Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

NFX150 Feature Overview

Software Architecture

The software architecture for the NFX150 is designed to provide a unified control plane that functions as a single management point.

Figure 1 illustrates the architecture of the NFX150.

Figure 1: NFX150 ArchitectureNFX150 Architecture

Key components of the system software include:

  • VNF—A VNF is a consolidated offering that contains all the components required for supporting a fully virtualized networking environment. You can configure and use third-party VNFs in service chains.

  • Junos Control Plane (JCP)—The JCP is the Junos VM running on the host OS, Wind River Linux. The JCP functions as the single point of management for all the components. The JCP controls the Layer 2 dataplane, which provide the Layer 2 services and the Layer 3 dataplane, which provides the Layer 3 to Layer 7 services.

    In addition to chassis management, JCP enables:

    • Configuration of advanced security features.

    • Management of guest virtualized network functions (VNFs) during their life cycle.

    • Installation of third-party VNFs.

    • Creation of VNF service chains.

    • Management of guest VNF images (their binary files).

    • Management of the system inventory and resource usage.

    • Management of the LTE interface.

  • Juniper Device Manager (JDM)—An application container that manages VNFs and provides infrastructure services. The JDM functions in the background and users cannot access JDM directly.

  • L2 Dataplane—The Layer 2 dataplane that manages the Layer 2 traffic. The Layer 2 dataplane forwards the LAN traffic to the NFV backplane, Open vSwitch (OVS). The Layer 2 dataplane is mapped to the virtual FPC0 on the JCP. By default, all the 1-Gigabit Ethernet physical ports are mapped to the virtual interfaces on the Layer 2 dataplane.

  • L3 Dataplane—The Layer 3 dataplane that provides datapath functions for the Layer 3 to Layer 7 services. The Layer 3 dataplane is mapped to the virtual FPC1 on the JCP. By default, the two SFP+ ports on the NFX150 chassis are mapped to the virtual interfaces on the Layer 3 dataplane.

  • Linux—The host OS, WindRiver Linux. In Junos OS Release 18.1R1, the WindRiver Linux version is 8.

  • Open vSwitch (OVS) bridge—The OVS bridge is a VLAN-aware system bridge, which acts as the NFV backplane to which the VNFs and FPCs connect. Additionally, you can create custom OVS bridges to isolate connectivity between different VNFs.

  • LTE—A containerized driver that provides 4G LTE connectivity management. The LTE container is bound to the FPC1 for management.

Interfaces

The interfaces on the NFX150 devices comprise of physical interfaces, virtual interfaces, and the LTE interface.

Physical Interfaces

The physical interfaces represent the physical ports on the NFX150 chassis and expansion module. The physical interfaces comprise of network and management ports:

  • Network ports—Four 1-Gigabit Ethernet ports and two 10-Gigabit Ethernet SFP+ ports function as network ports on the NFX150 chassis. The expansion modules consists of six 1-Gigabit Ethernet ports and two 1-Gigabit Ethernet SFP ports.

    The network ports follow the naming convention heth-slot number-port number, where:

    • heth denotes host Ethernet

    • slot number is 0 for the chassis ports and 1 for the expansion module ports. The ports on the chassis are named as heth-0-x and the ports on the expansion module are named heth-1-x.

    • port number is the number of the port on the chassis or expansion module

    Each physical port has four virtual functions (VFs) enabled by default.

    Note:

    You cannot map a VF from a port which is mapped to the Layer 2 dataplane.

  • Management port—The NFX150 device has a dedicated management port labeled MGMT (fxp0), which functions as the out-of-band management interface. The fxp0 interface is assigned an IP address in the 192.168.1.1/24 network.

Virtual Interfaces

The virtual FPCs running within the JCP, contain the virtual interfaces. The virtual interfaces on the NFX150 devices are categorized as follows:

  • Virtual Layer 2 interfaces (FPC0)—Denoted as ge-0/0/x, where the value of x ranges from:

    • 0 to 3 for NFX150 devices without an expansion module

    • 0 to 11 for NFX150 devices with an expansion module

    These interfaces are used to configure the following Ethernet switching features:

    • Layer 2 switching of traffic, including support for both trunk and access ports

    • Link Layer Discovery Protocol (LLDP)

    • IGMP snooping

    • Port Security features (MAC limiting, Persistent MAC learning)

    • MVRP

    • Ethernet OAM, CFM, and LFM

    All the 1-Gigabit Ethernet physical ports (heth ports) are mapped to FPC0, by default.

  • Virtual Layer 3 interfaces (FPC1)—Denoted as ge-1/0/x, where value of x ranges from 0 to 9. These interfaces are used to configure Layer 3 features such as routing protocols and QoS.

