Evolution to Virtual and Highly Scalable Platforms

Evolution to Virtual and Highly Scalable Platforms SMN Security Day 2015 Jani Ripatti Sr. Systems Engineer, JNCIE #396, CCIE #20628

Juniper s Success in Branch Office Networking Key Highlights Top Customers More than 500,000 devices deployed in last 4 years 30,000+ customers from 47 countries 7 out of top 10 customers every quarter are run-rate customers First half of 2015 grew faster than first half of 2014 Recent Largest Wins 7-Eleven 6,500 (+7,000) Stores (SRX210) Genuine Parts 6,000 Stores (SRX210 POE) Starbucks 8,000 Stores (SRX100 & SRX220) Barclays 2,500 Branch Offices (SRX220) Russian Police 3,500 Branch Offices (SRX240)

SRX Hardware Update

SRX Product Line Evolution New Hardware Platforms & Software Innovations 16U, 1.4 Tb/s IMIX 3U, 700 Gb/s IMIX Bastion HIGH END SRX5800 SRX300- SRX345 SRX100/200 LOW END SRX550/650 1U, 10 Gb/s IMIX SRX1500 SRX1400 3U, 5 Gb/s IMIX 2U, 100 Gb/s IMIX Bastion-Ultralite SRX3400 MIDRANGE SRX3600 3U, 10 Gb/s IMIX 2U, 350 Gb/s IMIX Bastion-Lite SRX5400 5U, 20 Gb/s IMIX SRX5600 5U, 25 Gb/s IMIX Increased Performance 200+ Gb/s IMIX 16U, 140 Gb/s IMIX 8U, 70 Gb/s IMIX Increased Performance 500+ Gb/s IMIX vsrx - Virtual SRX 2 Gb/s IMIX with path to 20 Gb/s IMIX CURRENT SHIPPING PRODUCTS BRANCH & SECURE ROUTER SMALL CAMPUS ENTERPRISE EDGE/SMALL DATA CENTER DATA CENTER

Introducing Industry s Fastest Firewall! 2 Terabits per Second Throughput Tested by Ixia

SRX300 Series Available soon! Retail Office < 50 Users Small Branch 50 100 Users Mid Branch 100-200 Users Mid Large Branch 200-500 Users Large Branch 200 500 Users 8xGE (w/ 2xSFP) Desktop form factor Fanless design MAC-Sec (2xSFP) 8xGE (w/ 2xSFP) 2x MPIM Slots MAC-Sec (2xSFP) Optional POE SKU 16xGE (w/ 8xSFP) 1U Rack Mount 4x MPIM Slots MAC-Sec (16xGE) OOB Mgmt port (1xGE) 16xGE (w/ 8xSFP) 1U Rack Mount 4x MPIM Slots MAC-Sec (16xGE) OOB Mgmt port (1xGE) 10xGE (w/ 4xSFP) 2U Rack Mount 2x MPIM + 6x GPIM 1 + 1 AC / DC PSU IMIX Perf (vs. SRX100) IMIX Perf (vs. SRX210) IMIX Perf (vs. SRX240) IMIX Perf (vs. SRX240) IMIX Perf (vs. SRX550) Routing : 500 Mbps (2.5x) Firewall : 500 Mbps (2.5x) IPSec : 100 Mbps (3.3x) NGFW* : 50 Mbps (3.0x) Routing : 500 Mbps (2.0x) Firewall : 500 Mbps (2.0x) IPSec : 100 Mbps (2.5x) NGFW* : 50 Mbps (2.0x) Routing : 1.0 Gbps (1.7x) Firewall : 1.0 Gbps (1.7x) IPSec : 200 Mbps (2.0x) NGFW* : 100 Mbps (1.5x) Routing : 2.0 Gbps (3.5x) Firewall : 2.0 Gbps (3.5x) IPSec : 300 Mbps (3.0x) NGFW* : 200 Mbps (3.0x) Routing : 3.0 Gbps (-) Firewall : 3.0 Gbps (-) IPSec : 350 Mbps (-) NGFW* : 300 Mbps (-) SRX300 (SRX100 Refresh) SRX320 (SRX210 / SRX220 Refresh) SRX340 (SRX240 Refresh) SRX345 (New Model) SRX550-M (SRX550 RoHS) Junos 12.3X48 feature parity and FRS with Junos 15.1X release Based on Branch SRX (SRX SME) software architecture *NGFW = Client Side IPS + AppFW + External Logging

Forge (SRX1500) Front Panel Interfaces 12x1GE (Cu) + 4x1GE (SFP) 4x 10GE (SFP+) 2x PIM Slots (for future use) Dedicated HA Control Port (SFP) Dedicated OOB mgmt (1xGE) Power, Storage & Dimensions 16G esata + 100G SSD Dual power supply (AC / DC) Avg / Max Power : 120W / 150W Size : 1 RU Front to Back Airflow Performance Targets Firewall (IMIX) : 8.0 Gbps VPN (IMIX) : 1.0 Gbps AppID (HTTP) : 5.0 Gbps IPS Recommended : 3.0 Gbps NGFW* : 1.5 Gbps *NGFW = Client Side IPS + AppFW + External Logging

