How to Configure APM

APM Configuration Overview

You use the APM CLI when you configure APM to manage address pools in the network. The APM CLI is a simplified, limited, containerized version of Junos OS. To use the APM CLI, you should have basic knowledge of the Junos OS CLI. Day One: Exploring the Junos CLI provides a good overview of Junos OS CLI basics. The CLI User Guide provides more detailed information.

Before you begin configuring APM for a network, make sure that you know the following:

The system identifiers that APM will manage.
The names of the centralized address pool partitions.
The apportion and reclaim threshold that you would like to use on the BNGs.
Your detailed strategy for partitioning APM’s centralized pool of addresses, including:
- The size of the prefixes to partition from the address space; for example, whether the prefixes are /15, /22, /24, and so on.
- The set of addresses for APM to allocate for each BNG.

Here are the primary operations you'll perform to configure APM:

Configure pool-domain-profiles that you use in the entity-match configuration to drive pool-domain creation and management. Each pool domain profile describes apportion and reclaim thresholds and auto-reclamation behavior. See Configure Pool Domain Profiles
Configure partitions to contain root prefixes for supplying pool-domains with pool prefixes. See Configure Prefix Partitions
Configure entity-match stanzas which match against known system Ids (BNGs) to enable communications with a BNG.

Access Configuration Mode from the APM Utility

Here's how to access the set of CLI commands for configuring APM:

Access the CLI from the utility command prompt.
```
$ apm cli
root@jnpr-apm-mgmt#> 
```
Enter configuration mode from the basic CLI prompt.
```
root@jnpr-apm-mgmt#> configure
root@jnpr-apm-mgmt## 
```
Enter CLI statements to configure the APM-managed BNGs, pool domains, pools, and system attributes.
Save and activate the configuration. This command succeeds only when there are no configuration syntax errors.
```
root@jnpr-apm-mgmt# commit
commit complete
```
(Optional) Exit configuration mode and return to the top-level CLI prompt.
```
root@jnpr-apm-mgmt# exit
root@jnpr-apm-mgmt> 
```

Now you're ready to start configuring APM.

Access CLI Operational Commands

To monitor APM, view APM configuration and statistics, or run certain operations manually:

Use the APM utility command apm cli to access the top-level CLI prompt.
```
$ apm cli

root@jnpr-apm-mgmt> 
```
Enter specific commands.
- Use show commands to display statistics and the relationships between partitions, BNGs, pool domains, and pools.
- Use request commands to manually initiate certain APM operations.

Configure an External Syslog Server

APM can export logs generated from the mgmt, addrman, entman, and provman microservices to a syslog collector (server). To export logs to a syslog collector, a syslog host must be configured.

If APM detects that the Broadband Edge (BBE) Event Collection and Visualization application is deployed on the same cluster as APM, the generated factory default configuration includes the BBE Event Collection and Visualization IP Address and ingress port as part of the syslog configuration.

If you supply your own initial configuration file, a syslog configuration must be added to enable export of APM logs.

Add the following configuration:

content_copy zoom_out_map
[edit]
system {
    syslog {
        host <syslogServerIpAddress> {
            any any;
            port <syslogServerIngestPort>;
            structured-data;
        }
    }
}

Configure TACACS+ Authentication

APM supports TACACS+ for central authentication of users on network devices. To use TACACS+ authentication on the device, you (the network administrator) must configure information about one or more TACACS+ servers on the network.

For information about configuring TACACS+ authentication, see TACACS+ Authentication.

Configure Prefix Partitions

Partitions are a way to organize your root prefixes (those prefixes from which prefixes are used to supply entities with pools). Consider using multiple partitions for:

Wholesaling applications— Wholesale subscribers who need to have addresses assigned from pools with prefixes that are different from the native subscribers.
Peering applications—Entities that need prefixes that align with the route aggregation policy for the network peering point they are associated with.

Note:

You can configure partitions (from which pool prefixes are drawn) from entities and BNG CUPS (individual user planes). Unless you have a reason for multiple partitions, a single partition results in a more efficient use of prefixes.

Configure the global pool of IPv4 addresses into partitions from which APM allocates addresses to individual BNG pools.

