Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Juniper Resiliency Interface

SUMMARY For MX Series routers with MPC line cards and PTX Series routers with the JNP10K-LC1201 or JNP10K-LC1203 linecards running Junos OS Evolved, you can configure the Juniper Resiliency Interface (JRI) to detect, correlate, and mitigate exceptions and thereby reduce the mean time to repair (MTTR) for issues. For forwarding exceptions, JRI also extends the inline monitoring services feature with Juniper-specific IPFIX information elements (IEs) for exception data and introduces the concept of an observation cloud, which is a set of observation domains. You can send the IPFIX packets to either an on-box or an off-box collector.

Understand Juniper Resiliency Interface

Packets that need to be forwarded to the adjacent network element or a neighboring device along a routing path might be dropped by a router owing to several factors. Every network encounters issues, such as packet loss, from time to time. Some of the causes for such a loss of traffic or a block in transmission of data packets include: overloaded system conditions, profiles and policies that restrict the bandwidth or priority of traffic, network outages, or disruption by physical cable faults. Packet loss also happens because of incorrect stitching of the forwarding path or a mismatch between the control plane state and the data plane state. You could use counters and metrics from show commands to diagnose and debug network performance, but doing so can be tedious and time-consuming. JRI reports exception data from entities in the system which encounter packet drops, enabling you to automate the workflow involved in detecting, reporting and mitigating adverse exceptions.

For operating system and routing exceptions, the exception data is reported in telemetry key-value pairs.

For forwarding exceptions, the exception data is reported in IPFIX packets. The IEs in the IPFIX primary data record packet capture the following data:

  • Exception reason (for example, firewall discard)
  • Packet direction (ingress or egress)
  • First N bytes of the packet
  • Ingress interface
  • Egress interface
  • Next-hop identifier (Junos OS only)

Table 1 shows the format of the IPFIX Primary Data Record with the Juniper-specific IEs.

Table 1: IPFIX Primary Data Record
IE Name IE Identifier Description Length (in Bytes)
forwardingClassandDropPriority Observation Cloud Common Property ID (CPID)—IE 137, a set of common properties that is locally unique per Observation Cloud Forwarding class and drop priority ID 4
forwardingExceptionCode Observation Cloud CPID—IE 137 Exception code that causes packet drops OR is zero when the exception is not met or set 2
forwardingNextHopId Observation Cloud CPID—IE 137 (Junos OS only) Unicast next-hop Index used for forwarding 4
egressInterfaceIndex Observation Cloud CPID—IE 137 Index of egress logical interface when flowDirection=output, otherwise 0. 4
underlyingIngressInterfaceIndex Observation Cloud CPID—IE 137 (Junos OS only) Index of underlying layer 2 ingress logical interface, wherever applicable (for example, AE and IRB cases—see primary-data-record-fields for more information) 4
ingressInterfaceIndex Observation Cloud CPID—IE 137 Index of ingress logical interface 4
ingressInterface IE 10 SNMP index of ingress logical interface 4
egressInterface IE 14 SNMP index of egress logical interface when flowDirection=output, otherwise 0. 4
flowDirection IE 61 Direction (0: input, 1:output) 1
dataLinkFrameSize IE 312 Length of sampled data link frame 2
dataLinkFrameSection IE 315 N octets from the data link frame of the monitored packet variable

Limitations:

  • Exceptions are collected and exported on a best-effort basis.

  • Any limitations or caveats for inline monitoring services also apply to JRI, because JRI uses inline monitoring services to sample and collect the packets.

  • All dropped packets cannot be sampled and profiled. Classes of exceptions are sampled at the default sampling rate, unless you configure this rate with the sampling-rate statement at either the [edit services inline-monitoring instance instance-name collector collector-name] hierarchy level (Junos OS) or at the [edit services inline-monitoring instance instance-name] hierarchy level (Junos OS Evolved). Junos OS allows the sampling rate to be configured per collector, allowing different rates for each collector; Junos OS Evolved allows one sampling rate per inline-monitoring instance.

  • For exception reporting in the egress direction, the layer 2 header or any encapsulation header is not included in IE-315, dataLinkFrameSelection, because exceptions happen before layer 2 or tunnel encapsulation.

  • For exception reporting in the egress direction, the receiver of the IPFIX packet must ignore IE-312, dataLinkFrameSize, because the field does not have the correct value.

  • For the egress direction, you cannot configure both sFlow and exception reporting on the same interface.

