Juniper Networks Routing, Switching and Security Solutions and Updates
MX Series Routers
Fig. 1. - MX series. Network Border Multiservice Routers
The MX line is the company's flagship product. In Fig. 1 shows the entire model range, - six devices, from the youngest model to the top one, as well as the virtual device vMX (more about it below).
')
Due to the high versatility, MXs can be used in a wide variety of work scenarios — for managing broadband access subscribers and in Enterprise scenarios as a VPN concentrator. Due to the very high quality multicast-support MX well suited for the distribution of the video stream. Another use case is a service gateway. MX allows you to organize Firewall and NAT (Network Address Translation)
The classic service deployment model assumes that each service uses its own hardware device. If you use MX, all this can be combined. One of the most popular scenarios for using the MX operator segment is BNG or Bras, which is all about subscriber authorization and traffic accounting.
Fig. 2. - MX-based Enterprise scripts
An example of a corporate scenario is data center collaboration (DC Interconnect). If an enterprise uses applications that need L2 mobillity, for example, vMotion, then a separate solution is usually made for this in order to “stretch” the L2 segment through a public network or through a backbone connection. MX supports VXLAN in this regard, that is, it can be used as a “translator” between the data center and the LAN.
MX lineup
In general, the MX model range is shown above. Consider it in more detail.
Fig. 3. - Senior model of the series, MX2020
The next model (as it decreases) has half the potential throughput than the MX2020, - 40 Tbps. Next come the MX960 with 14 slots, the MX480 (the same with 8 slots), the 4-slot model, etc., up to the form factor of a USB flash drive.
Fig. 4. - Virtual MX
As shown in the figure, virtual MX uses the same JunOS, adapted to work as a virtual machine.
Why do you need this solution? It is perfectly suitable for the user if he needs MX functionality, but there is no need for data streams of 20-80 Gbps. Virtual MX is typically used at speeds of 2-10 Gbps. To date, the Juniper laboratory has managed to get 40Gbps imix half duplex.
At present, the vMX functionality is not fully consistent with the functionality of the hardware MX. In the near future, parity will be achieved, and the development of new functionality will go in parallel - that is, everything that will be developed for “large” physical MXs will be transferred to virtual MX.
MX Line Cards
MPC (Modular Port Concentrator) line cards are in demand in the market and their development continues. Already changed several generations of cards, up to MPC7. They are supported on all MX chassis, i.e. Regardless of the chassis used, any combination of line cards can be configured. In Fig. 5 shows including MIC (Modular Interface Cards) interface cards, which can also be dialed in various combinations.
Fig. 5. -Line maps 1 / 2
Already in the MPC1 / MPC2 generation, support for various interfaces was implemented and very important for operators HQoS (Hierarchical Quality of Service) support - www.juniper.net/documentation/en_US/junos13.3/topics/concept/mx-series-qos-faq -overview.html
In P3 performance was increased to 130 Gbps. The cards already had a fixed configuration with the characteristics shown in Fig. 6. In MPC6, performance increased to 480 Gbps per slot.
The latest MPC 7 cards also support up to 480 Gbps. However, there are no fixed physical ports with fixed speed. They were replaced by virtual ports, the characteristics of which are set programmatically. Therefore, here you can create an arbitrary combination of ports at 10, 40 and 100 Gbps.
Fig. 6. - Specifications and use of the MPC7E line card on the MX960 / MX480 / MX240 models
The characteristics of the remaining line cards from MPC1 to MPC6 are tabulated.
Fig. 7. - MPC specifications
Service cards
It should be noted separately service cards MS-MPC and MS-MIC. These are special maps for deploying services like IPSec and NAT. They are typically used in the carrier segment.
Fig. 8. - MS-MPC Service Card and MS-MIC Module
The MX series routers also implement Virtual Chassis technology, which allows two physical devices to work as a single logical device in active-active scenarios. Today, MX series routers use almost all telecom operators.
MX is Juniper Networks' flagship platform. It is developing, and the “road map” has been developed for it for several years to come. In the MX solution portfolio, they are classified as “big” routers.
