Upload
dangtram
View
216
Download
0
Embed Size (px)
Citation preview
Copyright © 2014 Juniper Networks, Inc. 1
THE POWER OF A CONNECTED WORLD
Javier Grizzuti
System Engineer Juniper Networks
Noviembre 2016
Copyright © 2014 Juniper Networks, Inc. 2
Our Strategy
TECHNOLOGY
Vision: To Be the Worldwide Leader of Network Innovation
Go to Market Vertical Focus
ROUTINGROUTING SECURITYSECURITYSWITCHINGSWITCHING
PERFORMANCE
AUTOMATION
Alliance, Channel and Commercial Engines
Copyright © 2014 Juniper Networks, Inc. 3
Campus/Branch
Campus/Branch Data CenterData Center
CoreCoreEdge/ Access & AggregationEdge/ Access & Aggregation
Innovation Matters Across the Network
Copyright © 2014 Juniper Networks, Inc. 4
SIMPLICITYPERFORMANCE
WHY JUNIPER?
Line-rate performance
Wire-speed security
Scale
Density
Rich service provider feature set
Carrier-class platform
Redundant hardware and software options
Virtual Chassis technology
In-service software upgrades
Collapsed architectures
One Junos OS across routing portfolio
Platform for innovation
Service Now/Service Automation
HIGH AVAILABILITY
Copyright © 2014 Juniper Networks, Inc. 5
FOCUS ON ROUTING, SWITCHING AND SECURITY
ARCHITECTING NETWORKS
SYSTEMS
SILICON SOFTWARE
Copyright © 2014 Juniper Networks, Inc. 7
JUNOS: THE POWER OF ONEDeployed since 1998
First high-performance network operating system18 years of innovation and development
Spans routing, switching, and security platforms Simplify operations and deliver operational excellence Evolutionary architecture expands and extends to
tomorrow Serving the most demanding customers
Top 100+ service providers High-performance enterprise and public sector customers
Copyright © 2014 Juniper Networks, Inc. 8
JUNOS SOFTWARE ARCHITECTURE Separation of Control & Data
Plane Independent modules
Protected memory for stability Well-defined interfaces for
expansion of functions/platforms Scales performance, enhances
resiliency, enables redundancy Open Management &
Development Interfaces NETCONF/XML/DMI Junos API Automation
Con
trol Pla
ne
Data
Pla
ne
Man
ag
em
en
tM
an
ag
em
en
tR
ou
tin
gR
ou
tin
g
Sw
itch
ing
Sw
itch
ing
Daem
on
XD
aem
on
X
KernelKernel
mKernelmKernel
Open Management Interfaces
Open Management Interfaces
HALHAL
Physical Interfaces
Copyright © 2014 Juniper Networks, Inc. 9
JUNOS : Separation of Control and Forwarding
• All platforms running JUNOS Software share a common design goal:• Clean separation of control and forwarding
• RE maintains routing table, bridging table, and primary forwarding table• PFE simply does what it is told—really fast
Packet Forwarding Engine
Routing Engine (CPU)
Frames or Packets In Frames or Packets Out
FT RT JUNOSSoftware BT
BT FT
Copyright © 2014 Juniper Networks, Inc. 11
CLI Modes
• Operational mode:• Monitor and troubleshoot the software, network connectivity, and switch
hardware
• Configuration mode:• Configure the switch, including interfaces, general bridging information,
routing protocols, user access, and system hardware properties
user@switch>The > character identifies operational mode
user@switch#[edit]
The # character identifies configuration mode
Copyright © 2014 Juniper Networks, Inc. 12
Command and Variable Completion
Spacebar completes a commanduser@switch> sh<space>ow i<space> 'i' is ambiguous.Possible completions: igmp Show Internet Group Management Protocol... igmp-snooping Show IGMP snooping information ike Show Internet Key Exchange information interfaces Show interface information ipsec Show IP Security information isis Show Intermediate System-to-Intermediate...
