TechPost

Byte-Sized Articles on Juniper Solutions by Network Engineers, for Network Engineers

Enhancing Route Manipulation

By Moshiko Nayman posted 6 days ago
Advanced Junos OS route control techniques, such as rib-groups, vpn-global-import, and rib-export, enable selective sharing, controlled leaking, and cloning of routes across different RIBs while maintaining loop prevention for complex service-provider routing scenarios. Introduction Junos OS 25.2 and 25.4 introduces a powerful vrset of new features that enhance the already extensive route ...

L3VPN over SRv6 with JCNR

By Lavanya Kumar Ambatipudi posted 01-11-2026
Do you need secure, isolated multi-tenant connectivity across Kubernetes and cloud infrastructures. JCNR supports SRv6 L3VPN with micro-Segment Identifiers (uSIDs) in various SRv6 endpoint behaviors (End.DT4, End.DT6, End.DT46). Overview Juniper Cloud-Native Router (JCNR) is a containerized, cloud-native routing solution that brings enterprise-grade networking capabilities to cloud and ...

MX301 A Powerful Filtering Gateway

By David Roy posted 01-07-2026
Let's use the Juniper filtering tools in a more comprehensive and realistic use case in which MX301 will serve as a filtering routing gateway to protect peering points, critical cloud platforms, or any network infrastructure that requires large-scale security. Introduction This is the second article on the MX301 platform's filtering topic. The first article [1] in this series was about ...

MX301 High-Performance FlowSpec Without Compromise

By David Roy posted 01-07-2026
Explore how Juniper’s MX301 router, using Junos 24.4 and its Trio 6 ASIC’s specialized Fast Lookup Table (FLT), accelerates BGP FlowSpec rule processing so that even large and complex FlowSpec filters can be applied without degrading throughput by offloading 5-tuple matches to hardware. Introduction The Juniper Networks MX301 is the newest member of the MX family. We presented this new platform ...

Inline IPSec on MX Series

By Suneesh Babu posted 12-03-2025
Juniper adds support for inline IPsec on MX-series routers, meaning that IPsec encryption/decryption is done directly by the router’s Packet Forwarding Engine (PFE) ASIC instead of by a separate service card, resulting in much higher VPN throughput and lower latency. This Techpost details how inline IPsec works on Trio 6-based MX routers and describes the configuration steps needed to activate ...

SRX Dynamic IP Objects aka Feed-server

By Karel Hendrych posted 11-30-2025
For a long time, the SRX has been able to periodically download IPv4 and IPv6 prefixes from external sources and map them to objects used in firewall policies. Essentially, this is the easiest way to automate the firewall rule base when rules act as templates, and IP sources or destinations are dynamic objects influenced by external automation. This Tech Post aims to provide a quick-start guide. ...

MX301 Deepdive

By David Roy posted 11-24-2025
Let's explore the capabilities of the Juniper Networks MX301 Universal Routing Platform, a 1RU edge router built on Trio 6 silicon that delivers up to 1.6 Tbps full-duplex throughput, supports a broad range of interface speeds from 1GE to 400GE, and integrates features like hardware-accelerated MACsec/IPsec. The article details system architecture, chassis design, port mapping, and targeted use-cases—highlighting ...

200 Articles on TechPost

By Nicolas Fevrier posted 11-20-2025
After three years of activity, we passed the 200 articles mark last month. Writers have been extremely prolific, let's try to build a page with links to all these posts with a short abstract. Introduction Juniper Networks, now HPE Juniper Networking, is, at its very foundation, a technological company. When we opened the TechPost platform with the motto " Byte-Sized Articles ...

Lossless Ethernet Fabrics with PFC for AI/ML Workloads

By Parthipan TS posted 11-17-2025
Priority Flow Control (PFC) can be used in Ethernet fabrics to achieve lossless traffic—particularly important in AI/ML workloads and HPC—by pausing specific priority queues when congestion arises, avoiding costly retransmissions. The article details best practices for configuring PFC on Juniper QFX5K switches, handling buffer headroom, DSCP-based PFC, and mechanisms to detect and recover from PFC ...

JCNR and Topology-Independent Loop-Free Alternates (TI-LFA)

By Lavanya Kumar Ambatipudi posted 11-15-2025
The Juniper Cloud‑Native Router (JCNR) integrates modern forwarding and resilience mechanisms, specifically Segment Routing with MPLS (SR‑MPLS) and Topology‑Independent Loop‑Free Alternate (TI‑LFA), to deliver sub-50 ms failover and full coverage in cloud-scale IP/MPLS networks. It presents two deployment use-cases (transit node and edge node) demonstrating how JCNR implements TI-LFA within SR-MPLS ...

SRX4700 100Gbps Full Duplex IPSEC tunnel

By Karel Hendrych posted 11-05-2025
The SRX4700 100Gbps Full Duplex IPSEC tunnel TechPost demonstrates the ability of the HPE Juniper Networking flagship 1RU firewall device to encrypt 100Gbps traffic patterns from a single system, such as a server or storage device, communicating within site-to-site tunnels. These single-tunnel, single-elephant flow use cases have never had practical solutions in the past – but this has now changed. ...

Mastering Local AS - Private No-Prepend-Global-AS

By Juhie Mohan Motiani posted 11-03-2025
A detailed breakdown of the private no-prepend-gloabal-AS option for the local-AS setting in BGP on Juniper devices, showing how this mode influences AS-path prepending in both eBGP and iBGP peering. It covers configuration examples, route propagation scenarios, and illustrates how the local AS and global AS values are prepended differently depending on peer type. Introduction This series ...

Mastering Local AS - No-Prepend-Global-AS

By Juhie Mohan Motiani posted 11-03-2025
A detailed breakdown of the no-prepend-global-AS option for the local-AS setting in BGP on Juniper devices, showing how this mode influences AS-path prepending in both eBGP and iBGP peering. It covers configuration examples, route propagation scenarios, and illustrates how the local AS and global AS values are prepended differently depending on peer type. Introduction This series of techpost ...

Mastering Local AS - Private Mode

By Juhie Mohan Motiani posted 11-03-2025
A detailed breakdown of the Private option for the local-AS setting in BGP on Juniper devices, showing how this mode influences AS-path prepending in both eBGP and iBGP peering. It covers configuration examples, route propagation scenarios, and illustrates how the local AS and global AS values are prepended differently depending on peer type. Introduction This series of techpost will provide ...

Mastering Local AS - Alias Mode

By Juhie Mohan Motiani posted 11-03-2025
A detailed breakdown of the alias option for the local-AS setting in BGP on Juniper devices, showing how this mode influences AS-path prepending in both eBGP and iBGP peering. It covers configuration examples, route propagation scenarios, and illustrates how the local AS and global AS values are prepended differently depending on peer type. Introduction This series of techpost will provide a ...

Mastering Local AS - Default mode

By Juhie Mohan Motiani posted 11-03-2025
A detailed breakdown of the Default option for the local-AS setting in BGP on Juniper devices, showing how this mode influences AS-path prepending in both eBGP and iBGP peering. It covers configuration examples, route propagation scenarios, and illustrates how the local AS and global AS values are prepended differently depending on peer type. Introduction This series of techpost will provide ...

Network Automation with AI and Junos MCP Server

By Victor Ganjian posted 11-01-2025
How AI agents, connected via the open-source Model Context Protocol (MCP) server, can simplify and standardize network automation tasks on Junos OS devices (e.g., retrieving configurations, checking device health, provisioning) with natural-language prompts. It further presents a lab-proof-of-concept showing the set-up of the Junos MCP Server (e.g., Docker deployment) and demonstrates actual use-cases ...

Red Hat and Juniper Merge Ansible Collections

By Jessica Garrison posted 10-30-2025
Red Hat Ansible Automation Platform and Juniper Networks each have collections of Ansible modules for managing Junos devices. We are merging Ansible’s collection into the Juniper Collection to provide a single collection of modules for our customers. Introduction The most important goal during the merger of our collections was to create a seamless customer experience. Before ...

L2 Metro Ring-Access With EVPN-ELAN

By Aris Georgakas posted 10-29-2025
EVPN technology provides native CE direct L2 multi-homing capabilities, in either Active-Active or Active-Standby scheme. However, there might be a need for certain L2 access domains to form a ring topology around the EVPN PE endpoints. In our ACX7K JUNOS-EVO platforms, we leverage ERPS open-ring architecture (aka “non-vc-mode” G.8032v2 with subrings) to cover this use case and provide fast convergence ...

Training over 50km 800GE Links with PTX Routers

By Dmitry Shokarev posted 10-28-2025
Can we run distributed training between clusters located 50 km apart? How do we interconnect these sites? Do we need to tweak the collectives library and the NIC settings to run training jobs? And provision anything special on the router side? This article shows how PTX routers make it happen: secure, cost-efficient interconnects with 800 GE ZR optics and perfectly uniform load balancing ...

Enhancing Network Synchronization with Passive Port Monitoring

By Kamatchi Gopalakrishnan posted 10-10-2025
Juniper Networks introduces a powerful tool—Passive Port Monitoring (PPM)—to elevate the visibility, accuracy, and security of synchronization networks. An article co-written by Kamatchi Gopalakrishnan, Sr. Distinguished Engineer, and Bjørnar Forthun, Sr. Consulting Engineer Why Synchronization Matters In the era of 5G, CRAN, cloud-native infrastructure, and ultra-low latency ...

Debugging PFE exceptions with MCP

By Pablo Sagrera Garcia posted 10-08-2025
The New Role of the Network Engineer in the Age of AI: Context Is King. The arrival of AI in networking is transforming the way we think about operations, automation, and troubleshooting. For years, the skill set of a network engineer has been defined by the ability to configure devices, interpret logs, and script repetitive tasks. But with AI-powered systems entering the workflow, a new layer ...

Reimagining Network Operations with AI

By Jose Miguel Izquierdo posted 10-05-2025
What if you had an AI partner that could help you manage your network and troubleshoot any issues, learn from them, and continuously get smarter about preventing future incidents? Introduction I’m going to provide some insights into how Agentic AI can become your most valuable network engineer’s assistant. Everything comes from a compelling demonstration I conducted using Claude Desktop ...

MAP-E with Junos OS

By Moshiko Nayman posted 10-02-2025
This document provides an overview of MAP-E (Mapping of Address and Port using Encapsulation), a stateless IPv4-over-IPv6 transition technology supported by Junos OS. It explains key terminology, operational components, configuration guidelines, and deployment benefits for service providers. Introduction With the exhaustion of IPv4 addresses, service providers continue to face the challenge of ...

SRv6 Micro-SID (uSID) Basics

By Krzysztof Szarkowicz posted 09-30-2025
Learn all about SRv6 micro-SIDs (uSIDs), a compressed alternative to full-length SIDs in IPv6-based segment routing and how to configure it on Juniper MX Series. Introduction SRv6 (Segment Routing version 6) is a version of segment routing based on IPv6 tunneling mechanism, rather than on MPLS (MultiProtocol Label Switching) underlay. Therefore, with SRv6 underlying transport routers must be ...

Packet Filtering on Juniper Silicon - A True Differentiator

By Nicolas Fevrier posted 09-26-2025
Learn why the Trio and Express “Firewall Filters” (ACL) are truly unique in this industry. An article co-written by David Roy and Nicolas Fevrier Introduction Every vendor in the networking industry will regularly claim groundbreaking innovations and unique game-changing features, ignoring that, for most customers, the reality boils down to one simple truth: they’re just using good-enough ...

