• No results found

Evolution to Virtual and Highly Scalable Platforms

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Evolution to Virtual and Highly Scalable Platforms"

Copied!
18
0
0

Loading.... (view fulltext now)

Download now ( 18 Page )

Full text

(1)

Evolution to Virtual and Highly

Scalable Platforms

SMN – Security Day 2015

Jani Ripatti

(2)

Juniper’s Success in Branch Office Networking

Key Highlights

• More than 500,000 devices deployed in last 4 years

• 30,000+ customers from 47 countries

• 7 out of top 10 customers every quarter are run-rate customers

• First half of 2015 grew faster than first half of 2014

Recent Largest Wins

• 7-Eleven – 6,500 (+7,000) Stores (SRX210)

• Genuine Parts – 6,000 Stores (SRX210 POE)

• Starbucks – 8,000 Stores (SRX100 & SRX220)

• Barclays – 2,500 Branch Offices (SRX220)

• Russian Police – 3,500 Branch Offices (SRX240)

(3)
(4)

SRX Product Line Evolution

3U, 10 Gb/s IMIX 5U, 20 Gb/s IMIX 8U, 70 Gb/s IMIX 3U, 5 Gb/s IMIX

SRX3600

SRX5800

SRX5600

SRX3400

SRX1400

SRX550/650

SRX5400

5U, 25 Gb/s IMIX 16U, 140 Gb/s IMIX 16U, 1.4 Tb/s IMIX 3U, 700 Gb/s IMIX 2U, 350 Gb/s IMIX 2U, 100 Gb/s IMIX 1U, 10 Gb/s IMIX SRX1500 Bastion-Ultralite Bastion-Lite Bastion SRX300-SRX345 Increased Performance 200+ Gb/s IMIX Increased Performance 500+ Gb/s IMIX MIDRANGE HIGH END

SRX100/200

LOW END BRANCH & SECURE ROUTER

SMALL CAMPUS ENTERPRISE EDGE/SMALL DATA CENTER DATA CENTER

CURRENT SHIPPING PRODUCTS

New Hardware Platforms & Software Innovations

vSRX - Virtual SRX

(5)

2 Terabits per Second Throughput

Tested by Ixia

(6)

SRX300 Series – Available soon!

SRX300

(SRX100 Refresh)

• 8xGE (w/ 2xSFP) • Desktop form factor • Fanless design • MAC-Sec (2xSFP) IMIX Perf (vs. SRX100) • Routing : 500 Mbps (2.5x) • Firewall : 500 Mbps (2.5x) • IPSec : 100 Mbps (3.3x) • NGFW* : 50 Mbps (3.0x)

Retail Office

< 50 Users

SRX320 (SRX210 / SRX220 Refresh) • 8xGE (w/ 2xSFP) • 2x MPIM Slots • MAC-Sec (2xSFP) • Optional POE SKU

IMIX Perf (vs. SRX210) • Routing : 500 Mbps (2.0x) • Firewall : 500 Mbps (2.0x) • IPSec : 100 Mbps (2.5x) • NGFW* : 50 Mbps (2.0x) SRX340 (SRX240 Refresh) • 16xGE (w/ 8xSFP) • 1U Rack Mount • 4x MPIM Slots • MAC-Sec (16xGE) • OOB Mgmt port (1xGE)

IMIX Perf (vs. SRX240) • Routing : 1.0 Gbps (1.7x) • Firewall : 1.0 Gbps (1.7x) • IPSec : 200 Mbps (2.0x) • NGFW* : 100 Mbps (1.5x) SRX345 (New Model) • 16xGE (w/ 8xSFP) • 1U Rack Mount • 4x MPIM Slots • MAC-Sec (16xGE) • OOB Mgmt port (1xGE)

IMIX Perf (vs. SRX240) • Routing : 2.0 Gbps (3.5x) • Firewall : 2.0 Gbps (3.5x) • IPSec : 300 Mbps (3.0x) • NGFW* : 200 Mbps (3.0x)

