TechPost

TechPost

Byte-Sized Articles on Juniper Solutions by Network Engineers, for Network Engineers

Filter-Based Forwarding on MX

A detailed overview of Filter-Based Forwarding (FBF), also known as Policy-Based Routing (PBR), on MX Series routers (AFT), using common deployment ...

QFX5K-Series Switches Packet Buffer Architecture

Packet Buffer Architecture on QFX5K-Series switches and various buffer tuning options available on these platforms to maximize the traffic burst ...

com.android.ipsec IKEv2 vs SRX

Example settings for connecting a VPN from the native IKEv2 client on Android 13+ to a Juniper SRX firewall. Due to the client's nature, use cases ...

Migrating from OSPF/LDP to OSPF/SR-MPLS

Migrating from a multi-area OSPF with LDP to SR-MPLS is a transition that can be achieved with ease, provided you have a clear understanding of ...

MACsec and L2PT over Non-Point-to-Point Networks in Junos

Junos 25.2R1 enhances Layer 2 Protocol Tunneling in VXLAN tunnels and traditional VLANs by introducing support for more protocols, allowing MACsec ...

BNG CUPS Controller and Geographical Redundancy

Juniper BNG CUPS (Control and User Plane Separation) Architecture supports the Broadband Forum TR-459 Issue 2 and 3 use cases. This blog announces ...

Automate Juniper Apstra with PowerShell

It’s all built into Windows. Leverage Windows PowerShell to a utomate Juniper Apstra without installing PowerShell as a language or ...

SR Tactical Traffic Engineering in Junos

Junos OS 23.4R1 introduces Segment Routing Tactical Traffic Engineering (SR-TTE), a unique and innovative solution designed to address temporary ...

DNS64 and NAT64 on SRX Series

In this short post, we’ll look at configuring the SRX for 6-to-4 NAT (NAT64) when using IPv6-only clients with an external DNS64 server. We’ll also ...

Single Stage IBA with GaN Converters

A brief overview of the challenges faced in next-generation networking and data communication equipment using older Intermediate Bus Architecture ...

SRX/CloudATP Multi-Tenant DNS Filtering

Describes the ability of the Juniper SRX, in conjunction with the CloudATP service, to enforce DNS query blocking through an API-driven, multi-tenant ...

Monitoring PFE Resources on EVO Routers

Explore another use case of the Utility MIB feature [1] in Junos and EVO. We previously discussed this feature in a separate Techpost [2] in the ...

Multi-Node High Availability Basics

In this post, we’ll take a technical dive into Multi-Node High Availability (MNHA) on Juniper’s SRX platforms – a flexible approach to providing ...

Service Orchestration with Paragon Automation

How Paragon Automation (PA) automates workflow steps in provisioning L3VPN/EVPN/L2Circuit service based on declarative intent. This article ...

MX10000 LC4800 Deepdive

A detailed description of the latest MX10000 Series new line card, offering a mix of QSFP-DD and SFP-DD ports, and powered by three Trio 6 Forwarding ...

Navigating the Shadows of Dark Fiber Connectivity

Juniper’s Converged Optical Routing Architecture – Unamplified Links. Explore the solution for High-Capacity Transport using 400G OpenZR+ Optics. ...

SRv6 Observability

How can we monitor the SRv6 data plane, and collect statistics on the SRv6 SRH and tunnels with IPFIX option 315 / IMON? Introduction ...

SRX4600 CGN Configuration Breakdown

Junos configuration details and KPIs of a real-life SRX4600 CGN deployment for an operator serving fixed customers. The SRX has been used as ...

L3VPN to Global RIB Leaking

Leak remote L3VPN routes to the global internet table or other VRFs is now possible with the introduction of the vpn-global-import feature coming ...

Trio 6 Packet Walkthrough

A transit packet walkthrough inside an MX Series Trio 6 ASIC, with all the internal details on the different memory and components involved in the ...

Fast Lookup Tuple: an Innovative Filtering Feature

An innovative filtering solution for IPv4 traffic on MX Series, developed to handle five tuples matching criteria at scale. The MX platform ...

From QFX5100 to QFX5120

Explore the software and hardware differences you will encounter regarding switch connectivity when transitioning from the end-of-life QFX5100-48S ...

