Junos® OS Interfaces User Guide for ... - Juniper Networks · UnderstandingInterfaceClocking|44...

Junos® OS

Interfaces User Guide for Security Devices

Published

2020-04-03

Juniper Networks, Inc.1133 Innovation WaySunnyvale, California 94089USA408-745-2000www.juniper.net

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. inthe United States and other countries. All other trademarks, service marks, registered marks, or registered service marksare the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the rightto change, modify, transfer, or otherwise revise this publication without notice.

Junos® OS Interfaces User Guide for Security DevicesCopyright © 2020 Juniper Networks, Inc. All rights reserved.

The information in this document is current as of the date on the title page.

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-relatedlimitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

END USER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with)Juniper Networks software. Use of such software is subject to the terms and conditions of the EndUser License Agreement(“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, youagree to the terms and conditions of that EULA.

ii

https://support.juniper.net/support/eula/

Logical Interface Settings | 91

Example: Configuring the 1-Port Clear-Channel DS3/E3 GPIM for DS3 Port Mode | 93

Example: Configuring the 1-Port Clear Channel DS3/E3 GPIM for E3 Port Mode | 95

Example: Configuring the 1-Port Clear-Channel DS3/E3 GPIM for M23 Mapping Mode | 97

Configuring ADSL and SHDSL Interfaces3Configuring ADSL Interfaces | 100

ADSL Interface Overview | 100

ADSL Systems | 102

ADSL2 and ADSL2+ | 102

ATM CoS Support | 102

ADSL and SHDSL Interfaces Configuration Overview | 103

Example: Configuring the DHCP Client on ADSL Interface | 107

Example: Configuring the IPv6 Address on an ADSL Interface | 112

Example: Configuring ATM-over-ADSL Network Interfaces | 115

Example: Configuring MLPPP-over-ADSL Interfaces | 124

Example: Configuring CHAP on DSL Interfaces | 126

Example: Configuring ATM-over-SHDSL Network Interfaces | 135

Configuring G.SHDSL Interfaces | 143

SHDSL Interface Overview | 144

G.SHDSL Mini-PIM Overview | 144

Operating Modes and Line Rates of the G.SHDSL Mini-PIM | 146

G.SHDSL Mini-PIM Configuration Overview | 146

Example: Configuring the G.SHDSL Interface on SRX Series Devices | 148

Example: Configuring the G.SHDSL Interface in EFM Mode | 162

Configuring VDSL2 Interfaces | 175

VDSL2 Interface Technology Overview | 175

VDSL2 Vectoring Overview | 176

VDSL2 Network Deployment Topology | 176

VDSL2 Interface Support on SRX Series Devices | 178

VDSL2 Interface Compatibility with ADSL Interfaces | 179

VDSL2 Interfaces Supported Profiles | 181

VDSL2 Interfaces Supported Features | 181

vi

Understanding IPv6 Support VDSL2 Interfaces | 182

Example: Configuring VDSL2 Interfaces (Basic) | 183

Example: Configuring VDSL2 Interfaces (Detail) | 191

Example: Configuring VDSL2 Interfaces in ADSL Mode (Basic) | 225

Example: Configuring VDSL2 Interfaces in ADSL Mode (Detail) | 232

Upgrading the VDSL PIC Firmware | 267

Configuring Ethernet Interfaces4Configuring Ethernet Interfaces | 271

Understanding Ethernet Interfaces | 271

Ethernet Access Control and Transmission | 272

Collisions and Detection | 272

Collision Domains and LAN Segments | 273

Broadcast Domains | 274

Ethernet Frames | 274

Example: Creating an Ethernet Interface | 276

Understanding Static ARP Entries on Ethernet Interfaces | 277

Example: Configuring Static ARP Entries on Ethernet Interfaces | 277

Understanding Promiscuous Mode on Ethernet Interface | 281

Understanding Promiscuous Mode on the SRX5K-MPC | 281

Example: Configuring Promiscuous Mode on the SRX5K-MPC | 282

Example: Deleting an Ethernet Interface | 288

Configuring Aggregated Ethernet Interfaces | 289

Understanding Aggregated Ethernet Interfaces | 290

LAGs | 290

LACP | 291

Configuring Aggregated Ethernet Interfaces | 292

Understanding Physical Interfaces for Aggregated Ethernet Interfaces | 293

Example: Associating Physical Interfaces with Aggregated Ethernet Interfaces | 293

Understanding Aggregated Ethernet Interface Link Speed | 295

Example: Configuring Aggregated Ethernet Link Speed | 295

Understanding Minimum Links for Aggregated Ethernet Interfaces | 296

Example: Configuring Aggregated Ethernet Minimum Links | 297

Deleting Aggregated Ethernet Interface | 298

vii

Example: Deleting Aggregated Ethernet Interfaces | 298

Example: Deleting Aggregated Ethernet Interface Contents | 299

Understanding VLAN Tagging for Aggregated Ethernet Interfaces | 301

Understanding Promiscuous Mode for Aggregated Ethernet Interfaces | 301

Verifying Aggregated Ethernet Interfaces | 301

Verifying Aggregated Ethernet Interfaces (terse) | 301

Verifying Aggregated Ethernet Interfaces (extensive) | 302

Configuring Link Aggregation Control Protocol | 303

Understanding LACP on Standalone Devices | 304

Example: Configuring Link Aggregation Control Protocol | 305

Verifying LACP on Standalone Devices | 309

Verifying LACP Statistics | 310

Verifying LACP Aggregated Ethernet Interfaces | 310

LAG and LACP Support Line Devices with I/O Cards (IOCs) | 312

LAG and LACP Support on the SRX5000 Module Port Concentrator | 312

LAG and LACP Support on the SRX5000 Line IOCs in Express Path Mode | 313

Example: Configuring LAG Interface on an Line Device with IOC2 or IOC3 | 314

Configuring Gigabit Ethernet Physical Interface Modules | 319

Understanding the 1-Port Gigabit Ethernet SFP Mini-PIM | 320


Interface Names and Settings | 320

Available Link Speeds and Modes | 321

Link Settings | 321

Example: Configuring the 1-Port Gigabit Ethernet SFP Mini-PIM Interface | 322

Understanding the 2-Port 10-Gigabit Ethernet XPIM | 330



Copper and Fiber Operating Modes | 332

Link Speeds | 332

Link Settings | 332

Example: Configuring the 2-Port 10-Gigabit Ethernet XPIM Interface | 333

viii

Understanding the 8-Port Gigabit Ethernet SFP XPIM | 338



Example: Configuring 8-Port Gigabit Ethernet SFP XPIMs | 340

Rate-Selectability on SRX4600 Devices | 360

SRX4600 Gateway Rate-Selectability Overview | 360

Maximum number of 10/40/100GE ports Configurable at PIC and Port Mode | 363

Configuring 40-Gigabit Ethernet ports to 4X10-Gigabit Ethernet using Breakout Cables | 364

Supported Active Physical Rate-Selectable Ports to Prevent Oversubscription on SRX4600Gateway | 366

Invalid Port Configuration | 367

Configuring Active Ports on SRX4600 Gateway with Rate Selectability | 367

Configuring Ethernet OAM Link Fault Management | 370

Understanding Ethernet OAM Link Fault Management for SRX Series Services Gateways | 371

Example: Configuring Ethernet OAM Link Fault Management on a Security Device | 373

Example: Configuring Remote Loopback Mode on VDSL Interfaces on a Security Device | 378

Configuring Ethernet OAM Connectivity Fault Management | 383

Understanding Ethernet OAM Connectivity Fault Management | 384

Benefits of Ethernet CFM | 385

CFM over VDSL and PPPoE interfaces for SRX210, SRX220, SRX240, SRX320, SRX340,SRX345, SRX380, SRX550, and SRX550M Devices | 385

Configuring the Continuity Check Protocol on a Security Device | 387

Configuring the Link Trace Protocol on a Security Device | 388

Creating a Maintenance Domain on a Security Device | 389

Configuring a Maintenance Domain MIP Half Function on a Security Device | 390

Creating a Maintenance Association on a Security Device | 391

Configuring a Maintenance Association End Point on a Security Device | 392

Example: Configuring Ethernet OAM Connectivity Fault Management on a Security Device | 393