The MX range of products offered by Juniper is far from exhausted. In accordance with the requirements of the market segments where the company is represented, it offers a range of products that are well received by consumers.
ACX Series Routers
ACX series routers are designed to solve access level tasks. They are used to build networks such as Mobile Backhole, or to implement technological networks that connect power equipment.
Fig. 9. - ACX Series Router Line
Accordingly, ACX should operate in a wide temperature range. There are options in a protected version that can work in difficult conditions.
The advantage of the solution is that you can configure an entirely transparent End-to-End MPLS structure, with all its advantages - service management, QoS and synchronization (when migrating from traditional, classical SDH, PDH to modern packet networks).
The equipment fully supports synchronous Ethernet. When working under the PTP protocol, an SDH quality level of 50 ms or less is achieved. You can create large enough, scalable Metro Ethernet networks
For ACH series routers, in terms of return on investment (ROI), the peculiarity is that they are licensed by the number of ports that can increase (and, accordingly, be paid for) as the network expands.
EX Series Switches
Fig. 10. - Assortment and classification by purpose of the EX series switches
The EX series switches are designed primarily for the Enterprise segment, for campus-level solutions.
Fig. 11. - Universal 1G EX4300 Switch
The switch of EX4300 can be used both in Entrprise-campuses, and in data-centers. It is a one-stop solution, fault tolerant and scalable.
Switches can be assembled in Virtual Chassis using any interfaces. This device has a 4 x 40-Gbps interface, depending on which Quad Small Form-factor Pluggable transceiver is used. Virtual Chassis can operate at a distance of up to 80 km. In addition, Virtual Chassis can be mixed by combining 1 Gbps and 10 Gbps devices.
The EX series starts with gigabit switches (Juniper entered the market in 2008 and immediately offered 1 Gbps, bypassing 100 Mbps).
EX-based solutions scale well from fixed to modular switches. The latter are based on MX routers, but have slightly different software and a significantly lower price. The hardware functionality is adapted to build switches as campus cores and data centers. In the structure of Juniper offers, the line cards of the EX series also take up the corresponding place.
Fig. 12. - EX9200 Line Card Specifications
SRX platform
Fig. 13. - The line and purpose of the SRX series firewalls
The performance of solutions built on SRX can be 100, 200, 300 and 400 Mbps, 1 and 1.5 Gbps in the mode of a regular firewall. Performance on services depends on the type of service and is within 50-500 Mbps.
Fig. 14. - SRX Platform Update
Now there was an update, the 300 series. It completely replaces the models of the 100 and 200 series.
Fig. 15. - Characteristics of the new SRX300 series
In Fig. 16. The table summarizes the performance in realistic IMIX traffic. Usually the data is given for large packages, but here all the numbers are for IMIX and NGFW. At the bottom of the table it is indicated that it includes - IPS, Application Firewall and logging.
Fig. 16. - Comparative characteristics of the models SRX300 and SRX320
What was the release of the SRX320? Firstly, the model range has not been updated for quite a long time, and the performance for some customers turned out to be not optimal. Secondly, it was required to certify the European Union RoHS 2, which required some changes.
Otherwise, the difference between these models is only in scaling and some additional features - for example, you can add an ADSL, T1 or E1 interface to the SRX320.
The latest model, the SRX340, is essentially a “mini server”. In its configuration, you can include a 120 Gb SSD, where third-party applications are usually located.
Fig. 17. - SRX340 Specifications
The SRX340 model uses three basic types of VPN.
Auto VPN for ordinary hub-and-spoke. The advantage is that if you add a new spoke, you do not need to reconfigure the hub, this happens automatically. ADVPN, an analogue of Cisco DMVPN, allows you to dynamically create tunnels between branches. The third, group VPN, is the equivalent of Cisco VPN GETVPN. But, if Cisco GETVPN is based on its closed protocols, Juniper follows generally accepted standards.
The main advantage of group VPN is that it allows you to create a dynamic tunnel between branches without using the tunnel in its classic sense. This is usually useful for large Enterprise class solutions when they want to get MPLS service, and the service provider provides them with the opportunity to use such a model.
