragon Automation REST APIs.
[See Supported Junos OS Releases, Devices, and Browsers for the list of devices supported in Paragon Automation.]
-
Filter devices and interfaces by using tags—You can assign tags in the key:value format (for example, site:London) to devices and interfaces. You can use the tags to select a set of devices and interfaces based on the tags assigned to them.
You can assign tags to devices from the Inventory page (Inventory > Devices > Network Inventory) and to interfaces from the Interfaces tab (Observability > Health > Troubleshoot Devices > Device-Name > Inventory > Interfaces).
You can view, add, edit, and delete all the tags in an organization from the Tags page (Inventory > Common Resources > Tags).
[See About the Tags Page.]
Observability
Paragon Automation enables you to view your entire network topology in real-time, monitor network health, be notified of any anomalies in the network, and also get guidance on the remediation of these anomalies. With observability, Paragon Automation monitors and analyzes the network and its components by using key performance indicators (KPIs), device logs, and metrics, and notifies you about network issues through alerts and alarms. Additionally, Paragon Automation runs connectivity tests using synthetic traffic to identify connection issues between devices in your network. The timely detection of anomalies enables you to take prompt action and minimize the impact of any issues that occur.
Juniper Paragon Automation Release 2.1.0 provides the following additional observability features:
-
Monitor routing health—Juniper Paragon Automation monitors the overall health of routing components during device onboarding and when a device is operational. You can view the following information on the Routing accordion of the Device-Name (Observability > Health > Troubleshoot Devices > Device-Name) page:
-
Overall health status and relevant events
-
BGP peers, flaps, routes (advertised and received)
-
IS-IS adjacency state, flaps, IS-IS drops
-
OSPF interface state, hello protocol, input/output (I/O) errors
-
RSVP neighbors, global traffic engineering (TE) errors, TE interface errors
-
Label-switched path (LSP) and LDP peers, LSP flaps
-
Total routes, and total active routes in the routing information base (RIB) also known as routing table, and forwarding information base (FIB) also know as forwarding table
-
-
View live topology updates—You can view live changes in topology even if the devices are not managed by Paragon Automation.
To view live updates, you need to do the following:
Specify the IP address of the BGP-LS peer and autonomous system (AS) number on the Topology Settings page (Observability > Network > Topology > Topology Menu Bar > Settings icon).
Manually refresh the Topology page or you need to right-click on the topology map and select Reload Network.
In addition, on the topology map, you can view the latest operational status of devices, links, sites, and tunnels.
-
Discover label-switched paths (LSPs) in your network—Juniper Paragon Automation uses Path Computation Element Protocol (PCEP) to discover LSPs in your network. You can view all LSPs and their attributes on the Tunnels tab of the network information table on the Topology page (Observability > Network > Topology). You can also view the operational status of the LSP on the topology map of the Topology page.
For tunnel-related information to be displayed on the Tunnels tab, you must adopt or onboard devices to Paragon Automation.
[See About the Tunnels Tab.]
Trust and Compliance
Paragon Automation helps protect the network from threats and vulnerabilities by periodically checking whether a target's configuration, integrity, and performance comply with predefined security benchmarks. The term target refers to devices and device components. Paragon Automation distills the outcomes of these checks into a single trust score that you can use to determine how trustworthy a device is.
Juniper Paragon Automation Release 2.1.0 provides the following additional trust and compliance features:
-
Run a compliance scan by uploading a JSON file—You can run a compliance scan by uploading a preconfigured compliance configuration file in the JSON format, in the Create Compliance Scan wizard (Trust > Compliance > Compliance Scan > + Add > Create Compliance Scan).
Service Orchestration
Service orchestration is the process of designing, configuring, validating, deploying, and monitoring a network service. Paragon Automation automates the entire life cycle of a network service by providing workflows that execute the tasks to be completed to deliver a service. You can provision various network services by using predefined service designs written in YANG. The Service Catalog is an inventory of service designs, which are templates that provide guidelines and parameters for instantiating a service. A service instance defines the elements of a service. The instruction to create, modify, or delete a service instance is a service order. After you initiate a service order and publish it, Paragon Automation provisions the service in the network. After provisioning, Paragon Automation monitors the service by automatically setting up Juniper® Paragon Insights and Juniper® Paragon Active Assurance instances to monitor network health and measure service quality.
Juniper Paragon Automation Release 2.1.0 provides the following additional service orchestration features:
-
Provision EVPN services—Paragon Automation provisions Layer 2 Ethernet VPN (EVPN) services in your network by using automated workflows. To provision an EVPN service, you must define EVPN service elements such as the VPN service topology and type, and site-specific details such as site names and locations, and site network access parameters.
You can monitor the workflow execution status and detailed task logs to troubleshoot and fix errors when an automated workflow run fails. After the EVPN service is provisioned, Paragon Automation automatically monitors the health and quality of the service.
[See Add an EVPN Service Instance.]
-
Provision L2 circuit services—You can use Paragon Automation to provision a point-to-point L2 circuit between two customer edge devices through the MPLS network. To provision an L2 circuit, you must define L2 circuit service elements such as the underlay transport type, details about the provider edge and customer edge devices through which the L2 circuit spans, site network access parameters, and signaling type in the MPLS network.
Paragon Automation provisions L2 circuit services by using automated workflows. You can monitor the workflow execution status and detailed task logs to troubleshoot and fix errors when a workflow run fails. You can also monitor service health and quality after the service is provisioned.
