Saudi Telecom Company STC

Saudi Telecom Company - STC

Data Network Infrastructure Tools

Jan, 2010

CONFIDENTIALITY NOTICE: This material contains information that is confidential and proprietary to Juniper Networks,
Inc. Except as Juniper Networks otherwise agrees to in writing, recipient may not disclose or distribute any portion of this
material to any third party, and recipient may use this material solely for informational purposes.

Table of Contents

Table of Contents.......................................................................................2

Juniper Networks Data Center Infrastructure Solutions............6

Executive Summary................................................................................................6
Reduced Complexity..............................................................................................7
Fewer Layers of Connectivity................................................................................8
Support for High Performance and High Resiliency...........................................9
Juniper Data Center Infrastructure Solution Architecture................................11
Juniper Financing Advantage..............................................................................12
The Juniper Networks Advantage.......................................................................12

Data Centre Reference Architecture................................................13

Data Center Consolidation:.................................................................................13
State of Data Center Today & Old Legacy Design:............................................14
Juniper High Performance Data Center Network:.............................................15
Juniper Data Center Blueprint for STC:..............................................................15
Traffic Description:...............................................................................................21
Logical Design & Protocol Integration:..............................................................22
Design Advantages:.............................................................................................23

Campus LAN Reference Architecture...............................................25

Executive Summary

Juniper Networks IT Solution: The Ideal IT Solution for STC

uniper Networks understands that the selection of IT

equipment for the STC network is a strategic decision
essential in securing your success with this project. Our
technological leadership and problem-solving abilities,
combined with our experience and fundamental
understanding of your requirements, enable us to offer
you compelling competitive advantagesincluding the
least risk and best value.
Juniper Networks proudly proposes the following products
to meet and exceed your networking requirements:

EX-Series

MX-Series

SRX-Series

J-Series

M-Series

We believe there are significant differences in our

architecture, performance, and functionality that make
our solution the best fit for the STC network. The
production-proven abilities of Juniper Networks platforms
provide dependable, secure, service-rich capabilities that
will enable you to deliver the high-quality services that
your customers require. In addition, our comprehensive
and flexible portfolio of technical support, professional
services, and educational programs will help you
maximize the value of your investment.

Junos Operating System: The Power of One

Deployed in the worlds leading service provider, enterprise, and government networks, Junos
software is the industrys only carrier-class, purpose-built pure IP modular network operating
system. Junos is fundamentally different from other approaches on the marketnot only in its
design, but also in its development. We refer to the Junos advantage as the power of one
differentiation:

One operating system with a single source base of code and a single, consistent implementation
for each control plane feature
One software release train extended through a highly disciplined and firmly scheduled
development process
One common modular software architecture that scales across all Junos platforms
Junos is designed to maintain continuous systems and improve the availability, performance,
and security of business applications. Junos helps to automate network operations by providing
a single consistent implementation of features across the network in a single release train that
minimizes complexity, cost, and risk. This provides network administrators with more time to
innovate and deliver new revenue-generating applications.
The inherent security and stability of Junos, combined with its modular architecture and single
code source, provides a proven foundation for delivering best-in-class performance, reliability,
security, scale, and total cost of ownership.
Junos scales both up and downfrom customer-premise equipment to multi-terabit core routers,
providing:
A consistent operating environment for many different network operators
A consistent feature set that facilitates the creation, management, and delivery of services from
edge to core
Proven resiliency, as evidenced by Unified ISSU support that uses the stateful recovery
capabilities of nonstop active routing.
Many usability featuresparticularly scripting and the ability to tie configurations to routing
instances and to selected interfaces.
An open OS, including the Partner Solution Development Platform (PSDP), which enables
customers and partners to develop specialized applications leveraging Junos.

Performance Enabling Customer Services and Training

Juniper Networks Customer Services give you the power to choose the right combination of
services to meet your exact requirements. Working with you, we combine individual service
elements to build a unique services solution to help you cost-effectively implement your network
and deliver high-value services to your users.
Consulting Services help you build, extend, or upgrade your network. We are uniquely qualified
to help you keep your network protected, up-to-date, and performing at its best.
Installation and Configuration Services help you overcome barriers to creating and expanding
your network, introduce products and services faster, and avoid start-up and installation errors
for rapid return on your network investments.
Technical Services combine traditional support with the power of automation and personalized
service. We help you maintain a competitive edge, with networks that stay up and perform at
their bestno matter what challenges your business environment presents. Our wide array of JCare service offerings includes the delivery of around-the-clock technical assistance, Web-based
tools, software support, and options for parts and onsite support.
In addition, Juniper Networks Education Services ensure that you have the knowledge and skills
to deploy and maintain cost-effective, high performance networks, as well as demonstrate your
technical expertisekeeping you ahead of the technology curve. Our expert training staff has
deep technical and industry knowledge, and provides you with instructor-led hands-on courses
as well as convenient, self-paced eLearning courses.

