Juniper Networks Router Overview - Asia Pacific Advanced ... · Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential 8 ASIC Based Forwarding and Services! All packet

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1

Juniper NetworksRouterOverview

2Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

Agenda! Product Suite! Architecture! M-Series Packet Flow Example! Interfaces! M & T Series Routers! JUNOS & Supported Protocols! Additional Information


Comprehensive Product Suite

J20 GGSN

Mobile

M-series

HS Circuit Aggregation & Small/Med Core

T-series

Large Core & Metro Aggregation

ERX Family

BRAS & Low Speed Circuit Aggregation

Comprehensive portfolio of best-in-class IP solutions


Juniper M & T Series Routers

JUNOSCommon software and features

Across all platforms

M-seriesT-series

M5/M10M20

M40M40e

M160

T320

T640




Architectural AdvantageCommon architecture across the entire M-Series product family

PacketPacketForwardingForwarding

EngineEngineusing IPIIusing IPII

RoutingRoutingEngine (RE)Engine (RE)

Data In Data Out

! Problem is broken into two roughly equally complex parts that interact infrequently

! Routing and other control plane events don’t interfere with packet forwarding

! Traffic load doesn’t interfere with stability of protocols or router management

! Facilitates independent hardware and software development and early software testing


Routing Engine Overview! Multiple Versions Available

• RE-333, RE-600• Legacy versions

! Intel™ Pentium-based PC cards

! DRAM options (256MB – 2GB)

! Storage options• Flash memory• Hard drive• LS-120 floppy drive (some models)

! Redundancy Option• All except M5, M10, and M40


ASIC Based Forwarding and Services! All packet forwarding and advanced

services are executed in hardware on a custom designed ASIC, not on a CPU

! This ASIC is a programmable, high performance packet classifier and forwarding engine optimized for IPv4, IPv6, and MPLS

! Acts as a centralized resource enabling breakthrough support for performance-based, enhanced services on all interfaces

• filter based forwarding, packet filtering, packet sampling, rate limiting, traffic policing, and port mirroring

0%

20%

40%

60%

80%

100%

120%

Increasing number of packet filtersIncreasing number of packet filters

Packet ForwardingPacket Forwarding

CPUCPU--based routerbased routerJuniper RoutersJuniper Routers


Physical Interface Cards (PICs)

! Each FPC has 4 PIC slots, any PIC can go into any slot

! Example: an M10 can be configured with OC-48 SONET, Gig-E, Fast-E, DS-3, and OC-12 SONET

! PIC choices include: Fast-E, Gig-E, T1, DS-3, OC3 (SONET & ATM) , OC12 (SONET & ATM), OC-48 SONET, OC-192 SONET, 10 Gig-E

Mix and Match PICs enable maximum configuration flexibility


Flexible PIC Concentrators (FPC)! Multiple interface media per FPC slot

! PIC hot insert/removal! Adding additional flexible PIC controllers

(FPCs) adds additional shared memory • Available to any interface in the system• There is never a possibility of “memory

starvation”

