Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Introduction to Interfaces

Junos OS supports different types of interfaces on which the devices function. The following topics provide information of types of interfaces used on security devices, the naming conventions and how to monitor the interfaces.

Understanding Interfaces

Interfaces act as a doorway through which traffic enters and exits a device. Juniper Networks devices support a variety of interface types:

  • Network interfaces—Networking interfaces primarily provide traffic connectivity.

  • Services interfaces—Services interfaces manipulate traffic before it is delivered to its destination.

  • Special interfaces—Special interfaces include management interfaces, the loopback interface, and the discard interface.

Each type of interface uses a particular medium to transmit data. The physical wires and Data Link Layer protocols used by a medium determine how traffic is sent. To configure and monitor interfaces, you need to understand their media characteristics, as well as physical and logical properties such as IP addressing, link-layer protocols, and link encapsulation.

Note:

Most interfaces are configurable, but some internally generated interfaces are not configurable.

Network Interfaces

All Juniper Networks devices use network interfaces to make physical connections to other devices. A connection takes place along media-specific physical wires through an I/O card (IOC) in the SRX Series Services Gateway. Networking interfaces primarily provide traffic connectivity.

You must configure each network interface before it can operate on the device. Configuring an interface can define both the physical properties of the link and the logical properties of a logical interface on the link.

Table 1 describes network interfaces that are available on SRX Series Firewalls.

Table 1: Network Interfaces

Interface Name

Description

ae

Aggregated Ethernet interface. See Understanding Aggregated Ethernet Interfaces.

at

ATM-over-ADSL or ATM-over-SHDSL WAN interface.

cl

Physical interface for the 3G wireless modem or LTE Mini-PIM. See Understanding the 3G Wireless Modem Physical Interface and LTE Mini-PIM Overview. Starting with Junos OS Release 15.1X49-D100, SRX320, SRX340, SRX345, and SRX550HM devices support the LTE interface. The dialer interface is used for initiating wireless WAN connections over LTE networks.

dl

Dialer interface for initiating USB modem or wireless WAN connections. See USB Modem Interface Overview and LTE Mini-PIM Overview.

e1

E1 (also called DS1) WAN interface. See Understanding T1 and E1 Interfaces.

e3

E3 (also called DS3) WAN interface. See Understanding T3 and E3 Interfaces.

fe

Fast Ethernet interface. See Understanding Ethernet Interfaces.

ge

Gigabit Ethernet interface. See Understanding Ethernet Interfaces.

pt

VDSL2 interface. See Example: Configuring VDSL2 Interfaces (Detail).

reth

For chassis cluster configurations only, redundant Ethernet interface. See Understanding Ethernet Interfaces.

se

Serial interface (either RS-232, RS-422/499, RS-530, V.35, or X.21). See Serial Interfaces Overview.

t1

T1 (also called DS1) WAN interface. See Understanding T1 and E1 Interfaces.

t3

T3 (also called DS3) WAN interface. See Understanding T3 and E3 Interfaces.

wx

WXC Integrated Services Module (ISM 200) interface for WAN acceleration. See the WXC Integrated Services Module Installation and Configuration.

xe

10-Gigabit Ethernet interface. See Understanding the 2-Port 10-Gigabit Ethernet XPIM.

Note:

The affected interfaces are these: ATM-over-ADSL or ATM-over-SHDSL (at) interface, dialer interface (dl), E1 (also called DS1) WAN interface, E3 (also called DS3) WAN interface, VDSL2 interface (pt), serial interface (se), T1 (also called DS1) WAN interface, T3 (also called DS3) WAN interface. However, starting from Junos OS Release 15.1X49-D40 and onwards, SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices support VDSL2 (pt), serial (se), T1 (t1) , and E1 (e1) interfaces.

Services Interfaces

Services interfaces provide specific capabilities for manipulating traffic before it is delivered to its destination. On Juniper Networks M Series and T Series routing platforms, individual services such as IP-over-IP encapsulation, link services such as multilink protocols, adaptive services such as stateful firewall filters and NAT, and sampling and logging capabilities are implemented by services Physical Interface Cards (PICs). On SRX Series Firewalls, services processing is handled by the Services Processing Card (SPC).

Although the same Junos OS image supports the services features across all routing platforms, on SRX Series Firewalls, services interfaces are not associated with a physical interface. To configure services on these devices, you configure one or more internal interfaces by specifying slot 0, interface carrier 0, and port 0—for example, gr-0/0/0 for GRE.

Table 2 describes services interfaces that you can configure on SRX Series Firewalls.

Table 2: Configurable Services Interfaces

Interface Name

Description

gr-0/0/0

Configurable generic routing encapsulation (GRE) interface. GRE allows the encapsulation of one routing protocol inside another routing protocol.