Green Advantages for Sustainable High Performance Networking

Juniper Networks corporate citizenship and sustainability strategy is the foundation for
everything we do. We strive to utilize the power of the high performance network to connect the
global community and create a sustainable energy future. Our community relations programs
leverage technology to support global education and help create opportunities for future
generations.
Our solutions support businesses, communities, and governments in their efforts to maximize
opportunity and effectiveness, while minimizing inefficiency, waste, and the total cost of

ownership. By creating energy-efficient products with a long life, Juniper Networks aims to
reduce energy consumption and resource depletion. We also work within standards bodies to
develop efficiency metrics crucial to the understanding of network equipment energy usage for
business.
Juniper Networks supports opportunities to help individuals grow and sustain the communities in
which we operate. We support community development, education, and job training globally
through employee volunteer programs, corporate philanthropy, and the Juniper Networks
Foundation.
In addition, Juniper Networks works with like-minded companies, governments, and
organizations to meet and often exceed international standards for product design, production,
and waste reduction. We strive to lower our carbon footprint, operate as efficiently as possible,
and minimize waste production. Through careful engagement, we also ensure that our supply
chain follows our sustainable business practices. We believe in conducting business ethically,
with integrity and good corporate governance. We support a culture of diversity, provide
ongoing employee training, and offer competitive compensation to our workforce.

The Juniper Networks Advantage

Juniper Networks is the leader in high performance networking. Our customers include the top
100 global service providers, more than 30,000 enterprisesincluding 99 of the Global Fortune
100and hundreds of federal, state, and local government agencies and higher education
organizations.
We offer a broad portfolio that spans routing, switching, security, application acceleration,
identity policy and control, and management. Our products and solutions are designed to give
customers unmatched performance and greater choice and flexibility, while reducing overall
total cost of ownership.
Juniper Networks is uniquely positioned to maintain industry leadership due to our wide array of
offerings, our core competencies in architecture and silicon design, and our Junos software
technologyall providing STC with the Juniper Networks advantage.

Juniper Networks Data Center

Infrastructure Solutions

A Simplified Data Center for the High-Performance Enterprise

Juniper Networks Data Center Infrastructure Solutions reduce complexity by simplifying
the network. These solutions combine best-in-class products with well-defined practices
designed for the enterprise. The traditional architecture is streamlined to reduce capital
and operating costs as well as simplifying data center operations and management.
Juniper Networks also helps meet todays increasingly demanding green
requirements, as consolidated data centers need less equipment and use less power,
saving additional operating dollars.
Juniper Networks Data Center Infrastructure Solutions:
Use 65% less energy than alternative solutions
Occupy 80% less rack space
Require 30% less cooling
Virtual Chassis configuration reduces the number and management of top-of-rack
access switches by a factor of 10

Executive Summary
Infrastructure complexity continues to increase within the traditional data center. With
this increase in complexity comes an associated increase in the costs related to
management overhead, additional equipment, space and power. Juniper Data Center
Infrastructure Solutions reduce equipment requirements, eliminate complex and
unnecessary layers of connectivity, and simplify management and administration all
while ensuring higher availability, increased performance and greater scale.
At the same time, Juniper Data Center Infrastructure Solutions use up to 65 percent less energy than
alternative solutions, giving you the opportunity to lower your space, power and cooling requirements. This
significantly reduces data center capital expenses, operating costs and total cost of ownership while enabling
you to create a greener, more energy-efficient data center. This simplified data center network enables easier
re-provisioning of network connectivity providing the business with data center agility.

With Juniper Data Center Infrastructure Solutions, your enterprise will benefit from:
Reduced Complexity: The same instantiation of JUNOS operating system software
is used across all routing and switching platforms for simpler feature deployments
and upgrades, while Juniper Network and Security Manager (NSM) provides unified
management capabilities across the Juniper routing, switching and security
infrastructure to simplify management and realize operational gains. In addition, the
virtualization of security services results in few physical devices to manage, thus
preventing data center sprawl.

