Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of Juniper Networks Security and Switching platforms

Published byMorgan Wilkerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Overview of Juniper Networks Security and Switching platforms"— Presentation transcript:

1 Overview of Juniper Networks Security and Switching platforms
SMN, Security Day Martti Saramies Sr. Partner Account Manager, Juniper Networks

2 AGENDA Juniper Networks Overview Juniper Security Juniper Switching

3 WHY

4 Why Juniper? PERFORMANCE HIGH AVAILABILITY SIMPLICITY
Line-rate performance Wire-speed security Scale Density Rich service provider feature set Carrier-class platform Redundant hardware and software options Virtual Chassis technology In-service software upgrades Collapsed architectures One Junos OS across routing portfolio Platform for innovation Service Now/Service Automation Relate points to MX h/w Don’t get dragged down EX rathole Set context of MX / WAN No ISSU on Catalyst Lots of variables in switching portfolio vs routing One Junos falls apart in Security and Switching JNU may not be a good example Highlight MX has these features. Set content of Enterprise WAN. KEEP Focusing back to WAN Performance Broad portfolio that meets all Enterprise WAN needs Line rate performance and lowest latency Industry leading security at wire speed Logical and physical scale High port density High Availability Proven platforms (over 45,000 systems shipped, 5,000+ unique customers, nearly $5B in revenue) Carrier-class Redundant HW and SW options Virtual Chassis In-service SW updates eliminate maintenance cycle downtimes Simplicity One Junos Junos Node Unifier centralizes management and automates device configuration, enabling connection of thousands of router and switch ports MC-Lag Logical systems Granular multi-tenancy at scale

5 Juniper’s Success in Campus and Branch Networks and Security
Key Highlights Top Customers More than 500,000 devices deployed in last 4 years 30,000+ customers from 47 countries 7 out of top 10 customers every quarter are run-rate customers First half of 2015 grew faster than first half of 2014 Recent Largest Wins 7-Eleven – 6,500 (+7,000) Stores (SRX210) Genuine Parts – 6,000 Stores (SRX210 POE) Starbucks – 8,000 Stores (SRX100 & SRX220) Barclays – 2,500 Branch Offices (SRX220) Russian Police – 3,500 Branch Offices (SRX240)

6 ONE OS One Architecture One OS SECURITY ROUTERS SWITCHES –API– Module
T Series EX9200 EX8200 SRX5800 SRX5600 SRX3600 SRX3400 SRX1400 MX Series EX4600/QFX5100 SRX650 M Series EX4300 SRX240 SRX220 EX3300 ACX Series SRX210 EX2200 Ask the customer about their top network design priorities. Tie the JUNOS differences to the desired valued throughout this presentation. If you can trust the software supporting your infrastructure, particularly in its most strategic and distributed components, your team can focus more of its time and effort keeping up with traffic demand as well as new application and business requirements. JUNOS Software is a single network operating system integrating routing, switching, security, and network services. JUNOS offers the power of one operating system to reduce complexity, achieve operational excellence, and dynamically deliver services with lower total cost of ownership (TCO). The key advantages of JUNOS Software derive primarily from how it is built – what Juniper calls the differences: One operating system, developed along One software release train, and built on One modular software architecture SRX100 SECURITY ROUTERS SWITCHES –API– Module x One Architecture J Series Tx Matrix One OS

7 Next 20 minutes is about… Juniper Secure Router, Next Generation Firewall What’s new? Juniper Switching Solutons

8 Juniper Secure Branch Routers

9 Juniper SRX-Firewalls
1 High Performance 2X – 3X higher performance than comparable Cisco ISR Higher scale and head-room to newer services 2 Junos & Automation Proven carrier class operating system Automation capabilities reduce time to deployment, simplifies management 3 Cost Effective Extensive connectivity options with high on-board density No truck rolls, JNPR provides all features at a base lic Like s Swiss Knife: Router, Switch and a FireWall