Micro-Segmentation in DC with Apstra and Junos

Discover how to implement micro-segmentation in your data center using Juniper Apstra and VXLAN Group-Based Policy. This comprehensive guide walks ...

BIER Overlay

The series is composed of the following posts: Introduction to BIER and BIER Underlay BIER Table Lookup BIER Overlay (present ...

Secure Virtual Cell Site Router Solution with JCNR and cSRX

A secure virtual cell site router (CSR + SecGW) functionality using Juniper Cloud Native Router or JCNR and Containerized SRX or cSRX so that customers ...

BIER Table Lookup

Second part of the 3-article series on BIER, detailing how is performed the lookup in the different BIER Tables. The series is composed of ...

SRX AutoVPN / PSK with Linux strongSwan

An example of SRX AutoVPN functionality with Pre-Shared Keys in 3rd party mode; specifically with Linux/strongSwan spokes. While PKI-based ...

BGP Minimum ECMP

BGP Minimum ECMP is a new feature aiming at improving resiliency within DC networks. This article has been co-written by ...

Selective Dynamic Load Balancing

A new innovative feature called Selective DLB (Dynamic Load Balancing), improving RDMA traffic ECMP. This article has been ...

BIER Introduction and Underlay

First part of the 3-article series on BIER, discussing fundamental concepts and BIER underlay. The series is composed of the following posts: ...

The Evolution of Network Security

A primer/survey for networking and cyber security enthusiasts interested in the evolution of this field. This article was initially published ...

MAP-T with Junos

Junos OS 23.4R1 introduces Mapping of Address and Port using Translation (MAP-T) as an adaptive service on Juniper MX Series routers equipped with ...

Junos Symmetrical Load Balancing

Efficient stateless load-balancing on Trio-based routers, offering optimal performance and reliability. Introduction Junos ...

Scalable BGP Route-Reflector

BGP Route-Reflector is part of many networks, serving PE routers with reachability information. For this critical role, it’s important to have a ...

Flexible Memory in Express5

Express5 fungible shared memory architecture provides the foundation for a flexible memory scheme which increases scale and efficiency of memory ...

FIB Install Rate in PTX Express5

PTX10002-36QDD is the first router equipped with the new Juniper Express5 packet forwarding engine, a new deep-buffer 28.8Tbps package introducing ...

Juniper BNG CUPS Address Pool Management

Another innovation for CUPS that enables unified Address Pool Management across CUPS controller(s) and Integrated BNGs. This use case simplifies ...

Juniper BNG CUPS Smart Load Balancing with High Availability

A Juniper BNG CUPS use-case that combines Smart Subscriber Load Balancing and High Availability Hot or Warm Standby across a group of User Planes ...

SRX EVPN/VXLAN T5 oIPSEC

A practical yet simple demonstration of the SRX EVPN/VXLAN Type 5 ip-prefix-routes feature and related firewall policy processing across multiple ...

Juniper BNG CUPS Hitless User Plane Maintenance

A Juniper BNG CUPS use-case that enables hitless maintenance for the user planes based on Broadband Forum TR-459 Issue 2. It improves the subscriber ...

BGP Link-Bandwidth with JunOS

The BGP Link-Bandwidth extension introduces an improvement to the BGP multipath, providing the ability to convey port speeds and propagate this ...

Juniper BNG CUPS Architecture

Juniper BNG CUPS (Control and User Plane Separation) is an emerging broadband architecture for control plane and user plane separation compliant ...

Introduction to Metro Ethernet Business Services Validated Design

Introducing our latest Juniper Validated Design (JVD), addressing Metro Ethernet Business Services (EBS) with Juniper MX Series, ACX Series, and ...

EANTC BIER InterOp Testing on PTX10002-36QDD

BIER Interoperability testing verified between PTX10002-36QDD and other vendors during the EANTC 2024. Introduction ...

BIER + MVPN in PTX Express 5

High-level functionality description of BIER as MVPN provider tunnels in the upcoming release of PTX Express 5. Introduction In Cheers! ...

Introducing the ACX7024X

What does differentiate the ACX7024X from the ACX7024 devices? In this short article, we will explain the differences and the motivation behind ...

vSRX on mini-PC with Linux/KVM

Using Juniper vSRX on hardware with constrained resources, typically a mini-PC serving as flexible Internet gateway. Those are lately very popular ...