user@switch> show i
Use the Tab key to complete an assigned variable
[edit policy-options]user@switch# show policy-statement t<tab>his-is-my-policy then accept;
[edit policy-options]user@switch#
Use a tab to complete assigned
variables
Enter a space to complete a command
Copyright © 2014 Juniper Networks, Inc. 13
Configuration File Differences (1 of 2)
Change the candidate configuration:[edit system]user@switch# set services telnet [edit system]user@switch# delete services web-management [edit system]user@switch# delete services ssh
Display differences between the candidate and active configurations:
user@switch# show | compare [edit system services]- ssh;+ telnet;- web-management {- http {- port 8080;- }- }
Copyright © 2014 Juniper Networks, Inc. 14
Configuration File Differences (2 of 2)
Compare active and historical configurations:user@switch> show configuration | compare rollback numberuser@switch> show configuration | compare filename
Compare arbitrary files:user@switch> file compare files filename_1 filename_2
Copyright © 2014 Juniper Networks, Inc. 15
Helpful Configuration-Mode Commands• Commands to aid in configuration:
• rename a configuration statementuser@switch# rename interfaces ge-0/0/10 to ge-0/0/11
• replace a pattern of configuration statementsuser@switch# replace pattern ge-0/0/10 with ge-0/0/11
• copy a configuration statement to another statementuser@switch# copy interfaces ge-0/0/10 to ge-0/0/11
• deactivate or ignore a configuration statementuser@switch# deactivate interfaces ge-0/0/10 • insert a configuration statement in another location[edit policy-options policy-statement test]
user@switch# insert term three before term two • Remember to commit!
Copyright © 2014 Juniper Networks, Inc. 16
COMMIT MODEL
Separation of configuration, edit and activation Validation checks, version control, automated rollback
BenefitsAvert downtime caused by configuration errorsReduce time for configuration and changesEnforce compliance to policiesAvoid risks of transient configuration stateCompare configurations Easily roll back to past configurations
1 2 3
commitconfirmed
candidateconfiguration
load
activeconfiguration
rollb
ack
commitvalidations
commit
commitscripts
validatedconfiguration
149
Active configuration stored in/config/juniper.conf.gzRollback files stored in/config/juniper.conf.n.gz (n=1–3)/config/db/config/juniper.conf.n.gz (n=4–49)
Active configuration stored in/config/juniper.conf.gzRollback files stored in/config/juniper.conf.n.gz (n=1–3)/config/db/config/juniper.conf.n.gz (n=4–49)
Copyright © 2014 Juniper Networks, Inc. 17
Committing a Configuration
You must commit configuration changes for them to take effect:[edit]user@switch# commit commit complete[edit]user@switch#
Use commit check to confirm syntax:[edit]root@switch# commit check [edit interfaces ge-0/0/10 unit 0] 'family' When ethernet-switching family is configured on an interface, no other family type can be configured on the same interface.
error: configuration check-out failed
Use commit confirmed to temporarily activate:user@switch# commit confirmed commit confirmed will be automatically rolled back in 10 minutes unless confirmedcommit complete
Copyright © 2014 Juniper Networks, Inc. 18
run Is Cool
Use the run command to execute operational mode CLI commands from within the configuration• A real time-saver when testing the effect of a recent change
• Context-sensitive help is fully supported [edit interfaces ge-0/0/12]user@switch# set unit 0 family inet address 10.250.0.141/16
[edit interfaces ge-0/0/12]user@switch# commitcommit complete
[edit interfaces ge-0/0/12]user@switch# run ping 10.250.0.149 count 1 PING 10.250.0.149 (10.250.0.149): 56 data bytes64 bytes from 10.250.0.149: icmp_seq=0 ttl=255 time=0.967 ms
--- 10.250.0.149 ping statistics ---1 packets transmitted, 1 packets received, 0% packet lossround-trip min/avg/max/stddev = 0.967/0.967/0.967/0.000 ms
Test configuration changes without leaving configuration mode with run
Copyright © 2014 Juniper Networks, Inc. 19
JUNOS Power Tools: Configuration Groups
• Groups of statements that you can apply to different sections of a configuration• Shortcut method of applying the same parameters to many parts of a configuration• Required for redundant RE support
• Target area of configuration inherits information from source of configuration data
groups {
group-name {
configuration-data;
}
}
Copyright © 2014 Juniper Networks, Inc. 20
JUNOS Power Tools:Interface Group Example[edit]
[edit interfaces]
lab@s1# show interfaces
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members v100;
}
}
}
}
…
[edit]
lab@s1# show groups
all-ge {
interfaces {
<ge-*> {
ether-options {
no-auto-negotiation;
flow-control;
link-mode full-duplex;
speed {
100m;
}
[edit]
lab@SanJose# set interfaces apply-groups all-ge
Copyright © 2014 Juniper Networks, Inc. 21
JUNOS SCRIPTS
Junos InfrastructureJunos Infrastructure
Output
instructionson what to
display
Inputdocument
OperationalScripts
EventScripts
Output
instructionson what to
display(if anything)
Input
eventdescriptio
n
CommitScripts
OutputInstructionson actions
to take(make changes,issue warnings,
errors, etc.)