SRX Management Tools
Fig. 18. - Composition and appointment of Junos Space Security Director
Control Panel Junos Space Security Director v. 15.2 is now available. The package includes 48 templates and examples to quickly create your own unique panels.
Fig. 19. - Junos Space Security Director Dashboard v. 15.2
In addition, the new Log GUI allows convenient viewing of logs. Its goal is to make the SRX's management more understandable and convenient. Previously, sampling was more difficult to do manually. Now the information is summed up and displayed in a convenient form for perception.
Fig. 20. - Application Signatures
In terms of Application visibility, earlier it was also necessary to make requests manually. Now, in the new version, you can see everything that goes through the SRX, by category - for example, you can easily identify the most popular applications by bandwidth.
Or you can characterize the traffic of the application, for example, a social network, YouTube, etc. If you hover the cursor on a specific application, traffic is displayed by users, the number of sessions, and the user name is taken from Active Directory.
There is also a User Firewall that can be linked to LDAP and used as an additional policy element. In addition to charts, all information in the control panel is also presented in text form.
Fig. 21. - Event Viewer: List View
One of the most popular tools for operators is the log handler. Previously, it was just a “wall of text”, and you had to know exactly what to look for in order to localize information.
Now there is a window where, for example, intense events are represented by a single schedule. If there is a jump, you can immediately go there and get more detailed information.
Fig. 22. - Events & Logs: Aggregation
The same applies to aggregation. In this window, we already see traffic on certain streams. Here you can see both Source and Destination and ports.
In conclusion, we can say that today Juniper Networks offers a practically exhaustive range of routers and switches for professional use by telecom operators and enterprises of medium and large scale.
Distribution of Juniper Networks solutions in Ukraine , Belarus , Moldova , Armenia , Georgia , Tajikistan , Kazakhstan and other CIS countries .
Juniper Networks Training Courses
MUK-Service - all types of IT repair: warranty, non-warranty repair, sale of spare parts, contract service
Fig. 1. - MX series. Network Border Multiservice Routers
The MX line is the company's flagship product. In Fig. 1 shows the entire model range, - six devices, from the youngest model to the top one, as well as the virtual device vMX (more about it below).
')
Due to the high versatility, MXs can be used in a wide variety of work scenarios — for managing broadband access subscribers and in Enterprise scenarios as a VPN concentrator. Due to the very high quality multicast-support MX well suited for the distribution of the video stream. Another use case is a service gateway. MX allows you to organize Firewall and NAT (Network Address Translation)
The classic service deployment model assumes that each service uses its own hardware device. If you use MX, all this can be combined. One of the most popular scenarios for using the MX operator segment is BNG or Bras, which is all about subscriber authorization and traffic accounting.
Fig. 2. - MX-based Enterprise scripts
An example of a corporate scenario is data center collaboration (DC Interconnect). If an enterprise uses applications that need L2 mobillity, for example, vMotion, then a separate solution is usually made for this in order to “stretch” the L2 segment through a public network or through a backbone connection. MX supports VXLAN in this regard, that is, it can be used as a “translator” between the data center and the LAN.
MX lineup
In general, the MX model range is shown above. Consider it in more detail.
Fig. 3. - Senior model of the series, MX2020
The next model (as it decreases) has half the potential throughput than the MX2020, - 40 Tbps. Next come the MX960 with 14 slots, the MX480 (the same with 8 slots), the 4-slot model, etc., up to the form factor of a USB flash drive.
Fig. 4. - Virtual MX
As shown in the figure, virtual MX uses the same JunOS, adapted to work as a virtual machine.
Why do you need this solution? It is perfectly suitable for the user if he needs MX functionality, but there is no need for data streams of 20-80 Gbps. Virtual MX is typically used at speeds of 2-10 Gbps. To date, the Juniper laboratory has managed to get 40Gbps imix half duplex.
At present, the vMX functionality is not fully consistent with the functionality of the hardware MX. In the near future, parity will be achieved, and the development of new functionality will go in parallel - that is, everything that will be developed for “large” physical MXs will be transferred to virtual MX.