SRv6 in PTX Express 5

PTX Express 5 ASIC has full support for SRv6 with up to 8 carrier segment identifiers (SIDs) in a packet. That translates to 48 micro-SIDs (uSIDs), ...

FIB Scale in Express5

Express5 has leap frogged in terms of Route scale, thanks to a novel approach in implementing the route table memory. ...

Flex Offset Filters in Express5

Filter in Express5 supports Flex Key match on any field in the first 128 bytes of the packet. Using software defined templates, firewall term matches ...

Flexible Packet Processing Pipelines

High-level overview of packet processing, exploring the evolution of throughput demands for these processing units, and discussing various methods ...

OpenJTS – Network Observability with Streaming Telemetry

Introduction In this article, we’ll present a new open-source tool called OpenJTS (Juniper Telemetry Stack). Designed for effortless adoption, ...

SP-style Config in Apstra Freeform for VLAN Overlap Use-Cases

In high multi-tenant environments such as Service Providers, Hosting Providers, or just large enterprises, having to deal with multiple internal ...

Introducing PTX10002-36QDD

The new Juniper PTX10002-36QDD is here. It’s our first 800GigabitEthernet, deep-buffer, high-scale, router in the market, powered by Express 5. ...

Express 5 Overview

Express 5 is Juniper's new ASIC for service providers and cloud networks, delivering 2x power efficiency, enhanced traffic insights, hardware-based ...

Introduction to Apstra Flow Data

With network flow monitoring, you can troubleshoot application issues in a DC fabric with distributed, cloud-native, virtualized, and containerized ...

Everything You Always Wanted to Know about ACX7000

The ACX7000 family is growing fast. Today, we try a different approach to present this update of the ACX7000 portfolio. ...

From sFlow to IMON Flow Sampling on MX10K Platforms

A Deepdive on sFlow and IMON/IPFIX315 on MX Routers. ...

Operating MX/SRX Scale-Out System - Bulk Junos Config Changes

A minimalistic tool for bulk config changes in the scale-out system beyond options available in Auto-FBF CLI Introduction This TechPost is ...

LLM Inference - Hw-Sw Optimizations

Details of LLM inference workflow, how it differs from training, the many hardware/software optimizations that go into making inference efficient, ...

Apstra Day 2: Generic Systems

It is often stated that most network outages occur as a result of changes having been made to the system. There have been many notable examples ...

Using Junos SNMP utility MIB on Juniper SRX

Although good old Junos SNMP MIB is very rich on every platform, occasionally some specific stats could have been handy. For example, number of ...

JCNR for Equinix Metal

JCNR brings a lot of value by providing seamless connectivity between workloads across locations, public cloud boundaries, and workload form-factor, ...

Operating 1Tbps MX304/SRX4600 Firewall Scale-Out System

Focusing on SRX firewall – the scaled out device - operational aspects in terms of removing device from service and bringing it back. Introduction ...

ACX7000 Hardware Profiles

An overview of the different hardware profiles available on the ACX7000 Sries, and what is changing in the latest Junos releases. ...

Upgrading Device Operating Systems with Apstra

Juniper Apstra supports Network Operating System (NOS) Upgrades for managed switches, allowing you to upgrade devices directly from the Apstra Server ...

Packets Lost in Transit?

Troubleshooting transit packet drops is not the easiest task for a network engineer. Sometimes, packets can be dropped in the forwarding ASIC at ...

Detection of Blackholes Using Juniper Resiliency Interface

Unfortunately, black-holes sometimes occur in networks – packets disappear without trace for no apparent reason. Often the first symptom is when ...

GPU Fabrics for GenAI Workloads

GPU cluster scale, model partitioning, and traffic patterns between the GPUs for training workloads. Article initially ...

Boosting Route Scale and Performance with JunOS

Strategies to enhance the scale and performance of routing, aiming for faster convergence, improved stability, and optimized hardware utilization. ...

G.8275.1.enh: Juniper's Advancements in Timing and Synchronization

The benefits and versatility that Juniper brings with the PTP G.8275.1.ENH profile and the reasons behind its enhancements. ...

Apstra Server Clustering

How Apstra clustering works with respect to Off-box agents and Probe processing units Introduction The Juniper Apstra standard implementation ...