EVPN-On-A-Stick: Rethinking Service Edge Architectures

By Francois Lecavalier posted 09-25-2025
EVPN-On-A-Stick offers a fresh way to build networks by merging service functions directly into the main fabric. The result is simpler operations, faster performance, and a more scalable foundation for future growth. Introduction Over the past decade, the spine–leaf architecture has become the de-facto model for building scalable service provider and data center networks. Its clean separation ...

Optimize your Network with Routing Director

By Masagung Nugroho posted 09-25-2025
Automating the MPLS and SR network with Juniper Routing Director network optimization use case. Introduction Service providers and large enterprise networks nowadays offer multiple services with different traffic criteria, e.g., high bandwidth, moderate bandwidth with moderate latency, and small bandwidth with latency-sensitive requirements, etc. These requirements are also commonly used ...

Multi-Geo Overlay Procedure

By Steve Onishi posted 09-14-2025
The procedure for building a multi-geography multi-cluster from three Red Hat OpenShift Container Platform (RHOCP) clusters. The constructed multi-cluster will be capable of supporting Broadband Edge (BBE) cloud-native applications such as BNG CUPS Controller and Address Pool Manager (APM) in a geo-redundant capacity. Introduction A typical Kubernetes cluster is comprised of at least ...

Large Enterprises WAN Landscape in AI Era

By Kashif Nawaz posted 09-13-2025
Holistic design considerations for Large-Scale Enterprise WAN backbone networks, especially in the context of the evolving landscape shaped by connecting AI Clusters over the WAN Backbone. Introduction Previous blog posts covered several key design aspects of MPLS backbone networks, including a holistic approach to Class of Service , Class-Based Forwarding over RSVP LSPs , Adaptive ...

Microburst Detection and Avoidance on QFX5k

By Parthipan TS posted 08-22-2025
A comprehensive overview of microbursts and their impact on network performance, with a focus on Juniper's QFX5K EVO platforms (QFX5220, QFX5130, QFX5230, and QFX5240). Introduction In this article, we'll define microbursts and illustrate typical network topologies where they are likely to occur. Then, we'll explore the performance and reliability issues that microbursts can cause. We'll outline ...

TreeDN - The Fix for Catastrophically Successful Live Streaming Events

By Lenny Giuliano posted 08-21-2025
Live streaming audiences are now routinely reaching tens of millions of concurrent viewers. Combined with increasing bitrates for 4K/8K/360° video, is it time for a new approach to delivering this content? Introduction The boxing match between Mike Tyson and Jake Paul on November 15, 2024 marked a historic moment for the Internet. The event set records for Internet streaming with a reported ...

Introducing Express5 in PTX10K Chassis

By Nicolas Fevrier posted 08-18-2025
A detailed description of the latest line cards, fabric cards, power supply modules and fan trays introduced in the PTX10000 chassis, enabling the power of the Express5 chipset and 800GbE interfaces in modular form-factor routers. Introduction In early 2025, we introduced a new line card for the PTX10000 Series: the LC1301. It comes completing the existing LC1201 and LC1202, respectively optimized ...

Experience-First Networking By Routing Active Testing

By Henry Cheung posted 08-07-2025
Learn how APAC service providers are using Routing Active Testing to drive customer experience. We explore customers' motivations, Juniper’s solution approach and key use cases. Introduction Juniper Routing Active Testing (formerly known as Paragon Active Assurance) provides programmable, active testing and monitoring for physical, hybrid, and virtual networks. Unlike passive monitors, it ...

SRX MPLS in Flow

By Karel Hendrych posted 08-01-2025
Junos 24.2R1 brings improvement for selected Juniper SRX series devices, particularly on MPLS and packet-mode/flow-mode processing. This post includes a simple example of an MPLS-enabled SRX device processing 'family inet' in flow mode without relying on selective packet services, as was common previously. Yes, MPLS in SRX flow mode! Introduction Historically, selected SRX models supported MPLS ...

MX10000 LC4802 Deepdive

By Eswaran Srinivasan posted 07-25-2025
A detailed description of the latest MX10000 Series line card LC4802, completing the existing LC4800 but with only QSFP ports. This new card is powered by three Trio 6 Forwarding ASICs. This article is based on Eswaran Srinivasan's work, completed and formatted by Nicolas Fevrier. Introduction The MX10000 is Juniper's leading multi-service edge routing chassis, and today we are very ...

YAMS: Managing JCNR with Model Context Protocol

By Lavanya Kumar Ambatipudi posted 07-24-2025
YAMS (Yet Another MCP Server) is a specialized Model Context Protocol server designed to address the operational complexities of managing JCNR deployments at scale. Built specifically for network engineers, testing engineers and DevOps teams, YAMS provides a unified management interface that abstracts the complexity of multi-cluster JCNR operations. This article was originally posted on: ...

Adaptive Resource Control with Container LSPs

By Kashif Nawaz posted 07-21-2025
Modern MPLS networks must support highly dynamic traffic patterns, especially in cloud and service provider environments. While RSVP-TE provides engineered path control, traditional single-LSP scaling is often insufficient. Auto-bandwidth helps , but as demand grows, deploying parallel LSPs across ECMP-eligible paths becomes essential. These parallel LSPs improve load distribution, enabling more scalable ...

Adaptive Resource Control in TE Networks

By Kashif Nawaz posted 07-05-2025
In modern MPLS networks, managing traffic flows with precision is essential for maintaining performance and reliability. RSVP-TE provides a robust framework for establishing traffic-engineered paths that align with specific resource requirements. As network conditions fluctuate, static bandwidth reservations often fall short. To address this, dynamic mechanisms like auto-bandwidth allow the network ...

LLM Connector: a Conversational AI Assistant for Your Network

By Julian Lucek posted 06-27-2025
There has been a lot of interest recently in Large Language Models (LLMs). One of the major applications of LLMs is conversational AI that enables natural language interactions between people and chatbots. In this article we’ll talk about LLM Connector, which is a chatbot within Routing Director that leverages LLMs. This article has been prepared and co-written by Julian, Vijay Gadde, Harsha ...

FBF/CBF: Traffic-Engineering for Outstanding Services

By Anton Elita posted 06-26-2025
While destination-based forwarding works well for most traffic, certain services require more tailored handling – such as routing based on source’s IP or DSCP values. Leveraging alternative traffic-engineered (TE) paths for such flows enhances network flexibility and creates a compelling business case. Introduction “All animals are equal, but some animals are more equal than others.” – George ...

Class Based Forwarding over RSVP LSPs Design Consideration

By Kashif Nawaz posted 06-23-2025
While Class of Service (CoS) ensures that priority traffic receives preferential treatment on congested interfaces, it does not inherently provide a mechanism to reduce transit latency for delay-sensitive traffic flows. Class-Based Forwarding (CBF) addresses this gap by enabling network operators to steer high-priority traffic over the shortest or most optimal paths, while directing low-priority traffic ...

Mist, Cradle Point and Site-to-Site IPSec Tunnels – an SRX Perspective

By James Rathbun posted 06-21-2025
Configuring site-to-site IPSec tunnels for devices that fall outside of the seamless integration capabilities Mist provides may seem daunting at first. This article highlights the methods of configuring IPSec tunnels and failover scenarios in Mist with applicable configurations pushed to the SRX. Introduction Documentation for API integration with Cradle Point’s (CP) NetCloud and Mist can ...

Wholistic Design Approach for MPLS Backbone Class of Service

By Kashif Nawaz posted 06-19-2025
Class of Service (CoS) on an MPLS backbone is essential to ensure differentiated traffic handling and maintain QoS across complex, high-throughput networks. It is challenging due to the need for consistent traffic classification, IP-to-MPLS header bit marking, and assigning transmission resources to maintain various service level agreements (SLA). Introduction Designing and deploying ...

Hybrid MNHA with eBGP

By James Rathbun posted 06-12-2025
Let's highlight the flexibility of Multi-Node High Availability (MNHA) and JUNOS while providing design considerations when implementing MNHA in a hybrid deployment model. Introduction Every network environment is unique and has different requirements and caveats. The focus will be on: Implementation considerations Monitoring/Failover scenarios MNHA functionality ...

The Hidden Cost of Jitter in AI/ML Training Fabrics

By Mohan Kumar M V posted 06-05-2025
And Why It Matters More Than You Think... Introduction: A Hidden Villain in AI Data Centers In AI/ML training environments, speed isn’t just a competitive advantage—it’s survival. Companies invest millions into GPU clusters, expecting models to converge faster and deliver smarter results. Yet a silent villain often sabotages these ambitions: ...

Industrial SRX mk1 (Project Taco)

By Karel Hendrych posted 05-22-2025
Let's expand on the article on vSRX on mini-PC with details on another platform and use case. This time, the Juniper vSRX is deployed on a specific fanless, rugged, DIN-mountable, and DC-powered PC for industrial applications, featuring plenty of Ethernet interfaces and 4G/5G connectivity, effectively making it an “Industrial SRX.” Introduction It is challenging to satisfy all customers ...

VPLS Validation on PTX10002-36QDD

By Manikanta Pavan C posted 05-16-2025
Validating VPLS on the PTX10002-36QDD with Junos Evolved 24.2R2 for Metro Aggregation or Cloud Enterprise use cases. Introduction The PTX10002-36QDD is a next-generation cloud-optimized 2U fixed-configuration routing platform powered by Juniper’s Express 5 ASIC. With an industry-leading 28.8 Tbps throughput capacity, it is purpose-built for space- and power-constrained environments, making ...

TAP Aggregation for Network Observability

By Ridha Hamidi posted 05-11-2025
Network observability is a crucial component of an AI data center network, and TAP aggregation is a primary building block of its ecosystem. Introduction Network observability relies on extensive amounts of data to infer internal network states and KPIs from the observed outputs provided by telemetry and the collection of actual traffic from different network points. Regression algorithms ...

SR-TE LSPs Through a Multi-Domain Network

By Ricardo Dominguez posted 04-30-2025
Establishing SR-TE (CSPF) LSPs through inter OSPF areas is a challenge, as these LSPs rely on TED, and this TED is per OSPF area or IS-IS level. In our previous tech post “ Migrating from OSPF/LDP to OSPF/SR-MPLS ”, we explored how to transition from OSPF/LDP to OSPF/SR-MPLS for SR and the associated benefits it brings to modern networks. In this post, we will explore how to create four types ...

Open-Source Monitoring of Network Forwarding Exceptions: A Practical Approach

By Pablo Sagrera Garcia posted 04-30-2025
In Julian Lucek’s blog post, Detection of Blackholes in Networks Using JRI , he explores how Juniper’s JRI (Juniper Resiliency Interface) can be leveraged to detect blackholes in networks. Expanding on that idea, c The Importance of Exception Monitoring Detecting blackholes is only one aspect of ensuring network health. Understanding why certain packets are dropped is equally crucial. ...

Filter-Based Forwarding on MX

By David Roy posted 04-27-2025
A detailed overview of Filter-Based Forwarding (FBF), also known as Policy-Based Routing (PBR), on MX Series routers (AFT), using common deployment scenarios to illustrate configuration methods. Introduction The Filter-Based Forwarding (FBF) concept is relatively simple. On ingress, filtering (via the Firewall Filter toolkit) is applied before the source or destination route lookup. The diagram ...

