More Related Content Similar to Juniper for Enterprise Similar to Juniper for Enterprise (20) More from Sergii Liventsev More from Sergii Liventsev (8) Juniper for Enterprise2. История инноваций Juniper
1998: First separation of control plane & data plane
1998: First implementation of IPv4, v6, MPLS in silicon
1998: First 2.4Gbps forwarding engine
2000: First wire-rate 10Gbps forwarding engine
2002: First implementation of integrated services
2003: First scalable cell-switched fabric
2004: First multi-chassis router
2005: First line-rate 40Gbps forwarding engine
2007: First Ethernet router
2007: First > 160G Firewall
1998-2006: Record quadrupling of capacity every 2 years
2009: Next generation edge silicon: NISP
2010: First 100GE
За 11 лет - 78 микросхем собственной разработки!
1 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
3. Портфель продуктов Juniper Networks
Беспроводный доступ Управление услугами Динамическое
(WiFi) предоставление услуг
RingMaster - SmartPass
WL-серия JUNOS Space/NSM/SRC SRX-серия/ Virtual Gateway
Магистраль Городские сети и Коммутаторы
оказание услуг корпоративных
сетей
T/PTX-серии MX-серия EX-серия
2 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
4. SRX Series Services Gateways for the branch
Сергей Ливенцев
3 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
5. Branch srx delivers…
Consolidated Security and networking
All-in-One
Next Generation Firewall
VPN
IPS Single device for routing, switching,
AppSecure and security
UTM
Anti-Virus
Comprehensive security
Anti-Spam
Enhanced Web filtering Easy to activate new layers of security
Routing / WAN
WLAN, LAN, Switching
4 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
6. Branch SRX: Serving Multiple Customer Needs
Multi-services Gateway
Secure Router NGFW UTM
Routing and WAN Next generation firewall Ease of use
Interfaces (AppSecure) Best-of-breed Anti-Virus,
Firewall, VPN, NAT In-line IPS Anti-Spam, Web filtering
In-line IPS Application visibility, New AV offering - Sophos
High availability tracking and enforcement In-line IPS
Transparent mode User-role based policies AppSecure
Branch SRX
5 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
7. BRANCH SRX FEATURES MATRIX
Security Wireless LAN and
Firewall
VPN
3G/4G WAN
IPS 802.11n
AppSecure 3G/4G WiMax & LTE
Antivirus
Enhanced Web filtering
Antispam
Routing & Switching Physical Interfaces
RIP, OSPF, BGP,
Multicast, IPv6 T1/E1, Serial, DS3/E3
MPLS; Full BGP table VDSL, ADSL, G.SHDSL
J Flow, RPM DOCSIS Cable Modem
L2 Switching Ethernet 10/100/1000
& 10G, Copper or Fiber
POE Options
6 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
8. BRANCH SRX SERIES GATEWAYS
Delivering “No-Compromise” Services with Scale & Performance
Hardware Platforms Scale from 1G to 10G
Junos Software across Security, Routing and Switching
NEW
+ More LAN slots,
2mPIM+6GPIM Dual P/S, + Hot Swap I/O
WAN slots, 10 x GigE, 4 GB DRAM
PoE, Dual PS SRX650
2 GB DRAM
Q1 2012
+ 4 WAN slots, SRX550
16 x GigE, PoE
1 GB DRAM
+ 2 WAN slots, SRX240
8 x GigE, PoE
1 GB DRAM
NEW
WAN slot, SRX220
Fixed Config 2 x GigE, PoE,
VDSL2 WAN 1 GB DRAM
8 x FE1 SRX210
Fixed Config GB DRAM
8 x FE1 SRX110
GB DRAM
SRX100
Small to Large Branch/
Small Office Medium Office Regional Office
7 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
9. FRS 12.1
Announcing SRX550 Services Gateway
“No-Compromise Services” with scale and performance for the medium to large branch
Advanced Security • Comprehensive Routing
Firewall and VPN Wide range of WAN options: 3G/LTE,
UTM: IPS, antivirus, enhanced web-filtering, T1/E1/DS3/E3, xDSL, Nx1GE, 10 GE
anti-spam L2/L3 VPN, MPLS, VPLS, IPv6, v4
Application visibility, tracking & enforcement
Business Continuity, Resiliency
High Density Switching HA cluster (A/A or A/P)
10 x GE on board (6 Copper, 4 SFP) WAN backup and redundancy
Modular switching with POE Control plane, data plane separation
GPIM Online-Insertion-Removal*
Optional redundant power supplies (AC and
Routing Performance 700 Kpps DC)
1.7 Gbps (IMIX)
Firewall Performance 5.5 Gbps (Large
packets)
AV & IDP HW Acceleration Yes
IPSec Performance 1 Gbps
8 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
10. SRX100
Features SRX100
Ideal for small sites and managed On-board Ethernet 8 x FE
telecommuters Power over Ethernet (802.3af, 802.3at) None
WAN slots None
Full security features USB ports 1
Firewall and VPN Content Security Accelerator—ExpressAV
No
and Intrusion Detection and Prevention
UTM: IPS, AppSecure, antivirus, JUNOS Software version support JUNOS 11.1
web-filtering, and anti-spam Firewall performance (Large Packets) 700 Mbps
UTM requires high memory version Firewall performance (IMIX) 200 Mbps
Firewall performance
(Firewall + Routing PPS 64byte)
70 Kpps
VPN Performance—AES256+SHA-1
3DES+SHA 1
65 Mbps
IPS performance 60 Mbps
Connections Per Second (CPS) 2K CPS
Maximum Concurrent Sessions
(512MB/1GB RAM)
16 K / 32K
Antivirus performance 25Mbps
AppSecure Throughput (HTTP) 90Mbps
High Availability N/A
9 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
11. 11.4
SRX110 – IDEAL SOLUTION FOR SMALL BRANCH
Designed for flexibility, investment protection, and lowest total cost of ownership (TCO).