Liquid Cooling - The Inflection Point

The different thermal management solutions for cooling the high-power components in electronic systems (HPCs/Servers and network equipment), trends, ...

BNG on MPC10E

Starting in the 22.4R1 JUNOS release, MPC10E supports BNG subscriber access connections. Introduction Both MPC10E line card versions support ...

Automating 3-stage Clos fabric with Terraform and Apstra

The Juniper Apstra SDK, written in Golang, integrates Apstra into the Terraform ecosystem, enabling an Apstra specific provider. Introduction ...

To Spray or Not to Spray

Solving the low entropy problem of the AI/ML training workloads in the Ethernet Fabrics. Guess how many active IP flows a single GPU normally ...

MX304 FIB Install Rate

MX304 installs the full Internet tables at 47,000 routes per second, and we will show you how we are testing it. Introduction If you test ...

Using Apstra Drain Mode

Apstra supports Drain Mode for managed switches, allowing the operator to gracefully drain traffic from devices without simply shutting down the ...

Monitoring PTX Power and Environment’s KPI through Telemetry

How Junos EVO implements the OpenConfig “platform” data model to expose many indicators/counters related to environmental data. Introduction ...

Config Rendering in Juniper Apstra

A description of the different configurations that can be rendered based on the state of the devices in Apstra. ...

Apstra Freeform Day-2 Configuration

Using Tags, Property Sets, and Jinja to simplify Apstra Freeform Day-2 Configuration. ...

Building Virtual Fabrics with vJunos-switch and Containerlab

How vJunos-switch is deployed as a VM, packaged within a container, on a bare metal server using the open source network emulation tool Containerlab. ...

Introduction to Apstra Freeform

From the basic constructs Freeform uses – Tags, Device Contexts, Property Sets, and Config Templates – to creating a simple Freeform blueprint, ...

Mastering BGP PIC on JUNOS

Optimizing Failover Convergence for Enhanced Network Resilience with BGP PIC implementation in JUNOS. Introduction This blog will delve into ...

Using Apstra Policy Assurance

Apstra manages network security and workload isolation via the Policy Assurance feature. This feature allows you to create policies that are decoupled ...

Chiplets - The Inevitable Transition

A look at the semiconductor industry evolution, the inflection points, and how packaging and interconnect technologies evolved to make chiplets ...

ESI-LAG Made Easier with EZ-LAG

A detailed configuration example that shows how to dual-home data center servers to Juniper leaf switches by using EZ-LAG, a simplified version ...

BIER For SR Multicast – Cheers!

As a revolutionary multicast technology that allows efficient replication without requiring per-tree states in the network, Bit Index Explicit Replication ...

Apstra Device Replacement

An essential operation in a working data center network would be the need to replace a device that has either failed or just needs to be re-allocated/reused ...

Large Language Models - The Hardware Connection

A brief introduction to the LLMs, the hardware challenges in training these models, and how the GPU and networking industry is evolving to optimize ...

IP VPN Network Apstra Freeform

Illustration of an IP/VPN MPLS network provisioned and operated with Apstra Freeform. Introduction ...

Suspicious Control Flow Detection

Juniper enhanced the initial DDoS protection feature with Suspicious Control Flow Detection (SCFD). It provides deeper analysis within a given protocol ...

Traffic Accounting with MX Features

How much traffic coming from Internet reach my different POPs? Can I monitor in real time the traffic coming from the “TOP Internet Talkers”? Is ...

Saving Power on ACX7000 Series

How we can significantly reduce the power usage of the ACX7000 routers with basic configuration and simple best-practices. Introduction Power ...

Apstra Configlets

Configlets allow the administrator to create custom configuration templates and automatically deploy them to devices based on intent. ...

EVPN-VXLAN OISM on PTX Routers

Guide to the EVPN VXLAN based Optimised Inter-subnet Multicast (OISM) on Express4 based PTX10k platforms. ...

PTX10000 Power Optimization

Did you know: numerous built-in functionalities with Junos-EVO are enabled by default and help reducing the power usage and carbon foot-print of ...

BGP CT Use-Cases

Key applications of BGP Classful Transport (BGP-CT), including path-diversity across multiple ASes, multi-AS paths that take into account sovereignty ...

Creating Audit Trails with the Apstra Event Log

The Audit trail feature tracks a user’s actions while using Apstra and can be very useful in investigating general usage, network outages, and possible ...

