Junos
Junos

Understanding the Services PIC implementation on the J -Series

09.30.09   |  
‎09-30-2009 04:22 AM

Hi All

 

I understand that the J-Series simulates the AS PIC as a software process, but here is my problem (which will be me not understanding).

I have access to a j4350 running 8.5 Enhanced Services, and when I do a show interface terse, I do not see the sp interface listed (although I can create it).  Also, I dont seem to have a services hierarchy which all the training documents reference, only a security hierarchy (which I thought only came with the ASM) which does not include statefull firewall setup.

 

If anyone can shed any light on what I should expect to see and when, I would be very grateful.  I am moving over from Cisco to Juniper and am trying to grasp the concept of services and services sets.

4 REPLIES
Highlighted
Junos

Re: Understanding the Services PIC implementation on the J -Series

09.30.09   |  
‎09-30-2009 08:27 AM

The AS PIC is not emulated when running the Enhanced Services version of JunOS.  If you move the regular version of JunOS for the J-series then the AS PIC is emulated and all of the pseudo interfaces appear.  9.3 is the last release of regular JunOS for J-series.  Subsequent releases will all be Enhanced Services

 

David 

Junos

Re: Understanding the Services PIC implementation on the J -Series

09.30.09   |  
‎09-30-2009 11:37 AM

Hi David

 

Thanks for that.  How do I use service-sets (next-hop-style) and stateful firewall rules with the Enhanced Services JUNOs.

Junos

Re: Understanding the Services PIC implementation on the J -Series

09.30.09   |  
‎09-30-2009 02:26 PM

Not really certain how that is accomplished in the Enhanced Services version of software.  I'm still only running the non-ES software.

 

David 

Junos

Re: Understanding the Services PIC implementation on the J -Series

10.07.09   |  
‎10-07-2009 11:25 PM

Enhanced Services version is stateful firewall by default. You do not configure service-sets as such. In fact Enhanced Services version moves all services (nat, ipsec, stateful firewall) to security hierarchy. So you would need to put all interfaces within a security zone and apply security policies between zones. I would recommend reviewing J-Series Security Guides from here.

 

http://www.juniper.net/techpubs/software/junos-jseries/index.html

 

-Richard