Features SRX 110
Additional
Primary On-board Ethernet 8 x FE
WAN
USB port
VDSL VDSL2 with
Primary WAN
ADSL2 Fallback
USB Port for
Backup WAN
3G/4G Modem
Additional USB ports One (total 2)
Front
Content Security Accelerator—ExpressAV
and Intrusion Detection and Prevention
No
Backup 3G
WAN
Firewall performance (Large Packets) 700 Mbps
Firewall performance (IMIX) 200 Mbps
Firewall performance
(Firewall + Routing PPS 64byte)
65 Kpps
Back VPN Performance
(AES256+SHA1 / 3DES+SHA1)
65 Mbps
IPS performance 60 Mbps
Connections Per Second (CPS) 2K CPS
Maximum Concurrent Sessions 16 K / 32K
Antivirus performance 25Mbps
AppSecure Throughput (HTTP) 90 Mbps
High Availability N/A
10 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
12. SRX210E
Features SRX210E
Ideal for small branches On-board Ethernet 2 x GE + 6 x FE
Power over Ethernet (802.3af, 802.3at) 4 ports, 50 W total
Full security features WAN slots 1 x mini PIM
Firewall and VPN USB ports (flash) 2
UTM: IPS, AppSecure, antivirus, Content Security Accelerator—ExpressAV
and Intrusion Detection and Prevention
Yes
web-filtering, and anti-spam JUNOS Software version support JUNOS 11.1
UTM requires high memory Firewall performance (Large Packets) 850 Mbps
Firewall performance (IMIX) 250 Mbps
version
Firewall performance
(Firewall + Routing PPS 64byte)
95 Kpps
IPSec VPN Throughput 85 Mbps
IPS performance 85 Mbps
Connections Per Second (CPS) 2,200 CPS
Maximum Concurrent Sessions
(512MB/1GB RAM)
32K / 64K
Antivirus performance 25 Mbps
AppSecure Throughput (HTTP) 250 Mbps
High Availability A/A or A/P
11 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
13. SRX220
Features SRX220
Ideal for small and medium On-board Ethernet 18x GE
branches Power over Ethernet (802.3af, 802.3at) 8 ports GE, 120 W
WAN slots 2 x mini PIM
Full security features USB ports (flash) 2
Firewall and VPN Content Security Accelerator—ExpressAV
and Intrusion Detection and Prevention
Yes
UTM: IPS, AppSecure, JUNOS Software version support JUNOS 11.1
Firewall performance (Large Packets) 950 Gbps
antivirus, web-filtering, and
Firewall performance (IMIX) 300 Mbps
anti-spam Firewall performance
125 Kpps
(Firewall + Routing PPS 64byte)
VPN Performance—AES256+SHA-1
100 Mbps
3DES+SHA-1
IPS Performance 100 Mbps
Connections Per Second (CPS) 3K CPS
Maximum Concurrent Sessions
96K
(512MB/1GB RAM)
Antivirus performance 34 Mbps
AppSecure Throughput (HTTP) 300 Mbps
High Availability A/A or A/P
12 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
14. SRX240
Features SRX240
Ideal for small and medium On-board Ethernet 16 x GE
branches Power over Ethernet (802.3af, 802.3at) 16 ports GE, 150 W
WAN slots 4 x mini PIM
Full security features USB ports (flash) 2
Firewall and VPN Content Security Accelerator—ExpressAV
and Intrusion Detection and Prevention
Yes
UTM: IPS, AppSecure, JUNOS Software version support JUNOS 11.1
Firewall performance (Large Packets) 1.5 Gbps
antivirus, web-filtering, and
Firewall performance (IMIX) 500 Mbps
anti-spam Firewall performance
200 Kpps
(Firewall + Routing PPS 64byte)
UTM requires high memory VPN Performance—AES256+SHA-1
300 Mbps
version 3DES+SHA-1
IPS Performance 230 Mbps
Connections Per Second (CPS) 9K CPS
Maximum Concurrent Sessions
64K / 128K
(512MB/1GB RAM)
