Home
Juniper
Network Hardware
NFX250
Page 203
Juniper NFX250 - Page 203
230 pages
Manual
To Next Page
To Next Page
To Previous Page
To Previous Page
Loading...
R
elat
ed
Documenta
tion
•
Config
uring
IPSec-NM
Interfa
ces
on
pa
ge
171
•
Config
uring
AutoK
ey
Internet
Ke
y
Exchang
e
on
page
172
•
Config
uring
IPSec
on
pa
ge
175
185
Copyright
©
2017
,
Juniper
Netw
orks,
Inc.
Chapter
8:
Understanding
IPSec-NM
202
204
Table of Contents
Main Page
Default Chapter
3
Table of Contents
3
About the Documentation
13
Documentation and Release Notes
13
Supported Platforms
13
Using the Examples in this Manual
13
Merging a Full Example
14
Merging a Snippet
14
Documentation Conventions
15
About the Documentation
15
Table 1: Notice Icons
15
Table 2: Text and Syntax Conventions
16
Documentation Feedback
17
Requesting Technical Support
17
Self-Help Online Tools and Resources
17
Opening a Case with JTAC
18
Architecture Overview
19
Architecture Overview
21
Understanding Disaggregated Junos os
21
Chapter 1 Architecture Overview
21
Figure 1: Position of the Juniper Device Manager
22
Figure 2: Basic Disaggregated Junos os Architecture
22
Disaggregated Junos os Vms
24
Figure 3: Virtual Machine Monitors
24
Figure 4: Containers-Overall Architecture
25
Understanding Virtio Usage
26
Figure 5: VNF Bridging with Virtio
27
Understanding SR-IOV Usage
28
Comparing Virtio and SR-IOV
29
Figure 6: VNF Communication Using SR-IOV
29
Understanding Physical and Virtual Components
30
Figure 7: Physical and Virtual Layers in the Disaggregated Junos os
31
Figure 8: Physical and Virtual Component Communication
32
Installation
35
Part 2 Installation
35
Installation
37
Managing Software Installation on NFX250 Network Services Platform
37
Chapter 2 Installation
37
Upgrading an Image on the Disaggregated Junos os Platform
38
Reverting the System to the Factory-Default Configuration
41
Rebooting the System
41
Management
43
Management Configuration Statements and Operational Commands
43
Part 3 Management
43
Chapter 3 Management
45
Understanding the JDM CLI
46
Accessing the JDM Shell, JDM CLI, and JCP Prompts in a Disaggregated Junos os Platform
46
Accessing the JDM CLI
47
Accessing the JDM Shell
47
Accessing the JCP Prompt from the JDM CLI
47
Accessing the Hypervisor from the JDM CLI
47
Management
47
Accessing the Ipsec-Nm from the JDM CLI
48
Understanding User Accounts
48
Root Account
48
Other User Accounts
48
User Authentication
49
Configuring JDM User Accounts and Authentication
49
Understanding JDM Management Interfaces
50
Console Interface
50
Out-Of-Band Management Interface
50
Figure 9: Out-Of-Band Management Interface
50
In-Band Management Interface
51
Configuring the Out-Of-Band Management Interface for JDM
51
Configuring the Out-Of-Band Management Interface with Ipv4 Addressing
51
Configuring the Out-Of-Band Management Interface with Ipv6 Addressing
51
Figure 10: In-Band Management Interface Network
51
For JDM
52
Configuring the In-Band Management Interface for JDM
53
Figure 11: In-Band Management Interface Example
53
Configuring the Out-Of-Band Management Interface for Hypervisor
54
Configuring the Out-Of-Band Management Interface with Ipv4 Addressing
55
For Hypervisor
55
Configuring the Out-Of-Band Management Interface with Ipv6 Addressing
55
Configuring SSH Service and NETCONF-Over-SSH Connections for Remote Access to the Disaggregated Junos os Platform
55
Configuring HTTP Access to the Disaggregated Junos os Platform
56
Configuring HTTPS Access to the Disaggregated Junos os Platform
56
Configuring SNMP on JDM
57
Configuring SNMP Community
57
Configuring SNMP System Parameters
57
Configuring SNMP V3
58
Configuring SNMP Traps
58
Querying SNMP Mibs
58
Managing Traps
59
Platform
59
Configuring Ipsec in the Disaggregated Junos os Platform
59
Platform
60
Enabling Centralized Logging
60
Viewing Log Messages
60
Managing Core Files for a Disaggregated Junos os Platform
61
Viewing Core Files
61
Synchronizing Time Using NTP
62
Chapter 4 Management Configuration Statements and Operational Commands
63
Enhanced-Orchestration
64
Http
64
Https
65
Ipsec-Nm
65
Netconf
66
Ntp
67
Outbound-Ssh
68
Phone-Home
69
Rest
70
Ssh
70
System
71
Traceoptions
73
Upgrade-Image-Before-Configuration
74
Show Connections
75
Table 3: Show Connections Output Fields
75
Show Forwarding-Options Analyzer
77
Table 4: Show Forwarding-Options Analyzer Output Fields
77
Show System Inventory Hardware Cpu
79
Table 5: Show System Inventory Hardware Cpu Output Fields
79
Show System Inventory Hardware Memory
82
Table 6: Show System Inventory Hardware Memory Output Fields
82
Show System Inventory Hardware Network
84
Table 7: Show System Inventory Hardware Network Output Fields
84
Show System Inventory Hardware Storage
86
