Juniper Labs Logical Systems
Logical Systems with ACX1100 Router
The ACX1100 router supports Junos logical systems, but cannot use logical-tunnel interfaces. The simplest way to deploy logical systems on an ACX1100 is:
- Assign a physical interface to each logical system.
- Connect those interfaces with Ethernet cables.
Creating a Logical System
To create a logical system in Junos:
- Design your logical-system topology.
- Create a system login class for each logical system.
- Create a system user and bind it to the logical system via the login class.
- Configure the logical system.
Note: Configuration within a logical system generally uses:
set logical-systems <LOGICAL_SYSTEM_NAME> <CONFIGURATION>Alternatively, you can enter the logical-system CLI context.
Some settings (e.g.media-type) must be applied in the ACX1100’s main CLI.
Default Password
All example passwords below are set to:
1q2w3e
ACX1100 Base Configuration
# Switch combo interfaces to copper
set interfaces ge-0/1/0 media-type copper
set interfaces ge-0/1/1 media-type copper
set interfaces ge-0/1/2 media-type copper
# Configure management & loopback
set interfaces ge-0/1/0 unit 0 description lrc-ge-0/1/1
set interfaces ge-0/1/0 unit 0 family inet address 10.0.0.1/30
set interfaces lo0 unit 0 family inet address 100.0.1.1/32
Logical Router Core (LRC)
# Create login class for LRC
set system login class lrc logical-system lrc
set system login class lrc permissions all
# Create LRC user
set system login user lrc class lrc
set system login user lrc authentication encrypted-password "$6$InAquAUa$UxnSAT9c1G476uTROWHZH25vz9yuqvFoSAvWKkOPVWZhzOf/o5uCR2uY4mWex3CKQbxwYRbpzkHBEq6L4mk8y."
# Configure LRC interfaces
set logical-systems lrc interfaces ge-0/0/5 unit 0 description lr1-ge-0/0/1
set logical-systems lrc interfaces ge-0/0/5 unit 0 family inet address 10.0.1.2/30
set logical-systems lrc interfaces ge-0/0/6 unit 0 description lr2-ge-0/0/2
set logical-systems lrc interfaces ge-0/0/6 unit 0 family inet address 10.0.2.2/30
set logical-systems lrc interfaces ge-0/0/7 unit 0 description lr3-ge-0/0/3
set logical-systems lrc interfaces ge-0/0/7 unit 0 family inet address 10.0.3.2/30
set logical-systems lrc interfaces ge-0/1/1 unit 0 description acx-ge-0/1/0
set logical-systems lrc interfaces ge-0/1/1 unit 0 family inet address 10.0.0.2/30
set logical-systems lrc interfaces lo0 unit 123 family inet address 100.1.2.3/32
Logical Router 1 (LR1)
# Create login class for LR1
set system login class lr1 logical-system lr1
set system login class lr1 permissions all
# Create LR1 user
set system login user lr1 class lr1
set system login user lr1 authentication encrypted-password "$6$X8FfXB.u$ygojhfj.X6pEjOzQJ4.WVg9PckYHQrREUqyxDvrXrFbpSSVsp0dDgk4bjGG8UCJkLyDUPqChpMvE.V8hkkF4X1"
# Configure LR1 interfaces
set logical-systems lr1 interfaces ge-0/0/1 unit 0 description lrc-ge-0/0/5
set logical-systems lr1 interfaces ge-0/0/1 unit 0 family inet address 10.0.1.1/30
set logical-systems lr1 interfaces lo0 unit 1 family inet address 100.1.1.1/32
Logical Router 2 (LR2)
# Create login class for LR2
set system login class lr2 logical-system lr2
set system login class lr2 permissions all
# Create LR2 user
set system login user lr2 class lr2
set system login user lr2 authentication encrypted-password "$6$xBWmGCiz$UKy0NMZxOAoedM1V9Hw1G88zhE4QGLfB1KLkOOnZxsZqRAXqsxoX5bxh//N1eKHdF2LAyN9NxyDTLWJs6CGCC."