QFX5K-Series Switches Packet Buffer Architecture

By Parthipan TS posted 04-25-2025
Packet Buffer Architecture on QFX5K-Series switches and various buffer tuning options available on these platforms to maximize the traffic burst absorption. Overview On QFX5K platforms all packets that enter the ingress pipeline will be stored at central MMU packet buffers before it egress. Packet buffers are required for burst absorption, packet replication, and multiple other use cases. ...

com.android.ipsec IKEv2 vs SRX

By Karel Hendrych posted 04-13-2025
Example settings for connecting a VPN from the native IKEv2 client on Android 13+ to a Juniper SRX firewall. Due to the client's nature, use cases may include basic remote access and embedded/IoT scenarios where additional software is undesirable. Introduction For connecting a VPN from the Android platform to the Juniper SRX, multiple options exist: Fully supported Juniper Secure Connect ...

Migrating from OSPF/LDP to OSPF/SR-MPLS

By Ricardo Dominguez posted 04-05-2025
Migrating from a multi-area OSPF with LDP to SR-MPLS is a transition that can be achieved with ease, provided you have a clear understanding of the process and the options available. There are various ways to execute this migration, each with its own set of benefits and considerations. The approach you choose will largely depend on customer requirements, network size, and the specific services you ...

MACsec and L2PT over Non-Point-to-Point Networks in Junos

By Moshiko Nayman posted 03-24-2025
Junos 25.4R1 enhances Layer 2 Protocol Tunneling in VXLAN tunnels and traditional VLANs by introducing support for more protocols, allowing MACsec to traverse Layer 2 networks. Overview Media Access Control Security (MACsec) is primarily designed to provide point-to-point security on Ethernet links. It ensures data confidentiality and integrity between two directly connected devices. However, ...

BNG CUPS Controller and Geographical Redundancy

By Horia Miclea posted 03-02-2025
Juniper BNG CUPS (Control and User Plane Separation) Architecture supports the Broadband Forum TR-459 Issue 2 and 3 use cases. This blog announces the CUPS Controller deployment options, specifically the new development for geographical redundancy. This use case improves the CUPS solution’s availability in case of data-center failures. Introduction As the long-time global leader in BNG ...

Automate Juniper Apstra with PowerShell

By Shabbir Ahmed posted 02-24-2025
It’s all built into Windows. Leverage Windows PowerShell to a utomate Juniper Apstra without installing PowerShell as a language or any libraries (like the HTTP client library). You can download the script on an enterprise workstation where you access the Apstra Web UI and run it without seeking approvals from the infosec team or installing any third-party modules from the Internet. ...

SR Tactical Traffic Engineering in Junos

By Moshiko Nayman posted 02-19-2025
Junos OS 23.4R1 introduces Segment Routing Tactical Traffic Engineering (SR-TTE), a unique and innovative solution designed to address temporary network congestion by dynamically adjusting traffic flows in real-time, directly within the router. SR-TTE leverages existing mechanisms to alleviate congestion without requiring interoperability between different router vendors or with external controllers. ...

DNS64 and NAT64 on SRX Series

By Steven Jacques posted 02-12-2025
In this short post, we’ll look at configuring the SRX for 6-to-4 NAT (NAT64) when using IPv6-only clients with an external DNS64 server. We’ll also quickly examine how the mechanism to dynamically perform this translation works. Introduction If you’re reading this blog, you probably know the score with IPv6. Actual statistics on the use of IPv4 versus IPv6 vary, but a good indicator is the relative ...

Single Stage IBA with GaN Converters

By Sunil Mekad posted 01-27-2025
A brief overview of the challenges faced in next-generation networking and data communication equipment using older Intermediate Bus Architecture (IBA) and a description of a forward-looking Power Delivery Architecture and its benefits related to overall sustainability goals that could set the stage for research and development into similar commercial implementation. Introduction Power density ...

SRX/CloudATP Multi-Tenant DNS Filtering

By Karel Hendrych posted 12-28-2024
Describes the ability of the Juniper SRX, in conjunction with the CloudATP service, to enforce DNS query blocking through an API-driven, multi-tenant approach. Each tenant has its own virtual router, ingress zone, dedicated API token, and independent visibility for granular control and operational separation. Introduction Lately, security intelligence services on perimeter firewalls that categorize ...

Monitoring PFE Resources on EVO Routers

By David Roy posted 12-26-2024
Explore another use case of the Utility MIB feature [1] in Junos and EVO. We previously discussed this feature in a separate Techpost [2] in the context of the SRX platform. Today, we’ll focus on its application on the ACX7000 platform. Introduction Recently, we received a request from a customer who wanted to monitor specific PFE counters on the ACX 7K platform. As you may know, Juniper platforms ...

Multi-Node High Availability Basics

By Steven Jacques posted 12-20-2024
In this post, we’ll take a technical dive into Multi-Node High Availability (MNHA) on Juniper’s SRX platforms – a flexible approach to providing redundancy on stateful network security devices. Introduction High Availability (HA) is a very commonly deployed function on NGFW platforms. Since one of the main tasks of the NGFW is to not only track but to maintain state (to secure connections and ...

Service Orchestration with Paragon Automation

By Masagung Nugroho posted 12-19-2024
How Paragon Automation (PA) automates workflow steps in provisioning L3VPN/EVPN/L2Circuit service based on declarative intent. This article is written by Masagung Nugroho and Henry Cheung. Introduction Manual service provisioning in the network is tedious and cumbersome. Operators have to stitch multiple workflows to complete a service order. For example, identify network resources (ports, ...

MX10000 LC4800 Deepdive

By Eswaran Srinivasan posted 12-03-2024
A detailed description of the latest MX10000 Series new line card, offering a mix of QSFP-DD and SFP-DD ports, and powered by three Trio 6 Forwarding ASICs. Article written by Eswaran Srinivasan, completed and formatted by Nicolas Fevrier. Introduction We are very pleased to announce the addition of a new line card for Juniper's leading multi-service edge routing chassis, the MX10000. ...

Navigating the Shadows of Dark Fiber Connectivity

By Jad Dimabuyu posted 11-21-2024
Juniper’s Converged Optical Routing Architecture – Unamplified Links. Explore the solution for High-Capacity Transport using 400G OpenZR+ Optics. Introduction This TechPost will cover configurations, monitoring, and test plans for provisioning 400G OpenZR+ Optics. In designing a Dark Fiber Network, it is important to do link budget calculations. Network operators typically require margins ...

SRv6 Observability

By David Roy posted 11-18-2024
How can we monitor the SRv6 data plane, and collect statistics on the SRv6 SRH and tunnels with IPFIX option 315 / IMON? Introduction At Juniper, we have observed increasing customer interest in the SRv6 standard over recent years. This Techpost isn’t focused on the SRv6 technology itself. It's something we've already explored in-depth in multiple previous articles: SRv6 Basics: ...

SRX4600 CGN Configuration Breakdown

By Karel Hendrych posted 11-15-2024
Junos configuration details and KPIs of a real-life SRX4600 CGN deployment for an operator serving fixed customers. The SRX has been used as a Carrier Grade NAT (CGN) or mobile Gi/SGi firewall since the early days. Due to popular demand, this TechPost aims to describe the Junos configuration details and KPIs of a real-life SRX4600 CGN deployment for an operator serving fixed customers. In addition, ...

L3VPN to Global RIB Leaking

By Moshiko Nayman posted 11-07-2024
Leak remote L3VPN routes to the global internet table or other VRFs is now possible with the introduction of the vpn-global-import feature coming in Junos 24.2. Introduction Junos OS 24.2 introduces vpn-global-import, a new capability that allows service providers to leak remote L3VPN routes to the global internet table. This feature enhances existing route control and leaking capabilities, ...

Trio 6 Packet Walkthrough

By David Roy posted 10-31-2024
A transit packet walkthrough inside an MX Series Trio 6 ASIC, with all the internal details on the different memory and components involved in the process. This article has been co-written by David Roy and Nicolas Fevrier. It's the first post of a Series on the Trio 6 "packet walkthrough". The next articles will treat more specifically the host path and "for-us" packets, ...

Fast Lookup Tuple: an Innovative Filtering Feature

By David Roy posted 09-02-2024
An innovative filtering solution for IPv4 traffic on MX Series, developed to handle five tuples matching criteria at scale. The MX platform is one of the most powerful routers on the market for packet filtering. MX offers a comprehensive set of tools for packet manipulation, classification, filtering, policing, and redirection. This article will introduce an innovative filtering solution for IPv4 ...

From QFX5100 to QFX5120

By Nicole Henry posted 08-27-2024
Explore the software and hardware differences you will encounter regarding switch connectivity when transitioning from the end-of-life QFX5100-48S and QFX5100-48T switches to the replacement QFX5120-48T and QFX5120-48Y switches. This document provides an overview of the connectivity differences between the -48S and -48T QFX5100 switches and the -48Y and -48T QFX5120 switches. It also covers physical ...

Micro-Segmentation in DC with Apstra and Junos

By Adam Jarvis posted 08-13-2024
Discover how to implement micro-segmentation in your data center using Juniper Apstra and VXLAN Group-Based Policy. This comprehensive guide walks you through the process of deploying fine-grained security controls at the fabric level, offering a powerful solution for modern network security challenges . Article written by Adam Jarvis and Elisabeth Rodrigues. Purpose of the Document This ...

BIER Overlay

By Suneesh Babu posted 08-08-2024
The series is composed of the following posts: Introduction to BIER and BIER Underlay BIER Table Lookup BIER Overlay (present article) In this TechPost, we talk in deeper detail about overlay details. BIER overlay The Overlay helps determine interested multicast sources and listeners in the BIER domain. The Overlay can be MVPN, EVPN, or Global IP Multicast. BIER on PTX10002-36QDD ...

Secure Virtual Cell Site Router Solution with JCNR and cSRX

By Vivek Shenoy posted 08-01-2024
A secure virtual cell site router (CSR + SecGW) functionality using Juniper Cloud Native Router or JCNR and Containerized SRX or cSRX so that customers and readers can easily replicate this in their lab environment and get a feel of this solution. This TechPost has been co-written by Lavanya Kumar Ambatipudi and Vivekananda Shenoy. Introduction 5G technology brings about new opportunities ...

BIER Table Lookup

By Suneesh Babu posted 07-30-2024
Second part of the 3-article series on BIER, detailing how is performed the lookup in the different BIER Tables. The series is composed of the following posts: Introduction to BIER and BIER Underlay BIER Table Lookup (present article) BIER Overlay In this TechPost, we talk in deeper detail about the different tables such as the BIRT (Bit Index Routing Table) and the BIFT ...

SRX AutoVPN / PSK with Linux strongSwan

By Karel Hendrych posted 07-30-2024
An example of SRX AutoVPN functionality with Pre-Shared Keys in 3rd party mode; specifically with Linux/strongSwan spokes. While PKI-based AutoVPN in proprietary and interoperable modes has been prevalent in large-scale IPSEC VPN deployments, the PKI prerequisite can be challenging for smaller scenarios. Finally, Junos 23.4 addresses a significant drawback of PSK-based AutoVPN by eliminating the ...