Antivirus performance 85 Mbps
AppSecure Throughput (HTTP) 750 Mbps
High Availability A/A or A/P
13 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
15. NEW!
SRX550 SERVICES GATEWAY SPECIFICATIONS
Features SRX550
Ideal for enterprise medium to large
10 x GE (6 Copper,
branch On-board Ethernet
4SFP)
Power over Ethernet (802.3af, 802.3at) 40 ports GE, 500 W
Ideal office-in-a-box solution for managed WAN slots 2 mPIM, 6 x GPIM
services or commercial business USB ports (flash) 2
Content Security Accelerator—ExpressAV
SRX550 offers: and Intrusion Detection and Prevention
Yes
Comprehensive Routing and Security JUNOS Software version support JUNOS 12.1
Services Firewall performance (Large Packets) 5.5 Gbps
High density on-board and modular Firewall performance (IMIX) 1.7 Gbps
switch ports, Copper and SFP Firewall performance
(Firewall + Routing PPS 64byte)
700 Kpps
Application Awareness and Control VPN Performance—AES256+SHA-1
1.0 Gbps
3DES+SHA-1
Business Continuity and Resiliency IPS Performance 800 Mbps
Connections Per Second (CPS) 27K CPS
Maximum Concurrent Sessions (2 GB RAM) 375 K
Antivirus performance 300 Mbps
AppSecure Throughput (HTTP) 1.5 Gbps
A/A or A/P
High Availability
14 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
16. SRX650
Features SRX650
Ideal for regional sites and large On-board Ethernet 4 x GE
branches 48 ports GE, 250W
Power over Ethernet (802.3af, 802.3at)
or 500 W
Full security features WAN slots 8 x GPIM
Firewall and VPN USB ports (flash) 2 per processor
Content Security Accelerator—ExpressAV
UTM: IPS, AppSecure, antivirus, web- and Intrusion Detection and Prevention
Yes
filtering, and anti-spam JUNOS Software version support JUNOS 11.1
Firewall performance (Large Packets) 7.0 Gbps
Modular Firewall performance (IMIX) 2.5 Gbps
LAN switching Firewall performance
850 Kpps
(Firewall + Routing PPS 64byte)
Services Routing Processors with VPN Performance—AES256+SHA-1
1.5 Gbps
optional redundancy 3DES+SHA-1
IPS Performance 1 Gbps
Power supplies with optional
Connections Per Second (CPS) 35K CPS
redundancy (at FRS)
Maximum Concurrent Sessions
512 K
(512MB/1GB RAM)
Antivirus performance 350 Mbps
AppSecure Throughput (HTTP) 1.9 Gbps
A/A or A/P
High Availability Hot swap GPIMs,
Dual power
15 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
17. BRANCH SRX SERIES SPECIFICATION SUMMARY
FEATURES SRX100 SRX210E SRX220 SRX240 SRX550 SRX650
(110)
2 x GE + 6 x
On-board Ethernet 8 x FE 8 x GE 16 x GE 6 x GE + 4 x SFP 4 x GE
FE
Memory/Flash 1 GB / 1 GB 1 GB / 1 GB 1 GB / 1 GB 1 GB* / 1 GB 2 GB* / 2 GB 2 GB / 2 GB
Power over Ethernet (802.3af, 4 ports, 8 ports GE, 16 ports GE, 40 Port GE, 250 48 ports GE,
802.3at)
None
50 W total 120 W 150 W W or 500 W 250 W or 500 W
2 x mini PIM + 4
WAN slots None (1) 1 x mini PIM 2 x mini PIM 4 x mini PIM 8 x GPIM
x GPIM
USB ports (flash) 1 (2) 2 2 2 2 2 per processor
JUNOS Software version
support
JUNOS 11.1* JUNOS 11.1* JUNOS 11.1* JUNOS 11.1* JUNOS 12.1 JUNOS 11.1*
Routing YES YES YES YES YES YES
Content Security Acceleration
(IPS, ExpressAV)
No YES YES YES YES YES
Firewall performance (Large
Packets)
700 Mbps 850 Mbps 950 Mbps 1.8 Gbps 5.5 Gbps 7.0 Gbps
Firewall performance (IMIX) 200 Mbps 250 Mbps 300 Mbps 600 Mbps 1.7 Gbps 2.5 Gbps
Firewall performance (Firewall
+ Routing PPS 64byte)
70 Kpps 95 Kpps 125 Kpps 200 Kpps 700 Kpps 850 Kpps
IPSec VPN throughput 65 Mbps 85 Mbps 100 Mbps 300 Mbps 1.0 Gbps 1.5 Gbps
Intrusion Prevention System 60Mbps 85 Mbps 100 Mbps 230 Mbps 800 Mbps 1 Gbps
Connections Per Second (CPS) 2K 2.2K 3K 9K 27K 35K
Maximum Concurrent Sessions
(512MB/1GB RAM)
16 K / 32K 32K / 64K 96K 64K / 128K 375K 512 K
Antivirus 25 Mbps 30 Mbps 35 Mbps 85 Mbps 300 Mbps 350 Mbps
16 Copyright © 2009 Juniper Networks, Inc. www.juniper.net A/A or A/P, A/A or A/P,
High Availability A/A or A/P A/A or A/P A/A or A/P A/A or A/P Hot swap GPIMs,
Hot swap GPIMs,
Dual power
Dual power
18. Flexible Physical interfaces-
WAN, LAN, WLAN and 3G/4G
MPIMs Wireless LAN GPIMs
T1/E1 AX411 dual-radio AP 16XGE
Serial WLA 16XGE POE
1XGE SFP WLC2 24XGE
ADSL 24XGE POE
Wireless WAN
G.SHDSL 2x10GE
VDSL2 SFP+/Copper
EVDO/HSPA/WI
Docsis3.0 MAX 4XT1E1
2XT1E1
1xDS3/E3
17 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
19. JUNIPER’S WIRELESS LAN SOLUTION – AX411
No compromise Applications Applications
Voice Smart phones
Leading performance
Video Bar code readers
with high speed Data Laptops
802.11n wireless
Online in record time
Unattended remote
configuration and
troubleshooting
Radical simplicity
One JUNOS for
wired
and wireless policy
and quality
18
Fewer boxes, Copyright © 2009 Juniper Networks, Inc. www.juniper.net
more function
20. JUNIPER’S WIRELESS WAN SOLUTION
Best signal
Get the 3G antenna out
Bridge
of the wiring closet to
optimize reception*
More choices
Choose 3G/LTE USB modem
or standalone 3G bridge
Choose from 70+ modems from
every major manufacturer* Carrier’s 3G/4G LTE Network
Direct Plug-in USB
Higher reliability
Modem support
Tightly coupled system speeds
wired to wireless failover
Redundant radio hardware and
provider diversity*
* Requires bridge solution
19 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
21. IPS: Multi-Method Detection & Prevention
Reconnaissance
Attacks
Proliferation
Traffic Anomaly
Detection Screens
Proliferation
Recon
Backdoor Detection
IP Spoof Detection
Layer-2 Attack
Detection
Attack
Must-haves: Protocol
Fast response time for new threats Anomaly Detection
Dedicated security research team Stateful Signatures
Synflood Protector
20 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
22. Application visibility and control is easy with appsecure
Now on
Branch SRX
Application
Application Threat
Enforcement
View Mitigation
by User
IPS
Application Awareness and Classification Engine
What application?
