Blogs

Securing IPVPN Connectivity on Juniper MX Using Inline IPsec

By Victor Ganjian posted 2 days ago
This article provides an example of using the inline IPsec function available on Trio-6 based MX routers to secure IPVPN traffic over an MPLS core. After stepping through the configuration details of IPsec, verification is performed to validate proper operation and to reinforce the reader’s understanding of the implementation. Introduction As part of a recent customer POC test, an MX10004 (25.2R1-S1.4) with line card model LC9600 was positioned as a data center gateway router. In the topology diagram below, the MX10004 router, Edge-1, provides interconnectivity between the local EVPN/VXLAN-based multi-tenant data center (DC1) and a remote data center ...

Self Healing and Recovery Mechanisms For PTX12008

By Abhishek A Jain posted 19 days ago
Modern core networks are expected to operate nonstop, even when components fail. In high-capacity chassis, fabric resiliency is fundamental requirement. This blog will describe in details the self-healing and recovery mechanisms built into the PTX12008 switching fabric. We’ll explore how the system detects faults, correlates failures, and automatically recovers from them... Ideally, before traffic is impacted. This article is the third of a series on PTX12000 fabric, we invite the readers to check the two previous posts: Rethinking Fabric Redundancy by Dmitry Shokarev PTX12008 Fabric Topology by Rahul Kulkarni Introduction: Why Fabric ...

DHCP on MNHA: Back to Basics

By James Rathbun posted 21 days ago
Multi-Node High Availability (MNHA) is increasingly common as an alternative to chassis cluster. One operational question that surfaces quickly in MNHA deployments is Dynamic Host Configuration Protocol (DHCP). As of Junos 25.4R1, each node runs an independent DHCP process with no lease database synchronization between them. Unlike chassis cluster, DHCP state is not replicated across nodes. Left unaddressed, both nodes will respond to client Discovers, may offer addresses from overlapping ranges, and will produce a split lease database. This post covers the observed behavior and provides practical configurations. Introduction We're not going to take ...

SRX MPLS in Flow - Part 2

By Karel Hendrych posted 21 days ago
The Junos 25.4R1 release expanded the list of SRX platforms supporting MPLS L3 VPN to include the SRX4600 and SRX4700. This brief tech post extends the previous 'SRX MPLS in Flow' article by presenting performance test of the SRX4600 using the 25.4R1 VRF-to-zone-mapping–based security policies. Introduction Prerequisite: read the SRX MPLS in Flow post for a thorough introduction. In 25.4R1, in addition to new platform support , Junos adds the ability to bind VRFs to zones , simplifying policy constructs by setting VRF context by zone instead of by rule match criteria. For NAT use cases the VRF-groups approach still applies as of 25.4R1. ...

Testing BGP Roles (RFC 9234) with the JMCP Server

By Julian Lucek posted 21 days ago
LLMs have improved significantly over the last few months with the advent of reasoning models. We are now at the point where a general-purpose LLM, in conjunction with the Junos MCP server, is capable of doing sizable chunks of work on a network triggered by a single prompt, saving the user significant amounts of time. A valuable application of this is to help with the testing of new router features. While experimenting with new features is good fun, configuring all the pre-requisites (e.g. an IGP, the BGP sessions, AS numbers and so on) can be tedious and takes a long time, which is a barrier to getting round to testing these features for potential deployment ...

Context Files: File Management and Data Collection Strategies

By christian graf posted 22 days ago
Fourth part of the Series on the Context-Files and JMCP, covering tokens, data formats, and memory management. Series Navigation: Part 1: Introduction & Basics Part 2: Tokens & Memory Part 3: Optimization & Alerting Part 4: File Management ← You are here Part 5: Redis & Performance Part 6: Hybrid Architecture Introduction Parts 1–3 covered context file fundamentals, token management, and optimization. Part 1 also introduced the enhanced JMCP server, which persists collected data directly to Redis or files — tool output never reaches the LLM context window. Instead of returning ...

Why Wi-Fi Design Day Matters

By Cherie Martin posted 04-09-2026
Contribution by Dobias van Ingen Community, curiosity, and doing Wi-Fi properly (with a bit of fun along the way ☕️📡 ) If you’ve ever tried explaining co-channel contention or roaming behavior at a dinner party, you know how quickly the room empties. 😅 But put a few hundred Wi-Fi professionals in a theatre, add real deployment stories, a shared passion for getting things right , and suddenly those conversations are not just welcome, they’re the main event. That, in a nutshell, is Wi-Fi Design Day . Ahead of this year’s Wi-Fi Design Day London (April 16, 2026), I sat down with Matt Starling (Ookla/Ekahau) to ...

Get Ready, Airheads: HPE + Juniper Networks Unite to Unleash the Future of AI-Native Networking

By Cherie Martin posted 04-01-2026
Punch your free ticket to one of the hottest events in tech, HPE Networking Days. A new era begins as HPE and Juniper Networks come together to deliver a next-generation event series designed for the innovators, builders, and hands-on pros who keep our world connected. Hey Elevate Members! I’m excited to share what’s coming with HPE Networking Days 2026. If you’ve attended before, you know these events are where breakthrough technology meets real-world expertise. This year, we’re taking things to a new level. For the first time, we’re bringing together the very best of HPE and Juniper Networks in one unified series, packed ...

MNHA, IPSec and Multiple Routing Instances

By James Rathbun posted 03-30-2026
INET.0 – What? MNHA, IPSec and Multiple Routing Instances Introduction There is a lot of good documentation available on designing and implementing MultiNode High Availability (MNHA) and Virtual Private Networks (VPNs) on SRXs - even AI generated configuration snippets that might lead a novice or experience professional astray. AI is a wonderful tool, but who hasn’t been a little frustrated by some AI output that includes commands or configuration recommendations that aren’t available on the platform. This post is not intended to be a 100% exhaustive guide on designing or configuring MNHA or VPNs with SRX deployments. The goal is to provide working ...