Fewer Layers of Connectivity: The data center is greatly simplified by EX-series

Ethernet switches with Virtual Chassis technology. This technology reduces switch
ports, links, switches and aggregation layers while improving performance,
resiliency and availability using less equipment.
Managed Space and Power Costs: By simplifying the architecture and decreasing the
number of devices, businesses can reduce power, space and cooling expenses to
create a greener, more energy-efficient data center.
Support for High Performance and High Resiliency: Top-of-rack Ethernet switches
with Virtual Chassis technology, Ethernet Services Routers (ESRs) and SRX services
gateways let organizations scale performance and increase resiliency while reducing
the amount of equipment in the data center.
Network Security Services: SRX Dynamic Services Gateways deliver integrated
services with data center required scalable performance to consolidate network
security by requiring fewer devices and centralized policy control and visibility to
improve operational efficiency in the data center.

Reduced Complexity
Leveraging the industry-leading JUNOS operating system, Juniper delivers an
unprecedented level simplicity that no other vendor can match. Unlike other solutions
for security and networking in the data center that requires multiple operating systems,
Juniper provides JUNOS as one operating system for security and network infrastructure
in the data center. JUNOS is enhanced through one release train and developed based
on one modular architecture to provide extremely high availability. These fundamental
differences ensure ongoing systems availability, automate and simplify data center
operations, and allow you to respond quickly to rapid growth and change, while
reducing complexity, cost and risk.
Junipers Network and Security Manager (NSM) takes a new approach to network and
security management by providing IT departments with an easy-to-use solution that
controls all aspects of Juniper routing, switching, firewall/VPN and Intrusion Detection
and Prevention (IDP) devices, including device configuration, network settings, and
security policy management.
Unlike solutions that require the use of multiple management tools to control a single
device, NSM not only enables IT departments to control the entire device lifecycle with
a single, centralized solution but also provides visibility with a complete set of
investigative and reporting tools. Using NSM, device technicians, network
administrators, and security administrators can work together to improve management
efficiency and security, reduce overhead, and lower operating costs.
Juniper also reduces data center complexity by virtualizing security services for
improved efficiency, management and threat containment. Other vendors require you
to install several security appliances and/or blades into every switch in the aggregation
layer. The result is infrastructure sprawl, underutilization of resources, and higher power
and cooling costs.
Juniper takes a completely different approach. Junipers integrated firewall/VPN security
solution lets you partition the network into multiple, independent virtual systems that
share a common physical interface and are controlled through a consolidated

appliance. Having fewer physical firewall devices simplifies management and reporting,
saves space, and lowers capital and operating costs, while addressing the problem of
equipment sprawl without sacrificing performance, reliability or availability. Junipers
unique and modular system architecture provides resiliency and high reliability.

Fewer Layers of Connectivity

Data center consolidation and server virtualization address the costs associated with
power, rack space, cooling and utilization of server farms, but do not address the data
center network infrastructure. Juniper is the only vendor to address this with the EX
4200 series Ethernet switch and its Virtual Chassis technology. Interconnected EX 4200
switches act as a single logical device, sharing a common operating system and
configuration file; the Virtual Chassis configuration is managed and operates like a
chassis-based system, greatly simplifying system operations, maintenance and
troubleshooting.
In top-of-rack deployments, stackable switches are deployed in pairs at the top of each
server rack for redundancy, high availability and sufficient Gigabit Ethernet port
densities for server connectivity. With EX 4200 series switches in the data center, up to
10 top-of-rack switches across five server racks can be interconnected over the virtual
backplane. This Virtual Chassis configuration can reduce the number of data center topof-rack access switches by a factor of 10, while significantly reducing operating costs.
Multiply these savings by the total number of server racks and the savings grows
accordingly.
Using a scalable, pay-as-you-grow approach to meet data center requirements, you can
start with a single rack-unit EX 4200 switch and add new units incrementally as
requirements grow, avoiding large up-front investments required by chassis-based
solutions. Since switches are added as needed, space, power and cooling costs are kept
to a minimum, lowering ongoing operational expenses. Individual switches can be
added and removed from the Virtual Chassis configuration without a disruption of
service to other switches in the Virtual Chassis configuration.
With redundant, high-availability features, EX 4200 series switches deliver a costeffective alternative to chassis-based systems that truly advances the economics of
networking. In fact, in a typical aggregation environment requiring 48 gigabit ports and
four 10-gigabit uplinks, two 24-port EX 4200 switches deliver the same wire-speed port
densities and functionality as the most popular chassis-based solution at one-sixth the
size, one-fifth the power and one-third the cost.