What user?
User location?
User device?
Application logs sent to
HQ(STRM) for reporting
21 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
23. APPTRACK VISIBILITY FOR AppTrack
INFORMED RISK ANALYSIS
AppTrack Monitor & Track Applications
View application by protocol, Web
application, and utilization
Analyze usage and trends
Web 2.0 application visibility
Customize application monitoring
App usage monitoring
Log and report across security
Scalable, flexible logging & solutions and systems
reporting
22 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
24. AppFW
APPFW: BEYOND JUST FW OR APP CONTROL
AppFW Control & Enforce Web 2.0 Apps
Inspect ports and protocols
Uncover tunneled apps
HTTP
Stop multiple threat types
Control nested apps, chat, file
Dynamic application security sharing and other Web 2.0 activities
Web 2.0 policy enforcement
Threat detection & prevention
23 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
25. IPS
IPS FOR CUSTOMIZABLE PROTECTION
IPS Monitor & Mitigate Custom Attacks
AppSecure IPS Detect and monitor suspicious
VULNERABILITY behavior
Exploits Tune open signatures to detect and
Other mitigate tailored attacks
IPS’s
Uncover attacks exploiting encrypted
On-going threat protection methods
Mobile traffic monitoring
Address vulnerabilities instead of
ever-changing exploits of the
Custom attack mitigation vulnerability
24 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
26. NEW
ENHANCED WEB FILTERING
Internet
Productivity ―In the Cloud‖
Categorization Server
Performance Continuous updates
SRX Large number of URLs
Security Category granularity
Real time threat score
Internal network
25 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
27. CUSTOMER CHOICE FOR ANTIVIRUS
Cloud-based option: On-box option:
Sophos Kaspersky
Juniper is the only vendor offering customers a choice
between two market proven antivirus solutions.
26 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
28. NEW AV SERVICE: SOPHOS LIVE PROTECTION
ANTI-MALWARE FOR JUNIPER SRX
Cloud-based intelligence
delivers high performance
malware protection
SRX
Effective, instant protection
against malware and
infected web sites
Target customers that want
the performance and ease
of a cloud-based antivirus
solution
27 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
29. REMOTE ACCESS VPN
Dynamic VPN Service – Access
Manager Client
Clientless – dynamic IPSEC client
automatically downloaded
Wireless Wired
Simultaneous tunnel enforcement
Automatic client upgrade
capabilities
3G/4G
Self-provisioning Wireless
INTERNET
IPSec with TCP-based fallback
for NAT traversal
Windows platform support—XP,
Vista, Win 2000, and Windows 7
SRX210
28 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
30. The power of one junos
T Series
EX Series
SRX
Series
MX Series
QFX Series
M Series
J Series
SECURITY ROUTERS SWITCHES
One OS One Release Train One Architecture
Reduces time/effort Delivers new Ensures available &
to operate network functionality stably scalable software for
infrastructure Reduces OPEX growing needs
Simplifies management Reduces TCO
29 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
31. SPACE - SIMPLE, SMART, OPEN PLATFORM
Open Network Application Platform
Network Application
Network Activate, Transport OSS BSS Green/Energy End-user Forensics
Security Design
Platform Activate QoS Design Adapters (MTOSI, OneAPI) … others
Ethernet Design Security
Open, extensible, standards- Design Virtual Control
Service Now
based (SOA)
Abstractions for generic service
definitions Juniper Applications 3rd Party Applications
Purpose-built for network APPLICATIONS
orchestration and automation
RESTful Web Service API
Carrier-grade scale
Transparent communication with Network Widgets Infrastructure
all Junos devices (any device, any Widgets
OS version) – total management
of Juniper infrastructure
Easy integration with OSS via
NBI/SDK JUNOS SPACE PLATFORM
Device Management Interface (DMI)
30 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
32. HIGH AVAILABILITY
Features
Stateful fail-over
Active/Backup Control Plane
Active/Active Data Plane
Single System View
Benefits
Maintains connection
persistence & improves
system resiliency for services
Load sharing across systems
Optimized for complex
routing environments
31 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
33. srx series awards – Great Momentum!
