Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Example: Configuring Service Chaining for LAN to WAN Routing through Third-party VNFs on NFX350 Devices

This example shows how to configure service chaining for LAN to WAN routing through third-party VNFs on NFX350 devices.

Requirements

This example uses an NFX350 device running Junos OS Release 19.4R1.

Overview

This example explains how to configure the various layers of the device to enable traffic from the LAN network to enter the device, flow through the OVS bridge and third-party VNFs, exit the device, and enter the WAN network.

Topology

This example uses the topology shown in Figure 1.

Figure 1: Service Chaining for LAN to WAN Routing through Third-party VNFsService Chaining for LAN to WAN Routing through Third-party VNFs

Configuration

Configuring the Layer 2 Datapath (JCP LAN Interfaces)

Step-by-Step Procedure

  1. Connect to the JCP.

  2. Configure VLANs for the LAN-side interfaces.

  3. Configure the LAN-side front panel ports and add them to the LAN-side VLANs. The LAN-side port is typically an access port, and can be a trunk port if required

  4. Configure the internal-facing interface, sxe-0/0/0, as a trunk port and add it to the LAN-side VLAN. The internal-facing interfaces are typically trunk ports as they must support traffic from multiple front panel ports and VLANs.

Verifying the Performance Mode of the NFX350 Device

Purpose

Verify the performance mode of the NFX350 device and check the CPU availability. If the NFX350 device is operating in throughput mode, you must change it to either compute or hybrid mode by using the request vmhost mode command.

For more information about the device performance modes, see NFX350 Overview.

Action

Configuring the Hugepages for VNF

Step-by-Step Procedure

Note:

It is recommended to reboot the device if the configured number of hugepages are not allocated.

  1. Check the memory availability:

  2. Configure hugepages:

  3. Verify whether hugepages is configured:

Configuring VNFs

Step-by-Step Procedure

Configure VNF-1:

  1. Load the VNF image on the device from the remote location:

    Note:

    You can save the VNF image in the /var/public directory if you are using up to two VNFs. If you are using more than two VNFs, save the files on an external SSD. If you are using an external SSD for VNFs, make sure to initialize and add the SSD to the device. For more information, see Configuring the Solid State Disk on NFX350 Device.

  2. Launch the VNF:

  3. Connect a virtual CPUs to physical CPUs:

  4. Specify the number of CPUs required for the VNF:

  5. Enable hardware virtualization or hardware acceleration for VNF CPUs:

  6. Configure the VNF interfaces as trunk ports and add them to the LAN-side VLAN:

  7. Specify the memory allocation for the VNF:

Step-by-Step Procedure

Configure VNF-2:

  1. Load the VNF image on the device from the remote location:

  2. Launch the VNF:

  3. Connect a virtual CPUs to physical CPUs:

  4. Specify the number of CPUs required for the VNF:

  5. Enable hardware virtualization or hardware acceleration for VNF CPUs:

  6. Configure the VNF interfaces as trunk ports and add them to the LAN-side VLAN:

  7. Specify the memory allocation for the VNF:

Configuring the Layer 3 Datapath (WAN Interfaces)

Step-by-Step Procedure

  1. Configure the internal-facing L3 Dataplane interface as a VLAN-tagged interface and assign an IP address to it:

  2. Map the Layer 3 interface to the Open vSwitch (OVS) and commit the configuration:

  3. Configure the external-facing L3 Dataplane interface as a VLAN-tagged interface and assign an IP address to it:

  4. Configure a VLAN for the WAN-side JCP interfaces:

  5. Configure the WAN-side internal-facing interface as a trunk port and add it to the WAN-side VLAN:

  6. Configure the WAN-side front panel port and add it to the WAN-side VLAN:

  7. Commit the configuration:

Configuring the VNF Interfaces for Creating the Service Chain

Step-by-Step Procedure

  1. Check the MAC addresses of the VNF interfaces:

  2. Access the VNF (VNF-1) from the JCP through the console:

  3. Log in to the console:

  4. Check the status of the interfaces:

  5. Set the root password:

  6. At the first prompt, enter the new root password. At the second prompt, reenter the new root password:

  7. After you have finished configuring the password, commit the configuration:

  8. Configure the WAN-side internal-facing interface (ge-0/0/1) as a VLAN-tagged interface and assign an IP address to it:

  9. Configure the WAN-side internal-facing interface (ge-0/0/2) as a VLAN-tagged interface and assign an IP address to it:

  10. Access the VNF (VNF-2) from the JCP through the console:

  11. Log in to the console:

  12. Check the status of the interfaces:

  13. Set the root password:

  14. At the first prompt, enter the new root password. At the second prompt, reenter the new root password:

  15. After you have finished configuring the password, commit the configuration:

  16. Configure the WAN-side internal-facing interface (ge-0/0/1) as a VLAN-tagged interface and assign an IP address to it:

  17. Configure the WAN-side internal-facing interface (ge-0/0/2) as a VLAN-tagged interface and assign an IP address to it:

Configuring Security in NFX350

Step-by-Step Procedure

  1. Clear the current security settings:

  2. Configure security options:

  3. Configure security policies:

  4. Configure security zones:

Configuring Security in vSRX Virtual Firewall VNFs

Step-by-Step Procedure

  1. Clear the current security settings:

  2. Configure security options:

  3. Configure security policies:

  4. Configure security zones: