Blogs

State, Signaling, and the Cost of Simplified Narratives

By cbarth posted yesterday
This article is not a comparison of protocols, nor an argument for or against any specific traffic engineering architecture. Instead, it is an examination of how architectural narratives form, how they simplify complex histories, and how those simplifications can quietly shape design assumptions long after the original context has faded. Introduction One of the most persistent narratives in the rise of Segment Routing (SR) is that it succeeded by eliminating per‑path signaling state, particularly the state associated with RSVP‑TE. In this telling, RSVP is cast as an inherently complex, fragile protocol whose hop‑by‑hop signaling model made large‑scale ...

This is a test

By Juniper Community Admin posted 4 days ago
Test

Enhancing Route Manipulation

By Moshiko Nayman posted 8 days ago
Advanced Junos OS route control techniques, such as rib-groups, vpn-global-import, and rib-export, enable selective sharing, controlled leaking, and cloning of routes across different RIBs while maintaining loop prevention for complex service-provider routing scenarios. Introduction Junos OS 25.2 and 25.4 introduces a powerful vrset of new features that enhance the already extensive route manipulation toolkit available to service providers. Building on decades of proven routing capabilities (including rib-groups, auto-export, and advanced policy controls), We will explore two enhancements, rib-export (Junos 25.2) for controlled secondary route ...

Welcome to the Next Chapter of The Elevate Community

By Elevate posted 23 days ago
Welcome to the Next Chapter of The Elevate Community We’re excited to welcome you to the latest update the Elevate Community . This update was built with our members in mind—making it easier to find answers, share expertise, and connect with others who understand the challenges you face every day. Whether you’re troubleshooting an issue, sharing a best practice, or learning something new, the new Elevate helps you do it faster and more effectively. A User-Friendly Experience Built for Efficiency The community now offers an intuitive, social-media-style interface ...

L3VPN over SRv6 with JCNR

By Lavanya Kumar Ambatipudi posted 01-11-2026
Do you need secure, isolated multi-tenant connectivity across Kubernetes and cloud infrastructures. JCNR supports SRv6 L3VPN with micro-Segment Identifiers (uSIDs) in various SRv6 endpoint behaviors (End.DT4, End.DT6, End.DT46). Overview Juniper Cloud-Native Router (JCNR) is a containerized, cloud-native routing solution that brings enterprise-grade networking capabilities to cloud and containerized environments. Built on Juniper's proven routing technologies, JCNR delivers the same robust features and characteristics as traditional Juniper routers while being optimized for modern cloud-native infrastructures. Segment Routing over IPv6 (SRv6) ...

MX301 A Powerful Filtering Gateway

By David Roy posted 01-07-2026
Let's use the Juniper filtering tools in a more comprehensive and realistic use case in which MX301 will serve as a filtering routing gateway to protect peering points, critical cloud platforms, or any network infrastructure that requires large-scale security. Introduction This is the second article on the MX301 platform's filtering topic. The first article [1] in this series was about the FlowSpec FLT Acceleration feature recently introduced in Junos 24.4. As already presented, the Juniper Networks MX301 is the newest member of the MX family. We detailed this new platform in a previous DeepDive Techpost [2] . MX301 as a Filtering Gateway In ...

MX301 High-Performance FlowSpec Without Compromise

By David Roy posted 01-07-2026
Explore how Juniper’s MX301 router, using Junos 24.4 and its Trio 6 ASIC’s specialized Fast Lookup Table (FLT), accelerates BGP FlowSpec rule processing so that even large and complex FlowSpec filters can be applied without degrading throughput by offloading 5-tuple matches to hardware. Introduction The Juniper Networks MX301 is the newest member of the MX family. We presented this new platform in the previous Techpost [1]. Figure 1: MX301 front view In this article, we will use MX301 platform to highlight a relatively recent MX/Trio feature introduced in Junos 24.4: FlowSpec Hardware Acceleration . As you may know, the Trio ASIC leverages ...