10 Price Per 1 Mbps of Routing Services
5-10X better price / performance ISR 892 ISR 4321 ISR 4331 ISR 4331 ISR 4351 ISR 4451 SRX300 SRX100 SRX320 SRX210 SRX340 SRX240 SRX345 SRX240 SRX550 SRX550 SRX1500 SRX650 Routing Services = Routing + BGP + Firewall + ACLs + NAT + QOS

11 What is the Use Case? Internet
An enterprise owned and managed device in branch office provide WAN connectivity, create secure tunnel to HQ / DC and prioritize / protect local users / apps Internet Target Segment : Retail, Distributed Enterprise, WAN Bandwidth : Upto 1 Gbps Connectivity : Ethernet, DSL, TDM Multi Services Gateway Key Requirements: Routing, L2 Switching, NAT, IPSec VPN, Wireless WAN, AVC, IPS L2 Switch Wireless APs Our Customers: 7-Eleven, Starbucks, Citibank, Nike, Barclays, Payless Shoes, Darden Restaurants Branch Office Devices

12 Secure Router Capabilities
Routing IPv4 / IPv6 Routing Routing / Multicast Protocols PBR, Virtual Router, VRRP Quality of Service DHCP, J-Flow, RPM Ethernet Switching Wire-rate switching on all ports Integration with all L3 Features VLAN, IRB, 802.1x LACP, xSTP, LLDP Optional POE Support Core Security Zone based Firewall Static NAT / PAT Destination NAT Static Bidirectional NAT ALGs, Screens IPSec VPN IPv4 / v6 Site–Site VPN IKEv1 / v2, NAT-T VRF, QOS aware DPD, Multi-proxy ID Auto VPN / Group VPN

13 Auto VPN – “E.T. Phone Home”
Solution : Dial-up style hub-spoke configuration Single, shared gateway entry for each and every spoke Dynamic route based VPN Automatically advertises Spoke-Connected Networks Certificate-Based authentication Admission policy based on spoke DN Benefits: One-Time design & configuration for hub Automatic addition of valid spokes to VPN Zero Impact on existing Connections Spoke 1 Spoke 2 Spoke 3 Certificate Authority HUB

14 Price Per 1 Mbps of IPSec Services
2-3X better price / performance SRX1500 SRX300 SRX100 ISR892 SRX320 SRX210 ISR4321 SRX340 SRX240 ISR4331 SRX345 SRX240 ISR4331 SRX550 SRX550 ISR4351 SRX650 ISR4451 IPSec Services = IMIX IPSec VPN (AES + SHA-1)

15 Next Generation Firewall

16 Use Case – a high performance security appliance
A high performance security appliance – protects corporate network, provide application visibility & control and help improve employee productivity Target Segment : Finance, Federal, TMT Campus Edge Firewall Users : Campus (upto 1000) and Branch (upto 200) HQ or Campus Key Features : NGFW, client side IPS, Remote Access VPN, threat intelligence, anti-malware Internet Branch Firewall Typical Customers: MOE (Saudi), Federal Reserve, Liberty Mutual, USPS, Ascension Health, MDA Branch Offices

17 Juniper Next Generation Firewall Portfolio
SRX Foundation Next Generation Firewall Services Firewall VPN NAT Routing Application Control User-based firewall Unified Threat Management Anti-virus Intrusion Prevention Web/Content Filtering Anti-spam Security Intelligence Command & control GeoIP feeds Custom feeds Management Reporting Analytics Automation

18 Integrated User Firewall
Microsoft Active Directory P2P apps blocked YouTube allowed Anti-virus applied Finance P2P, YouTube blocked Anti-virus applied User firewall controls allows different users to have different application policies based on their role and group Some people or groups might need restrictions on things like YouTube. It might be for productivity reasons, it might be for bandwidth reason. Or in some cases even compliance. Whatever the reason, we have controls in place that you define your policies with automated integration to active directory. Sales No apps blocked Anti-virus applied CEO SRX directly talks to MS AD, MAG / IC appliance not required 18