Configuring Power over Ethernet | 407

Understanding Power over Ethernet | 407

SRX Series Services Gateway PoE Specifications | 408

PoE Classes and Power Ratings | 411

ix

Configuring Point-to-Point Protocol over Ethernet | 453

Understanding Point-to-Point Protocol over Ethernet | 454

PPPoE Discovery Stage | 455

PPPoE Session Stage | 456

Understanding PPPoE Interfaces | 458

Example: Configuring PPPoE Interfaces | 458

Understanding PPPoE Ethernet Interfaces | 467

Example: Configuring PPPoE Encapsulation on an Ethernet Interface | 467

Understanding PPPoE ATM-over-ADSL and ATM-over-SHDSL Interfaces | 468

Example: Configuring PPPoE Encapsulation on an ATM-over-ADSL Interface | 469

Understanding CHAP Authentication on a PPPoE Interface | 472

Example: Configuring CHAP Authentication on a PPPoE Interface | 472

Verifying Credit-Flow Control | 475

Verifying PPPoE Interfaces | 476

Verifying R2CP Interfaces | 476

Displaying Statistics for PPPoE | 478

Setting Tracing Options for PPPoE | 479

Configuring Link Services Interfaces6Configuring Link Services Interfaces | 482

Link Services Interfaces Overview | 482

Services Available on a Link Services Interface | 483

Link Services Exceptions | 484

Configuring Multiclass MLPPP | 485

Queuing with LFI | 486

Compressed Real-Time Transport Protocol Overview | 487

Configuring Fragmentation by Forwarding Class | 487

xi

Configuring Link-Layer Overhead | 489

Link Services Configuration Overview | 489

Verifying the Link Services Interface | 490

Verifying Link Services Interface Statistics | 491

Verifying Link Services CoS Configuration | 493

Understanding the Internal Interface LSQ-0/0/0 Configuration | 496

Example: Upgrading from ls-0/0/0 to lsq-0/0/0 for Multilink Services | 496

Troubleshooting the Link Services Interface | 500

Determine Which CoS Components Are Applied to the Constituent Links | 500

Determine What Causes Jitter and Latency on the Multilink Bundle | 503

Determine If LFI and Load Balancing Are Working Correctly | 504

DetermineWhy Packets Are Dropped on a PVC Between a Juniper Networks Device anda Third-Party Device | 512

Configuring Link Fragmentation and Interleaving | 513

Understanding Link Fragmentation and Interleaving Configuration | 513

Example: Configuring Link Fragmentation and Interleaving | 514

Configuring Class-of-Service on Link Services Interfaces | 516

Understanding How to Define Classifiers and Forwarding Classes | 516

Example: Defining Classifiers and Forwarding Classes | 517

Understanding How to Define and Apply Scheduler Maps | 521

Example: Configuring Scheduler Maps | 522

Understanding Interface Shaping Rates | 527

Example: Configuring Interface Shaping Rates | 527

Achieving Greater Bandwidth, Load Balancing, and Redundancy with MultilinkBundles | 529

Understanding MLPPP Bundles and Link Fragmentation and Interleaving (LFI) on SerialLinks | 529

Example: Configuring an MLPPP Bundle | 530

Configuring Multilink Frame Relay | 534

Understanding Multilink Frame Relay FRF.15 | 535

Example: Configuring Multilink Frame Relay FRF.15 | 535

Understanding Multilink Frame Relay FRF.16 | 539

Example: Configuring Multilink Frame Relay FRF.16 | 539

xii

Configuring Compressed Real-Time Transport Protocol | 544

Understanding Compressed Real-Time Transport Protocol | 544

Example: Configuring the Compressed Real-Time Transport Protocol | 545

Configuring Management, Discard, and Loopback Interfaces7Configuring Management and Discard Interfaces | 549

Configuring Management Interfaces | 549

Configuring Discard Interface | 550

Configuring Loopback Interfaces | 550

Understanding the Loopback Interface | 550

Configuring a Loopback Interface | 552

Configuring Port Mirroring8Understanding Port Mirroring on SRX Devices | 555

Configuring Port Mirroring on SRX Devices | 555

Configuring LTE Interfaces9Configuring LTE Interfaces | 560

LTE Mini-PIM Overview | 560


Understanding the LTE Physical Interface | 562

Understanding the LTE Logical Interface | 562

LTE Mini-PIM Configuration Overview | 564

Configuring the LTE Mini-PIM as the Primary Interface | 564

Configuring the LTE Mini-PIM as a Backup Interface | 567

Example: Configuring the LTE Mini-PIM as a Backup Interface | 569

Configuring the LTE Interface as a Dial-on-Demand Interface | 576

xiii

Configuring Wi-Fi MPIM10Wi-Fi Mini Physical Interface Module (MPIM) | 581

Wi-Fi Mini-Physical Interface Module Overview | 581

Features Supported on the Wi-Fi Mini-PIM | 582

Configure Wi-Fi Mini-PIM | 582

Configure Network Setting for the Wi-Fi Mini-PIM | 583

Configure VLANS | 588

Configuring Serial Interfaces11Configuring Serial Interfaces | 597

Serial Interfaces Overview | 597

Serial Transmissions | 598

Signal Polarity | 599

Serial Clocking Modes | 599

Serial Line Protocols | 601

Example: Configuring a Serial Interface | 604

Example: Deleting a Serial Interface | 607

Understanding the 8-Port Synchronous Serial GPIM | 608


Example: Configuring an 8-Port Synchronous Serial GPIM in Back-to-Back SRX650 ServicesGateways | 610

Interfaces Support for SRX100, SRX110, SRX210, SRX240, SRX550, SRX650,and SRX1400 Devices12

Configuring 1-Port Clear Channel DS3/E3 GPIM | 631

Understanding the 1-Port Clear Channel DS3/E3 GPIM | 631


Interface Naming | 632

Physical Interface Settings | 632

Logical Interface Settings | 633

Example: Configuring the 1-Port Clear-Channel DS3/E3 GPIM for DS3 Port Mode | 635

Example: Configuring the 1-Port Clear Channel DS3/E3 GPIM for E3 Port Mode | 637

xiv

Example: Configuring the 1-Port Clear-Channel DS3/E3 GPIM for M23 Mapping Mode | 639

Configuring 3GWireless Modems for WAN Connections | 641

3G Wireless Modem Overview | 641

3G Wireless Modem Configuration Overview | 642

Understanding the Dialer Interface | 644

Dialer Interface Configuration Rules | 644

Dialer Interface Authentication Support for GSM HSDPA 3GWireless Modems | 645

Dialer Interface Functions | 645

Dialer Interface Operating Parameters | 645

Example: Configuring the Dialer Interface | 646

Understanding the 3G Wireless Modem Physical Interface | 653

Example: Configuring the 3G Wireless Modem Interface | 654

Understanding the GSM Profile | 655

Example: Configuring the GSM Profile | 656

Unlocking the GSM 3GWireless Modem | 657

Configuring CDMA EV-DOModem Cards | 659

Understanding Account Activation for CDMA EV-DO Modem Cards | 659

Obtaining Electronic Serial Number (ESN) | 660

Account Activation Modes | 661

Activating the CDMA EV-DO Modem Card Manually | 662

Activating the CDMA EV-DO Modem Card with IOTA Provisioning | 665

Activating the CDMA EV-DO Modem Card with OTASP Provisioning | 666

Configuring USB Modems for Dial Backup | 667

USB Modem Interface Overview | 668

USB Modem Interfaces | 668

Dialer Interface Rules | 669

How the Device Initializes USB Modems | 669

USB Modem Configuration Overview | 671

Example: Configuring a USB Modem Interface | 673

Example: Configuring Dialer Interfaces and Backup Methods for USB Modem Dial Backup | 677

Example: Configuring a Dialer Interface for USB Modem Dial-In | 685

Example: Configuring PAP on Dialer Interfaces | 687

Example: Configuring CHAP on Dialer Interfaces | 689

xv

About the Documentation

IN THIS SECTION

Documentation and Release Notes | xxii

Using the Examples in This Manual | xxiii

Documentation Conventions | xxiv

Documentation Feedback | xxvii

Requesting Technical Support | xxvii

Use this guide to configure and monitor Network, Services, and Special interfaces for Juniper securitydevices.

