Blogs

BIER + MVPN in PTX Express 5

By Jeffrey Zhang posted yesterday
Be the first person to recommend this.
High-level functionality description of BIER as MVPN provider tunnels in the upcoming release of PTX Express 5. Introduction In Cheers! Have a BIER , we explained how BIER [RFC8279] works and how it has come to a prime time for BIER deployment with the hardware capabilities from several major vendors across the edge/access/core platforms. This article will discuss the BIER implementation in Juniper’s upcoming PTX Express 5 FRS (First Release Shipping). Supported Functionalities In this FRS release, the following functionalities are supported: BIER as the provider/underlay tunnels for BGP-MVPN and BGP-MVPN as the Flow Overlay for BIER ...
0 comments

Introducing the ACX7024X

By Nicolas Fevrier posted 2 days ago
Be the first person to recommend this.
What does differentiate the ACX7024X from the ACX7024 devices? In this short article, we will explain the differences and the motivation behind the creation of this new router. Introduction We launched the ACX7024 in mid-2022, with the following characteristics: 1RU Ethernet router. Built for the aggregation of SFP interfaces (1GE/10GE/25GE) to QSFP28 interfaces (40GE/100GE). 360Gbps of forwarding capacity powered by a Broadcom DNX Qumran2u. Class-D capable based on Juniper’s PTP FPGA. Hardened device, categorized as i-temp (supports temperatures from -40 to +65C). AC or DC power modules, with 1+1 ...
0 comments

vSRX on mini-PC with Linux/KVM

By Karel Hendrych posted 6 days ago
Be the first person to recommend this.
Using Juniper vSRX on hardware with constrained resources, typically a mini-PC serving as flexible Internet gateway. Those are lately very popular due to low footprint yet with capabilities making them suitable for running virtual machines. Introduction At very minimum, a mini-PC is tool for engineers to have x86 based SRX ( vSRX ) at home in small form factor, with low power consumption and no noise on fan-less units. For example, Juniper and J-partner Engineers can use it for the purpose of always on learning/demo system passing real life traffic patterns, especially interesting along with additional components like Juniper Security Director Cloud, ...
0 comments

SRv6 in PTX Express 5

By Nancy Shaw posted 9 days ago
Be the first person to recommend this.
PTX Express 5 ASIC has full support for SRv6 with up to 8 carrier segment identifiers (SIDs) in a packet. That translates to 48 micro-SIDs (uSIDs), enough to pass a packet around the world! Following is a description of how SRv6 was implemented in the ASIC. Introduction The large-sized headers and distinct processing steps associated with SRv6 pose challenges in the dataplane. Existing fixed pipeline designs cannot simply support SRv6 without changes. This article covers the complexities of implementing SRv6 in hardware and how our newest ASIC, the Express 5 addresses them. The SRv6 Packet Let’s start by recapping what an SRv6 packet looks like. SRv6 ...
0 comments

FIB Scale in Express5

By Chandrasekaran Venkatraman posted 16 days ago
Be the first person to recommend this.
Express5 has leap frogged in terms of Route scale, thanks to a novel approach in implementing the route table memory. This article is part of a series of publications on Express5: Express 5 Overview: https://community.juniper.net/blogs/dmitry-shokarev1/2024/03/12/express-5-overview Introducing PTX10002-36QDD: https://community.juniper.net/blogs/nicolas-fevrier/2024/03/19/introducing-ptx10002-36qdd Flexible Packet Processing Pipelines: https://community.juniper.net/blogs/sharada-yeluri/2024/03/28/flexible-packet-processing-pipelines Flex Offset Filters in Express5: https://community.juniper.net/blogs/chandrasekaran-venkatraman/2024/04/04/flex-offset-filters-in-express5 ...
0 comments

Flex Offset Filters in Express5

By Chandrasekaran Venkatraman posted 23 days ago
Be the first person to recommend this.
Filter in Express5 supports Flex Key match on any field in the first 128 bytes of the packet. Using software defined templates, firewall term matches are done using flex-key construction. This can be used to specify matches on user-defined packet byte locations via CLI. Introduction Express architecture supports a highly versatile, multi-facet, high performance Filter to execute Firewall rules. In Express5 total flexibility is added in extracting the fields directly from the packet header. This will greatly enhance the firewall configurability. Filter Facets The Filter function in Express chips is built using multiple Facet Engines that operate ...
0 comments

