-
Product Overview
The SRX1500 is a next-generation firewall and security services gateway offering outstanding protection, performance, scalability, availability, and security service integration. Designed for port density, a high-performance security services architecture, and seamless integration of networking and security in a single platform, the SRX1500 is best suited for client protection in enterprise campus, regional headquarters, or cloud-based security solutions with a focus on application visibility and control, intrusion prevention, and advanced threat protection. The SRX1500 is powered by Junos OS, the industry-leading operating system that keeps the world’s largest and most mission-critical enterprise networks secure.
Product Description
The Juniper Networks® SRX1500 is a high-peformance next-generation firewall and security services gateway that protects mission-critical networks at campuses and regional headquarters. The SRX1500 provides best-in-class security and threat detection and mitigation capabilities, integrating carrier-class routing and feature-rich switching in a single platform. The SRX1500 delivers a next-generation security solution that supports the changing needs of cloud-enabled enterprise networks. Whether rolling out new services in an enterprise campus, connecting to the cloud, complying with industry standards, or achieving operational efficiency, the SRX1500 helps organizations realize their business objectives while providing scalable, easy-to-manage, secure connectivity and advanced threat detection and mitigation capabilities. The SRX1500 protects critical corporate assets as a next-generation firewall, acts as an enforcement point for cloud-based security solutions, and provides application visibility and control to improve the user and application experience. A combination of hardware and software architectures on the SRX1500 add significant performance improvements to a small 1 U form factor. The key to the SRX1500 hardware is the security flow accelerator, a programmable high-speed Layer 4 firewall chip, and a robust x86-based security compute engine for advanced security services like application visibility, intrusion prevention, and threat mitigation capabilities. The SRX1500 software architecture leverages these programmable hardware components and virtualization to deliver high-speed firewall performance, application visibility, and intrusion prevention while lowering total cost of ownership (TCO). The SRX1500 is purpose-built to protect 10GbE network environments, consolidating multiple security services and networking functions in a highly available appliance. It supports up to 9.2 Gbps of firewall performance, 3.3 Gbps of intrusion prevention, and 4.5 Gbps of IPsec VPN in enterprise campus, regional headquarters, and data center deployments.SRX1500 Highlights
The SRX1500 delivers a full complement of next-generation firewall capabilities that use advanced application identification and classification to enable greater visibility, enforcement, control, and protection over the network. It provides a detailed analysis of application volume and usage, fine-grained application control policies to allow or deny traffic based on dynamic application name or group names, and prioritization of traffic based on application information and context. The SRX1500 recognizes more than 4,275 applications and nested applications in plain-text or SSL encrypted transactions. The SRX1500 also integrates with Microsoft Active Directory and combines user information with application data to provide network-wide application and user visibility and control.For the perimeter, the SRX1500 Firewall offers a comprehensive suite of application security services, threat defenses, and intelligence services to protect networks from the latest content-borne threats. Integrated threat intelligence via Juniper Networks ATP Cloud offers adaptive threat protection against command and control (C&C)-related botnets and policy enforcement based on GeoIP. Integrating the Juniper Networks Advanced Threat Prevention Cloud solution, or working with the Juniper Networks ATP Appliance, the SRX1500 detects and enforces automated protection against known malware and zero-day threats with an extremely high degree of accuracy. The SRX1500 enables agile SecOps through automation capabilities that support Zero Touch Deployment, Python scripts for orchestration, and event scripting for operational management. The SRX1500 delivers fully automated SD-WAN to both enterprises and service providers. A Zero-Touch Provisioning (ZTP) capability simplifies branch network connectivity for initial deployment and ongoing management. Due to its high performance and scale, the SRX1500 acts as a VPN hub and terminates VPN/secure overlay connections in the various SD-WAN topologies. The SRX1500 Firewall runs Juniper Networks Junos® operating system, a proven, carrier-hardened network OS that powers the top 100 service provider networks worldwide. These rigorously tested carrier-class routing features of IPv4/IPv6, OSPF, BGP, and multicast have been proven in over 15 years of worldwide deployments.Features and Benefits
Business Requirement Feature/Solution SRX1500 Advantages High performance Up to 9 Gbps of firewall performance - Best suited for enterprise campus and data center edge deployments
- Addresses future needs for scale and feature capacity
High quality end-user experience Application visibility and control - Detects 4,275 Layer 3-7 applications, including Web 2.0
- Controls and prioritizes traffic based on application and user role
- Inspects and detects applications inside the SSL encrypted traffic
Threat protection IPS, antivirus, anti-spam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, Threat Intelligence Feeds, and Juniper ATP Appliance - Provides real-time updates to IPS signatures and protects against exploits
- Implements industry-leading antivirus and URL filtering
- Delivers open threat intelligence platform that integrates with third-party feeds
- Protects against zero-day attacks
- Restores visibility lost due to encryption, without the heavy burden of full TLS/SSL decryption
Professional-grade networking services Routing, switching, and secure wire - Supports carrier-class advanced routing, quality of service (QoS), and services
- Offers flexible deployment modes (L1/L2/L3)
Highly secure IPsec VPN, remote access/SSL VPN, secure boot - Provides high-performance IPsec VPN with dedicated crypto engine
- Simplifies large VPN deployments with auto VPN and group VPN
- Offers secure and flexible remote access SSL VPN with Juniper Secure Connect
- Verifies binaries that execute on the hardware with secure boot
High reliability Chassis cluster, redundant power supply - Provides stateful configuration and session synchronization
- Supports active/active and active/backup deployment scenarios
- Offers highly available hardware with dual PSU, redundant fans
Easy to manage and scale On-box GUI, Security Director - Enables centralized management for auto-provisioning, firewall policy management, Network Address Translation (NAT), and IPsec VPN deployments
- Includes simple easy-to-use on-box GUI for local management
Lower TCO Junos OS - Integrates routing, switching, and security in a single device
- Reduces OpEx with Junos OS automation capabilities
SRX1500 Firewall Specifications
Software Specifications
Firewall Services
- Stateful and stateless firewall
- Zone-based firewall
- Screens and distributed denial of service (DDoS) protection
- Protection from protocol and traffic anomalies
- Integration with Pulse Unified Access Control (UAC)
- Integration with Aruba Clear Pass Policy Manager
- User role-based firewall
- SSL Inspection
Network Address Translation (NAT)
- Source NAT with Port Address Translation (PAT)
- Bidirectional 1:1 static NAT
- Destination NAT with PAT
- Persistent NAT
- IPv6 address translation
VPN Features
- Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4/IPv6/Dual Stack)
- Juniper Secure Connect: Remote access/SSL VPN
- Configuration payload: Yes
- IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
- IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
- Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
- IPsec (Internet Protocol Security): Authentication Header (AH)/Encapsulating Security Payload (ESP) protocol
- IPsec Authentication Algorithms: hmac-md5, hmac-sha-196
- IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
- Perfect forward secrecy, anti-reply
- Internet Key Exchange: IKEv1, IKEv2
- Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
- VPNs GRE, IP-in-IP, and MPLS
High Availability Features
- Virtual Router Redundancy Protocol (VRRP)
- Stateful high availability
- Dual box clustering
- Active/passive
- Active/active
- Configuration synchronization
- Firewall session synchronization
- Device/link detection
- In-Service Software Upgrade (ISSU)
- IP monitoring with route and interface failover
Application Security Services1
- Application visibility and control
- Application-based firewall
- Application QoS
- Advanced/application policy-based routing (APBR)
- Application Quality of Experience (AppQoE)
- Application-based multipath routing
Threat Defense and Intelligence Services1
- Intrusion prevention
- Antivirus
- Antispam
- Category/reputation-based URL filtering
- Protection from botnets (command and control)
- Adaptive enforcement based on GeoIP
- Juniper Advanced Threat Prevention, a cloud-based SaaS offering, to detect and block zero-day attacks
- Juniper ATP Appliance, a distributed, on-premises advanced threat prevention solution to detect and block zero-day attacks
- Adaptive Threat Profiling
- Encrypted Traffic Insights
- SecIntel to provide threat intelligence
Routing Protocols
- IPv4, IPv6
- Static routes
- RIP v1/v2
- OSPF/OSPF v3
- BGP with Route Reflector
- IS-IS
- Multicast: Internet Group Management Protocol (IGMP) v1/v2; Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM); Session Description Protocol (SDP); Distance Vector Multicast Routing Protocol (DVMRP); Multicast Source Discovery Protocol (MSDP); Reverse Path Forwarding (RPF)
- Encapsulation: VLAN, Point-to-Point Protocol over Ethernet (PPPoE)
- Virtual routers
- Policy-based routing, source-based routing
- Equal-cost multipath (ECMP)
QoS Features
- Support for 802.1p, DiffServ code point (DSCP), EXP
- Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
- Marking, policing, and shaping
- Classification and scheduling
- Weighted random early detection (WRED)
- Guaranteed and maximum bandwidth
- Ingress traffic policing
- Virtual channels
- Hierarchical shaping and policing
Switching Features
- ASIC-based Layer 2 forwarding
- MAC address learning
- VLAN addressing and integrated routing and bridging (IRB) support
- Link aggregation and LACP
- LLDP and LLDP-MED
- STP, RSTP, MSTP
- MVRP
- 802.1X authentication
Network Services
- Dynamic Host Configuration Protocol (DHCP) client/server/relay
- Domain Name System (DNS) proxy, dynamic DNS (DDNS)
- Juniper real-time performance monitoring (RPM) and IP monitoring
- Juniper flow monitoring (J-Flow)
- Bidirectional Forwarding Detection (BFD)
- Two-Way Active Measurement Protocol (TWAMP)
- IEEE 802.3ah Link Fault Management (LFM)
- IEEE 802.1ag Connectivity Fault Management (CFM)
Advanced Routing Services
- Packet mode
- MPLS (RSVP, LDP)
- Circuit cross-connect (CCC), translational cross-connect (TCC)
- L2/L2 MPLS VPN, pseudo-wires
- Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
- MPLS traffic engineering and MPLS fast reroute
Management, Automation, Logging, and Reporting
- SSH, Telnet, SNMP
- Smart image download
- Juniper CLI and Web UI
- Juniper Networks Junos Space and Security Director
- Python
- Junos OS event, commit and OP scripts
- Application and bandwidth usage reporting
- Auto installation
- Debug and troubleshooting tools
Hardware Specifications
2Performance numbers based on UDP packets and RFC2544 test methodology. 3Performance numbers based on HTTP traffic with 44 KB transaction size. 4Next-Generation firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions 5Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions -
Product Overview
The SRX Series are next-generation firewalls based on a revolutionary architecture offering outstanding performance, scalability, availability, and security services integration. Custom designed for flexible processing scalability, I/O scalability, and services integration, the SRX Series Firewalls exceed the security requirements of data center consolidation and services aggregation. The award-winning SRX Series is powered by Junos OS, the same industry-leading operating system that keeps the world’s largest data center networks available, manageable, and secure.
Product Description
The Juniper Networks® SRX5400, SRX5600, and SRX5800 are next-generation firewalls (NGFWs) that deliver outstanding protection, market-leading performance, six nines reliability and availability, scalability, and services integration. These devices are ideally suited for service provider, large enterprise, and public sector networks, including:- Cloud and hosting provider data centers
- Mobile operator environments
- Managed service providers
- Core service provider infrastructures
- Large enterprise data centers
Based on Juniper’s Dynamic Services Architecture, the SRX5000 line provides unrivaled scalability and performance. Each firewall can support near near linear scalability with the addition of Services Processing Cards (SPCs) and I/O cards (IOCs), enabling a fully equipped SRX5800 to support up to 3.36 Tbps firewall throughput. The SPCs are designed to support a wide range of services, enabling future support of new capabilities without the need for service-specific hardware. Using SPCs on all services ensures that there are no idle resources based on specific services being used—maximizing hardware utilization. The scalability and flexibility of the SRX5000 line is supported by equally robust interfaces. The SRX5000 line employs a modular approach, where each platform can be equipped with a flexible number of IOCs that offer a wide range of connectivity options, including 1GbE, 10GbE, 40GbE, and 100GbE interfaces. With the IOCs sharing the same interface slot as the SPCs, the firewall can be configured as needed to support the ideal balance of processing and I/O. Hence, each deployment of the SRX Series can be tailored to specific network requirements. The scalability of both SPCs and IOCs in the SRX5000 line is enabled by the custom-designed switch fabric. Supporting up to 960 Gbps of data transfer, the fabric enables the realization of maximum processing and I/O capability available in any particular configuration. This level of scalability and flexibility enables future expansion and growth of the network infrastructure, providing unrivaled investment protection. The tight service integration on the SRX Series is enabled by Juniper Networks Junos® operating system. The SRX Series is equipped with a robust set of services that include stateful firewall, intrusion prevention system (IPS), denial of service (DoS), application security, VPN (IPsec), Network Address Translation (NAT), Content Security, quality of service (QoS), and large-scale multitenancy. In addition to the benefit of individual services, the SRX5000 line provides a low latency solution. Junos OS also delivers carrier-class reliability with six nines system availability, the first in the industry to achieve independent verification by Telcordia. Furthermore, the SRX Series enjoys the benefit of a single source OS, and single integrated architecture traditionally available on Juniper’s carrier-class routers and switches.SRX5800
The SRX5800 Firewall is the market-leading security solution supporting up to 3.36 Tbps firewall throughput and latency as low as 32 microseconds for the stateful firewall. The SRX5800 also supports 638 Gbps IPS and 338 million concurrent sessions. The SRX5800 is equipped with the full range of advanced security services and is ideally suited for securing large enterprise, hosted, or colocated data centers, service provider core and cloud provider infrastructures, and mobile operator environments. The massive performance, scalability, and flexibility of the SRX5800 make it ideal for densely consolidated processing environments, and the service density makes it ideal for cloud and managed service providers.SRX5600
The SRX5600 Firewall uses the same SPCs and IOCs as the SRX5800 and can support up to 1.44 Tbps firewall throughput, 182 million concurrent sessions, and 245 Gbps IPS. The SRX5600 is ideally suited for securing enterprise data centers as well as aggregating various security solutions. The capability to support unique security policies per zone and its ability to scale with the growth of the network infrastructure make the SRX5600 an ideal deployment for consolidation of services in large enterprise, service provider, or mobile operator environments.SRX5400
The SRX5600 Firewall uses the same SPCs and IOCs as the SRX5800 and can support up to 960 Gbps firewall throughput, 90 million concurrent sessions, and 172 Gbps IPS. The SRX5400 is a small footprint, high-performance firewall ideally suited for securing large enterprise campuses as well as data centers, either for edge or core security deployments. The ability to support unique security policies per zone and a compelling price/performance/footprint ratio make the SRX5400 an optimal solution for edge or data center services in large enterprise, service provider, or mobile operator environments.Service Processing Cards (SPCs)
As the “brains” behind the SRX5000 line, SPCs are designed to process all available services on the platform. Without the need for dedicated hardware for specific services or capabilities, there are no instances in which a piece of hardware is taxed to the limit while other hardware is sitting idle. SPCs are designed to be pooled together, allowing the SRX5000 line to expand performance and capacities with the introduction of additional SPCs, significantly reducing management overhead and complexity. The high-performance SPC3 cards are supported on the SRX5400, SRX5600, and SRX5800 Firewalls.I/O Cards (IOCs)
To provide the most flexible solution, the SRX5000 line employs the same modular architecture for SPCs and IOCs. The SRX5000 line can be equipped with one or several IOCs, supporting the ideal mix of interfaces. With the flexibility to install an IOC or an SPC on any available slot, the SRX5000 line can be equipped to support the perfect blend of interfaces and processing capabilities, meeting the needs of the most demanding environments while ensuring investment protection. The third generation of IOCs from Juniper, the IOC3, delivers high throughput along with superior connectivity options including 100GbE, 40GbE, and high-density 10GbE interfaces. The IOC3 cards are supported on the SRX5400, SRX5600, and SRX5800. The fourth generation of IOCs delivers the highest throughput of all available linecards of up to 480 Gbps and offers multiple connectivity options from 10GbE and 40GbE to 100GbE. IOC4 can deliver up to 480 Gbps of hardware-accelerated throughput per linecard.Routing Engine (RE3) and Enhanced System Control Board (SCB4)
The SRX5K-RE3-128G Routing Engine (RE3) is the latest in the family of REs for the SRX5000 line with a multicore processor running at 2000 MHz. It delivers improved performance, scalability, and reliability with 128 GB DRAM and includes a TPM module. The SRX5K-SCB4 enables 480 Gbps throughput per SCB and can be configured with intra- and interchassis redundancy.Features and Benefits
Networking and Security