# Configure LR2 interfaces
set logical-systems lr2 interfaces ge-0/0/2 unit 0 description lrc-ge-0/0/6
set logical-systems lr2 interfaces ge-0/0/2 unit 0 family inet address 10.0.2.1/30
set logical-systems lr2 interfaces lo0 unit 2 family inet address 100.2.2.2/32
Logical Router 3 (LR3)
# Create login class for LR3
set system login class lr3 logical-system lr3
set system login class lr3 permissions all
# Create LR3 user
set system login user lr3 class lr3
set system login user lr3 authentication encrypted-password "$6$Ek5ihlUw$BSs4L9b8ymDjSLdMEMEiPJTcu0K5IEB1mJvHBATayaKSnVgQZ0K0NkcX3jfuths4J8tNtTjDTf7.vJu/zpPPP/"
# Configure LR3 interfaces
set logical-systems lr3 interfaces ge-0/0/3 unit 0 description lrc-ge-0/0/7
set logical-systems lr3 interfaces ge-0/0/3 unit 0 family inet address 10.0.3.1/30
set logical-systems lr3 interfaces ge-0/0/4 unit 0 description lrc-arm64-frr-dhcp
set logical-systems lr3 interfaces ge-0/0/4 unit 0 family inet address 10.0.4.1/30
set logical-systems lr3 interfaces lo0 unit 3 family inet address 100.3.3.3/32
Validation
You can validate via the ACX1100 CLI or by SSH’ing into the logical-system users.
CLI Validation (LR3 example)
root@acx1100> set cli logical-system lr3
Logical system: lr3
root@acx1100:lr3> show interfaces terse
Interface Admin Link Proto Local Remote
ge-0/0/3
ge-0/0/3.0 up up inet 10.0.3.1/30 multiservice
ge-0/0/4
ge-0/0/4.0 up down inet 10.0.4.1/30 multiservice
lo0
lo0.3 up up inet 100.3.3.3/32 --> 0/0
root@acx1100:lr3> show configuration
interfaces {
ge-0/0/3 {
unit 0 {
description lrc-ge-0/0/7;
family inet {
address 10.0.3.1/30;
}
}
}
ge-0/0/4 {
unit 0 {
description lrc-arm64-frr-dhcp;
family inet {
address 10.0.4.1/30;
}
}
}
lo0 {
unit 3 {
family inet {
address 100.3.3.3/32;
}
}
}
}
root@acx1100:lr3> ping count 3 10.0.3.2
PING 10.0.3.2 (10.0.3.2): 56 data bytes
64 bytes from 10.0.3.2: icmp_seq=0 ttl=64 time=0.988 ms
64 bytes from 10.0.3.2: icmp_seq=1 ttl=64 time=0.912 ms
64 bytes from 10.0.3.2: icmp_seq=2 ttl=64 time=1.049 ms
--- 10.0.3.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.912/0.983/1.049/0.056 ms
root@acx1100:lr3> clear cli logical-system
Cleared default logical system
SSH Validation
Note: SSH to the same ACX1100 IP with different users lands you in their respective logical system. The
rootuser logs into the main system.
Main system
Logical system LRC
ssh [email protected]
lrc@acx1100:lrc> show interfaces terse
Interface Admin Link Proto Local Remote
ge-0/0/5
ge-0/0/5.0 up up inet 10.0.1.2/30
multiservice
ge-0/0/6
ge-0/0/6.0 up up inet 10.0.2.2/30
multiservice
ge-0/0/7
ge-0/0/7.0 up up inet 10.0.3.2/30
multiservice
ge-0/1/1
ge-0/1/1.0 up up inet 10.0.0.2/30
multiservice
lo0
lo0.123 up up inet 100.1.2.3 --> 0/0
lrc@acx1100:lrc> show configuration
interfaces {
ge-0/0/5 {
unit 0 {
description lr1-ge-0/0/1;
family inet {
address 10.0.1.2/30;
}
}
}
ge-0/0/6 {
unit 0 {
description lr2-ge-0/0/2;
family inet {
address 10.0.2.2/30;
}
}
}
ge-0/0/7 {
unit 0 {
description lr3-ge-0/0/3;
family inet {
address 10.0.3.2/30;
}
}
}
ge-0/1/1 {
unit 0 {
description acx-ge-0/1/0;
family inet {
address 10.0.0.2/30;
}
}
}
lo0 {
unit 123 {
family inet {
address 100.1.2.3/32;
}
}
}
}
lrc@acx1100:lrc> ping count 3 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=0.948 ms
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.928 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.990 ms
--- 10.0.0.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.928/0.955/0.990/0.026 ms
lrc@acx1100:lrc> ping count 3 10.0.2.1
PING 10.0.2.1 (10.0.2.1): 56 data bytes
64 bytes from 10.0.2.1: icmp_seq=0 ttl=64 time=0.951 ms
64 bytes from 10.0.2.1: icmp_seq=1 ttl=64 time=0.945 ms
64 bytes from 10.0.2.1: icmp_seq=2 ttl=64 time=1.002 ms
--- 10.0.2.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.945/0.966/1.002/0.026 ms
lrc@acx1100:lrc> exit