Managed Space and Power Costs

Juniper Data Center Infrastructure Solutions deliver increased throughput using less
energy than alternative products on the market, which gives IT organizations the
opportunity to significantly reduce space, energy and cooling requirements. Juniper
delivers unparalleled simplicity and cost efficiencies to enterprise data centers by
replacing multiple low-performance discrete devices with a seamless high-performance
solution.
For example, the new EX series of Ethernet switches use about 80 percent less space
than alternative equipment and save customers approximately 65 percent on power
use. Likewise, the new T1600 multi-terabit core router consumes 30 percent less power,

requires 30 percent less cooling, and takes up half the physical space of competitive
platforms. Additionally, the MX series carrier Ethernet routing and switching family
offers energy-efficient carrier-class Ethernet solutions that are 2.5 to 3 times more
power efficient than alternative products.
Juniper also consolidates security in the data center, requiring fewer security devices to
further reduce energy consumption and cooling demands. SRX Services Gateways
consolidate firewall, intrusion prevention systems (IPS), Network Access Control (NAC),
DoS/DDoS attack protection, Network Address Translation (NAT), dynamic routing, and
Quality of Service (QoS) into one platform running on the JUNOS operating system. At
the same time, Junipers Integrated Services Gateway (ISG) consolidates data center
security by combining firewall with integrated IDP and VPN.

Support for High Performance and High Resiliency

Junipers top-of-rack EX-series Ethernet switches with Virtual Chassis technology, MXseries Ethernet Services Routers (ESRs) and SRX Services Gateways allow organizations
to scale while reducing power consumption and the amount of equipment needed in
the data center without sacrificing performance and resiliency. No other vendor
combines these powerful capabilities into one seamless and unified data center
infrastructure solution.
Juniper EX-series switches, MX Ethernet Services Routers and SRX Services Gateways leverage much of the
same field-proven Juniper technology including high-performance application-specific integrated circuits
(ASICs), system architecture and JUNOS software that power the worlds 25 largest service provider
networks.
Juniper is now extending these carrier-class capabilities to enterprise data centers. For
example, EX-series switches and MX-series routers offer carrier-grade redundancy to
ensure resiliency and uptime in the data center. In addition to redundant hot-swappable
power supplies and field replaceable fan trays, EX-series switches and MX-series routers
support dynamic link aggregation based on the 802.3ad standard as well as redundant
route engines that enable non-stop routing and in-service software updates.
EX-series switches and MX-series routers also feature redundant hardware architectures
for true carrier-class resiliency. The routing engines and the forwarding engines are
physically separate entities, each with their own processors and memory. As a result,
events that place high demands on the control plane, such as heavy network changes,
do not impact the forwarding performance. Likewise, periods of heavy traffic loads that
place high demands on the forwarding plane do not affect control plane performance.
Proven high-availability features and functionality have been included in the design of
the SRX Services Gateways from previous Juniper platforms. The SRX architecture
features independent control and data planes with a passive backplane, redundant
switching fabric (1+1), redundant fans and redundant power supplies. High-availability
redundancy support includes configuration synchronization, session synchronization for
firewalls, session failover for routing changes, device failure detection, and link failure
detection.
JUNOS software also contributes to higher performance and resiliency in the data
center, in addition to reducing data center complexity and operating costs. The JUNOS
operating system architecture consists of individual modules, each operating in its own

protected memory space. A failure or bug in one module does not cause a system-wide
failure, greatly improving the reliability of the entire system.
In addition, the JUNOS core development principle of a single release train, no separate
feature packages, no customer specials, and a single software image for all platforms
allow careful and thorough regression testing of all new code developments before they
reach the customer, resulting in a famously reliable operating system.