Create a partition. In practice, you create and configure as many partitions as you need to implement your address allocation strategy.
```
[edit apm inet-pool]
root@jnpr-apm-mgmt# set partition partition-name
```
(Optional) Configure a lower limit and an upper limit on the valid prefix length for the root prefixes in the partition.
```
[edit apm inet-pool partition partition-name]
root@jnpr-apm-mgmt# set min-prefix-len length
root@jnpr-apm-mgmt# set max-prefix-len length
```
The prefix length for root prefixes that you add to the partition must be within the range defined by these limits.
(Optional) Configure the minimum threshold percentage for free (unallocated) prefixes in the partition. When the percentage drops below this value, the Address Manager generates a warning-level log message to warn APM that the partition is running low on available addresses. The notification is informative and triggers no other actions.
```
[edit apm inet-pool partition partition-name]
root@jnpr-apm-mgmt# set free-prefix-utilization percentage
```
Configure a root prefix for the partition. APM subdivides the root prefix into subnetworks to provision addresses for a BNG’s pool domains. You typically configure more than one root prefix per partition.
```
[edit apm inet-pool partition partition-name]
root@jnpr-apm-mgmt# set prefix ip-address/prefix-length
```
1. (Optional) Specify the smallest subnetwork that APM can subdivide from this root prefix.
  [edit apm inet-pool partition partition-name prefix ip-address/prefix-length] root@jnpr-apm-mgmt# set max-prefix-length max-length
  The max-length value represents the number of bits in the prefix length for the root prefix.
  - A higher number specifies a longer prefix, which corresponds to a smaller subnetwork with fewer hosts.
  - A lower number specifies a shorter prefix, which corresponds to a larger subnetwork with more hosts.
2. (Optional) Reserve one or more subnetworks that cannot be allocated from this partition. You must qualify the reservation by restricting it to a specified BNG or even to a specified pool domain on that BNG.
  [edit apm inet-pool partition partition-name prefix ip-address/prefix-length] root@jnpr-apm-mgmt## set reserved-prefix ip-address/prefix-length root@jnpr-apm-mgmt# set reserved-prefix ip-address/prefix-length entity ip-address root@jnpr-apm-mgmt# set reserved-prefix ip-address/prefix-length entity ip-address pool-domain pool-domain-name
3. (Optional) Specify route tag metrics in a list. You use route tags to construct discard routes for the apportioned prefix on the BNG. Each time APM allocates a prefix from the root prefix in a partition, it assigns a route tag from the list of configured route tags in a round-robin fashion.
  [edit apm inet-pool partition partition-name prefix ip-address/prefix-length] root@jnpr-apm-mgmt# set route-tag tag-value
(Optional) Configure a timer, in seconds, for APM to suspend the prefix before returning the prefix to the partition. After APM returns the prefix to the partition, it can re-allocate the prefix on an as-needed basis. The prefix-recycle-hold is a value between 30 and 3600 seconds.
```
[edit apm inet-pool partition partition-name prefix ip-address]
root@jnpr-apm-mgmt# set prefix-recycle-hold time
```

Configure Pool Domain Profiles

Configure a template with attributes that you can use to create dynamic pool domains.

Create or modify a pool domain profile.

content_copy zoom_out_map
[edit apm ]
root@jnpr-apm-mgmt# set pool-domain-profile pool-domain-profile-name

Configure the pool monitoring attributes (apportion threshold and reclaim threshold) on the BNG.
- The apportion threshold is the minimum number of free addresses in the domain pool that triggers the BNG router to send an apportion alarm to APM.
- The reclaim threshold value indicates the number of free addresses. APM compares the configured reclaim threshold value with a computed threshold value and uses the larger value. You compute the threshold value using this equation: computed reclaim threshold = apportion threshold + (prefix count * 2^(32 – preferred prefix length)) + 1
- The hold-down timer suspends any potential reclaim event for a pool domain for the specified duration after an apportion event. You can set the reclamation-hold-down between 1 to 3600 seconds (default is 60 seconds), the reclamation-hold-down value should be greater than the computed threshold value.
```
[edit apm pool-domain-profile pool-domain-profile-name monitoring]
root@jnpr-apm-mgmt# set monitoring apportion-threshold apportion-threshold-count
root@jnpr-apm-mgmt# set monitoring reclaim-threshold reclaim-threshold-count
root@jnpr-apm-mgmt# set monitoring reclamation-hold-down <0 |1..3600>
```
(optional) Configure reclamation rules that the BNG router follows for the pool.
- Specify whether automatic reclamation is always active or whether to use a window period for reclamation.
- The window-duration option specifies how long the reclamation window stays open.
- The window-start option specifies the daily start time scheduled for the reclamation. The window for reclamation is open for the length of the window duration.
```
[edit apm pool-domain-profile pool-domain-profile-name monitoring]
root@jnpr-apm-mgmt# set autoreclamation active always | window window-duration minutes window-start time
root@jnpr-apm-mgmt# 
```

