Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Junos OS Features Supported on cRPD

This topic provides the list of various features that are configured, administered, and monitored using cRPD command-line interface (CLI).

Features Supported on cRPD

cRPD inherits most of the routing features with the following considerations shown in Table 1.

Table 1: Supported Features on cRPD

Feature

Description

BGP FlowSpec

BGP flow specification method is supported to prevent denial -of-service attacks on the cRPD environment.

[See Understanding BGP Flow Routes for Traffic Filtering.]

EVPN-VPWS

EVPN-VPWS is supported to provide VPWS with EVPN signaling mechanisms on cRPD.

[See Overview of VPWS with EVPN Signaling Mechanisms.]

EVPN TYPE 5 with MPLS

EVPN Type 5 is supported for EVPN/MPLS.

[See EVPN Type-5 Route with MPLS encapsulation for EVPN-MPLS.]

Segment routing

Segment routing support for OSPF and IS-IS protocols to provide basic functionality with Source Packet Routing in Networking (SPRING).

[See Understanding Source Packet Routing in Networking (SPRING).]

Layer 2 VPN

Support for Layer 2 circuit to provide Layer 2 VPN and VPWS with LDP signaling.

[See Configuring Ethernet over MPLS (Layer 2 Circuit).]

MPLS

Support for MPLS to provide LDP signaling protocol configuration with the control plane functionality.

[See Understanding the LDP Signaling Protocol.]

Eventd

We support only external event policies. You can enable these policies in cRPD. In cRPD, eventd and rsyslogd run as independent processes. The eventd process provides eventinterface to processes such as rpd, auditd, and mgd and supports automated event policy execution.

Use the set event-options policy policy name events [events] then command to enable an event policy and restart event-processing to restart event processing.

By default, Python 3.x support is enabled with existing on-box Python or SLAX functions in the cRPD environment.

Use the [edit system scripts language python3] hierarchy level to enable and to support Python event automation.

[See event-options and event-policy.]

Authentication, authorization, and accounting

You can configure local authentication, local authorization, Tacplus authentication, Tacplus authorization and Tacplus accounting at the [edit system] hierarchy level.

We support the following features:

  • Local authentication and local authorization

  • TACACS+ authentication, authorization and accounting

  • User template support

  • Support for operational commands and regular expressions

  • Local authentication and remote authorization on Tacplus server.

[See password-options and tacplus.]

SRv6 network programming in IS-IS

You can enable basic segment routing functionalities in a core IPv6 network for both route reflector role and host routing roles.

You can enable SRv6 network programming in an IPv6 network at the [edit source-packet-routing] hierarchy level.

A Segment Identifier consists of the following parts:

  • Locator— Locator is the first part of a SID that consists of the most significant bits representing the address of a particular SRv6 node. The locator is very similar to a network address that provides a route to its parent node. The IS-IS protocol installs the locator route in the inet6.0 routing table. IS-IS routes the segment to its parent node, which subsequently performs a function defined in the other part of the SRv6 SID. You can also specify the algorithm associated with this locator.

  • Function—The other part of the SID defines a function that is performed locally on the node that is specified by the locator. There are several functions that have already been defined in the Internet draft draft-ietf-spring-srv6-network-programming-07draft, SRv6 Network Programming. However, we have implemented the following functions that are signalled in IS-IS. IS-IS installs these function SIDs in the inet6.0 routing table.

    • End— An endpoint function for SRv6 instantiation of a Prefix SID. It does not allow for decapsulation of an outer header for the removal of an SRH. Therefore, an End SID cannot be the last SID of a SID list and cannot be the Destination Address (DA) of a packet without an SRH.

    • End.X— An endpoint X function is an SRv6 instantiation of an adjacent SID. It is a variant of the endpoint function with Layer 3 cross-connect to an array of Layer 3 adjacencies.

    Note:

    The support for flavor (specifies end sid behavior) and flexible algorithm options is not available for configuring end SIDs.

[See source-packet-routing].

Increase ECMP next-hop limit

You can specify the multipath next-hop limit at the [edit routing-options maximum-ecmp] hierarchy level. This helps to load-balance the traffic over multiple paths. The default ECMP next-hop limit is 16.

