THE POWER OF A CONNECTED WORLD - ArNOG | …arnog.com.ar/presentaciones/me/4-juniper.pdf · Title: Juniper PowerPoint Template Author: Jennifer Blatnik Keywords

Copyright © 2014 Juniper Networks, Inc. 1

THE POWER OF A CONNECTED WORLD

Javier Grizzuti

System Engineer Juniper Networks

Noviembre 2016


Our Strategy

TECHNOLOGY

Vision: To Be the Worldwide Leader of Network Innovation

Go to Market Vertical Focus

ROUTINGROUTING SECURITYSECURITYSWITCHINGSWITCHING

PERFORMANCE

AUTOMATION

Alliance, Channel and Commercial Engines


Campus/Branch

Campus/Branch Data CenterData Center

CoreCoreEdge/ Access & AggregationEdge/ Access & Aggregation

Innovation Matters Across the Network


SIMPLICITYPERFORMANCE

WHY JUNIPER?

Line-rate performance

Wire-speed security

Scale

Density

Rich service provider feature set

Carrier-class platform

Redundant hardware and software options

Virtual Chassis technology

In-service software upgrades

Collapsed architectures

One Junos OS across routing portfolio

Platform for innovation

Service Now/Service Automation

HIGH AVAILABILITY


FOCUS ON ROUTING, SWITCHING AND SECURITY

ARCHITECTING NETWORKS

SYSTEMS

SILICON SOFTWARE


JUNOS ARCHITECTURE


JUNOS: THE POWER OF ONEDeployed since 1998

First high-performance network operating system18 years of innovation and development

Spans routing, switching, and security platforms Simplify operations and deliver operational excellence Evolutionary architecture expands and extends to

tomorrow Serving the most demanding customers

Top 100+ service providers High-performance enterprise and public sector customers


JUNOS SOFTWARE ARCHITECTURE Separation of Control & Data

Plane Independent modules

Protected memory for stability Well-defined interfaces for

expansion of functions/platforms Scales performance, enhances

resiliency, enables redundancy Open Management &

Development Interfaces NETCONF/XML/DMI Junos API Automation

Con

trol Pla

ne

Data

Pla

ne

Man

ag

em

en

tM

an

ag

em

en

tR

ou

tin

gR

ou

tin

g

Sw

itch

ing

Sw

itch

ing

Daem

on

XD

aem

on

X

KernelKernel

mKernelmKernel

Open Management Interfaces

Open Management Interfaces

HALHAL

Physical Interfaces


JUNOS : Separation of Control and Forwarding

• All platforms running JUNOS Software share a common design goal:• Clean separation of control and forwarding

• RE maintains routing table, bridging table, and primary forwarding table• PFE simply does what it is told—really fast

Packet Forwarding Engine

Routing Engine (CPU)

Frames or Packets In Frames or Packets Out

FT RT JUNOSSoftware BT

BT FT


Operating Junos


CLI Modes

• Operational mode:• Monitor and troubleshoot the software, network connectivity, and switch

hardware

• Configuration mode:• Configure the switch, including interfaces, general bridging information,

routing protocols, user access, and system hardware properties

user@switch>The > character identifies operational mode

user@switch#[edit]

The # character identifies configuration mode


Command and Variable Completion

Spacebar completes a commanduser@switch> sh<space>ow i<space> 'i' is ambiguous.Possible completions: igmp Show Internet Group Management Protocol... igmp-snooping Show IGMP snooping information ike Show Internet Key Exchange information interfaces Show interface information ipsec Show IP Security information isis Show Intermediate System-to-Intermediate...

user@switch> show i

Use the Tab key to complete an assigned variable

[edit policy-options]user@switch# show policy-statement t<tab>his-is-my-policy then accept;

[edit policy-options]user@switch#

Use a tab to complete assigned

variables

Enter a space to complete a command


Configuration File Differences (1 of 2)

Change the candidate configuration:[edit system]user@switch# set services telnet [edit system]user@switch# delete services web-management [edit system]user@switch# delete services ssh

Display differences between the candidate and active configurations:

user@switch# show | compare [edit system services]- ssh;+ telnet;- web-management {- http {- port 8080;- }- }


Configuration File Differences (2 of 2)

Compare active and historical configurations:user@switch> show configuration | compare rollback numberuser@switch> show configuration | compare filename