Inline IPSec on MX Series

By Suneesh Babu posted 12-03-2025
Juniper adds support for inline IPsec on MX-series routers, meaning that IPsec encryption/decryption is done directly by the router’s Packet Forwarding Engine (PFE) ASIC instead of by a separate service card, resulting in much higher VPN throughput and lower latency. This Techpost details how inline IPsec works on Trio 6-based MX routers and describes the configuration steps needed to activate it. Co-written by Poorna Pushkala Balasubramanian and Suneesh Babu Introduction Internet Protocol security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. ...

SRX Dynamic IP Objects aka Feed-server

By Karel Hendrych posted 11-30-2025
For a long time, the SRX has been able to periodically download IPv4 and IPv6 prefixes from external sources and map them to objects used in firewall policies. Essentially, this is the easiest way to automate the firewall rule base when rules act as templates, and IP sources or destinations are dynamic objects influenced by external automation. This Tech Post aims to provide a quick-start guide. Introduction In environments with frequent changes to firewall rule base objects, where a static address book would be excessively large and where DNS objects do not apply, a viable option is the use of dynamic IP objects fetched by the SRX from an HTTPS server. ...

MX301 Deepdive

By David Roy posted 11-24-2025
Let's explore the capabilities of the Juniper Networks MX301 Universal Routing Platform, a 1RU edge router built on Trio 6 silicon that delivers up to 1.6 Tbps full-duplex throughput, supports a broad range of interface speeds from 1GE to 400GE, and integrates features like hardware-accelerated MACsec/IPsec. The article details system architecture, chassis design, port mapping, and targeted use-cases—highlighting how the MX301 extends the MX10K family into more compact deployments for both enterprise and service-provider environments. Introduction The Juniper Networks MX301 Universal Routing Platform is a compact, high-performance 1RU edge router designed ...

200 Articles on TechPost

By Nicolas Fevrier posted 11-20-2025
After three years of activity, we passed the 200 articles mark last month. Writers have been extremely prolific, let's try to build a page with links to all these posts with a short abstract. Introduction Juniper Networks, now HPE Juniper Networking, is, at its very foundation, a technological company. When we opened the TechPost platform with the motto " Byte-Sized Articles on Juniper Solutions by Network Engineers, for Network Engineers", we wanted to create a place where Juniper engineers could share their knowledge and experience on technologies, products and protocols with no marketing fluff. Three years later, I'm proud ...

Lossless Ethernet Fabrics with PFC for AI/ML Workloads

By Parthipan TS posted 11-17-2025
Priority Flow Control (PFC) can be used in Ethernet fabrics to achieve lossless traffic—particularly important in AI/ML workloads and HPC—by pausing specific priority queues when congestion arises, avoiding costly retransmissions. The article details best practices for configuring PFC on Juniper QFX5K switches, handling buffer headroom, DSCP-based PFC, and mechanisms to detect and recover from PFC deadlocks. Introduction Ethernet is becoming the de facto standard for network infrastructure on AI/ML and HPC deployments. In AI/ML scenarios, where massive amounts of data are being transferred, retransmissions due to packet loss can significantly slow down ...

JCNR and Topology-Independent Loop-Free Alternates (TI-LFA)

By Lavanya Kumar Ambatipudi posted 11-15-2025
The Juniper Cloud‑Native Router (JCNR) integrates modern forwarding and resilience mechanisms, specifically Segment Routing with MPLS (SR‑MPLS) and Topology‑Independent Loop‑Free Alternate (TI‑LFA), to deliver sub-50 ms failover and full coverage in cloud-scale IP/MPLS networks. It presents two deployment use-cases (transit node and edge node) demonstrating how JCNR implements TI-LFA within SR-MPLS environments to achieve high availability and operational efficiency. Introduction The Juniper Cloud-Native Router (JCNR) represents a transformative approach to modern networking, designed to meet the demands of cloud-scale environments with agility, scalability, ...