Configure Attributes for Managing BNGs

Configure attributes that identify a managed BNG and define the pool domains on the BNG.

The entity-match list maps valid entities to a pool domain profile. The entity-match command directs incoming APM entities to a pool domain profile. APM reconciles it's pool domains with the BNG’s list such that the APM list matches the BNGs list. If an APM entity (identified by its system-id) is not present in the entity-match list, it's not allowed to connect and the connection is aborted.

content_copy zoom_out_map
[edit apm entity-match system-id]
root@jnpr-apm-mgmt# set pool-domain-profife domain-profile-name

Configure a Secure Incoming Connection for APM

With APM, you can secure an incoming connection by defining secrets and you can use the entity-match command to map valid entities to a pool-domain-profile.

Specify the number of entity clients that are allowed to connect to the APM server.
```
[edit apm]
root@jnpr-apm-mgmt# set system max-clients
```
Specify the APM security parameters for incoming APM connections. For dynamically managed BNGs, use the entity-clients command to define any secrets used to secure the incoming connection.

Note:
The filenames provided in this configuration must match the security key and certificate files you provided during the setup.
- [edit apm] root@jnpr-apm-mgmt# set entity-client
- Specify root public key certificate file.
  [edit apm entity-client] root@jnpr-apm-mgmt# set secrets root-certificate filename
- Specify the private key file for APM.
  [edit apm entity-clients] root@jnpr-apm-mgmt# set secrets private-key filename
- Specify the certificate file for APM.
  [edit apm entity-clients] root@jnpr-apm-mgmt# set secrets certificate filename

Purpose

Use the APM show commands to display status and address utilization information about all BNGs that are under management. You can add qualifiers to the commands to display information more specifically by partition and pool domain.

From configuration mode, exit to the top-level CLI prompt, and then enter the required show commands.

content_copy zoom_out_map
[edit apm]
root@jnpr-apm-mgmt# exit
root@jnpr-apm-mgmt> show command-options

Action

Display the overall prefix utilization; that is, how many prefixes APM has available, reserved, or allocated, for all partitions.

content_copy zoom_out_map
root@jnpr-apm-mgmt> show apm inet-pool utilization

Partition           Prefixes    Reserved    Allocated
new-england         7           0           4
wholesalers         3           0           2
vpn                 15          0           7

Display the prefix utilization for a single partition.

content_copy zoom_out_map
root@jnpr-apm-mgmt> show apm inet-pool utilization partition new-england

Partition Statistics
    Partition Name:  new-england
    Prefixes:        7
    Reserved:        0
    Allocated:       4
    Prefix           Prefixes    Reserved    Allocated
    203.0.113.0/24   7           0           4

Display the prefix utilization for a single partition and prefix.

content_copy zoom_out_map
root@jnpr-apm-mgmt> show apm inet-pool utilization partition new-england prefix 203.0.113.0/24
Partition Statistics:
    Partition Name:  new-england
    Prefixes:        7
    Reserved:        0
    Allocated:       4
    Prefix Statistics:
        Prefix:             203.0.113.0/24
        Total sub-prefixes: 7
        Total reserved:     0
        Total allocated:    4
        Prefix Length    Free        Allocated
        24               0           1          
        25               1           1          
        26               2           2         

Display information about all associated BNGs.

content_copy zoom_out_map
root@jnpr-apm-mgmt> show apm entity

root@jnpr-apm-mgmt> show apm entity
Entity ID                      APMi Ver  Name         Status    Pool Domains
test-002                       1                     reachable 1         
10.9.164.40                     0         yarmouth    reachable 1 