InputJunos
configuration
Copyright © 2014 Juniper Networks, Inc. 23
XML
NETCONF XML PROTOCOL (RFC4741)
Management System
Automate config changes,remote invocation of operational commands,collection of logsNETCONF client libraries exist
for a number of programming languages such as Java, Perl, Ruby, Python, and even SLAX !
Security
Routing
Switching
NETCONF/DMI
• Secure and connection oriented with SSHv2 as transport• Structured and transaction-based with XML as RPC request /
response• User-class privilege aware
Secure TCP/IP connections
viaSSHv2
(RFC4742)
Copyright © 2014 Juniper Networks, Inc. 24
JUNOS Router Telemetry
GoalsScalable Telemetry Framework for external and internal usageVirtual Network Functions (VNF) acceleration
TargetUse cases
Performance ManagementTelemetry for PCE Controller and other SDN/NFV ApplicationBurstable billing
Key Advantages
Distributed export closer to the sourceSimplifies collector infrastructure, no polling
More information: http://easylink.juniper.net/visionMore information: http://easylink.juniper.net/vision
Performance MonitoringPerformance Monitoring
Interface Queue Depth High Watermark over time
Line Card N
PFE
PFE
uKernel
Routing Engine
Line Card 1
Application
Network Element
Configuration:NETCONF, CLI
Provision Sensors
In-band telemetry
information
QueriesData
Co
llec
tor
Query Engine
DatabaseForwarding
Engine
Forwarding Engine
Juniper or a 3rd party collector
uKernel
RPD, Other daemons
Telemetry manager
Copyright © 2014 Juniper Networks, Inc. 25
JUNIPER MX-SERIES
Copyright © 2014 Juniper Networks, Inc. 26 2626 © 2016 Juniper Networks, Inc. All rights reserved.JUNIPER NETWORKS CONFIDENTIAL
MX StrategyPillars of Strategy
Continuous Product Innovation
Scale, Performance, Convergence
Continuous Product Innovation
Scale, Performance, Convergence
Virtualization vPE, SDN, Analytics
Virtualization vPE, SDN, Analytics
New Deployment ModelsAgile, Simple, Open
New Deployment ModelsAgile, Simple, Open
• Metro, DC, Colo optimized platforms• Multi-Terabit scale line cards on MX960 &
MX2K• Virtualized Routing Engine• SMP, RPD modularity; RSVP hyper-scaling • High Availability - LFA, Service mirroring
• vMX, vRR, vCPE• vBNG, vLNS
• Scale out, Chassis virtualization• EVPN, VXLAN• SPRING• JUNOS Telemetry Interface, Northstar
Programmability & Automation
Programmability & Automation
• JET, gRPC, Thrift, REST APIs• OpenConfig
Copyright © 2014 Juniper Networks, Inc. 27
MX ASIC Evolution – MPC Per Slot Capacity
2010–2011 20122007 2014 2017+2015
MX240/480/960 system
40G DPC40G DPC
ICHIP10G
ICHIP10G
MX2K system
40G MPC1E80G MPC2E16x10G MPC
40G MPC1E80G MPC2E16x10G MPC
Gen 1TRIO
(MQ, LU)
Gen 1TRIO
(MQ, LU)
240G MPC5E240G MPC5E
480G MPC6E480G MPC6E
Gen 2TRIO
(XM, XL)
Gen 2TRIO
(XM, XL) 480G MPC7E480G MPC7E
960G MPC8E1.6T MPC9E960G MPC8E1.6T MPC9E
Gen 3TRIO(EA)
Gen 3TRIO(EA) 1.5T MPC101.5T MPC10
4.0T MPC11/124.0T MPC11/12
Gen 4TRIO(ZT)