[See routing options max ecmp and Hash Field Selection for ECMP Load Balancing on Linux].

EVPN Type 5 with VXLAN

We support EVPN Type 5 Route over VXLAN for both IPv4 and IPv6 prefix advertisements.

[See EVPN Type-5 Route with VXLAN encapsulation for EVPN-VXLAN].

EVPN Over VXLAN Encapsulation

We support Layer 2 EVPN Over VXLAN functionality.

[See EVPN with VXLAN Data Plane Encapsulation and MAC-VRF L2 services].

Support for next-hop based dynamic tunnels

cRPD supports to configure next-hop based dynamic IP tunnels in the Linux kernel to provide private and secure path on a public network. Whenever a tunnel needs to be installed in the kernel, a tunnel interface is created. Tunnel interfaces are created in Linux using netlink messages. The ifindex of the tunnel interface is used to listen and program the routes going over the tunnel composite next-hop. By default, MPLS-over-UDP tunnel is preferred over GRE tunnels. The following dynamic tunnels are supported:

  • MPLS-over-GRE (Generic Routing Encapsulation)
  • MPLS-over-UDP

[For more information on dynamic tunnels overview, see Next-Hop-Based Dynamic Tunnels, Next-Hop Based Tunnels for Layer 3 VPNs, Configuring Next-Hop-Based MPLS-Over-UDP Dynamic Tunnels, dynamic-tunnels and Dynamic Tunnels Overview].

Support for SRv6 and Layer 3 services over SRv6 in BGP

You can configure BGP based Layer 3 service over SRv6 core on cRPD. You can enable Layer 3 overlay services with BGP as control plane and SRv6 as dataplane. SRv6 network programming provides flexibility to leverage segment routing without deploying MPLS. Such networks depend only on the IPv6 headers and header extensions for transmitting data.

Limitations

  • When cRPD as the PE is acting as RR, forwarding will not work using SRv6 tunnel for local PE-CE routes
  • Global IPv4 over SRv6 core END.DT4 is not supported with Linux kernel
  • Duplicate configured SRv6 SID check within a router is not supported.
  • SRv6 overlay service requires Service SID for forwarding. When at least one malformed SRV6 Service TLV is present in the BGP Prefix-SID attribute, instead of treat-as-withdraw action, the BGP update packet is ignored. On deleting accept-srv6-service there will not be any impact on already received routes with SRV6 SID.

[For more information, see advertise-srv6-service, srv6 (BGP), Understanding SRv6 Network Programming and Layer 3 Services over SRv6 in BGP].

Support for Advanced RISC Machines (ARM64) (cRPD)

cRPD is packaged as a docker container to run on 64-bit ARM platform.

cRPD on ARM doesnot support the following features:

  • Sharding and updateIO. The set system processes routing bgp rib-sharding number-of-shard and set system processes routing bgp update-threading number-of-threadscommands are not supported.
  • SRv6

[For more information, see Server Requirements ].

Support for export of BGP Local RIB through BGP Monitoring Protocol (BMP)

BMP is enhanced to support monitoring of local routing information base (RIB) loc-rib policy on cRPD. The loc-rib policy is added to RIB types under the bmp route-monitoring statement.

[For more information, see Understanding the BGP Monitoring Protocol, bmp, and route-monitoring].

Interoperability of segment routing with LDP

You can use OSPF or ISIS to enable segment routing devices to operate with the LDP devices that are not segment routing capable.

[For more information, see LDP Mapping Server for Interoperability of Segment Routing and source packet routing].

Support for logging using eventd and time-zone (cRPD)

We support eventd process on cRPD to configure logging and forwarding the syslog to remote host and time zone on the system.

The following support is not available on cRPD:

  • help syslog command to view syslog information.

  • rsyslogd for logging.

Limitations

  • Configuring the management-instance and the routing instance for the Syslog client is not supported.

  • TLS authentication is not supported for syslog transfer on cRPD.

[For more information, see Configure Time Zones, time-zone, and Syslog Support on cRPD].

Support for RADIUS server (cRPD)

We provide RADIUS server support to use authentication, authorization and accounting features on cRPD.

[For more information, see RADIUS Authentication, radius (System), and radius-server (System)].