Packets are routed to this internal interface, where they are first encapsulated with a GRE packet and then sent.

You can create multiple instances of this interface for forwarding encapsulated data to multiple destination addresses by using the default interface as the parent and creating extensions, for example, gr-0/0/0.1, gr-0/0/0.2, and so on.

The GRE interface is an internal interface only and is not associated with a physical interface. It is used only for processing GRE traffic. See the Junos OS Services Interfaces Library for Routing Devices for information about tunnel services.

ip-0/0/0

Configurable IP-over-IP encapsulation (IP-IP tunnel) interface. IP tunneling allows the encapsulation of one IP packet inside another IP packet.

With IP routing, you can route IP packets directly to a particular address or route the IP packets to an internal interface where they are encapsulated inside an IP-IP tunnel and forwarded to the encapsulating packet’s destination address.

You can create multiple instances of this interface for forwarding IP-IP tunnel data to multiple destination addresses by using the default interface as the parent and creating extensions, for example, ip-0/0/0.1, ip-0/0/0.2, and so on.

The IP-IP interface is an internal interface only and is not associated with a physical interface. It is used only for processing IP-IP tunnel traffic. See the Junos OS Services Interfaces Library for Routing Devices for information about tunnel services.

lsq-0/0/0

Configurable link services queuing interface. Link services include the multilink services MLPPP, MLFR, and Compressed Real-Time Transport Protocol (CRTP).

Packets are routed to this internal interface for link bundling or compression. The link services interface is an internal interface only and is not associated with a physical interface. You must configure the interface for it to perform multilink services.

Note:

The ls-0/0/0 interface has been deprecated. All multiclass multilink features supported by ls-0/0/0 are now supported by lsq-0/0/0.

lt-0/0/0

Configurable logical tunnel interface that interconnects logical systems on SRX Series Firewalls. See the Logical Systems and Tenant Systems User Guide for Security Devices.

pp0

Configurable PPPoE encapsulation interface. PPP packets being routed in an Ethernet network use PPPoE encapsulation.

Packets are routed to this internal interface for PPPoE encapsulation. The PPPoE encapsulation interface is an internal interface only and is not associated with a physical interface. You must configure the interface for it to forward PPPoE traffic.

See Understanding Point-to-Point Protocol over Ethernet.

ppd0

Protocol Independent Multicast (PIM) de-encapsulation interface. In PIM sparse mode, the first-hop routing platform encapsulates packets destined for the rendezvous point device. The packets are encapsulated with a unicast header and are forwarded through a unicast tunnel to the rendezvous point. The rendezvous point then de-encapsulates the packets and transmits them through its multicast tree.

Within a device, packets are routed to this internal interface for de-encapsulation. The PIM de-encapsulation interface is an internal interface only and is not associated with a physical interface. You must configure PIM with the [edit protocol pim] hierarchy to perform PIM de-encapsulation.

Use the show pim interfaces command to check the status of ppd0 interface.

ppe0

Protocol Independent Multicast (PIM) encapsulation interface. In PIM sparse mode, the first-hop routing platform encapsulates packets destined for the rendezvous point device. The packets are encapsulated with a unicast header and are forwarded through a unicast tunnel to the rendezvous point. The rendezvous point then de-encapsulates the packets and transmits them through its multicast tree.

Within a device, packets are routed to this internal interface for encapsulation. The PIM encapsulation interface is an internal interface only and is not associated with a physical interface. You must configure PIM with the [edit protocol pim] hierarchy to perform PIM encapsulation.

st0

Secure tunnel interface used for IPSec VPNs. See the IPsec VPN User Guide for Security Devices.

umd0

Configurable USB modem physical interface. This interface is detected when a USB modem is connected to the USB port on the device.

See USB Modem Configuration Overview.

mt-0/0/0

Multicast tunnel interface. This interface is automatically generated, but you can configure properties on it if needed.

Table 3 describes non-configurable services interfaces for SRX Series Firewalls.

Table 3: Non-Configurable Services Interfaces

Interface Name

Description

gre

Internally generated Generic Routing Encapsulation (GRE) interface created by Junos OS to handle GRE traffic. It is not a configurable interface.

ipip

Internally generated IP-over-IP interface created by Junos OS to handle IP tunnel traffic. It is not a configurable interface.

lsi

Internally generated link services interface created by Junos OS to handle multilink services like MLPPP, MLFR, and CRTP. It is not a configurable interface.

pc-pim/0/0

Internally configured interface used by the system as a control path between the WXC Integrated Services Module and the Routing Engine. It is not a configurable interface. See the WX and WXC Series.

pimd

Internally generated Protocol Independent Multicast (PIM) de-encapsulation interface created by Junos OS to handle PIM de-encapsulation. It is not a configurable interface.

pime

Internally generated Protocol Independent Multicast (PIM) encapsulation interface created by Junos OS to handle PIM encapsulation. It is not a configurable interface.

tap

Internally generated interface created by Junos OS to monitor and record traffic during passive monitoring. Packets discarded by the Packet Forwarding Engine are placed on this interface. It is not a configurable interface.

sp-0/0/0

Adaptive services interface. The logical interface sp-fpc/pic/port. 16383 is an internally generated, non-configurable interface for router control traffic.

