Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Example: Creating an In-Network or In-Network-NAT Service Chain

Creating an In-Network or In-Network-NAT Service Chain

1. Create a left and a right virtual network. Select Configure > Networking > Networks and create left_vn and right_vn; see Figure 1.

   Figure 1: Create Networks

   
2. Configure a service template for an in-network service template for NAT. Navigate to Configure > Services > Service Templates and click the Create button on Service Templates. The Add Service Template window appears; see Figure 2.

   Figure 2: Add Service Template

   

   Table 1: Add Service Template Fields

   Field	Description
   Name	Enter a name for the service template.
   Service Mode	Select the service mode: In-Network (for firewall service), In-Network-NAT (for NAT service), or Transparent.
   Service Scaling	If you will be using multiple virtual machines for a single service instance to scale out the service, select the Service Scaling check box. When scaling is selected, you can choose to use the same IP address for a particular interface on each virtual machine interface or to allocate new addresses for each virtual machine. For a NAT service, the left (inner) interface should have the same IP address, and the right (outer) interface should have a different IP address.
   Image Name	Select from a list of available images the image for the service.
   Interface Types	Select the interface type or types for this service: For firewall or NAT services, both Left Interface and Right Interface are required. For an analyzer service, only a Left Interface is required. For Juniper Networks virtual images, Management Interface is also required, in addition to any left or right requirement.

3. On Add Service Template, complete the following for the in-network service template:
   • Name: nat-template
   • Service Mode: In-Network
   • Service Scaling: select from Advanced
   • Image Name: nat-service
   • Interface Types: select Left Interface and Right Interface. For Juniper Networks virtual images, select Management Interface as the first interface.
   • The Left Interface will be automatically marked for sharing the same IP address
4. If multiple instances are to be launched for a particular service instance, select the Service Scaling check box, which enables the Shared IP feature. Figure 3 shows the Left interface selected, with the Shared IP check box selected, so the left interface will share the IP address.

   Figure 3: Add Service Template Shared IP

   
5. When finished, click Save.

   The service template is created and appears on the Service Templates screen, see Figure 4.

   Figure 4: Service Templates

   
6. Now create the service instance. Navigate to Configure > Services > Service Instances, and click Create, then select the template to use and select the corresponding left, right, or management networks; see Figure 5.

   Figure 5: Create Service Instances

   

   Table 2: Create Service Instances Fields

   Field	Description
   Instance Name	Enter a name for the service instance.
   Services Template	Select from a list of available service templates the service template to use for this instance.
   Number of Instances	If scaling is enabled, enter a value in the Number of Instances field to define the number of instances of service virtual machines to launch.

   Interface List and Virtual Networks

   An ordered list of interfaces as defined in the Service Template. If you are using the Management Interface, select Auto Configured. The software will use an internally-created virtual network. For Left Interface , select left_vn and for Right Interface, select right_vn.

7. If static routes are enabled for specific interfaces, open the Static Routes field below each enabled interface and enter the static route address details;see Figure 6.

   Figure 6: Create Service Instances

   
8. The console for the service instances can be viewed. At Configure > Services > Service Instances, click the arrow next to the name of the service instance to reveal the details panel for that instance, then click View Console to see the console details; see Figure 7 and Figure 8.

   Figure 7: Service Instance Details

   

   Figure 8: Service Instance Console

   
9. Next, configure the network policy. Navigate to Configure > Networking > Policies.
   • Name the policy and associate it to the networks created earlier – left_vn and right_vn.
   • Set source network as left_vn and destination network as right_vn.
   • Check Apply Service and select the service (nat-ecmp).

   Figure 9: Create Policy

   
10. Next, associate the policy to both the left_vn and the right_vn. Navigate to Configure > Networking > Network.
    • On the right side of left_vn, click the gear icon to enable Edit Network.
    • In the Edit Network dialog box for left_vn, select nat-policy in the Network Policy(s) field.
    • Repeat the same process for the right_vn.

    Figure 10: Edit Network

    
11. Next, launch virtual machines (from OpenStack) and test the traffic through the service chain by doing the following:
    1. Navigate to Configure > Networking > Policies.
    2. Launch left_vm in virtual network left_vn.
    3. Launch right_vm in virtual network right_vn.
    4. Ping from left_vm to right_vm IP address (2.2.2.252 in Figure 11).
    5. A TCPDUMP on the right_vm should show that packets are NAT-enabled and have the source IP set to 2.2.2.253.

    Figure 11: Launch Instances