19 Application Identification (AppID) 2.0
Applications ~1700 3000+ Implementation Pattern Matching Decoder (loadable) Evasive Apps (TOR, UltraSurf etc) No Yes P2P Apps (Bit torrents etc) Limited Accuracy Good Best Nested App for non HTTP App ALGs (SIP, RTP codecs) Custom Signature In Future

20 Threat Intelligence Architecture
Spotlight Secure Cloud GeoIP feed Other threat intelligence Command & Control Junos Space Open platform delivers more value Scalable to ensure full enterprise or service provider deployment Built for expansive data capacity Improved efficacy through threat scores and tuning Adaptive: from the data source, to data normalization, to enforcement at the firewall Security Director Spotlight Secure Connector Firewalls SRX240 and above

21 Summary Hardware Refresh Closing Gaps Security Efficacy
Entire SRX Product line is getting refresh and performance boost Closing Gaps Strong roadmap to fix key feature gaps in both routing and security use cases Open and adaptive threat intelligence platform and advanced anti-malware Security Efficacy Special focus on user experience with central management at a highest priority User Experience

22 JUNIPER SWITCHING SOLUTIONS

23 JUNIPER ETHERNET SWITCHING
Deployed Extensively Over 22,000 customers, 15M+ ports Data center, campus, branch, SP Financials, healthcare, education #3 LAN switching vendor The EX9200 is the latest addition to Juniper Networks switching portfolio. Over 15 million EX Series and QFX Series switch ports have been deployed around the globe in more 22,000 unique customer networks, ranging from enterprise campus and branch environments to enterprise and service provider data centers. These networks are often found in the most demanding environments, including: Financials, where low latency is a critical requirement Healthcare, where network availability is crucial to patient safety Education, where mobile device usage by students pushes the network to the breaking point Juniper’s EX Series and QFX Series platforms are selected by customers for their: Technology flexibility Price / performance Carrier-class reliability Most importantly, Juniper is known for “delivering operational simplicity.” Why We Win Technology flexibility Performance Carrier-class reliability Delivering operational simplicity

24 Something to TALK about
EX SERIES “The Virtual Chassis feature was a key reason we used the EX Series platform. Virtual Chassis gives us the flexibility in terms of logical architecture and scale as well as the physical ease of use.” – OnLive Something to TALK about “Organizations can expect products to deliver as specified and to have robust and well-tested feature sets.” – Gartner “In our evaluation Juniper Networks' enterprise switching and security devices provided outstanding price/performance with excellent reliability and scalability. With Junos running across all devices, management and interoperability are seamless, contributing to lower operational costs.” – STX Corp Publically referencible customers and analysts quotes, add awards What does the customers say? What do the Analyst say? What does the industry say? "AWCC is planning for the long-term demand of bandwidth driven by smartphones and other advanced devices," said Frank O'Mara, CEO of AWCC. "Delivering service to customers in this environment requires a partner that understands the importance of planning for the next stage of the mobile network. Juniper stood out as the best company to help us provide the highest quality wireless service and a superior customer experience." “When IP networking is not just a campus-wide service but is the subject of student study and academic research, you need a highly resilient and flexible infrastructure,” said Dr. Jack Jiao, project manager of Beijing University of Posts and Telecommunications. "In our evaluation Juniper Networks' enterprise switching and security devices provided outstanding price/performance with excellent reliability and scalability. With Junos running across all devices management and interoperability are seamless, contributing to lower operational costs.“ "In common with the financial markets we cover and the investment community we serve, we count on our production network to have absolute integrity and reliability," said Peter Juno, senior vice president of CNBC Asia Pacific Operations. “The Juniper and Nevion solution provides the performance, reliability and quality we need to embrace IP networking for professional broadcast TV production." “Juniper was out here all the time, taking us back to their lab, setting things up and letting us try them out. It really felt like a partnership.” – Interstate Batteries 24