The Juniper Networks SRX5000 line of Firewalls has been designed from the ground up to offer robust networking and security services.Feature Feature Description Benefits Purpose-built platform Built from the ground up on dedicated hardware designed for networking and security services. Delivers unrivaled performance and flexibility to protect high-speed network environments. Scalable performance Offers scalable processing based on Juniper’s Dynamic Services Architecture. Offers a simple and cost-effective solution to leverage new services with appropriate processing. System and network resiliency Provides carrier-class hardware design and proven OS. Offers the reliability needed for any critical high-speed network deployments without service interruption. Utilizes a unique architectural design based on multiple processing cores and a separation of the data and control planes. High availability (HA) Active/passive and active/active HA configurations use dedicated HA interfaces. Achieves availability and resiliency necessary for critical networks. Interface flexibility Offers flexible I/O options with modular cards based on the Dynamic Services Architecture. Offers flexible I/O configuration and independent I/O scalability (options include 1GbE, 10GbE, 40GbE, and 100GbE) to meet the port density requirements of demanding network environments. Network segmentation Security zones, virtual LANs (VLANs), and virtual routers allow administrators to deploy security policies to isolate subnetworks and use overlapping IP address ranges. Features the capability to tailor unique security and networking policies for various internal, external, and demilitarized zone (DMZ) subgroups. Robust Routing Engine Dedicated RE provides physical and logical separation to data and control planes. Enables deployment of consolidated routing and security devices, as well as ensuring the security of routing infrastructure—all via a dedicated management environment. Advanced threat protection IPS, antivirus, antispam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, Threat Intelligence Feeds, and Juniper ATP Appliance. - Provides real-time updates to IPS signatures and protects against exploits
- Implements industry-leading antivirus and URL filtering
- Delivers open threat intelligence platform that integrates with third-party feeds
- Protects against zero-day attacks
- Stops rogue and compromised devices to disseminate malware
- Restores visibility that was lost due to encryption, without the heavy burden of full TLS/SSL decryption
AppTrack Detailed analysis on application volume/usage throughout the network based on bytes, packets, and sessions. Provides the ability to track application usage to help identify high-risk applications and analyze traffic patterns for improved network management and control. AppFirewall Fine-grained application control policies to allow or deny traffic based on dynamic application name or group names. Enhances security policy creation and enforcement based on applications and user roles rather than traditional port and protocol analysis. AppQoS Leverage Juniper’s rich QoS capabilities to prioritize applications based on customers’ business and bandwidth needs. Provides the ability to prioritize traffic as well as limit and shape bandwidth based on application information and contexts for improved application and overall network performance. Application signatures Open signature library for identifying applications and nested applications with more than 3000 application signatures. Accurately identifies applications so that the resulting information can be used for visibility, enforcement, control, and protection. SSL proxy (forward and reverse) Performs SSL encryption and decryption between the client and the server. Combines with application identification to provide visibility and protection against threats embedded in SSL encrypted traffic. Stateful GTP and SCTP inspection Support for General Packet Radio Service Tunneling Protocol (GTP) and Stream Control Transmission Protocol (SCTP) firewall in mobile operator networks. Enables the SRX5000 line to provide stateful firewall capabilities for protecting key GPRS nodes within mobile operator networks. IOC3 The third-generation I/O card offers very high levels of firewall throughput and low latency. The card includes two board choices: six 40GbE interfaces and 24 10GbE interfaces, or two 100GbE interfaces and four 10GbE interfaces. The IOC3 pairs well with existing SPC2/SPC3 for maximum firewall performance in any of the SRX5000 line of Firewalls. Provides vastly superior, top-of-the-line connectivity efficiency and record-breaking high throughput I/O interfaces. Reduces the need for link aggregation to the firewall and enables very high firewall throughput of up to 2 Tbps with Express Path enabled. IOC4 The fourth-generation I/O card is being offered in two flavors. The first delivers 40x10GbE interfaces while the second, depending on the chosen optics, delivers 48x10GbE, 12x40GbE, or 4x100GbE interfaces. Provides the fastest throughput per slot and, in combination with Express Path, can deliver up to 480 Gbps of throughput per I/O card. SPC3 card Enables performance and scale with backwards compatibility to the SPC2 service cards. These cards support in-service software and in-service hardware upgrades. Delivers always-on security resiliency to meet your growing network performance needs. AutoVPN One-time hub configuration for site-to-site VPN for all spokes, even newly added ones. Configuration options include: routing, interfaces, Internet Key Exchange (IKE), and IPsec. Enables IT administrative time and cost savings with easy, zero-touch deployment for IPsec VPN networks. Remote access/SSL VPN Secure and flexible remote access SSL VPN with Juniper Secure Connect. Extends secure access to corporate resources from anywhere. Multitenancy Offers logical, large-scale segmentation and separation of security functions and features. Enables separate, logical instances to be deployed with dedicated security policies, zones, and other features and functions. Removes the need to deploy several physical or virtual firewalls. IPS Capabilities
Juniper Networks IPS capabilities offer several unique features that assure the highest level of network security.Feature Feature Description Benefits Stateful signature inspection Signatures are applied only to relevant portions of the network traffic determined by the appropriate protocol context. This minimizes false positives and offers flexible signature development. Protocol decodes This feature enables highly accurate detection and helps reduce false positives. Accuracy of signatures is improved through precise contexts of protocols. Signatures There are more than 8500 signatures for identifying anomalies, attacks, spyware, and applications. Attacks are accurately identified and attempts to exploit a known vulnerability are detected. Traffic normalization Reassembly, normalization, and protocol decoding are provided. Overcome attempts to bypass other IPS detections by using obfuscation methods. Zero-day protection Protocol anomaly detection and same-day coverage for newly found vulnerabilities are provided. Your network is already protected against any new exploits. Recommended policy Group of attack signatures are identified by Juniper Networks Security Team as critical for the typical enterprise to protect against. Installation and maintenance are simplified while ensuring the highest network security. Active/active traffic monitoring IPS monitoring on active/active SRX5000 line chassis clusters is provided. Includes support for active/active IPS monitoring, including advanced features such as in-service software upgrade. Packet capture IPS policy supports packet capture logging per rule. Conduct further analysis of surrounding traffic and determine further steps to protect target. Content Security Capabilities
The Content Security services offered on the SRX5000 line of Firewalls include industry-leading antivirus, antispam, content filtering, and additional content security services.Feature Feature Description Benefits Antivirus Antivirus includes reputation enhanced, cloud-based antivirus capabilities that detect and block spyware, adware, viruses, keyloggers, and other malware over POP3 HTTP, SMTP, IMAP, and FTP protocols. This service is provided in cooperation with Sophos Labs, a dedicated security company. Sophisticated protection from respected antivirus experts against malware attacks that can lead to data breaches and lost productivity. Antispam Multilayered spam protection, up-to-date phishing URL detection, standards-based S/MIME, Open PGP and TLS encryption, MIME type, and extension blockers are provided in cooperation with Sophos Labs, a dedicated security company. Protection against advanced persistent threats perpetrated through social networking attacks and the latest phishing scams with sophisticated e-mail filtering and content blockers. Enhanced Web filtering Enhanced Web filtering includes extensive category granulation (95+ categories) and a real-time threat score delivered with Forcepoint, an expert Web security provider. Protection against lost productivity and the impact of malicious URLs as well as helping to maintain network bandwidth for business essential traffic. Content filtering Effective content filtering is based on MIME type, file extension, and protocol commands. Protection against lost productivity and the impact of extraneous or malicious content on the network to help maintain bandwidth for business essential traffic. Advanced Threat Prevention
Advanced threat prevention (ATP) solutions that defend against sophisticated malware, persistent threats, and ransomware are available for the SRX5000 line. Two versions are available: Juniper ATP Cloud, a SaaS-based service, and the Juniper ATP Appliance, an on-premises solution.Feature Feature Description Benefits Advanced malware detection and remediation Malware analysis and sandboxing are based on machine learning and behavioral analysis. Protects enterprise users from a spectrum of malicious attacks, including advanced malware that exploits “zero-day” vulnerabilities. Comprehensive threat feeds (C2, GeoIP, custom) Curated, actionable threat intelligence feeds are delivered in near real time to SRX Series devices. Proactively blocks malware communication channels and protects from botnets, phishing, and other attacks. Encrypted Traffic Insights SRX Series firewalls collect relevant TLS/SSL connection data, including certificates used, cipher suites negotiated, and connection behavior. This information is processed by Juniper ATP Cloud, which uses network behavioral analysis and machine learning to determine whether the connection is benign or malicious. Policies configured on SRX Series firewalls can be used to block encrypted traffic identified as malicious. Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption. HTTP, HTTPs, e-mail Web- and e-mail-based threats are analyzed, including encrypted sessions. Protects users from all major threat vectors, including e-mail. Provides flexible message handling options for e-mail. The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and Google Mail, and detects threats in SMB traffic. Integration with Security Director and JSA Juniper Networks Secure Analytics portfolio (JSA Series) security information and event management (SIEM) can consume and correlate threat events. Juniper ATP Cloud is also fully integrated with Security Director for provisioning and monitoring. The Juniper ATP Appliance includes a built-in management console and is not integrated with Security Director. Single pane-of-glass management with Security Director and JSA Series integration delivers a simplified policy application and monitoring experience. More information about Juniper Advanced Threat Prevention products can be found at https://www.juniper.net/us/en/products/security/advanced-threat-prevention.html.Centralized Management
Juniper Networks® Security Director is the central manager for all SRX Series Firewalls. It provides security policy management for all physical, logical, and virtual firewalls through an innovative, intuitive, and centralized web-based interface that offers enforcement across emerging and traditional threat vectors. It provides detailed visibility into application performance, reduces risk while enabling users to diagnose, and it resolves problems quickly. More information about Juniper Networks Security Director can be found at https://www.juniper.net/us/en/products/security/security-director-network-security-management.html.
Specifications
Note: Performance, capacity, and features are measured under ideal lab testing conditions. Actual results may vary based on Junos OS release and by deployment.SRX5400 SRX5600 SRX5800 Maximum Performance and Capacity1 Junos OS version tested Junos OS 21.2 Junos OS 21.2 Junos OS 21.2 Firewall Performance, IMIX 960 Gbps 1.44 Tbps 3.36 Tbps Maximum performance per chassis 960 Gbps 1440 Tbps 3.36 Tbps Next-Generation Datacenter Firewall Performance2 136 Gbps 194 Gbps 504 Gbps Secure Web Access Firewall Performance3 75 Gbps 107 Gbps 277 Gbps Latency (stateful firewall) ~11µsec ~11µsec ~11µsec IPsec VPN AES-256-GCM (IMIX) 188 Gbps 269 Gbps 699 Gbps Maximum IPS performance 172 Gbps 245 Gbps 638 Gbps Maximum concurrent sessions 91 Million 182 Million 338 Million New sessions/second (sustained, tcp, 3way, firewall NAT) 1.7/1 million 3.4/2 Million 6.3/4 Million Maximum users supported Unrestricted Unrestricted Unrestricted Network Connectivity IOC4 options (SRX5K-IOC4-MRAT; SRX5K-IOC4-10G) 40x10GbE SFP+ or 12xQSFP+/QSFP28 multirate IOC3 options (SRX5K-MPC3-100G10G; SRX5K-MPC3-40G10G) 2x100GbE CFP2 and 4x10GbE SFP+ or 6x40GbE QSFP+ and 24x10GbE SFP+ Firewall Network attack detection Yes Yes Yes DoS and distributed denial of service (DDoS) protection Yes Yes Yes TCP reassembly for fragmented packet protection Yes Yes Yes Brute force attack mitigation Yes Yes Yes SYN cookie protection Yes Yes Yes Zone-based IP spoofing Yes Yes Yes Malformed packet protection Yes Yes Yes IPsec VPN Site-to-site tunnels 15,000 15,000 15,000 Tunnel interfaces 15,000 15,000 15,000 Number of remote access / SSL VPN (concurrent) users 25,000 40,000 50,000 Tunnels Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4 / IPv6 / Dual Stack) Internet Key Exchange IKEv1, IKEv2 Configuration Payload Yes Yes Yes IKE Authentication Algorithms MD5, SHA1, SHA-256, SHA-384, SHA-512 IKE Encryption Algorithms Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB Authentication Pre-shared key and public key infrastructure (PKI X.509) IPsec (Internet Protocol Security) Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol Perfect forward secrecy Yes IPsec Authentication Algorithms hmac-md5, hmac-sha-196, hmac-sha-256, hmac-sha-384, hmac-sha-512 IPsec Encryption Algorithms Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB Monitoring Standard-based Dead peer detection (DPD), VPN monitoring Prevent replay attack Yes Yes Yes VPNs (GRE, IP-in-IP, MPLS) Yes Yes Yes Redundant VPN gateways Yes Yes Yes Intrusion Prevention System (IPS) Signature-based and customizable (via templates) Yes Yes Yes Active/active traffic monitoring Yes Yes Yes Stateful protocol signatures Yes Yes Yes Attack detection mechanisms Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Attack response mechanisms Drop connection, close connection, session packet log, session summary, e-mail Drop connection, close connection, session packet log, session summary, e-mail Drop connection, close connection, session packet log, session summary, e-mail Attack notification mechanisms Structured system logging Structured system logging Structured system logging Worm protection Yes Yes Yes Simplified installation through recommended policies Yes Yes Yes Trojan protection Yes Yes Yes Spyware/adware/keylogger protection Yes Yes Yes Advanced malware protection Yes Yes Yes Protection against attack proliferation from infected systems Yes Yes Yes Reconnaissance protection Yes Yes Yes Request and response side attack protection Yes Yes Yes Compound attacks—combines stateful signatures and protocol anomalies Yes Yes Yes Custom attack signatures creation Yes Yes Yes Contexts accessible for customization 600+ 600+ 600+ Attack editing (port range, other) Yes Yes Yes Stream signatures Yes Yes Yes Protocol thresholds Yes Yes Yes Stateful protocol signatures Yes Yes Yes Frequency of updates Daily and emergency Daily and emergency Daily and emergency Content Security Antivirus Yes Yes Yes Content filtering Yes Yes Yes Enhanced Web filtering Yes Yes Yes Redirect Web filtering Yes Yes Yes Antispam Yes Yes Yes AppSecure AppTrack (application visibility and tracking) Yes Yes Yes AppFirewall (policy enforcement by application name) Yes Yes Yes AppQoS (network traffic prioritization by application name) Yes Yes Yes User-based application policy enforcement Yes Yes Yes GPRS Security GPRS stateful firewall Yes Yes Yes Destination Network Address Translation Destination NAT with Port Address Translation (PAT) Yes Yes Yes Destination NAT within same subnet as ingress interface IP Yes Yes Yes Destination addresses and port numbers to one single address and a specific port number (M:1P) Yes Yes Yes Destination addresses to one single address (M:1) Yes Yes Yes Destination addresses to another range of addresses (M:M) Yes Yes Yes Source Network Address Translation Static Source NAT—IP-shifting Dynamic Internet Protocol (DIP) Yes Yes Yes Source NAT with PAT—port translated Yes Yes Yes Source NAT without PAT—fix port Yes Yes Yes Source NAT—IP address persistency Yes Yes Yes Source pool grouping Yes Yes Yes Source pool utilization alarm Yes Yes Yes Source IP outside of the interface subnet Yes Yes Yes Interface source NAT—interface DIP Yes Yes Yes Oversubscribed NAT pool with fallback to PAT when the address pool is exhausted Yes Yes Yes Symmetric NAT Yes Yes Yes Allocate multiple ranges in NAT pool Yes Yes Yes Proxy Address Resolution Protocol (ARP) for physical port Yes Yes Yes Source NAT with loopback grouping—DIP with loopback grouping Yes Yes Yes User Authentication and Access Control Built-in (internal) database Yes Yes Yes RADIUS accounting Yes Yes Yes Web-based authentication Yes Yes Yes Public Key Infrastructure (PKI) Support PKI certificate requests (PKCS 7, PKCS 10, and CMPv2) Yes Yes Yes Automated certificate enrollment (SCEP) Yes Yes Yes Certificate authorities supported Yes Yes Yes Self-signed certificates Yes Yes Yes Virtualization Maximum custom routing instances with data plane separation 2000 2000 2000 Maximum security zones 2000 2000 2000 Maximum virtual firewalls with data plane and administrative separation (logical/tenant systems) 500 500 500 Additional off-platform virtual firewall option with Juniper Networks vSRX Virtual Firewall (VM based) Unlimited Unlimited Unlimited Maximum number of VLANs 4096 4096 4096 Routing BGP instances 1000 1000 1000 BGP peers 2000 2000 2000 BGP routes 1 Million 1 Million 1 Million OSPF instances 400 400 400 OSPF routes 1 Million 1 Million 1 Million RIP v1/v2 instances 50 50 50 RIP v2 table size 30,000 30,000 30,000 Dynamic routing Yes Yes Yes Static routes Yes Yes Yes Source-based routing Yes Yes Yes Policy-based routing Yes Yes Yes Equal cost multipath (ECMP) Yes Yes Yes Reverse path forwarding (RPF) Yes Yes Yes Multicast Yes Yes Yes IPv6 Firewall/stateless filters Yes Yes Yes Dual-stack IPv4/IPv6 firewall Yes Yes Yes RIPng Yes Yes Yes BFD, BGP Yes Yes Yes ICMPv6 Yes Yes Yes OSPFv3 Yes Yes Yes Class of service (CoS) Yes Yes Yes Mode of Operation Layer 2 (transparent) mode Yes Yes Yes Layer 3 (route and/or NAT) mode Yes Yes Yes IP Address Assignment Static Yes Yes Yes Dynamic Host Configuration Protocol (DHCP) Yes Yes Yes Internal DHCP server Yes Yes Yes DHCP relay Yes Yes Yes Traffic Management Quality of Service (QoS) Maximum bandwidth Yes Yes Yes RFC2474 IP Diffserv in IPv4 Yes Yes Yes Firewall filters for CoS Yes Yes Yes Classification Yes Yes Yes Scheduling Yes Yes Yes Shaping Yes Yes Yes Intelligent Drop Mechanisms (WRED) Yes Yes Yes Three-level scheduling Yes Yes Yes Weighted round robin for each level of scheduling Yes Yes Yes Priority of routing protocols Yes Yes Yes Traffic management/policing in hardware Yes Yes Yes High Availability (HA) Active/passive, active/active Yes Yes Yes Unified in-service software upgrade (unified ISSU) Yes Yes Yes Configuration synchronization Yes Yes Yes Session synchronization for firewall and IPsec VPN Yes Yes Yes Session failover for routing change Yes Yes Yes Device failure detection Yes Yes Yes Link and upstream failure detection Yes Yes Yes Dual control links Yes Yes Yes Interface link aggregation/Link Aggregation Control Protocol (LACP) Yes Yes Yes Redundant fabric links Yes Yes Yes Management WebUI (HTTP and HTTPS) Yes Yes Yes Command line interface (console, telnet, SSH) Yes Yes Yes Junos Space Security Director Yes Yes Yes Administration Local administrator database support Yes Yes Yes External administrator database support Yes Yes Yes Restricted administrative networks Yes Yes Yes Root admin, admin, and read-only user levels Yes Yes Yes Software upgrades Yes Yes Yes Configuration rollback Yes Yes Yes Logging/Monitoring Structured syslog Yes Yes Yes SNMP (v2 and v3) Yes Yes Yes Traceroute Yes Yes Yes Certifications Safety certifications Yes Yes Yes Electromagnetic Compatibility (EMC) certifications Yes Yes Yes RoHS2 Compliant (European Directive 2011/65/EU) Yes Yes Yes NIST FIPS-140-2 Level 2 Yes Yes Yes Common Criteria NDPP+TFFW EP + VPN EP Yes Yes Yes USGv6 Yes Yes Yes Dimensions and Power Dimensions (W x H x D) 17.45 x 8.7 x 24.5 in (44.3 x 22.1 x 62.2 cm) 17.5 x 14 x 23.8 in (44.5 x 35.6 x 60.5 cm) 17.5 x 27.8 x 23.5 in (44.5 x 70.5 x 59.7 cm) Weight Fully configured 128 lb (58.1 kg) Fully Configured: 180 lb (81.7 kg) Fully Configured: 334 lb (151.6 kg) Power supply (AC) 100 to 240 VAC 100 to 240 VAC 200 to 240 VAC Power supply (DC) -40 to -60 VDC -40 to -60 VDC -40 to -60 VDC Maximum power 4,100 watts (AC high capacity) 4,100 watts (AC high capacity) 8,200 watts (AC high capacity) Typical Power 1540 watts 2440 watts 5015 watts Environmental Operating temperature – long term 41° to 104° F (5° to 40° C) 41° to 104° F (5° to 40° C) 41° to 104° F (5° to 40° C Humidity – long term 5% to 85% noncondensing 5% to 85% noncondensing 5% to 85% noncondensing Humidity – short term 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 1 Performance, capacity and features listed are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments. 2Next-Generation Datacenter firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions. 3Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions. -