Juniper Data Center Infrastructure Solution Architecture

Juniper EX 4200 series switches function as a top-of-rack switch in data center

application server racks. These switches aggregate application servers and reduce
ports, links and aggregation switches with the innovative EX-series Virtual Chassis
configuration.
Juniper MX-series Ethernet Services Routers function as fully redundant, highperformance data center network core and aggregation layer 2 and layer 3 devices.
It enables virtualization of network resources and accommodates the need for
virtual machine moves across routed segments.
Juniper SRX Services Gateways scale to over 120 Gbps in firewall performance with
up to 30 Gbps of IPS throughput, making this the fastest integrated services firewall
platform in the world. The SRX also enables identity management, centralized policy
control and additional security services.
The Integrated Services Gateway (ISG1000/2000) functions as the data center
firewall with integrated IDP, VPN termination gateway and virtualized UTM services
for the data center.
Juniper Secure Access SSL VPN provides secure remote access to Web, client-server,
and thin-client computing applications in the data center, eliminating the need for
separate appliances to support each application type.
Juniper routers provide resilient high-performance connectivity across the WAN from
the primary data center to backup facilities and large remote sites.
Unified Access Control (UAC) provides advanced network protection, advanced
application-level access control, visibility and monitoring, and guest user access to
data center resources.

Juniper Network and Security Manager (NSM) is an easy-to-use solution to control all
aspects of Juniper firewall/VPN, Secure Access (SSL), Infranet Controller (IC), J-series,
EX switches and IDP devices, including device configuration, network settings, and
security policy management.
Security Threat Response Manager (STRM) supports event reporting and correlation
across the data center.
WAN Acceleration (WX/WXC) accelerates applications delivered over the WAN to
remote offices and users.

Juniper Financing Advantage

Juniper helps companies and organizations quickly and cost-effectively enable a highperformance business through its financing program, Juniper Financing Advantage (JFA).
The JFA program is made possible through an agreement between Juniper and IBM
Global Financing, which has 25 years of experience in IT financing.
From acquisition through daily use and disposal, Juniper Financing Advantage can help:
Turn large up-front costs into an affordable and predictable monthly payment
Preserve your cash and credit lines for strategic investments
Minimize the risk of technology obsolescence
Manage all equipment recycling and disposal in an environmentally-friendly manner

The Juniper Networks Advantage

Juniper Networks was founded in 1996 with a singular aim to liberate the network from the severe
constraints imposed on it by available technologies. With Juniper Networks, for the first time, operators had
the means to build networks that were freed from the traditional compromise between performance,
intelligence, and scale. Today, Juniper Networks delivers a wide range of solutions based on purpose-built
technology that support the complex scale and performance requirements of the worlds largest and most
demanding networks.
Juniper Networks is recognized as a center of excellence in the development of software, hardware, and
silicon technology that support high performance, intelligent networks. Juniper Networks combines all three
disciplines to offer intelligent merging of traffic between optical backbones and legacy enterprise routers.
Juniper Networks global customer base is large and diverse, insuring our continued presence within this
market. Our customers include government agencies, service providers, mobile and cable providers, global
PTTs, Research and Education entities, and information enterprises.
Juniper Networks executive team delivers dynamic leadership and successful management experience,
reflecting the latest management thinking. From a financial standpoint, Juniper Networks continues to focus
on our objective of delivering high-quality financial metrics including profitability, positive cash flow from
operations, strong gross margins, and a strong balance sheet all providing enterprise organizations with the
Juniper Networks advantage.

Data Centre Reference Architecture

Data Center Consolidation:

A continuing enterprise trend is the consolidation of data centers and the centralization
of server resources within the data center.
Data center consolidation is two-fold, firstly the Enterprise infrastructures have grown
considerably and have deployed company data assets in a large number of locations.
This has followed the globalization trend of the requirement to conduct business on a
global scale, opening office locations remote from the traditional corporate HQ.
Additionally, acquisitions have increased the geographic scope of enterprises, with
combined company data assets distributed over multiple locations. In order to reduce
operational costs (securing and adhering to compliance be they regulatory or
otherwise) and management overheads associated with dispersed corporate data
assets, a move to consolidate these resources into fewer, larger locations is an ongoing
trend. Data resources are moved from multiple data center locations into fewer, larger
data centers with global access to users.
Secondly, the number of users accessing the corporate data resources has shifted from
users in corporate HQ or regional office locations to a trend towards smaller branch
office or remote worker locations. In addition to this shift of employees away from
corporate data resources, there are requirements to allow access to partners and
guests. In order to ease management of the network, provide consistent access to any
user, anywhere, at anytime, a physical simplification of the corporate data resources is
required. Servers previously located in regional or branch office locations have been
centralized into the data center environment.
New data centers are built as part of the consolidation trend, where it is not possible to
grow within any of the existing data centers. The limits to growth within existing DCs
could arise from lack of support in the facilities infrastructure to house more powerhungry devices and/or to cool them, lack of ability to deliver more power to the existing
facilities, cheaper power and real estate for data center buildout outside of the major
metro areas etc.
The reliability and improving economics of wide-area communication is helping the
trend in the increase in mobile workers. These mobile workers will now access
applications in the consolidated Data Centers using their client devices.
In Summary, Enterprise & service providers are looking for consolidating DCs for the
following reasons:

Lower cost of power and real estate50% less outside major metro areas

New facilities with latest construction, power and cooling technologies

Easier to secure and fulfill compliance in fewer locations

Easier to have consistent management across data centers

State of Data Center Today & Old Legacy Design:

The drawing below depicts the current and old legacy design layers:

As the data centers have evolved, customers may experience one or more of the
following issues with their data center infrastructures & Design:

Too much power- increasing numbers of devices draw more power. As the cost
of power increases and in some cases, is monitored and limited in locations,
customers have become more sensitive to power and cooling specifications
within the data center

Space- again, more devices equates to more racks as well as the silo
architecture deployments means an inefficient use of rack space. Cost of floor
space in the data center becomes a concern as IT attempts to drive down the
cost of operating the network.

Complex to manage- multiple deployed instances with a variety of vendor

components has resulted in numerous operating systems.

Provisioning time- as a result of numerous operating systems and

management applications, bringing up a new application or a new rack of servers
has become time-consuming and overly complex.

Too many devices- resulting in increased power increased cooling, architecture

complexity, increased space- all resulting in increased overhead.

Too many connections- as server utilization increases, legacy network

infrastructure devices prove incapable of maintaining the user experience,
resulting in lost productivity.
Greater numbers of ports and bandwidth are
required to support the business, increasing complexity.

Poor availability- legacy devices are not up to todays high availability

standards, resulting in lost productivity.
Band-Aid mentality to security- separate appliances with a multitude of operating
systems are deployed in numerous locations across the data center
infrastructure. Writing and deploying consistent policies across a diverse range
of products is complex and not cost-effective.

Too many operating systems- Requiring increased administrator knowledge,

increased tome to configure and maintain, and inhibiting business speed and
flexibility. Each operating system in turn has a set of releases requiring
management.

Juniper High Performance Data Center Network:

Junipers High Performance Network for the data center solves customers issues in the
data center with a simplified architecture, reducing not only capital costs, but
operational costs through the simplification of operations and management of the
infrastructure. Additionally, simplification of the network architecture results in less
power and cooling requirements to save additional operating dollars. Junipers design
tenants of high-performance, highly scalable, integrated platforms operating under a
single operating system with a single management infrastructure enable customers to
maximize productivity at a minimal cost.
The drawing below summarizes how Juniper platforms address the previous mentioned
deficiencies of old legacy design & infrastructure:

Juniper Data Center Blueprint for STC:

The drawing below depicts the DC design layers proposed in our solution:

.
The proposed access design will be the same way in all three DCs, where EX members
are part of single Virtual-Chassis connected together via VC-ports exists, VC design
supports both design as illustrated below:

Due to the flexibility of VC technology, the VC connections between members can be

done either by the built-in 2x64G VC ports and/or with the 10G ports available on each
switch, below are some of VC technology advantages:

Two or more EX 4200 series switches interconnected via the 128Gbps

Virtual Chassis backplane or 10GbE Virtual Chassis extender

Superior resiliency

Redundant route engines: one of the VC members can be elected as

master routing-engine (RE) for the VC and this can be even forced by
configuration; for redundancy another member can be elected as backup
RE as shown below:

Redundant backplane: each member has two 64Gbps back plane.

Redundant unit power/fans

Extend link aggregation across multiple VC members.

Simplified management

Single management interface

Single version of JUNOS

Single configuration

Flexibility

Add additional units and uplinks as capacity requirements grow.

End of the row or top of the stack are both supported in VC, because of the
flexibility of the VC connections.