BGP Minimum ECMP

By Himanshu Tambakuwala posted 07-25-2024
BGP Minimum ECMP is a new feature aiming at improving resiliency within DC networks. This article has been co-written by Himanshu Tambakuwala and Sanoop Ranjan. Introduction This feature can help in any type of data center, whether enterprise or AI Inference and Training clusters given that there are multiple links connected between each pair of spine and leaf or spine ...

Selective Dynamic Load Balancing

By Sanoop Rajan posted 07-25-2024
A new innovative feature called Selective DLB (Dynamic Load Balancing), improving RDMA traffic ECMP. This article has been co-written by Sanoop Ranjan and Himanshu Tambakuwala. Introduction With this feature, we have two enhancements to our Junos Evo operating system: The ability to detect the specific RDMA traffic with the help of matching opcode in the InfiniBand ...

BIER Introduction and Underlay

By Suneesh Babu posted 07-24-2024
First part of the 3-article series on BIER, discussing fundamental concepts and BIER underlay. The series is composed of the following posts: Introduction to BIER and BIER Underlay (present article) BIER Table Lookup: https://community.juniper.net/blogs/suneesh-babu/2024/07/30/bier-table-lookup BIER Overlay: https://community.juniper.net/blogs/suneesh-babu/2024/08/08/bier-overlay ...

The Evolution of Network Security

By Sharada Yeluri posted 07-22-2024
A primer/survey for networking and cyber security enthusiasts interested in the evolution of this field. This article was initially published on LinkedIn: https://www.linkedin.com/pulse/evolution-network-security-survey-sharada-yeluri-cwglc Since its inception, network security has undergone significant transformations, evolving from basic measures to sophisticated systems designed to counter ...

MAP-T with Junos

By Moshiko Nayman posted 07-08-2024
Junos OS 23.4R1 introduces Mapping of Address and Port using Translation (MAP-T) as an adaptive service on Juniper MX Series routers equipped with Trio Silicon. MAP-T is a stateless NAT64-based solution designed to facilitate seamless IPv4 to IPv6 transition within IPv6 domains. This technology optimizes address utilization by allowing multiple customer edge (CE) devices to share a single public IPv4 ...

Junos Symmetrical Load Balancing

By Moshiko Nayman posted 06-19-2024
Efficient stateless load-balancing on Trio-based routers, offering optimal performance and reliability. Introduction Junos OS 24.2 introduces an innovative feature on the Juniper MX platform powered by the Juniper Trio chipset: symmetrical load balancing. This new capability enhances the router with efficient stateless load balancing, ensuring optimal performance and reliability ...

Scalable BGP Route-Reflector

By Anton Elita posted 06-11-2024
BGP Route-Reflector is part of many networks, serving PE routers with reachability information. For this critical role, it’s important to have a robust and feature-rich software, able to serve route updates quickly and reliably, for both upstream and downstream directions. Let’s see how to achieve this goal with cRPD. Introduction Route reflectors (RR) have been used for decades by service ...

Flexible Memory in Express5

By Swamy SRK posted 06-03-2024
Express5 fungible shared memory architecture provides the foundation for a flexible memory scheme which increases scale and efficiency of memory utilization. Introduction Typically, a fixed pipeline architecture ASIC comes with fixed-size tables or memories for various applications in the packet processing pipeline. Each memory’s occupancies vary depending on the features configured and scale ...

FIB Install Rate in PTX Express5

By Vivek Singh Sikarwar posted 05-31-2024
PTX10002-36QDD is the first router equipped with the new Juniper Express5 packet forwarding engine, a new deep-buffer 28.8Tbps package introducing a lot of innovations and improvements compared to its predecessor. This post will answer a simple question: how fast can we program the FIB entries in hardware on this new chipset? TL;DR: that's around 38,000 prefixes / second. Tests prepared, ...

Juniper BNG CUPS Address Pool Management

By Horia Miclea posted 05-30-2024
Another innovation for CUPS that enables unified Address Pool Management across CUPS controller(s) and Integrated BNGs. This use case simplifies the service provider operations and cost optimizes the public IPv4 address space usage. Introduction As the long-time global leader in BNG technology, Juniper Networks is leading the industry in bringing new broadband innovations to service providers. ...

Juniper BNG CUPS Smart Load Balancing with High Availability

By Horia Miclea posted 05-27-2024
A Juniper BNG CUPS use-case that combines Smart Subscriber Load Balancing and High Availability Hot or Warm Standby across a group of User Planes based on Broadband Forum TR-459 Issue 2. With this innovation, you reduce costs and complexity by treating multiple user planes as a shared resource pool that are smartly load balanced while having a backup user plane fully programmed to take over in case ...

SRX EVPN/VXLAN T5 oIPSEC

By Karel Hendrych posted 05-27-2024
A practical yet simple demonstration of the SRX EVPN/VXLAN Type 5 ip-prefix-routes feature and related firewall policy processing across multiple tenants, including an example of communication between overlapping IP prefixes. By utilizing an IPSEC underlay in an otherwise data center-centric feature set, this TechPost article effectively demonstrates the potential expansion into WAN scenarios. Introduction ...

Juniper BNG CUPS Hitless User Plane Maintenance

By Horia Miclea posted 05-21-2024
A Juniper BNG CUPS use-case that enables hitless maintenance for the user planes based on Broadband Forum TR-459 Issue 2. It improves the subscriber experience and optimizes the service provide operations by removing maintenance downtimes. Introduction As the long-time global leader in BNG technology, Juniper Networks is leading the industry in bringing new broadband innovations to service ...

BGP Link-Bandwidth with JunOS

By Moshiko Nayman posted 05-13-2024
The BGP Link-Bandwidth extension introduces an improvement to the BGP multipath, providing the ability to convey port speeds and propagate this information across network devices. Note: the new features presented in this article are coming with Junos Release 23.4R2, publicly available the 27th of June, 2024. Introduction The BGP protocol lacks a built-in mechanism to factor in link bandwidth ...

Juniper BNG CUPS Architecture

By Horia Miclea posted 05-13-2024
Juniper BNG CUPS (Control and User Plane Separation) is an emerging broadband architecture for control plane and user plane separation compliant with Broadband Forum TR-459 Issue 2. It dramatically improves the Service Provider’s Total Cost of Ownership and introduces new architecture use cases that were not possible or were based on vendor proprietary solutions. Introduction Fixed broadband ...

Introduction to Metro Ethernet Business Services Validated Design

By Kevin Brown posted 05-13-2024
Introducing our latest Juniper Validated Design (JVD), addressing Metro Ethernet Business Services (EBS) with Juniper MX Series, ACX Series, and PTX Series platforms. In this profile, we’ll deliver over 20 use cases across metro fabric and multi-ring architectures, blending traditional and modern technologies driving the Cloud Metro. Introduction Metro Ethernet has long been a foundational infrastructure ...

EANTC BIER InterOp Testing on PTX10002-36QDD

By Suneesh Babu posted 05-13-2024
BIER Interoperability testing verified between PTX10002-36QDD and other vendors during the EANTC 2024. Introduction BIER – Bit Index Explicit Replication provides a multicast architecture with no per-tree multicast states in the core, by having the information of the destination multicast routers within the packet. The architecture details of BIER are captured in ...

BIER + MVPN in PTX Express 5

By Jeffrey Zhang posted 04-26-2024
High-level functionality description of BIER as MVPN provider tunnels in the upcoming release of PTX Express 5. Introduction In Cheers! Have a BIER , we explained how BIER [RFC8279] works and how it has come to a prime time for BIER deployment with the hardware capabilities from several major vendors across the edge/access/core platforms. This article will discuss the BIER implementation ...

Introducing the ACX7024X

By Nicolas Fevrier posted 04-24-2024
What does differentiate the ACX7024X from the ACX7024 devices? In this short article, we will explain the differences and the motivation behind the creation of this new router. Introduction We launched the ACX7024 in mid-2022, with the following characteristics: 1RU Ethernet router. Built for the aggregation of SFP interfaces (1GE/10GE/25GE) to QSFP28 interfaces ...

vSRX on mini-PC with Linux/KVM

By Karel Hendrych posted 04-21-2024
Using Juniper vSRX on hardware with constrained resources, typically a mini-PC serving as flexible Internet gateway. Those are lately very popular due to low footprint yet with capabilities making them suitable for running virtual machines. Introduction At very minimum, a mini-PC is tool for engineers to have x86 based SRX ( vSRX ) at home in small form factor, with low power consumption ...

SRv6 in PTX Express 5

By Nancy Shaw posted 04-18-2024
PTX Express 5 ASIC has full support for SRv6 with up to 8 carrier segment identifiers (SIDs) in a packet. That translates to 48 micro-SIDs (uSIDs), enough to pass a packet around the world! Following is a description of how SRv6 was implemented in the ASIC. Introduction The large-sized headers and distinct processing steps associated with SRv6 pose challenges in the dataplane. Existing fixed ...

FIB Scale in Express5

By Chandrasekaran Venkatraman posted 04-10-2024
Express5 has leap frogged in terms of Route scale, thanks to a novel approach in implementing the route table memory. This article is part of a series of publications on Express5: Express 5 Overview: https://community.juniper.net/blogs/dmitry-shokarev1/2024/03/12/express-5-overview Introducing PTX10002-36QDD: https://community.juniper.net/blogs/nicolas-fevrier/2024/03/19/introducing-ptx10002-36qdd ...

Flex Offset Filters in Express5

By Chandrasekaran Venkatraman posted 04-04-2024
Filter in Express5 supports Flex Key match on any field in the first 128 bytes of the packet. Using software defined templates, firewall term matches are done using flex-key construction. This can be used to specify matches on user-defined packet byte locations via CLI. Introduction Express architecture supports a highly versatile, multi-facet, high performance Filter to execute Firewall rules. ...

Flexible Packet Processing Pipelines

By Sharada Yeluri posted 03-28-2024
High-level overview of packet processing, exploring the evolution of throughput demands for these processing units, and discussing various methods employed to execute these functions within networking chips. This article has been initially published on LinkedIn at: https://www.linkedin.com/pulse/flexible-packet-processing-pipelines-sharada-yeluri-enf5c/ It's part of a series on Express5, ...

OpenJTS – Network Observability with Streaming Telemetry

By David Roy posted 03-26-2024
Introduction In this article, we’ll present a new open-source tool called OpenJTS (Juniper Telemetry Stack). Designed for effortless adoption, this all-in-one tool demystifies gRPC/gNMI Telemetry on Juniper routing products. We currently support PTX10K, MX (vMX, Neo, and 10K platforms) and ACX7K platforms. Junos/EVO 20.1 and onwards are supported. OpenJTS makes customers/users lives easier when ...

SP-style Config in Apstra Freeform for VLAN Overlap Use-Cases

By Elisabeth Rodrigues posted 03-25-2024
In high multi-tenant environments such as Service Providers, Hosting Providers, or just large enterprises, having to deal with multiple internal customers, efficient utilization of infrastructure is top of mind for network operations teams. While ensuring isolation and security among different users or departments, you also want to leverage network virtualization techniques to support full overlap ...

Introducing PTX10002-36QDD

By Nicolas Fevrier posted 03-19-2024
The new Juniper PTX10002-36QDD is here. It’s our first 800GigabitEthernet, deep-buffer, high-scale, router in the market, powered by Express 5. And we are very excited to share some details about this unique platform. Introduction/Overview The PTX10002-36QDD is a compact form-factor router (2 Rack Units) offering 28.8Tbps of connectivity, and forwarding capability, with 36x 800GigE, 72x 400GigE ...