Product Overview
The SRX Series are next-generation firewalls based on a revolutionary architecture offering outstanding performance, scalability, availability, and security services integration. Custom designed for flexible processing scalability, I/O scalability, and services integration, the SRX Series Firewalls exceed the security requirements of data center consolidation and services aggregation. The award-winning SRX Series is powered by Junos OS, the same industry-leading operating system that keeps the world’s largest data center networks available, manageable, and secure.Product Description
The Juniper Networks® SRX5400, SRX5600, and SRX5800 are next-generation firewalls (NGFWs) that deliver outstanding protection, market-leading performance, six nines reliability and availability, scalability, and services integration. These devices are ideally suited for service provider, large enterprise, and public sector networks, including:- Cloud and hosting provider data centers
- Mobile operator environments
- Managed service providers
- Core service provider infrastructures
- Large enterprise data centers
Based on Juniper’s Dynamic Services Architecture, the SRX5000 line provides unrivaled scalability and performance. Each firewall can support near near linear scalability with the addition of Services Processing Cards (SPCs) and I/O cards (IOCs), enabling a fully equipped SRX5800 to support up to 3.36 Tbps firewall throughput. The SPCs are designed to support a wide range of services, enabling future support of new capabilities without the need for service-specific hardware. Using SPCs on all services ensures that there are no idle resources based on specific services being used—maximizing hardware utilization. The scalability and flexibility of the SRX5000 line is supported by equally robust interfaces. The SRX5000 line employs a modular approach, where each platform can be equipped with a flexible number of IOCs that offer a wide range of connectivity options, including 1GbE, 10GbE, 40GbE, and 100GbE interfaces. With the IOCs sharing the same interface slot as the SPCs, the firewall can be configured as needed to support the ideal balance of processing and I/O. Hence, each deployment of the SRX Series can be tailored to specific network requirements. The scalability of both SPCs and IOCs in the SRX5000 line is enabled by the custom-designed switch fabric. Supporting up to 960 Gbps of data transfer, the fabric enables the realization of maximum processing and I/O capability available in any particular configuration. This level of scalability and flexibility enables future expansion and growth of the network infrastructure, providing unrivaled investment protection. The tight service integration on the SRX Series is enabled by Juniper Networks Junos® operating system. The SRX Series is equipped with a robust set of services that include stateful firewall, intrusion prevention system (IPS), denial of service (DoS), application security, VPN (IPsec), Network Address Translation (NAT), Content Security, quality of service (QoS), and large-scale multitenancy. In addition to the benefit of individual services, the SRX5000 line provides a low latency solution. Junos OS also delivers carrier-class reliability with six nines system availability, the first in the industry to achieve independent verification by Telcordia. Furthermore, the SRX Series enjoys the benefit of a single source OS, and single integrated architecture traditionally available on Juniper’s carrier-class routers and switches.SRX5800
The SRX5800 Firewall is the market-leading security solution supporting up to 3.36 Tbps firewall throughput and latency as low as 32 microseconds for the stateful firewall. The SRX5800 also supports 638 Gbps IPS and 338 million concurrent sessions. The SRX5800 is equipped with the full range of advanced security services and is ideally suited for securing large enterprise, hosted, or colocated data centers, service provider core and cloud provider infrastructures, and mobile operator environments. The massive performance, scalability, and flexibility of the SRX5800 make it ideal for densely consolidated processing environments, and the service density makes it ideal for cloud and managed service providers.SRX5600
The SRX5600 Firewall uses the same SPCs and IOCs as the SRX5800 and can support up to 1.44 Tbps firewall throughput, 182 million concurrent sessions, and 245 Gbps IPS. The SRX5600 is ideally suited for securing enterprise data centers as well as aggregating various security solutions. The capability to support unique security policies per zone and its ability to scale with the growth of the network infrastructure make the SRX5600 an ideal deployment for consolidation of services in large enterprise, service provider, or mobile operator environments.SRX5400
The SRX5600 Firewall uses the same SPCs and IOCs as the SRX5800 and can support up to 960 Gbps firewall throughput, 90 million concurrent sessions, and 172 Gbps IPS. The SRX5400 is a small footprint, high-performance firewall ideally suited for securing large enterprise campuses as well as data centers, either for edge or core security deployments. The ability to support unique security policies per zone and a compelling price/performance/footprint ratio make the SRX5400 an optimal solution for edge or data center services in large enterprise, service provider, or mobile operator environments.Service Processing Cards (SPCs)
As the “brains” behind the SRX5000 line, SPCs are designed to process all available services on the platform. Without the need for dedicated hardware for specific services or capabilities, there are no instances in which a piece of hardware is taxed to the limit while other hardware is sitting idle. SPCs are designed to be pooled together, allowing the SRX5000 line to expand performance and capacities with the introduction of additional SPCs, significantly reducing management overhead and complexity. The high-performance SPC3 cards are supported on the SRX5400, SRX5600, and SRX5800 Firewalls.I/O Cards (IOCs)
To provide the most flexible solution, the SRX5000 line employs the same modular architecture for SPCs and IOCs. The SRX5000 line can be equipped with one or several IOCs, supporting the ideal mix of interfaces. With the flexibility to install an IOC or an SPC on any available slot, the SRX5000 line can be equipped to support the perfect blend of interfaces and processing capabilities, meeting the needs of the most demanding environments while ensuring investment protection. The third generation of IOCs from Juniper, the IOC3, delivers high throughput along with superior connectivity options including 100GbE, 40GbE, and high-density 10GbE interfaces. The IOC3 cards are supported on the SRX5400, SRX5600, and SRX5800. The fourth generation of IOCs delivers the highest throughput of all available linecards of up to 480 Gbps and offers multiple connectivity options from 10GbE and 40GbE to 100GbE. IOC4 can deliver up to 480 Gbps of hardware-accelerated throughput per linecard.Routing Engine (RE3) and Enhanced System Control Board (SCB4)
The SRX5K-RE3-128G Routing Engine (RE3) is the latest in the family of REs for the SRX5000 line with a multicore processor running at 2000 MHz. It delivers improved performance, scalability, and reliability with 128 GB DRAM and includes a TPM module. The SRX5K-SCB4 enables 480 Gbps throughput per SCB and can be configured with intra- and interchassis redundancy.Features and Benefits
Networking and Security
The Juniper Networks SRX5000 line of Firewalls has been designed from the ground up to offer robust networking and security services.Feature Feature Description Benefits Purpose-built platform Built from the ground up on dedicated hardware designed for networking and security services. Delivers unrivaled performance and flexibility to protect high-speed network environments. Scalable performance Offers scalable processing based on Juniper’s Dynamic Services Architecture. Offers a simple and cost-effective solution to leverage new services with appropriate processing. System and network resiliency Provides carrier-class hardware design and proven OS. Offers the reliability needed for any critical high-speed network deployments without service interruption. Utilizes a unique architectural design based on multiple processing cores and a separation of the data and control planes. High availability (HA) Active/passive and active/active HA configurations use dedicated HA interfaces. Achieves availability and resiliency necessary for critical networks. Interface flexibility Offers flexible I/O options with modular cards based on the Dynamic Services Architecture. Offers flexible I/O configuration and independent I/O scalability (options include 1GbE, 10GbE, 40GbE, and 100GbE) to meet the port density requirements of demanding network environments. Network segmentation Security zones, virtual LANs (VLANs), and virtual routers allow administrators to deploy security policies to isolate subnetworks and use overlapping IP address ranges. Features the capability to tailor unique security and networking policies for various internal, external, and demilitarized zone (DMZ) subgroups. Robust Routing Engine Dedicated RE provides physical and logical separation to data and control planes. Enables deployment of consolidated routing and security devices, as well as ensuring the security of routing infrastructure—all via a dedicated management environment. Advanced threat protection IPS, antivirus, antispam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, Threat Intelligence Feeds, and Juniper ATP Appliance. - Provides real-time updates to IPS signatures and protects against exploits
- Implements industry-leading antivirus and URL filtering
- Delivers open threat intelligence platform that integrates with third-party feeds
- Protects against zero-day attacks
- Stops rogue and compromised devices to disseminate malware
- Restores visibility that was lost due to encryption, without the heavy burden of full TLS/SSL decryption
AppTrack Detailed analysis on application volume/usage throughout the network based on bytes, packets, and sessions. Provides the ability to track application usage to help identify high-risk applications and analyze traffic patterns for improved network management and control. AppFirewall Fine-grained application control policies to allow or deny traffic based on dynamic application name or group names. Enhances security policy creation and enforcement based on applications and user roles rather than traditional port and protocol analysis. AppQoS Leverage Juniper’s rich QoS capabilities to prioritize applications based on customers’ business and bandwidth needs. Provides the ability to prioritize traffic as well as limit and shape bandwidth based on application information and contexts for improved application and overall network performance. Application signatures Open signature library for identifying applications and nested applications with more than 3000 application signatures. Accurately identifies applications so that the resulting information can be used for visibility, enforcement, control, and protection. SSL proxy (forward and reverse) Performs SSL encryption and decryption between the client and the server. Combines with application identification to provide visibility and protection against threats embedded in SSL encrypted traffic. Stateful GTP and SCTP inspection Support for General Packet Radio Service Tunneling Protocol (GTP) and Stream Control Transmission Protocol (SCTP) firewall in mobile operator networks. Enables the SRX5000 line to provide stateful firewall capabilities for protecting key GPRS nodes within mobile operator networks. IOC3 The third-generation I/O card offers very high levels of firewall throughput and low latency. The card includes two board choices: six 40GbE interfaces and 24 10GbE interfaces, or two 100GbE interfaces and four 10GbE interfaces. The IOC3 pairs well with existing SPC2/SPC3 for maximum firewall performance in any of the SRX5000 line of Firewalls. Provides vastly superior, top-of-the-line connectivity efficiency and record-breaking high throughput I/O interfaces. Reduces the need for link aggregation to the firewall and enables very high firewall throughput of up to 2 Tbps with Express Path enabled. IOC4 The fourth-generation I/O card is being offered in two flavors. The first delivers 40x10GbE interfaces while the second, depending on the chosen optics, delivers 48x10GbE, 12x40GbE, or 4x100GbE interfaces. Provides the fastest throughput per slot and, in combination with Express Path, can deliver up to 480 Gbps of throughput per I/O card. SPC3 card Enables performance and scale with backwards compatibility to the SPC2 service cards. These cards support in-service software and in-service hardware upgrades. Delivers always-on security resiliency to meet your growing network performance needs. AutoVPN One-time hub configuration for site-to-site VPN for all spokes, even newly added ones. Configuration options include: routing, interfaces, Internet Key Exchange (IKE), and IPsec. Enables IT administrative time and cost savings with easy, zero-touch deployment for IPsec VPN networks. Remote access/SSL VPN Secure and flexible remote access SSL VPN with Juniper Secure Connect. Extends secure access to corporate resources from anywhere. Multitenancy Offers logical, large-scale segmentation and separation of security functions and features. Enables separate, logical instances to be deployed with dedicated security policies, zones, and other features and functions. Removes the need to deploy several physical or virtual firewalls. IPS Capabilities
Juniper Networks IPS capabilities offer several unique features that assure the highest level of network security.Feature Feature Description Benefits Stateful signature inspection Signatures are applied only to relevant portions of the network traffic determined by the appropriate protocol context. This minimizes false positives and offers flexible signature development. Protocol decodes This feature enables highly accurate detection and helps reduce false positives. Accuracy of signatures is improved through precise contexts of protocols. Signatures There are more than 8500 signatures for identifying anomalies, attacks, spyware, and applications. Attacks are accurately identified and attempts to exploit a known vulnerability are detected. Traffic normalization Reassembly, normalization, and protocol decoding are provided. Overcome attempts to bypass other IPS detections by using obfuscation methods. Zero-day protection Protocol anomaly detection and same-day coverage for newly found vulnerabilities are provided. Your network is already protected against any new exploits. Recommended policy Group of attack signatures are identified by Juniper Networks Security Team as critical for the typical enterprise to protect against. Installation and maintenance are simplified while ensuring the highest network security. Active/active traffic monitoring IPS monitoring on active/active SRX5000 line chassis clusters is provided. Includes support for active/active IPS monitoring, including advanced features such as in-service software upgrade. Packet capture IPS policy supports packet capture logging per rule. Conduct further analysis of surrounding traffic and determine further steps to protect target. Content Security Capabilities
The Content Security services offered on the SRX5000 line of Firewalls include industry-leading antivirus, antispam, content filtering, and additional content security services.Feature Feature Description Benefits Antivirus Antivirus includes reputation enhanced, cloud-based antivirus capabilities that detect and block spyware, adware, viruses, keyloggers, and other malware over POP3 HTTP, SMTP, IMAP, and FTP protocols. This service is provided in cooperation with Sophos Labs, a dedicated security company. Sophisticated protection from respected antivirus experts against malware attacks that can lead to data breaches and lost productivity. Antispam Multilayered spam protection, up-to-date phishing URL detection, standards-based S/MIME, Open PGP and TLS encryption, MIME type, and extension blockers are provided in cooperation with Sophos Labs, a dedicated security company. Protection against advanced persistent threats perpetrated through social networking attacks and the latest phishing scams with sophisticated e-mail filtering and content blockers. Enhanced Web filtering Enhanced Web filtering includes extensive category granulation (95+ categories) and a real-time threat score delivered with Forcepoint, an expert Web security provider. Protection against lost productivity and the impact of malicious URLs as well as helping to maintain network bandwidth for business essential traffic. Content filtering Effective content filtering is based on MIME type, file extension, and protocol commands. Protection against lost productivity and the impact of extraneous or malicious content on the network to help maintain bandwidth for business essential traffic. Advanced Threat Prevention
Advanced threat prevention (ATP) solutions that defend against sophisticated malware, persistent threats, and ransomware are available for the SRX5000 line. Two versions are available: Juniper ATP Cloud, a SaaS-based service, and the Juniper ATP Appliance, an on-premises solution.Feature Feature Description Benefits Advanced malware detection and remediation Malware analysis and sandboxing are based on machine learning and behavioral analysis. Protects enterprise users from a spectrum of malicious attacks, including advanced malware that exploits “zero-day” vulnerabilities. Comprehensive threat feeds (C2, GeoIP, custom) Curated, actionable threat intelligence feeds are delivered in near real time to SRX Series devices. Proactively blocks malware communication channels and protects from botnets, phishing, and other attacks. Encrypted Traffic Insights SRX Series firewalls collect relevant TLS/SSL connection data, including certificates used, cipher suites negotiated, and connection behavior. This information is processed by Juniper ATP Cloud, which uses network behavioral analysis and machine learning to determine whether the connection is benign or malicious. Policies configured on SRX Series firewalls can be used to block encrypted traffic identified as malicious. Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption. HTTP, HTTPs, e-mail Web- and e-mail-based threats are analyzed, including encrypted sessions. Protects users from all major threat vectors, including e-mail. Provides flexible message handling options for e-mail. The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and Google Mail, and detects threats in SMB traffic. Integration with Security Director and JSA Juniper Networks Secure Analytics portfolio (JSA Series) security information and event management (SIEM) can consume and correlate threat events. Juniper ATP Cloud is also fully integrated with Security Director for provisioning and monitoring. The Juniper ATP Appliance includes a built-in management console and is not integrated with Security Director. Single pane-of-glass management with Security Director and JSA Series integration delivers a simplified policy application and monitoring experience. More information about Juniper Advanced Threat Prevention products can be found at https://www.juniper.net/us/en/products/security/advanced-threat-prevention.html.Centralized Management