25 VIRTUAL CHASSIS TECHNOLOGY THREE DESIGN PRINCIPLES
Management An order of magnitude reduction in the number of: Managed devices Image upgrades Backward compatibility Flexibility Seamless, non-disruptive migration from 1GbE to 10GbE data center network Design flexibility Robust hardware and software design Convergence when something changes Scale without trade-offs From 10s to 1,000s of servers within OR across multiple data centers High performance Larger scale Cost

26 INNOVATIONS WITH VIRTUAL CHASSIS TECHNOLOGY
10 switches in one configuration Virtual Chassis over locations separated by 80 km Different platforms in a single Virtual Chassis configuration Industry- only Available in core, aggregation and access layers of the network Industry- only

27 EX SERIES VIRTUAL CHASSIS PLATFORMS AVAILABLE ACROSS THE NETWORK
EX2200 EX2200-C 12/24/48-Port, Fanless Access Switch POE+ Model Option 2/4 dual purpose SFP uplinks L2 and Basic L3 Features L2, IPv4/v6 static, RIP (in base) OSPF, PIM (Enhanced License) EX3300 24/48 10/100/ BASE-T PoE/PoE+ Data center air flow 6 member Virtual Chassis Fixed power supply and fans MacSec External RPS option 4 port SFP/SFP+ uplinks EX4300 28/48 port wirespeed 10/100/1000BASE-T PoE/PoE+ Data center air flow Field replaceable power and cooling 4 port GbE SFP uplink 2 port 10GbE XFP uplink 10-member Virtual Chassis with 128 Gbps backplane EX4550 40 10GbE fiber ports Data center air flow Redundant power and cooling Small form factor 10-member Virtual Chassis with 128 Gbps backplane Line rate EX4600 QFX5100 1G/10G/40G Ports Data center air flow Redundant power and cooling 10-member Virtual Chassis with 128 Gbps backplane 20 Member Virtual Chassis Fabric Line rate Access Aggregation/Data Center Seamless 1GbE/10GbE/40GBE Migration

28 EX9200 CORE PLATFORM 4-slot (5RU), 8-slot (8RU) and 14-slot (16RU) modular chassis options 1GbE / 10GbE / 40GbE / 100GbE line card options 352 x 10GbE, 66 x 40GbE or 22 x 100GbE (264 x 10GbE, 66 x 40GbE, or 22 x 100GbE ) port density Virtual Chassis Resilient routing engine, switch fabrics and power supplies EX9200

29 Flatter and Simpler Data Center Topology
WAN Internet 3-Tier Approach Spine-Leaf 2-Tier Ñ Ñ Ñ Ñ Leafs residing at the top of each rack All leafs and their associated hosts are equidistant Consistent east-to-west performance

30 NEW SOFTWARE ARCHITECTURE -Today: QFX 5100, QFX 10000, EX4600
CLI, XML, Netconf, UNIX and API Access OPEN APIs PFE PLATFORM CARRIER-CLASS NETWORKING EXTENSIBLE USER SPACE 3rd party applications HARDWARE ABSTRACTION LAYER KVM KVM Yocto Linux CARRIER-GRADE LINUX DATA PLANE x86 CONTROL PLANE FLASH MEMORY (UBOOT + ONIE)

