Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Develop Off-Device JET Applications

Overview

You can use JET to develop applications that run off-device. This allows you to leverage the benefits of JET on all devices on your network. For ease of development, you can write off-device JET applications in the language of your choice. To develop an off-device application:

  1. Download and compile the IDL file.

  2. Develop the application using the language of your choice.

  3. Package the application.

  4. Deploy the application package on an external server or run the application directly from the JET VM.

Figure 1 shows the off-device application development workflow.

Figure 1: Off-Device JET Application WorkflowOff-Device JET Application Workflow

Download and Compile the IDL File

  1. Download the IDL file from the Juniper Networks downloads website.
  2. Unpack the IDL file.

    For example, if you are using Junos OS Release 18.4R1 or later:

    For Junos OS releases prior to 18.4R1, the process is slightly different:

  3. Compile Python and gRPC modules for authentication and management service proto files.

    For example, if you are using Junos OS Release 18.4R1 or later:

    For Junos OS releases prior to 18.4R1:

For details on how to generate code from an IDL file in the language of your choice, see https://www.grpc.io/docs.

Develop and Package Your Application

  1. Set up the JET VM.

    If you are developing an application with a dependency on C or C++ modules or developing a signed application, you must use the JET VM for JET application development. See Set Up the JET VM for instructions.

  2. You are ready to develop the application using the language of your choice.

    You can write the application using a stub after a client side stub is generated. For more information on generating the gRPC client side stubs, writing the application using the stub, and generating code from an IDL file in the language of your choice, see https://www.grpc.io/docs/.

    Note:

    The Python 2.7 end-of-life and end-of-support date is January 1, 2020. The official upgrade path for Python 2.7 is to Python 3. As support for Python 3 is added to devices running Junos OS for the different types of on-device scripts, we recommend that you migrate supported script types from Python 2 to Python 3, because support for Python 2.7 might be removed from devices running Junos OS in the future.

  3. Package the application using JSON. See Package JET Applications for more information.

Prepare to Deploy Your Application

Run your application on an external server or directly from the JET VM. Before you deploy your application on an external server, you need to configure JET interaction with Junos OS.

Configure JET Interaction with Junos OS

To run an off-device application, you need to enable the request-response configuration on Junos OS. When using the request-response service, the client application issues a request and synchronously waits for the response from the Junos OS server. Use this section to configure the JET service process (jsd) for the request-response service to run in Secure Sockets Layer (SSL) mode. This provides increased security and enables SSL-based API connections.

Note:

Currently, JET supports Transport Layer Security (TLS) version 1.2 for certificate exchange and supports multiple encryption algorithms, but does not support mutual authentication. This means that clients can authenticate the server, but the server can not authenticate clients using SSL/TLS certificates. For client authentication, use the LoginCheck() procedure from the authentication service API.

  1. Enable jsd to use SSL by adding and configuring the certificate name locally. The certificate must be an RSA certificate. ECDSA and DSA SSL certificates are not supported.

    This method is same as other SSL-based services in Junos OS like xnm-ssl. Keep track of the certificate name entry you specify during certificate generation. You will use it for the HOST_OVERRIDE option in the example Python application in the next section. In this example, the certificate name is router.

    Note:

    If a certificate is updated with the same identifier, the changes will not be reflected for jsd. You need to either configure the certificate with a new identifier in the jsd hierarchy or perform a jsd restart to reflect the changes made.

  2. Copy the SSL certificate .pem file to the device.

  3. Load the certificate into the keychain on the Junos OS device. For example, if the local name of the SSL certificate is sslcert:

  4. Enable support for SSL on the gRPC endpoint on the default port of tcp/51051.

  5. Specify the maximum number of simultaneous connections for request-response that can be attached to jsd. The higher the number, the higher the impact on the client’s performance. The highest maximum number that can be configured is eight.

    You have configured jsd for request-response service to run in SSL mode. You are ready to deploy your JET off-device application.

Example: Python JET Application

Use this example to develop an off-device JET application written in Python. You can follow the same guidance for other languages that are supported by gRPC. This Python JET application runs the command get-system-uptime-information in XML format.

In this example, the HOST_OVERRIDE option uses the certificate name that you specified during the certificate generation. See Prepare to Deploy Your Application.

Note:

Juniper Networks supports both of the following forms for denoting XML opening and closing tags: <xml-tag/> and <xml-tag></xml-tag>.

Junos OS Release 18.4R1 and Later

Use the example Python application shown in this section as a guide if you are using Junos OS Release 18.4R1 or later.

If you are writing your application using Python 3, include the PASS keyword in the Exception block of the script.

Before Junos OS Release 18.4R1

Use the example Python application in this section as a guide if you are using Junos OS releases prior to 18.4R1.