SRX1400 Wins Best Security SRX650 Wins Best of Interop Award,
Hardware Product Category Infrastructure Category
SRX1400 SRX650
SRX210 Wins Tokyo Interop Grand Prix, SRX5600 Wins Grand Prix, Highest
Highest Honor for SMB Infrastructure Honor for Best of Show Awards
SRX210
SRX5600
32 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
34. EX Серия: Позиционирование продуктов для
кампуса
Малый Кампус Средний Кампус Крупный Кампус
Ядро
EX8208 EX8216
EX4500
Агрегация
EX4500
EX4200
EX8208
EX3200 EX3300 EX4200
Доступ
EX4200
EX2200 EX3300 EX6200
EX2200-C EX6200
33 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
35. ПОЗИЦИОНИРОВАНИЕ КОММУТАТОРОВ ПО
КОЛИЧЕСТВУ ПОРТОВ
Модульные
EX8200
EX4500
10GbE
Virtual Chassis EX 4200 EX6200
EX3300
EX2200
EX2200-C
Аппаратное резервирование
12 до 48 портов 48+ портов 200+ портов 300+ портов
34 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
36. EX2200-C
• Компактный, без вентиляторный 2/3 уровня GbE коммутатор с
PoE+ для микро филиалов, розничной торговли и рабочих групп
12 портов доступа (10/100/1000BASE-T)
2 порта ДН (Двойного назначения) для подключения к магистрали
(10/100/1000BASE-T or 100/1000BASE-X)
PoE+ опция модели
Energy Efficient Ethernet (EEE)*
MACSec (IEEE 802.1AE) поддержка*
• Junos операционная система
L2, IPv4/v6 Static, RIP (база)
OSPF, Mcast, CFM (расширенная лицензия)
Макс.
• Фикс. Встроенный ИП Код заказа # портов Тип портов
PoE+ Встроенные Потребление
Порты uplink питания
(PoE Питание)
• Шкаф, Стена, Магнит EX2200-C-12T-
12 10/100/1000B-T 0 2 DP 30 W
2G
EX2200-C-12P-
12 10/100/1000B-T 12 2 DP 30W (100W)
2G
*поддержка в ПО запланирована на будущее
35 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
37. EX2200-C: ВИД СПЕРЕДИ
Фиксированная
конфигурация
26.9 x 4.4 x 22.8 (23.8) см.
1 U высота
Вес: 4.6 lbs (-T); 6.4 lbs (-P)
Внутреннее питание
Встроенные uplinks
Условия Эксплуатации:
Рабочая темп.: 0 до 40 C*
Все порты RJ-45/SFP Внешний RJ-45/USB
поддерживают PoE Магистрал USB Консоль Рабочая высота: до 5,000 ft*
(PoE код заказа) ьные
порты
Высокая
двойного производительность
назначени OOB GbE
я Управление На скорости среды, не
. блокируемый
Интерфейсы управления
Консоль (RJ45, USB)
Выделенный Ethernet (RJ45)
* Диапазон может быть увеличен в случае
использования оптики с расширенным
температурным режимом
36 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
38. ДРУГИЕ ЭЛЕМЕНТЫ
Простота крепления:
Для простоты крепления на металлические
поверхности
Удобство кабельного хозяйства:
Блокировщик кабеля, который крепится
спереди коммутатора, предотвращает
отключение кабелей
Физическая безопасность:
Разъемы для защиты по обоим сторонам
коммутатора позволяют использовать локер,
тем самым обеспечивая физическую
безопасность устройства
37 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
39. МАСШТАБИРУЕМОСТЬ EX2200-C
Функциональность Макс.
VLANs 1023
PACLs 1502
VACLs 1502
Bandwidth Line Rate
Number of Queues Per Port 8 per physical port
MAC addresses 16K
ARP 16K
MST Instances 64
VSTP Groups 1K
Port Mirroring (Local/Remote) (1/0)
Number of Analyzer Sessions 1
IGMP Groups 1K
Number of Policers 512
L2 FWD table size 16K
38 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
40. EX3300 ЛИНЕЙКА ETHERNET КОММУТАТОРОВ
24-48 фиксированных
порта доступа
PoE+ опции моделей
4 SFP/SFP+ uplinks
Встроенный ИП (AC/DC) и
вентиляторы
Обдув для ЦОД
RPS поддержка
Virtual Chassis технология
До 6 коммутаторов в Код заказа Обдув PoE/+ ИП Всего
Виртуальном шасси порты PoE
VC поверх 10GbE uplinks питания
VC между коммутаторами до EX3300-24T F-to-B 0 AC 0
40Km .
