Beruflich Dokumente
Kultur Dokumente
Jan, 2010
CONFIDENTIALITY NOTICE: This material contains information that is confidential and proprietary to Juniper Networks,
Inc. Except as Juniper Networks otherwise agrees to in writing, recipient may not disclose or distribute any portion of this
material to any third party, and recipient may use this material solely for informational purposes.
Table of Contents
Table of Contents.......................................................................................2
Executive Summary
EX-Series
MX-Series
SRX-Series
J-Series
M-Series
One operating system with a single source base of code and a single, consistent implementation
for each control plane feature
One software release train extended through a highly disciplined and firmly scheduled
development process
One common modular software architecture that scales across all Junos platforms
Junos is designed to maintain continuous systems and improve the availability, performance,
and security of business applications. Junos helps to automate network operations by providing
a single consistent implementation of features across the network in a single release train that
minimizes complexity, cost, and risk. This provides network administrators with more time to
innovate and deliver new revenue-generating applications.
The inherent security and stability of Junos, combined with its modular architecture and single
code source, provides a proven foundation for delivering best-in-class performance, reliability,
security, scale, and total cost of ownership.
Junos scales both up and downfrom customer-premise equipment to multi-terabit core routers,
providing:
A consistent operating environment for many different network operators
A consistent feature set that facilitates the creation, management, and delivery of services from
edge to core
Proven resiliency, as evidenced by Unified ISSU support that uses the stateful recovery
capabilities of nonstop active routing.
Many usability featuresparticularly scripting and the ability to tie configurations to routing
instances and to selected interfaces.
An open OS, including the Partner Solution Development Platform (PSDP), which enables
customers and partners to develop specialized applications leveraging Junos.
ownership. By creating energy-efficient products with a long life, Juniper Networks aims to
reduce energy consumption and resource depletion. We also work within standards bodies to
develop efficiency metrics crucial to the understanding of network equipment energy usage for
business.
Juniper Networks supports opportunities to help individuals grow and sustain the communities in
which we operate. We support community development, education, and job training globally
through employee volunteer programs, corporate philanthropy, and the Juniper Networks
Foundation.
In addition, Juniper Networks works with like-minded companies, governments, and
organizations to meet and often exceed international standards for product design, production,
and waste reduction. We strive to lower our carbon footprint, operate as efficiently as possible,
and minimize waste production. Through careful engagement, we also ensure that our supply
chain follows our sustainable business practices. We believe in conducting business ethically,
with integrity and good corporate governance. We support a culture of diversity, provide
ongoing employee training, and offer competitive compensation to our workforce.
Executive Summary
Infrastructure complexity continues to increase within the traditional data center. With
this increase in complexity comes an associated increase in the costs related to
management overhead, additional equipment, space and power. Juniper Data Center
Infrastructure Solutions reduce equipment requirements, eliminate complex and
unnecessary layers of connectivity, and simplify management and administration all
while ensuring higher availability, increased performance and greater scale.
At the same time, Juniper Data Center Infrastructure Solutions use up to 65 percent less energy than
alternative solutions, giving you the opportunity to lower your space, power and cooling requirements. This
significantly reduces data center capital expenses, operating costs and total cost of ownership while enabling
you to create a greener, more energy-efficient data center. This simplified data center network enables easier
re-provisioning of network connectivity providing the business with data center agility.
With Juniper Data Center Infrastructure Solutions, your enterprise will benefit from:
Reduced Complexity: The same instantiation of JUNOS operating system software
is used across all routing and switching platforms for simpler feature deployments
and upgrades, while Juniper Network and Security Manager (NSM) provides unified
management capabilities across the Juniper routing, switching and security
infrastructure to simplify management and realize operational gains. In addition, the
virtualization of security services results in few physical devices to manage, thus
preventing data center sprawl.
Reduced Complexity
Leveraging the industry-leading JUNOS operating system, Juniper delivers an
unprecedented level simplicity that no other vendor can match. Unlike other solutions
for security and networking in the data center that requires multiple operating systems,
Juniper provides JUNOS as one operating system for security and network infrastructure
in the data center. JUNOS is enhanced through one release train and developed based
on one modular architecture to provide extremely high availability. These fundamental
differences ensure ongoing systems availability, automate and simplify data center
operations, and allow you to respond quickly to rapid growth and change, while
reducing complexity, cost and risk.
