License Server Management for Throughput Data Export on MX Series Routers for NAT, Firewall, and Inline Flow Monitoring Services
To support our transition to software defined networking (SDN), Juniper Networks supports the Software Business Model Transformation, which includes new licensing, pricing, and branding strategies that make it easier for users to extract value from Juniper software solutions. This value of this approach is known as the Juniper Software Advantage (JSA), which provides the following benefits:
Simple—Simple to buy, use, and manage rights
Repeatable—License models which facilitates repeatable use among multiple hardware platforms and usage scenarios.
Measurable—License fees based on easy to measure usage
Although the licensing of JSA products is trust-based, Juniper Networks might periodically audit the usage of its products. License Measurement Tool (LMT) is a technique that is used to compute the usage of individual Network Edge Products under JSA. MX Series routers need to define the mechanism for updating the LMT tool with information such as per-service throughput. For example, for services such as carrier-grade NAT and inline flow monitoring, the router needs to calculate per service throughput and update it in LMT.
On MX Series routers, the Routing Engine periodically sends query messages to every Service PIC on which the service, for which throughput collection is being performed, is configured to run. This polling is performed for all the services for which throughput measurement is enabled. Service PICs, upon receiving the query for a particular service, reply with the throughput measured during the last query interval, for that service. If a service PIC hosts multiple services, the Routing Engine sends separate throughput queries to that service PIC for all the services. If a service is configured on multiple services PICs, the Routing Engine aggregates the throughput values received from all of them and exports the aggregated throughput to the log collector in the predefined log format. The LMT application analyze these values from log collector, performs aggregation on values collected from all routers, and displays them in the LMT application.
You can configure the capability to transmit the throughput
details per service for the Junos Address Aware (carrier-grade NAT)
and Junos Traffic Vision (previously known as Jflow) in the last
time interval to an external log collector. The default time interval
at which the throughput data is sent is 300 seconds, which you can
configure to suit your network needs. Multiple instances of the same
service running on different PICs within a router are supported. If
the same service is running on different PICs within a router, the
router transmits the consolidated final throughput to the log collector
or server. This functionality is supported on MX Series routers with
MS-MCPs and MS-MICs, and also in the MX Series Virtual Chassis configuration.
To configure the license server properties for throughput data to
be transmitted for the defined services, such as NAT or stateful firewall,
from the service PIC on the router to the external log collector,
include the license-server statement at the [edit] hierarchy level.
To specify the IP address of the license log server, include the ip-address address
statement at the [edit license-server]
hierarchy level. To configure the frequency
of transmission of throughput date, include the log-interval seconds
statement at the [edit license-server] hierarchy
level. To specify the services for which throughput data collection
must be performed, include the services (jflow | cgnat | firewall)
statement at the [edit license-server]
hierarchy level.
Throughput Measurement and Export
Throughput is defined as: “The network traffic throughput processed by juniper software in a second. It is represented as Mb/Sec (Megabits per second) or GB/sec (Gigabits per second). Throughput is measured as the 95th percentile of all the peaks measured in a quarter.” Service PICs keep track of the amount of data (in bits) processed by the various service plugins running on them. When a throughput query arrives from the Routing Engine, for a particular service, the Service PIC returns the value D/T mbps, in its reply, where:
D is the amount of data (megabits) processed by that service since the previous query was received. If the query interval happens to be 300 seconds, for example, then D refers to the amount of data that was processed during the last 300 second interval. If the current query happens to be the very first query, for a particular service, then D represents the cumulative data bits processed so far, by that service.
T is the time (seconds) that elapsed since the previous query was received. This is the query interval configured using the CLI interface. If the current query happens to be the very first query, for a particular service, then T represents the time that elapsed since that service started processing packets. For all subsequent queries, T equals the query interval.
The Routing Engine aggregates the throughput measured (in mbps) across all the Service PICs on which a particular Service is configured and exports it to the Log collector which performs the 95th percentile calculation.