MX Line Cards
MPC (Modular Port Concentrator) line cards are in demand in the market and their development continues. Already changed several generations of cards, up to MPC7. They are supported on all MX chassis, i.e. Regardless of the chassis used, any combination of line cards can be configured. In Fig. 5 shows including MIC (Modular Interface Cards) interface cards, which can also be dialed in various combinations.
Fig. 5. -Line maps 1 / 2
Already in the MPC1 / MPC2 generation, support for various interfaces was implemented and very important for operators HQoS (Hierarchical Quality of Service) support - www.juniper.net/documentation/en_US/junos13.3/topics/concept/mx-series-qos-faq -overview.html
In P3 performance was increased to 130 Gbps. The cards already had a fixed configuration with the characteristics shown in Fig. 6. In MPC6, performance increased to 480 Gbps per slot.
The latest MPC 7 cards also support up to 480 Gbps. However, there are no fixed physical ports with fixed speed. They were replaced by virtual ports, the characteristics of which are set programmatically. Therefore, here you can create an arbitrary combination of ports at 10, 40 and 100 Gbps.
Fig. 6. - Specifications and use of the MPC7E line card on the MX960 / MX480 / MX240 models
The characteristics of the remaining line cards from MPC1 to MPC6 are tabulated.
Fig. 7. - MPC specifications
Service cards
It should be noted separately service cards MS-MPC and MS-MIC. These are special maps for deploying services like IPSec and NAT. They are typically used in the carrier segment.
Fig. 8. - MS-MPC Service Card and MS-MIC Module
The MX series routers also implement Virtual Chassis technology, which allows two physical devices to work as a single logical device in active-active scenarios. Today, MX series routers use almost all telecom operators.
MX is Juniper Networks' flagship platform. It is developing, and the “road map” has been developed for it for several years to come. In the MX solution portfolio, they are classified as “big” routers.
The MX range of products offered by Juniper is far from exhausted. In accordance with the requirements of the market segments where the company is represented, it offers a range of products that are well received by consumers.
ACX Series Routers
ACX series routers are designed to solve access level tasks. They are used to build networks such as Mobile Backhole, or to implement technological networks that connect power equipment.
Fig. 9. - ACX Series Router Line
Accordingly, ACX should operate in a wide temperature range. There are options in a protected version that can work in difficult conditions.
The advantage of the solution is that you can configure an entirely transparent End-to-End MPLS structure, with all its advantages - service management, QoS and synchronization (when migrating from traditional, classical SDH, PDH to modern packet networks).
The equipment fully supports synchronous Ethernet. When working under the PTP protocol, an SDH quality level of 50 ms or less is achieved. You can create large enough, scalable Metro Ethernet networks
For ACH series routers, in terms of return on investment (ROI), the peculiarity is that they are licensed by the number of ports that can increase (and, accordingly, be paid for) as the network expands.
EX Series Switches
Fig. 10. - Assortment and classification by purpose of the EX series switches
The EX series switches are designed primarily for the Enterprise segment, for campus-level solutions.
Fig. 11. - Universal 1G EX4300 Switch
The switch of EX4300 can be used both in Entrprise-campuses, and in data-centers. It is a one-stop solution, fault tolerant and scalable.
Switches can be assembled in Virtual Chassis using any interfaces. This device has a 4 x 40-Gbps interface, depending on which Quad Small Form-factor Pluggable transceiver is used. Virtual Chassis can operate at a distance of up to 80 km. In addition, Virtual Chassis can be mixed by combining 1 Gbps and 10 Gbps devices.
The EX series starts with gigabit switches (Juniper entered the market in 2008 and immediately offered 1 Gbps, bypassing 100 Mbps).
EX-based solutions scale well from fixed to modular switches. The latter are based on MX routers, but have slightly different software and a significantly lower price. The hardware functionality is adapted to build switches as campus cores and data centers. In the structure of Juniper offers, the line cards of the EX series also take up the corresponding place.