EX3300-48T F-to-B 0 AC 0
Проверенные Juniper EX3300-24P F-to-B 24 AC 405W
технологии EX3300-48P F-to-B 48 AC 740W
Junos ОС
EX3300-24T-DC F-to-B 0 DC 0
Уровень 3 (OSPF, PIM)
EX3300-48T-BF B-to-F 0 AC 0
39 Roadmap Copyright © 2009 Juniper Networks, Inc. www.juniper.net
41. EX3300 ВИД СПЕРЕДИ/С ОБРАТНОЙ СТОРОНЫ
LCD
Вид спереди
Фиксированная модель
17.4Ш x 12Г x 1.75В inches
1 U высота
Встроенный ИП
Встроенные порты для
подключения к магистрали
1GbE сетевые порты; PoE+ поддержка 1GbE/10GbE SFP+ Условия эксплуатации
uplink порты
Рабочая темп.: 0 до 45 C
Рабочая высота: до 10K ft
Вид сзади Пониженный шум: 40-45dB
Интерфейсы управления
1GbE порт управления
ЖК дисплей
Консоль (RJ-45)
Выделенный порт Ethernet
(RJ-45)
Консольный Системный
Выход воздуха
USB порт вентилятор
RPS коннектор
AC ИП
40 В планах (not available at FRS) Copyright © 2009 Juniper Networks, Inc. www.juniper.net
42. EX3300 ВИРТУАЛЬНОЕ ШАССИ
До 6 участников в конфигурации Virtual
Chassis поверх 10GbE каналов
• Два последних порта изначально
сконфигурированы как порты Виртуального Шасси
по умолчанию
• Все четыре магистральных порта могут быть
настроены в качестве портов не участвующих в
виртуальном шасси
• Все четыре магистральных порта могут
учувствовать в формировании Виртуального
шасси Поддерживаемые SFP
EX-SFP-10GE-DAC-1M
• Производительность 80 Gbps на портах для
подключения к магистрали/Виртуальное шасси EX-SFP-10GE-DAC-7M
Каждый порт для подключения к магистрали EX-SFP-10GE-LR
может детектировать скорости GbE/10GbE
EX-SFP-10GE-LRM
10GbE DAC кабели рекомендованы для EX-SFP-10GE-SR
Виртуального шасси (один на EX3300)
EX-SFP-10GE-USR
• Кабели для Виртуального шасси не
поставляются с EX3300 по умолчанию EX-SFP-1GE-LX
EX-SFP-1GE-SX
• Смешанный режим Виртуального Шасси с
EX4200 или EX4500 не поддерживается
41 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
43. EX4200 & EX4500 VIRTUAL CHASSIS
64Gbps на Virtual Chassis порт
EX4500
64 Gbps на Virtual Chassis порт
EX4200
EX4200 и EX4500 Virtual Chassis
До10 EX4200, два EX4500, или
8 EX4200s / 2 х EX4500 смешанный VC
До 480 GbE портов
До 112 10GbE портов
Шина: 128 Gbps
42 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
44. МОДУЛЬНЫЕ КОММУТАТОРЫ EX8200
Высокопроизводительные платформы
EX8208 – 8 линейных карт, 960Mpps
EX8216 – 16 линейных карт 1.92Bpps
Готовность для 100 GbE интерфейсов
Резервирование модулей управления 1+1 и фабрик
коммутации N+1
До 256 неблокируемых 10GbE портов в стандартной
стойке
320Gbps на линейную карту
Технология Виртуального шасси
До 4-х шасси в Virtual Chassis
Требуется внешний Routing Engine (XRE)
Полное резервирование питания и охлаждения
Резервирование питания N+1
(AC, DC)
Резервирование охлаждения 1+1 Тип модуля Макс. Порты
Разработки Juniper 48-port 10/100/1000B-T 384 or 768 RJ-45
Фабрики, модули управления
Сетевые процессоры (PFE) 48-port 100B/FX/1000B-X 384 or 768 SFP
Система Junos 8-port 10GbE 64 or 128 SFP+
40-port GbE/10GbE 320 or 640 SFP/SFP+
43 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
45. EX8200 GbE/PoE+ ЛИНЕЙНЫЕ КАРТЫ ДОСТУПА
EX8200-48PL, EX8200-48TL Карта доступа
48 RJ-45 10/100/1000BASE-T или PoE (1st 12 портов PoE+)
2.4:1 переподписка
24 Gbps, 36 млн. пакетов в секунду
До 384 PoE портов на EX8208 (3kW ИП)
Восемь очередей, 21MB буфер на порт
EX8200-2X40P, EX8200-2X40T Комбо карта
40 RJ-45 1000T, 4 100/1000 SFP, 2 10GbE SFP+
2.5:1 O/S на 1G медь, на скорости среды при 1G и
10G оптике
24 Gbps на 1G портах, 20Gbps на 10G портах
До 320 PoE портов плюс 16 10GbE на EX8208
Восемь очередей, 21MB буфер на 1G порт, 512MB
на 10G
Спроектированы для конвергентного Доступа с Агрегацией/Ядром: ―ЛВС в коробке‖
44 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
46. EX8200 ЛИНЕЙНЫЕ КАРТЫ РАСШИРЕННОЙ
МАСШТАБИРУЕМОСТИ
EX8200-8XS-ES EX8200-48F-ES EX8200-48T-ES EX8200-40XS-ES
11.1 11.4
2x больше FIB/управляющей памяти (без изменений применительно к ACL), 30%
быстрее CPU линейной карты
Полная поддержка функций по сравнению с существующими картами (не-ES)
Системы использующие разные типы карт:
Не рекомендовано Juniper : Возможная опция в будущем (TBD)
Система обнуляется до уровня масштабирования обычных карт
Функции Стандартные ES I/O Версия ПО
I/O
IPv4 Unicast Routes 360k (500k max) 720k (1M max) 11.1
IPv6 Unicast Routes 120k (250k max) 240k (500k max) 11.1
Caffeine VC (Fixx) Yes 11.4 11.4
MAC Table 160k 320k (11.4) 11.4
IPv4/IPv6 Multicast Routes 120k 240k (11.4) 11.4
VRFs 256 1024 (11.4) 11.4
45 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
47. XRE200: ВИД С ОБЕИХ СТОРОН Фиксированный форм
фактор
2RU (17.26 in Ш x 3.5 in В
x 17.72 in Г)
XRE200 Вид спереди
ЖК дисплей Модульные компоненты
ИП, модуль охлаждения
2 модуля для
организации
интерфейса Virtual
Chassis Control Interface
(VCCI)
Производительность
VCCI модуль (4 x RJ45)
GbE 2.1GHz двух ядерный
Для управ.,
Консольные
VCCI модуль (свободный) процессор
порт и USB 4GB DRAM
4GB Флешь
VCCI интерфейсы
XRE200 Вид сзади 4 x 10/100/1000BASE-T
RJ-45
4 x 1000BASE-X SFP
Доступность
Двойные, резервные
250W AC питание
Двойные, горячей
Резервные, горячей замены, Резервные, горячей замены,
с балансировкой нагрузки модули охлаждения с балансировкой нагрузки ИП
замены модули
охлаждения
Управление
Консоль
46 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Выделенный
48. ФУНКЦИОНАЛЬНОСТЬ ПО И ЛИЦЕНЗИРОВАНИЕ
EX4200/
ФУНКЦИОНАЛЬНОСТЬ EX2200 EX3300
EX6200
Расширенный уровень 3: Расширенная
Не Расширенная