Express 5 Overview

By Dmitry Shokarev posted 03-12-2024
Express 5 is Juniper's new ASIC for service providers and cloud networks, delivering 2x power efficiency, enhanced traffic insights, hardware-based sampling, value-added services, and supporting high-speed, high-scale routing applications including AI/ML training clusters with up to 16M IPv4/IPv6 routes and 8M counters using a sustainable chiplet-based architecture. Introduction The fifth-generation ...

Introduction to Apstra Flow Data

By Adam Grochowski posted 03-07-2024
With network flow monitoring, you can troubleshoot application issues in a DC fabric with distributed, cloud-native, virtualized, and containerized workloads. Introduction In modern networks, network flow monitoring is essential for network administrators. Network flow monitoring provides far more than traditional connectivity monitoring can. Flow monitoring collects and analyzes data about network ...

Everything You Always Wanted to Know about ACX7000

By Nicolas Fevrier posted 03-06-2024
The ACX7000 family is growing fast. Today, we try a different approach to present this update of the ACX7000 portfolio. Introduction Trying to present each product individually will be a very repetitive and boring process. A more exciting approach could be to describe how they are built and explain why we are selecting specific internal components. That way, you ...

From sFlow to IMON Flow Sampling on MX10K Platforms

By David Roy posted 03-01-2024
A Deepdive on sFlow and IMON/IPFIX315 on MX Routers. Introduction sFlow (sampled flow) is a protocol used for monitoring and collecting traffic data in devices, such as switches, routers, and other networking equipment. The specification of the sFlow ...

Operating MX/SRX Scale-Out System - Bulk Junos Config Changes

By Karel Hendrych posted 02-22-2024
A minimalistic tool for bulk config changes in the scale-out system beyond options available in Auto-FBF CLI Introduction This TechPost is continuation of “ Scale-Out Security Services with Auto-FBF ” article and a follow-up text Operating 1Tbps MX304/SRX4600 firewall scale-out system looking at the things more practically. Now the focus will be on a minimalistic tool for bulk config changes ...

LLM Inference - Hw-Sw Optimizations

By Sharada Yeluri posted 02-20-2024
Details of LLM inference workflow, how it differs from training, the many hardware/software optimizations that go into making inference efficient, and the Inference hardware landscape. Article initially published on LinkedIn in January 2024 at: https://www.linkedin.com/pulse/llm-inference-hwsw-optimizations-sharada-yeluri-wfdyc/ It's a sequel to " Large Language Models - The Hardware Connection ...

Apstra Day 2: Generic Systems

By Robert Lancaster posted 02-08-2024
It is often stated that most network outages occur as a result of changes having been made to the system. There have been many notable examples of this, and they have all affected us. Precise management of network changes is, in fact, one of the key benefits of network automation solutions. Data centers require frequent changes to meet the daily needs of customers. All such activity exposes operators ...

Using Junos SNMP utility MIB on Juniper SRX

By Karel Hendrych posted 02-07-2024
Although good old Junos SNMP MIB is very rich on every platform, occasionally some specific stats could have been handy. For example, number of sessions per IP protocol on SRX. No problem! Blast from the past Junos utility MIB tooling allows expansion of MIB by anything retrievable using RPCs. This short Tech Post aims to give a good starting point for daily use of this simple yet powerful approach. ...

JCNR for Equinix Metal

By Vivek Shenoy posted 01-31-2024
JCNR brings a lot of value by providing seamless connectivity between workloads across locations, public cloud boundaries, and workload form-factor, by providing full router functionality. Author would like to acknowledge and thank Oleg Berzin and Vinod Nair (Juniper Networks) for their help in putting this solution together in such a short time. Problem Statement In this day and age of ...

Operating 1Tbps MX304/SRX4600 Firewall Scale-Out System

By Karel Hendrych posted 01-29-2024
Focusing on SRX firewall – the scaled out device - operational aspects in terms of removing device from service and bringing it back. Introduction This TechPost article is continuation of “Scale-Out Security Services with Auto-FBF” article , now focusing on SRX firewall – the scaled out device - operational aspects in terms of removing device from service and bringing it back. Reading previous ...

ACX7000 Hardware Profiles

By Nicolas Fevrier posted 01-24-2024
An overview of the different hardware profiles available on the ACX7000 Sries, and what is changing in the latest Junos releases. Introduction The ACX7000 routers are powered by Broadcom Jericho2 Series chipsets. These Packet Forwarding Engines (PFEs) are equipped with a substantial internal memory pool known as Modular DataBase (MDB). During the system boot-up, the MDB is segmented ...

Upgrading Device Operating Systems with Apstra

By Adam Grochowski posted 01-09-2024
Juniper Apstra supports Network Operating System (NOS) Upgrades for managed switches, allowing you to upgrade devices directly from the Apstra Server within a consistent workflow process. This document is based on original work by Josh Saul Introduction Apstra supports NOS upgrades for the following platforms: Juniper Junos Cisco NX-OS Arista EOS SONiC (Dell or Edgecore) ...

Packets Lost in Transit?

By Anton Elita posted 01-08-2024
Troubleshooting transit packet drops is not the easiest task for a network engineer. Sometimes, packets can be dropped in the forwarding ASIC at a very early stage, for example because of the wrong destination MAC address, VLAN ID or MPLS label. Inline Monitoring allows to get forwarding status codes for transit packets, as well as a sample of the packet itself – even if the packet was dropped ...

GPU Fabrics for GenAI Workloads

By Sharada Yeluri posted 01-02-2024
GPU cluster scale, model partitioning, and traffic patterns between the GPUs for training workloads. Article initially published on LinkedIn at: https://www.linkedin.com/pulse/gpu-fabrics-genai-workloads-sharada-yeluri-j8ghc/ This article is a sequel to " Large Language Models - The Hardware Connection " Introduction This article covers GPU cluster scale, model ...

Detection of Blackholes Using Juniper Resiliency Interface

By Julian Lucek posted 01-02-2024
Unfortunately, black-holes sometimes occur in networks – packets disappear without trace for no apparent reason. Often the first symptom is when customers of the network complain about poor performance. Working out which router is responsible can be like looking for a needle in a haystack, and even once the suspect router is identified, it can take some time to ascertain which particular packets are ...

Boosting Route Scale and Performance with JunOS

By Moshiko Nayman posted 12-14-2023
Strategies to enhance the scale and performance of routing, aiming for faster convergence, improved stability, and optimized hardware utilization. Disclaimer: The RIB and FIB scales discussed in this article are based on lab exercises and may not necessarily represent the official Juniper Validated numbers.. Overview Routes received by a router are processed across multiple planes ...

G.8275.1.enh: Juniper's Advancements in Timing and Synchronization

By Vladimir Moki posted 12-13-2023
The benefits and versatility that Juniper brings with the PTP G.8275.1.ENH profile and the reasons behind its enhancements. Introduction This blog will primarily highlight the PTP G.8275.1.ENH profile and the reasons behind its enhancements. The blog will detail the benefits and versatility that Juniper brings with this profile. Additionally, it will ...

Apstra Server Clustering

By Mehdi Abdelouahab posted 12-09-2023
How Apstra clustering works with respect to Off-box agents and Probe processing units Introduction The Juniper Apstra standard implementation model is based on one virtual machine, a deployment model sufficient for most use cases. However, in some situations driven either by scale or by the need for computationally intensive processing, it is required to scale out Apstra functions to maintain ...

Liquid Cooling - The Inflection Point

By Sharada Yeluri posted 12-09-2023
The different thermal management solutions for cooling the high-power components in electronic systems (HPCs/Servers and network equipment), trends, and the future. Article initially published on LinkedIn at: https://www.linkedin.com/pulse/liquid-cooling-inflection-point-sharada-yeluri-pis6f/ Introduction All the components (Optics, CPUs/GPUs, ASICs, retimers, converters) in an electronic ...

BNG on MPC10E

By Ricardo Dominguez posted 12-08-2023
Starting in the 22.4R1 JUNOS release, MPC10E supports BNG subscriber access connections. Introduction Both MPC10E line card versions support subscriber management. MPC10E-10C has 2 Trio-5 PFEs, supporting 32K Dual Stack subscribers per PFE, for a total of 64K Dual Stack subscribers. MPC10E-15C has 3 Trio-5 PFEs supporting 32K Dual Stack subscribers per PFE, for a total of 96K subscribers. ...

Automating 3-stage Clos fabric with Terraform and Apstra

By Vivek V posted 12-03-2023
The Juniper Apstra SDK, written in Golang, integrates Apstra into the Terraform ecosystem, enabling an Apstra specific provider. Introduction This article explains the automated deployment of a 3-stage Clos fabric with EVPN VXLAN using Terraform as the automation platform. The Juniper Apstra SDK, written in Golang, integrates Apstra into the Terraform ecosystem, enabling an Apstra specific provider. ...

To Spray or Not to Spray

By Dmitry Shokarev posted 11-21-2023
Solving the low entropy problem of the AI/ML training workloads in the Ethernet Fabrics. Guess how many active IP flows a single GPU normally sends while synchronizing training data with other GPUs? It is only 1. And the traffic is sent at the interface rate, 400Gbps these days. This Techpost gathered two articles initially published on LinkedIn in August 2023 and in September 2023 ...

MX304 FIB Install Rate

By Suneesh Babu posted 11-20-2023
MX304 installs the full Internet tables at 47,000 routes per second, and we will show you how we are testing it. Introduction If you test the MX304 in the lab in front of route/traffic generator, you will see an impressive result of 50,000 prefixes / seconds programmed in hardware. But on the Internet, your MX will receive real routes from actual routers and we can wonder if the FIB install rate ...

Using Apstra Drain Mode

By Jeffrey Doyle posted 11-16-2023
Apstra supports Drain Mode for managed switches, allowing the operator to gracefully drain traffic from devices without simply shutting down the BGP neighbor relationships. This article is derived from original documentation by Josh Saul Introduction This is implemented through modifications to the BGP process (inbound/outbound route-maps) and shutting down connected L2 server ports and MLAG ...

Monitoring PTX Power and Environment’s KPI through Telemetry

By David Roy posted 11-14-2023
How Junos EVO implements the OpenConfig “platform” data model to expose many indicators/counters related to environmental data. Introduction Recently, we covered the PTX power optimization features [1] . If you didn’t read this techpost, we highly recommend having a look at it before reading any further. In this previous article, we presented several built-in functionalities that help reduce ...

Config Rendering in Juniper Apstra

By Adam Jarvis posted 11-07-2023
A description of the different configurations that can be rendered based on the state of the devices in Apstra. This article is derived from original work created by Josh Saul. Introduction Apstra creates configurations for devices that are under its control. This document follows the typical lifecycle of a network device within an Apstra-managed topology. ...

Apstra Freeform Day-2 Configuration

By Andy Ford posted 10-31-2023
Using Tags, Property Sets, and Jinja to simplify Apstra Freeform Day-2 Configuration. Introduction Alongside the Juniper Apstra DC reference architecture built on L2 + L3 VXLAN EVPN, 3 and 5-stage Clos or Collapsed Fabric, Juniper has an additional Apstra reference architecture called Freeform. Freeform provides many ...

