Services Applications
-
Support for the Juniper Resiliency Interface (MX480, MX960, MX2010, MX2020 and vMX)—Starting in Junos OS Release 21.2R1, you can use our new Juniper Resiliency Interface (JRI) to detect, correlate, and mitigate exceptions. JRI extends the inline monitoring services feature with Juniper-specific IPFIX information elements (IEs) for exception data and introduces the concept of an Observation Cloud, which is a set of Observation Domains. You can send the IPFIX packets to either an on-box or an off-box collector.
-
You configure JRI with the
exceptions
,store
, andtraceoptions
statements at the[edit system resiliency]
hierarchy level. -
You configure which categories of PFE exceptions are reported to a particular inline-monitoring instance with the
exception-reporting inline-monitoring-instance instance-name category category-name statement at the [edit chassis fpc name pfe name]
hierarchy level. -
You configure the Juniper-specific IEs with the
primary-data-record-fields
statement at the[edit services inline-monitoring templates template-name]
hierarchy level. -
You configure the Observation Cloud ID with the
observation-cloud-id
statement at the[edit services inline-monitoring]
hierarchy level.
-
-
Support for Routing-Engine based traffic sampling (MX Series with MPC10E and MPC11E line cards)—Starting in Junos OS Release 21.2R1, you can configure Routing-Engine based traffic sampling. Traffic sampling enables you to copy traffic to a line card that performs flow accounting while the router forwards the packet to its original destination. You configure either an input or output firewall filter with a matching term that contains the
then sample
statement. Routing-Engine based traffic sampling supports only the version 5 and version 8 formats for exporting flow records.[See Configuring Traffic Sampling on MX, M and T Series Routers.]
-
Support for MPLS, MPLS-IPv4, and MPLS-IPv6 inline active flow monitoring (QFX10002-60C)—Starting in Junos OS Release 21.2R1, you can perform inline active flow monitoring for MPLS, MPLS-IPv4, MPLS-IPv6, and MPLS-over-UDP traffic. For MPLS-over-UDP flows, inline active flow monitoring allows you to look past the tunnel header to sample and report on the inner payload, at both the transit and egress nodes of the tunnel. We support IPFIX and version 9 templates but only ingress sampling.
-
Support for translation and GRE tunneling in data center environment (MX Series Routers)—Starting in Junos OS Release 21.2R1, as part of upgrading the customer network for PaaS services, we support enhancement to your enterprise edge routers (MX routers). You can configure your edge routers to enable translation (IPv4 to IPv6 and IPv6 to IPv4) and GRE tunneling of the translated packets through the Juniper Extension Toolkit (JET) APIs. The edge routers now provide access to a Private Link Service offered as Platform as a Service (PaaS), bypassing the data center gateways.
[See show flexible-tunnels profile and show-route .]
-
Support for
any
firewall filter family and Layer 2 firewall filter families for inline monitoring services (MX Series with MPC10E and MPC11E line cards)—Starting in Junos OS Release 21.2R1, you can configure theany
,bridge
,ccc
, orvpls
family firewall filter with the term actioninline-monitoring-instance inline-monitoring-instance-name
. -
Support for hardware timestamping of Two-Way Active Measurement Protocol (TWAMP) and RPM probe messages (PTX5000)—Starting in Junos OS Release 21.2R1, we've extended support for hardware timestamping of TWAMP and RPM probe messages. Hardware timestamping is enabled by default for TWAMP, but you must configure it for RPM. You use TWAMP and RPM to measure IP performance between two devices in a network. By configuring hardware timestamping for RPM, you can account for the latency in the communication of probe messages and generate more accurate timers in the Packet Forwarding Engine. To configure hardware timestamping for RPM, include the
hardware-timestamping
statement at the[edit services rpm probe probe-owner test test-name]
hierarchy level.[See Understanding Two-Way Active Measurement Protocol on Routers, Understanding Using Probes for Real-Time Performance Monitoring on M, T, PTX, and MX Series Routers, and Configuring RPM Timestamping on MX, M, T, and PTX Series Routers and EX Series Switches.]
-
Support for inline NAT services (MX240, MX480, MX960, MX2010, and MX2020 with MPC10E and MX2K-MPC11E line cards)—Starting with Junos OS Release 21.2R1, we support inline NAT services. We support the following features:
-
1:1 static address mapping
-
Bidirectional mapping: source NAT for outbound traffic and destination NAT for inbound traffic
-
No limit on number of flows
-
Source, destination, and twice NAT
-
Source NAT44
-
Destination NAT44
-
Source NAT with Interface Style
-
Destination NAT with Interface Style
-
Inline NAT with VRF
[See Inline NAT.]
-
-
Interoperability of MPC10E with MX-SPC3 for IPSec services steering (MX240, MX480, and MX960)—Starting in Junos OS Release 21.2R1, the MPC10E-15C-MRATE and MPC10E-10C-MRATE interoperates with the MX-SPC3 card to enable the packet forwarding path that steers packets to the MX- SPC3 card. The MPC10E line card can perform the ingress or the egress processing for IPSec services packets through the
st0
andvms
interfaces, nexthops, and the routes programmed in the line card.[See MPC10E-15C-MRATE and MPC10E-10C-MRATE.]
-
Interoperability of MPC10E with MX-SPC3 to support TLB (MX240, MX480, and MX960)—Starting in Junos OS Release 21.2R1, the MPC10E-15C-MRATE and the MPC10E-10C-MRATE interoperates with the MX-SPC3 card to support traffic load balancing. Using the Traffic Load Balancer (TLB) application, you can distribute traffic among multiple servers in a server group and perform health checks to determine whether any servers should not receive traffic. TLB supports multiple VPN routing and forwarding instance (VRF) instances..
-
Support for unidirectional session refreshing (MX Series routers with MS-MPCs and MX-SPC3 services card)—Starting in Junos OS Release 21.2R1, we support unidirectional session refreshing.
For a service set, you can configure unidirectional session refreshing for the in-zone and the out-zone.
At the
[edit services service-set <service-set-name> service-set-options]
hierarchy level, you can enable unidirectional session forwarding for:-
Input (in-zone), by configuring the statement
unidirectional-session-refreshing input
. -
Output (out-zone), by configuring the statement
unidirectional-session-refreshing output
[See service-set-options.]
-