SRX4700 100Gbps Full Duplex IPSEC tunnel

By Karel Hendrych posted 11-05-2025
The SRX4700 100Gbps Full Duplex IPSEC tunnel TechPost demonstrates the ability of the HPE Juniper Networking flagship 1RU firewall device to encrypt 100Gbps traffic patterns from a single system, such as a server or storage device, communicating within site-to-site tunnels. These single-tunnel, single-elephant flow use cases have never had practical solutions in the past – but this has now changed. Whilst this paper only concentrates on that use case (which was done for a customer performance Proof of Concept), it does not necessarily demonstrate the overall performance of the hardware-accelerated encryption enabled in Junos 25.2R1. The SRX4700 has significantly ...

Mastering Local AS - Private No-Prepend-Global-AS

By Juhie Mohan Motiani posted 11-03-2025
A detailed breakdown of the private no-prepend-gloabal-AS option for the local-AS setting in BGP on Juniper devices, showing how this mode influences AS-path prepending in both eBGP and iBGP peering. It covers configuration examples, route propagation scenarios, and illustrates how the local AS and global AS values are prepended differently depending on peer type. Introduction This series of techpost will provide a comprehensive overview of the various BGP local AS configuration options available on Juniper devices. Local AS is a powerful feature used in scenarios such as network migrations, mergers, and acquisitions. It enables BGP sessions to present ...

Mastering Local AS - No-Prepend-Global-AS

By Juhie Mohan Motiani posted 11-03-2025
A detailed breakdown of the no-prepend-global-AS option for the local-AS setting in BGP on Juniper devices, showing how this mode influences AS-path prepending in both eBGP and iBGP peering. It covers configuration examples, route propagation scenarios, and illustrates how the local AS and global AS values are prepended differently depending on peer type. Introduction This series of techpost will provide a comprehensive overview of the various BGP local AS configuration options available on Juniper devices. Local AS is a powerful feature used in scenarios such as network migrations, mergers, and acquisitions. It enables BGP sessions to present a local ...

Mastering Local AS - Private Mode

By Juhie Mohan Motiani posted 11-03-2025
A detailed breakdown of the Private option for the local-AS setting in BGP on Juniper devices, showing how this mode influences AS-path prepending in both eBGP and iBGP peering. It covers configuration examples, route propagation scenarios, and illustrates how the local AS and global AS values are prepended differently depending on peer type. Introduction This series of techpost will provide a comprehensive overview of the various BGP local AS configuration options available on Juniper devices. Local AS is a powerful feature used in scenarios such as network migrations, mergers, and acquisitions. It enables BGP sessions to present a local AS number ...

Mastering Local AS - Alias Mode

By Juhie Mohan Motiani posted 11-03-2025
A detailed breakdown of the alias option for the local-AS setting in BGP on Juniper devices, showing how this mode influences AS-path prepending in both eBGP and iBGP peering. It covers configuration examples, route propagation scenarios, and illustrates how the local AS and global AS values are prepended differently depending on peer type. Introduction This series of techpost will provide a comprehensive overview of the various BGP local AS configuration options available on Juniper devices. Local AS is a powerful feature used in scenarios such as network migrations, mergers, and acquisitions. It enables BGP sessions to present a local AS number instead ...

Mastering Local AS - Default mode

By Juhie Mohan Motiani posted 11-03-2025
A detailed breakdown of the Default option for the local-AS setting in BGP on Juniper devices, showing how this mode influences AS-path prepending in both eBGP and iBGP peering. It covers configuration examples, route propagation scenarios, and illustrates how the local AS and global AS values are prepended differently depending on peer type. Introduction This series of techpost will provide a comprehensive overview of the various BGP local AS configuration options available on Juniper devices. Local AS is a powerful feature used in scenarios such as network migrations, mergers, and acquisitions. It enables BGP sessions to present a local AS number instead ...