31 HITLESS OPERATIONS DRAMATICALLY REDUCES MAINTENANCE WINDOWS
EX4600 QFX5100 QFX10000 HITLESS OPERATIONS DRAMATICALLY REDUCES MAINTENANCE WINDOWS Topology - Independent ISSU High-Level Architecture Network Performance Junos VM (Master) Junos VM (Master) Junos VM (Backup) Junos VM (Master) PFE PFE With Topology-Independent In-Service Software Upgrades (ISSU), the QFX5100 can dramatically reduces network maintenance windows. The QFX5100 is the only product in its class to offer true-topology independent ISSU. The typical approach to ISSU for ToR / access switches is to rely on the resilient backup switch in the network to provide service continuity while a switch is being upgraded and rebooted. This results in: Network performance degradation for the during of the switch upgrade as one element of the resilient pair is out of service during the upgrade process Network resiliency risk as resiliency is compromised during the upgrade process Long maintenance windows and operations inefficiencies as only one switch can be updated at a time, requiring a sequential upgrade process. With topology-independent ISSU, there is no dependency on a resilient backup switch for hitless software upgrades. During software upgrades there is no impact on network performance and no risk to network resiliency as all switches continue to operate during the upgrade process. Also, there is no need to plan for long maintenance windows as all switches can be upgraded simultaneously. [click] The QFX5100 is built on an x86 processor running a hardened Linux Kernal. The Junos operating system runs in a Kernal Based Virtual Machine. To upgrade the operating system, an upgrade command is issued from the master Junos VM (Master). A new Junos disk image is created and verified, then launched as a new backup Junos VM. Then the system waits for the Packet Forwarding Engines to synchronize, before swapping roles (detaching devices from the current master and attaching devices to backup). Once the upgrade is complete the current master Junos VM is shut down after delivering a truly seamless software upgrade. Competitive ISSU Approaches Kernel Based Virtual Machines Linux Kernel Network Resiliency x86 Hardware Broadcom Trident II Broadcom Trident II Data Center Efficiency During Switch Software Upgrade

32 Thank you! Martti Saramies msaramies@juniper.net
Mob

Download ppt "Overview of Juniper Networks Security and Switching platforms"

Similar presentations

SwitchBlade ® x908 Advanced Layer 3 Modular Switch.

SwitchBlade ® x908 Advanced Layer 3 Modular Switch.
Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)

Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)
Agenda Product Overview Hardware Interfaces Software Features

Agenda Product Overview Hardware Interfaces Software Features
Copyright ® 2012 by Edge-Core Networks Corp. All rights reserved. Confidential Edge-Core Product Roadmap October 18, 2012.

Copyright ® 2012 by Edge-Core Networks Corp. All rights reserved. Confidential Edge-Core Product Roadmap October 18, 2012.
Sales Guide for DES-3810 Series Aug 2011 D-Link HQ.

Sales Guide for DES-3810 Series Aug 2011 D-Link HQ.
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 1 Mike Banic VP, Product Marketing, EPBG Enterprise Infrastructure Solutions.

| Copyright © 2009 Juniper Networks, Inc. | 1 Mike Banic VP, Product Marketing, EPBG Enterprise Infrastructure Solutions.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco SB Summit Praha, 26.4.2012 Jan Křístek Tomáš Chott.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco SB Summit Praha, Jan Křístek Tomáš Chott.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
Brocade VDX 6746 switch module for Hitachi Cb500

Brocade VDX 6746 switch module for Hitachi Cb500
MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.

MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.
Virtual chassis enhancements in Junos 12.2

Virtual chassis enhancements in Junos 12.2
1 © 2001, Cisco Systems, Inc. All rights reserved. NIX Press Conference Catalyst 6500 Innovation Through Evolution 10GbE Tomáš Kupka,

1 © 2001, Cisco Systems, Inc. All rights reserved. NIX Press Conference Catalyst 6500 Innovation Through Evolution 10GbE Tomáš Kupka,
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
© 2011 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Cisco Connected Energy Vision Utility Operations Connected Buildings.

© 2011 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Cisco Connected Energy Vision Utility Operations Connected Buildings.
Avaya Data Solutions for SME. ©2010 Avaya Inc. All rights reserved. 2 2 Avaya’s Unique Value Proposition  Up to 7X better resiliency  100% Call Completion.

Avaya Data Solutions for SME. ©2010 Avaya Inc. All rights reserved. 2 2 Avaya’s Unique Value Proposition  Up to 7X better resiliency  100% Call Completion.
Citrix Partner Update The Citrix Delivery Centre.

Citrix Partner Update The Citrix Delivery Centre.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.

Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

Similar presentations

Ads by Google