Juniper Networks® Security Director is the central manager for all SRX Series Firewalls. It provides security policy management for all physical, logical, and virtual firewalls through an innovative, intuitive, and centralized web-based interface that offers enforcement across emerging and traditional threat vectors. It provides detailed visibility into application performance, reduces risk while enabling users to diagnose, and it resolves problems quickly. More information about Juniper Networks Security Director can be found at https://www.juniper.net/us/en/products/security/security-director-network-security-management.html.Specifications
Note: Performance, capacity, and features are measured under ideal lab testing conditions. Actual results may vary based on Junos OS release and by deployment.SRX5400 SRX5600 SRX5800 Maximum Performance and Capacity1 Junos OS version tested Junos OS 21.2 Junos OS 21.2 Junos OS 21.2 Firewall Performance, IMIX 960 Gbps 1.44 Tbps 3.36 Tbps Maximum performance per chassis 960 Gbps 1440 Tbps 3.36 Tbps Next-Generation Datacenter Firewall Performance2 136 Gbps 194 Gbps 504 Gbps Secure Web Access Firewall Performance3 75 Gbps 107 Gbps 277 Gbps Latency (stateful firewall) ~11µsec ~11µsec ~11µsec IPsec VPN AES-256-GCM (IMIX) 188 Gbps 269 Gbps 699 Gbps Maximum IPS performance 172 Gbps 245 Gbps 638 Gbps Maximum concurrent sessions 91 Million 182 Million 338 Million New sessions/second (sustained, tcp, 3way, firewall NAT) 1.7/1 million 3.4/2 Million 6.3/4 Million Maximum users supported Unrestricted Unrestricted Unrestricted Network Connectivity IOC4 options (SRX5K-IOC4-MRAT; SRX5K-IOC4-10G) 40x10GbE SFP+ or 12xQSFP+/QSFP28 multirate IOC3 options (SRX5K-MPC3-100G10G; SRX5K-MPC3-40G10G) 2x100GbE CFP2 and 4x10GbE SFP+ or 6x40GbE QSFP+ and 24x10GbE SFP+ Firewall Network attack detection Yes Yes Yes DoS and distributed denial of service (DDoS) protection Yes Yes Yes TCP reassembly for fragmented packet protection Yes Yes Yes Brute force attack mitigation Yes Yes Yes SYN cookie protection Yes Yes Yes Zone-based IP spoofing Yes Yes Yes Malformed packet protection Yes Yes Yes IPsec VPN Site-to-site tunnels 15,000 15,000 15,000 Tunnel interfaces 15,000 15,000 15,000 Number of remote access / SSL VPN (concurrent) users 25,000 40,000 50,000 Tunnels Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4 / IPv6 / Dual Stack) Internet Key Exchange IKEv1, IKEv2 Configuration Payload Yes Yes Yes IKE Authentication Algorithms MD5, SHA1, SHA-256, SHA-384, SHA-512 IKE Encryption Algorithms Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB Authentication Pre-shared key and public key infrastructure (PKI X.509) IPsec (Internet Protocol Security) Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol Perfect forward secrecy Yes IPsec Authentication Algorithms hmac-md5, hmac-sha-196, hmac-sha-256, hmac-sha-384, hmac-sha-512 IPsec Encryption Algorithms Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB Monitoring Standard-based Dead peer detection (DPD), VPN monitoring Prevent replay attack Yes Yes Yes VPNs (GRE, IP-in-IP, MPLS) Yes Yes Yes Redundant VPN gateways Yes Yes Yes Intrusion Prevention System (IPS) Signature-based and customizable (via templates) Yes Yes Yes Active/active traffic monitoring Yes Yes Yes Stateful protocol signatures Yes Yes Yes Attack detection mechanisms Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Attack response mechanisms Drop connection, close connection, session packet log, session summary, e-mail Drop connection, close connection, session packet log, session summary, e-mail Drop connection, close connection, session packet log, session summary, e-mail Attack notification mechanisms Structured system logging Structured system logging Structured system logging Worm protection Yes Yes Yes Simplified installation through recommended policies Yes Yes Yes Trojan protection Yes Yes Yes Spyware/adware/keylogger protection Yes Yes Yes Advanced malware protection Yes Yes Yes Protection against attack proliferation from infected systems Yes Yes Yes Reconnaissance protection Yes Yes Yes Request and response side attack protection Yes Yes Yes Compound attacks—combines stateful signatures and protocol anomalies Yes Yes Yes Custom attack signatures creation Yes Yes Yes Contexts accessible for customization 600+ 600+ 600+ Attack editing (port range, other) Yes Yes Yes Stream signatures Yes Yes Yes Protocol thresholds Yes Yes Yes Stateful protocol signatures Yes Yes Yes Frequency of updates Daily and emergency Daily and emergency Daily and emergency Content Security Antivirus Yes Yes Yes Content filtering Yes Yes Yes Enhanced Web filtering Yes Yes Yes Redirect Web filtering Yes Yes Yes Antispam Yes Yes Yes AppSecure AppTrack (application visibility and tracking) Yes Yes Yes AppFirewall (policy enforcement by application name) Yes Yes Yes AppQoS (network traffic prioritization by application name) Yes Yes Yes User-based application policy enforcement Yes Yes Yes GPRS Security GPRS stateful firewall Yes Yes Yes Destination Network Address Translation Destination NAT with Port Address Translation (PAT) Yes Yes Yes Destination NAT within same subnet as ingress interface IP Yes Yes Yes Destination addresses and port numbers to one single address and a specific port number (M:1P) Yes Yes Yes Destination addresses to one single address (M:1) Yes Yes Yes Destination addresses to another range of addresses (M:M) Yes Yes Yes Source Network Address Translation Static Source NAT—IP-shifting Dynamic Internet Protocol (DIP) Yes Yes Yes Source NAT with PAT—port translated Yes Yes Yes Source NAT without PAT—fix port Yes Yes Yes Source NAT—IP address persistency Yes Yes Yes Source pool grouping Yes Yes Yes Source pool utilization alarm Yes Yes Yes Source IP outside of the interface subnet Yes Yes Yes Interface source NAT—interface DIP Yes Yes Yes Oversubscribed NAT pool with fallback to PAT when the address pool is exhausted Yes Yes Yes Symmetric NAT Yes Yes Yes Allocate multiple ranges in NAT pool Yes Yes Yes Proxy Address Resolution Protocol (ARP) for physical port Yes Yes Yes Source NAT with loopback grouping—DIP with loopback grouping Yes Yes Yes User Authentication and Access Control Built-in (internal) database Yes Yes Yes RADIUS accounting Yes Yes Yes Web-based authentication Yes Yes Yes Public Key Infrastructure (PKI) Support PKI certificate requests (PKCS 7, PKCS 10, and CMPv2) Yes Yes Yes Automated certificate enrollment (SCEP) Yes Yes Yes Certificate authorities supported Yes Yes Yes Self-signed certificates Yes Yes Yes Virtualization Maximum custom routing instances with data plane separation 2000 2000 2000 Maximum security zones 2000 2000 2000 Maximum virtual firewalls with data plane and administrative separation (logical/tenant systems) 500 500 500 Additional off-platform virtual firewall option with Juniper Networks vSRX Virtual Firewall (VM based) Unlimited Unlimited Unlimited Maximum number of VLANs 4096 4096 4096 Routing BGP instances 1000 1000 1000 BGP peers 2000 2000 2000 BGP routes 1 Million 1 Million 1 Million OSPF instances 400 400 400 OSPF routes 1 Million 1 Million 1 Million RIP v1/v2 instances 50 50 50 RIP v2 table size 30,000 30,000 30,000 Dynamic routing Yes Yes Yes Static routes Yes Yes Yes Source-based routing Yes Yes Yes Policy-based routing Yes Yes Yes Equal cost multipath (ECMP) Yes Yes Yes Reverse path forwarding (RPF) Yes Yes Yes Multicast Yes Yes Yes IPv6 Firewall/stateless filters Yes Yes Yes Dual-stack IPv4/IPv6 firewall Yes Yes Yes RIPng Yes Yes Yes BFD, BGP Yes Yes Yes ICMPv6 Yes Yes Yes OSPFv3 Yes Yes Yes Class of service (CoS) Yes Yes Yes Mode of Operation Layer 2 (transparent) mode Yes Yes Yes Layer 3 (route and/or NAT) mode Yes Yes Yes IP Address Assignment Static Yes Yes Yes Dynamic Host Configuration Protocol (DHCP) Yes Yes Yes Internal DHCP server Yes Yes Yes DHCP relay Yes Yes Yes Traffic Management Quality of Service (QoS) Maximum bandwidth Yes Yes Yes RFC2474 IP Diffserv in IPv4 Yes Yes Yes Firewall filters for CoS Yes Yes Yes Classification Yes Yes Yes Scheduling Yes Yes Yes Shaping Yes Yes Yes Intelligent Drop Mechanisms (WRED) Yes Yes Yes Three-level scheduling Yes Yes Yes Weighted round robin for each level of scheduling Yes Yes Yes Priority of routing protocols Yes Yes Yes Traffic management/policing in hardware Yes Yes Yes High Availability (HA) Active/passive, active/active Yes Yes Yes Unified in-service software upgrade (unified ISSU) Yes Yes Yes Configuration synchronization Yes Yes Yes Session synchronization for firewall and IPsec VPN Yes Yes Yes Session failover for routing change Yes Yes Yes Device failure detection Yes Yes Yes Link and upstream failure detection Yes Yes Yes Dual control links Yes Yes Yes Interface link aggregation/Link Aggregation Control Protocol (LACP) Yes Yes Yes Redundant fabric links Yes Yes Yes Management WebUI (HTTP and HTTPS) Yes Yes Yes Command line interface (console, telnet, SSH) Yes Yes Yes Junos Space Security Director Yes Yes Yes Administration Local administrator database support Yes Yes Yes External administrator database support Yes Yes Yes Restricted administrative networks Yes Yes Yes Root admin, admin, and read-only user levels Yes Yes Yes Software upgrades Yes Yes Yes Configuration rollback Yes Yes Yes Logging/Monitoring Structured syslog Yes Yes Yes SNMP (v2 and v3) Yes Yes Yes Traceroute Yes Yes Yes Certifications Safety certifications Yes Yes Yes Electromagnetic Compatibility (EMC) certifications Yes Yes Yes RoHS2 Compliant (European Directive 2011/65/EU) Yes Yes Yes NIST FIPS-140-2 Level 2 Yes Yes Yes Common Criteria NDPP+TFFW EP + VPN EP Yes Yes Yes USGv6 Yes Yes Yes Dimensions and Power Dimensions (W x H x D) 17.45 x 8.7 x 24.5 in (44.3 x 22.1 x 62.2 cm) 17.5 x 14 x 23.8 in (44.5 x 35.6 x 60.5 cm) 17.5 x 27.8 x 23.5 in (44.5 x 70.5 x 59.7 cm) Weight Fully configured 128 lb (58.1 kg) Fully Configured: 180 lb (81.7 kg) Fully Configured: 334 lb (151.6 kg) Power supply (AC) 100 to 240 VAC 100 to 240 VAC 200 to 240 VAC Power supply (DC) -40 to -60 VDC -40 to -60 VDC -40 to -60 VDC Maximum power 4,100 watts (AC high capacity) 4,100 watts (AC high capacity) 8,200 watts (AC high capacity) Typical Power 1540 watts 2440 watts 5015 watts Environmental Operating temperature – long term 41° to 104° F (5° to 40° C) 41° to 104° F (5° to 40° C) 41° to 104° F (5° to 40° C Humidity – long term 5% to 85% noncondensing 5% to 85% noncondensing 5% to 85% noncondensing Humidity – short term 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 1 Performance, capacity and features listed are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments. 2Next-Generation Datacenter firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions. 3Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions. -
Product Overview
The SRX Series are next-generation firewalls based on a revolutionary architecture offering outstanding performance, scalability, availability, and security services integration. Custom designed for flexible processing scalability, I/O scalability, and services integration, the SRX Series Firewalls exceed the security requirements of data center consolidation and services aggregation. The award-winning SRX Series is powered by Junos OS, the same industry-leading operating system that keeps the world’s largest data center networks available, manageable, and secure.Product Description
The Juniper Networks® SRX5400, SRX5600, and SRX5800 are next-generation firewalls (NGFWs) that deliver outstanding protection, market-leading performance, six nines reliability and availability, scalability, and services integration. These devices are ideally suited for service provider, large enterprise, and public sector networks, including:- Cloud and hosting provider data centers
- Mobile operator environments
- Managed service providers
- Core service provider infrastructures
- Large enterprise data centers
Based on Juniper’s Dynamic Services Architecture, the SRX5000 line provides unrivaled scalability and performance. Each firewall can support near near linear scalability with the addition of Services Processing Cards (SPCs) and I/O cards (IOCs), enabling a fully equipped SRX5800 to support up to 3.36 Tbps firewall throughput. The SPCs are designed to support a wide range of services, enabling future support of new capabilities without the need for service-specific hardware. Using SPCs on all services ensures that there are no idle resources based on specific services being used—maximizing hardware utilization. The scalability and flexibility of the SRX5000 line is supported by equally robust interfaces. The SRX5000 line employs a modular approach, where each platform can be equipped with a flexible number of IOCs that offer a wide range of connectivity options, including 1GbE, 10GbE, 40GbE, and 100GbE interfaces. With the IOCs sharing the same interface slot as the SPCs, the firewall can be configured as needed to support the ideal balance of processing and I/O. Hence, each deployment of the SRX Series can be tailored to specific network requirements. The scalability of both SPCs and IOCs in the SRX5000 line is enabled by the custom-designed switch fabric. Supporting up to 960 Gbps of data transfer, the fabric enables the realization of maximum processing and I/O capability available in any particular configuration. This level of scalability and flexibility enables future expansion and growth of the network infrastructure, providing unrivaled investment protection. The tight service integration on the SRX Series is enabled by Juniper Networks Junos® operating system. The SRX Series is equipped with a robust set of services that include stateful firewall, intrusion prevention system (IPS), denial of service (DoS), application security, VPN (IPsec), Network Address Translation (NAT), Content Security, quality of service (QoS), and large-scale multitenancy. In addition to the benefit of individual services, the SRX5000 line provides a low latency solution. Junos OS also delivers carrier-class reliability with six nines system availability, the first in the industry to achieve independent verification by Telcordia. Furthermore, the SRX Series enjoys the benefit of a single source OS, and single integrated architecture traditionally available on Juniper’s carrier-class routers and switches.SRX5800
The SRX5800 Firewall is the market-leading security solution supporting up to 3.36 Tbps firewall throughput and latency as low as 32 microseconds for the stateful firewall. The SRX5800 also supports 638 Gbps IPS and 338 million concurrent sessions. The SRX5800 is equipped with the full range of advanced security services and is ideally suited for securing large enterprise, hosted, or colocated data centers, service provider core and cloud provider infrastructures, and mobile operator environments. The massive performance, scalability, and flexibility of the SRX5800 make it ideal for densely consolidated processing environments, and the service density makes it ideal for cloud and managed service providers.SRX5600
The SRX5600 Firewall uses the same SPCs and IOCs as the SRX5800 and can support up to 1.44 Tbps firewall throughput, 182 million concurrent sessions, and 245 Gbps IPS. The SRX5600 is ideally suited for securing enterprise data centers as well as aggregating various security solutions. The capability to support unique security policies per zone and its ability to scale with the growth of the network infrastructure make the SRX5600 an ideal deployment for consolidation of services in large enterprise, service provider, or mobile operator environments.SRX5400
The SRX5600 Firewall uses the same SPCs and IOCs as the SRX5800 and can support up to 960 Gbps firewall throughput, 90 million concurrent sessions, and 172 Gbps IPS. The SRX5400 is a small footprint, high-performance firewall ideally suited for securing large enterprise campuses as well as data centers, either for edge or core security deployments. The ability to support unique security policies per zone and a compelling price/performance/footprint ratio make the SRX5400 an optimal solution for edge or data center services in large enterprise, service provider, or mobile operator environments.Service Processing Cards (SPCs)
As the “brains” behind the SRX5000 line, SPCs are designed to process all available services on the platform. Without the need for dedicated hardware for specific services or capabilities, there are no instances in which a piece of hardware is taxed to the limit while other hardware is sitting idle. SPCs are designed to be pooled together, allowing the SRX5000 line to expand performance and capacities with the introduction of additional SPCs, significantly reducing management overhead and complexity. The high-performance SPC3 cards are supported on the SRX5400, SRX5600, and SRX5800 Firewalls.I/O Cards (IOCs)
To provide the most flexible solution, the SRX5000 line employs the same modular architecture for SPCs and IOCs. The SRX5000 line can be equipped with one or several IOCs, supporting the ideal mix of interfaces. With the flexibility to install an IOC or an SPC on any available slot, the SRX5000 line can be equipped to support the perfect blend of interfaces and processing capabilities, meeting the needs of the most demanding environments while ensuring investment protection. The third generation of IOCs from Juniper, the IOC3, delivers high throughput along with superior connectivity options including 100GbE, 40GbE, and high-density 10GbE interfaces. The IOC3 cards are supported on the SRX5400, SRX5600, and SRX5800. The fourth generation of IOCs delivers the highest throughput of all available linecards of up to 480 Gbps and offers multiple connectivity options from 10GbE and 40GbE to 100GbE. IOC4 can deliver up to 480 Gbps of hardware-accelerated throughput per linecard.Routing Engine (RE3) and Enhanced System Control Board (SCB4)
The SRX5K-RE3-128G Routing Engine (RE3) is the latest in the family of REs for the SRX5000 line with a multicore processor running at 2000 MHz. It delivers improved performance, scalability, and reliability with 128 GB DRAM and includes a TPM module. The SRX5K-SCB4 enables 480 Gbps throughput per SCB and can be configured with intra- and interchassis redundancy.Features and Benefits
Networking and Security
The Juniper Networks SRX5000 line of Firewalls has been designed from the ground up to offer robust networking and security services.Feature Feature Description Benefits Purpose-built platform Built from the ground up on dedicated hardware designed for networking and security services. Delivers unrivaled performance and flexibility to protect high-speed network environments. Scalable performance Offers scalable processing based on Juniper’s Dynamic Services Architecture. Offers a simple and cost-effective solution to leverage new services with appropriate processing. System and network resiliency Provides carrier-class hardware design and proven OS. Offers the reliability needed for any critical high-speed network deployments without service interruption. Utilizes a unique architectural design based on multiple processing cores and a separation of the data and control planes. High availability (HA) Active/passive and active/active HA configurations use dedicated HA interfaces. Achieves availability and resiliency necessary for critical networks. Interface flexibility Offers flexible I/O options with modular cards based on the Dynamic Services Architecture. Offers flexible I/O configuration and independent I/O scalability (options include 1GbE, 10GbE, 40GbE, and 100GbE) to meet the port density requirements of demanding network environments. Network segmentation Security zones, virtual LANs (VLANs), and virtual routers allow administrators to deploy security policies to isolate subnetworks and use overlapping IP address ranges. Features the capability to tailor unique security and networking policies for various internal, external, and demilitarized zone (DMZ) subgroups. Robust Routing Engine Dedicated RE provides physical and logical separation to data and control planes. Enables deployment of consolidated routing and security devices, as well as ensuring the security of routing infrastructure—all via a dedicated management environment. Advanced threat protection IPS, antivirus, antispam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, Threat Intelligence Feeds, and Juniper ATP Appliance. - Provides real-time updates to IPS signatures and protects against exploits
- Implements industry-leading antivirus and URL filtering
- Delivers open threat intelligence platform that integrates with third-party feeds
- Protects against zero-day attacks
- Stops rogue and compromised devices to disseminate malware
- Restores visibility that was lost due to encryption, without the heavy burden of full TLS/SSL decryption