Small Branch

50 – 100 Users

100 - 200 Users

Mid Branch

200 – 500 Users

Large Branch

SRX550-M (SRX550 RoHS) • 10xGE (w/ 4xSFP) • 2U Rack Mount • 2x MPIM + 6x GPIM • 1 + 1 AC / DC PSU IMIX Perf (vs. SRX550) • Routing : 3.0 Gbps (-) • Firewall : 3.0 Gbps (-) • IPSec : 350 Mbps (-) • NGFW* : 300 Mbps (-)

Mid – Large Branch

200 - 500 Users

• Junos 12.3X48 feature parity and FRS with Junos 15.1X release

• Based on Branch SRX (SRX SME) software architecture

(7)

Forge (SRX1500)

Front Panel Interfaces

• 12x1GE (Cu) + 4x1GE (SFP)

• 4x 10GE (SFP+)

• 2x PIM Slots (for future use)

• Dedicated HA Control Port (SFP)

• Dedicated OOB mgmt (1xGE)

Power, Storage & Dimensions

• 16G eSATA + 100G SSD

• Dual power supply (AC / DC)

• Avg / Max Power : 120W / 150W

• Size : 1 RU

• Front to Back Airflow

Performance Targets

• Firewall (IMIX) : 8.0 Gbps

• VPN (IMIX) : 1.0 Gbps

• AppID (HTTP) : 5.0 Gbps

• IPS Recommended : 3.0 Gbps

• NGFW* : 1.5 Gbps

*NGFW = Client Side IPS + AppFW + External Logging

(8)

Forge HW / SW Architecture

8x PCIe (10Gbps)

PFE Board

CPU Board

Intel Xeon 1125v2 4C 2.4Ghz Cave Creek PCH 16GB mSATA Altera Stratex V FPGA Broadcom 56548 2x 8G B DDR 3 R A M 4 0 0 W A C / DC P S U 4 0 0 W A C / DC PSU WAN PIM Slots 120GB SSD 12x1G 4x1G 4x10G 2x1G 2x10G 12x1G Cu 4x1G SFP 4x10G SFP+

ASIC, FPGA [Custom/Merchant] or x86

PPC or X86 Control Plane CPU

Linux

KVM QEMU/Libvirt

Platform

Switching & Security

Optimator

Software

Architecture

Control Plane

Hardware

Forwarding Plane

Hardware

Junos (S3BU) 3rd Party Services

Optimator Architecture

(9)
(10)

vSRX

2.0

Evolution of the vSRX

Network Firewall Rich Networking and

Routing

• HA for VMware

• Virtual Director

Contrail Integration

Junos 15.1

Modern Linux base OS

• Intel DPDK, SR-IOV, VMxnet3 (etc.) to increase performance (2x-4x targets)

64 bit OS to increase scale

Density performance (5x target)UTMIPS • AppSecure 2.0 (X47-D20) • vSphere 5.5 Support • HA for KVM/Contrail Platforms • Transparent Mode

January

2014

2014/2015

Now

Firefly

X46

Firefly

X47

(11)

vSRX VM

Hypervisors

(VMware, KVM, Contrail)

Physical X86 CPU, Memory, & Storage Adv Services + Flow Processing + Packet FWD (JEXEC) Junos Kernel QEMU/KVM

Juniper Linux (Guest OS)

SRIOV Junos Control Plane

(JCP/vRE)

MGD RPD

FEATURE PARITY TO X47-D20 (FFP)

(Including Firewall, AppSecure, UTM/IDP, VPN, NAT, Routing, HA Cluster, etc.)

PLATFORMS

• VMWare 5.1,5.5 • Ubuntu 14.04 (KVM)

CHANGES

• Name change to vSRX

• Junos Version change to 15.1

• DPDK

• SR-IOV

• VMXNET3 and VirtIO (Driver updates)

• Linux Base OS

• 64Bit Flowd

• Dedicated management I/F

• SCSI Support

• SNMP enhancements

• VMTools

• Min 4G vRAM and 8G HD

vSRX 2.0

• Centos 6.6 (KVM)

(12)

vSRX

– Security & Routing

Junos Routing Protocols and SDK

Junos Rich and Extensible Security Stack

Junos Space – Security Director & Virtual Director, CLI, JWEB, SNMP, HA/FT

Firewall

VPN

NAT

Routing

Anti-Virus

IPS

Web Filtering

Anti-Spam

AppID

AppFW

AppQoS

AppTrack

(13)

vSRX 2.0 vs vSRX1.0: Performance metrics

Firewall (UDP 1514B pkts)

4.35 Gbps

10.5Gbps

Firewall (IMIX)

1.05 Gbps

2.6Gbps

Firewall Ramp Rate (TCP)

22 kCPS

36K CPS

Firewall Latency (512B UDP)

107 Micro Sec

74 Micro Sec

NAT (UDP 1514B pkts)

4.3 Gbps

10.5Gbps

NAT (IMIX)

1.05 Gbps

2.54Gbps

NAT Ramp Rate (TCP)

19K CPS

26K CPS

IPSec (3DES+SHA1, 1514B)

290 Mbps

562 Mbps

IPSec (3DES+SHA1, IMIX)

146 Mbps

276 Mbps

IPSec (3DES+SHA1, 64B)

29 Mbps

132 Mbps

IKE Rate (3DES+SHA1,V1 or 2)

71 Tunnels/Sec

56 Tunnels/Sec

EWF (44KB File)

251 Mbps

2030 Mbps

SAV (Allscan 44KB File)

279 Mbps

445 Mbps

AppSecure+IPS HTTP Throughput

2

(Response Content –

44KB File)

760 Mbps

1300 Mbps

AppSecure+IPS HTTP CPS

2

(Response Content – 64 bytes)

5600 CPS

6500 CPS

Performance

1

vSRX 1.0

vSRX 2.0

1Reference platform for performance: Dell PowerEdge R820, ESXI 5.1, 24 Cores, 2.899 Ghz CPUs 2IDP Performance is based on default recommended IDP policy

(14)
(15)

Juniper’s network management platform

Efficiently Manage the “New Network”

Junos Space SDK & APIs

Programmable interface to customize apps/ Easy MoM & 3rd party integration

SPACE Platform

(16)
(17)
(18)

References

Download now ( PDF - 18 Page - 1.80 MB )

Related documents

S E R V I C E N O T E

Remove the Sensor Cable Assembly and the Power Reference Connector (if fitted) from the faulty front panel, as per the instructions provided in the Service Guide (refer to Chapter

De boeken van Spinoza

In 1965 verscheen een nieuwe catalogus van de collectie, samengesteld door een werkgroep onder leiding van Jan Aler (1910-1992): Catalogus van de bibliotheek der Vereniging

INVERTER WITH MULTIPLE MPP TRACKERS: REQUIREMENTS AND STATE OF THE ART SOLUTIONS

Additionally, for both MPP Trackers an extended MPP voltage range with decreasing DC power capability is required to get more flexibility in system configuration and a

The heraldic charges in the libros de caballerías

De estos simples traspasos de figuras, propiciados por semejanzas fonéticas, se pasó a utilizar el sentido de las narraciones novelescas para confeccionar

Robustness of the Contextual Bandit Algorithm to A Physical Activity Motivation Effect

According to our generative model, the contextual bandit algorithm is still robust when different levels of physical activity motivation effects are

Mobicents USSD Gateway User Guide

A user who is dialing USSD service number initiates dialog with USSD handling application A user who is dialing USSD service number initiates dialog with USSD

Insights from a general practice service evaluation supporting a lower carbohydrate diet in patients with type 2 diabetes mellitus and prediabetes: a secondary analysis of routine clinic data including HbA1c, weight and prescribing over 6 years

Insights from a general practice service evaluation supporting a lower carbohydrate diet in patients with type 2 diabetes mellitus and prediabetes: a secondary analysis of

An Agent-Based Framework for E-Commerce Information Retrieval Management Using Genetic Algorithms

This paper tries to show how genetic algorithms can be used in the field of information retrieval and which the differ- ences between a static are and a dynamic ap- proach, used