• Refer to LTE interfaces andWi-Fi Mini-PIM interfaces on SRX300, SRX320, SRX340, SRX345, SRX550,and SRX550 HM devices.

Also, understand and configure the physical, logical and VLAN interfaces, DS1 andDS3 interfaces, ADSL,SHDSL, and VDSL interfaces, Ethernet Interfaces, interface encapsulation, link service interfaces,management, discard, and loopback interfaces, and serial interfaces on SRX300, SRX320, SRX340,SRX345, SRX550, and SRX550 HM devices.

• Refer to Interfaces Support for SRX100, SRX110, SRX210, SRX240, SRX550, SRX650, and SRX1400Devices section to access information on modem interfaces and 1-Port Clear Channel DS3/E3 GPIMinterfaces.

Documentation and Release Notes

To obtain the most current version of all Juniper Networks® technical documentation, see the productdocumentation page on the Juniper Networks website at https://www.juniper.net/documentation/.

If the information in the latest release notes differs from the information in the documentation, follow theproduct Release Notes.

Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts.These books go beyond the technical documentation to explore the nuances of network architecture,deployment, and administration. The current list can be viewed at https://www.juniper.net/books.

xxii

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-interface-config-lte-interfaces.htmlhttps://www.juniper.net/documentation/en_US/junos/topics/topic-map/interfaces-security-wi-fi-mini-pim-srx-series.htmlhttps://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-interface-port-clear-channel-ds3-e3-gpim.htmlhttps://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-interface-port-clear-channel-ds3-e3-gpim.htmlhttps://www.juniper.net/documentation/https://www.juniper.net/books

Using the Examples in This Manual

If you want to use the examples in this manual, you can use the load merge or the load merge relativecommand. These commands cause the software to merge the incoming configuration into the currentcandidate configuration. The example does not become active until you commit the candidate configuration.

If the example configuration contains the top level of the hierarchy (or multiple hierarchies), the exampleis a full example. In this case, use the load merge command.

If the example configuration does not start at the top level of the hierarchy, the example is a snippet. Inthis case, use the loadmerge relative command. These procedures are described in the following sections.

Merging a Full Example

To merge a full example, follow these steps:

1. From the HTML or PDF version of the manual, copy a configuration example into a text file, save thefile with a name, and copy the file to a directory on your routing platform.

For example, copy the following configuration to a file and name the file ex-script.conf. Copy theex-script.conf file to the /var/tmp directory on your routing platform.

system {scripts {commit {file ex-script.xsl;

}}

}interfaces {fxp0 {disable;unit 0 {family inet {address 10.0.0.1/24;

}}

}}

2. Merge the contents of the file into your routing platform configuration by issuing the load mergeconfiguration mode command:

xxiii

[edit]user@host# load merge /var/tmp/ex-script.confload complete

Merging a Snippet

To merge a snippet, follow these steps:

1. From the HTML or PDF version of the manual, copy a configuration snippet into a text file, save thefile with a name, and copy the file to a directory on your routing platform.

For example, copy the following snippet to a file and name the file ex-script-snippet.conf. Copy theex-script-snippet.conf file to the /var/tmp directory on your routing platform.

commit {file ex-script-snippet.xsl; }

2. Move to the hierarchy level that is relevant for this snippet by issuing the following configurationmodecommand:

[edit]user@host# edit system scripts[edit system scripts]

3. Merge the contents of the file into your routing platform configuration by issuing the load mergerelative configuration mode command:

[edit system scripts]user@host# load merge relative /var/tmp/ex-script-snippet.confload complete

For more information about the load command, see CLI Explorer.

Documentation Conventions

Table 1 on page xxv defines notice icons used in this guide.

xxiv

https://www.juniper.net/techpubs/content-applications/cli-explorer/junos/

Table 1: Notice Icons

DescriptionMeaningIcon

Indicates important features or instructions.Informational note

Indicates a situation that might result in loss of data or hardwaredamage.

Caution

Alerts you to the risk of personal injury or death.Warning

Alerts you to the risk of personal injury from a laser.Laser warning

Indicates helpful information.Tip

Alerts you to a recommended use or implementation.Best practice

Table 2 on page xxv defines the text and syntax conventions used in this guide.

Table 2: Text and Syntax Conventions

ExamplesDescriptionConvention

To enter configuration mode, typethe configure command:

user@host> configure

Represents text that you type.Bold text like this

user@host> show chassis alarms

No alarms currently active

Represents output that appears onthe terminal screen.

Fixed-width text like this

• A policy term is a named structurethat defines match conditions andactions.

• Junos OS CLI User Guide

• RFC 1997, BGP CommunitiesAttribute

• Introduces or emphasizes importantnew terms.

• Identifies guide names.

• Identifies RFC and Internet drafttitles.

Italic text like this

xxv

Table 2: Text and Syntax Conventions (continued)


Configure the machine’s domainname:

[edit]root@# set system domain-namedomain-name

Represents variables (options forwhich you substitute a value) incommands or configurationstatements.

Italic text like this

• To configure a stub area, includethe stub statement at the [editprotocols ospf area area-id]hierarchy level.

• The console port is labeledCONSOLE.

Represents names of configurationstatements, commands, files, anddirectories; configuration hierarchylevels; or labels on routing platformcomponents.

Text like this

stub ;Encloses optional keywords orvariables.

< > (angle brackets)

broadcast | multicast

(string1 | string2 | string3)

Indicates a choice between themutually exclusive keywords orvariables on either side of the symbol.The set of choices is often enclosedin parentheses for clarity.

| (pipe symbol)

rsvp { # Required for dynamic MPLSonly

Indicates a comment specified on thesame line as the configurationstatement to which it applies.

# (pound sign)

community name members [community-ids ]

Encloses a variable for which you cansubstitute one or more values.

[ ] (square brackets)

[edit]routing-options {static {route default {nexthop address;retain;

}}

}

Identifies a level in the configurationhierarchy.

Indention and braces ( { } )

Identifies a leaf statement at aconfiguration hierarchy level.

; (semicolon)

GUI Conventions

xxvi

Table 2: Text and Syntax Conventions (continued)


• In the Logical Interfaces box, selectAll Interfaces.

• To cancel the configuration, clickCancel.

Represents graphical user interface(GUI) items you click or select.

Bold text like this

In the configuration editor hierarchy,select Protocols>Ospf.

Separates levels in a hierarchy ofmenu selections.

> (bold right angle bracket)

Documentation Feedback

We encourage you to provide feedback so that we can improve our documentation. You can use eitherof the following methods:

• Online feedback system—Click TechLibrary Feedback, on the lower right of any page on the JuniperNetworks TechLibrary site, and do one of the following:

• Click the thumbs-up icon if the information on the page was helpful to you.

• Click the thumbs-down icon if the information on the page was not helpful to you or if you havesuggestions for improvement, and use the pop-up form to provide feedback.

• E-mail—Send your comments to [email protected]. Include the document or topic name,URL or page number, and software version (if applicable).

Requesting Technical Support

Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC).If you are a customer with an active Juniper Care or Partner Support Services support contract, or are

xxvii

https://www.juniper.net/documentation/index.htmlhttps://www.juniper.net/documentation/index.htmlmailto:[email protected]?subject=

covered under warranty, and need post-sales technical support, you can access our tools and resourcesonline or open a case with JTAC.

• JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTACUserGuide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.

• Productwarranties—For productwarranty information, visit https://www.juniper.net/support/warranty/.

• JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week,365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online self-service portal calledthe Customer Support Center (CSC) that provides you with the following features:

• Find CSC offerings: https://www.juniper.net/customers/support/

• Search for known bugs: https://prsearch.juniper.net/

• Find product documentation: https://www.juniper.net/documentation/

• Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/

• Download the latest versions of software and review release notes:https://www.juniper.net/customers/csc/software/

• Search technical bulletins for relevant hardware and software notifications:https://kb.juniper.net/InfoCenter/

• Join and participate in the Juniper Networks Community Forum:https://www.juniper.net/company/communities/

• Create a service request online: https://myjuniper.juniper.net

To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool:https://entitlementsearch.juniper.net/entitlementsearch/

Creating a Service Request with JTAC

You can create a service request with JTAC on the Web or by telephone.

• Visit https://myjuniper.juniper.net.

• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

For international or direct-dial options in countries without toll-free numbers, seehttps://support.juniper.net/support/requesting-support/.

xxviii

https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdfhttps://www.juniper.net/support/warranty/https://www.juniper.net/customers/support/https://prsearch.juniper.net/https://www.juniper.net/documentation/https://kb.juniper.net/https://www.juniper.net/customers/csc/software/https://kb.juniper.net/InfoCenter/https://www.juniper.net/company/communities/https://myjuniper.juniper.nethttps://entitlementsearch.juniper.net/entitlementsearch/https://myjuniper.juniper.nethttps://support.juniper.net/support/requesting-support/

1CHAPTER

Overview

Introduction to Interfaces | 30

Physical Interface Properties | 41

Logical Interface Properties | 50

Understanding IPv4 and IPv6 Protocol Family | 52


Introduction to Interfaces

IN THIS SECTION

Understanding Interfaces | 30

Network Interfaces | 31

Services Interfaces | 32

Special Interfaces | 35

Interface Naming Conventions | 36

Understanding the Data Link Layer | 38

JunosOS supports different types of interfaces onwhich the devices function. The following topics provideinformation of types of interfaces used on security devices, the naming conventions and how to monitorthe interfaces.

Understanding Interfaces

Interfaces act as a doorway through which traffic enters and exits a device. Juniper Networks devicessupport a variety of interface types:

• Network interfaces—Networking interfaces primarily provide traffic connectivity.

• Services interfaces—Services interfaces manipulate traffic before it is delivered to its destination.

• Special interfaces—Special interfaces include management interfaces, the loopback interface, and thediscard interface.

Each type of interface uses a particular medium to transmit data. The physical wires and Data Link Layerprotocols used by a medium determine how traffic is sent. To configure and monitor interfaces, you needto understand their media characteristics, as well as physical and logical properties such as IP addressing,link-layer protocols, and link encapsulation.

NOTE: Most interfaces are configurable, but some internally generated interfaces are notconfigurable.

30

Network Interfaces

All Juniper Networks devices use network interfaces to make physical connections to other devices. Aconnection takes place along media-specific physical wires through an I/O card (IOC) in the SRX SeriesServices Gateway. Networking interfaces primarily provide traffic connectivity.

You must configure each network interface before it can operate on the device. Configuring an interfacecan define both the physical properties of the link and the logical properties of a logical interface on thelink.

Table 3 on page 31 describes network interfaces that are available on SRX Series devices.

Table 3: Network Interfaces

DescriptionInterface Name

Aggregated Ethernet interface. See “Understanding Aggregated Ethernet Interfaces” onpage 290.

ae

ATM-over-ADSL or ATM-over-SHDSL WAN interface.at

Physical interface for the 3G wireless modem or LTE Mini-PIM. See “Understanding the 3GWirelessModemPhysical Interface” on page 653 and “LTEMini-PIMOverview” on page 560.Starting with JunosOS Release 15.1X49-D100, SRX320, SRX340, SRX345, and SRX550HMdevices support the LTE interface. The dialer interface is used for initiating wireless WANconnections over LTE networks.

cl

Dialer interface for initiating USB modem or wireless WAN connections. See “USB ModemInterface Overview” on page 668 and “LTE Mini-PIM Overview” on page 560.

dl

E1 (also called DS1) WAN interface. See “Understanding T1 and E1 Interfaces” on page 70.e1

E3 (also called DS3) WAN interface. See “Understanding T3 and E3 Interfaces” on page 79.e3

Fast Ethernet interface. See “Understanding Ethernet Interfaces” on page 271.fe

Gigabit Ethernet interface. See “Understanding Ethernet Interfaces” on page 271.ge

VDSL2 interface. See “Example: Configuring VDSL2 Interfaces (Detail)” on page 191.pt

For chassis cluster configurations only, redundant Ethernet interface. See “UnderstandingEthernet Interfaces” on page 271.

reth

Serial interface (either RS-232, RS-422/499, RS-530, V.35, or X.21). See “Serial InterfacesOverview” on page 597.

se

31

Table 3: Network Interfaces (continued)


T1 (also called DS1) WAN interface. See “Understanding T1 and E1 Interfaces” on page 70.t1

T3 (also called DS3) WAN interface. See “Understanding T3 and E3 Interfaces” on page 79.t3

WXC Integrated Services Module (ISM 200) interface for WAN acceleration. See the WXCIntegrated Services Module Installation and Configuration.

wx

10-Gigabit Ethernet interface. See “Understanding the 2-Port 10-Gigabit Ethernet XPIM”on page 330.

xe

NOTE: The affected interfaces are these: ATM-over-ADSL or ATM-over-SHDSL (at) interface,dialer interface (dl), E1 (also called DS1) WAN interface, E3 (also called DS3) WAN interface,VDSL2 interface (pt), serial interface (se), T1 (also called DS1) WAN interface, T3 (also calledDS3) WAN interface. However, starting from Junos OS Release 15.1X49-D40 and onwards,SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HMdevices support VDSL2 (pt), serial(se), T1 (t1) , and E1 (e1) interfaces.

Services Interfaces

Services interfaces provide specific capabilities formanipulating traffic before it is delivered to its destination.On Juniper Networks M Series and T Series routing platforms, individual services such as IP-over-IPencapsulation, link services such as multilink protocols, adaptive services such as stateful firewall filtersandNAT, and sampling and logging capabilities are implemented by services Physical Interface Cards (PICs).On SRX Series devices, services processing is handled by the Services Processing Card (SPC).

Although the same Junos OS image supports the services features across all routing platforms, on SRXSeries devices, services interfaces are not associated with a physical interface. To configure services onthese devices, you configure one or more internal interfaces by specifying slot 0, interface carrier 0, andport 0—for example, gr-0/0/0 for GRE.

Table 4 on page 33 describes services interfaces that you can configure on SRX Series Services Gateways.

32

https://www.juniper.net/documentation/en_US/release-independent/jwos/information-products/pathway-pages/hardware/wx-series/hardware.htmlhttps://www.juniper.net/documentation/en_US/release-independent/jwos/information-products/pathway-pages/hardware/wx-series/hardware.html

Table 4: Configurable Services Interfaces


Configurable generic routing encapsulation (GRE) interface. GRE allows the encapsulationof one routing protocol inside another routing protocol.

Packets are routed to this internal interface, where they are first encapsulated with a GREpacket and then sent.

You can create multiple instances of this interface for forwarding encapsulated data tomultiple destination addresses by using the default interface as the parent and creatingextensions, for example, gr-0/0/0.1, gr-0/0/0.2, and so on.

The GRE interface is an internal interface only and is not associatedwith a physical interface.It is used only for processing GRE traffic. See the Junos OS Services Interfaces Library forRouting Devices for information about tunnel services.

gr-0/0/0

Configurable IP-over-IP encapsulation (IP-IP tunnel) interface. IP tunneling allows theencapsulation of one IP packet inside another IP packet.

With IP routing, you can route IP packets directly to a particular address or route the IPpackets to an internal interface where they are encapsulated inside an IP-IP tunnel andforwarded to the encapsulating packet’s destination address.

You can createmultiple instances of this interface for forwarding IP-IP tunnel data tomultipledestination addresses by using the default interface as the parent and creating extensions,for example, ip-0/0/0.1, ip-0/0/0.2, and so on.

The IP-IP interface is an internal interface only and is not associated with a physical interface.It is used only for processing IP-IP tunnel traffic. See the Junos OS Services Interfaces Libraryfor Routing Devices for information about tunnel services.

ip-0/0/0

Configurable link services queuing interface. Link services include the multilink servicesMLPPP, MLFR, and Compressed Real-Time Transport Protocol (CRTP).

Packets are routed to this internal interface for link bundling or compression. The link servicesinterface is an internal interface only and is not associated with a physical interface. Youmust configure the interface for it to perform multilink services.