Flexible Packet Processing Pipelines

By Sharada Yeluri posted 29 days ago
Be the first person to recommend this.
High-level overview of packet processing, exploring the evolution of throughput demands for these processing units, and discussing various methods employed to execute these functions within networking chips. This article has been initially published on LinkedIn at: https://www.linkedin.com/pulse/flexible-packet-processing-pipelines-sharada-yeluri-enf5c/ It's part of a series on Express5, PTX Routers and 800Gbps interfaces: Express5 Overview: https://community.juniper.net/blogs/dmitry-shokarev1/2024/03/12/express-5-overview Introducing PTX10002-36QDD: https://community.juniper.net/blogs/nicolas-fevrier/2024/03/19/introducing-ptx10002-36qdd ...
0 comments

OpenJTS – Network Observability with Streaming Telemetry

By David Roy posted 03-26-2024
Be the first person to recommend this.
Introduction In this article, we’ll present a new open-source tool called OpenJTS (Juniper Telemetry Stack). Designed for effortless adoption, this all-in-one tool demystifies gRPC/gNMI Telemetry on Juniper routing products. We currently support PTX10K, MX (vMX, Neo, and 10K platforms) and ACX7K platforms. Junos/EVO 20.1 and onwards are supported. OpenJTS makes customers/users lives easier when they wish to start playing with gRPC Streaming Telemetry. In a few clicks, you can collect and visualize the most common data provided by Juniper's Telemetry solution. Figure 1: OpenJTS logo This project is built around 3 main repositories: ...
0 comments

SP-style Config in Apstra Freeform for VLAN Overlap Use-Cases

By Elisabeth Rodrigues posted 03-25-2024
Be the first person to recommend this.
In high multi-tenant environments such as Service Providers, Hosting Providers, or just large enterprises, having to deal with multiple internal customers, efficient utilization of infrastructure is top of mind for network operations teams. While ensuring isolation and security among different users or departments, you also want to leverage network virtualization techniques to support full overlap of resources between those users. This not only speeds up the onboarding process for new customers, and companies you acquire, but it also preserves your infrastructure investment allowing you to deliver more with the same network infrastructure. Introduction ...
0 comments

Introducing PTX10002-36QDD

By Nicolas Fevrier posted 03-19-2024
2 people recommend this.
The new Juniper PTX10002-36QDD is here. It’s our first 800GigabitEthernet, deep-buffer, high-scale, router in the market, powered by Express 5. And we are very excited to share some details about this unique platform. Introduction/Overview The PTX10002-36QDD is a compact form-factor router (2 Rack Units) offering 28.8Tbps of connectivity, and forwarding capability, with 36x 800GigE, 72x 400GigE or 288x 100GigE interfaces. Based on the Express 5 Packet Forwarding Engine, it is designed to be deployed for multiple applications such as core, peering, CDN gateways, DCI, DC edge, aggregation, and datacenter, including AI/ML clusters. This very high-performance ...
0 comments

Express 5 Overview

By Dmitry Shokarev posted 03-12-2024
3 people recommend this.
Express 5 is Juniper's new ASIC for service providers and cloud networks, delivering 2x power efficiency, enhanced traffic insights, hardware-based sampling, value-added services, and supporting high-speed, high-scale routing applications including AI/ML training clusters with up to 16M IPv4/IPv6 routes and 8M counters using a sustainable chiplet-based architecture. Introduction The fifth-generation ASICs in the Express family are addressing growing traffic demand seen in service provider and cloud provider deployments – in the aggregation networks, backbones, at the peering sites, data centers, and AI/ML training clusters. Figure 1: 28.8T Express ...
0 comments

Introduction to Apstra Flow Data

By Adam Grochowski posted 03-07-2024
Be the first person to recommend this.
With network flow monitoring, you can troubleshoot application issues in a DC fabric with distributed, cloud-native, virtualized, and containerized workloads. Introduction In modern networks, network flow monitoring is essential for network administrators. Network flow monitoring provides far more than traditional connectivity monitoring can. Flow monitoring collects and analyzes data about network traffic, such as traffic source and destination, type of traffic, and amount of traffic in your network. With the popularity of distributed applications in systems using inter-process communication (IPC), troubleshooting network issues is crucial. With ...
0 comments

Everything You Always Wanted to Know about ACX7000

By Nicolas Fevrier posted 03-06-2024
Be the first person to recommend this.
The ACX7000 family is growing fast. Today, we try a different approach to present this update of the ACX7000 portfolio. Introduction Trying to present each product individually will be a very repetitive and boring process. A more exciting approach could be to describe how they are built and explain why we are selecting specific internal components. That way, you are putting yourself in the shoes of a product manager and understand the trade-offs we are making when designing these routers. The Portfolio ACX7000 or ACX7K is a very distinct series of routers compared to the other ACX products. Starting from ...
0 comments