-
Create and manage Resource Instances—You can use Paragon Automation to create, modify, and delete resource instances based on guidelines and templates defined in the corresponding resource designs. A resource instance defines the elements of a network resource pool that must be configured to provision Layer 3 VPN (L3VPN), EVPN, and L2 circuit services in the network. After you create or modify a resource instance, and commit the instance, a service order is generated. The service order activates the automated workflow to upload the resource pool to the Paragon Automation database. A delete service order activates the automated workflow to delete the resource pool from the database. You can also monitor the execution state of the service orders and view details of the workflow run tasks associated with the service orders.
-
View service monitoring data—Paragon Automation automatically monitors service health and quality after provisioning the service in the network. You can view the monitoring data under the Active Assurance (for L3VPN and EVPN services) and Passive Assurance (for L2 circuit services) tabs on the Service-Instance-Name Details page.
Active Assurance
Active Assurance is a programmable test and monitoring solution, which generates synthetic traffic in the underlay network to gain continuous insights on network quality, availability, and performance. Active Assurance uses Test Agents, which are measurement points in your network. Test Agents generate and receive synthetic traffic, and enable you to continuously monitor and validate the infrastructure. You can deploy the Test Agents at strategic locations in your network and install them on Junos OS Evolved routers, x86 hardware, or on virtual machines. If you are using Juniper Networks® MX Series Universal Routers and Juniper Networks® PTX Series Routers, Paragon Automation uses real-time performance monitoring (RPM) for collecting the metric data.
Juniper Paragon Automation Release 2.1.0 provides the following additional Active Assurance features:
-
Support for Test templates—You can create Test templates and reuse these templates while creating Tests. Test templates eliminate the need to manually configure Task parameters and metrics evaluation criteria each time you run a Test.
You can view and manage the Test templates from the Test Templates (Inventory > Active Assurance > Test Templates) page.
-
Support for input variables—You can create input variables when you configure a Step for a Test or a Test template. Input variables are reusable Task parameters that ensure that the same values are consistently used across different Steps. Input variables eliminate the need to reconfigure the parameters and minimize discrepancies.
From the Measurement Designer (Observability > Active Assurance > Measurement Designer > + Create blank Test > Tasks) page, you can create input variables by specifying the parameters such as label name, advanced details, and settings.
[See Create Input Variables.]
-
Support for additional native plug-ins—Paragon Automation supports the following native plug-ins to evaluate the quality of services in your network:
- IPTV MPEG
- Netflix Speedtest
- OTT-HLS
- TCP
- UDP
[See Test and Monitors Overview.]
-
Support to retain Test results for a canceled Test—Paragon Automation provides a cancel option on the Tests (Observability > Active Assurance > Tests) page to stop a running test.
When you cancel a running Test, Paragon Automation retains the data related to the canceled Test up to the point of cancellation. You can view this data on the Tests page.
[See About the Tests Page.]
-
View Test Agents and Monitors details—You can view the details of Test Agents and Monitors such as name, descriptions, and tags. To view these details, a Detailed View icon is added on the Test Agents (Inventory > Active Assurance > Test Agents) page and the Monitors (Observability > Active Assurance > Monitors) page. In addition, you can also edit the Name, Description, and Tags fields, and copy the API Request URL to fetch the details of the Test Agents and the Monitors.
[See About the Test Agents Page and About the Monitors Page.]
Administration
Paragon Automation Release 2.1.0 provides the following administration features to manage users, sites, and organizations:
-
Audit log enhancements—Audit logs are available for user account lockout, unsuccessful authentication, and successful authentication events.
The type of event for which the log is generated is displayed in the Event Type column of the Audit Logs page (Settings menu > Audit Logs).
Event Types include:
-
User Management (events such as user creation and deletion, password reset, successful, unsuccessful authentication, and so on).
-
Organization (events at the organization level such as creating or deleting an organization, user logging into or exiting the organization, and so on).
[See Audit Logs Overview and About the Audit Logs Page.]
-
Paragon Shell CLI
The following command has been changed in Juniper Paragon Automation Release 2.1.0:
-
request paragon support information—You can use the
request paragon support information
command to view an in-depth status report of the Paragon Automation cluster configuration. When you execute this command on any one of the cluster nodes, a series ofshow
commands andkubectl
commands are executed one after the other.The
request support information
command is no longer valid.
Beta Features
Juniper Paragon Automation Release 2.1.0 provides Beta support for the following features:
-
Observability
-
Health Dashboard—Paragon Automation provides a dashboard that enables you to monitor network health in real-time. On the WAN Health tab of the dashboard (Observability > Health > Health Dashboard > WAN Health), you can view the overall health of your devices, interfaces, and routing neighbors. You can also view KPIs that affect overall health, and a graph of the average health of devices for the past 30 minutes.
[See About the Health Dashboard and About the WAN Health Tab.]
-
-
Service Orchestration
-
Schedule service order provisioning—You can schedule provisioning of an L3VPN, EVPN, and L2 circuit service order by specifying the date and time for provisioning. Paragon Automation automatically provisions the service order at the specified date and time.
[See Add an L3VPN Service Instance, Add an EVPN Service Instance, and Add an L2 Circuit Service Instance.]
-
-
Administration
-
Support for Lightweight Directory Access Protocol (LDAP)—Apart from Security Assertion Markup Language (SAML), you can configure LDAP to authenticate and authorize users logging into Paragon Automation.
[See Manage Identity Providers.]
-