Junos
Reply
Visitor
AdamClark
Posts: 5
Registered: ‎09-14-2009
0

Understanding the Services PIC implementation on the J -Series

Hi All

 

I understand that the J-Series simulates the AS PIC as a software process, but here is my problem (which will be me not understanding).

I have access to a j4350 running 8.5 Enhanced Services, and when I do a show interface terse, I do not see the sp interface listed (although I can create it).  Also, I dont seem to have a services hierarchy which all the training documents reference, only a security hierarchy (which I thought only came with the ASM) which does not include statefull firewall setup.

 

If anyone can shed any light on what I should expect to see and when, I would be very grateful.  I am moving over from Cisco to Juniper and am trying to grasp the concept of services and services sets.

Trusted Contributor
dsinn
Posts: 23
Registered: ‎10-16-2008

Re: Understanding the Services PIC implementation on the J -Series

The AS PIC is not emulated when running the Enhanced Services version of JunOS.  If you move the regular version of JunOS for the J-series then the AS PIC is emulated and all of the pseudo interfaces appear.  9.3 is the last release of regular JunOS for J-series.  Subsequent releases will all be Enhanced Services

 

David 

Visitor
AdamClark
Posts: 5
Registered: ‎09-14-2009
0

Re: Understanding the Services PIC implementation on the J -Series

Hi David

 

Thanks for that.  How do I use service-sets (next-hop-style) and stateful firewall rules with the Enhanced Services JUNOs.

Trusted Contributor
dsinn
Posts: 23
Registered: ‎10-16-2008
0

Re: Understanding the Services PIC implementation on the J -Series

Not really certain how that is accomplished in the Enhanced Services version of software.  I'm still only running the non-ES software.

 

David 

Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: Understanding the Services PIC implementation on the J -Series

Enhanced Services version is stateful firewall by default. You do not configure service-sets as such. In fact Enhanced Services version moves all services (nat, ipsec, stateful firewall) to security hierarchy. So you would need to put all interfaces within a security zone and apply security policies between zones. I would recommend reviewing J-Series Security Guides from here.

 

http://www.juniper.net/techpubs/software/junos-jseries/index.html

 

-Richard

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.