Special Interfaces

Special interfaces include management interfaces, which are primarily intended for accessing the device remotely, the loopback interface, which has several uses depending on the particular Junos OS feature being configured, and the discard interface.

Table 4 describes special interfaces for SRX Series Firewalls.

Table 4: Special Interfaces

Interface Name

Description

fxp0, fxp1

On SRX Series Firewalls, the fxp0 management interface is a dedicated port located on the Routing Engine.

lo0

Loopback address. The loopback address has several uses, depending on the particular Junos feature being configured.

dsc

Discard interface.

Interface Naming Conventions

Each device interface has a unique name that follows a naming convention. If you are familiar with Juniper Networks M Series and T Series routing platforms, be aware that device interface names are similar to but not identical to the interface names on those routing platforms.

The unique name of each network interface identifies its type and location and indicates whether it is a physical interface or an optional logical unit created on a physical interface.

  • The name of each network interface has the following format to identify the physical device that corresponds to a single physical network connector:

  • Network interfaces that are fractionalized into time slots include a channel number in the name, preceded by a colon (:):

  • Each logical interface has an additional logical unit identifier, preceded by a period (.):

The parts of an interface name are summarized in Table 5.

Table 5: Network Interface Names

Name Part

Meaning

Possible Values

type

Type of network medium that can connect to this interface.

ae, at, ei, e3, fe, fxp0, fxp1, ge, lo0, lsq, lt, ppo, pt, sto, t1, t3, xe, and so on.

slot

Number of the chassis slot in which a PIM or IOC is installed.

SRX5600 and SRX5800 devices: The slot number begins at 0 and increases as follows from left to right, bottom to top:

  • SRX5600 device—Slots 0 to 5

  • SRX5800 device—Slots 0 to 5, 7 to 11

SRX3400 and SRX3600 devices: The Switch Fabric Board (SFB) is always 0. Slot numbers increase as follows from top to bottom, left to right:

  • SRX3400 devce—Slots 0 to 4

  • SRX3600 device—Slots 0 to 6

  • SRX4600 device—Slots 0 to 6

pim-or-ioc

Number of the PIM or IOC on which the physical interface is located.

SRX5600 and SRX5800 devices: For 40-port Gigabit Ethernet IOCs or 4-port 10-Gigabit Ethernet IOCs, this number can be 0, 1, 2, or 3.

SRX3400, SRX3600, and SRX 4600 devices: This number is always 0. Only one IOC can be installed in a slot.

port

Number of the port on a PIM or IOC on which the physical interface is located.

On SRX5600 and SRX5800 devices:

  • For 40-port Gigabit Ethernet IOCs, this number begins at 0 and increases from left to right to a maximum of 9.

  • For 4-port 10-Gigabit Ethernet IOCs, this number is always 0.

On SRX3400, SRX3600, and SRX 4600 devices:

  • For the SFB built-in copper Gigabit Ethernet ports, this number begins at 0 and increases from top to bottom, left to right, to a maximum of 7. For the SFB built-in fiber Gigabit Ethernet ports, this number begins at 8 and increases from left to right to a maximum of 11.

  • For 16-port Gigabit Ethernet IOCs, this number begins at 0 to a maximum of 15.

  • For 2-port 10-Gigabit Ethernet IOCs, this number is 0 or 1.

Port numbers appear on the PIM or IOC faceplate.

channel

Number of the channel (time slot) on a fractional or channelized T1 or E1 interface.

  • On an E1 interface, a value from 1 through 31. The 1 time slot is reserved.

  • On a T1 interface, a value from 1 through 24.

unit

Number of the logical interface created on a physical interface.

A value from 0 through 16384.

If no logical interface number is specified, unit 0 is the default, but must be explicitly configured.

In addition to user-configured interfaces, there are some logical interfaces that are created dynamically. Hence, for Junos OS, the maximum limit for configuring logical interfaces is 2,62,143 (user configured and dynamically created). Based on performance, for each platform, the maximum number of logical interfaces supported can vary.
Note:

Platform support depends on the Junos OS release in your installation.

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
15.1X49-D100
Starting with Junos OS Release 15.1X49-D100, SRX320, SRX340, SRX345, and SRX550HM devices support the LTE interface. The dialer interface is used for initiating wireless WAN connections over LTE networks.