PIC

PIC

PIC

PIC 1 x OC-192c

4 x OC-48c

1 x 10GE

Tunnel




M-Series Packet Flow Example

FPC ASIC Mem

Backplane

Buffer Mgr 1 Buffer Mgr 2

FPC ASIC MemFPC ASIC Mem

! Packet arrives at PIC on fiber optic cable

SCB

FT

ASIC

FPC

ASIC ASIC ASIC ASIC

ASIC Mem

PIC PIC PIC PIC

FPC

ASIC ASIC ASIC ASIC

ASIC Mem

PIC PIC PIC PIC

PacketPacket



FPC ASIC Mem

Backplane



SCB

FT

ASIC

FPC

ASIC ASIC ASIC

ASIC Mem

PIC PIC PIC PIC

FPC

ASIC ASIC ASIC ASIC

ASIC Mem

PIC PIC PIC PIC

! PIC ASIC extracts data, gives to FPC ASIC

PacketPacket

ASIC



FPC ASIC Mem



SCB

FT

ASIC

FPC

ASIC ASIC ASIC ASIC

Mem

PIC PIC PIC PIC

FPC

ASIC ASIC ASIC ASIC

ASIC Mem

PIC PIC PIC PIC

PacketPacket

Backplane

Indicates parallel operation

! FPC ASIC chops up data, feeds to Buffer Mgr 1

ASIC



FPC ASIC Mem



SCB

FT

ASIC

FPC

ASIC ASIC ASIC ASIC

Mem

PIC PIC PIC PIC

FPC

ASIC ASIC ASIC ASIC

ASIC Mem

PIC PIC PIC PIC

PacketPacket

Backplane

ASIC

! Buffer Mgr 1 sprays J-cells to shared FPC memory



FPC ASIC Mem



SCB

FT

ASIC

FPC

ASIC ASIC ASIC ASIC

Mem

PIC PIC PIC PIC

FPC

ASIC ASIC ASIC ASIC

ASIC Mem

PIC PIC PIC PIC

Backplane

ASIC

! Buffer Mgr 1 tells Internet Processor destination address and locations of stored J-cells



FPC ASIC Mem



SCB

FT

ASIC

FPC

ASIC ASIC ASIC ASIC

Mem

PIC PIC PIC PIC

FPC

ASIC ASIC ASIC ASIC

ASIC Mem

PIC PIC PIC PIC

Backplane

ASIC

! Internet Processor looks up destination FPC and notifies Buffer Mgr 2, which passes notification to destination FPC(s).



FPC ASIC Mem



SCB

FT

ASIC

FPC

ASIC ASIC ASIC ASIC

Mem

PIC PIC PIC PIC

FPC

ASIC ASIC ASIC ASIC

Mem

PIC PIC PIC PIC

Backplane

ASIC

ASIC

! FPC ASIC performs queuing and CoS then requests J-cells from shared memory and adds appropriate link encapsulation on way to PIC



FPC ASIC Mem



SCB

FT

ASIC

FPC

ASIC ASIC ASIC ASIC

Mem

PIC PIC PIC PIC

FPC

ASIC ASIC ASIC ASIC

Mem

PIC PIC PIC PIC

Backplane

ASIC

ASIC

PacketPacket

! PIC ASIC adds physical layer framing, CRC and sends bit stream out to the “wire”




Low-speed Interfaces (PICs)

•••••••Multilink T1

••••••••Fractional T1

••••••••••Tunnel Services

••••••••56k / 64k

••••••••T1 / E1

••••••••T3/E3

•••••••••OC-3c/STM-1

••••••••••Fast Ethernet

•••V.35/X.21

T640T320M160

M40eM40M20M5M10

ERX1440

ERX1410

ERX705


Service PICs

22

Encryption Services PIC

Service PIC Description

Multilink Services PIC

Tunnel Services PIC

Delivers high performance – 800Mbps -throughput for IPSec tunneling in PE applications and IPSec transport

Industry-leading scalability for NxT1/E1 services. 32- and 128-bundles versions enable 1.5-12Mbps services and bonding of any T1/E1 (up to 8 per bundle) per chassis

Up to an OC-12/STM-4 worth of tunneling bandwidth for GRE, IP-IP, PIM-SM, and/or L3 VPNs


High-speed Interfaces (PICs)

•••10 Gigabit Ethernet•••OC-192c/STM-64

•••••••••ATM OC-3 / STM-1

•••••••••PoS OC-3c/ STM-1

•••••••••ATM OC-12/STM-4

••••••••••PoS OC-12c/STM-4 ••••••••••Gigabit Ethernet

••••••M10 Only

•OC-48c/STM-16

•••CHOC-3 / STM-1

T640T320M160

M40eM40M20M5M10

ERX1440

ERX1410

ERX705




20+Gbps10+Gbps5+GbpsSystem Bandwidth

M20M10M5

YesNoNoRedundancy

51515Chassis Per Rack

1684PICs Per Chassis

OC-48c/STM-16OC-48c/STM-16OC-12c/STM-4Maximum Speeds

High Speed Circuit Aggregation, metro core, mobile core

Managed Service, Small Core

Managed Service, Small CoreKey Applications

M-Series Routers


M-Series Routers (Cont)