Building Virtual Fabrics with vJunos-switch and Containerlab

By Aninda Chatterjee posted 10-27-2023
How vJunos-switch is deployed as a VM, packaged within a container, on a bare metal server using the open source network emulation tool Containerlab. We’ll start with instructions on how to install Containerlab on Ubuntu 22.04 LTS, along with other dependencies that are needed to create the vJunos-switch docker image. Once done, we’ll demonstrate how network topologies can be deployed using this ...

Introduction to Apstra Freeform

By Bill Wester posted 10-25-2023
From the basic constructs Freeform uses – Tags, Device Contexts, Property Sets, and Config Templates – to creating a simple Freeform blueprint, to a number of advanced case studies. Introduction Juniper Apstra is a powerful automation and operations solution that manages the entire data center switching fabric’s life cycle. The life cycle consists of the design, deployment, and operational phases ...

Mastering BGP PIC on JUNOS

By Moshiko Nayman posted 10-24-2023
Optimizing Failover Convergence for Enhanced Network Resilience with BGP PIC implementation in JUNOS. Introduction This blog will delve into multiple Juniper features to enhance failover convergence, often referred to as BGP-PIC (Prefix-Independent Convergence). This set of features improves convergence speed in BGP-based networks. It achieves this by precomputing backup paths for BGP prefixes, ...

Using Apstra Policy Assurance

By DJ Spry posted 10-16-2023
Apstra manages network security and workload isolation via the Policy Assurance feature. This feature allows you to create policies that are decoupled from enforcement mechanisms and will enable the specification of the intent in an implementation-independent way. Background Using Juniper Apstra and our Intent-Based Networking approach, you can make quick progress in terms of your security posture. ...

Chiplets - The Inevitable Transition

By Sharada Yeluri posted 10-13-2023
A look at the semiconductor industry evolution, the inflection points, and how packaging and interconnect technologies evolved to make chiplets a viable alternative to monolithic dies to keep Moore's law alive, CPU/GPU and networking industry's chiplet adaption and the future trends... Article initially published on LinkedIn at: https://www.linkedin.com/pulse/chiplets-inevitable-transition-sharada-yeluri/ ...

ESI-LAG Made Easier with EZ-LAG

By Ridha Hamidi posted 10-10-2023
A detailed configuration example that shows how to dual-home data center servers to Juniper leaf switches by using EZ-LAG, a simplified version on ESI-LAG made for customers looking for a smooth transition from Multi-Chassis LAG without having to immediately learn all the features and complexities of EVPN-VXLAN technology. Introduction Dual homing is an essential feature to provide connection ...

BIER For SR Multicast – Cheers!

By Jeffrey Zhang posted 10-06-2023
As a revolutionary multicast technology that allows efficient replication without requiring per-tree states in the network, Bit Index Explicit Replication (BIER) is the perfect solution for multicast in SR networks. This article explains BIER technology and its implementation/deployment prospects. Traditional Multicast: Replication Efficiency vs. State Multicast delivers traffic to multiple recipients ...

Apstra Device Replacement

By Bill Wester posted 10-05-2023
An essential operation in a working data center network would be the need to replace a device that has either failed or just needs to be re-allocated/reused for other purposes. This document describes the steps needed to accomplish this task via the Apstra UI and the Apstra Terraform Provider. Note that we did not have physical hardware to perform this operation in our test environment. ...

Large Language Models - The Hardware Connection

By Sharada Yeluri posted 10-03-2023
A brief introduction to the LLMs, the hardware challenges in training these models, and how the GPU and networking industry is evolving to optimize the hardware for the training workloads. Article initially published by Sharada on LinkedIn here in July 2023. Introduction to Generative AI and Large Language Models Generative AI is a branch of artificial intelligence that focuses on creating ...

IP VPN Network Apstra Freeform

By Elisabeth Rodrigues posted 09-19-2023
Illustration of an IP/VPN MPLS network provisioned and operated with Apstra Freeform. Introduction Juniper Apstra is our specialized intent-based networking software. Juniper Apstra reference designs are DataCenter validated designs that provide comprehensive guidance from the initial setup (day 0) to ongoing operations (day 2). Our automation tool ...

Suspicious Control Flow Detection

By Moshiko Nayman posted 09-18-2023
Juniper enhanced the initial DDoS protection feature with Suspicious Control Flow Detection (SCFD). It provides deeper analysis within a given protocol or packet-type: a s olution that addresses the need for more granular flow policing, s upported from Junos OS 17.1R1 Introduction Another potent feature integrated into the MX series platform and the MX Trio silicon is the DDoS protection. ...

Traffic Accounting with MX Features

By David Roy posted 09-12-2023
How much traffic coming from Internet reach my different POPs? Can I monitor in real time the traffic coming from the “TOP Internet Talkers”? Is there an easy way to count traffic entering and leaving my VRFs?"... If you are part of a support or capacity planning team, you frequently got this questions. Let’s imagine a dialogue between two network engineers to introduce what we’ll detail in this ...

Saving Power on ACX7000 Series

By Nicolas Fevrier posted 09-11-2023
How we can significantly reduce the power usage of the ACX7000 routers with basic configuration and simple best-practices. Introduction Power saving and carbon footprint reduction are top of mind topics in our discussions with customers. We recently published a couple of posts on energy usage optimization on PTX ( https://community.juniper.net/blogs/ramdas-machat/2023/07/27/saving-energy-on-ptx-with-pfe-power-off ...

Apstra Configlets

By Wataru Nakamae posted 09-07-2023
Configlets allow the administrator to create custom configuration templates and automatically deploy them to devices based on intent. This document was developed from the original work by Josh Saul. Special thanks to Adam Grochowski for his significant contribution to the development of the content in this document. Introduction Juniper Apstra automates the ...

EVPN-VXLAN OISM on PTX Routers

By Ramdas Machat posted 09-04-2023
Guide to the EVPN VXLAN based Optimised Inter-subnet Multicast (OISM) on Express4 based PTX10k platforms. This document is co-written by Ramdas Machat and Abdul Nasir M. Introduction Handling unicast traffic is easy within the EVPN-VXLAN Data Centre Fabric (DCF) with no worries of handling the BUM, Inter-subnet routing and duplicate traffic. For multicast, ...

PTX10000 Power Optimization

By Nicolas Fevrier posted 08-29-2023
Did you know: numerous built-in functionalities with Junos-EVO are enabled by default and help reducing the power usage and carbon foot-print of your PTX routers? First we’ll try to briefly characterize the different components of a router, and what influences their power consumption. Then we will detail all the features present in the Junos-EVO to optimize this power usage. What Consumes Power ...

BGP CT Use-Cases

By Julian Lucek posted 08-28-2023
Key applications of BGP Classful Transport (BGP-CT), including path-diversity across multiple ASes, multi-AS paths that take into account sovereignty constraints, and paths that achieve the minimum end-to-end latency across ASes. Introduction Color-based transport has been used within single ASes for several years, so that traffic can be selectively mapped onto the appropriate underlay transport ...

Creating Audit Trails with the Apstra Event Log

By Bill Wester posted 08-16-2023
The Audit trail feature tracks a user’s actions while using Apstra and can be very useful in investigating general usage, network outages, and possible suspicious activity. Introduction Juniper Apstra automates the creation and management of data center fabrics and is designed to be the central point from which all network changes are made. What is Audited? Each of the following is modeled ...

Scale-Out Security Services with Auto-FBF

By Karel Hendrych posted 08-12-2023
An alternative approach to scale-out of security services, specifically for CGN and Gi Firewall deployments called auto-fbf. Technologies in scope are MX, on-box automation and SRX/vSRX as scaled-out elements delivering services. Solution Design Discussion Let’s step back first and talk about essential questions related to scale-out. There are quite a few pros and cons, but as it seems given ...

Adding Device Profiles Using the Apstra UI

By Andy Ford posted 08-11-2023
The capabilities of a specific switch hardware model are defined in the Device Profile and linked to the logical representation of the switch. Linking these together allows Apstra to build out the topology efficiently, provide efficient day-2 changes, and accurately build the configuration for a given switch to be used in your topology. Introduction The Apstra system utilizes defined building ...

Apstra IP Fabric Reference Design

By Bill Wester posted 08-05-2023
Juniper Apstra’s fundamental purpose is to minimize operational costs and maximize the speed of network operations by furnishing predefined, rigorously validated reference designs. The reference design enables users to specify what they expect to happen with a minimal number of steps; the Apstra software takes care of the complexities of fulfilling the expressed expectations. That’s the foundation ...

Centralized Deterministic CGNAT

By Ricardo Dominguez posted 08-03-2023
All you need to know on Centralized Deterministic NAT configuration, scale and performance on MX routers. Introduction Internet Assigned Numbers Authority (IANA) allocated the last 5 IPv4 addresses blocks on February 3, 2011. RIPE NCC run out of IPv4 addresses, it allocated the final /22 IPv4 address on November 25, 2019. IPv6 adoption ...

Off Box Security Services Solution

By Horia Miclea posted 08-02-2023
The Juniper Off Box Security Services Solution defines a common security services complex to be used in conjunction with MX Provider Edge (PE) deployments for Service Providers and Enterprises which leverage the vSRX or SRX4600 security products to provide scale-out IPsec, CGNAT and Firewall (Universal Threat Management) services. This solution is developed in collaboration by the Juniper Automated ...

Link Slicing with MPLS and SRv6 Underlays Part 2

By Krzysztof Szarkowicz posted 07-30-2023
Another use case for link slicing: instead of data plane identifiers, control plane identifiers are used. Control plane protocols exchange the information that allows to classify packets to link slices. Introduction The Link Slicing with MPLS and SRv6 Underlays blog post discussed the guaranteed link slicing feature, with MPLS and SRv6 as underlay transport. The blog post used data plane identifiers, ...

Saving Energy on PTX with PFE Power Off

By Ramdas Machat posted 07-27-2023
Let's test the real power saving on PTX platforms achieved when shutting down used and unused Packet Forwarding Engine (PFE). Introduction Power efficiency is key in today’s ever-growing Service providers and Cloud providers networks. Network industry improved the power and carbon footprint over the years through real innovations in silicon: manufacturing process, various components integration ...

MPLS Label Anti-Spoofing

By Moshiko Nayman posted 07-13-2023
Solution to secure BGP Option B against MPLS label spoofing on MX Series routers. Introduction Solution to secure BGP Option B against MPLS label spoofing, supported from Junos OS 16.1, MX platform with Trio™ chipset. This capability would be beneficial for service providers or cloud providers who need to compartmentalize a ...

Optimizing Power Consumption in High-End Routers

By Sharada Yeluri posted 06-22-2023
A detailed review of the various components inside a high-end router and how they contribute to overall power consumption. Article initially published on Linked here . Introduction The last few decades have seen exponential growth in the bandwidths of high-end routers and switches. As the bandwidths of these systems increased, so did the power consumption. To reduce the carbon footprint ...

Time Synchronization and Class D Clocks Support

By Rafik P posted 06-20-2023
Timing and synchronization requirements and capabilities are continually evolved to drive the ultra-low latency, mission critical and advanced radio applications for 5G and beyond. Satisfying the new enhanced ITU-T and other standards for time accuracy in network equipment requires careful planning of the timing architecture. Introduction As the timing synchronization technologies have evolved ...

