Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Junos OS Hierarchy Level


The Service Vector Routing (SVR) control plane is a location independent, service-based data model that provides the language used to describe the network’s services, tenancy, and associated policies. Every router in an SVR fabric shares the same service-based policies and topology. As such, to interoperate with SVR, you need to configure the connected SRX Series Services Gateway or the NFX Series Network Services Platform so it uses the same set of device names and IP numbers so the devices can recognize each other. Do that in Junos, at the service vector-routing hierarchy level.

Key concepts in the data model are explained below, followed by the Junos CLI hierarchy where they appear.

  • The Authority represents the data model used to describe network (routers), service, and policy behavior organized into a configuration hierarchy. In short, it represents the collection of all SVR networking components.
  • Global data applies to all devices within the authority.
  • Local data applies at the level of router (it is not used beyond the device).
  • A Node is essentially a running instance of the SVR control plane, either physical or virtual, at the local level.
  • A Peer is an SVR participating router that is connected to the one you are configuring. (You can use the notion of Peers to help diagram the network of SVR nodes.)
  • Routers in this context are logical entities; they can be standalone (one node) or high-availability (two node), and are responsible for receiving and sending packets to their correct destinations. Any options configured under the router hierarchy are considered local data (applicable to that router only).
  • Source Tenants , or Tenants are used in the data model as a way to place traffic sources and routes and their services (also referred to as service routes) into logical partitions within the underlay network. In short, Tenants are a way to group devices and create a trust zone.
  • Device Interface, also known as Physical Interface, and found at the interface level of the Junos hierarchy.
  • Network Interface, also known as Logical Interface, and found at the interface level of the Junos hierarchy.
  • Adjacency is one of several ways you can tell the router how to reach its Peer (because peers can be reachable from multiple network interfaces).
  • Service, in the SVR data model, is a traffic destination being accessed by constituents in your network. It is global data. Services represent specific applications that a network delivers, such as web services, database services, or voice/video services, and for which you can specify delivery limits such as latency, packet loss, and jitter.
  • Service Routes are local data that is used to tell the router how to reach a particular service, like a service oriented routing table. The destination can be one or more peers, a gateway, an IP address, a subnet, or something else. However, when the destination is another SVR router, the traffic will use SVR to send the traffic.
  • BFD, in the SVR network, devices use a lightweight Bi-directional Forwarding Detection (BDF) metadata to evaluate link quality and service changes between waypoints (you can think of waypoints as the IP addresses, or interfaces, used to forward SVR traffic along the SVR path).
  • The 128T concepts of Service Routers Policy and Service Policy are not currently used in Junos for NFX or SRX devices.
  • Neighborhoods this 128T concept is not currently used in Junos for NFX or SRX devices.
  • Vector this 128T concept is not currently used in Junos for NFX or SRX devices.


authority-name name—Specify the name of the authority the device belongs to.

  • cipher-suites cipher-suite name—The cipher-suite you choose must be supported by both ends of the connection (the cipher suite itself is a set of cryptographic algorithms that are used by the devices)
    • authentication-algorithm
    • authentication-disabled
    • authentication-key
    • encryption-algorithm
    • encryption-disabled
    • encryption-key
    • encryption-vector

destination-services name—Identify the destination service by giving it a name and specifying an IP prefix, transport protocol, and port.

  • access-policy source-tenant-name—Identify the source-tenant from which the device will receive traffic.
    • permission allow | deny
  • ip-prefix value—The address prefix of the destination-service.
  • transport gre | icmp | tcp | udp—Specify the traffic protocol.

meta-bfd —Configure BFD to evaluate connection and path attributes between waypoints in a SVR session path.

  • desired-tx-interval milliseconds—Specify the frequency at which to send the BFD asynchronous control packets.
  • dscp value—Specify the DSCP value to use with BFD packets, from zero to 63.
  • link-test-interval seconds—Specify the interval between BFD echo tests sent to the peer.
  • multiplier value—Number of consecutive undelivered or unacknowledged meta-bdf-packets needed to qualify the link as unusable, from 3 to 20.
  • required-min-rx-interval milliseconds—Specify the lower threshold at which to send BFD control packets.

router name—Name of the router used for vector-routing (explained above).

  • node name—Name of the service node (explained above).
    • adjacency name—Identify adjacent routers that are reachable from this node.
      • address value—The IP address or hostname of the adjacent router, or the waypoint address of the peer router.
      • cipher-suite cipher-suite name—The cipher-suite must be supported by both ends of the connection.
      • cost value—You can assign an administrative cost to the link, for example to influence path preference as part of a service level agreement. The default is 0.
      • peer name— Remote router.
      • peer-connectivity bidirectional | outbound-only
  • peer name—Name of the peer router (explained above) to which the waypoint address belongs.
  • peer-connectivity bidirectional | outbound-only—Set to outbound-only if the adjacency is behind a NAT device.
  • service-route name—Name of the target route for handling traffic for a given service.

source-tenant name—Name of the tenant to which you want to map traffic (using a given IP prefix or by specifying the interface the traffic will arrive from). If a given service does not match any tenants, they are considered "tenantless," which means no service policy other than public-level one will be applied to the traffic.

  • ip-prefixs value—Specify the IP prefix(es) you want to associate with the tenant name, and thus, by extension, the traffic flows you want to apply service policy to.
  • interface value—Specify the interface you want to associate with the tenant name.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

SVR support introduced in Junos OS Release 21.4R1 for SRX and NFS devices.