Next Gen Services Interfaces User Guide for
Routing Devices
Next Gen Services Interfaces User Guide
for Routing Devices
Published
2020-06-18
Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in
the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks
are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.
Next Gen Services Interfaces User Guide for Routing Devices Next Gen Services Interfaces User Guide for Routing Devices
Copyright © 2020 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related
limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with)
Juniper Networks software. Use of such software is subject to the terms and conditions of the EndUser License Agreement
(“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you
agree to the terms and conditions of that EULA.
ii
https://support.juniper.net/support/eula/
Table of Contents
About the Documentation | xxviii
Documentation and Release Notes | xxviii
Using the Examples in This Manual | xxviii
Merging a Full Example | xxix
Merging a Snippet | xxix
Documentation Conventions | xxx
Documentation Feedback | xxxiii
Requesting Technical Support | xxxiii
Self-Help Online Tools and Resources | xxxiv
Creating a Service Request with JTAC | xxxiv
Overview1
Next Gen Services Overview | 2
Next Gen Services Overview | 2
MX Series 5G Universal Router Services Overview | 2
Adaptive Services Overview | 3
Inline Services | 4
Next Gen Services | 4
Summary of Services Supported on MX Series 5G Universal Routers | 4
Next Gen Services Documentation | 6
Enabling Next Gen Services | 7
Compatibility with Other Services Cards | 7
Configuring the MX-SPC3 Services Card | 8
Methods for Applying Services to Traffic | 8
Configuration Overview | 9
Configuration Differences Between Adaptive Services and Next Gen Services on the MX-SPC3 | 9
Overview | 9
Interfaces | 11
Service Set | 14
iii
Stateful Firewall | 17
Rules and Policies | 17
Address Lists and Ranges | 19
Applications | 20
Traceoptions and Counters | 21
Carrier Grade Network Address Translation (CGNAT) | 22
Intrusion Detection System (IDS) | 48
Migrate from the MS Card to the MX-SPC3 | 56
Next Gen Services Feature Configuration Overview | 58
Service Rules and Rule Sets | 58
Service Sets | 58
Interface-Style Service Set | 58
Next-Hop-Style Service Set | 58
Services Interfaces | 59
How to Configure Services Interfaces for Next Gen Services | 59
How to Configure Interface-Style Service Sets for Next Gen Services | 61
How to Configure Next-Hop Style Service Sets for Next Gen Services | 62
How to Configure Service Set Limits for Next Gen Services | 64
Enabling and Disabling Next Gen Services | 66
Loading the Software Images on RE-S-X6-64G-UB | 66
Enabling Next Gen Services on an MX Series Router | 67
Disabling Next Gen Services on an MX Series Router | 68
Determining Whether Next Gen Services is Enabled on an MX Series Router | 69
Global System Logging Overview and Configuration | 70
Understanding Next Gen Services CGNAT Global System Logging | 70
Next Gen Services CGNAT Global System Logging | 70
Modes of Operation for Next Gen Services System Logging | 71
Understanding Stream Mode | 71
System Logging Configuration Overview | 71
Disabling Session Open Information in Syslogs | 72
Enabling Global System Logging for Next Gen Services | 72
Configuring Local System Logging for Next Gen Services | 73
iv
Configuring System Logging to One or More Remote Servers for Next Gen Services | 75
System Log Error Messages for Next Gen Services | 78
Session Open Logs | 78
MS-MPC Services Card | 78
MX-SPC3 Services Card | 78
Session Open Logs With NAT | 79
Session Open Logs Without NAT | 79
Session Close Logs | 80
MS-MPC Services Card | 80
MX-SPC3 Services Card | 80
NAT Out of Address Logs | 81
MS-MPC Services Card | 81
