The document provides an overview of vSRX, a virtual firewall solution by Juniper Networks, including its use cases, performance specifications, and management capabilities. It highlights features such as security policy management, support for various hypervisors, and scalability in enterprise and cloud environments. The document also discusses the advancements in vSRX 2.0 and various performance metrics compared to its predecessor.

1. vSRX
Karel Hendrych
Juniper Networks
khe@juniper.net

2. AGENDA
WHAT IS vSRX
USE CASES
PERFORMANCE

3. vSRX – Security & Routing
Junos Routing Protocols and SDK
Junos Rich and Extensible Security Stack
Junos Space – Security Director & Virtual Director, CLI, JWEB, SNMP, HA/FT
Firewall
VPN
NAT
Routing
Anti-Virus
IPS
Web Filtering
Anti-Spam
AppID
AppFW
AppQoS
AppTrack
Perimeter Security Content Security Application Security

4. Juniper Networks
SRX security platforms
Product Line
3U, 10 Gb/s
5U, 20 Gb/s
8U, 500+ Gbps
3U, 5 Gb/s
SRX3600
SRX5800
SRX5600
SRX3400
SRX1400
SRX550/650
SRX5400
5U, 200 Gb/s
16U, 2 Tb/s
HIGH END
SRX100/200
BRANCH &
SECURE ROUTER
SMALL CAMPUS ENTERPRISE EDGE/SMALL DATA CENTER DATA CENTER
vSRX - Virtual SRX
4 Gb/s with path to 20Gb/s
All performance estimates are IMIX

5. vSRX VM
Hypervisors
(VMware, KVM, Contrail)
Physical X86 CPU, Memory, & Storage
Adv Services
+
Flow Processing
+
Packet FWD
(JEXEC)
Junos Kernel
QEMU/KVM
Juniper Linux (Guest OS)
SRIOV
Junos Control Plane
(JCP/vRE)
MGD RPD
FEATURE PARITY TO X47-D20 (FFP)
(Including Firewall, AppSecure, UTM/IDP, VPN, NAT, Routing, HA
Cluster, etc.)
PLATFORMS
• VMWare 5.1,5.5,6.0
• Ubuntu 14.04 (KVM)
CHANGES
• Name change to vSRX
• Junos Version change to 15.1
• DPDK
• SR-IOV
• VMXNET3 and VirtIO (Driver
updates)
• Linux Base OS
• 64Bit Flowd
• Dedicated management I/F
• SCSI Support
• SNMP enhancements
• VMTools
• Min 4G vRAM and 8G HD
vSRX 2.0
• Centos 7 (KVM)
• Latest Contrail

6. Junos Space Security Director & Virtualization
Security Director
Virtualization Automation (Virtual Director)
Firewall Management IPsec VPN management
Network Address Translation
(NAT) management
Intrusion prevention (IPS)
management
Application-level policy management UTM unified threat management Security Services
• Delivers scalable and responsive
security management
• Improves the reach, ease,
and accuracy of security policy
administration
• Enables quick and intuitive
web-based management of
security policy lifecycle
• Deploys and manages lifecycle of
Virtual Firewalls

7. vSRX – A Complete Solution
• JSpace – SD, CLI, JWeb
• Self Care via NetConf*
• Contrail Service
Chaining
• vCloud Air
• Amazon AWS*
• Miscrosoft Azure*
• VMWare – vCenter, NSX*
• Open Stack - Plugin
• Cloud Stack - Plugin
• VMWare ESXi 5.x, 6.0
• KVM - Centos & Ubuntu
• Miscrosoft - HyperV*
*Short term roadmap
Platforms
IaaS Policy & SDN
Orchestration