NOTE: The ls-0/0/0 interface has been deprecated. All multiclassmultilink features supportedby ls-0/0/0 are now supported by lsq-0/0/0.

lsq-0/0/0

Configurable logical tunnel interface that interconnects logical systems on SRX Series devices.See the Logical Systems and Tenant Systems User Guide for Security Devices.

lt-0/0/0

33

https://www.juniper.net/documentation/en_US/junos/information-products/pathway-pages/services-interfaces/index.htmlhttps://www.juniper.net/documentation/en_US/junos/information-products/pathway-pages/services-interfaces/index.htmlhttps://www.juniper.net/documentation/en_US/junos/information-products/pathway-pages/services-interfaces/index.htmlhttps://www.juniper.net/documentation/en_US/junos/information-products/pathway-pages/services-interfaces/index.html

Table 4: Configurable Services Interfaces (continued)


Configurable PPPoE encapsulation interface. PPP packets being routed in an Ethernet networkuse PPPoE encapsulation.

Packets are routed to this internal interface for PPPoE encapsulation. The PPPoEencapsulation interface is an internal interface only and is not associated with a physicalinterface. You must configure the interface for it to forward PPPoE traffic.

See “Understanding Point-to-Point Protocol over Ethernet” on page 454.

pp0

Protocol Independent Multicast (PIM) de-encapsulation interface. In PIM sparse mode, thefirst-hop routing platform encapsulates packets destined for the rendezvous point device.The packets are encapsulated with a unicast header and are forwarded through a unicasttunnel to the rendezvous point. The rendezvous point then de-encapsulates the packets andtransmits them through its multicast tree.

Within a device, packets are routed to this internal interface for de-encapsulation. The PIMde-encapsulation interface is an internal interface only and is not associated with a physicalinterface. You must configure PIM with the [edit protocol pim] hierarchy to perform PIMde-encapsulation.

Use the show pim interfaces command to check the status of ppd0 interface.

ppd0

Protocol Independent Multicast (PIM) encapsulation interface. In PIM sparse mode, thefirst-hop routing platform encapsulates packets destined for the rendezvous point device.The packets are encapsulated with a unicast header and are forwarded through a unicasttunnel to the rendezvous point. The rendezvous point then de-encapsulates the packets andtransmits them through its multicast tree.

Within a device, packets are routed to this internal interface for encapsulation. The PIMencapsulation interface is an internal interface only and is not associated with a physicalinterface. You must configure PIM with the [edit protocol pim] hierarchy to perform PIMencapsulation.

ppe0

Secure tunnel interface used for IPSec VPNs. See the IPsecVPNUserGuide for SecurityDevices.st0

Configurable USB modem physical interface. This interface is detected when a USB modemis connected to the USB port on the device.

See “USB Modem Configuration Overview” on page 671.

umd0

Table 5 on page 35 describes non-configurable services interfaces for SRX Series Services Gateways.

34

Table 5: Non-Configurable Services Interfaces


Internally generated Generic Routing Encapsulation (GRE) interface created by Junos OS tohandle GRE traffic. It is not a configurable interface.

gre

Internally generated IP-over-IP interface created by Junos OS to handle IP tunnel traffic. Itis not a configurable interface.

ipip

Internally generated link services interface created by Junos OS to handle multilink serviceslike MLPPP, MLFR, and CRTP. It is not a configurable interface.

lsi

Internally configured interface used by the system as a control path between the WXCIntegrated Services Module and the Routing Engine. It is not a configurable interface. Seethe WX and WXC Series.

pc-pim/0/0

Internally generated Protocol IndependentMulticast (PIM) de-encapsulation interface createdby Junos OS to handle PIM de-encapsulation. It is not a configurable interface.

pimd

Internally generated Protocol Independent Multicast (PIM) encapsulation interface createdby Junos OS to handle PIM encapsulation. It is not a configurable interface.

pime

Internally generated interface created by Junos OS to monitor and record traffic duringpassive monitoring. Packets discarded by the Packet Forwarding Engine are placed on thisinterface. It is not a configurable interface.

tap

Special Interfaces

Special interfaces include management interfaces, which are primarily intended for accessing the deviceremotely, the loopback interface, which has several uses depending on the particular Junos OS featurebeing configured, and the discard interface.

Table 6 on page 35 describes special interfaces for SRX Series Services Gateways.

Table 6: Special Interfaces


On SRX Series devices, the fxp0 management interface is a dedicated port located on theRouting Engine.

fxp0, fxp1

35

https://www.juniper.net/documentation/en_US/release-independent/jwos/information-products/pathway-pages/wx-series/product/

Table 6: Special Interfaces (continued)


Loopback address. The loopback address has several uses, depending on the particular Junosfeature being configured.

lo0

Discard interface.dsc

Interface Naming Conventions

Each device interface has a unique name that follows a naming convention. If you are familiar with JuniperNetworks M Series and T Series routing platforms, be aware that device interface names are similar to butnot identical to the interface names on those routing platforms.

The unique name of each network interface identifies its type and location and indicates whether it is aphysical interface or an optional logical unit created on a physical interface.

• The name of each network interface has the following format to identify the physical device thatcorresponds to a single physical network connector:

type-slot/pim-or-ioc/port

• Network interfaces that are fractionalized into time slots include a channel number in the name, precededby a colon (:):

type-slot/pim-or-ioc/port:channel

• Each logical interface has an additional logical unit identifier, preceded by a period (.):

type-slot/pim-or-ioc/port:.unit

The parts of an interface name are summarized in Table 7 on page 36.

Table 7: Network Interface Names

Possible ValuesMeaningName Part

ae, at, ei, e3, fe, fxp0, fxp1, ge, lo0, lsq, lt, ppo, pt, sto, t1, t3, xe, andso on.

Type of network mediumthat can connect to thisinterface.

type

36

Table 7: Network Interface Names (continued)


SRX5600 and SRX5800 devices: The slot number begins at 0 andincreases as follows from left to right, bottom to top:

• SRX5600 device—Slots 0 to 5

• SRX5800 device—Slots 0 to 5, 7 to 11

SRX3400 and SRX3600 devices: The Switch Fabric Board (SFB) isalways 0. Slot numbers increase as follows from top to bottom, leftto right:

• SRX3400 devce—Slots 0 to 4



Number of the chassis slotin which a PIM or IOC isinstalled.

slot

SRX5600 and SRX5800 devices: For 40-port Gigabit Ethernet IOCsor 4-port 10-Gigabit Ethernet IOCs, this number can be 0, 1, 2, or 3.

SRX3400, SRX3600, and SRX 4600 devices: This number is always0. Only one IOC can be installed in a slot.

Number of the PIM or IOCon which the physicalinterface is located.

pim-or-ioc

On SRX5600 and SRX5800 devices:

• For 40-port Gigabit Ethernet IOCs, this number begins at 0 andincreases from left to right to a maximum of 9.

• For 4-port 10-Gigabit Ethernet IOCs, this number is always 0.

On SRX3400, SRX3600, and SRX 4600 devices:

• For the SFB built-in copper Gigabit Ethernet ports, this numberbegins at 0 and increases from top to bottom, left to right, to amaximum of 7. For the SFB built-in fiber Gigabit Ethernet ports,this number begins at 8 and increases from left to right to amaximum of 11.

• For 16-port Gigabit Ethernet IOCs, this number begins at 0 to amaximum of 15.

• For 2-port 10-Gigabit Ethernet IOCs, this number is 0 or 1.

Port numbers appear on the PIM or IOC faceplate.

Number of the port on aPIM or IOC on which thephysical interface islocated.

port

• On an E1 interface, a value from 1 through 31. The 1 time slot isreserved.

• On a T1 interface, a value from 1 through 24.

Number of the channel(time slot) on a fractionalor channelized T1 or E1interface.

channel

37

Table 7: Network Interface Names (continued)


A value from 0 through 16384.

If no logical interface number is specified, unit 0 is the default, butmust be explicitly configured.

In addition to user-configured interfaces, there are some logicalinterfaces that are created dynamically. Hence, for Junos OS, themaximum limit for configuring logical interfaces is 2,62,143 (userconfigured and dynamically created). Based on performance, for eachplatform, the maximum number of logical interfaces supported canvary.

Number of the logicalinterface created on aphysical interface.

unit

NOTE: Platform support depends on the Junos OS release in your installation.