Gen 4TRIO(ZT)
130G MPC3E260G MPC4E130G MPC3E260G MPC4E
Gen 1.5TRIO
(XM, LU)
Gen 1.5TRIO
(XM, LU)
Copyright © 2014 Juniper Networks, Inc. 282828 © 2016 Juniper Networks, Inc. All rights reserved.JUNIPER NETWORKS CONFIDENTIAL
Introducing EA (Eagle), 3rd generation Trio ASIC
Physical CharacteristicsPhysical Characteristics
• 28nm process• 23.44mm x 23.15 mm die size• More than 60% power consumption reduction, enabling 0.5W
per gigabit at the system level
• 28nm process• 23.44mm x 23.15 mm die size• More than 60% power consumption reduction, enabling 0.5W
per gigabit at the system level
CapabilitiesCapabilities
• All Trio forwarding features• High scale flow export, video monitoring• Ethernet OAM and BFD• Performance monitoring• Sophisticated packet parsing, lookup and encapsulation
• Integrated rich queueing• Improved tunnel performance• Chip level telemetry and analytics support
• All Trio forwarding features• High scale flow export, video monitoring• Ethernet OAM and BFD• Performance monitoring• Sophisticated packet parsing, lookup and encapsulation
• Integrated rich queueing• Improved tunnel performance• Chip level telemetry and analytics support
Industry’s first 400GE capable network
processor
Industry’s first 400GE capable network
processor
Copyright © 2014 Juniper Networks, Inc. 292929 © 2016 Juniper Networks, Inc. All rights reserved.JUNIPER NETWORKS CONFIDENTIAL
4th Generation Silicon (ZT-Chip)MX960 & MX2K Multi-Terabit Upgrade
GoalsGoals
Planned for 2017/2018Planned for 2017/2018
MX960 MPC• 1.5T target per slot• 100GE optimized• Backward compatible with all Trio MPCs
MX2010, MX2020 MPC• Targeting 4T per slot• Less than 0.25W/G• Fully backward compatible
Packet Forwarding Engine• 4th Generation of Trio Architecture• Very high capacity security with inline encryption/decryption• Full HQoS and inline services
Upgrade• No change to existing fans and power supply• Upgrade using JAM• New Fabric and Line Card only
MX960 MPC• 1.5T target per slot• 100GE optimized• Backward compatible with all Trio MPCs
MX2010, MX2020 MPC• Targeting 4T per slot• Less than 0.25W/G• Fully backward compatible
Packet Forwarding Engine• 4th Generation of Trio Architecture• Very high capacity security with inline encryption/decryption• Full HQoS and inline services
Upgrade• No change to existing fans and power supply• Upgrade using JAM• New Fabric and Line Card only
Key BreakthroughsKey Breakthroughs
• Less than 0.25W/G• High Speed Inline Crypto• 100GE and 400GE optimized• 16nm process – 500G Chip
• Less than 0.25W/G• High Speed Inline Crypto• 100GE and 400GE optimized• 16nm process – 500G Chip
Copyright © 2014 Juniper Networks, Inc. 303030 © 2016 Juniper Networks, Inc. All rights reserved.JUNIPER NETWORKS CONFIDENTIAL
10-20Gbps
Nx10Gbps
80Gbps
1Tbps 3Tbps 5Tbps400Gbp
s2.4Tbps 16Tbps 32Tbps
19.2Tbps
38.4Tbps
MX Roadmap Overview
SAME JUNOS, TRIO ARCHITECTURE, FEATURES AND SERVICESSAME JUNOS, TRIO ARCHITECTURE, FEATURES AND SERVICES