Scale-Out Security Services with Auto-FBF

An alternative approach to scale-out of security services, specifically for CGN and Gi Firewall deployments called auto-fbf. Technologies in scope ...

Adding Device Profiles Using the Apstra UI

The capabilities of a specific switch hardware model are defined in the Device Profile and linked to the logical representation of the switch. Linking ...

Apstra IP Fabric Reference Design

Juniper Apstra’s fundamental purpose is to minimize operational costs and maximize the speed of network operations by furnishing predefined, rigorously ...

Centralized Deterministic CGNAT

All you need to know on Centralized Deterministic NAT configuration, scale and performance on MX routers. ...

Off Box Security Services Solution

The Juniper Off Box Security Services Solution defines a common security services complex to be used in conjunction with MX Provider Edge (PE) deployments ...

Link Slicing with MPLS and SRv6 Underlays Part 2

Another use case for link slicing: instead of data plane identifiers, control plane identifiers are used. Control plane protocols exchange the ...

Saving Energy on PTX with PFE Power Off

Let's test the real power saving on PTX platforms achieved when shutting down used and unused Packet Forwarding Engine (PFE). Introduction ...

MPLS Label Anti-Spoofing

Solution to secure BGP Option B against MPLS label spoofing on MX Series routers. ...

Optimizing Power Consumption in High-End Routers

A detailed review of the various components inside a high-end router and how they contribute to overall power consumption. Article initially ...

Time Synchronization and Class D Clocks Support

Timing and synchronization requirements and capabilities are continually evolved to drive the ultra-low latency, mission critical and advanced radio ...

BGP FlowSpec “Exclude Interfaces” on Express2 Platforms

BGP FlowSpec is one of the mechanisms that allows a network to protect itself against DDoS attacks. A common mitigation tactic is to redirect malicious ...

ACX7000 ERSPAN and Port Mirroring

Traffic mirroring is a useful method for debugging traffic patterns. The ACX7000 family of products supports both local port mirroring and ERSPAN. ...

BGP CT Interop Demo EANTC2023

BGP CT interoperability tests between Junos, Junos Evo and FreeRTR routers conducted in Berlin during the EANTC2023 event in March 2023. ...

Link Slicing with MPLS and SRv6 Underlays

The guaranteed link slicing feature, using MPLS and SRv6 as underlay transport. Link slicing is a way ...

Deploying and Using vJunos in a Bare Metal EVE-NG server

vJunos-switch and vJunosEvolved deployed on EVE-NG and integrated with Juniper Apstra to build a complete Data Center fabric. ...

vJunos Deployment on KVM

A comprehensive user guide on how to successfully deploy and use vJunos-switch and vJunosEvolved on KVM (one of the most popular virtualized environments ...

Mobile Backhaul Services Overlay

Olé, Olé, Overlays! Welcome back to the validation design series and today is all about that overlay! Introduction The previous blog ...

New Subscriber QOS for Next Generation Broadband

Broadband services are evolving with cloud streaming and advanced video, a new BNG QOS model for subscribers is required to optimise latency, throughput ...

MX304 Deepdive

A detailed review of the latest router of the MX Series. Powered by Trio6 PFE, it offers unique form-factor and modularity, with interface spanning ...

MPC10E Deepdive

A detailed view of the MPC10E line cards used in MX240, MX480 and MX480. ...

Sizing Router Buffers - Small is the New Big

Current practices and future trends on buffers in networking chips. ...

Building Border Agnostic Architectures with Seamless MPLS

Third part of the Juniper Validated Design series on basic Mobile Backhauling, with a focus on Seamless MPLS and BGP-LU. Introduction In ...

SRv6 L3VPN Inter-AS Option-C

Layer 3 Virtual Private Network Inter-AS option using SRv6 as underlay transport on MX and ACX7000 routers. ...

Service Mapping to Colored MPLS Paths

Mapping modern and legacy services to colored MPLS paths, achieving business differentiation. Introduction People say there are no greenfield ...

EVPN E-LAN on PTX10k Platforms

We validate EVPN E-LAN on Express4-based platforms playing the role of PE. In this article, we will describe the various approaches, the configurations ...

Longest Prefix Matching in Networking Chips

Basic concepts of Forwarding Information Base (FIB), the longest prefix match (LPM) for IP forwarding, and how its implementation has evolved over ...