400W AC / DC PSU 400W AC / DC PSU 2x 8GB DDR3 RAM Forge HW / SW Architecture 120GB SSD CPU Board Altera Stratex V FPGA Cave Creek PCH 2x10G Broadcom 56548 16GB msata Intel Xeon 1125v2 4C 2.4Ghz 8x PCIe (10Gbps) 2x1G 12x1G 4x1G 4x10G PFE Board WAN PIM Slots Optimator Architecture Switching & Security Junos (S3BU) QEMU/Libvirt KVM 3rd Party Platform Linux Services PPC or X86 Control Plane CPU ASIC, FPGA [Custom/Merchant] or x86 Optimator Software Architecture Control Plane Hardware Forwarding Plane Hardware 12x1G Cu 4x1G SFP 4x10G SFP+

vsrx update Scalable Cloud Firewall Platform

Evolution of the vsrx January 2014 2014/2015 Now Network Firewall UTM Junos 15.1 Firefly X46 Rich Networking and Routing HA for VMware Virtual Director Contrail Integration Firefly X47 IPS AppSecure 2.0 (X47-D20) vsphere 5.5 Support HA for KVM/Contrail Platforms Transparent Mode vsrx 2.0 Modern Linux base OS Intel DPDK, SR-IOV, VMxnet3 (etc.) to increase performance (2x-4x targets) 64 bit OS to increase scale Density performance (5x target)

vsrx VM Junos Control Plane (JCP/vRE) vsrx 2.0 MGD RPD Adv Services + Flow Processing + Packet FWD (JEXEC) FEATURE PARITY TO X47-D20 (FFP) (Including Firewall, AppSecure, UTM/IDP, VPN, NAT, Routing, HA Cluster, etc.) Junos Kernel PLATFORMS QEMU/KVM SRIOV VMWare 5.1,5.5 Ubuntu 14.04 (KVM) Centos 6.6 (KVM) Latest Contrail Juniper Linux (Guest OS) Hypervisors (VMware, KVM, Contrail) Physical X86 CPU, Memory, & Storage CHANGES Name change to vsrx Junos Version change to 15.1 DPDK SR-IOV VMXNET3 and VirtIO (Driver updates) Linux Base OS 64Bit Flowd Dedicated management I/F SCSI Support SNMP enhancements VMTools Min 4G vram and 8G HD

vsrx Security & Routing Junos Rich and Extensible Security Stack Perimeter Security Content Security Application Security Firewall VPN NAT Routing Anti-Virus IPS Web Filtering Anti-Spam AppID AppFW AppQoS AppTrack Junos Routing Protocols and SDK Junos Space Security Director & Virtual Director, CLI, JWEB, SNMP, HA/FT

vsrx 2.0 vs vsrx1.0: Performance metrics Performance 1 vsrx 1.0 vsrx 2.0 Firewall (UDP 1514B pkts) 4.35 Gbps 10.5Gbps Firewall (IMIX) 1.05 Gbps 2.6Gbps Firewall Ramp Rate (TCP) 22 kcps 36K CPS Firewall Latency (512B UDP) 107 Micro Sec 74 Micro Sec NAT (UDP 1514B pkts) 4.3 Gbps 10.5Gbps NAT (IMIX) 1.05 Gbps 2.54Gbps NAT Ramp Rate (TCP) 19K CPS 26K CPS IPSec (3DES+SHA1, 1514B) 290 Mbps 562 Mbps IPSec (3DES+SHA1, IMIX) 146 Mbps 276 Mbps IPSec (3DES+SHA1, 64B) 29 Mbps 132 Mbps IKE Rate (3DES+SHA1,V1 or 2) 71 Tunnels/Sec 56 Tunnels/Sec EWF (44KB File) 251 Mbps 2030 Mbps SAV (Allscan 44KB File) 279 Mbps 445 Mbps AppSecure+IPS HTTP Throughput 2 (Response Content 760 Mbps 1300 Mbps 44KB File) AppSecure+IPS HTTP CPS 2 (Response Content 64 bytes) 5600 CPS 6500 CPS 1 Reference platform for performance: Dell PowerEdge R820, ESXI 5.1, 24 Cores, 2.899 Ghz CPUs 2 IDP Performance is based on default recommended IDP policy

Junos Space Security Director

Juniper s network management platform Efficiently Manage the New Network Junos Space SDK & APIs Programmable interface to customize apps/ Easy MoM & 3rd party integration Security Director Network Director Service Activation SPACE Platform

Current SD - Visual Design

New SD - Visual Design

Thanks!