Compare arbitrary files:user@switch> file compare files filename_1 filename_2


Helpful Configuration-Mode Commands• Commands to aid in configuration:

• rename a configuration statementuser@switch# rename interfaces ge-0/0/10 to ge-0/0/11

• replace a pattern of configuration statementsuser@switch# replace pattern ge-0/0/10 with ge-0/0/11

• copy a configuration statement to another statementuser@switch# copy interfaces ge-0/0/10 to ge-0/0/11

• deactivate or ignore a configuration statementuser@switch# deactivate interfaces ge-0/0/10 • insert a configuration statement in another location[edit policy-options policy-statement test]

user@switch# insert term three before term two • Remember to commit!


COMMIT MODEL

Separation of configuration, edit and activation Validation checks, version control, automated rollback

BenefitsAvert downtime caused by configuration errorsReduce time for configuration and changesEnforce compliance to policiesAvoid risks of transient configuration stateCompare configurations Easily roll back to past configurations

1 2 3

commitconfirmed

candidateconfiguration

load

activeconfiguration

rollb

ack

commitvalidations

commit

commitscripts

validatedconfiguration

149

Active configuration stored in/config/juniper.conf.gzRollback files stored in/config/juniper.conf.n.gz (n=1–3)/config/db/config/juniper.conf.n.gz (n=4–49)

Active configuration stored in/config/juniper.conf.gzRollback files stored in/config/juniper.conf.n.gz (n=1–3)/config/db/config/juniper.conf.n.gz (n=4–49)


Committing a Configuration

You must commit configuration changes for them to take effect:[edit]user@switch# commit commit complete[edit]user@switch#

Use commit check to confirm syntax:[edit]root@switch# commit check [edit interfaces ge-0/0/10 unit 0] 'family' When ethernet-switching family is configured on an interface, no other family type can be configured on the same interface.

error: configuration check-out failed

Use commit confirmed to temporarily activate:user@switch# commit confirmed commit confirmed will be automatically rolled back in 10 minutes unless confirmedcommit complete


run Is Cool

Use the run command to execute operational mode CLI commands from within the configuration• A real time-saver when testing the effect of a recent change

• Context-sensitive help is fully supported [edit interfaces ge-0/0/12]user@switch# set unit 0 family inet address 10.250.0.141/16

[edit interfaces ge-0/0/12]user@switch# commitcommit complete

[edit interfaces ge-0/0/12]user@switch# run ping 10.250.0.149 count 1 PING 10.250.0.149 (10.250.0.149): 56 data bytes64 bytes from 10.250.0.149: icmp_seq=0 ttl=255 time=0.967 ms

--- 10.250.0.149 ping statistics ---1 packets transmitted, 1 packets received, 0% packet lossround-trip min/avg/max/stddev = 0.967/0.967/0.967/0.000 ms

Test configuration changes without leaving configuration mode with run


JUNOS Power Tools: Configuration Groups

• Groups of statements that you can apply to different sections of a configuration• Shortcut method of applying the same parameters to many parts of a configuration• Required for redundant RE support

• Target area of configuration inherits information from source of configuration data

groups {

group-name {

configuration-data;

}

}


JUNOS Power Tools:Interface Group Example[edit]

[edit interfaces]

lab@s1# show interfaces

ge-0/0/0 {

unit 0 {

family ethernet-switching {

port-mode access;

vlan {

members v100;

}

}

}

}

…

[edit]

lab@s1# show groups

all-ge {

interfaces {

<ge-*> {

ether-options {

no-auto-negotiation;

flow-control;

link-mode full-duplex;

speed {

100m;

}

[edit]

lab@SanJose# set interfaces apply-groups all-ge


JUNOS SCRIPTS

Junos InfrastructureJunos Infrastructure

Output

instructionson what to

display

Inputdocument

OperationalScripts

EventScripts

Output

instructionson what to

display(if anything)

Input

eventdescriptio

n

CommitScripts

OutputInstructionson actions

to take(make changes,issue warnings,

errors, etc.)

InputJunos

configuration


XML

NETCONF XML PROTOCOL (RFC4741)

Management System

Automate config changes,remote invocation of operational commands,collection of logsNETCONF client libraries exist

for a number of programming languages such as Java, Perl, Ruby, Python, and even SLAX !