Display detailed information about a specific BNG.

content_copy zoom_out_map
root@jnpr-apm-mgmt> show apm entity id test-002
   
Entity Statistics
  ID      :  test-002
  APMi Ver:  1
  Name    :  test-002
  Status  :  reachable
  Pool Domain                Last Discovery         Pools       Last Allocation       Allocations   Last Reclamation      Reclamations
  iroh-default               2022-03-29T22:11:55Z   1           2022-03-29T22:11:55Z  1             -                     0
          –                   0

Display detailed information about a BNG’s pool domain.

content_copy zoom_out_map
root@jnpr-apm-mgmt> show apm entity id test-002 pool-domain iroh-default
Entity Statistics:
  Entity ID:  test-002
  APMi Ver :  1
  Name     :  test-002
  Status   :  reachable
  Pool Domain Statistics:
    Pool Domain     :  iroh-default
    Source Partition:  westford
    Free Addresses  :  245
    Pool Head       :  iroh-default
    Pools           :  1
    Thresholds:
  	Apportion  :  200
  	Reclamation:  457
    Events:
  	Last Discovery  :  2022-03-28T13:05:27Z
  	Last Allocation :  2022-03-28T13:05:27Z
  	Last Reclamation:  -
  	Allocations     :  1
  	Reclamations    :  0
    Alarms:
  	Apportion   :  1
  	Reclamation :  0
  	Pool-drained:  0
  	Abatement   :  0
    Pool                           Prefix              Total Addrs    Used Addrs
    iroh-default                   192.168.41.0/24     255            10   

Display the number of allocations made by each partition.

content_copy zoom_out_map
root@jnpr-apm-mgmt> show apm inet-pool allocation

Partition           Allocations 
new-england         4
wholesalers         2
vpn                 7

Display information about how addresses are allocated for a specific partition across all BNGs.

content_copy zoom_out_map
root@jnpr-apm-mgmt> show apm inet-pool allocation partition wholesalers

Filter fields:     partition=wholesalers, entity=
Source Partition      Prefix                Entity Address    Pool Domain
wholesalers           198.51.100.100/25     192.0.2.108        cust-a970
wholesalers           198.51.100.200/25     192.0.2.108        cust-a970
wholesalers           198.51.100.1/25       192.0.2.233        L3-001a    

Display information about how addresses are allocated for all partitions on a specific BNG.

content_copy zoom_out_map
root@jnpr-apm-mgmt> show apm inet-pool allocation entity 192.0.2.108

Filter fields:     partition=, entity=192.0.2.108
Source Partition      Prefix                Entity Address    Pool Domain
new-england           203.0.113.10/24       192.0.2.108        mx480-a3-default 
new-england           203.0.113.20/24       192.0.2.108        mx480-a3-default 
new-england           203.0.113.30/24       192.0.2.108        mx480-a3-default 
new-england           203.0.113.40/24       192.0.2.108        mx480-a3-default 
new-england           203.0.113.50/24       192.0.2.108        mx480-a3-red 
new-england           203.0.113.60/24       192.0.2.108        mx480-a3-red 
wholesalers           198.51.100.100/25     192.0.2.108        cust-a970
wholesalers           198.51.100.200/25     192.0.2.108        cust-a970
vpn                   192.0.2.0/25          192.0.2.108        local56    

Display information about how addresses are allocated for one partition on a specific BNG.

content_copy zoom_out_map
root@jnpr-apm-mgmt> show apm inet-pool allocation entity 192.0.2.108 partition new-england

Filtered Partition Allocations
Filter fields:     partition=new-england, entity=192.0.2.108
Source Partition      Prefix                Entity Address    Pool Domain
new-england           203.0.113.10/24       192.0.2.108        mx480-a3-default 
new-england           203.0.113.20/24       192.0.2.108        mx480-a3-default 
new-england           203.0.113.30/24       192.0.2.108        mx480-a3-default 
new-england           203.0.113.40/24       192.0.2.108        mx480-a3-default 
new-england           203.0.113.50/24       192.0.2.108        mx480-a3-red 
new-england           203.0.113.60/24       192.0.2.108        mx480-a3-red 

Address Pool Manager User Guide

ON THIS PAGE