160 Gbps40 Gbps40 GbpsSystem Bandwidth

M160M40eM40

YesYesNoRedundancy

222Chassis Per Rack

323232PICs Per Chassis

OC-192c/STM-64OC-48c/STM-16OC-48c/STM-16Maximum Speeds

Med/Large Core, Very high-speed dedicated access

Dense High Speed Circuit aggregation

Medium Core, Dedicated AccessKey Applications


T-Series Routing Platforms

YesYesRedundancy

High-Speed Core Routing

Core Routing, Metro Ethernet AggregationKey Applications

T640T320

YesNoMatrix Technology

23Chassis Per Rack

(32) 10-Gbps(16) 10-GbpsPICs Per Chassis

OC-192c/STM-64OC-192c/STM-64Maximum Speeds

640 Gbps320 GbpsSystem Bandwidth


Platform Capabilities

1) M20 - Redundant SSB with cold standby 2) M40e - Redundant SFM; Hot Standby with Automatic Failover (plan)

3) M160 – 4 x SFM; failure of one does not effect forwarding but reduces effective throughput by ¼ 4) T640 - 5 SIB out of which one is redundant

5) T320 – 3 SIB out of which one is redundant 6) PIC hot-swap without a FPC reset

1 2 3 4

66

Routing Engine

Switching Plane

Power Supplies

Interface Serviceability(Hot Swap)

Redundant Component

M5/M10 M20 M40 M160 T640T320 ERXM40e

Cooling

6

5




Operating SystemOperating System

Pro

toco

ls

Inte

rfac

e M

gmt

Ch

assi

s M

gmt

SNM

P

Secu

rity

JUNOS Internet Software! Common across ALL platforms

• Ensures feature consistency• Ensures service velocity

! Internet-class operating system! Based on BSD UNIX! Modular design for high availability ! Best-in-class routing protocols! Foundation for MPLS-based

services• Standards-based services


Design and Operations Simplicity

Fewer variables and a simpler process mean less time is spent planning, provisioning, and deploying your networks

" CLI enhancements (access controls, command line completion, context sensitive help, rich set of show commands, ect.)

" Industry-standard management protocols (XML, SYSlog, and SNMP)" User-friendly configuration syntax: hierarchical (easy to read), editor

supports local scoping, and comments/inactive command support

New Features and FunctionalityNew Features and Functionality

Single Binary Image on All PlatformsSingle Binary Image on All Platforms

6.06.05.35.3 5.45.4 5.55.5 5.65.6 5.75.7


11.0BT11.0BT

11.1AA11.1AA11.0NA11.0NA

11.3DB11.3DB

12.0DC12.0DC

12.0DB12.0DB

11.2(4)XA11.2(4)XA

11.3AA11.3AA

11.2(9)XA11.2(9)XA

12.0(5)XA12.0(5)XA

12.0(.6)WAS12.0(.6)WAS

11.3DA11.3DA

11.3NA11.3NA11.3WA11.3WA

12.0S12.0S

12.0W5(x)12.0W5(x)

12.0(2)XH12.0(2)XH

12.0(4)XI12.0(4)XI

10.x10.x 11.011.09.x9.x 11.211.211.111.1

12.012.0

12.0T12.0T

11.3T11.3T

11.311.311.2F11.2F

11.2P11.2P

11.3(2)XA11.3(2)XA

11.2BC11.2BC

11.2SA11.2SA

11.2GS11.2GS

11.2WA311.2WA3

12.0(1)XA12.0(1)XA

12.0(1)XB12.0(1)XB

12.0(4)XJ12.0(4)XJ

12.0(5)XK12.0(5)XK

12.0(4)XL12.0(4)XL

12.0(4)XM12.0(4)XM

12.0(2)XC12.0(2)XC

12.0(2)XD12.0(2)XD

12.0XE12.0XE

12.0(2)XF12.0(2)XF

12.0(3)XG12.0(3)XG

11.1CA11.1CA

11.1CC11.1CC

11.1CT11.1CT

11.1IA11.1IA

Source:www.cisco.com/warp/public/620/roadmap.shtml

Example of Complexity


! Hardware-based forwarding• Non-blocking multicast performance • Packet processing • Concurrent with IPv4, IPv6, MPLS….