Security

Routing

Switching

NETCONF/DMI

• Secure and connection oriented with SSHv2 as transport• Structured and transaction-based with XML as RPC request /

response• User-class privilege aware

Secure TCP/IP connections

viaSSHv2

(RFC4742)


JUNOS Router Telemetry

GoalsScalable Telemetry Framework for external and internal usageVirtual Network Functions (VNF) acceleration

TargetUse cases

Performance ManagementTelemetry for PCE Controller and other SDN/NFV ApplicationBurstable billing

Key Advantages

Distributed export closer to the sourceSimplifies collector infrastructure, no polling

More information: http://easylink.juniper.net/visionMore information: http://easylink.juniper.net/vision

Performance MonitoringPerformance Monitoring

Interface Queue Depth High Watermark over time

Line Card N

PFE

PFE

uKernel

Routing Engine

Line Card 1

Application

Network Element

Configuration:NETCONF, CLI

Provision Sensors

In-band telemetry

information

QueriesData

Co

llec

tor

Query Engine

DatabaseForwarding

Engine

Forwarding Engine

Juniper or a 3rd party collector

uKernel

RPD, Other daemons

Telemetry manager


JUNIPER MX-SERIES

http://easylink.juniper.net/vision




Copyright © 2014 Juniper Networks, Inc. 26 2626 © 2016 Juniper Networks, Inc. All rights reserved.JUNIPER NETWORKS CONFIDENTIAL

MX StrategyPillars of Strategy

Continuous Product Innovation

Scale, Performance, Convergence

Continuous Product Innovation

Scale, Performance, Convergence

Virtualization vPE, SDN, Analytics

Virtualization vPE, SDN, Analytics

New Deployment ModelsAgile, Simple, Open

New Deployment ModelsAgile, Simple, Open

• Metro, DC, Colo optimized platforms• Multi-Terabit scale line cards on MX960 &

MX2K• Virtualized Routing Engine• SMP, RPD modularity; RSVP hyper-scaling • High Availability - LFA, Service mirroring

• vMX, vRR, vCPE• vBNG, vLNS

• Scale out, Chassis virtualization• EVPN, VXLAN• SPRING• JUNOS Telemetry Interface, Northstar

Programmability & Automation

Programmability & Automation

• JET, gRPC, Thrift, REST APIs• OpenConfig


MX ASIC Evolution – MPC Per Slot Capacity

2010–2011 20122007 2014 2017+2015

MX240/480/960 system

40G DPC40G DPC

ICHIP10G

ICHIP10G

MX2K system

40G MPC1E80G MPC2E16x10G MPC

40G MPC1E80G MPC2E16x10G MPC

Gen 1TRIO

(MQ, LU)

Gen 1TRIO

(MQ, LU)

240G MPC5E240G MPC5E

480G MPC6E480G MPC6E

Gen 2TRIO

(XM, XL)

Gen 2TRIO

(XM, XL) 480G MPC7E480G MPC7E

960G MPC8E1.6T MPC9E960G MPC8E1.6T MPC9E

Gen 3TRIO(EA)

Gen 3TRIO(EA) 1.5T MPC101.5T MPC10

4.0T MPC11/124.0T MPC11/12

Gen 4TRIO(ZT)

Gen 4TRIO(ZT)

130G MPC3E260G MPC4E130G MPC3E260G MPC4E

Gen 1.5TRIO

(XM, LU)

Gen 1.5TRIO

(XM, LU)

Copyright © 2014 Juniper Networks, Inc. 282828 © 2016 Juniper Networks, Inc. All rights reserved.JUNIPER NETWORKS CONFIDENTIAL

Introducing EA (Eagle), 3rd generation Trio ASIC

Physical CharacteristicsPhysical Characteristics

• 28nm process• 23.44mm x 23.15 mm die size• More than 60% power consumption reduction, enabling 0.5W

per gigabit at the system level

• 28nm process• 23.44mm x 23.15 mm die size• More than 60% power consumption reduction, enabling 0.5W

per gigabit at the system level

CapabilitiesCapabilities

• All Trio forwarding features• High scale flow export, video monitoring• Ethernet OAM and BFD• Performance monitoring• Sophisticated packet parsing, lookup and encapsulation