AppTrack Detailed analysis on application volume/usage throughout the network based on bytes, packets, and sessions. Provides the ability to track application usage to help identify high-risk applications and analyze traffic patterns for improved network management and control. AppFirewall Fine-grained application control policies to allow or deny traffic based on dynamic application name or group names. Enhances security policy creation and enforcement based on applications and user roles rather than traditional port and protocol analysis. AppQoS Leverage Juniper’s rich QoS capabilities to prioritize applications based on customers’ business and bandwidth needs. Provides the ability to prioritize traffic as well as limit and shape bandwidth based on application information and contexts for improved application and overall network performance. Application signatures Open signature library for identifying applications and nested applications with more than 3000 application signatures. Accurately identifies applications so that the resulting information can be used for visibility, enforcement, control, and protection. SSL proxy (forward and reverse) Performs SSL encryption and decryption between the client and the server. Combines with application identification to provide visibility and protection against threats embedded in SSL encrypted traffic. Stateful GTP and SCTP inspection Support for General Packet Radio Service Tunneling Protocol (GTP) and Stream Control Transmission Protocol (SCTP) firewall in mobile operator networks. Enables the SRX5000 line to provide stateful firewall capabilities for protecting key GPRS nodes within mobile operator networks. IOC3 The third-generation I/O card offers very high levels of firewall throughput and low latency. The card includes two board choices: six 40GbE interfaces and 24 10GbE interfaces, or two 100GbE interfaces and four 10GbE interfaces. The IOC3 pairs well with existing SPC2/SPC3 for maximum firewall performance in any of the SRX5000 line of Firewalls. Provides vastly superior, top-of-the-line connectivity efficiency and record-breaking high throughput I/O interfaces. Reduces the need for link aggregation to the firewall and enables very high firewall throughput of up to 2 Tbps with Express Path enabled. IOC4 The fourth-generation I/O card is being offered in two flavors. The first delivers 40x10GbE interfaces while the second, depending on the chosen optics, delivers 48x10GbE, 12x40GbE, or 4x100GbE interfaces. Provides the fastest throughput per slot and, in combination with Express Path, can deliver up to 480 Gbps of throughput per I/O card. SPC3 card Enables performance and scale with backwards compatibility to the SPC2 service cards. These cards support in-service software and in-service hardware upgrades. Delivers always-on security resiliency to meet your growing network performance needs. AutoVPN One-time hub configuration for site-to-site VPN for all spokes, even newly added ones. Configuration options include: routing, interfaces, Internet Key Exchange (IKE), and IPsec. Enables IT administrative time and cost savings with easy, zero-touch deployment for IPsec VPN networks. Remote access/SSL VPN Secure and flexible remote access SSL VPN with Juniper Secure Connect. Extends secure access to corporate resources from anywhere. Multitenancy Offers logical, large-scale segmentation and separation of security functions and features. Enables separate, logical instances to be deployed with dedicated security policies, zones, and other features and functions. Removes the need to deploy several physical or virtual firewalls. IPS Capabilities
Juniper Networks IPS capabilities offer several unique features that assure the highest level of network security.Feature Feature Description Benefits Stateful signature inspection Signatures are applied only to relevant portions of the network traffic determined by the appropriate protocol context. This minimizes false positives and offers flexible signature development. Protocol decodes This feature enables highly accurate detection and helps reduce false positives. Accuracy of signatures is improved through precise contexts of protocols. Signatures There are more than 8500 signatures for identifying anomalies, attacks, spyware, and applications. Attacks are accurately identified and attempts to exploit a known vulnerability are detected. Traffic normalization Reassembly, normalization, and protocol decoding are provided. Overcome attempts to bypass other IPS detections by using obfuscation methods. Zero-day protection Protocol anomaly detection and same-day coverage for newly found vulnerabilities are provided. Your network is already protected against any new exploits. Recommended policy Group of attack signatures are identified by Juniper Networks Security Team as critical for the typical enterprise to protect against. Installation and maintenance are simplified while ensuring the highest network security. Active/active traffic monitoring IPS monitoring on active/active SRX5000 line chassis clusters is provided. Includes support for active/active IPS monitoring, including advanced features such as in-service software upgrade. Packet capture IPS policy supports packet capture logging per rule. Conduct further analysis of surrounding traffic and determine further steps to protect target. Content Security Capabilities
The Content Security services offered on the SRX5000 line of Firewalls include industry-leading antivirus, antispam, content filtering, and additional content security services.Feature Feature Description Benefits Antivirus Antivirus includes reputation enhanced, cloud-based antivirus capabilities that detect and block spyware, adware, viruses, keyloggers, and other malware over POP3 HTTP, SMTP, IMAP, and FTP protocols. This service is provided in cooperation with Sophos Labs, a dedicated security company. Sophisticated protection from respected antivirus experts against malware attacks that can lead to data breaches and lost productivity. Antispam Multilayered spam protection, up-to-date phishing URL detection, standards-based S/MIME, Open PGP and TLS encryption, MIME type, and extension blockers are provided in cooperation with Sophos Labs, a dedicated security company. Protection against advanced persistent threats perpetrated through social networking attacks and the latest phishing scams with sophisticated e-mail filtering and content blockers. Enhanced Web filtering Enhanced Web filtering includes extensive category granulation (95+ categories) and a real-time threat score delivered with Forcepoint, an expert Web security provider. Protection against lost productivity and the impact of malicious URLs as well as helping to maintain network bandwidth for business essential traffic. Content filtering Effective content filtering is based on MIME type, file extension, and protocol commands. Protection against lost productivity and the impact of extraneous or malicious content on the network to help maintain bandwidth for business essential traffic. Advanced Threat Prevention
Advanced threat prevention (ATP) solutions that defend against sophisticated malware, persistent threats, and ransomware are available for the SRX5000 line. Two versions are available: Juniper ATP Cloud, a SaaS-based service, and the Juniper ATP Appliance, an on-premises solution.Feature Feature Description Benefits Advanced malware detection and remediation Malware analysis and sandboxing are based on machine learning and behavioral analysis. Protects enterprise users from a spectrum of malicious attacks, including advanced malware that exploits “zero-day” vulnerabilities. Comprehensive threat feeds (C2, GeoIP, custom) Curated, actionable threat intelligence feeds are delivered in near real time to SRX Series devices. Proactively blocks malware communication channels and protects from botnets, phishing, and other attacks. Encrypted Traffic Insights SRX Series firewalls collect relevant TLS/SSL connection data, including certificates used, cipher suites negotiated, and connection behavior. This information is processed by Juniper ATP Cloud, which uses network behavioral analysis and machine learning to determine whether the connection is benign or malicious. Policies configured on SRX Series firewalls can be used to block encrypted traffic identified as malicious. Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption. HTTP, HTTPs, e-mail Web- and e-mail-based threats are analyzed, including encrypted sessions. Protects users from all major threat vectors, including e-mail. Provides flexible message handling options for e-mail. The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and Google Mail, and detects threats in SMB traffic. Integration with Security Director and JSA Juniper Networks Secure Analytics portfolio (JSA Series) security information and event management (SIEM) can consume and correlate threat events. Juniper ATP Cloud is also fully integrated with Security Director for provisioning and monitoring. The Juniper ATP Appliance includes a built-in management console and is not integrated with Security Director. Single pane-of-glass management with Security Director and JSA Series integration delivers a simplified policy application and monitoring experience. More information about Juniper Advanced Threat Prevention products can be found at https://www.juniper.net/us/en/products/security/advanced-threat-prevention.html.Centralized Management
Juniper Networks® Security Director is the central manager for all SRX Series Firewalls. It provides security policy management for all physical, logical, and virtual firewalls through an innovative, intuitive, and centralized web-based interface that offers enforcement across emerging and traditional threat vectors. It provides detailed visibility into application performance, reduces risk while enabling users to diagnose, and it resolves problems quickly. More information about Juniper Networks Security Director can be found at https://www.juniper.net/us/en/products/security/security-director-network-security-management.html.Specifications
Note: Performance, capacity, and features are measured under ideal lab testing conditions. Actual results may vary based on Junos OS release and by deployment.SRX5400 SRX5600 SRX5800 Maximum Performance and Capacity1 Junos OS version tested Junos OS 21.2 Junos OS 21.2 Junos OS 21.2 Firewall Performance, IMIX 960 Gbps 1.44 Tbps 3.36 Tbps Maximum performance per chassis 960 Gbps 1440 Tbps 3.36 Tbps Next-Generation Datacenter Firewall Performance2 136 Gbps 194 Gbps 504 Gbps Secure Web Access Firewall Performance3 75 Gbps 107 Gbps 277 Gbps Latency (stateful firewall) ~11µsec ~11µsec ~11µsec IPsec VPN AES-256-GCM (IMIX) 188 Gbps 269 Gbps 699 Gbps Maximum IPS performance 172 Gbps 245 Gbps 638 Gbps Maximum concurrent sessions 91 Million 182 Million 338 Million New sessions/second (sustained, tcp, 3way, firewall NAT) 1.7/1 million 3.4/2 Million 6.3/4 Million Maximum users supported Unrestricted Unrestricted Unrestricted Network Connectivity IOC4 options (SRX5K-IOC4-MRAT; SRX5K-IOC4-10G) 40x10GbE SFP+ or 12xQSFP+/QSFP28 multirate IOC3 options (SRX5K-MPC3-100G10G; SRX5K-MPC3-40G10G) 2x100GbE CFP2 and 4x10GbE SFP+ or 6x40GbE QSFP+ and 24x10GbE SFP+ Firewall Network attack detection Yes Yes Yes DoS and distributed denial of service (DDoS) protection Yes Yes Yes TCP reassembly for fragmented packet protection Yes Yes Yes Brute force attack mitigation Yes Yes Yes SYN cookie protection Yes Yes Yes Zone-based IP spoofing Yes Yes Yes Malformed packet protection Yes Yes Yes IPsec VPN Site-to-site tunnels 15,000 15,000 15,000 Tunnel interfaces 15,000 15,000 15,000 Number of remote access / SSL VPN (concurrent) users 25,000 40,000 50,000 Tunnels Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4 / IPv6 / Dual Stack) Internet Key Exchange IKEv1, IKEv2 Configuration Payload Yes Yes Yes IKE Authentication Algorithms MD5, SHA1, SHA-256, SHA-384, SHA-512 IKE Encryption Algorithms Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB Authentication Pre-shared key and public key infrastructure (PKI X.509) IPsec (Internet Protocol Security) Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol Perfect forward secrecy Yes IPsec Authentication Algorithms hmac-md5, hmac-sha-196, hmac-sha-256, hmac-sha-384, hmac-sha-512 IPsec Encryption Algorithms Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB Monitoring Standard-based Dead peer detection (DPD), VPN monitoring Prevent replay attack Yes Yes Yes VPNs (GRE, IP-in-IP, MPLS) Yes Yes Yes Redundant VPN gateways Yes Yes Yes Intrusion Prevention System (IPS) Signature-based and customizable (via templates) Yes Yes Yes Active/active traffic monitoring Yes Yes Yes Stateful protocol signatures Yes Yes Yes Attack detection mechanisms Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Attack response mechanisms Drop connection, close connection, session packet log, session summary, e-mail Drop connection, close connection, session packet log, session summary, e-mail Drop connection, close connection, session packet log, session summary, e-mail Attack notification mechanisms Structured system logging Structured system logging Structured system logging Worm protection Yes Yes Yes Simplified installation through recommended policies Yes Yes Yes Trojan protection Yes Yes Yes Spyware/adware/keylogger protection Yes Yes Yes Advanced malware protection Yes Yes Yes Protection against attack proliferation from infected systems Yes Yes Yes Reconnaissance protection Yes Yes Yes Request and response side attack protection Yes Yes Yes Compound attacks—combines stateful signatures and protocol anomalies Yes Yes Yes Custom attack signatures creation Yes Yes Yes Contexts accessible for customization 600+ 600+ 600+ Attack editing (port range, other) Yes Yes Yes Stream signatures Yes Yes Yes Protocol thresholds Yes Yes Yes Stateful protocol signatures Yes Yes Yes Frequency of updates Daily and emergency Daily and emergency Daily and emergency Content Security Antivirus Yes Yes Yes Content filtering Yes Yes Yes Enhanced Web filtering Yes Yes Yes Redirect Web filtering Yes Yes Yes Antispam Yes Yes Yes AppSecure AppTrack (application visibility and tracking) Yes Yes Yes AppFirewall (policy enforcement by application name) Yes Yes Yes AppQoS (network traffic prioritization by application name) Yes Yes Yes User-based application policy enforcement Yes Yes Yes GPRS Security GPRS stateful firewall Yes Yes Yes Destination Network Address Translation Destination NAT with Port Address Translation (PAT) Yes Yes Yes Destination NAT within same subnet as ingress interface IP Yes Yes Yes Destination addresses and port numbers to one single address and a specific port number (M:1P) Yes Yes Yes Destination addresses to one single address (M:1) Yes Yes Yes Destination addresses to another range of addresses (M:M) Yes Yes Yes Source Network Address Translation Static Source NAT—IP-shifting Dynamic Internet Protocol (DIP) Yes Yes Yes Source NAT with PAT—port translated Yes Yes Yes Source NAT without PAT—fix port Yes Yes Yes Source NAT—IP address persistency Yes Yes Yes Source pool grouping Yes Yes Yes Source pool utilization alarm Yes Yes Yes Source IP outside of the interface subnet Yes Yes Yes Interface source NAT—interface DIP Yes Yes Yes Oversubscribed NAT pool with fallback to PAT when the address pool is exhausted Yes Yes Yes Symmetric NAT Yes Yes Yes Allocate multiple ranges in NAT pool Yes Yes Yes Proxy Address Resolution Protocol (ARP) for physical port Yes Yes Yes Source NAT with loopback grouping—DIP with loopback grouping Yes Yes Yes User Authentication and Access Control Built-in (internal) database Yes Yes Yes RADIUS accounting Yes Yes Yes Web-based authentication Yes Yes Yes Public Key Infrastructure (PKI) Support PKI certificate requests (PKCS 7, PKCS 10, and CMPv2) Yes Yes Yes Automated certificate enrollment (SCEP) Yes Yes Yes Certificate authorities supported Yes Yes Yes Self-signed certificates Yes Yes Yes Virtualization Maximum custom routing instances with data plane separation 2000 2000 2000 Maximum security zones 2000 2000 2000 Maximum virtual firewalls with data plane and administrative separation (logical/tenant systems) 500 500 500 Additional off-platform virtual firewall option with Juniper Networks vSRX Virtual Firewall (VM based) Unlimited Unlimited Unlimited Maximum number of VLANs 4096 4096 4096 Routing BGP instances 1000 1000 1000 BGP peers 2000 2000 2000 BGP routes 1 Million 1 Million 1 Million OSPF instances 400 400 400 OSPF routes 1 Million 1 Million 1 Million RIP v1/v2 instances 50 50 50 RIP v2 table size 30,000 30,000 30,000 Dynamic routing Yes Yes Yes Static routes Yes Yes Yes Source-based routing Yes Yes Yes Policy-based routing Yes Yes Yes Equal cost multipath (ECMP) Yes Yes Yes Reverse path forwarding (RPF) Yes Yes Yes Multicast Yes Yes Yes IPv6 Firewall/stateless filters Yes Yes Yes Dual-stack IPv4/IPv6 firewall Yes Yes Yes RIPng Yes Yes Yes BFD, BGP Yes Yes Yes ICMPv6 Yes Yes Yes OSPFv3 Yes Yes Yes Class of service (CoS) Yes Yes Yes Mode of Operation Layer 2 (transparent) mode Yes Yes Yes Layer 3 (route and/or NAT) mode Yes Yes Yes IP Address Assignment Static Yes Yes Yes Dynamic Host Configuration Protocol (DHCP) Yes Yes Yes Internal DHCP server Yes Yes Yes DHCP relay Yes Yes Yes Traffic Management Quality of Service (QoS) Maximum bandwidth Yes Yes Yes RFC2474 IP Diffserv in IPv4 Yes Yes Yes Firewall filters for CoS Yes Yes Yes Classification Yes Yes Yes Scheduling Yes Yes Yes Shaping Yes Yes Yes Intelligent Drop Mechanisms (WRED) Yes Yes Yes Three-level scheduling Yes Yes Yes Weighted round robin for each level of scheduling Yes Yes Yes Priority of routing protocols Yes Yes Yes Traffic management/policing in hardware Yes Yes Yes High Availability (HA) Active/passive, active/active Yes Yes Yes Unified in-service software upgrade (unified ISSU) Yes Yes Yes Configuration synchronization Yes Yes Yes Session synchronization for firewall and IPsec VPN Yes Yes Yes Session failover for routing change Yes Yes Yes Device failure detection Yes Yes Yes Link and upstream failure detection Yes Yes Yes Dual control links Yes Yes Yes Interface link aggregation/Link Aggregation Control Protocol (LACP) Yes Yes Yes Redundant fabric links Yes Yes Yes Management WebUI (HTTP and HTTPS) Yes Yes Yes Command line interface (console, telnet, SSH) Yes Yes Yes Junos Space Security Director Yes Yes Yes Administration Local administrator database support Yes Yes Yes External administrator database support Yes Yes Yes Restricted administrative networks Yes Yes Yes Root admin, admin, and read-only user levels Yes Yes Yes Software upgrades Yes Yes Yes Configuration rollback Yes Yes Yes Logging/Monitoring Structured syslog Yes Yes Yes SNMP (v2 and v3) Yes Yes Yes Traceroute Yes Yes Yes Certifications Safety certifications Yes Yes Yes Electromagnetic Compatibility (EMC) certifications Yes Yes Yes RoHS2 Compliant (European Directive 2011/65/EU) Yes Yes Yes NIST FIPS-140-2 Level 2 Yes Yes Yes Common Criteria NDPP+TFFW EP + VPN EP Yes Yes Yes USGv6 Yes Yes Yes Dimensions and Power Dimensions (W x H x D) 17.45 x 8.7 x 24.5 in (44.3 x 22.1 x 62.2 cm) 17.5 x 14 x 23.8 in (44.5 x 35.6 x 60.5 cm) 17.5 x 27.8 x 23.5 in (44.5 x 70.5 x 59.7 cm) Weight Fully configured 128 lb (58.1 kg) Fully Configured: 180 lb (81.7 kg) Fully Configured: 334 lb (151.6 kg) Power supply (AC) 100 to 240 VAC 100 to 240 VAC 200 to 240 VAC Power supply (DC) -40 to -60 VDC -40 to -60 VDC -40 to -60 VDC Maximum power 4,100 watts (AC high capacity) 4,100 watts (AC high capacity) 8,200 watts (AC high capacity) Typical Power 1540 watts 2440 watts 5015 watts Environmental Operating temperature – long term 41° to 104° F (5° to 40° C) 41° to 104° F (5° to 40° C) 41° to 104° F (5° to 40° C Humidity – long term 5% to 85% noncondensing 5% to 85% noncondensing 5% to 85% noncondensing Humidity – short term 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 1 Performance, capacity and features listed are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments. 2Next-Generation Datacenter firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions. 3Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions. -
Product Overview
The SRX300 line of firewalls combines security, SD-WAN, routing, switching, and WAN interfaces with next-generation firewall and advanced threat mitigation capabilities for cost-effective, secure connectivity across distributed enterprise locations. By consolidating fast, highly available switching, routing, security, and next-generation firewall capabilities in a single device, enterprises can remove network complexity, protect and prioritize their resources, and improve user and application experience while lowering total cost of ownership (TCO).