BGP FlowSpec “Exclude Interfaces” on Express2 Platforms

By Jordan Head posted 06-07-2023
BGP FlowSpec is one of the mechanisms that allows a network to protect itself against DDoS attacks. A common mitigation tactic is to redirect malicious traffic to a scrubbing center for further analysis. If any of the analyzed traffic is found to be legitimate, it can be re-injected into the network. However, we must make a few considerations to ensure the re-injected traffic is properly forwarded ...

ACX7000 ERSPAN and Port Mirroring

By Pankaj Kumar posted 05-30-2023
Traffic mirroring is a useful method for debugging traffic patterns. The ACX7000 family of products supports both local port mirroring and ERSPAN. This article describes how to utilize these functionalities. Analyzer Local Port or remote mirroring are implemented via a software component we call "analyzer". Under this forwarding-options analyzer configuration statement, we will define certain ...

BGP CT Interop Demo EANTC2023

By Kaliraj Vairavakkalai posted 05-22-2023
BGP CT interoperability tests between Junos, Junos Evo and FreeRTR routers conducted in Berlin during the EANTC2023 event in March 2023. Introduction The BGP Classful Transport tests have been carried out in Berlin during the EANTC2023 interop event and included: Junos router: MX204 Junos EVO: PTX10001-36MR RARE/freeRtr router BF2556X-1T Demo recorded by Natrajan ...

Link Slicing with MPLS and SRv6 Underlays

By Krzysztof Szarkowicz posted 05-12-2023
The guaranteed link slicing feature, using MPLS and SRv6 as underlay transport. Link slicing is a way to share physical bandwidth on links between multiple tenants, and guaranteed means providing minimum (guaranteed) bandwidth per tenant in case of congestion, as well as a possibility to enforce maximum transmit rates per tenant. Any leftover or unused bandwidth ...

Deploying and Using vJunos in a Bare Metal EVE-NG server

By Shalini Mukherjee posted 05-11-2023
vJunos-switch and vJunosEvolved deployed on EVE-NG and integrated with Juniper Apstra to build a complete Data Center fabric. Article co-written with Aninda Chatterjee and Shalini Mukherjee, TME in Juniper Networks Cloud-Ready Data Center team. Introduction In this article, we will look at how vJunos-switch and vJunosEvolved is deployed on a bare metal install of ...

vJunos Deployment on KVM

By Ridha Hamidi posted 05-10-2023
A comprehensive user guide on how to successfully deploy and use vJunos-switch and vJunosEvolved on KVM (one of the most popular virtualized environments in the community, alongside EVE-NG and GNS3). Summary Juniper is releasing a new virtual test product named vJunos that is targeted at data center and campus switching use cases. vJunos comes in two flavours for the initial release: ...

Mobile Backhaul Services Overlay

By Kevin Brown posted 04-12-2023
Olé, Olé, Overlays! Welcome back to the validation design series and today is all about that overlay! Introduction The previous blog Building Border Agnostic Architectures with Seamless MPLS explored the advantages of Seamless MPLS in the referenced use case for Mobile Backhaul, enabling interdomain connectivity across disparate networks referred to as regions . There are in fact ...

New Subscriber QOS for Next Generation Broadband

By Horia Miclea posted 04-04-2023
Broadband services are evolving with cloud streaming and advanced video, a new BNG QOS model for subscribers is required to optimise latency, throughput and scale. This techpost introduces a new subscriber QOS model based on Hierarchical Policers. Broadband Market Trends Fixed broadband is the engine driving digital connectivity for billions of consumers and most of the world’s enterprises. In ...

MX304 Deepdive

By Reema Ray posted 03-28-2023
A detailed review of the latest router of the MX Series. Powered by Trio6 PFE, it offers unique form-factor and modularity, with interface spanning from 1GE to 400GE and control-plane redundancy. Introduction The Juniper MX304 is the latest addition to the MX Portfolio: a unique combination of compact form-factor, bandwidth modularity, control-plane redundancy, and interface diversity. Powered ...

MPC10E Deepdive

By Deepak Tripathi posted 03-13-2023
A detailed view of the MPC10E line cards used in MX240, MX480 and MX480. MX240/480/960 product family has been Juniper's flagship product for many years. It continues to delight our customers by protecting their investments through continuous capacity upgrades without having to rip ...

Sizing Router Buffers - Small is the New Big

By Sharada Yeluri posted 02-22-2023
Current practices and future trends on buffers in networking chips. Article initially published on LinkedIn . Introduction This article explores the history and evolution of packet buffering in high-end routers. Buffers are essential in routers and switches to prevent data loss during periods of network congestion. ...

Building Border Agnostic Architectures with Seamless MPLS

By Kevin Brown posted 02-16-2023
Third part of the Juniper Validated Design series on basic Mobile Backhauling, with a focus on Seamless MPLS and BGP-LU. Introduction In the third Juniper Validated Design (JVD) article on the Mobile Backhaul reference architecture and use case, we explore the implementation of decoupling transport architecture from the service overlay by leveraging Seamless MPLS. This was a foundational technology ...

SRv6 L3VPN Inter-AS Option-C

By Krzysztof Szarkowicz posted 02-06-2023
Layer 3 Virtual Private Network Inter-AS option using SRv6 as underlay transport on MX and ACX7000 routers. Introduction This is the 5th blog post in the series of SRv6 blogs. This blog post is co-authored by Krzysztof Szarkowicz and Rajesh M, and discusses the L3VPN (Layer 3 Virtual Private Network) Inter-AS (Inter Autonomous System) Option C, ...

Service Mapping to Colored MPLS Paths

By Anton Elita posted 01-18-2023
Mapping modern and legacy services to colored MPLS paths, achieving business differentiation. Introduction People say there are no greenfield service providers (SPs). Some networks grow organically, some by acquisitions and merges. Growth takes time, and technology does not stay idle – speaking not only of interface speeds, but as well of the used protocols. Sooner or later, a more efficient ...

EVPN E-LAN on PTX10k Platforms

By Ramdas Machat posted 01-09-2023
We validate EVPN E-LAN on Express4-based platforms playing the role of PE. In this article, we will describe the various approaches, the configurations and the instance scaling. Introduction In this first article , we introduced the key concepts of EVPN, focusing on the E-LINE/VPWS aspects. Let's now cover in details EVPN E-LAN service implementation on the PTX with Junos EVO and 400GE platforms ...

Longest Prefix Matching in Networking Chips

By Sharada Yeluri posted 01-02-2023
Basic concepts of Forwarding Information Base (FIB), the longest prefix match (LPM) for IP forwarding, and how its implementation has evolved over time. The emphasis is on various hardware implementation choices and how they compare with each other in die area/power and performance. This is intended as a high-level primer. Article initially published on LinkedIn . Basics In a networking ...

EVPN E-Line on PTX10k platforms

By Ramdas Machat posted 12-12-2022
Let's test EVPN ELINE/VPWS on Express4-based platforms playing the role of PE. In this article, we will describe the various approaches, the configurations and the instance scaling. Introduction Service providers always look for the adoption of new technologies to improve their connectivity and the total uptime for the services they offer to their customers. There is a requirement to move to ...

PTX10001-36MR FIB Install Rate

By Suneesh Babu posted 12-12-2022
PTX10001-36MR installs the Internet routes at more than 27,000 routes per second, and we will show you how we are testing it. Introduction PTX10001-36MR supports an internet route install rate of 25,600 routes per second for IPv4 Internet profile and 27,230 routes per second for IPv4 +IPv6 stack with 22.2R2 Junos-EVO Image. It's a test we regularly perform in our labs. Test Methodology ...

SRv6 SID Encoding and Transposition

By Krzysztof Szarkowicz posted 12-02-2022
JUNOS 22.3 introduced several changes in the SRv6 infrastructure, this article covers them in details. Introduction This is the 4th blog in the series of SRv6 blogs. It discusses the SRv6 infrastructure changes introduced with Junos 22.3. Namely: structured way of SRv6 SID composition (Locator Block, Node Block, Function, Argument), ...

Juniper Apstra Introducing a True IBNS

By Aninda Chatterjee posted 11-30-2022
What a true IBN system is? How relational and graph databases are different? And why graph databases are ideal for network infrastructure? Introduction This post will look at what Intent-Based Networking truly is, and what an Intent-Based Networking System (IBNS) looks like. We’ll then take a bit of a detour and talk about databases - it is important to (at minimum) gain a basic understanding ...

ACX7000 L2 MAC Scale and Learning Rate

By Suneesh Babu posted 11-29-2022
We verify ACX7000 platforms support 700,000 MAC addresses with a learning rate of 14,000 entries per second. Introduction This is the sixth and last article in the ACX7k Metro Validation Series: 1. EVPN MAC-VRF (E-LAN) 2. EVPN VPWS 3. L3VPN, 6VPE 4. L2VPN 5. VPLS 6. L2 MAC Scale and Learning ...

VPLS Validation on ACX7000

By Suneesh Babu posted 11-29-2022
Let's verify we can support 8,000 VPLS instances in the ACX7000 products with 640,000 MAC addresses. Introduction This is the fifth article in the ACX7k Metro Validation Series: 1. EVPN MAC-VRF (E-LAN) 2. EVPN VPWS 3. L3VPN, 6VPE 4. L2VPN 5. VPLS 6. L2 MAC Scale and Learning Rate In this article, we validate the ...

L2VPN Validation on ACX7000

By Suneesh Babu posted 11-16-2022
ACX7000 platform is tested with 8,000 Layer2 VPN Routing-instances for 99.9% line rate traffic. Introduction This is the third article in the ACX7k Metro Validation Series: 1. EVPN MAC-VRF (E-LAN) 2. EVPN VPWS 3. L3VPN, 6VPE 4. L2VPN 5. VPLS 6. L2 MAC Scale and Learning Rate ...

ACX7509 Deepdive

By Nicolas Fevrier posted 11-14-2022
The first centralized platform of the ACX7000 family. Based on a modular design, it offers control plane and forwarding plane redundancy with port density spanning from 1GE to 400GE, in just 5RU. Introduction The ACX7509 is a centralized platform part of the ACX7000 family. This router is powered by two Broadcom Jericho2c [BCM8882x] and runs Junos EVO modular software. Figure 1: ...

L3VPN Validation on ACX7000

By Suneesh Babu posted 11-09-2022
ACX7000 platform has been tested successfully with 4,000 Layer3 VPN Routing-instances with BGPv4, BGPv6, OSPF, OSPFv3, ISISv4, ISISv6, Static-v4, Static-v6 as CE-PE protocols and with a total of 1.35M routes. Introduction This is the third article in the ACX7k Metro Validation Series: 1. EVPN MAC-VRF (E-LAN) 2. EVPN VPWS 3. L3VPN, 6VPE 4. L2VPN 5. VPLS ...

EVPN VPWS Validation on ACX7000

By Suneesh Babu posted 11-05-2022
Junos EVPN-VPWS feature supports 8,000 instances with 4,000 VLAN-UnAware and 4,000 VLAN-Aware Service Types on ACX7000 Platforms. Introduction This is the second article in the ACX7k Metro Validation Series: 1. EVPN MAC-VRF (E-LAN) 2. EVPN VPWS 3. L3VPN, 6VPE 4. L2VPN 5. VPLS 6. L2 MAC Scale and Learning Rate ...

VPLS to EVPN-VPLS Seamless Migration on MX Routers

By Ramdas Machat posted 11-01-2022
Techniques, configurations and best practices for migrating from legacy business services to EVPN on MX Routers. Introduction Service providers started adopting the EVPN technology as a replacement for their L2 technology requirements like VPLS, L2VPN. There is a lot of benefits of EVPN as a technology which is briefly covered in the below section. At the ...