3Tbps 8Tbps15Tbp
s40Tbps 6Tbps 40Tbps 80Tbps
36Tbps
72Tbps
NFX250 VMX MX80 – MX960 SUMMIT-1/3MX2008-MX2010-
MX2020MX:VALE-8/16
FULL DUPLEX CAPCITY, 2018/2019FULL DUPLEX CAPCITY, 2016/2017
DATA CENTEROPTIMIZED
CENTRAL OFFICE OPTIMIZED
Copyright © 2014 Juniper Networks, Inc. 31
MX SERIES 3D FAMILY •MX Family – Metro Ethernet Forum Compliant
MX960 MX480 MX240
•Multi Port Concentrator (MPC)•Host Common Equipment (redundant)
Routing Engine (RE) Switch Control Board (SCB) Power Fans
•Craft Interface
Copyright © 2014 Juniper Networks, Inc. 32
JUNIPER MX SERIES MID RANGE SOLUTION
• Family of high performance Mid-Range Routers
• MX5: 5G MR Router• 20x1G
• MX10: 10G MR Router• 20x1G & 1 Modular Slot
• MX40: 40G MR Router• 2 Modular Slots & 2x10G
• MX80: • 2 Modular Slots & 4x10G
• Support for WAN (TDM) Interfaces in Modular slots
• Option to upgrade from MX5 to MX10 to MX40 to 80
• Service MIC support in rear slot
MX5
MX10
MX40
MX80
Copyright © 2014 Juniper Networks, Inc. 33
MX80: modular chassis
•MX80 Modular 4x10G XFP (slot-0) Service MIC (slot-0) 2x MIC (slot-1)
•Upto 8x10G in 2RU !
•MICs supported: MIC-3D-20x1GE-SFP MIC-3D-2XGE-XFP MIC-3D-40x1GE-RJ45
Capacity: 80 Gbps6-15 us latency8 HW queues per port Has VLAN Q / HQoS for MIC slotsHardware support for Timing Sync-E BITS, UART, 1pps /10MhzPEM redundancy (shipped with 1 PEM default)
Max power draw: 500W (Mostly within 350W)
Copyright © 2014 Juniper Networks, Inc. 34
MX80: system architecture
MQMQLULU
QX (24G+)QX (24G+)
MICMIC
IXIX
MICMIC
IXIX
4x10GE SFP+
20-24G 20-24G
Service
MICService
MIC CLKCLK
REPPC
85721.3Ghz
REPPC
85721.3Ghz
PFE
Latency: 6-15 us
48x1G on MX80-48T
Mx80: Routing engine• PowerQUICC III
• 1.3Ghz dual-core processor• DDR2 at 266Mhz
• 2GB of physical memory for control-plane
• 8MB of NOR flash• 4GB of NAND storage (instead of
hard-disk)• 1x RJ45 console• 1x RJ45 aux/modem• 10/100/1000Base-TX
management• USB for install media• About 1/3 performance of MX’s
RE-1300
Copyright © 2014 Juniper Networks, Inc. 35
MX104 – Universal Aggregation Router
Compact, Redundant & Future proof Trio based PFE – 80G 17.5 in (W) x 3.5RU (H) x 9.5 in (D) ETSI-300 compliant Dual redundant hot-pluggable REs for
Control Plane redundancy Dual redundant 1RU 600 Watt PSUs; AC
and DC input variants Wide operating temp range -40C to +65C Forced cooling with side-to-side airflow;
FRU’able fan tray Alarm extension ports
Timing & Synchronization BITS (T1/E1), 10MHz &1PPS and
ToD timing I/O interfaces SyncE, SONET, PTP (Brilliant IP
integration) timing features
Modular Design 4x10GE SFP+ LAN/WAN uplink ports
(built-in) 4 MIC Slots; ~20G BW per slot Max of 2 Services MIC per chassis
( Sparks)
Copyright © 2014 Juniper Networks, Inc. 373737 © 2016 Juniper Networks, Inc. All rights reserved.JUNIPER NETWORKS CONFIDENTIAL
Compact edge and aggregation router
Universal 10GE/40GE/100GE ports, SFP+ support