Product Description
Juniper Networks® SRX300 line of firewalls delivers a next-generation secure SD-WAN and security solution that supports the changing needs of cloud-enabled enterprise networks. Whether rolling out new services and applications across locations, connecting to the cloud, or trying to achieve operational efficiency, the SRX300 line helps organizations realize their business objectives while providing scalable, easy to manage, secure connectivity and advanced threat mitigation capabilities. Next-generation firewall and unified threat management (UTM) capabilities also make it easier to detect and proactively mitigate threats to improve the user and application experience. The SRX300 line consists of five models:- SRX300: Securing small branch or retail offices, the SRX300 Firewall consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX300 supports up to 1.9 Gbps firewall and 336 Mbps IPsec VPN in a single, cost-effective networking and security platform.
- SRX320: Securely connecting small distributed enterprise branch offices, the SRX320 Firewall consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX320 supports up to 1.9 Gbps firewall and 336 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
- SRX340: Securely connecting midsize distributed enterprise branch offices, the SRX340 Firewall consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX340 supports up to 4.7 Gbps firewall and 733 Mbps IPsec VPN in a single, cost-effective networking and security platform.
- SRX345: Best suited for midsize to large distributed enterprise branch offices, the SRX345 Firewall consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX345 supports up to 5 Gbps firewall and 977 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
- SRX380: A high-performance and secure SD-WAN gateway, the SRX380 offers superior and reliable WAN connectivity while consolidating security, routing, and switching for distributed enterprise offices. The SRX380 features greater port density than other SRX300 models, with 16x1GbE PoE+ and 4x10GbE ports, and includes redundant dual power supplies, all in a 1 U form factor. The SRX380 supports up to 20Gbps firewall and 4.4 Gbps IPSec VPN in a single, consolidated, cost-effective networking and security platform.
SRX300 Highlights
The SRX300 line of firewalls consists of secure SD-WAN routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of remote sites. WAN or Internet connectivity and Wi-Fi module options include:- Ethernet, T1/E1, ADSL2/2+, and VDSL
- 3G/4G LTE wireless
- 802.11ac Wave 2 Wi-Fi
Mist AI
WAN Assurance
Mist WAN Assurance is a cloud service that brings AI-powered automation and service levels to Juniper SRX Series Firewalls, complementing the Juniper Secure SD-WAN solution. Mist WAN Assurance transforms IT operations from reactive troubleshooting to proactive remediation, turning insights into actions and delivering operational simplicity with seamless integration into existing deployments.- SRX Series firewalls, deployed as secure SD-WAN edge devices, deliver the rich Junos streaming telemetry that provides the insights needed for WAN health metrics and anomaly detection. This data is leveraged within the Mist Cloud and AI engine, driving simpler operations, reducing mean time to repair (MTTR) and providing greater visibility into end-user experiences.
- Insights derived from SRX Series SD-WAN gateway telemetry data allows WAN Assurance to compute unique “User Minutes” that indicate whether users are having a good experience.
- The Marvis assistant for WAN allows you to ask direct questions like “Why is my Zoom call bad?” and provides complete insights, correlation, and actions.
- Marvis Actions identifies and summarizes issues such as application latency conditions, congested WAN circuits, or negotiation mismatches.
Simplifying Branch Deployments (Secure Connectivity/SD-WAN)
The SRX300 line delivers fully automated SD-WAN to both enterprises and service providers.- A Zero-Touch Provisioning (ZTP) feature simplifies branch network connectivity for initial deployment and ongoing management.
- SRX300 firewalls offer best-in-class secure connectivity.
- The SRX300 firewalls efficiently utilize multiple links and load balance traffic across the enterprise WAN, blending traditional MPLS with other connectivity options such as broadband internet, leased lines, 4G/LTE, and more.
- Policy- and application-based forwarding capabilities enforce business rules created by the enterprise to steer application traffic towards a preferred path.
Comprehensive Security Suite
The SRX300 line offers a comprehensive suite of application security services, threat defenses, and intelligence services. The services consist of intrusion prevention system (IPS), application security user role-based firewall controls and cloud-based antivirus, anti-spam, and enhanced Web filtering, protecting networks from the latest content-borne threats. Integrated threat intelligence via Juniper Networks SecIntel offers adaptive threat protection against Command and Control (C&C)-related botnets and policy enforcement based on GeoIP. Customers can also leverage their own custom and third-party feeds for protection from advanced malware and other threats. Integrating the Juniper Networks Advanced Threat Protection solution, the SRX300 line detects and enforces automated protection against known malware and zero-day threats with a very high degree of accuracy.Industry-Certified Junos Operating System
SRX300 Firewalls run the Junos operating system, a proven, carrier-hardened OS that powers the top 100 service provider networks in the world. The rigorously tested, carrier-class, rich routing features such as IPv4/IPv6, OSPF, BGP, and multicast have been proven over 15 years of worldwide deployments. The SRX300 line also enables agile SecOps through automation capabilities that support Zero Touch Deployment, Python scripts for orchestration, and event scripting for operational management.Features and Benefits
Business Requirement Feature/Solution SRX300 Advantages High performance Up to 20 Gbps of routing and firewall performance - Best suited for small, medium and large branch office deployments
- Addresses future needs for scale and feature capacity
Business continuity Stateful high availability (HA), IP monitoring - Uses stateful HA to synchronize configuration and firewall sessions
- Supports multiple WAN interface with dial-on-demand backup
- Route/link failover based on real-time link performance
SD-WAN Better end-user application and cloud experience and lower operational costs - ZTP simplifies remote device provisioning
- Advanced Policy-Based Routing (APBR) orchestrates business intent policies across the enterprise WAN
- Application quality of experience (AppQoE) measures application SLAs and improves end-user experience
- Controls and prioritizes traffic based on application and user role
End-user experience WAN assurance - Complements the Juniper Secure SD-WAN solution with AI-powered automation and service levels
- Provides visibility and insights into users, applications, WAN links, control and data plane, and CPU for proactive remediation
Highly secure IPsec VPN, Remote Access/SSL VPN, Media Access Control Security (MACsec) - Creates secure, reliable, and fast overlay link over public internet
- Employs anti-counterfeit features to protect from unauthorized hardware spares
- Includes high-performance CPU with built-in hardware to assist IPsec acceleration
- Provides TPM-based protection of device secrets such as passwords and certificates
- Offers secure and flexible remote access SSL VPN with Juniper Secure Connect
Threat protection IPS, antivirus, anti-spam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, and Threat Intelligence Feeds - Provides real-time updates to IPS signatures and protects against exploits
- Protects from zero-day attacks
- Implements industry-leading antivirus and URL filtering
- Integrates open threat intelligence platform with third-party feeds
- Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption
Application visibility On-box GUI, Security Director - Detects 4,275 Layer 3-7 applications, including Web 2.0
- Inspects and detects applications inside the SSL encrypted traffic
Easy to manage and scale On-box GUI, Security Director - Includes centralized management for auto-provisioning, firewall policy management, Network Address Translation (NAT), and IPsec VPN deployments, or simple, easy-to-use on-box GUI for local management
Minimize TCO Junos OS - Integrates routing, switching, and security in a single device
- Reduces operation expense with Junos automation capabilities
SRX300 Specifications
Software Specifications
Routing Protocols
- IPv4, IPv6, ISO, Connectionless Network Service (CLNS)
- Static routes
- RIP v1/v2
- OSPF/OSPF v3
- BGP with Route Reflector
- IS-IS
- Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF)
- Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE)
- Virtual routers
- Policy-based routing, source-based routing
- Equal-cost multipath (ECMP)
QoS Features
- Support for 802.1p, DiffServ code point (DSCP), EXP
- Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
- Marking, policing, and shaping
- Classification and scheduling
- Weighted random early detection (WRED)
- Guaranteed and maximum bandwidth
- Ingress traffic policing
- Virtual channels
- Hierarchical shaping and policing
Switching Features
- ASIC-based Layer 2 Forwarding
- MAC address learning
- VLAN addressing and integrated routing and bridging (IRB) support
- Link aggregation and LACP
- LLDP and LLDP-MED
- STP, RSTP, MSTP
- MVRP
- 802.1X authentication
Firewall Services
- Stateful and stateless firewall
- Zone-based firewall
- Screens and distributed denial of service (DDoS) protection
- Protection from protocol and traffic anomaly
- Integration with Pulse Unified Access Control (UAC)
- Integration with Aruba Clear Pass Policy Manager
- User role-based firewall
- SSL Inspection (Forward-proxy)
Network Address Translation (NAT)
- Source NAT with Port Address Translation (PAT)
- Bidirectional 1:1 static NAT
- Destination NAT with PAT
- Persistent NAT
- IPv6 address translation
VPN Features
- Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/ Dual Stack)
- Juniper Secure Connect: Remote access / SSL VPN
- Configuration payload: Yes
- IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
- IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
- Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
- IPsec (Internet Protocol Security): Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
- IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256
- IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
- Perfect forward secrecy, anti-reply
- Internet Key Exchange: IKEv1, IKEv2
- Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
- VPNs GRE, IP-in-IP, and MPLS
Network Services
- Dynamic Host Configuration Protocol (DHCP) client/server/relay
- Domain Name System (DNS) proxy, dynamic DNS (DDNS)
- Juniper real-time performance monitoring (RPM) and IP-monitoring
- Juniper flow monitoring (J-Flow)1
- Bidirectional Forwarding Detection (BFD)
- Two-Way Active Measurement Protocol (TWAMP)
- IEEE 802.3ah Link Fault Management (LFM)
- IEEE 802.1ag Connectivity Fault Management (CFM)
High Availability Features
- Virtual Router Redundancy Protocol (VRRP)
- Stateful high availability
- Dual box clustering
- Active/passive
- Active/active
- Configuration synchronization
- Firewall session synchronization
- Device/link detection
- In-Band Cluster Upgrade (ICU)
- Dial on-demand backup interfaces
- IP monitoring with route and interface failover
Management, Automation, Logging, and Reporting
- SSH, Telnet, SNMP
- Smart image download
- Juniper CLI and Web UI
- Mist AI
- Simplified management
- WAN Assurance
- Junos Space and Security Director
- Python
- Junos OS event, commit, and OP script
- Application and bandwidth usage reporting
- Auto installation
- Debug and troubleshooting tools
- Zero-Touch Provisioning with Contrail Service Orchestration
Advanced Routing Services
- Packet mode
- MPLS (RSVP, LDP)
- Circuit cross-connect (CCC), translational cross-connect (TCC)
- L2/L3 MPLS VPN, pseudowires
- Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
- MPLS traffic engineering and MPLS fast reroute
Application Security Services1
- Application visibility and control
- Application-based firewall
- Application QoS
- Application-based advanced policy-based routing
- Application quality of experience (AppQoE)
Enhanced SD-WAN Services
- Application-based advanced policy-based routing (APBR)
- Application-based link monitoring and switchover with Application quality of experience (AppQoE)
Threat Defense and Intelligence Services1
- Intrusion prevention
- Antivirus
- Antispam
- Category/reputation-based URL filtering
- Protection from botnets (command and control)
- Adaptive enforcement based on GeoIP
- Juniper Advanced Threat Prevention to detect and block zero-day attacks
- Adaptive Threat Profiling
- Encrypted Traffic Insights
- SecIntel to provide threat intelligence
Hardware Specifications
2SRX320 with PoE+ ports available as a separate SKU: SRX320-POE. 3SRX345 with dual AC PSU model. 4SRX320 non PoE model. 5SRX320-POE with 6 ports PoE+ model. 6SRX345 with DC power supply (operating temperature as per GR-63 Issue 4 2012 test criteria). 7As per GR63 Issue 4 (2012) test criteria. Specification SRX300 SRX320 SRX340 SRX345 SRX380 Connectivity Total onboard ports 8x1GbE 8x1GbE 16x1GbE 16x1GbE 20 (16x1GbE, 4x10GbE) Onboard RJ-45 ports 6x1GbE 6x1GbE 8x1GbE 8x1GbE 16x1GbE Onboard small form-factor pluggable (SFP) transceiver ports 2x1GbE 2x1GbE 8x1GbE 8x1GbE 4x10GbE SFP+ MACsec-capable ports 2x1GbE 2x1GbE 16x1GbE 16x1GbE 16x1GbE 4x10GbE Out-of-band (OOB) management ports 0 0 1x1GbE 1x1GbE 1x1GbE Mini PIM (WAN) slots 0 2 4 4 4 Console (RJ-45 + miniUSB) 1 1 1 1 1 USB 3.0 ports (type A) 1 1 1 1 1 PoE+ ports N/A 62 0 0 16 Memory and Storage System memory (RAM) 4 GB 4 GB 4 GB 4 GB 4GB Storage 8 GB 8 GB 8 GB 8 GB 100GB SSD SSD slots 0 0 1 1 1 Dimensions and Power Form factor Desktop Desktop 1 U 1 U 1U Size (WxHxD) 12.63 x 1.37 x 7.52 in. (32.08 x 3.47 x 19.10 cm) 11.81 x 1.73 x 7.52 in. (29.99 x 4.39 x 19.10 cm) 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) / 17.36 x 1.72 x 18.7 in. (44.09 x 4.36 x 47.5 cm)3 17.36 x 1.72 x 18.7 in. (44.09 x 4.37 x 47.5 cm) / 17.36 x 1.72 x 20.47 in. (44.09 x 4.37 x 52 cm) Weight (device and PSU) 4.38 lb (1.98 kg) 3.28 lb (1.51 kg)4 / 3.4 lb (1.55 kb)5 10.80 lb (4.90 kg) 10.80 lb (4.90 kg) / 11.02 lb (5 kg)6 15 lb (6.8 kg) with 1xPSU / 16.76 lb (7.6 kg) with 2xPSU Redundant PSU No No No No Yes Power supply AC (external) AC (external) AC (internal) AC (internal) / DC (internal)6 1+1 hot-swappable AC PSU Rated DC voltage range N/A N/A N/A -48 to -60 VDC (with -15% and +20% tolerance) NA Rated DC operating voltage range N/A N/A N/A -40.8 VDC to -72 VDC6 N/A Maximum PoE power N/A 180 W5 N/A N/A 480W Average power consumption 24.9 W 46 W4/221 W5 122 W 122 W 150 W (without PoE) 510 W (with PoE) Average heat dissipation 85 BTU/h 157 BTU/h4/755 BTU/h5 420 BTU/h 420 BTU/h 511.5 BTU/hr (without PoE) Maximum current consumption 0.346 A 0.634 A4/2.755 A5 1.496 A 1.496 A / 6A @ -48 VDC6 1.79A/7.32A Acoustic noise level 0dB (fanless) 37 dBA4/40 dBA5 45.5 dBA 45.5 dBA < 50dBA @ room temperature 27C Airflow/cooling Fanless Front to back Front to back Front to back Front to back Environmental, Compliance, and Safety Certification Operational temperature -4° to 140° F (-20° to 60° C)7 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C) -22° to 131° F (-30° to 55° C) for SRX345-DC 32° to 104° F (0° to 40° C) with MPIMs32° to 122° F (0° to 50° C) without MPIMs Nonoperational temperature -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -22° to 158° F (-30° to 70° C) for SRX345-DC -4° to 158° F (-20° to 70° C) Operating humidity 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing Nonoperating humidity 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing Meantime between failures (MTBF) 44.5 years 32.5 years4/ 26 years5 27 years 27.4 years 28.1 years FCC classification Class A Class A Class A Class A Class A RoHS compliance RoHS 2 RoHS 2 RoHS 2 RoHS 2 RoHS 2 FIPS 140-2 Level 2 (Junos 15.1X49-D60) Level 1 (Junos 15.1X49-D60) Level 2 (Junos 15.1X49-D60) Level 2 (Junos 15.1X49-D60) N/A Common Criteria certification NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) N/A Performance and Scale
8Throughput numbers based on UDP packets and RFC2544 test methodology. 9Throughput numbers based on HTTP traffic with 44 KB transaction size. 10Route scaling numbers are with enhanced route-scale features turned on. 11Next-Generation firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions 12Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions -
Product Overview
The SRX300 line of firewalls combines security, SD-WAN, routing, switching, and WAN interfaces with next-generation firewall and advanced threat mitigation capabilities for cost-effective, secure connectivity across distributed enterprise locations. By consolidating fast, highly available switching, routing, security, and next-generation firewall capabilities in a single device, enterprises can remove network complexity, protect and prioritize their resources, and improve user and application experience while lowering total cost of ownership (TCO).Product Description
Juniper Networks® SRX300 line of firewalls delivers a next-generation secure SD-WAN and security solution that supports the changing needs of cloud-enabled enterprise networks. Whether rolling out new services and applications across locations, connecting to the cloud, or trying to achieve operational efficiency, the SRX300 line helps organizations realize their business objectives while providing scalable, easy to manage, secure connectivity and advanced threat mitigation capabilities. Next-generation firewall and unified threat management (UTM) capabilities also make it easier to detect and proactively mitigate threats to improve the user and application experience. The SRX300 line consists of five models:- SRX300: Securing small branch or retail offices, the SRX300 Firewall consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX300 supports up to 1.9 Gbps firewall and 336 Mbps IPsec VPN in a single, cost-effective networking and security platform.