Understanding the Data Link Layer

IN THIS SECTION

Physical Addressing | 39

Network Topology | 39

Error Notification | 39

Frame Sequencing | 39

Flow Control | 39

Data Link Sublayers | 39

MAC Addressing | 40

The Data Link Layer is Layer 2 in the Open Systems Interconnection (OSI) model. The Data Link Layer isresponsible for transmitting data across a physical network link. Each physical medium has link-layerspecifications for network and link-layer protocol characteristics such as physical addressing, networktopology, error notification, frame sequencing, and flow control.

38

Physical Addressing

Physical addressing is different from network addressing. Network addresses differentiate between nodesor devices in a network, allowing traffic to be routed or switched through the network. In contrast, physicaladdressing identifies devices at the link-layer level, differentiating between individual devices on the samephysical medium. The primary form of physical addressing is the media access control (MAC) address.

Network Topology

Network topology specifications identify how devices are linked in a network. Some media allow devicesto be connected by a bus topology, while others require a ring topology. The bus topology is used byEthernet technologies, which are supported on Juniper Networks devices.

Error Notification

TheData Link Layer provides error notifications that alert higher layer protocols that an error has occurredon the physical link. Examples of link-level errors include the loss of a signal, the loss of a clocking signalacross serial connections, or the loss of the remote endpoint on a T1 or T3 link.

Frame Sequencing

The frame sequencing capabilities of the Data Link Layer allow frames that are transmitted out of sequenceto be reordered on the receiving end of a transmission. The integrity of the packet can then be verifiedby means of the bits in the Layer 2 header, which is transmitted along with the data payload.

Flow Control

Flow control within the Data Link Layer allows receiving devices on a link to detect congestion and notifytheir upstream and downstream neighbors. The neighbor devices relay the congestion information to theirhigher layer protocols so that the flow of traffic can be altered or rerouted.

Data Link Sublayers

TheData Link Layer is divided into two sublayers: logical link control (LLC) andmedia access control (MAC).The LLC sublayer manages communications between devices over a single link of a network. This sublayersupports fields in link-layer frames that enable multiple higher layer protocols to share a single physicallink.

TheMAC sublayer governs protocol access to the physical network medium. Through theMAC addressesthat are typically assigned to all ports on a device, multiple devices on the same physical link can uniquelyidentify one another at the Data Link Layer. MAC addresses are used in addition to the network addressesthat are typically configured manually on ports within a network.

39

MAC Addressing

AMAC address is the serial number permanently stored in a device adapter to uniquely identify the device.MAC addresses operate at the Data Link Layer, while IP addresses operate at the Network Layer. The IPaddress of a device can change as the device is moved around a network to different IP subnets, but theMAC address remains the same, because it is physically tied to the device.

Within an IP network, devices match each MAC address to its corresponding configured IP address bymeans of the Address Resolution Protocol (ARP). ARP maintains a table with a mapping for each MACaddress in the network.

Most Layer 2 networks use one of three primary numbering spaces—MAC-48, EUI-48 (extended uniqueidentifier), and EUI-64—which are all globally unique.MAC-48 and EUI-48 spaces each use 48-bit addresses,and EUI-64 spaces use a 64-bit addresses, but all three use the same numbering format.MAC-48 addressesidentify network hardware, and EUI-48 addresses identify other devices and software.

The Ethernet and ATM technologies supported on devices use the MAC-48 address space. IPv6 uses theEUI-64 address space.

MAC-48 addresses are the most commonly used MAC addresses in most networks. These addresses are12-digit hexadecimal numbers (48 bits in length) that typically appear in one of the following formats:

• MM:MM:MM:SS:SS:SS

• MM-MM-MM-SS-SS-SS

The first three octets (MM:MM:MM orMM-MM-MM) are the ID number of the hardware manufacturer.Manufacturer ID numbers are assigned by the Institute of Electrical and Electronics Engineers (IEEE). Thelast three octets (SS:SS:SS or SS-SS-SS) make up the serial number for the device, which is assigned by themanufacturer. For example, an Ethernet interface card might have a MAC address of 00:05:85:c1:a6:a0.

Release History Table

DescriptionRelease

Starting with Junos OS Release 15.1X49-D100, SRX320, SRX340, SRX345, andSRX550HM devices support the LTE interface. The dialer interface is used for initiatingwireless WAN connections over LTE networks.

15.1X49-D100

40

Physical Interface Properties

IN THIS SECTION

Understanding Interface Physical Properties | 41

Understanding Bit Error Rate Testing | 43

Understanding Interface Clocking | 44

Understanding Frame Check Sequences | 45

MTU Default and Maximum Values | 46

Understanding Jumbo Frames Support for Ethernet Interfaces | 49

The physical interfaces on security devices affect the transmission of either link-layer signals or the dataacross the links. The topics below describes the physical properties that include clocking properties,transmission properties, such as the maximum transmission unit (MTU), and encapsulation methods, suchas point-to-point and Frame Relay encapsulation. SRX series devices also support jumbo frames.

Understanding Interface Physical Properties

The physical properties of a network interface are the characteristics associated with the physical link thataffect the transmission of either link-layer signals or the data across the links. Physical properties includeclocking properties, transmission properties, such as the maximum transmission unit (MTU), andencapsulation methods, such as point-to-point and Frame Relay encapsulation.

The default property values for an interface are usually sufficient to successfully enable a bidirectionallink. However, if you configure a set of physical properties on an interface, those same properties mustbe set on all adjacent interfaces to which a direct connection is made.

Table 8 on page 41 summarizes some key physical properties of device interfaces.

Table 8: Interface Physical Properties

DescriptionPhysical Property

Bit error rate (BER). The error rate specifies the number of bit errors in a particular bit errorrate test (BERT) period required to generate a BERT error condition. See “Understanding BitError Rate Testing” on page 43.

bert-error-rate

41

Table 8: Interface Physical Properties (continued)


Bit error rate test (BERT) time period over which bit errors are sampled. See “UnderstandingBit Error Rate Testing” on page 43.

bert-period

Challenge Handshake Authentication Protocol (CHAP). Specifying chap enables CHAPauthentication on the interface. See “Understanding CHAP Authentication on a PPPoEInterface” on page 472.

chap

Clock source for the link. Clocking can be provided by the local system (internal) or a remoteendpoint on the link (external). By default, all interfaces use the internal clocking mode. Ifan interface is configured to accept an external clock source, one adjacent interface mustbe configured to act as a clock source. Under this configuration, the interface operates in aloop timing mode, in which the clocking signal is unique for that individual network segmentor loop. See “Understanding Interface Clocking” on page 44.

clocking

Auser-defined text description of the interface, often used to describe the interface's purpose.description

Administratively disables the interface.disable

Type of encapsulation on the interface. Common encapsulation types include PPP, FrameRelay, Cisco HDLC, and PPP over Ethernet (PPPoE). See “Understanding PhysicalEncapsulation on an Interface” on page 423.

encapsulation

Frame check sequence (FCS). FCS is an error-detection scheme that appends parity bits toa digital signal and uses decoding algorithms that detect errors in the received digital signal.

fcs

42

Table 8: Interface Physical Properties (continued)


Maximum transmission unit (MTU) size. MTU is the largest size packet or frame, specifiedin bytes or octets, that can be sent in a packet-based or frame-based network. The TCP usesMTU to determine the maximum size of each packet in any transmission.

You can adjust the MTU values at the physical interfaces by using the following command:

set interface interface-namemtu mtu-value

Sometimes there is a need to reduce the MTU values on interfaces to match the host tapinterface MTU otherwise packets are dropped. You can adjust the MTU values by settingthemtu option of the set interfaces [fxp0 | em0 | fab0 | fab1] command to a value between256 and 9192.

Example:

user@host# set interfaces em0 mtu 1400

The supported range for configuring anMTUpacket size is 256 through 9192 bytes. However,all interfaces do not support 9192 bytes. For more information on the supported interfaces,see “MTU Default and Maximum Values” on page 46.

mtu

Disabling of keepalive messages across a physical link. A keepalive message is sent betweennetwork devices to indicate that they are still active. Keepalives help determine whether theinterface is operating correctly. Except for ATM-over-ADSL interfaces, all interfaces usekeepalives by default.

no-keepalives

Password Authentication Protocol (PAP). Specifying pap enables PAP authentication on theinterface. See “Understanding CHAP Authentication on a PPPoE Interface” on page 472.

pap

Scrambling of traffic transmitted out the interface. Payload scrambling randomizes the datapayload of transmitted packets. Scrambling eliminates nonvariable bit patterns (strings of all1s or all 0s) that generate link-layer errors across some physical links.

payload-scrambler

Understanding Bit Error Rate Testing

In telecommunication transmission, the bit error rate (BER) is the percentage of bits that have errorscompared to the total number of bits received in a transmission, usually expressed as 10 to a negativepower. For example, a transmissionwith a BER of 10–6 received 1 errored bit in 1,000,000 bits transmitted.The BER indicates how often a packet or other data unit must be retransmitted because of an error. If theBER is too high, a slower data rate might improve the overall transmission time for a given amount of dataif it reduces the BER and thereby lowers the number of resent packets.