    In an NFX150 device, you can configure any of the ge-1/0/x interfaces as in-band management interfaces. In in-band management, you configure a network interface as a management interface and connect it to the management device. You can configure any number of interfaces for in-band management by assigning an IPv4 or IPv6 address to each of the ports, and an in-band management VLAN.

    Note:

    The NFX150 devices do not support integrated routing and bridging (IRB) interfaces. The IRB functionality is provided by ge-1/0/0, which is always mapped to the service chaining backplane (OVS). Note that this mapping cannot be changed.

  • Virtual SXE Interfaces—Two static interfaces, sxe-0/0/0 and sxe-0/0/1, connect the FPC0 (Layer 2 dataplane) to the OVS backplane.

LTE Interface

The NFX150 device models with LTE support can be configured for wireless WAN connectivity over 3G or 4G networks. The LTE physical interface uses the name cl-1/1/0. The dialer interface, dl0, is a logical interface, which is used to trigger calls.

Interface Mapping

Table 1 summarizes the interfaces on the NFX150.

Table 1: Interfaces on the NFX150

Interface Name

Description

heth-0-0 to heth-0-5

Physical ports on the front panel of the NFX150 device, which can be mapped to Layer 2 or Layer 3 interfaces, or VNFs.

Ports heth-0-0 to heth-0-3 are 10 Mbps/100 Mbps/1 Gbps tri-speed copper ports.

Ports heth-0-4 and heth-0-5 are 10 Gbps SFP+ ports

For Junos OS Releases 18.1, 18.2 R1, and 18.3 R1:

  • Ports heth-0-0 to heth-0-3 are mapped to the LAN ports ge-0/0/0 to ge-0/0/3, respectively.

  • Ports heth-0-4 and heth-0-5 are mapped to the WAN ports ge-1/0/1 and ge-1/0/2, respectively.

For Junos OS Release 18.2 R2

  • Ports heth-0-0, heth-0-1, and heth-0-2 are mapped to the LAN ports ge-0/0/0 to ge-0/0/2, respectively.

  • Port heth-0-4 is mapped to the LAN port ge-0/0/3.

Ports heth-0-3 and heth-0-5 are mapped to the WAN ports ge-1/0/1 and ge-1/0/2, respectively.

heth-1-0 to heth-1-7

Physical ports on the expansion module of the NFX150-S1 device. These ports are mapped to the ge-0/0/n ports by default.

Ports heth-1-0 to heth-1-5 are 10 Mbps/100 Mbps/1 Gbps tri-speed copper ports mapped to the LAN ports ge-0/0/4 to ge-0/0/9, respectively.

Ports heth-1-6 and heth-1-7 are 1 Gbps SFP ports mapped to the LAN ports ge-0/0/10 and ge-0/0/11 respectively.

ge-0/0/x

Logical Layer 2 interfaces, which can be used for LAN connectivity. The values of x ranges from:

  • 0 to 3 for NFX150 devices without an expansion module

  • 0 to 11 for NFX150 devices with an expansion module

ge-1/0/x

A set of up to 10 logical Layer 3 interfaces. Each of these interfaces can have 4k sub-interfaces. The value of x ranges from 0 to 9.

cl-1/1/0

The LTE cellular interface, which carries the physical layer attributes.

dl0

The LTE dialer interface, which carries Layer 3 and security services. The security flow session contains the dl0 interface as the ingress or egress interface.

st0

Secure tunnel interface used for IPsec VPNs.

fxp0

The out-of-band management interface.

The list of supported transceivers for the NFX150 is located at https://pathfinder.juniper.net/hct/product/.

Table 3 illustrates the default mapping between the physical and virtual interfaces on a NFX150 device.

Table 2: Default Mapping of Physical Ports to Virtual Ports on NFX150 (for Junos OS Releases 18.1, 18.2 R1, and 18.3 R1)

Physical Port

Virtual Interface (Layer 2 dataplane)

Virtual Interface (Layer 3 dataplane)

heth-0-0

ge-0/0/0

NA

heth-0-1

ge-0/0/1

NA

heth-0-2

ge-0/0/2

NA

heth-0-3

ge-0/0/3

NA

heth-0-4

NA

ge-1/0/1

heth-0-5

NA

ge-1/0/2

Table 3: Default Mapping of Physical Ports to Virtual Ports on NFX150 (for Junos OS Releases 18.2 R2)

Physical Port

Virtual Interface (Layer 2 dataplane)

Virtual Interface (Layer 3 dataplane)

heth-0-0

ge-0/0/0

NA

heth-0-1

ge-0/0/1

NA

heth-0-2

ge-0/0/2

NA

heth-0-3

NA

ge-1/0/1

heth-0-4

ge-0/0/3

NA

heth-0-5

NA

ge-1/0/2

Table 4 illustrates the default mapping between the physical ports on the expansion module and the virtual interfaces.