! JUNOS• Industry leading (S,G) state capacity

• 150,000 tested and verified• Integral to JUNOS since launch• Same multicast feature/functionality across all platforms

and interfaces• Stability, Scale, Speed, Accuracy and Feature Velocity

! Feature-rich deployment• PIM, MSDP, DVMRP, MBGP

Multicast Performance and Scale


Juniper IPv6 Solution

Supported on all M &T-series platforms

! ISIS! OSPFv3! BGPv6! RIPng! Static! PIM & MLD

! Forwarding in hardware

! Addressing

• Link, site, global

• Stateless autoconfiguration

! Neighbor discovery

! Common support! ICMPv6! IPv6 MIBS! IP applications

• Ping, telnet, etc.

! Transition• Configured

tunnels• Dual stack

Addressing & Forwarding

Operations & Transition

Routing Protocols


IPv6 Bi-directional ThroughputM40 OC48 with No Filters

0

500,000

1,000,000

1,500,000

2,000,000

2,500,000

3,000,000

3,500,000

4,000,000

4,500,000

5,000,000

0 200 400 600 800 1000 1200 1400 1600

IPv6 PDU Size (Bytes)

Thro

ughp

ut (P

PS)

IPv6 Performance – no compromise!

! No filters enabled

! Performance maintained up to 1500-byte packets

TheoreticalTheoretical

Actual

! 5,000 filters enabled

! Performance maintained up to 1500-byte packets

IPv6 Bi-directional ThroughputM40 OC-48 with 5,000 Filters

0500,000

1,000,0001,500,0002,000,0002,500,0003,000,0003,500,0004,000,0004,500,0005,000,000

0 200 400 600 800 1000 1200 1400 1600

IP-PDU Size (Bytes)

Thro

ughp

ut (P

PS)

IPv6 LineIPv6 Line--rate Performance without rate Performance without compromise ! compromise !

TheoreticalTheoretical

Actual


JUNOS Security FeaturesJUNOS Security Features•• Advanced User AdministrationAdvanced User Administration•• TacasTacas+/Radius+/Radius•• Protocol AuthenticationProtocol Authentication•• SSHV2SSHV2•• H/W Based Packet FilteringH/W Based Packet Filtering•• Individual Command AuthorizationIndividual Command Authorization•• Traffic PolicingTraffic Policing•• FirewallFirewall SyslogsSyslogs/MIB/MIB•• H/W Based Router ProtectionH/W Based Router Protection•• PortPort--MirroringMirroring•• IPSEC Encryption (Control and Transit IPSEC Encryption (Control and Transit

traffictraffic•• UnicastUnicast RPFRPF•• Radius Support for PPP/CHAPRadius Support for PPP/CHAP•• OPEN SSH3.0.2OPEN SSH3.0.2•• SNMV3SNMV3

Enabled Applications•Hardware-Based Router Protection•IPSec Encryption of Control Traffic•Source Address Verification•Real-time Traffic Analysis•Real-time DDoS Identification•I/O Filters To Block Attack Flows•Rate Limiting•Hitless Filter Implementation

Security Features


interfaces {fxp0 {

unit 0 {family inet {

address 10.0.0.20/24;}

}}

}routing-options {

static {route default {

gateway 10.0.0.1;retain;no-readvertise;

}}

}

Software Usability and Operations ! Command Line Interface

• User & group access control• Flexible config management• Commit & rollback• Hierarchical, easy to read

! Protocols & Tools• SNMP v1, 2 (v3 in 5.4)• Telnet and FTP• Syslog and NTP• TACACS+ and RADIUS• SSH and SCP • Ping and Traceroute

Benefit: Simpler OperationsBenefit: Simpler Operations


JUNOScript"XML based Application Programming Interface

# Standardized “web based” application protocol

"Communication method for JUNOS kernel # Even the CLI is converted to XML

"Simplifies development for Software Vendors# XML remains unchanged as CLI evolves# New commands/features immediately available from XML

"Secure# Can use SSH to encrypt dialogue




Additional Information! M Series Routers

• www.juniper.net/products/ip_infrastructure/m_series

! T Series Routers • www.juniper.net/products/ip_infrastructure/t_series

! JUNOS Software• www.juniper.net/products/ip_infrastructure/junos

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 41

Questions?

www.juniper.netwww.juniper.net/education

Documents

Juniper Networks Router Overview - Asia Pacific Advanced ... · Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential 8 ASIC Based Forwarding and Services! All packet