43

A bit error rate test (BERT) is a procedure or device that measures the BER for a given transmission. Youcan configure a device to act as a BERT device by configuring the interface with a bit error rate and atesting period. When the interface receives a BERT request from a BER tester, it generates a response ina well-known BERT pattern. The initiating device checks the BERT-patterned response to determine thenumber of bit errors.

Understanding Interface Clocking

IN THIS SECTION

Data Stream Clocking | 45

Explicit Clocking Signal Transmission | 45

Clocking determines how individual routing nodes or entire networks sample transmitted data. As streamsof information are received by a device in a network, a clock source specifies when to sample the data. Inasynchronous networks, the clock source is derived locally, and synchronous networks use a central,external clock source. Interface clocking indicates whether the device uses asynchronous or synchronousclocking.

NOTE: Because truly synchronous networks are difficult to design and maintain, mostsynchronous networks are really plesiochronous networks. In a plesiochronous network, differenttiming regions are controlled by local clocks that are synchronized (with very narrow constraints).Such networks approach synchronicity and are generally known as synchronous networks.

Most networks are designed to operate as asynchronous networks. Each device generates its own clocksignal, or devices use clocks from more than one clock source. The clocks within the network are notsynchronized to a single clock source. By default, devices generate their own clock signals to send andreceive traffic.

The system clock allows the device to sample (or detect) and transmit data being received and transmittedthrough its interfaces. Clocking enables the device to detect and transmit the 0s and 1s that make updigital traffic through the interface. Failure to detect the bits within a data flow results in dropped traffic.

Short-term fluctuations in the clock signal are known as clock jitter. Long-term variations in the signal areknown as clock wander.

44

Asynchronous clocking can either derive the clock signal from the data stream or transmit the clockingsignal explicitly.

This topic contains the following sections:

Data Stream Clocking

Common in T1 links, data stream clocking occurs when separate clock signals are not transmitted withinthe network. Instead, devices must extract the clock signal from the data stream. As bits are transmittedacross the network, each bit has a time slot of 648 nanoseconds.Within a time slot, pulses are transmittedwith alternating voltage peaks and drops. The receiving device uses the period of alternating voltages todetermine the clock rate for the data stream.

Explicit Clocking Signal Transmission

Clock signals that are shared by hosts across a data link must be transmitted by one or both endpoints onthe link. In a serial connection, for example, one host operates as a clock master and the other operatesas a clock slave. The clock master internally generates a clock signal that is transmitted across the datalink. The clock slave receives the clock signal and uses its period to determine when to sample data andhow to transmit data across the link.

This type of clock signal controls only the connection on which it is active and is not visible to the rest ofthe network. An explicit clock signal does not control how other devices or even other interfaces on thesame device sample or transmit data.

Understanding Frame Check Sequences

IN THIS SECTION

Cyclic Redundancy Checks and Checksums | 46

Two-Dimensional Parity | 46

All packets or frames within a network can be damaged by crosstalk or interference in the network'sphysical wires. The frame check sequence (FCS) is an extra field in each transmitted frame that can beanalyzed to determine if errors have occurred. The FCS uses cyclic redundancy checks (CRCs), checksums,and two-dimensional parity bits to detect errors in the transmitted frames.


45

Cyclic Redundancy Checks and Checksums

On a link that uses CRCs for frame checking, the data source uses a predefined polynomial algorithm tocalculate a CRC number from the data it is transmitting. The result is included in the FCS field of the frameand transmitted with the data. On the receiving end, the destination host performs the same calculationon the data it receives.

If the result of the second calculation matches the contents of the FCS field, the packet was sent andreceived without bit errors. If the values do not match, an FCS error is generated, the frame is discardedand the originating host is notified of the error.

Checksums function similarly to CRCs, but use a different algorithm.

Two-Dimensional Parity

On a link that uses two-dimensional parity bits for frame checking, the sending and receiving hosts examineeach frame in the total packet transmission and create a parity byte that is evaluated to detect transmissionerrors.

For example, a host can create the parity byte for the following frame sequence by summing up eachcolumn (each bit position in the frame) and keeping only the least-significant bit:

Frame 1 0 1 0 1 0 0 1

Frame 2 1 1 0 1 0 0 1

Frame 3 1 0 1 1 1 1 0

Frame 4 0 0 0 1 1 1 0

Frame 5 0 1 1 0 1 0 0

Frame 6 1 0 1 1 1 1 1

Parity Byte 1 1 1 1 0 1 1

If the sum of the bit values in a bit position is even, the parity bit for the position is 0. If the sum is odd,the parity bit is 1. This method is called even parity. Matching parity bytes on the originating and receivinghosts indicate that the packet was received without error.

MTU Default and Maximum Values

TheMTU values are by default without any MTU configurations. If the MTU value is set, then the formulaIFF MTU (IP MTU) = IFD MTU (Media MTU) – L2 Overhead is applicable. See Table 9 on page 47 fordefault MTU values.

46

NOTE: For ATMMLPPP irrespective of UIFD MTU, the IP MTU is always 1500 because the IPMTU calculation is based on the LSQ interface. Even if you configure the LSQ family MTU, theIP MTU value cannot exceed 1504.

Table 9 on page 47 lists MTU values for the SRX Series Services Gateways Physical Interface Modules(PIMs).

Table 9: MTU Values for the SRX Series Services Gateways PIMs

Default IP MTU (Bytes)Maximum MTU (Bytes)Default Media MTU(Bytes)PIM

1500901015141-Port Gigabit EthernetSmall Form-FactorPluggable (SFP) Mini-PIM

1500151815141-Port Small Form-FactorPluggable (SFP) Mini-PIM

150015041504DOCSIS Mini-PIM

150020001504Serial Mini-PIM

150020001504T1/E1 Mini-PIM

150090001504Dual CT1/E1 GPIM

150090001504Quad CT1/E1 GPIM

1500919215142-Port 10- Gigabit EthernetXPIM

15009192151416-Port Gigabit EthernetXPIM

15009192151424-Port Gigabit EthernetXPIM

ADSL2+ Mini-PIM (Encapsulation)

150415121512atm-snap

47

Table 9: MTU Values for the SRX Series Services Gateways PIMs (continued)


151215121512atm-vcmux

150815121512atm-nlpid

151015121512atm-cisco-nlpid

148815121512ether-over-atm-llc

150615121512atm-ppp-llc

151015121512atm-ppp-vcmux

150015121512atm-mlppp-llc

148015121512ppp-over-ether-over-atm-llc

VDSL- Mini-PIM AT mode (Encapsulation)

150615141514atm-snap

151415141514atm-vcmux

151015141514atm-nlpid



150815141514atm-ppp-llc




150015141514VDSL- Mini-PIM PT mode

48

Table 9: MTU Values for the SRX Series Services Gateways PIMs (continued)


G.SHDSL Mini-PIM AT mode (Encapsulation)

447044824482atm-snap

447044824482atm-vcmux

447044824482atm-nlpid



447644824482atm-ppp-llc




150015141514G.SHDSL Mini-PIM PTmode

Understanding Jumbo Frames Support for Ethernet Interfaces

SRX Series devices support jumbo frames up to 9192 bytes.

Jumbo frames are Ethernet frames with more than 1500 bytes of payload (maximum transmission unit[MTU]). Jumbo frames can carry up to 9000 bytes of payload.

You configure jumbo frames at the physical interface by using the following command:

set interface interface-namemtu mtu-value

Example:

49

user@host# set interfaces ge-0/0/0 mtu 9192

The supported range for configuring anMTUpacket size is 256 through 9192 bytes. However, all interfacesdo not support 9192 bytes. For more information on the supported interfaces, see “MTU Default andMaximum Values” on page 46.