IPv6 маршрутизация, BGP, ISIS, поддерживает лицензия
лицензия
ся
MPLS
Уровень 3: Расширенная
Расширенная
лицензия
OSPF, IGMP v1/v2, PIM, vrf-lite, лицензия
QinQ, OAM (802.1ag), 1588
База
Уровень 2 и базовый Уровень 3: (лицензия не
STP, VLAN, LAG, LLDP/MED, RIP, требуется) База
База
IPv4/IPv6 Static routes, (лицензия не
(лицензия не
требуется)
IGMP snooping, managed by Junos требуется)
Space, sFlow, PVLAN, 802.1x,
802.3ah,
Технология Virtual Chassis Juniper Networks, Inc. www.juniper.net
47 Roadmap Copyright © 2009
49. EX МАСШТАБИРОВАНИЕ
Масштабирование EX2200-C/ EX4200/
EX3300 EX6210 EX8200/ES QFX3500
системы EX2200 ЕХ4500
Таблица MAC 16K/24K 24K 32K 32K 160K/320K 128K
Таблица
6.5K 6.5K 16K/10К 16K 360K/720K 20K
маршрутов (IPv4)
VLANы 1K 1K 4K 4K 4K 4K
QoS очереди на
8 8 8 8 8 8
порт
Firewall фильтры 1.5K 1.5K 7K/1.5К 7K 64K 1.5K
Multicast группы 1K 1K 8K/2К 2K 16K 4K
LAG 32 32 64 64 255 64
Каналов на LAG 8 8 8 8 12 8
Анализируемых
1 1 1/7 1 7 4
сессий
48 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
51. Thank you
50 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Editor's Notes All-in-oneJuniper SRX is an all-in-one device solution providing consolidated networking and securityNetworking: routing, switching, interfaces for WAN, LAN, and wirelessSecurity: FW, VPN, and UTM (IPS, AV, Anti-spam, web filtering)Main pointBusinesses have what they need all in one box to meet networking needs and comprehensive securityNow it’s easy to activate a new security service layer when the customer is ready. Perhaps they start off with AV. When appropriate, they can deploy IPS to stop attacks, protect systems and the network from exploited vulnerabilities. Then , when ready they can enable web filtering for productivity, performance, and security gains. The key: no need to deploy another box, another device, more to learn and spend time on. Just activate. UTM is already there, customers just need the license. Easy!What’s New?For some UTM may be new or you may be new to Juniper so there's so much to learn. Some new things as we continue to bring leading security to your customers, there’s a new AV option (powered by Sophos), I’ll speak more about this option later in the slides. Focus on continuous improvement…there is also increased web filtering scaling to this already rock solid content inspection functionality. Doubling of web filtering sessions and additional network traffic classification functionality Some of you are more wireless networking-oriented and many of you are new to SRX…It is a fully capable and yet, flexible platform.Firewall/VPN - well-regarded recognized leader and trusted vendorSecure Router – proven routing and switching using the same rock, solid technology used by our M and T series, carrier class routersAnd UTM which is our main focus today, security consolidation with market leading security services for branch offices and SMB. Integrated and centralized security management options, today we will learn how to be successful with upselling UTM (content security services) Here is snap shot of the Juniper Networks SRX Series for the Branch Portfolio in 2010. SRX100 is a fixed form factor device, ideal for Small Offices. SRX210 and SRX220 are ideal solutions for small to medium offices. SRX210 has 1 mini-PIM slots with 2 Gigabit Ethernet interfaces and 6 FE interfaces. SRX220 has 2 mini-PIM slots and 8 onboard Gigabit Ethrenet interfaces. SRX240 is ideal for medium offices with 4 built in mini-PIM slots and 16 on-board Gigabit Ethernet interfaces.SRX550 is a new platform coming with 12.1 which we will be announcing in April, in just a few weeks. The SRX550 plugs the price/performance gap between the 240 and 650 and is a flexible solution, ideal for mid to large branch offices. SRX650 is great for large branch and regional offices with more LAN slots and dual processors and power supplies for increased availability.Transition: For enterprise and service providers with data center requirements, let’s consider the high-end SRX gateways. SRX 110High-Performance One-Box Small Branch SolutionxDSL built-inExternal CF for higher robustnessUSB for additional storage, and USB for 3G modemsFull JUNOS Routing, Security, High Availability Unified Threat Management SRX 110High-Performance One-Box Small Branch SolutionxDSL built-inExternal CF for higher robustnessUSB for additional storage, and USB for 3G modemsFull JUNOS Routing, Security, High Availability Unified Threat Management Improved SRX210 with faster processor coming in Q1’11 (SRX 210E)Increases processor speed to 600MHz from 400MHzProvides faster J-Web, improved boot-up time, faster throughput Single PS for both POE and non POE options. Ideal for mid to large branchesFull security featuresFirewall and VPNUTM: IPS, antivirus, web-filtering, and anti-spamModularLAN switchingServices Routing Processors with optional redundancy Power supplies with optional redundancy (at FRS) Ideal for regional sites and large branchesFull security featuresFirewall and VPNUTM: IPS, antivirus, web-filtering, and anti-spamModularLAN switchingServices Routing Processors with optional redundancy Power supplies with optional redundancy (at FRS) Wireless WAN Pain PointsHard to get a high performance signalHard to locate gear where RF reception is optimalNew cables needed for antenna extensionsLimited choice and integrationToo integrated: network vendor doesn’t