From sFlow to IMON Flow Sampling on MX10K Platforms

By David Roy posted 03-01-2024
Be the first person to recommend this.
A Deepdive on sFlow and IMON/IPFIX315 on MX Routers. Introduction sFlow (sampled flow) is a protocol used for monitoring and collecting traffic data in devices, such as switches, routers, and other networking equipment. The specification of the sFlow protocol is defined here: [1] . The sFlow protocol samples packets at the network device level and then send summarized information about these sampled packets to a central collector or monitoring system. A chunk of the sample packets can also be sent to the ...
0 comments

Operating MX/SRX Scale-Out System - Bulk Junos Config Changes

By Karel Hendrych posted 02-22-2024
Be the first person to recommend this.
A minimalistic tool for bulk config changes in the scale-out system beyond options available in Auto-FBF CLI Introduction This TechPost is continuation of “ Scale-Out Security Services with Auto-FBF ” article and a follow-up text Operating 1Tbps MX304/SRX4600 firewall scale-out system looking at the things more practically. Now the focus will be on a minimalistic tool for bulk config changes in the scale-out system beyond options available in Auto-FBF CLI. To a certain extent the tool could be used as a very simplistic alternative to templating features of Security Director and other external tooling. In this specific example the tool is used for controlling ...
0 comments

LLM Inference - Hw-Sw Optimizations

By Sharada Yeluri posted 02-20-2024
1 person recommends this.
Details of LLM inference workflow, how it differs from training, the many hardware/software optimizations that go into making inference efficient, and the Inference hardware landscape. Article initially published on LinkedIn in January 2024 at: https://www.linkedin.com/pulse/llm-inference-hwsw-optimizations-sharada-yeluri-wfdyc/ It's a sequel to " Large Language Models - The Hardware Connection " and " GPU Fabrics for GenAI Workloads " Introduction In the context of LLMs, inference refers to the process of getting a response from the trained LLM model for the user's query or prompts. Inference is a critical step in deploying LLMs. But a lot ...
0 comments

Apstra Day 2: Generic Systems

By Robert Lancaster posted 02-08-2024
Be the first person to recommend this.
It is often stated that most network outages occur as a result of changes having been made to the system. There have been many notable examples of this, and they have all affected us. Precise management of network changes is, in fact, one of the key benefits of network automation solutions. Data centers require frequent changes to meet the daily needs of customers. All such activity exposes operators to potential mistakes that could lead to costly outages. Apstra’s Intent-driven workflows have been proven to reduce risk and increase efficiency when performing routine Day 2 tasks. Intent-based Networking manages the complex work of creating precise configurations ...
0 comments

Using Junos SNMP utility MIB on Juniper SRX

By Karel Hendrych posted 02-07-2024
Be the first person to recommend this.
Although good old Junos SNMP MIB is very rich on every platform, occasionally some specific stats could have been handy. For example, number of sessions per IP protocol on SRX. No problem! Blast from the past Junos utility MIB tooling allows expansion of MIB by anything retrievable using RPCs. This short Tech Post aims to give a good starting point for daily use of this simple yet powerful approach. Using utility MIB from on-box Python In this specific example script in background will be automatically collecting SRX session counts for specific IP protocol followed by load to utility MIB. Related RPC summarizing number of connections in SRX firewall session ...
0 comments

JCNR for Equinix Metal

By Vivek Shenoy posted 01-31-2024
1 person recommends this.
JCNR brings a lot of value by providing seamless connectivity between workloads across locations, public cloud boundaries, and workload form-factor, by providing full router functionality. Author would like to acknowledge and thank Oleg Berzin and Vinod Nair (Juniper Networks) for their help in putting this solution together in such a short time. Problem Statement In this day and age of hybrid cloud, it is very common for applications for a given user or organization to span across different datacenter (on-prem or colo) locations, across multiple public cloud providers. Furthermore, they may exist in the form of bare metal, virtual machine or container ...
0 comments

Operating 1Tbps MX304/SRX4600 Firewall Scale-Out System

By Karel Hendrych posted 01-29-2024
1 person recommends this.
Focusing on SRX firewall – the scaled out device - operational aspects in terms of removing device from service and bringing it back. Introduction This TechPost article is continuation of “Scale-Out Security Services with Auto-FBF” article , now focusing on SRX firewall – the scaled out device - operational aspects in terms of removing device from service and bringing it back. Reading previous TechPost is pre-requisite for understanding the Auto-FBF scale-out concept and its pros and cons compared to classic solutions. The setup Logical topology consists of Juniper Networks MX304 router as the scale-out distribution device, four SRX4600 firewalls ...
0 comments