  • Inline-monitoring instance actions and firewall re-direct instance actions are not supported in the same term of the firewall filter. (Junos OS Evolved)

  • Inline-monitoring instance actions and port-mirroring instance actions are not supported in the same term of the firewall filter. (Junos OS Evolved)

  • For collectors, you cannot configure routing instances, DSCP bits, or forwarding class. (Junos OS Evolved)

  • For more information about the Juniper-specific IEs, including caveats and limitations, see primary-data-record-fields.

Configure JRI for Operating System and Routing Exceptions

To configure JRI for operating system and routing exceptions:

  1. Subscribe to the Junos Telemetry Interface XPaths:

    Notifications are exported using gRPC/gNMI to an off-box collector.

    For Junos OS:

    For Junos OS Evolved (routing exceptions only):

  2. (Optional) Additionally, if you prefer to use the on-box collector instead of sending the data to an off-box collector, then configure an on-box storage location for the exception data.

    To configure:

    In this example, you configure the file in which to store the exception data:

    For Junos OS:

    For Junos OS Evolved:

Configure JRI for Forwarding Exceptions

To configure JRI for forwarding exceptions:

  1. Define the IPFIX template.

    To configure attributes of the template:

    For Junos OS:

    In this example, the template refresh rate is set to 30 seconds, you've configured a template identifier, and you've configured the fields of the primary data record:

    For Junos OS Evolved, the system generates the template ID and the software supports most of the fields of the primary data record:

    In this example, the template refresh rate is set to 30 seconds and you've configured the fields of the primary data record:

  2. Attach the template to the instance and describe the collector.

    Junos OS and Junos OS Evolved differ in how to achieve this step. To configure the instance and collector:

    For Junos OS:

    In this example, you create a template with the name template_1, create an inline-monitoring instance i1, and create the configuration for the on-box collector c2. For an on-box collector for Junos OS, the destination address must be a local address and the destination port must be port 4739. For an off-box collector for Junos OS, specify the destination address and port for that collector.

    For Junos OS:

    For Junos OS Evolved, you cannot configure the DSCP bits, but the process is otherwise the same as in Junos OS for an off-box collector:

    For Junos OS Evolved, for an on-box collector, you configure the controller re statement instead of a local destination address and port, and you cannot configure the DSCP bits:

    In this example, for Junos OS Evolved, you create a template with the name template_1, create an inline-monitoring instance i1, and create the configuration for the on-box collector c2. For an on-box collector, you specify the controller re statement instead of a local destination address and port:

  3. Configure the observation cloud identifier.

    An observation cloud is the largest set of observation domains. According to RFC 5101, an observation domain is the largest set of observation points for which flow information can be aggregated by a metering process. For example, a router line card may be an observation domain if it is composed of several interfaces, each of which is an observation point. By configuring an observation cloud, you allow inline-monitoring services to report on a set of common properties that is locally unique per observation cloud. For more information about observation clouds, see inline-monitoring. To configure the observation cloud identifier:

    In this example, you have configured the identifier as 1:

  4. Subscribe to various exception types and configure exception reporting for a particular PFE and specify the inline-monitoring instance. For Junos OS, you must specify a particular exception category name, such as forwarding-state. For Junos OS Evolved, you simply specify all as the category name.

    By default, the exception data is sent to an off-box collector. To configure:

    For Junos OS:

    In this example, you subscribe to forwarding exceptions and configure FPC 0 to send forwarding exceptions to the inline-monitoring instance i1:

    For Junos OS Evolved:

    In this example, you subscribe to all exception categories and configure FPC 0 to send exceptions to the inline-monitoring instance i1:

  5. (Optional) Additionally, if you prefer to use the on-box collector instead of sending the data to an off-box collector, then configure an on-box storage location for the exception data.

    To configure:

    In this example, you configure the file in which to store the forwarding exception data:

Related Documentation

Release History Table
Release
Description
22.2R1-EVO
Support for the Juniper Resiliency Interface (PTX10001-36MR, PTX10004, PTX10008, and PTX10016 routers with the JNP10K-LC1201 or JNP10K-LC1203 linecards)—Starting in Junos OS Evolved Release 22.2R1, you can use the Juniper Resiliency Interface (JRI) to detect, correlate, and mitigate exceptions.
21.2R1
Support for the Juniper Resiliency Interface (MX480, MX960, MX2010, MX2020 and vMX)—Starting in Junos OS Release 21.2R1, you can use our new Juniper Resiliency Interface (JRI) to detect, correlate, and mitigate exceptions. JRI extends the inline monitoring services feature with Juniper-specific IPFIX information elements (IEs) for exception data and introduces the concept of an Observation Cloud, which is a set of Observation Domains. You can send the IPFIX packets to either an on-box or an off-box collector.