Logical Interface Properties

IN THIS SECTION

Understanding Interface Logical Properties | 50

Understanding Protocol Families | 51

The logical interfaces can be configured on the security devices and the description is displayed in theoutput of the show commands. The logical properties of the security devices include protocol families, IPaddress or addresses associated with the interface, Virtual LAN (VLAN) tagging, and any firewall filters orrouting policies.

Understanding Interface Logical Properties

The logical properties of an interface are the characteristics that do not apply to the physical interface orthe wires connected to it. Logical properties include:

• Protocol families running on the interface (including any protocol-specific MTUs)

• IP address or addresses associated with the interface. A logical interface can be configured with an IPv6address, IPv4 address, or both. The IP specification requires a unique address on every interface of eachsystem attached to an IP network, so that traffic can be correctly routed. Individual hosts such as homecomputers must have a single IP address assigned. Devices must have a unique IP address for everyinterface.

• Virtual LAN (VLAN) tagging

• Any firewall filters or routing policies that are operating on the interface

50

SEE ALSO

Understanding Virtual LANs | 62

Understanding Protocol Families

IN THIS SECTION

Common Protocol Suites | 51

Other Protocol Suites | 52

A protocol family is a group of logical properties within an interface configuration. Protocol families includeall the protocols thatmake up a protocol suite. To use a protocol within a particular suite, youmust configurethe entire protocol family as a logical property for an interface. The protocol families include common andnot-so-common protocol suites.


Common Protocol Suites

Junos OS protocol families include the following common protocol suites:

• Inet—Supports IP protocol traffic, including OSPF, BGP, and Internet Control Message Protocol (ICMP).

• Inet6—Supports IPv6 protocol traffic, including RIP for IPv6 (RIPng), IS-IS, and BGP.

• ISO—Supports IS-IS traffic.

• MPLS—Supports MPLS.

NOTE: JunosOS security features are flow-based—meaning the device sets up a flow to examinethe traffic. Flow-based processing is not supported for ISO or MPLS protocol families.

51

Other Protocol Suites

In addition to the common protocol suites, Junos protocol families sometimes use the following protocolsuites:

• ccc—Circuit cross-connect (CCC).

• mlfr-uni-nni—Multilink Frame Relay (MLFR) FRF.16 user-to-network network-to-network (UNI NNI).

• mlfr-end-to-end—Multilink Frame Relay end-to-end.

• mlppp—Multilink Point-to-Point Protocol.

• tcc—Translational cross-connect (TCC).

• tnp—Trivial Network Protocol. This Juniper Networks proprietary protocol provides communicationbetween the Routing Engine and the device's packet forwarding components. Junos OS automaticallyconfigures this protocol family on the device's internal interfaces only.

Understanding IPv4 and IPv6 Protocol Family

IN THIS SECTION

Understanding IPv4 Addressing | 53

Understanding IPv6 Address Space, Addressing, Address Format, and Address Types | 56

Configuring the inet6 IPv6 Protocol Family | 60

IPv4 addresses are 32-bit numbers that are typically displayed in dotted decimal notation and containstwo primary parts: the network prefix and the host number. The topics below describes the IPv4 ClassfulAddressing, IPv4 Dotted Decimal Notation, IPv4 Subnetting, IPv4 Variable-Length Subnet Masks,understanding IP Version 6, IPv6 address types and use of them in Junos OS RX Series Services Gateway,and configuration of inet6 IPv6 Protocol Family.

52

Understanding IPv4 Addressing

IN THIS SECTION

IPv4 Classful Addressing | 53

IPv4 Dotted Decimal Notation | 54

IPv4 Subnetting | 54

IPv4 Variable-Length Subnet Masks | 55

IPv4 addresses are 32-bit numbers that are typically displayed in dotted decimal notation. A 32-bit addresscontains two primary parts: the network prefix and the host number.

All hosts within a single network share the same network address. Each host also has an address thatuniquely identifies it. Depending on the scope of the network and the type of device, the address is eitherglobally or locally unique. Devices that are visible to users outside the network (webservers, for example)must have a globally unique IP address. Devices that are visible only within the network must have locallyunique IP addresses.

IP addresses are assigned by a central numbering authority called the Internet AssignedNumbers Authority(IANA). IANA ensures that addresses are globally unique where needed and has a large address spacereserved for use by devices not visible outside their own networks.


IPv4 Classful Addressing

To provide flexibility in the number of addresses distributed to networks of different sizes, 4-octet (32-bit)IP addresses were originally divided into three different categories or classes: class A, class B, and class C.Each address class specifies a different number of bits for its network prefix and host number:

• Class A addresses use only the first byte (octet) to specify the network prefix, leaving 3 bytes to defineindividual host numbers.

• Class B addresses use the first 2 bytes to specify the network prefix, leaving 2 bytes to define hostaddresses.

• Class C addresses use the first 3 bytes to specify the network prefix, leaving only the last byte to identifyhosts.

53

In binary format, with an x representing each bit in the host number, the three address classes can berepresented as follows:

00000000 xxxxxxxx xxxxxxxx xxxxxxxx (Class A)

00000000 00000000 xxxxxxxx xxxxxxxx (Class B)

00000000 00000000 00000000 xxxxxxxx (Class C)

Because each bit (x) in a host number can have a 0 or 1 value, each represents a power of 2. For example,if only 3 bits are available for specifying the host number, only the following host numbers are possible:

111 110 101 100 011 010 001 000

In each IP address class, the number of host-number bits raised to the power of 2 indicates how manyhost numbers can be created for a particular network prefix. Class A addresses have 224 (or 16,777,216)possible host numbers, class B addresses have 216 (or 65,536) host numbers, and class C addresses have28 (or 256) possible host numbers.

IPv4 Dotted Decimal Notation

The 32-bit IPv4 addresses are most often expressed in dotted decimal notation, in which each octet (orbyte) is treated as a separate number. Within an octet, the rightmost bit represents 20 (or 1), increasing tothe left until the first bit in the octet is 27 (or 128). Following are IP addresses in binary format and theirdotted decimal equivalents:

11010000 01100010 11000000 10101010 = 208.98.192.170

01110110 00001111 11110000 01010101 = 118.15.240.85

00110011 11001100 00111100 00111011 = 51.204.60.59

IPv4 Subnetting

Because of the physical and architectural limitations on the size of networks, you often must break largenetworks into smaller subnetworks. Within a network, each wire or ring requires its own network numberand identifying subnet address.

Figure 1 on page 55 shows two subnets in a network.

54

Figure 1: Subnets in a Network

Figure 1 on page 55 shows three devices connected to one subnet and three more devices connected toa second subnet. Collectively, the six devices and two subnetsmake up the larger network. In this example,the network is assigned the network prefix 192.14.0.0, a class C address. Each device has an IP addressthat falls within this network prefix.

In addition to sharing a network prefix (the first two octets), the devices on each subnet share a third octet.The third octet identifies the subnet. All devices on a subnet must have the same subnet address. In thiscase, the alpha subnet has the IP address 192.14.126.0 and the beta subnet has the IP address 192.14.17.0.

The subnet address 192.14.17.0 can be represented as follows in binary notation:

11000000 . 00001110 . 00010001 . xxxxxxxx

Because the first 24 bits in the 32-bit address identify the subnet, the last 8 bits are not significant. Toindicate the subnet, the address is written as 192.14.17.0/24 (or just 192.14.17/24). The /24 is the subnetmask (sometimes shown as 255.255.255.0).

IPv4 Variable-Length Subnet Masks

Traditionally, subnets were divided by address class. Subnets had either 8, 16, or 24 significant bits,corresponding to 224, 216, or 28 possible hosts. As a result, an entire /16 subnet had to be allocated for anetwork that required only 400 addresses, wasting 65,136 (216 – 400 = 65,136) addresses.

To help allocate address spaces more efficiently, variable-length subnet masks (VLSMs) were introduced.Using V

Junos® OS Interfaces User Guide for ... - Juniper Networks · UnderstandingInterfaceClocking|44...

Documents

Transcript of Junos® OS Interfaces User Guide for ... - Juniper Networks · UnderstandingInterfaceClocking|44...