VC can be established by VC ports (up to 1 meters fiber cable), 10G (up to

80km) & even GE ports on the switch, as shown below:

Core Layer:
Juniper proposes MX960 as Core Data Center for all models; only the number of 10G
interfaces will be different based on the number of connected VC at access.
Juniper Networks MX960 Ethernet Services Router establishes a new industry standard for
Carrier Ethernet capacity, density and performance. Optimized for emerging Ethernet
network architectures and services, the MX960 is purpose built for the most demanding
carrier applications offering unmatched scalability, performance, reliability, and QoS for
both business and residential services.
The MX960 Ethernet Services Router, shown in Figures below, is a high density Layer 2 and
Layer 3 Ethernet switch/router platform designed for deployment in a number of service
provider Ethernet edge scenarios.

MX960 Ethernet Services Router.

The MX960 is the industrys largest capacity Carrier Ethernet platform with up to 960 Gbps
of switching and routing capacityenabling reduced costs and more revenue per platform,
and able to scale to protect customers investments. Offering efficient support of highdensity interfaces and high-capacity switching throughput, the MX960 enables a wide
range of business and residential applications and services, including high-speed transport
and VPN services, next-generation broadband multiplay services and high-volume Internet
data center internetworking.
With advanced services and applications such as VPLS driving a comprehensive set of
sophisticated requirements, Juniper Networks has purpose built its Carrier Ethernet
Portfolio to address customer needs with:

Performance at scale New Dense port Concentrators (DPC) cards combine high
port density with distributed architecture and on-board processing, ensuring
performance scales with the addition of interfaces.

Advanced QoS Superior QoS at the interface level enables providers to ensure
services receive the appropriate level of quality regardless of traffic conditions. This
advanced capability enables providers to offer a variety of Layer 2 and Layer 3
servicessuch as VLAN/transparent LAN, L2/L3 VPNs, Voice over IP and Video over
IPover Ethernet with the ability to provide guaranteed SLAs.

Service flexibilty Juniper Networks Carrier Ethernet portfolio leverages the industry
leading JUNOS operating system that powers over 27,000 Juniper Networks M- and
T-series routers currently deployed in hundreds of service provider networks
worldwide. JUNOS provides the MX960 with feature richness, stability, and service
breadth not typically found in Carrier Ethernet platforms.

Simple non-disruptive deployment Utilizing the same JUNOS operating system,

Juniper Networks Ethernet portfolio enables service providers to immediately take

advantage of the latest Ethernet technology without the cost and risks associated
with introducing a new operating system to the network.
The MX960 provides up to twelve 40 Gbps slots in a single chassis and supports Juniper
Networks new DPC cards allowing customers to take advantage of unprecedented port
densityup to 480 Gigabit Ethernet ports and 48 ports of 10 Gigabit Ethernet per system.
The distributed intelligence and packet processing of the MX960 and DPC cards are
powered by the I-chip, Juniper Networks next-generation packet forwarding engine
technology. By increasing scalability, packet performance and enhancing Ethernet-centric
quality of service features, the MX960 will enable carriers to increase the number of
services and customers supported per platform without negatively impacting performance.
This increases service flexibility, and can drive down both capital and operational
expenses.
The MX960 leverages the JUNOS operating system to enable carriers to seamlessly and
cost-effectively deploy Ethernet and accelerate their next-generation network
deployments. By combining a best-in-class hardware platform with the reliability and
service flexibility of JUNOS, the MX960 delivers a combination of features and capabilities
previously unattainable in Carrier Ethernet deployments.
The table below depicts the number of 10G ports required and proposed in the three
models per Core switch (MX960):

10G Connectivity

Large DC

Medium DC

Small DC

No. Of VCs

12

Firewalls & IDP

WAN Routers

Core-Core links

Total No. of 10G

20

11

Proposed 10G

20 4xDPCE-R

12-3xDPCE-R

10 3xDPCE-R +
20GE ports for WAN
connectivity

Number of
occupied slots

Free slots for

Future expansion

WAN Layer:
Leveraging MX technology deployment in STC, MX480 is proposed with required SFP & XFP
based G /10 ports, WAN layer is consolidated in small DC model

Traffic Description:
Reference to the proposed solution for all models, the drawing below will be used to
demonstrate the traffic flow in the network:

According to the meeting with Security department, and study the security policy within
STC, we can classify the traffic into the following:

Intra VLAN traffic

Inter VLAN traffic

Inter Virtual Firewall traffic

Intra VLAN traffic

Description: This is the traffic within the same VLAN that belongs to same savers and
security zone.
This traffic can be switched locally within the VC, there is no need to cross the core if the
servers are connected to the same VLAN in the same VC.