EVPN E-Line on PTX10k platforms

Let's test EVPN ELINE/VPWS on Express4-based platforms playing the role of PE. In this article, we will describe the various approaches, the configurations ...

PTX10001-36MR FIB Install Rate

PTX10001-36MR installs the Internet routes at more than 27,000 routes per second, and we will show you how we are testing it. Introduction ...

SRv6 SID Encoding and Transposition

JUNOS 22.3 introduced several changes in the SRv6 infrastructure, this article covers them in details. ...

Juniper Apstra Introducing a True IBNS

What a true IBN system is? How relational and graph databases are different? And why graph databases are ideal for network infrastructure? ...

VPLS Validation on ACX7000

Let's verify we can support 8,000 VPLS instances in the ACX7000 products with 640,000 MAC addresses. Introduction ...

ACX7000 L2 MAC Scale and Learning Rate

We verify ACX7000 platforms support 700,000 MAC addresses with a learning rate of 14,000 entries per second. ...

L2VPN Validation on ACX7000

ACX7000 platform is tested with 8,000 Layer2 VPN Routing-instances for 99.9% line rate traffic. ...

ACX7509 Deepdive

The first centralized platform of the ACX7000 family. Based on a modular design, it offers control plane and forwarding plane redundancy with port ...

L3VPN Validation on ACX7000

ACX7000 platform has been tested successfully with 4,000 Layer3 VPN Routing-instances with BGPv4, BGPv6, OSPF, OSPFv3, ISISv4, ISISv6, Static-v4, ...

EVPN VPWS Validation on ACX7000

Junos EVPN-VPWS feature supports 8,000 instances with 4,000 VLAN-UnAware and 4,000 VLAN-Aware Service Types on ACX7000 Platforms. ...

VPLS to EVPN-VPLS Seamless Migration on MX Routers

Techniques, configurations and best practices for migrating from legacy business services to EVPN on MX Routers. ...

EVPN MAC-VRF Validation on ACX7000

JUNOS unified way of bringing up EVPN E-LAN using mac-vrf instance type supporting 6,000 instances on ACX7000 with 642,000 MAC scale. ...

Silicon Photonics and Integrated Optics

SiPh (Silicon Photonics) is no longer SciFi (Science Fiction). Let's see where is the industry today with co-packaged optics... ...

BGP RIB Sharding

Discover how BGP RIB Sharding can help improve routing performance and scale in JUNOS. ...

PTX10001-36MR Introduction

Product manager’s description of the PTX10001-36MR router. Product characteristics, port types and supported port combinations, architecture and ...

Sampling Evolution

Are the flow caches effective to support IPFIX implementations today? What happens if we stop using them? Learn about the new IPFIX implementation ...

PTX10001-36MR L2 Circuit Scale

The PTX10001-36MR is well-known for its core, peering and DCI capabilities, but it's also a very performant L2 aggregation device. In this article, ...

SRv6 Summarization

Let's discuss the multi-domain SRv6 network together with the concept of SRv6 locator summarization. SRv6 locator summarization allows for large-scale, ...

PTX FIB Compression

Did you know the internet table can be compressed significantly? We explain how the PTX Routers are currently implementing FIB compression today. ...

Inter-domain On-demand SR-TE LSPs with BGP-LS

A standard-based approach to placing MPLS-based services with path constraints across multiple networks. ...

ACX7024 Deepdive

Everything about the new addition to the Cloud-Metro family, the ACX7024. A 1-RU router, with 360Gbps forwarding capacity. Introduction ...

Seamless MPLS LDP-Signaled with OSPF IGP Underlay

Second profile of the Juniper Validated Design series on basic Mobile Backhauling, with a focus on LDP-signalled MPLS and OSPF IGP. Introduction ...

ZR/ZR+ Coherent Optics in ACX7100-32C

How does the Juniper ACX7100-32C router handle a fully loaded 400GE ZR and 100GE ZR4, long reach, high power coherent optics configuration? ...

Tearing Down the Memory Wall

The gap between processor and memory performance and density continued to increase - this is often referred to as the "Memory Wall". ...

ACX7100 Deepdive

In this post, you’ll learn everything about the first two Juniper Cloud-Metro devices: ACX7100-32C and ACX7100-48L. ...