PTX12008 Fabric Topology

By Rahul Kulkarni posted 03-28-2026
Let's describes the PTX12008 chassis fabric topology and the bandwidth plumbing between Line Cards (LCs) and Switch Interface Boards (SIBs). Each LC integrates three BXF Packet Forwarding Engines (PFE), each made of a BX+BF pair, to deliver 54x 800G WAN ports, total 43.2Tbps per LC. Given 9 SIBs in the chassis, the fabric scaling ensures full LC bandwidth. Introduction PTX12008 is an eight‑slot Line Card (LC) chassis paired with 9 SIB slots to realize a non‑blocking, high‑capacity switching fabric. Each LC leverages the Juniper BX and BF chipsets, combined as BXF, to perform packet processing and cross‑fabric switching. The LC uses ...

Rethinking Fabric Redundancy

By Dmitry Shokarev posted 03-27-2026
Fabrics are considered internal components of the router and if one fails, there should be no performance degradation. This was the expectation for many years. But supporting it is not practical anymore. It is now time to reset the expectation, look at the problem again and address it differently. Why Fabric Redundancy? High-capacity routers have distributed forwarding architecture where multiple forwarding chips communicate over non-blocking fabric, typically comprised of multiple fabric modules, Figure 1. Figure 1. Distributed forwarding system architecture. As any component in a system, fabric modules can fail, potentially degrading ...

Implementing RBAC for Juniper Apstra Using ClearPass TACACS+ Server

By Victor Ganjian posted 03-23-2026
How to integrate Juniper Apstra with Aruba ClearPass using TACACS+ to centralize authentication and implement role-based access control (RBAC)? This article details the configuration of both systems, including user roles, policies, and enforcement mechanisms, and concludes with verification steps to validate correct authorization behavior. Introduction This document outlines the steps to configure HPE Juniper Apstra (version 6.0.0) to authenticate user logins against an Aruba ClearPass Policy Manager (CPPM) server (version 6.12) using the TACACS+ protocol. This integration allows for centralized user management, enabling role-based access control (RBAC) ...

Context File Optimization and Alerting Strategies

By christian graf posted 03-23-2026
Third part of the Series on the Context-Files and JMCP, covering tokens, data formats, and memory management. Series Navigation: Part 1: Introduction & Basics Part 2: Tokens & Memory Part 3: Optimization & Alerting ← You are here Part 4: File Management Part 5: Redis & Performance Part 6: Hybrid Architecture Introduction In Parts 1 and 2, we covered context file fundamentals and token management. In this part, we'll explore advanced optimization techniques that can dramatically reduce context file size while maintaining functionality, and we'll examine the best practices for alerting. ...

Introducing the PTX10002-60MR

By Santo K posted 03-19-2026
The Juniper PTX10002‑60MR is a 2RU router built on the Express 5 ASIC, delivering up to 14.4 Tbps of forwarding capacity. It offers dense mix of 12× 800GE QSFP112‑DD and 48× 100GE QSFP28 ports, native ZR/ZR+ support, and is perfect for space‑ and power‑constrained core, WAN, and AI‑driven data‑center deployments. Introduction With our Industry first 800G platform PTX10002-36QDD, we set a new benchmark for performance and efficiency. Now, we’re building on that success. With the introduction of the PTX10002-60MR, we are strengthening our 800G routing family, giving customers more choice and more flexibility as they prepare for the next wave of networking. ...

Context-File Basics: Tokens, Data Formats, and Memory Management

By christian graf posted 03-18-2026
Second part of the Series on the Context-Files and JMCP, covering tokens, data formats, and memory management. Series Navigation: ← You are here Part 1: Introduction & Basics Part 2: Tokens & Memory ← You are here Part 3: Optimization & Alerting Part 4: File Management Part 5: Redis & Performance Part 6: Hybrid Architecture Introduction In Part 1 , we covered the fundamentals of context files: their basic structure, how to use variables, and what target sizes are practical and desirable. In this Part 2, we'll dive deep into tokens, data formats, memory management, and ...

DCI Edge for AI Front End Clusters with Juniper PTX

By Kashif Nawaz posted 03-18-2026
How Juniper PTX routers consolidate tunnel aggregation, DCI, and secure internet edge roles to simplify large-scale AI front-end networking. In this article, we will detail design choices and deployment considerations for using PTX at the DCI edge to provide scalable multi-tenant connectivity for thousands of DPU-based AI nodes. Introduction In the first part of this series , we evaluated the overlay networking solutions spanning over a decade, and the second part was dedicated to architecture and implementation details to build large scale EVPN Type-5 tunnel aggregation solution using Juniper PTX Series Router. In last article of the series, we will ...

ACX 7020 Routers Deepdive

By Dominique Blanchard posted 03-16-2026
Everything about the new addition to the Cloud-Metro family, the ACX7020. A 1-RU, 23.5cm deep router, with 100Gbps forwarding capacity. High-Level Introduction The ACX7020 is a HPE Juniper Networking product powered by Broadcom Qumran Q2N [BCM88295] and running Junos EVO modular software architecture. It offers a mix of 16 ports 1/10GbE and 4 ports 1/10/25GbE. Figure 1: Front View of the ACX7020 This 1RU Ethernet-only router offers 100Gbps bidirectional forwarding capacity and with Class-C Timing support. It addresses primarily the Cable DAA/UAA use cases, Mobile xHaul Transport market, Converged Metro but can be used in multiple ...