Junipers Network and Security Manager (NSM) takes a new approach to network and
security management by providing IT departments with an easy-to-use solution that
controls all aspects of Juniper routing, switching, firewall/VPN and Intrusion Detection
and Prevention (IDP) devices, including device configuration, network settings, and
security policy management.
Unlike solutions that require the use of multiple management tools to control a single
device, NSM not only enables IT departments to control the entire device lifecycle with
a single, centralized solution but also provides visibility with a complete set of
investigative and reporting tools. Using NSM, device technicians, network
administrators, and security administrators can work together to improve management
efficiency and security, reduce overhead, and lower operating costs.
Juniper also reduces data center complexity by virtualizing security services for
improved efficiency, management and threat containment. Other vendors require you
to install several security appliances and/or blades into every switch in the aggregation
layer. The result is infrastructure sprawl, underutilization of resources, and higher power
and cooling costs.
Juniper takes a completely different approach. Junipers integrated firewall/VPN security
solution lets you partition the network into multiple, independent virtual systems that
share a common physical interface and are controlled through a consolidated
appliance. Having fewer physical firewall devices simplifies management and reporting,
saves space, and lowers capital and operating costs, while addressing the problem of
equipment sprawl without sacrificing performance, reliability or availability. Junipers
unique and modular system architecture provides resiliency and high reliability.
requires 30 percent less cooling, and takes up half the physical space of competitive
platforms. Additionally, the MX series carrier Ethernet routing and switching family
offers energy-efficient carrier-class Ethernet solutions that are 2.5 to 3 times more
power efficient than alternative products.
Juniper also consolidates security in the data center, requiring fewer security devices to
further reduce energy consumption and cooling demands. SRX Services Gateways
consolidate firewall, intrusion prevention systems (IPS), Network Access Control (NAC),
DoS/DDoS attack protection, Network Address Translation (NAT), dynamic routing, and
Quality of Service (QoS) into one platform running on the JUNOS operating system. At
the same time, Junipers Integrated Services Gateway (ISG) consolidates data center
security by combining firewall with integrated IDP and VPN.
protected memory space. A failure or bug in one module does not cause a system-wide
failure, greatly improving the reliability of the entire system.
In addition, the JUNOS core development principle of a single release train, no separate
feature packages, no customer specials, and a single software image for all platforms
allow careful and thorough regression testing of all new code developments before they
reach the customer, resulting in a famously reliable operating system.
Juniper Network and Security Manager (NSM) is an easy-to-use solution to control all
aspects of Juniper firewall/VPN, Secure Access (SSL), Infranet Controller (IC), J-series,
EX switches and IDP devices, including device configuration, network settings, and
security policy management.
Security Threat Response Manager (STRM) supports event reporting and correlation
across the data center.
WAN Acceleration (WX/WXC) accelerates applications delivered over the WAN to
remote offices and users.
Lower cost of power and real estate50% less outside major metro areas
As the data centers have evolved, customers may experience one or more of the
following issues with their data center infrastructures & Design:
Too much power- increasing numbers of devices draw more power. As the cost
of power increases and in some cases, is monitored and limited in locations,
customers have become more sensitive to power and cooling specifications
within the data center
Space- again, more devices equates to more racks as well as the silo
architecture deployments means an inefficient use of rack space. Cost of floor
space in the data center becomes a concern as IT attempts to drive down the
cost of operating the network.
.
The proposed access design will be the same way in all three DCs, where EX members
are part of single Virtual-Chassis connected together via VC-ports exists, VC design
supports both design as illustrated below:
Superior resiliency
Simplified management
Single configuration
Flexibility
End of the row or top of the stack are both supported in VC, because of the
flexibility of the VC connections.
Core Layer:
Juniper proposes MX960 as Core Data Center for all models; only the number of 10G
interfaces will be different based on the number of connected VC at access.
Juniper Networks MX960 Ethernet Services Router establishes a new industry standard for
Carrier Ethernet capacity, density and performance. Optimized for emerging Ethernet
network architectures and services, the MX960 is purpose built for the most demanding
carrier applications offering unmatched scalability, performance, reliability, and QoS for
both business and residential services.
The MX960 Ethernet Services Router, shown in Figures below, is a high density Layer 2 and
Layer 3 Ethernet switch/router platform designed for deployment in a number of service
provider Ethernet edge scenarios.
Performance at scale New Dense port Concentrators (DPC) cards combine high
port density with distributed architecture and on-board processing, ensuring
performance scales with the addition of interfaces.