• Integrated rich queueing• Improved tunnel performance• Chip level telemetry and analytics support

• All Trio forwarding features• High scale flow export, video monitoring• Ethernet OAM and BFD• Performance monitoring• Sophisticated packet parsing, lookup and encapsulation

• Integrated rich queueing• Improved tunnel performance• Chip level telemetry and analytics support

Industry’s first 400GE capable network

processor

Industry’s first 400GE capable network

processor


4th Generation Silicon (ZT-Chip)MX960 & MX2K Multi-Terabit Upgrade

GoalsGoals

Planned for 2017/2018Planned for 2017/2018

MX960 MPC• 1.5T target per slot• 100GE optimized• Backward compatible with all Trio MPCs

MX2010, MX2020 MPC• Targeting 4T per slot• Less than 0.25W/G• Fully backward compatible

Packet Forwarding Engine• 4th Generation of Trio Architecture• Very high capacity security with inline encryption/decryption• Full HQoS and inline services

Upgrade• No change to existing fans and power supply• Upgrade using JAM• New Fabric and Line Card only

MX960 MPC• 1.5T target per slot• 100GE optimized• Backward compatible with all Trio MPCs

MX2010, MX2020 MPC• Targeting 4T per slot• Less than 0.25W/G• Fully backward compatible

Packet Forwarding Engine• 4th Generation of Trio Architecture• Very high capacity security with inline encryption/decryption• Full HQoS and inline services

Upgrade• No change to existing fans and power supply• Upgrade using JAM• New Fabric and Line Card only

Key BreakthroughsKey Breakthroughs

• Less than 0.25W/G• High Speed Inline Crypto• 100GE and 400GE optimized• 16nm process – 500G Chip

• Less than 0.25W/G• High Speed Inline Crypto• 100GE and 400GE optimized• 16nm process – 500G Chip


10-20Gbps

Nx10Gbps

80Gbps

1Tbps 3Tbps 5Tbps400Gbp

s2.4Tbps 16Tbps 32Tbps

19.2Tbps

38.4Tbps

MX Roadmap Overview

SAME JUNOS, TRIO ARCHITECTURE, FEATURES AND SERVICESSAME JUNOS, TRIO ARCHITECTURE, FEATURES AND SERVICES

3Tbps 8Tbps15Tbp

s40Tbps 6Tbps 40Tbps 80Tbps

36Tbps

72Tbps

NFX250 VMX MX80 – MX960 SUMMIT-1/3MX2008-MX2010-

MX2020MX:VALE-8/16

FULL DUPLEX CAPCITY, 2018/2019FULL DUPLEX CAPCITY, 2016/2017

DATA CENTEROPTIMIZED

CENTRAL OFFICE OPTIMIZED


MX SERIES 3D FAMILY •MX Family – Metro Ethernet Forum Compliant

MX960 MX480 MX240

•Multi Port Concentrator (MPC)•Host Common Equipment (redundant)

Routing Engine (RE) Switch Control Board (SCB) Power Fans

•Craft Interface


JUNIPER MX SERIES MID RANGE SOLUTION

• Family of high performance Mid-Range Routers

• MX5: 5G MR Router• 20x1G

• MX10: 10G MR Router• 20x1G & 1 Modular Slot

• MX40: 40G MR Router• 2 Modular Slots & 2x10G

• MX80: • 2 Modular Slots & 4x10G

• Support for WAN (TDM) Interfaces in Modular slots

• Option to upgrade from MX5 to MX10 to MX40 to 80

• Service MIC support in rear slot

MX5

MX10

MX40

MX80


MX80: modular chassis

•MX80 Modular 4x10G XFP (slot-0) Service MIC (slot-0) 2x MIC (slot-1)

•Upto 8x10G in 2RU !