EVPN MAC-VRF Validation on ACX7000

By Suneesh Babu posted 10-29-2022
JUNOS unified way of bringing up EVPN E-LAN using mac-vrf instance type supporting 6,000 instances on ACX7000 with 642,000 MAC scale. Introduction This article is the first in a series on ACX7k Metro Validation. We are covering the following features and their scale. 1. EVPN MAC-VRF (E-LAN) 2. EVPN VPWS 3. L3VPN, 6VPE 4. L2VPN 5. VPLS ...

Silicon Photonics and Integrated Optics

By Sharada Yeluri posted 10-27-2022
SiPh (Silicon Photonics) is no longer SciFi (Science Fiction). Let's see where is the industry today with co-packaged optics... Article initially published on LinkedIn . Introduction This article explains the basic concepts of optical communication, the evolution of Silicon Photonics, how the industry is moving toward integrating optics with ASICs in ...

BGP RIB Sharding

By Ravindran Thangarajah posted 10-24-2022
Discover how BGP RIB Sharding can help improve routing performance and scale in JUNOS. Introduction Border Gateway Protocol (BGP) forms the basis for routing in the Internet and datacenter networks. This protocol has a track record of successfully running the Internet for years. It supports extensive policy controls and is ...

PTX10001-36MR Introduction

By Dmitry Shokarev posted 10-18-2022
Product manager’s description of the PTX10001-36MR router. Product characteristics, port types and supported port combinations, architecture and the applications of the router are all outlined in the article. Overview PTX10001-36MR is a compact 9.6T system designed for multiple applications: peering, core, content delivery network router, data center spine switch and a data center gateway. ...

Sampling Evolution

By Dmitry Shokarev posted 10-16-2022
Are the flow caches effective to support IPFIX implementations today? What happens if we stop using them? Learn about the new IPFIX implementation in Juniper PTX and ACX7000 routers. Introduction NetFlow was initially designed as a flow monitoring technique where the network element monitors IP flows, aggregates statistics over multiple packets of the same flow, and periodically exports ...

PTX10001-36MR L2 Circuit Scale

By Dmitry Shokarev posted 10-06-2022
The PTX10001-36MR is well-known for its core, peering and DCI capabilities, but it's also a very performant L2 aggregation device. In this article, we will test and demonstrate L2 virtual circuits scale on Express4-based PTX routers. Introduction Each Express 4 ASIC (Codename: “BT”) supports up to 16384 logical interfaces. In this test scenario we distribute logical interfaces between two PFEs ...

SRv6 Summarization

By Krzysztof Szarkowicz posted 09-28-2022
Let's discuss the multi-domain SRv6 network together with the concept of SRv6 locator summarization. SRv6 locator summarization allows for large-scale, multi-domain deployments with SRv6. Introduction Third TechPost article in the SRv6 Series: In the last blog I discussed the End.DT4, End.DT6 and End.DT46 SIDs , which are used to realize L3VPN, both IPv4 and IPv6, over SRv6. In this blog ...

PTX and ACX7000 FIB Compression

By Nicolas Fevrier posted 09-19-2022
Did you know the internet table can be compressed significantly? We explain how the PTX and ACX7000 routers running Junos EVO are currently implementing FIB compression. TL;DR FIB Compression has been discussed for a very long time in this industry, but what most people probably don’t know: it’s already very efficiently deployed in many production networks. The maximum compression ratio we can ...

Inter-domain On-demand SR-TE LSPs with BGP-LS

By Anton Elita posted 09-16-2022
A standard-based approach to placing MPLS-based services with path constraints across multiple networks. Have you tried bringing up inter-domain tunnels in MPLS networks? Well, then you know it’s not so straightforward! Especially when you require fine-grained traffic-engineering (TE), like delay-based routing or link affinities spanning ...

ACX7024 Deepdive

By Pankaj Kumar posted 09-13-2022
Everything about the new addition to the Cloud-Metro family, the ACX7024. A 1-RU router, with 360Gbps forwarding capacity. Introduction ACX7024 is 1RU Ethernet-only router with 360Gbps bidirectional forwarding capacity and with Class-C Timing. It is the temperature hardened and support from -40C to +65C. This router is primarily targeted at the Cell site /Access market but can ...

Seamless MPLS LDP-Signaled with OSPF IGP Underlay

By Kevin Brown posted 08-26-2022
Second profile of the Juniper Validated Design series on basic Mobile Backhauling, with a focus on LDP-signalled MPLS and OSPF IGP. Introduction In this section, we’ll walk through essential components of the Seamless MPLS Mobile Backhaul (MBH) topology demonstrated in Profile-2, which features OSPF and LDP-signaling. Check the first article "JVD Mobile BackHaul Overview" ( https://community.juniper.net/blogs/kevin-brown/2022/06/28/jvd-mobile-backhaul-overview ...

ZR/ZR+ Coherent Optics in ACX7100-32C

By Antu Chatterjee posted 08-23-2022
How does the Juniper ACX7100-32C router handle a fully loaded 400GE ZR and 100GE ZR4, long reach, high power coherent optics configuration? Introduction In this article, I want to talk about long reach, high power coherent optics challenges on 1RU fixed form-factor routers and how Juniper’s ACX7100-32C (Cloud Metro ACX platforms) handles these challenges with design choices to optimize the ...

Tearing Down the Memory Wall

By Sharada Yeluri posted 08-22-2022
The gap between processor and memory performance and density continued to increase - this is often referred to as the "Memory Wall". Article initially published on LinkedIn. Introduction: Von Neumann Bottleneck / Memory Wall All modern computers are built using the principles of Von Neuman Architecture . In this architecture, the program and the data reside in memory ...

ACX7100 Deepdive

By Pankaj Kumar posted 08-16-2022
In this post, you’ll learn everything about the first two Juniper Cloud-Metro devices: ACX7100-32C and ACX7100-48L. Article co-written by Nicolas Fevrier and Pankaj Kumar. High-Level Introduction ACX7100 is the first Juniper product powered by Broadcom Jericho2 [BCM88690] and running Junos EVO modular software architecture. The products ...

L3VPN over SRv6

By Krzysztof Szarkowicz posted 08-11-2022
How unicast IPv4/IPv6 within L3VPN VRFs are implemented with Segment Routing v6 (SRv6) as underlaying transport technology. Introduction In the first blog of SRv6 (Segment Routing version 6) series I discussed the very basic SRv6 concepts: SRv6 locator and SRv6 SID (Segment Identifier), particularly most basic SRv6 SID, which is End SID. This is the second ...

MX10000 LC480 Deepdive

By Deepak Tripathi posted 08-02-2022
LC480 is a 48 port 1G/10G line card supporting Business Services(L2/L3) with rich OAM features, Broadband subscriber at scale, H-QoS, high filter scale and deep buffers. It’s a perfect complement to the MX10K portfolio known for supporting highly dense 100G and 400G (LC9600) line cards. Introduction LC480 is a 1GE/10GE optimized line card enabling the multi-service edge use cases requiring low-speed ...

Let’s Talk About VOQ and DNX Pipeline

By Nicolas Fevrier posted 07-27-2022
To understand the life of a packet in an ACX7000 Series router, you first need to understand the idea behind Virtual Output Queues. Introduction Many Network Processing Unit (NPU) architectures are available on the market today. They propose different packet buffering approaches, performed in both ingress and egress datapaths (sometimes referred to as “2-stage buffering architecture”) or in ...

Telemetry Collector and Graphical Front End on Junos Evolved

By Anton Elita posted 07-18-2022
You want to install a TIG (Telegraf, InfluxDB, Grafana) stack directly in your lab router? Most network engineers have heard of using streaming telemetry in modern networks. Trying it in the lab often requires basic knowledge for a start, and dedicated computing resources. This article addresses both concerns. Installing the necessary software will be shown step-by-step, and Junos Evolved ...

Layer 3 Solution for CDN Gateway

By Ramdas Machat posted 07-04-2022
The world of CDN gateways is usually built around L2 domains and IRB, where a switch interconnects CDN servers, hosts and the L3 gateway. We propose a solution directly associating hosts and CDN servers at L3. Introduction A Content Delivery Network (CDN) refers to the geographical distribution of a group of servers working together to provide fast delivery of the Internet content. Today, a lot ...

Networking Chips vs GPUs/CPUs

By Sharada Yeluri posted 07-01-2022
Networking chips (also called network processors) started getting momentum in the mid-90s, with Juniper at the forefront of the revolution, when we figured out how to do the longest prefix match lookups in hardware! Introduction In this era of CPUs, GPUs, and AI inference chips (often stripped-down versions of GPUs with a focus on matrix operations), where every other semiconductor start-up ...

Express 4 Filters - Foundation

By Dmitry Bugrimenko posted 06-30-2022
This series of articles provides a guide to understanding the capabilities and operating principles behind the Filter block in the Express silicon architecture, deep insights into its mighty power and efficiency, and practical application to real world networking and security problems. In Part 1 of the series, we will examine challenges of implementing high speed feature-rich packet filters in ...

SRv6 Basics: Locator and End SIDs

By Krzysztof Szarkowicz posted 06-29-2022
SRv6 (Segment Routing version 6) is a version of segment routing based on IPv6 tunneling mechanism, rather than on MPLS (MultiProtocol Label Switching) underlay. Therefore, with SRv6 underlying transport routers must be capable of forwarding IPv6 (Internet Protocol version 6) packets, and do not require MPLS support. In the first series of SRv6 articles, I will present very basic SRv6 functionality. ...

MX10000 LC9600 Deepdive

By Deepak Tripathi posted 06-29-2022
All you always wanted to know of the newest MX10k line card powered by Trio 6 PFE and optimised for 100GE and 400GE requirements. Introduction Juniper has established itself as a 400G leader with a variety of options for its PTX, ACX, and QFX series products. MX routers with MPC10E and MPC11E already support 400G speed in multi-service edge role on MX240/480/960 and MX2K product family. LC9600 ...

JVD Mobile Backhaul Overview

By Kevin Brown posted 06-28-2022
Summary of the Juniper Validated Design series dedicated to 5G xHaul reference architecture (Fronthaul, Midhaul, and Backhaul network segments). Welcome to the Juniper Validated Design (JVD) series. The motivation behind JVD has been detailed in this previous article: https://community.juniper.net/blogs/nicolas-fevrier/2022/06/26/introducing-the-validation-series For this validation ...

Introducing the Validation Series

By Nicolas Fevrier posted 06-26-2022
Short introduction to the validation articles. What you should expect from these blog posts, unit testing or extracts of the Juniper Validated Designs. Article co-written by Kevin Brown and Nicolas Fevrier Introduction Before deploying a new product, technology, or network architecture most of our customers go through a validation / proof-of-concept (POC) phase. They build a lab environment ...

Building the ACX7000 Series: the PFE

By Nicolas Fevrier posted 06-26-2022
First article “Behind The Scene” on the building of the ACX7000 Series, starting with the heart of the router: the Packet Forwarding Engine. Introduction With the introduction of the ACX7100 routers (-32C and -48L), we initiated the integration of Broadcom Jericho2 Network Processing Unit (NPU) in Juniper Networks ACX portfolio. It’s the first of a series that will show the addition of many new ...