offer preferred 3G cardNot integrated enough: slow or no failover from wired to wirelessJUNIPER’S 3G/4G WIRELESS WAN SOLUTIONCX111PoE powered 3G to Ethernet bridgeSupports up to four customer-supplied 3G modems Junos management in the next releaseIdeal backup for wired WAN or as primary connectivity where wired WAN is not available3G/4G USB modem support for SRX1xx and SRX210/220 series. Step 3 is to ensure that protection against layer 7 and Web 2.0 as well as social media applications is provided without adding complexity to the branch network. New application types that are difficult to detect are increasingly making their way into networks, posing a great risk to your network security as well as impacting employee productivity.AppSecure provides this level of application security. A new security service available this month on the Branch SRX, AppSecure delivers next general firewall capabilities that addresses new user and application behaviors. An easy add on service for SRX gateways, AppSecure delivers application visibility, enforcement and protection against new types of applications that are not easily detected through standard port and IP address.Whether you want to understand how many of your users are accessing cloud-based applications like Facebook every day, or you need to know what applications are using the most bandwidth, AppSecure delivers powerful visibility and on-going application tracking. Not only applications but nested applications that run hidden within trusted protocols, are detected, tracked and enforced.Tied in with Juniper STRM systems throughout your network, AppSecure is also very scalable for management and administration of a large number of branch sites in the network. Together with STRM, syslog information can be logged and analyzed in granular detail, to better set and enforce security policies worldwide if needed. Dell/Juniper provides: 45+ categoriesFlexibility of actions: permit/deny/logSpecific actions based on unknown URLsExample use-case:Distributed educational system needing to limit student accessSMB who blocks Facebook access during work hours What do we mean by choice?Juniper is the only vendor offering customers a choice between two market proven antivirus solutions. Customers will now have two options when considering their AV needs.The cloud-based Sophos option or the on-premise Kaspersky choice.Both choices are good depending on customer specific requirements.Provides protection for devices without AV (i.e. contractor laptops, new devices, mobile devices that are not yet updated with latest signatures, defense in depthThe Kaspersky option is an on-box solution which you are familiar, so let’s focus on the Sophos … Now let’s discuss the management and reporting forAppSecure, both of which are key requirements when deploying AppSecure on hundreds of branch SRX sites in which scenario clearly on-box management and configuration is not feasible. A centralized management and logging/reporting solution is needed.Space, which is Juniper’s next generation network management platform , is adding support for Branch SRX in phases. The Security Design application in Space is used to centrally manage security services such as Firewall, VPN, NAT, AppFW, IPS and other services in the near future. FeaturesStateful fail-overActive / Backup Control PlaneActive / Active Data PlaneSingle System ViewBenefits Maintains connection persistence and improves system resiliency for servicesLoad sharing across systemsOptimized for complex routing environments What you are looking at is our portfolio and as you can see, whether you need a12-port access or a multiple-port access, now we have a complete solution.In the aggregation/core we have led with the EX8200 and for smaller deployments we have positioned and won with the EX4500. The EX2200 is a fixed, Уровень2/Уровень 3, 10/100/100 switch. Energy Efficient Ethernet is a set of enhancements to the twisted-pair and backplane Ethernet family of computer networking standards that will allow for less power consumption during periods of low data activity. The intention was to reduce power consumption by 50% or more, while retaining full compatibility with existing equipment.[1] The Institute of Electrical and Electronics Engineers (IEEE), through the IEEE 802.3az task force developed the standard. The IEEE ratified the final standard in September 2010.[2] Some companies introduced technology to reduce the power required for Ethernet before the standard was ratified, using the name Green Ethernet.The power reduction is accomplished in a few ways. In 100 Mbit/s, 1 gigabit and 10 Gbit/s speed data links energy is used to keep the physical layer transmitters on all the time. If they could be put into "sleep" mode when no data is being sent that energy could be saved.[4] By sending a low-power-idle (LPI) indication signal for a specified time the transmit chips in the system can be turned off. LPI is sent periodically to refresh the sleep mode. When there is data to transmit a normal idle signal is sent to wake the transmit system up before data is due to be sent. The data link is considered to be always operational, as the receive signal ciruit remains active even when the transmit path is in sleep mode.In addition, a new lower power mode was added to Ethernet over twisted pair, which reduces power supplies required for each interface.[6]