Fig. 12. - EX9200 Line Card Specifications
SRX platform
Fig. 13. - The line and purpose of the SRX series firewalls
The performance of solutions built on SRX can be 100, 200, 300 and 400 Mbps, 1 and 1.5 Gbps in the mode of a regular firewall. Performance on services depends on the type of service and is within 50-500 Mbps.
Fig. 14. - SRX Platform Update
Now there was an update, the 300 series. It completely replaces the models of the 100 and 200 series.
Fig. 15. - Characteristics of the new SRX300 series
In Fig. 16. The table summarizes the performance in realistic IMIX traffic. Usually the data is given for large packages, but here all the numbers are for IMIX and NGFW. At the bottom of the table it is indicated that it includes - IPS, Application Firewall and logging.
Fig. 16. - Comparative characteristics of the models SRX300 and SRX320
What was the release of the SRX320? Firstly, the model range has not been updated for quite a long time, and the performance for some customers turned out to be not optimal. Secondly, it was required to certify the European Union RoHS 2, which required some changes.
Otherwise, the difference between these models is only in scaling and some additional features - for example, you can add an ADSL, T1 or E1 interface to the SRX320.
The latest model, the SRX340, is essentially a “mini server”. In its configuration, you can include a 120 Gb SSD, where third-party applications are usually located.
Fig. 17. - SRX340 Specifications
The SRX340 model uses three basic types of VPN.
Auto VPN for ordinary hub-and-spoke. The advantage is that if you add a new spoke, you do not need to reconfigure the hub, this happens automatically. ADVPN, an analogue of Cisco DMVPN, allows you to dynamically create tunnels between branches. The third, group VPN, is the equivalent of Cisco VPN GETVPN. But, if Cisco GETVPN is based on its closed protocols, Juniper follows generally accepted standards.
The main advantage of group VPN is that it allows you to create a dynamic tunnel between branches without using the tunnel in its classic sense. This is usually useful for large Enterprise class solutions when they want to get MPLS service, and the service provider provides them with the opportunity to use such a model.
SRX Management Tools
Fig. 18. - Composition and appointment of Junos Space Security Director
Control Panel Junos Space Security Director v. 15.2 is now available. The package includes 48 templates and examples to quickly create your own unique panels.
Fig. 19. - Junos Space Security Director Dashboard v. 15.2
In addition, the new Log GUI allows convenient viewing of logs. Its goal is to make the SRX's management more understandable and convenient. Previously, sampling was more difficult to do manually. Now the information is summed up and displayed in a convenient form for perception.
Fig. 20. - Application Signatures
In terms of Application visibility, earlier it was also necessary to make requests manually. Now, in the new version, you can see everything that goes through the SRX, by category - for example, you can easily identify the most popular applications by bandwidth.
Or you can characterize the traffic of the application, for example, a social network, YouTube, etc. If you hover the cursor on a specific application, traffic is displayed by users, the number of sessions, and the user name is taken from Active Directory.
There is also a User Firewall that can be linked to LDAP and used as an additional policy element. In addition to charts, all information in the control panel is also presented in text form.
Fig. 21. - Event Viewer: List View
One of the most popular tools for operators is the log handler. Previously, it was just a “wall of text”, and you had to know exactly what to look for in order to localize information.
Now there is a window where, for example, intense events are represented by a single schedule. If there is a jump, you can immediately go there and get more detailed information.
Fig. 22. - Events & Logs: Aggregation
The same applies to aggregation. In this window, we already see traffic on certain streams. Here you can see both Source and Destination and ports.
In conclusion, we can say that today Juniper Networks offers a practically exhaustive range of routers and switches for professional use by telecom operators and enterprises of medium and large scale.
Distribution of Juniper Networks solutions in Ukraine , Belarus , Moldova , Armenia , Georgia , Tajikistan , Kazakhstan and other CIS countries .
Juniper Networks Training Courses
MUK-Service - all types of IT repair: warranty, non-warranty repair, sale of spare parts, contract service
Source: https://habr.com/ru/post/280338/
All Articles