Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

New Features

This section describes the features available in Juniper Paragon Automation Release 2.2.0.

Device Life-Cycle Management

Device life-cycle management (LCM) encompasses the entire life-cycle of the device, from installing the device on-site, bringing the device under management, monitoring the device when it is in production, and finally decommissioning the device.

Juniper Paragon Automation Release 2.2.0 provides the following additional device life-cycle management features:

  • Use IPv6 to onboard and manage devices—Paragon Automation supports the use of IPv6 addresses to onboard and manage devices. In earlier releases, Paragon Automation supported only IPv4 addresses.

    Paragon Automation does not support dual stack IP addressing in Release 2.2.0. You can use either IPv4 addresses only or IPv6 addresses only and cannot use a combination of IPv4 and IPv6 addresses for onboarding and managing devices.

  • Reboot a Cisco device—You can use the Reboot option on the Troubleshooting Devices page (Observability > Troubleshooting Devices) to reboot Cisco devices.

    [See About the Troubleshooting Devices Page.]

Observability

Paragon Automation enables you to view your entire network topology in real time, monitor network health, be notified of any anomalies in the network, and also get guidance on the remediation of these anomalies. With observability, Paragon Automation monitors and analyzes the network and its components by using key performance indicators (KPIs), device logs, and metrics, and notifies you about network issues through alerts and alarms. Additionally, Paragon Automation runs connectivity tests using synthetic traffic to identify connection issues between devices in your network. The timely detection of anomalies enables you to take prompt action and minimize the impact of any issues that occur.

Juniper Paragon Automation Release 2.2.0 provides the following additional observability features:

  • Support for dynamic topology—You can view changes in topology in real time. Paragon Automation establishes a BGP-LS peering session with the devices in your network, and enables you to view changes in the network in real time even if the devices are not managed by Paragon Automation.

    By default, the dynamic topology feature is disabled. To enable dynamic topology, you must specify the IP address of the BGP-LS peer and autonomous system (AS) number on the Topology page (Observability > Network > Topology).

    [See Dynamic Topology Workflow.]

  • Monitor overall network health—Paragon Automation provides a dashboard that enables you to monitor network health-related data in real time. The WAN Health tab (Observability > Health > Health Dashboard > WAN Health) of the dashboard provides a unified view of the health of devices, interfaces, and routing components in the network. You use this information to perform corrective actions when necessary. You can view the following accordions on the WAN Health tab:

    • Devices Health Accordion—View the percentage of healthy devices and the total number of unhealthy devices, and a graph that displays the average health of all devices. You can also view the health of individual device chassis components and temperature.

    • Interfaces Health Accordion—View the percentage of healthy devices and the total number of unhealthy devices based on interface health, and a graph that displays the average health of all interfaces. You can also view details of link failure, input traffic, output traffic, and errors that affect the health of interfaces.

    • Routing Health Accordion—View routing alerts, the percentage of healthy devices, the total number of unhealthy devices, and a graph that displays the overall routing health. You can also view the health of individual routing components.

    Click View Details on any accordion to view the related health pages where you can view the percentage of healthy devices and a list of KPIs. You can also view the total number of unhealthy devices grouped by OS version, device model, and sites.

    [See About the WAN Health Tab.]

  • View monitored pluggables and interfaces—Paragon Automation monitors the health of device interfaces during device onboarding and when the device is operational. In this release, you can also view the total number of monitored pluggables and interfaces on the Interfaces accordion.

    [See Interfaces Data and Test Results.]

Trust and Compliance

Paragon Automation helps protect the network from threats and vulnerabilities by periodically checking whether a target's configuration, integrity, and performance comply with predefined security benchmarks. The term target refers to devices and device components. Paragon Automation distills the outcomes of these checks into a single trust score that you can use to determine how trustworthy a device is.

There are no new trust and compliance features in Juniper Paragon Automation Release 2.2.0. See Beta Features for information on features with Beta support in this release.

Service Orchestration

Service orchestration is the process of designing, configuring, validating, deploying, and monitoring a network service. Paragon Automation automates the entire life cycle of a network service by providing workflows that execute the tasks to be completed to deliver a service. You can provision various network services by using predefined service designs written in YANG. The Service Catalog is an inventory of service designs, which are templates that provide guidelines and parameters for instantiating a service. A service instance defines the elements of a service. A service order includes the instruction to create, modify, or delete a service instance. After you initiate a service order and provision it, Paragon Automation activates the automated workflow to provision the service in the network. After provisioning, Paragon Automation monitors the service by automatically setting up Juniper® Paragon Insights and Juniper® Paragon Active Assurance instances to monitor network health and measure service quality.

Juniper Paragon Automation Release 2.2.0 provides the following additional service orchestration features:

  • Schedule service order provisioning—You can schedule provisioning of an EVPN, L3VPN, and L2 circuit service order by specifying the date and time for provisioning. Paragon Automation automatically provisions the service order on the specified date and time.

    [See Add an L3VPN Service Instance, Add an EVPN Service Instance, and Add an L2 Circuit Service Instance.]

  • Monitor health of EVPN and L3VPN services—Paragon Automation automatically monitors service health and quality after provisioning the service in the network. You can view health of monitoring data for EVPN and L3VPN services and their related components under the Passive Assurance tab (Orchestration > Instances > Service Instance > service-instance-name hyperlink > Passive Assurance).

    [See View Passive Assurance Monitoring Data.]