Powerful multi-core routing engine
Redundant power supplies
Compact edge and aggregation router
Universal 10GE/40GE/100GE ports, SFP+ support
Powerful multi-core routing engine
Redundant power supplies
MAIN FEATURESMAIN FEATURES
BEST FOR 400GBPS AND BELOW
COMPACT
POWERFUL CONTROL PLANE
NEBS COMPLIANT
BEST FOR 400GBPS AND BELOW
COMPACT
POWERFUL CONTROL PLANE
NEBS COMPLIANT
MX Compact Router : Summit-1
1 RU
4 x QSFP284 x QSFP28
8 x SFP+ 10GE8 x SFP+ 10GE
2 x AC / DC Power Supplies2 x AC / DC Power Supplies
BUILT IN TRIO 3rd GEN 400GBPS FORWARDING PLANE SINGLE ROUTING ENGINE
BUILT IN TRIO 3rd GEN 400GBPS FORWARDING PLANE SINGLE ROUTING ENGINE
Planned for 1H 2017Planned for 1H 2017
Copyright © 2014 Juniper Networks, Inc. 383838 © 2016 Juniper Networks, Inc. All rights reserved.JUNIPER NETWORKS CONFIDENTIAL
Compact edge, aggregation and peering router
Upgradable control and forwarding planes
Universal 10GE/40GE/100GE QSFP ports
Powerful multi-core routing engine
Redundant components
Flexible L4-L7 services in the future
Compact edge, aggregation and peering router
Upgradable control and forwarding planes
Universal 10GE/40GE/100GE QSFP ports
Powerful multi-core routing engine
Redundant components
Flexible L4-L7 services in the future
MAIN FEATURESMAIN FEATURES
2.4T PER SYSTEM NOW, 6T IN THE FUTURE
REDUNDANCY AND UPGRADEABILITY
10GE / 40GE / 100GE MACSEC VIA MIC
NEBS COMPLIANT
2.4T PER SYSTEM NOW, 6T IN THE FUTURE
REDUNDANCY AND UPGRADEABILITY
10GE / 40GE / 100GE MACSEC VIA MIC
NEBS COMPLIANT
MX Compact Router : Summit-3
2 x Routing Engines2 x Routing Engines
1.2T Line Card with a MIC Slot, Trio 3rd GEN1.2T Line Card with a MIC Slot, Trio 3rd GEN
3 RU
6 x AC/DC Power Supplies6 x AC/DC Power Supplies
Planned for 1H 2017Planned for 1H 2017
Copyright © 2014 Juniper Networks, Inc. 39
Access Layer UpdateJuniper’s Innovation in Enterprise Networks
Copyright © 2014 Juniper Networks, Inc. 40
EX Series Portfolio
Ports
EX3300 Modular
Hardware Resiliency
Access
Core
Logical Scale
EX2200
EX2200-C
Perf
orm
ance
10G
bE\4
0G
bE
Virtual Chassis
10
0G
bE
EX4300
EX4600
EX2300-C
EX3400
EX2300
Aggregation
Multi-Chassis LAG
EX9200
EX8200EX4500
EX4550
EX6200
Copyright © 2014 Juniper Networks, Inc. 41
EX2300 Access Switch
Compact & High Performance1GbE density 10GbE uplinks in 1RU
Standard ComplianceIEEE 802.3at (POE +)
Management Simplification Junos Virtual Chassis (4 devices - 10G support)
Operational Simplicity and Automated ConfigJuniper Fusion Enterprise (IEEE 802.1BR support)
EX2300 and EX2300-C
Copyright © 2014 Juniper Networks, Inc. 42
MACsecSupported on 1G and 10G interfaces
Juniper EX3400 Access Switch
Compact, High Performance, & Built-in Redundancy1GbE density, 10GbE and 40GbE uplinks in 1RU, Dual Redundant Power Supplies and Fans
Standard ComplianceFull POE (15.4W) support with a single PSUFull POE+ (30W) support with dual PSU (1440 W)