Table 8: Show System Inventory Hardware Storage Output Fields
86
Show System Inventory Software Vnf
89
Table 9: Show System Inventory Software Vnf Output Fields
89
Show System Services Ipsec-Nm
90
Table 10: Show System Services Ipsec-Nm Output Fields
90
Show System Visibility Cpu
92
Table 11: Show System Visibility Cpu Output Fields
92
Show System Visibility Host
95
Table 12: Show System Visibility Host Output Fields
95
Show System Visibility Jcp
100
Table 13: Show System Visibility Jcp Output Fields
100
Show System Visibility Jdm
103
Table 14: Show System Visibility Jdm Output Fields
103
Show System Visibility Memory
107
Table 15: Show System Visibility Memory Output Fields
107
Show System Visibility Network
109
Table 16: Show System Visibility Network Output Fields
109
Show System Visibility Storage
112
Table 17: Show System Visibility Storage Output Fields
112
Show System Visibility Vnf
115
Table 18: Show System Visibility Vnf Output Fields
115
Virtual Network Functions
121
Virtual Network Functions Configuration Statements and Operational
121
Commands
121
Chapter 5 Virtual Network Functions
123
Understanding Virtual Network Functions
123
Figure 12: Network Connections between JDM and the Vms
123
Managing the VNF Life Cycle
124
Table 19: VNF Glossary
124
Planning Resources for a VNF
125
Table 20: Physical CPU Allocation for NFX250-LS1
125
Launching a VNF
126
Managing the VNF Image
126
Preparing the Bootstrap Configuration
126
Table 21: Physical CPU Allocation for NFX250
126
Allocating Resources for a VNF
127
Specifying CPU for VNF
127
Allocating Memory for a VNF
128
Configuring VNF Storage Devices
128
Configuring VNF Interfaces and Vlans
129
Managing VNF MAC Addresses
131
Managing VNF States
131
Managing MTU
132
Configuring Cross-Connect
133
Accessing a VNF from JDM
135
Configuring Analyzer VNF and Port-Mirroring
135
Deleting a VNF
136
Displaying the VNF Details
136
Viewing List of Vnfs
136
Chapter 6 Virtual Networkfunctionsconfigurationstatementsandoperational
139
Commands
139
Virtual Network Functions
139
Cross-Connect
140
Features
142
Host-Os Forwarding-Options Analyzer
143
Hugepages
144
Image
145
Init-Descriptor
146
Interfaces
147
Ipsec-Nm
148
Mac-Address
149
Mapping
150
Memory
151
Mtu
152
No-Autostart
152
Pci-Address
153
Size
153
Storage
154
Type
155
Virtual-Cpu
156
Virtual-Network-Functions
157
Vjunos0
160
Vnf-Name
161
Show Virtual-Network-Functions
163
Table 22: Show Virtual-Network Functions Output Fields
163
Show Vlans
167
Table 23: Show Virtual-Network Functions Output Fields
167
Service Chaining
169
Part 5 Service Chaining
169
Service Chaining
171
Understanding Service Chaining on Disaggregated Junos os Platforms
171
Figure 13: Virtual Network Functions on a Disaggregated Junos os Platform
171
Chapter 7 Service Chaining
171
Configuring Service Chaining Using Vlans
172
Configuring Service Chaining Using DHCP Services on Vlans
173
Service Chaining
173
Example: Configuring Service Chaining Using Vlans on NFX250 Network Services Platform
174
Figure 14: Service Chaining Using Vlans
174
Example: Configuring Service Chaining Using SR-IOV on NFX250 Network Services Platform
178
Figure 15: Service Chaining Using SR-IOV-Device Infrastructure
179
Ipsec-NM
185
Part 6 Ipsec-NM
185
Understanding Ipsec-NM
187
Overview of IP Security
187
Chapter 8 Understanding Ipsec-NM
187
Configuring IP Security Network Manager
188
Configuring Ipsec-NM Interfaces
189
Configuring Autokey Internet Key Exchange
190
Configuring Ipsec
193
Example: Configuring IKE, Ipsec, and Security Zones
195
Table 24: IKE, Ipsec Sas, and Security Zones Configuration
196
Chapter 9 Ipsec-NM Configuration Statements and Operational Commands
205
Ipsec-Nm
206
Ike
210
Ipsec
212
Policies
214
Interfaces
215
Show Security Ike Sa
216
Table 25: Show Security Ike Sa Output Fields
216
Table 26: Show Security Ike Sa Detail Output Fields
217
Show Security Ike Active-Peer
221
Table 27: Show Security Ike Active-Peer Output Fields
221
Show Security Ipsec Sa
222
Table 28: Show Security Ipsec Sa Output Fields
222
Table 29: Show Security Ipsec Sa Detail Output Fields
223
Show Security Ipsec Statistics
226
Table 30: Show Security Ipsec Statistics
226
Show Security Ipsec Inactive-Tunnels
228
Table 31: Show Security Ipsec Inactive-Tunnels Output Fields
228
Show Security Ipsec Tunnel-Events-Statistics
230
Other manuals for Juniper NFX250
Quick Start
9 pages
Quick Start Guide
7 pages
Related product manuals
Juniper SSR130
18 pages
Juniper MX10016
32 pages
Juniper MX10004
14 pages
Juniper ACX7100
12 pages
Juniper CTP2024
150 pages
Juniper Mist Edge
9 pages
Juniper BTI7800 Series
228 pages
Juniper EX4100-F- 24P/T
9 pages
Juniper Day One+ QFX5120
12 pages
Juniper MX240 - UPGRADING
35 pages
Juniper Day One Plus SRX380
9 pages
To Next Page