MX-SPC3 Services Card: | 81
NAT Out of Ports Logs | 81
MS-MPC Services Card | 81
MX-SPC3 Services Card | 81
NAT Rule Match Logs | 81
MS-MPC Services Card | 81
MX-SPC3 Services Card | 81
NAT Pool Release Logs | 81
MS-MPC Services Card | 82
MX-SPC3 Services Card | 82
NAT Port Block Allocation Logs | 82
MS-MPC Services Card-Example 1 | 82
MX-SPC3 Services Card-Example 1 | 82
MS-MPC Services Card-Example 2 | 82
MX-SPC3 Services Card-Example 2 | 82
NAT Port Block Allocation Interim Logs | 82
MS-MPC Services Card | 82
MX-SPC3 Services Card | 82
NAT Port Block Release Logs | 82
MS-MPC Services Card | 83
MX-SPC3 Services Card | 83
v
Deterministic NAT Logs | 83
MS-MPC Services Card | 83
Stateful Firewall Rule Accept Logs | 83
MS-MPC Services Card | 83
MX-SPC3 Services Card | 83
Stateful Firewall Rule Reject Logs | 84
MS-MPC Services Card | 84
MX-SPC3 Services Card | 84
Stateful Firewall Rule Discard Logs | 84
MS-MPC Services Card | 84
MX-SPC3 Services Card | 84
Stateful Firewall Rule No Rule Drop Logs | 84
MS-MPC Services Card | 85
MX-SPC3 Services Card | 85
Stateful Firewall No Policy Drop Logs | 85
MS-MPC Services Card | 85
MX-SPC3 Services Card | 85
Configuring Syslog Events for NAT Rule Conditions with Next Gen Services | 85
Next Gen Services SNMPMIBS and Traps | 87
Next Gen Services SNMP MIBs and Traps | 87
Service-Set Related SNMP MIBs | 87
Summary Mapping of MX-SPC3 CLI Services Operational Commands to SNMP MIBs | 93
NAT SNMP MIBs | 96
SNMP Traps | 99
Configuring SNMP Trap Generation | 100
SNMP Trace Logs for Traps | 103
Carrier Grade NAT (CGNAT2
Deterministic NAT Overview and Configuration | 108
Deterministic NAPT Overview for Next Gen Services | 108
Benefits of Deterministic NAPT | 108
Understanding Deterministic NAPT Algorithms | 108
vi
Deterministic NAPT Restrictions | 112
Configuring Deterministic NAPT for Next Gen Services | 113
Configuring the NAT Pool for Deterministic NAPT for Next Gen Services | 113
Configuring the NAT Rule for Deterministic NAPT44 for Next Gen Services | 115
Configuring the NAT Rule for Deterministic NAPT64 for Next Gen Services | 116
Configuring the Service Set for Deterministic NAT for Next Gen Services | 117
Clearing the Don’t Fragment Bit | 118
Dynamic Address-Only Source NAT Overview and Configuration | 119
Dynamic Address-Only Source Translation Overview | 119
Benefits of Dynamic Address-Only Source Translation | 119
Configuring Dynamic Address-Only Source NAT for Next Gen Services | 120
Configuring the Source Pool for Dynamic Address-Only Source NAT | 120
Configuring the NAT Source Rule for Dynamic Address-Only Source NAT | 121
Configuring the Service Set for Dynamic Address-Only Source NAT | 123
IPv4 Connectivity Across IPv6-Only Network Using 464XLAT Overview and
Configuration | 124
464XLAT Overview | 124
Benefits of 464XLAT | 126
IPv4 Addresses Embedded in IPv6 Addresses | 126
Configuring 464XLAT Provider-Side Translator for IPv4 Connectivity Across IPv6-Only Network
for Next Gen Services | 127
Configuring the Source Pool for 464XLAT | 127
Configuring the NAT Rules for 464XLAT | 129
Configuring the Service Set for 464XLAT | 132
Clearing the Don’t Fragment Bit | 133
Network Address Port Translation Overview and Configuration | 134
Network Address Port Translation (NAPT) Overview | 134
Benefits of NAPT | 135
Configuring Network Address Port Translation for Next Gen Services | 135
Configuring the Source Pool for NAPT | 135
Configuring the NAT Source Rule for NAPT | 139
vii
Configuring the Service Set for NAPT | 141
Configuring Syslog Events for NAT Rule Conditions with Next Gen Services | 142
IPv6 NAT PT | 143
IPv6 NAT PT Overview | 143
IPv6 NAT-PT Communication Overview | 144
NAT46 Next Gen Services Configuration Examples | 145
NAT46 Support Summary | 146
NAT46 Sample Configuration | 147