Table 4: Default Mapping of Physical Ports to Virtual Ports for the Expansion Module

Physical Port

Virtual Port (Layer 2 dataplane)

heth-1-0

ge-0/0/4

heth-1-1

ge-0/0/5

heth-1-2

ge-0/0/6

heth-1-3

ge-0/0/7

heth-1-4

ge-0/0/8

heth-1-5

ge-0/0/9

heth-1-6

ge-0/0/10

heth-1-7

ge-0/0/11

Note:

The expansion module ports are mapped to the Layer 2 dataplane interfaces by default. You can change the mapping to suit your requirement. Any of the ports on the chassis and expansion module can be mapped to the ge-1/0/x or ge-0/0/x interfaces. Any change in port mapping configuration will automatically reset the affected FPC.

Supported Features

Table 5 lists the Junos features supported on NFX150.

Table 5: Features Supported on NFX150

Junos OS Release

Routing

Security

Switching

18.1R1

  • BGP, OSPF, RIP, IS-IS,

  • MVRP

  • NAT

  • ALG

  • IPSec

  • IPv6 NTP

  • IPv6 TACACS

  • CoS

  • Firewall filters

  • LLDP

  • Port mirroring

  • IGMP/MLD snooping

  • MLD snooping

  • Persistent MAC learning

  • L2Rewrite

  • Native VLAN

18.2 R1

  • Application Security

  • IDP

  • Integrated User Firewall

  • UTM

For more details on supported features, see Feature Explorer.

Performance Modes

Starting in Junos OS Release 19.1R1, NFX150 devices provide the following operational modes:

  • Throughput mode—Provides maximum resources (CPU and memory) for Junos software and remaining resources, if any, for third-party VNFs. The default mode is throughput mode.

  • Hybrid mode—Provides a balanced distribution of resources between the Junos software and third-party VNFs.

  • Compute mode—Provides minimal resources for Junos software and maximum resources for third-party VNFs.

Licensing

For features or scaling levels that require a license, you must install and properly configure the license to meet the requirements for using the licensable feature or scale level. The device enables you to commit a configuration that specifies a licensable feature or scale without a license for a 30-day grace period. The grace period is a short-term grant that enables you to start using features in the pack or scale up to the system limits (regardless of the license key limit) without a license key installed. The grace period begins when the licensable feature or scaling level is actually used by the device (not when it is first committed). In other words, you can commit licensable features or scaling limits to the device configuration, but the grace period does not begin until the device uses the licensable feature or exceeds a licensable scaling level.

For information about how to purchase software licenses, contact your Juniper Networks sales representative. Junos OS software implements an honor-based licensing structure and provides you with a 30-day grace period to use the feature without a license key installed. The grace period begins when you configure the feature and your device uses the licensed feature for the first time, but not necessarily when you install the license. After the grace period expires, the system generates system log messages saying that the feature requires a license. To clear the error message and use the licensed feature properly, you must install and verify the required license.

Note:

Configurations might include both licensed and nonlicensed features. For these situations, the license is enforced up to the point where the license can be clearly distinguished. For example, an authentication-order configuration is shared by both Authentication, Authorization, and Accounting (AAA), which is licensed, and by Layer 2 Tunneling Protocol (L2TP), which is not licensed. When the configuration is committed, the device does not issue any license warnings, because it is not yet known whether AAA or L2TP is using the configuration. However, at runtime, the device checks for a license when AAA authenticates clients, but does not check when L2TP authenticates clients.

The device reports any license breach as a warning log message whenever a configuration is committed that contains a feature or scale limit usage that requires a license. Following the 30-day grace period, the device periodically reports the breach to syslog messages until a license is installed and properly configured on the device to resolve the breach.

Note:

Successful commitment of a licensable feature or scaling configuration does not imply that the required licenses are installed or not required. If a required license is not present, the system issues a warning message after it commits the configuration.

Table 6: NFX150 Junos Software Licenses

License

Features

License SKU

Device Model

Base software (STD)

Layer 2 services, Layer 3 services, NAT, IPsec, stateful firewall

NFX150-C-STD

NFX150-C-S1 and NFX150-C-S1E

NFX150-S-STD

NFX150-S1 and NFX150-S1E

Advanced software (ADV)

Features in the base software plus AppFW, AppID, AppTrack, AppRoute

NFX150-C-ADV

NFX150-C-S1 and NFX150-C-S1E

NFX150-S-ADV

NFX150-S1 and NFX150-S1E