8. AGENDA
WHAT IS vSRX
USE CASES
PERFORMANCE

9. Enterprise: Private Cloud
Security Director enables security
policy configuration and
management across physical &
virtual environments
Key Need
VM
Isolation
Department 2Department 1
Department 3 Department 4
Other
VM
Web
VM
APP
VM
DB
VM
Other
VM
Web
VM
APP
VM
DB
VM
Other
VM
Web
VM
APP
VM
DB
VM
Other
VM
Web
VM
APP
VM
DB
VM
vSRX vSRX
vSRX vSRX
vCenter
Security Director
Virtual Director
Virtual Environment/Private Cloud
Physical Servers
WAN

10. Providing protection and connectivity
to customer hosted VMs
Customer
Premise 2
Other
VM
Web
VM
APP
VM
DB
VM
IPSec VPN
Customer
Premise 3
Other
VM
Web
VM
APP
VM
DB
VM
IPSec VPN
Other
VM
Web
VM
APP
VM
DB
VM
Customer
Premise 4
IPSec VPN
Customer 2 Customer 3 Customer 4
IPSec VPN IPSec VPN IPSec VPN
Other
VM
Web
VM
APP
VM
DB
VM
IPSec VPN
Customer
Premise 1
Customer 1
IPSec VPN
vSRX dedicated
to each
customer
Public and Hybrid Cloud

11. Service Provider: vCPE
MPLS VPN
Customer
Premise 1
Customer
Premise 2
Customer
Premise 4
MX
L2/L3
Switch
SRX QFX
Customer 1
UTM
vSRX
Customer 2
IPS+AppSecure
vSRX
Customer 4
vSRX
MSSP’s Virtual Environment
Customer 3
All-in-One
vSRX
Management & Orchestration Platform
Contrail or
Open Contrail or
Security Director
Virtual Director
NSX
Customer 2
Customer
Premise 3
Customer 3
Customer 4
Customer 1
Operator
Network
NID
NID
NID
NID

12. Service Provider: uCPE
MPLS VPN
Customer
Premise 1
Customer
Premise 2
Customer
Premise 4
MX
L2/L3
Switch
SRX QFX
MSSP’s Virtual Environment
Management & Orchestration Platform
Contrail or
Open Contrail or
Security Director
Virtual Director
NSX
Customer 2
Customer
Premise 3
Customer 3
Customer 4
Customer 1
Operator
Network
uCPE
HW
vSRX
uCPE
HW
vSRX
uCPE
HW
vSRX
uCPE
HW
vSRX
Additional Services Delivered from Cloud

13. Junos-Out-of-the-Box Use Case Diagram
SRX
Physical
Servers
Physical
Servers
Physical
Servers
EX Switch
Before
(Retail Branch, Subscriber,
Military Ship/Tank/etc.)
Physical
Servers
Physical
Servers
EX Switch
Partial Virtual
Metro Ethernet, etc.
Traffic flows for virtual or
physical routed through
local Firefly
Virtualized
Environment
VMs
Total Virtual
All VM’s at location with
Firefly (similar
termination of WAN link
required)
Virtualized Environment
VMs VMs
vSRX
vSRX

14. AGENDA
WHAT IS vSRX
USE CASES
PERFORMANCE

15. vSRX 2.0 (15.1X49-D15) vs. vSRX 1.0 Performance
1.05
4.35
2.9
11.4
4.2
17
0
2
4
6
8
10
12
14
16
18
IMIX 1514B
vSRX X47
vSRX 15.1X49
vSRX 15.1X49 (SR-IOV)
FW Throughput (Gbps)
ESXi5.5 platforms used for performance tests:
HP Proliant DL380p, Xeon E5-2660v2, 20 Cores @2.194 GHz
Dell R820, Xeon E5-4610, 24 Cores @2.40GHz and
Dell R920, Xeon E7-8893v2, 12 Cores @3.4GHz for SR-IOV
tests
Industry’s fastest virtual firewall
17G (1514B)
4.2G (Imix)

16. NEXT STEPS
- Local demos - Partner/Disti/JNPR
- Loan of Juniper Equipment
- Proof of Concept Labs, nearest in Amsterdam
- Mandatory item is a testplan
- Professional testing tools
- Possibility to bring 3rd party equipment

17. Thank you!