- SRX320: Securely connecting small distributed enterprise branch offices, the SRX320 Firewall consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX320 supports up to 1.9 Gbps firewall and 336 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
- SRX340: Securely connecting midsize distributed enterprise branch offices, the SRX340 Firewall consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX340 supports up to 4.7 Gbps firewall and 733 Mbps IPsec VPN in a single, cost-effective networking and security platform.
- SRX345: Best suited for midsize to large distributed enterprise branch offices, the SRX345 Firewall consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX345 supports up to 5 Gbps firewall and 977 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
- SRX380: A high-performance and secure SD-WAN gateway, the SRX380 offers superior and reliable WAN connectivity while consolidating security, routing, and switching for distributed enterprise offices. The SRX380 features greater port density than other SRX300 models, with 16x1GbE PoE+ and 4x10GbE ports, and includes redundant dual power supplies, all in a 1 U form factor. The SRX380 supports up to 20Gbps firewall and 4.4 Gbps IPSec VPN in a single, consolidated, cost-effective networking and security platform.
SRX300 Highlights
The SRX300 line of firewalls consists of secure SD-WAN routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of remote sites. WAN or Internet connectivity and Wi-Fi module options include:- Ethernet, T1/E1, ADSL2/2+, and VDSL
- 3G/4G LTE wireless
- 802.11ac Wave 2 Wi-Fi
Mist AI
WAN Assurance
Mist WAN Assurance is a cloud service that brings AI-powered automation and service levels to Juniper SRX Series Firewalls, complementing the Juniper Secure SD-WAN solution. Mist WAN Assurance transforms IT operations from reactive troubleshooting to proactive remediation, turning insights into actions and delivering operational simplicity with seamless integration into existing deployments.- SRX Series firewalls, deployed as secure SD-WAN edge devices, deliver the rich Junos streaming telemetry that provides the insights needed for WAN health metrics and anomaly detection. This data is leveraged within the Mist Cloud and AI engine, driving simpler operations, reducing mean time to repair (MTTR) and providing greater visibility into end-user experiences.
- Insights derived from SRX Series SD-WAN gateway telemetry data allows WAN Assurance to compute unique “User Minutes” that indicate whether users are having a good experience.
- The Marvis assistant for WAN allows you to ask direct questions like “Why is my Zoom call bad?” and provides complete insights, correlation, and actions.
- Marvis Actions identifies and summarizes issues such as application latency conditions, congested WAN circuits, or negotiation mismatches.
Simplifying Branch Deployments (Secure Connectivity/SD-WAN)
The SRX300 line delivers fully automated SD-WAN to both enterprises and service providers.- A Zero-Touch Provisioning (ZTP) feature simplifies branch network connectivity for initial deployment and ongoing management.
- SRX300 firewalls offer best-in-class secure connectivity.
- The SRX300 firewalls efficiently utilize multiple links and load balance traffic across the enterprise WAN, blending traditional MPLS with other connectivity options such as broadband internet, leased lines, 4G/LTE, and more.
- Policy- and application-based forwarding capabilities enforce business rules created by the enterprise to steer application traffic towards a preferred path.
Comprehensive Security Suite
The SRX300 line offers a comprehensive suite of application security services, threat defenses, and intelligence services. The services consist of intrusion prevention system (IPS), application security user role-based firewall controls and cloud-based antivirus, anti-spam, and enhanced Web filtering, protecting networks from the latest content-borne threats. Integrated threat intelligence via Juniper Networks SecIntel offers adaptive threat protection against Command and Control (C&C)-related botnets and policy enforcement based on GeoIP. Customers can also leverage their own custom and third-party feeds for protection from advanced malware and other threats. Integrating the Juniper Networks Advanced Threat Protection solution, the SRX300 line detects and enforces automated protection against known malware and zero-day threats with a very high degree of accuracy.Industry-Certified Junos Operating System
SRX300 Firewalls run the Junos operating system, a proven, carrier-hardened OS that powers the top 100 service provider networks in the world. The rigorously tested, carrier-class, rich routing features such as IPv4/IPv6, OSPF, BGP, and multicast have been proven over 15 years of worldwide deployments. The SRX300 line also enables agile SecOps through automation capabilities that support Zero Touch Deployment, Python scripts for orchestration, and event scripting for operational management.Features and Benefits
Business Requirement Feature/Solution SRX300 Advantages High performance Up to 20 Gbps of routing and firewall performance - Best suited for small, medium and large branch office deployments
- Addresses future needs for scale and feature capacity
Business continuity Stateful high availability (HA), IP monitoring - Uses stateful HA to synchronize configuration and firewall sessions
- Supports multiple WAN interface with dial-on-demand backup
- Route/link failover based on real-time link performance
SD-WAN Better end-user application and cloud experience and lower operational costs - ZTP simplifies remote device provisioning
- Advanced Policy-Based Routing (APBR) orchestrates business intent policies across the enterprise WAN
- Application quality of experience (AppQoE) measures application SLAs and improves end-user experience
- Controls and prioritizes traffic based on application and user role
End-user experience WAN assurance - Complements the Juniper Secure SD-WAN solution with AI-powered automation and service levels
- Provides visibility and insights into users, applications, WAN links, control and data plane, and CPU for proactive remediation
Highly secure IPsec VPN, Remote Access/SSL VPN, Media Access Control Security (MACsec) - Creates secure, reliable, and fast overlay link over public internet
- Employs anti-counterfeit features to protect from unauthorized hardware spares
- Includes high-performance CPU with built-in hardware to assist IPsec acceleration
- Provides TPM-based protection of device secrets such as passwords and certificates
- Offers secure and flexible remote access SSL VPN with Juniper Secure Connect
Threat protection IPS, antivirus, anti-spam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, and Threat Intelligence Feeds - Provides real-time updates to IPS signatures and protects against exploits
- Protects from zero-day attacks
- Implements industry-leading antivirus and URL filtering
- Integrates open threat intelligence platform with third-party feeds
- Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption
Application visibility On-box GUI, Security Director - Detects 4,275 Layer 3-7 applications, including Web 2.0
- Inspects and detects applications inside the SSL encrypted traffic
Easy to manage and scale On-box GUI, Security Director - Includes centralized management for auto-provisioning, firewall policy management, Network Address Translation (NAT), and IPsec VPN deployments, or simple, easy-to-use on-box GUI for local management
Minimize TCO Junos OS - Integrates routing, switching, and security in a single device
- Reduces operation expense with Junos automation capabilities
SRX300 Specifications
Software Specifications
Routing Protocols
- IPv4, IPv6, ISO, Connectionless Network Service (CLNS)
- Static routes
- RIP v1/v2
- OSPF/OSPF v3
- BGP with Route Reflector
- IS-IS
- Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF)
- Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE)
- Virtual routers
- Policy-based routing, source-based routing
- Equal-cost multipath (ECMP)
QoS Features
- Support for 802.1p, DiffServ code point (DSCP), EXP
- Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
- Marking, policing, and shaping
- Classification and scheduling
- Weighted random early detection (WRED)
- Guaranteed and maximum bandwidth
- Ingress traffic policing
- Virtual channels
- Hierarchical shaping and policing
Switching Features
- ASIC-based Layer 2 Forwarding
- MAC address learning
- VLAN addressing and integrated routing and bridging (IRB) support
- Link aggregation and LACP
- LLDP and LLDP-MED
- STP, RSTP, MSTP
- MVRP
- 802.1X authentication
Firewall Services
- Stateful and stateless firewall
- Zone-based firewall
- Screens and distributed denial of service (DDoS) protection
- Protection from protocol and traffic anomaly
- Integration with Pulse Unified Access Control (UAC)
- Integration with Aruba Clear Pass Policy Manager
- User role-based firewall
- SSL Inspection (Forward-proxy)
Network Address Translation (NAT)
- Source NAT with Port Address Translation (PAT)
- Bidirectional 1:1 static NAT
- Destination NAT with PAT
- Persistent NAT
- IPv6 address translation
VPN Features
- Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/ Dual Stack)
- Juniper Secure Connect: Remote access / SSL VPN
- Configuration payload: Yes
- IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
- IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
- Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
- IPsec (Internet Protocol Security): Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
- IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256
- IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
- Perfect forward secrecy, anti-reply
- Internet Key Exchange: IKEv1, IKEv2
- Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
- VPNs GRE, IP-in-IP, and MPLS
Network Services
- Dynamic Host Configuration Protocol (DHCP) client/server/relay
- Domain Name System (DNS) proxy, dynamic DNS (DDNS)
- Juniper real-time performance monitoring (RPM) and IP-monitoring
- Juniper flow monitoring (J-Flow)1
- Bidirectional Forwarding Detection (BFD)
- Two-Way Active Measurement Protocol (TWAMP)
- IEEE 802.3ah Link Fault Management (LFM)
- IEEE 802.1ag Connectivity Fault Management (CFM)
High Availability Features
- Virtual Router Redundancy Protocol (VRRP)
- Stateful high availability
- Dual box clustering
- Active/passive
- Active/active
- Configuration synchronization
- Firewall session synchronization
- Device/link detection
- In-Band Cluster Upgrade (ICU)
- Dial on-demand backup interfaces
- IP monitoring with route and interface failover
Management, Automation, Logging, and Reporting
- SSH, Telnet, SNMP
- Smart image download
- Juniper CLI and Web UI
- Mist AI
- Simplified management
- WAN Assurance
- Junos Space and Security Director
- Python
- Junos OS event, commit, and OP script
- Application and bandwidth usage reporting
- Auto installation
- Debug and troubleshooting tools
- Zero-Touch Provisioning with Contrail Service Orchestration
Advanced Routing Services
- Packet mode
- MPLS (RSVP, LDP)
- Circuit cross-connect (CCC), translational cross-connect (TCC)
- L2/L3 MPLS VPN, pseudowires
- Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
- MPLS traffic engineering and MPLS fast reroute
Application Security Services1
- Application visibility and control
- Application-based firewall
- Application QoS
- Application-based advanced policy-based routing
- Application quality of experience (AppQoE)
Enhanced SD-WAN Services
- Application-based advanced policy-based routing (APBR)
- Application-based link monitoring and switchover with Application quality of experience (AppQoE)
Threat Defense and Intelligence Services1
- Intrusion prevention
- Antivirus
- Antispam
- Category/reputation-based URL filtering
- Protection from botnets (command and control)
- Adaptive enforcement based on GeoIP
- Juniper Advanced Threat Prevention to detect and block zero-day attacks
- Adaptive Threat Profiling
- Encrypted Traffic Insights
- SecIntel to provide threat intelligence
Hardware Specifications
2SRX320 with PoE+ ports available as a separate SKU: SRX320-POE. 3SRX345 with dual AC PSU model. 4SRX320 non PoE model. 5SRX320-POE with 6 ports PoE+ model. 6SRX345 with DC power supply (operating temperature as per GR-63 Issue 4 2012 test criteria). 7As per GR63 Issue 4 (2012) test criteria. Specification SRX300 SRX320 SRX340 SRX345 SRX380 Connectivity Total onboard ports 8x1GbE 8x1GbE 16x1GbE 16x1GbE 20 (16x1GbE, 4x10GbE) Onboard RJ-45 ports 6x1GbE 6x1GbE 8x1GbE 8x1GbE 16x1GbE Onboard small form-factor pluggable (SFP) transceiver ports 2x1GbE 2x1GbE 8x1GbE 8x1GbE 4x10GbE SFP+ MACsec-capable ports 2x1GbE 2x1GbE 16x1GbE 16x1GbE 16x1GbE 4x10GbE Out-of-band (OOB) management ports 0 0 1x1GbE 1x1GbE 1x1GbE Mini PIM (WAN) slots 0 2 4 4 4 Console (RJ-45 + miniUSB) 1 1 1 1 1 USB 3.0 ports (type A) 1 1 1 1 1 PoE+ ports N/A 62 0 0 16 Memory and Storage System memory (RAM) 4 GB 4 GB 4 GB 4 GB 4GB Storage 8 GB 8 GB 8 GB 8 GB 100GB SSD SSD slots 0 0 1 1 1 Dimensions and Power Form factor Desktop Desktop 1 U 1 U 1U Size (WxHxD) 12.63 x 1.37 x 7.52 in. (32.08 x 3.47 x 19.10 cm) 11.81 x 1.73 x 7.52 in. (29.99 x 4.39 x 19.10 cm) 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) / 17.36 x 1.72 x 18.7 in. (44.09 x 4.36 x 47.5 cm)3 17.36 x 1.72 x 18.7 in. (44.09 x 4.37 x 47.5 cm) / 17.36 x 1.72 x 20.47 in. (44.09 x 4.37 x 52 cm) Weight (device and PSU) 4.38 lb (1.98 kg) 3.28 lb (1.51 kg)4 / 3.4 lb (1.55 kb)5 10.80 lb (4.90 kg) 10.80 lb (4.90 kg) / 11.02 lb (5 kg)6 15 lb (6.8 kg) with 1xPSU / 16.76 lb (7.6 kg) with 2xPSU Redundant PSU No No No No Yes Power supply AC (external) AC (external) AC (internal) AC (internal) / DC (internal)6 1+1 hot-swappable AC PSU Rated DC voltage range N/A N/A N/A -48 to -60 VDC (with -15% and +20% tolerance) NA Rated DC operating voltage range N/A N/A N/A -40.8 VDC to -72 VDC6 N/A Maximum PoE power N/A 180 W5 N/A N/A 480W Average power consumption 24.9 W 46 W4/221 W5 122 W 122 W 150 W (without PoE) 510 W (with PoE) Average heat dissipation 85 BTU/h 157 BTU/h4/755 BTU/h5 420 BTU/h 420 BTU/h 511.5 BTU/hr (without PoE) Maximum current consumption 0.346 A 0.634 A4/2.755 A5 1.496 A 1.496 A / 6A @ -48 VDC6 1.79A/7.32A Acoustic noise level 0dB (fanless) 37 dBA4/40 dBA5 45.5 dBA 45.5 dBA < 50dBA @ room temperature 27C Airflow/cooling Fanless Front to back Front to back Front to back Front to back Environmental, Compliance, and Safety Certification Operational temperature -4° to 140° F (-20° to 60° C)7 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C) -22° to 131° F (-30° to 55° C) for SRX345-DC 32° to 104° F (0° to 40° C) with MPIMs32° to 122° F (0° to 50° C) without MPIMs Nonoperational temperature -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -22° to 158° F (-30° to 70° C) for SRX345-DC -4° to 158° F (-20° to 70° C) Operating humidity 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing Nonoperating humidity 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing Meantime between failures (MTBF) 44.5 years 32.5 years4/ 26 years5 27 years 27.4 years 28.1 years FCC classification Class A Class A Class A Class A Class A RoHS compliance RoHS 2 RoHS 2 RoHS 2 RoHS 2 RoHS 2 FIPS 140-2 Level 2 (Junos 15.1X49-D60) Level 1 (Junos 15.1X49-D60) Level 2 (Junos 15.1X49-D60) Level 2 (Junos 15.1X49-D60) N/A Common Criteria certification NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) N/A Performance and Scale
8Throughput numbers based on UDP packets and RFC2544 test methodology. 9Throughput numbers based on HTTP traffic with 44 KB transaction size. 10Route scaling numbers are with enhanced route-scale features turned on. 11Next-Generation firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions 12Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions Parameter SRX300 SRX320 SRX340 SRX345 SRX380 Routing with packet mode (64 B packet size) in Kpps8 300 300 550 750 1700 Routing with packet mode (IMIX packet size) in Mbps8 800 800 1,600 2,300 5000 Routing with packet mode (1,518 B packet size in Mbps8 1,500 1,500 3,000 5,500 10,000 Stateful firewall (64 B packet size) in Kpps8 200 200 350 550 1700 Stateful firewall (IMIX packet size) in Mbps8 600 600 1,100 1,500 6,500 Stateful firewall (1,518 B packet size) in Mbps8 1,900 1,900 4,700 5,000 20,000 IPsec VPN (IMIX packet size) in Mbps8 116 116 239 325 1400 IPsec VPN (1,400 B packet size) in Mbps8 336 336 733 977 4,400 Application visibility and control in Mbps9 500 500 1,000 1,700 6,000 Recommended IPS in Mbps9 200 200 400 600 2,000 Next-generation firewall in Mbps11 226 226 420 430 2,500 Secure Web Access firewall in Mbps12 171 171 280 295 1,800 Route table size (RIB/FIB) (IPv4 or IPv6) 256,000/256,000 256,000/256,000 1 million/600,00010 1 million/600,00010 1 million/600,00010 Maximum concurrent sessions (IPv4 or IPv6) 64,000 64,000 256,000 375,000 380,000 Maximum security policies 1,000 1,000 2,000 4,000 4,000 Connections per second 5,000 5,000 10,000 15,000 50,000 NAT rules 1,000 1,000 2,000 2,000 3,000 MAC table size 15,000 15,000 15,000 15,000 16,000 IPsec VPN tunnels 256 256 1,024 2,048 2,048 Number of remote access/SSL VPN (concurrent) users 25 50 150 250 500 GRE tunnels 256 256 512 1,024 2,048 Maximum number of security zones 16 16 64 64 128 Maximum number of virtual routers 32 32 64 128 128 Maximum number of VLANs 1,000 1,000 2,000 3,000 3,000 AppID sessions 16,000 16,000 64,000 64,000 64,000 IPS sessions 16,000 16,000 64,000 64,000 64,000 URLF sessions 16,000 16,000 64,000 64,000 64,000 WAN and Wi-Fi Interface Support Matrix