Active Assurance

Active Assurance is a programmable test and monitoring solution, which generates synthetic traffic in the underlay network to gain continuous insights on network quality, availability, and performance. Active Assurance uses Test Agents, which are measurement points in your network. Test Agents generate and receive synthetic traffic, and enable you to continuously monitor and validate the infrastructure. You can deploy the Test Agents at strategic locations in your network and install them on Junos OS Evolved routers, x86 hardware, or on virtual machines. If you are using Juniper Networks® MX Series Universal Routers and Juniper Networks® PTX Series Routers, Paragon Automation uses real-time performance monitoring (RPM) for collecting the metric data.

Juniper Paragon Automation Release 2.2.0 provides the following additional Active Assurance features:

  • Register Test Agent Applications—Paragon Automation can discover a Test Agent Application in your network.

    For Paragon Automation to discover a Test Agent Application, you must register the Test Agent name and tags, if any, on the Add Test Agent page (Inventory > Active Assurance > Test Agents > Add Test Agent). After you add a Test Agent Application, Paragon Automation generates commands and a secret key that you can view and copy from the Test Agent Details page (Inventory > Active Assurance > Test Agents > Test Agent Details). When you execute these generated commands in the Docker environment, Paragon Automation discovers the Test Agent Application and adds this Test Agent Application to the Test Agent inventory list.

    [See Add a Test Agent.]

  • Identify the location of a Test Agent in your network—Paragon Automation enables you to assign a Test Agent to a specific site from the Test Agent Details page (Inventory > Active Assurance > Test Agents > Test Agent Details). When you assign a site to a Test Agent, you can easily identify the location of the Test Agent.

    [See About the Test Agent Details Page.]

    You can assign a Test Agent to a site only if the Test Agent is not installed on any devices.

  • View events related to Test Agents and Monitors— In the Events column, you can view the number of events generated for Test Agents on the Test Agents page (Inventory > Active Assurance > Test Agents) and Monitors on the Monitors page (Observability > Active Assurance > Monitors).

    Click an Event-Number link in the Events column to view events and their details (severity level, description, raise time, and clear time) on the Events page.

    [See About the Test Agents Page and About the Monitors Page.]

Administration

Paragon Automation Release 2.2.0 provides the following administration features to manage users, sites, and organizations:

  • Support for RADIUS authentication and authorization of devices during onboarding—Paragon Automation supports authentication and authorization of devices by using RADIUS during onboarding a device to Paragon Automation. To use RADIUS authentication, you must enable RADIUS under System Settings and configure at least one RADIUS server in Paragon Automation.

    You do not need to be a superuser or a network administrator to onboard a device using RADIUS authentication.

    [See Manage RADIUS Server Configuration.]

  • Logging device configuration details—When a service is provisioned, Paragon Automation logs the following details:

    • Service design and its version

    • User who created the service order

    • ID of the service instance related to the service design

    • Details of the service order workflow such as the time the workflow was initiated, and the workflow run ID

    • ID of the device that was configured by the workflow

    • Command sent to the device

    • Device's response

    [See Audit Logs Overview.]

Installation and Upgrade

Juniper Paragon Automation Release 2.2.0 provides the following installation features:

  • Upgrade support—You can upgrade your existing Juniper Paragon Automation Release 2.1.0 cluster to Release 2.2.0.

    [See Upgrade Paragon Automation.]

  • Support for IPv6 addresses—You can configure the Paragon Automation cluster using IPv6 addresses in addition to IPv4 addresses. Paragon Automation supports the use of IPv6 addresses for the following:

    • Cluster node virtual machines (VMs)

    • Generic common ingress (gNMI, OC-TERM, and the Web GUI)

    • Active Assurance Test Agent gateway

    To configure IPv6 addresses, you must install Juniper Paragon Automation Release 2.2.0 afresh. You cannot configure IPv6 on a setup upgraded from Release 2.1.0.

    [See Paragon Automation System Requirements and Install Paragon Automation.]

Beta Features

Juniper Paragon Automation Release 2.2.0 provides Beta support for the following features:

  • Configure device bandwidth and access parameters in the network implementation plan—In the network implementation plan, you can configure the bandwidth allowed through a device and specify the VLANs that contain the device ports. This information is used by Service Orchestration while allocating resources for provisioning a service.

    [See Add a Network Implementation Plan].

  • Monitor network trust—Paragon Automation provides a dashboard that enables you to monitor network health-related data in real time. On the Trust Tab (Observability > Health > Health Dashboard > Trust) of the dashboard, you can view the overall trust score and monitor, in real time, vulnerabilities that affect targets in the network. You can use this information to perform corrective actions when necessary.

    The Trust tab consists of:

    • Trust Pane—View the trust score of the targets, trust plan applied to the network, overall trust trend, and a graph of the average trust score for the past 30 days.

    • Vulnerabilities Accordion—View the percentage of healthy devices and the total number of unhealthy devices based on device vulnerabilities, and a graph that displays the average health of all devices. You can also view KPIs such as proactive bug notifications (PBNs) and advisories that affect overall network health. Click View Details to view the percentage of healthy devices and KPIs. You can also view the total number of unhealthy devices grouped by OS version and device model.

    [See About the Trust Tab.]

  • Manage allocation of devices and interfaces for service provisioning—Placement is the process of allocating network resources for provisioning services. Use the Update Placements button to automatically assign all possible placement options available for a customer to provision L3VPN and EVPN services. After placement options are assigned, you can select and allocate network resources such as PE devices and interfaces, VLANs, and so on from the available options to provision services for the customer.

    [See Manage Placement Configurations for Service Instances.]

  • Use IPv6 for provisioning infrastructure service—Paragon Automation supports the use of IPv6 addresses to provision infrastructure service. BGP, OSPF, loopback and regular interfaces support IPv6 addresses for infrastructure service provisioning. Paragon Automation supported only IPv4 addresses in earlier releases.

    [See Create a Layer 3 Resource Pool.]