•MICs supported: MIC-3D-20x1GE-SFP MIC-3D-2XGE-XFP MIC-3D-40x1GE-RJ45

Capacity: 80 Gbps6-15 us latency8 HW queues per port Has VLAN Q / HQoS for MIC slotsHardware support for Timing Sync-E BITS, UART, 1pps /10MhzPEM redundancy (shipped with 1 PEM default)

Max power draw: 500W (Mostly within 350W)


MX80: system architecture

MQMQLULU

QX (24G+)QX (24G+)

MICMIC

IXIX

MICMIC

IXIX

4x10GE SFP+

20-24G 20-24G

Service

MICService

MIC CLKCLK

REPPC

85721.3Ghz

REPPC

85721.3Ghz

PFE

Latency: 6-15 us

48x1G on MX80-48T

Mx80: Routing engine• PowerQUICC III

• 1.3Ghz dual-core processor• DDR2 at 266Mhz

• 2GB of physical memory for control-plane

• 8MB of NOR flash• 4GB of NAND storage (instead of

hard-disk)• 1x RJ45 console• 1x RJ45 aux/modem• 10/100/1000Base-TX

management• USB for install media• About 1/3 performance of MX’s

RE-1300


MX104 – Universal Aggregation Router

Compact, Redundant & Future proof Trio based PFE – 80G 17.5 in (W) x 3.5RU (H) x 9.5 in (D) ETSI-300 compliant Dual redundant hot-pluggable REs for

Control Plane redundancy Dual redundant 1RU 600 Watt PSUs; AC

and DC input variants Wide operating temp range -40C to +65C Forced cooling with side-to-side airflow;

FRU’able fan tray Alarm extension ports

Timing & Synchronization BITS (T1/E1), 10MHz &1PPS and

ToD timing I/O interfaces SyncE, SONET, PTP (Brilliant IP

integration) timing features

Modular Design 4x10GE SFP+ LAN/WAN uplink ports

(built-in) 4 MIC Slots; ~20G BW per slot Max of 2 Services MIC per chassis

( Sparks)


MX104 Architecture


Compact edge and aggregation router

Universal 10GE/40GE/100GE ports, SFP+ support

Powerful multi-core routing engine

Redundant power supplies

Compact edge and aggregation router

Universal 10GE/40GE/100GE ports, SFP+ support


Redundant power supplies

MAIN FEATURESMAIN FEATURES

BEST FOR 400GBPS AND BELOW

COMPACT

POWERFUL CONTROL PLANE

NEBS COMPLIANT

BEST FOR 400GBPS AND BELOW

COMPACT

POWERFUL CONTROL PLANE

NEBS COMPLIANT

MX Compact Router : Summit-1

1 RU

4 x QSFP284 x QSFP28

8 x SFP+ 10GE8 x SFP+ 10GE

2 x AC / DC Power Supplies2 x AC / DC Power Supplies

BUILT IN TRIO 3rd GEN 400GBPS FORWARDING PLANE SINGLE ROUTING ENGINE

BUILT IN TRIO 3rd GEN 400GBPS FORWARDING PLANE SINGLE ROUTING ENGINE

Planned for 1H 2017Planned for 1H 2017


Compact edge, aggregation and peering router

Upgradable control and forwarding planes

Universal 10GE/40GE/100GE QSFP ports


Redundant components

Flexible L4-L7 services in the future

Compact edge, aggregation and peering router

Upgradable control and forwarding planes

Universal 10GE/40GE/100GE QSFP ports


Redundant components

Flexible L4-L7 services in the future

MAIN FEATURESMAIN FEATURES

2.4T PER SYSTEM NOW, 6T IN THE FUTURE

REDUNDANCY AND UPGRADEABILITY

10GE / 40GE / 100GE MACSEC VIA MIC

NEBS COMPLIANT

2.4T PER SYSTEM NOW, 6T IN THE FUTURE

REDUNDANCY AND UPGRADEABILITY

10GE / 40GE / 100GE MACSEC VIA MIC

NEBS COMPLIANT

MX Compact Router : Summit-3

2 x Routing Engines2 x Routing Engines

1.2T Line Card with a MIC Slot, Trio 3rd GEN1.2T Line Card with a MIC Slot, Trio 3rd GEN

3 RU

6 x AC/DC Power Supplies6 x AC/DC Power Supplies

Planned for 1H 2017Planned for 1H 2017


Access Layer UpdateJuniper’s Innovation in Enterprise Networks


EX Series Portfolio

Ports

EX3300 Modular

Hardware Resiliency

Access

Core

Logical Scale

EX2200

EX2200-C

Perf

orm

ance

10G

bE\4

0G

bE

Virtual Chassis

10

0G

bE

EX4300

EX4600

EX2300-C

EX3400

EX2300

Aggregation

Multi-Chassis LAG

EX9200

EX8200EX4500

EX4550

EX6200


EX2300 Access Switch

Compact & High Performance1GbE density 10GbE uplinks in 1RU

Standard ComplianceIEEE 802.3at (POE +)