Inter VLAN traffic

Description: This is the traffic between two different VLANs that belongs to same Virtual
Firewall (Context).

There might be two actions here depend on security purposes:

If the communicating VLANs belong to the same security zone and they are allowed
to communicate directly, then communication will occur using L3 interface on the
MX, otherwise intra-zone communication can be achieved from the firewall itself.

If the communicating VLANs belong to the different security zone, then

communication has to be done through the firewall.

Inter Firewall traffic

Description: This is the traffic between two different VLANs that belongs to different
Virtual Firewall (Context).
This traffic has to cross the virtual firewall to the Core (MX), then to the other virtual
firewalls.

Logical Design & Protocol Integration:

The drawing below depicts the logical design of the network design, and this section will
illustrate how MPLS between Core switches will be used to separate the traffic between
VLANs.

Inter-VLAN within Virtual Router

1. Server connected to VLAN#3 wants to communicate with server in VLan#4 (same

Virtual Router, different or same Security Zones).

2. Use VPLS multi-homing techniques to multi-home a VLAN on Virtual-Chassis to two

different Core switches.
3. No spanning tree in VPLS case, the core switches will be configured so one of the
switches will be forwarding site for VLAN and the other switch as Backup.
4. Virtual-Firewall will have two VLANs belong to two different VPLS instance, so this
guarantees the L2 separation between VLANs.
5. By Configuration, the firewall connected to the forwarding Core switch will be
configured to be active firewall and the second will be standby.
6. Active/Active design for the firewalls is also achievable, by configuring the firewall in
active for one virtual-firewalls and standby for the others.
7. High Availability upon failure of:

Uplink link between the Access layer (Virtual-Chassis) & the forwarding core
switch: in this case the MPLS will discover the failure of the interface and the
other Core switch will be the forwarding switch for those VLANs, then the traffic
will cross the inter-core switch links to reach the firewall.

Active Firewall failure or link failure on the active firewall: the firewall will fail to
the standby firewall, and the traffic will cross the links between the core switches
to reach the standby firewall.

Core-Switch Failure: VPLS sites will be forwarding on the second core and the
firewall will also failover as well, so traffic will continue.

8. Loadbalancer will be connected to the core switches, and will be configured in away
that VLAN will be mapped to the corresponding VPLS, so that it has direct access to
the servers.
9. The outside interface (zone) of the firewall will be configured to belong to VRF or
even to global routing table.
10.All virtual-firewalls will run either OSPF or BGP on outside zones with each others, so
they can communicate.

Design Advantages:
Based on this design, STC will get benefits of the following:

Coherent & simple design between all models.

This is design is not new to STC, currently STC has L2 switches dual homed to two
MX960 and running multi-homing scenario.

Having no spanning tree and depending on MPLS, convergence time will be much
faster than xSTP.

MPLS is more reliable than

Simple design, there is no xSTP, pure L2 at access & MPLS between Core switches
only.

Just 16 devices to be managed in the large DC (VC is manageable as one device).

Single Operating System (JUNOS) across all platforms.

OPex Reduction; single training for JUNOS, less equipment to manage, centralized
management system

Reliable design depending on mature operating systems and platforms.

Ability to provide any virtualization & communication matrix between L2 & L3

domains, for example if L2 communication is required between any two VLANs,
then VPLS overlapping can be configured so that MAC can be leaked between the
instances to achieve this.

Flexible design, for example if L2 communication is required between two Data

Centers for some applications that still require L2, MPLS will help STC to extend the
VPLS between two DC, as shown below:

Access switches does also support VRF-lite (virtualization) to separate the VLANs at
access if required.

Traffic between servers within the same VLAN, can be achieved by configuring
private VLANs and allow communication with firewalls only.

Scalable Design, the core has more than 60% free for future expansion, VC has 30%
free for adding additional members and the core switches can accommodate more
than 25 VCs (>10,000 ports).

Pay as you grow model, STC can start with single VC and dual 10G uplinks,
afterward extra 10G uplinks can be added easily, as well as adding new VCs.

Campus LAN Reference Architecture

Please refer to the following documents for details:

Campus LAN Design Guide.pdf

Campus Networks Reference Architecture.pdf

Distributed Enterprise Solutions.pdf

EX-Series Ethernet Switches Solution Brief.pdf

Deploying IP Telephony with Juniper Networks EX Series Ethernet Switches.pdf

Data Center 2 Cloud Computing.pdf