Advanced QoS Superior QoS at the interface level enables providers to ensure
services receive the appropriate level of quality regardless of traffic conditions. This
advanced capability enables providers to offer a variety of Layer 2 and Layer 3
servicessuch as VLAN/transparent LAN, L2/L3 VPNs, Voice over IP and Video over
IPover Ethernet with the ability to provide guaranteed SLAs.
Service flexibilty Juniper Networks Carrier Ethernet portfolio leverages the industry
leading JUNOS operating system that powers over 27,000 Juniper Networks M- and
T-series routers currently deployed in hundreds of service provider networks
worldwide. JUNOS provides the MX960 with feature richness, stability, and service
breadth not typically found in Carrier Ethernet platforms.
advantage of the latest Ethernet technology without the cost and risks associated
with introducing a new operating system to the network.
The MX960 provides up to twelve 40 Gbps slots in a single chassis and supports Juniper
Networks new DPC cards allowing customers to take advantage of unprecedented port
densityup to 480 Gigabit Ethernet ports and 48 ports of 10 Gigabit Ethernet per system.
The distributed intelligence and packet processing of the MX960 and DPC cards are
powered by the I-chip, Juniper Networks next-generation packet forwarding engine
technology. By increasing scalability, packet performance and enhancing Ethernet-centric
quality of service features, the MX960 will enable carriers to increase the number of
services and customers supported per platform without negatively impacting performance.
This increases service flexibility, and can drive down both capital and operational
expenses.
The MX960 leverages the JUNOS operating system to enable carriers to seamlessly and
cost-effectively deploy Ethernet and accelerate their next-generation network
deployments. By combining a best-in-class hardware platform with the reliability and
service flexibility of JUNOS, the MX960 delivers a combination of features and capabilities
previously unattainable in Carrier Ethernet deployments.
The table below depicts the number of 10G ports required and proposed in the three
models per Core switch (MX960):
10G Connectivity
Large DC
Medium DC
Small DC
No. Of VCs
12
WAN Routers
Core-Core links
20
11
Proposed 10G
20 4xDPCE-R
12-3xDPCE-R
10 3xDPCE-R +
20GE ports for WAN
connectivity
Number of
occupied slots
WAN Layer:
Leveraging MX technology deployment in STC, MX480 is proposed with required SFP & XFP
based G /10 ports, WAN layer is consolidated in small DC model
Traffic Description:
Reference to the proposed solution for all models, the drawing below will be used to
demonstrate the traffic flow in the network:
According to the meeting with Security department, and study the security policy within
STC, we can classify the traffic into the following:
If the communicating VLANs belong to the same security zone and they are allowed
to communicate directly, then communication will occur using L3 interface on the
MX, otherwise intra-zone communication can be achieved from the firewall itself.
Uplink link between the Access layer (Virtual-Chassis) & the forwarding core
switch: in this case the MPLS will discover the failure of the interface and the
other Core switch will be the forwarding switch for those VLANs, then the traffic
will cross the inter-core switch links to reach the firewall.
Active Firewall failure or link failure on the active firewall: the firewall will fail to
the standby firewall, and the traffic will cross the links between the core switches
to reach the standby firewall.
Core-Switch Failure: VPLS sites will be forwarding on the second core and the
firewall will also failover as well, so traffic will continue.
8. Loadbalancer will be connected to the core switches, and will be configured in away
that VLAN will be mapped to the corresponding VPLS, so that it has direct access to
the servers.
9. The outside interface (zone) of the firewall will be configured to belong to VRF or
even to global routing table.
10.All virtual-firewalls will run either OSPF or BGP on outside zones with each others, so
they can communicate.
Design Advantages:
Based on this design, STC will get benefits of the following:
This is design is not new to STC, currently STC has L2 switches dual homed to two
MX960 and running multi-homing scenario.
Having no spanning tree and depending on MPLS, convergence time will be much
faster than xSTP.
Simple design, there is no xSTP, pure L2 at access & MPLS between Core switches
only.
OPex Reduction; single training for JUNOS, less equipment to manage, centralized
management system
Access switches does also support VRF-lite (virtualization) to separate the VLANs at
access if required.
Traffic between servers within the same VLAN, can be achieved by configuring
private VLANs and allow communication with firewalls only.
Scalable Design, the core has more than 60% free for future expansion, VC has 30%
free for adding additional members and the core switches can accommodate more
than 25 VCs (>10,000 ports).
Pay as you grow model, STC can start with single VC and dual 10G uplinks,
afterward extra 10G uplinks can be added easily, as well as adding new VCs.