Management Simplification Junos Virtual Chassis (4 devices - 10G support)

Operational Simplicity and Automated ConfigJuniper Fusion Enterprise (IEEE 802.1BR support)

EX2300 and EX2300-C


MACsecSupported on 1G and 10G interfaces

Juniper EX3400 Access Switch

Compact, High Performance, & Built-in Redundancy1GbE density, 10GbE and 40GbE uplinks in 1RU, Dual Redundant Power Supplies and Fans

Standard ComplianceFull POE (15.4W) support with a single PSUFull POE+ (30W) support with dual PSU (1440 W)

Management Simplification Junos Virtual Chassis (10 Devices - 40G support)

Operational Simplicity and Automated Configuration Juniper Fusion Enterprise (802.1BR support)

EX3400


EX4300 OVERVIEW1U 24/48 Port 1GbE Switch Wire-rate performance on all ports 4 x 10GbE uplink module 4x40GbE QSFP+ fixed ports MacSec and EEE capable Front-back and back-front airflow Extensive Layer 3 (requires license)

Virtual Chassis Technology Enhanced 320 Gbps backplane Manage up to 10 as a single device Standard 10GbE/40GbE cables Mix 1GbE and 10GbE with QFX3500 Industry-only cross-platform Virtual Chassis Geographically distributed

Automation & Orchestration Automation with Puppet and Chef Openstack integration Openflow support


SRX300 Series and SRX550 Services GatewaysFor Branch Firewall and Secure Router


100G

Up to 2Tbps FW throughput and 258M concurrent sessions scaling

Single Junos

Unprecedented ScaleIntegrated Routing, Switching and Security

10G

SRX300SRX320

SRX340SRX345

SRX550-MSRX1500

vSRX (Virtual SRX)

vSRX (Virtual SRX)

Data CenterEdgeBranch

1T

2T

1G

New SRX Product Line

SRX3400SRX3600

SRX5600

SRX5800

SRX5400


SRX Series Services Gateways for Branch

All in one routing, switching and security in a single platformAll in one routing, switching and security in a single platform

Security at a every layer with MAC-sec, IPSec and application securitySecurity at a every layer with MAC-sec, IPSec and application security

Best end-user application experience and operational efficiencyBest end-user application experience and operational efficiency


Portfolio Summary

*Performance numbers for the IMIX packet size **NGFW = IPS + AppFW + External Logging

App Firewall*App Firewall*

Routing*Routing*

IPSec VPN*IPSec VPN*

NGFW**NGFW**

500 Mbps 1 Gbps 2 Gbps 3 Gbps

500 Mbps 1 Gbps 1.7 Gbps 2.5 Gbps

100 Mbps

100 Mbps

200 Mbps

200 Mbps

300 Mbps

300 Mbps

350 Mbps

350 Mbps

SRX300

Retail Office Up to 50 Users

SRX320

Small BranchUp to 50 Users

SRX340

Mid BranchUp to 100 Users

Large BranchUp to 500 Users

SRX550SRX345

Mid-Large BranchUp to 200 Users


Juniper Security Services Overview

SRX Foundation ServicesSRX Foundation Services

Next Generation Firewall Services

Next Generation Firewall Services

Firewall NAT VPN Routing

Application Control & Visibility

User-based Firewall

Unified Threat Management (Known Threats)

Unified Threat Management (Known Threats)

Anti-virus

Intrusion Prevention Anti-spam

Web Filtering

Threat IntelligencePlatform

Threat IntelligencePlatform

Botnets/C&C

GEO-IP

Custom Feeds, APT

Management Reporting Analytics Automation

Advanced Threat Prevention(Zero Day)

Advanced Threat Prevention(Zero Day)

Sandboxing

Evasive Malware

Rich Reporting & Analytics

Preguntas? Contact: Javier Grizzuti

[email protected]

GRACIAS

mailto:[email protected]

Documents

THE POWER OF A CONNECTED WORLD - ArNOG | …arnog.com.ar/presentaciones/me/4-juniper.pdf · Title: Juniper PowerPoint Template Author: Jennifer Blatnik Keywords