Management Simplification Junos Virtual Chassis (10 Devices - 40G support)
Operational Simplicity and Automated Configuration Juniper Fusion Enterprise (802.1BR support)
EX3400
Copyright © 2014 Juniper Networks, Inc. 43
EX4300 OVERVIEW1U 24/48 Port 1GbE Switch Wire-rate performance on all ports 4 x 10GbE uplink module 4x40GbE QSFP+ fixed ports MacSec and EEE capable Front-back and back-front airflow Extensive Layer 3 (requires license)
Virtual Chassis Technology Enhanced 320 Gbps backplane Manage up to 10 as a single device Standard 10GbE/40GbE cables Mix 1GbE and 10GbE with QFX3500 Industry-only cross-platform Virtual Chassis Geographically distributed
Automation & Orchestration Automation with Puppet and Chef Openstack integration Openflow support
Copyright © 2014 Juniper Networks, Inc. 44
SRX300 Series and SRX550 Services GatewaysFor Branch Firewall and Secure Router
Copyright © 2014 Juniper Networks, Inc. 45
100G
Up to 2Tbps FW throughput and 258M concurrent sessions scaling
Single Junos
Unprecedented ScaleIntegrated Routing, Switching and Security
10G
SRX300SRX320
SRX340SRX345
SRX550-MSRX1500
vSRX (Virtual SRX)
vSRX (Virtual SRX)
Data CenterEdgeBranch
1T
2T
1G
New SRX Product Line
SRX3400SRX3600
SRX5600
SRX5800
SRX5400
Copyright © 2014 Juniper Networks, Inc. 46
SRX Series Services Gateways for Branch
All in one routing, switching and security in a single platformAll in one routing, switching and security in a single platform
Security at a every layer with MAC-sec, IPSec and application securitySecurity at a every layer with MAC-sec, IPSec and application security
Best end-user application experience and operational efficiencyBest end-user application experience and operational efficiency
Copyright © 2014 Juniper Networks, Inc. 47
Portfolio Summary
*Performance numbers for the IMIX packet size **NGFW = IPS + AppFW + External Logging
App Firewall*App Firewall*
Routing*Routing*
IPSec VPN*IPSec VPN*
NGFW**NGFW**
500 Mbps 1 Gbps 2 Gbps 3 Gbps
500 Mbps 1 Gbps 1.7 Gbps 2.5 Gbps
100 Mbps
100 Mbps
200 Mbps
200 Mbps
300 Mbps
300 Mbps
350 Mbps
350 Mbps
SRX300
Retail Office Up to 50 Users
SRX320
Small BranchUp to 50 Users
SRX340
Mid BranchUp to 100 Users
Large BranchUp to 500 Users
SRX550SRX345
Mid-Large BranchUp to 200 Users
Copyright © 2014 Juniper Networks, Inc. 48
Juniper Security Services Overview
SRX Foundation ServicesSRX Foundation Services
Next Generation Firewall Services
Next Generation Firewall Services
Firewall NAT VPN Routing
Application Control & Visibility
User-based Firewall
Unified Threat Management (Known Threats)
Unified Threat Management (Known Threats)
Anti-virus
Intrusion Prevention Anti-spam
Web Filtering
Threat IntelligencePlatform
Threat IntelligencePlatform
Botnets/C&C
GEO-IP
Custom Feeds, APT
Management Reporting Analytics Automation
Advanced Threat Prevention(Zero Day)
Advanced Threat Prevention(Zero Day)
Sandboxing
Evasive Malware
Rich Reporting & Analytics