WAN and Wi-Fi Interface SRX300 SRX320 SRX340 SRX345 SRX380 1 port T1/E1 MPIM (SRX-MP-1T1E1-R) No Yes Yes Yes Yes 1 port VDSL2 Annex A/M MPIM (SRX-MP-1VDSL2-R) No Yes Yes Yes Yes 4G / LTE MPIM (SRX-MP-LTE-AA and SRX-MP-LTE-AE) No Yes Yes Yes Yes 802.11ac Wave 2 Wi-Fi MPIM No Yes Yes Yes Yes WAN and Wi-Fi Interface Module Performance Data
Interface Module Description Performance 4G/LTE Dual SIM 4G/LTE-A CAT 6 Up to 300 Mbps download and 50 Mbps upload Wi-Fi MPIM Dual band 802.11 a/b/g/n/ac Wave 2 (2x2 MIMO) Up to 866 Mbps at 5GHz / 300 Mbps at 2.4GHz Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.Ordering Information
To order Juniper Networks SRX Series Firewalls, and to access software licensing information, please visit the How to Buy page at https://www.juniper.net/us/en/how-to-buy/form.html11 Based on concurrent users; two free licenses included SRXnnn-SYS-JB Hardware Included Management (CLI, JWEB, SNMP, Telnet, SSH) Included Ethernet switching (L2 Forwarding, IRB, LACP etc) Included L2 Transparent, Secure Wire Included Routing (RIP, OSPF, BGP, Virtual router) Included Multicast (IGMP, PIM, SSDP, DMVRP) Included Packet Mode Included Overlay (GRE, IP-IP) Included Network Services (J-Flow, DHCP, QOS, BFD) Included Stateful Firewall, Screens, ALGs Included NAT (static, SNAT, DNAT) Included IPSec VPN (Site-to-Site VPN, Auto VPN, Group VPN) Included Firewall policy enforcement (UAC, Aruba CPPM) Included Remote Access/SSL VPN (concurrent users)11 Optional Chassis Cluster, VRRP, ISSU/ICU Included Automation (Junos scripting, auto-installation) Included MPLS, LDP, RSVP, L3 VPN, pseudo-wires, VPLS Included Base System Model Numbers
Product Number Description SRX300-SYS-JB SRX300 Firewalls includes hardware (8GbE, 4G RAM, 8G Flash, power adapter and cable) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching). RMK not included. SRX320-SYS-JB SRX320 Firewalls includes hardware (8GbE, 2x MPIM slots, 4G RAM, 8G Flash, power adapter and cable) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching). RMK not included. SRX320-SYS-JB-P SRX320 Firewalls includes hardware (8GbE, 6-port POE+, 2x MPIM slots, 4G RAM, 8G Flash, power adapter and cable) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching). RMK not included. SRX340-SYS-JB SRX340 Firewalls includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching) SRX345-SYS-JB SRX345 Firewalls includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching) SRX345-SYS-JB-2AC SRX345 Firewalls includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, dual AC power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching) SRX345-SYS-JB-DC SRX345 Firewalls includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, single DC power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching) SRX380-P-SYS-JB-AC SRX380 Firewalls includes hardware (16GbE PoE+, 4x10GbE, 4x MPIM slots, 4GB RAM, 100GB SSD, single AC power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching) Software Licenses
12The S-SRXnnn-P2-1/3/5 year SKUs are only available for the SRX340, SRX345, and SRX380 models. Product Number Description S-SRXnnn-A1-1 SRXnnn Advanced 1 - JSE/SD-WAN, includes SD-WAN features App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack) and IPS; 1-year subscription (example: S-SRX380-A1-1) S-SRXnnn-A1-3 SRXnnn Advanced 1 - JSE/SD-WAN, includes SD-WAN features App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack) and IPS; 3-year subscription (example: S-SRX380-A1-3) S-SRXnnn-A1-5 SRXnnn Advanced 1 - JSE/SD-WAN, includes SD-WAN features App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack) and IPS; 5-year subscription (example: S-SRX380-A1-5] S-SRXnnn-P1-1 SRXnnn Premium 1, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Juniper ATP; 1-year subscription (example: S-SRX380-P1-1) S-SRXnnn-P1-3 SRXnnn Premium 1, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Juniper ATP; 3-year subscription (example: S-SRX380-P1-3) S-SRXnnn-P1-5 SRXnnn Premium 1, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Juniper ATP; 5-year subscription (example: S-SRX380-P1-5) S-SRXnnn-A2-1 SRXnnn Advanced 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Content Security (UTM, Cloud AV, URLF and AS); 1-year subscription (example: S-SRX380-A2-1) S-SRXnnn-A2-3 SRXnnn Advanced 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Content Security (UTM, Cloud AV, URLF and AS); 3-year subscription (example: S-SRX380-A2-3) S-SRXnnn-A2-5 SRXnnn Advanced 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Content Security (UTM, Cloud AV, URLF and AS); 5-year subscription (example: S-SRX380-A2-5) S-SRXnnn-P2-112 SRXnnn Premium 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS, Content Security (UTM, Cloud AV, URLF and AS) and Juniper Sky ATP; 1-year subscription (example: S-SRX380-P2-1) S-SRXnnn-P2-312 SRXnnn Premium 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS, Content Security (UTM, Cloud AV, URLF and AS) and Juniper Sky ATP; 3-year subscription (example: S-SRX380-P2-3) S-SRXnnn-P2-512 SRXnnn Premium 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS, Content Security (UTM, Cloud AV, URLF and AS) and Juniper Sky ATP; 5-year subscription (example: S-SRX380-P2-5) Remote Access/Juniper Secure Connect VPN Licenses
Product Number Description S-RA3-SRX300-S-1 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 1 Year S-RA3-SRX320-S-1 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 1 Year S-RA3-SRX340-S-1 SW, Remote Access VPN - Juniper, 150 Concurrent Users, Standard, with SW support, 1 Year S-RA3-SRX345-S-1 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 1 Year S-RA3-SRX380-S-1 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 1 Year S-RA3-5CCU-S-1 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 1 Year S-RA3-25CCU-S-1 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 1 Year S-RA3-50CCU-S-1 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 1 Year S-RA3-100CCU-S-1 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard, with SW support, 1 Year S-RA3-250CCU-S-1 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 1 Year S-RA3-500CCU-S-1 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 1 Year S-RA3-SRX300-S-3 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 3 Year S-RA3-SRX320-S-3 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 3 Year S-RA3-SRX340-S-3 SW, Remote Access VPN - Juniper, 150 Concurrent Users, Standard, with SW support, 3 Year S-RA3-SRX345-S-3 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 3 Year S-RA3-SRX380-S-3 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 3 Year S-RA3-5CCU-S-3 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 3 Year S-RA3-25CCU-S-3 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 3 Year S-RA3-50CCU-S-3 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 3 Year S-RA3-100CCU-S-3 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard, with SW support, 3 Year S-RA3-250CCU-S-3 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 3 Year S-RA3-500CCU-S-3 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 3 Year Interface Modules
Product Number Description SRX-MP-1T1E1-R 1 port T1E1, MPIM form factor supported on SRX320, SRX340, SRX345, SRX380, and SRX550M. ROHS complaint SRX-MP-1VDSL2-R 1 port VDSL2 (backward compatible with ADSL / ADSL2+), MPIM form factor supported on SRX320, SRX340, SRX345, SRX380, and SRX550M. ROHS complaint SRX-MP-LTE-AA 4G / LTE MPIM support 1, 3, 5, 7-8, 18-19, 21, 28, 38-41 LTE bands (for Asia and Australia). Supported on SRX320, SRX340, SRX345, SRX380, and SRX550M SRX-MP-LTE-AE 4G / LTE MPIM support 1-5, 7-8, 12-13, 30, 25-26, 29-30, 41 LTE bands (for Americas and EMEA). Supported on SRX320, SRX340, SRX345, SRX380, and SRX550M SRX-MP-WLAN-US Wireless access point (Wi-Fi) MPIM for SRX320, SRX34x, SRX380, and SRX550M. Supported for U.S. regulatory bands only. SRX-MP-WLAN-WW Wireless access point (Wi-Fi) MPIM for SRX320, SRX34x, SRX380, and SRX550M. Supported for worldwide regulatory bands (excluding U.S. and Israel). SRX-MP-WLAN-IL Wireless access point (Wi-Fi) MPIM for SRX320, SRX34x, SRX380, and SRX550M. Supported for Israel regulatory bands only. SRX-MP-ANT-EXT Antenna extension cable for WLAN MPIM on SRX Series platforms Accessories
Product Number Description SRX300-RMK0 SRX300 rack mount kit with adaptor tray SRX300-RMK1 SRX300 rack mount kit without adaptor tray SRX300-WALL-KIT0 SRX300 wall mount kit with brackets SRX320-P-RMK0 SRX320-POE rack mount kit with adaptor tray SRX320-P-RMK1 SRX300-POE rack mount kit without adaptor tray SRX320-RMK0 SRX320 rack mount kit with adaptor tray SRX320-RMK1 SRX320 rack mount kit without adaptor tray SRX320-WALL-KIT0 SRX320 wall mount kit with brackets SRX34X-RMK SRX340 and SRX345 rack mount kit EX-4PST-RMK SRX380 rack mount kit JSU-SSD-MLC-100 Juniper Storage Unit, SSD, MLC, 100GB JPSU-600-AC-AFO SRX380 600W AC PSU, front-to-back -
Product Overview
The SRX300 line of firewalls combines security, SD-WAN, routing, switching, and WAN interfaces with next-generation firewall and advanced threat mitigation capabilities for cost-effective, secure connectivity across distributed enterprise locations. By consolidating fast, highly available switching, routing, security, and next-generation firewall capabilities in a single device, enterprises can remove network complexity, protect and prioritize their resources, and improve user and application experience while lowering total cost of ownership (TCO).Product Description
Juniper Networks® SRX300 line of firewalls delivers a next-generation secure SD-WAN and security solution that supports the changing needs of cloud-enabled enterprise networks. Whether rolling out new services and applications across locations, connecting to the cloud, or trying to achieve operational efficiency, the SRX300 line helps organizations realize their business objectives while providing scalable, easy to manage, secure connectivity and advanced threat mitigation capabilities. Next-generation firewall and unified threat management (UTM) capabilities also make it easier to detect and proactively mitigate threats to improve the user and application experience. The SRX300 line consists of five models:- SRX300: Securing small branch or retail offices, the SRX300 Firewall consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX300 supports up to 1.9 Gbps firewall and 336 Mbps IPsec VPN in a single, cost-effective networking and security platform.
- SRX320: Securely connecting small distributed enterprise branch offices, the SRX320 Firewall consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX320 supports up to 1.9 Gbps firewall and 336 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
- SRX340: Securely connecting midsize distributed enterprise branch offices, the SRX340 Firewall consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX340 supports up to 4.7 Gbps firewall and 733 Mbps IPsec VPN in a single, cost-effective networking and security platform.
- SRX345: Best suited for midsize to large distributed enterprise branch offices, the SRX345 Firewall consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX345 supports up to 5 Gbps firewall and 977 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
- SRX380: A high-performance and secure SD-WAN gateway, the SRX380 offers superior and reliable WAN connectivity while consolidating security, routing, and switching for distributed enterprise offices. The SRX380 features greater port density than other SRX300 models, with 16x1GbE PoE+ and 4x10GbE ports, and includes redundant dual power supplies, all in a 1 U form factor. The SRX380 supports up to 20Gbps firewall and 4.4 Gbps IPSec VPN in a single, consolidated, cost-effective networking and security platform.
SRX300 Highlights
The SRX300 line of firewalls consists of secure SD-WAN routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of remote sites. WAN or Internet connectivity and Wi-Fi module options include:- Ethernet, T1/E1, ADSL2/2+, and VDSL
- 3G/4G LTE wireless
- 802.11ac Wave 2 Wi-Fi
Mist AI
WAN Assurance
Mist WAN Assurance is a cloud service that brings AI-powered automation and service levels to Juniper SRX Series Firewalls, complementing the Juniper Secure SD-WAN solution. Mist WAN Assurance transforms IT operations from reactive troubleshooting to proactive remediation, turning insights into actions and delivering operational simplicity with seamless integration into existing deployments.- SRX Series firewalls, deployed as secure SD-WAN edge devices, deliver the rich Junos streaming telemetry that provides the insights needed for WAN health metrics and anomaly detection. This data is leveraged within the Mist Cloud and AI engine, driving simpler operations, reducing mean time to repair (MTTR) and providing greater visibility into end-user experiences.
- Insights derived from SRX Series SD-WAN gateway telemetry data allows WAN Assurance to compute unique “User Minutes” that indicate whether users are having a good experience.
- The Marvis assistant for WAN allows you to ask direct questions like “Why is my Zoom call bad?” and provides complete insights, correlation, and actions.
- Marvis Actions identifies and summarizes issues such as application latency conditions, congested WAN circuits, or negotiation mismatches.
Simplifying Branch Deployments (Secure Connectivity/SD-WAN)
The SRX300 line delivers fully automated SD-WAN to both enterprises and service providers.- A Zero-Touch Provisioning (ZTP) feature simplifies branch network connectivity for initial deployment and ongoing management.
- SRX300 firewalls offer best-in-class secure connectivity.
- The SRX300 firewalls efficiently utilize multiple links and load balance traffic across the enterprise WAN, blending traditional MPLS with other connectivity options such as broadband internet, leased lines, 4G/LTE, and more.
- Policy- and application-based forwarding capabilities enforce business rules created by the enterprise to steer application traffic towards a preferred path.
Comprehensive Security Suite
The SRX300 line offers a comprehensive suite of application security services, threat defenses, and intelligence services. The services consist of intrusion prevention system (IPS), application security user role-based firewall controls and cloud-based antivirus, anti-spam, and enhanced Web filtering, protecting networks from the latest content-borne threats. Integrated threat intelligence via Juniper Networks SecIntel offers adaptive threat protection against Command and Control (C&C)-related botnets and policy enforcement based on GeoIP. Customers can also leverage their own custom and third-party feeds for protection from advanced malware and other threats. Integrating the Juniper Networks Advanced Threat Protection solution, the SRX300 line detects and enforces automated protection against known malware and zero-day threats with a very high degree of accuracy.Industry-Certified Junos Operating System
SRX300 Firewalls run the Junos operating system, a proven, carrier-hardened OS that powers the top 100 service provider networks in the world. The rigorously tested, carrier-class, rich routing features such as IPv4/IPv6, OSPF, BGP, and multicast have been proven over 15 years of worldwide deployments. The SRX300 line also enables agile SecOps through automation capabilities that support Zero Touch Deployment, Python scripts for orchestration, and event scripting for operational management.Features and Benefits
Business Requirement Feature/Solution SRX300 Advantages High performance Up to 20 Gbps of routing and firewall performance - Best suited for small, medium and large branch office deployments
- Addresses future needs for scale and feature capacity
Business continuity Stateful high availability (HA), IP monitoring - Uses stateful HA to synchronize configuration and firewall sessions
- Supports multiple WAN interface with dial-on-demand backup
- Route/link failover based on real-time link performance
SD-WAN Better end-user application and cloud experience and lower operational costs - ZTP simplifies remote device provisioning
- Advanced Policy-Based Routing (APBR) orchestrates business intent policies across the enterprise WAN
- Application quality of experience (AppQoE) measures application SLAs and improves end-user experience
- Controls and prioritizes traffic based on application and user role
End-user experience WAN assurance - Complements the Juniper Secure SD-WAN solution with AI-powered automation and service levels
- Provides visibility and insights into users, applications, WAN links, control and data plane, and CPU for proactive remediation
Highly secure IPsec VPN, Remote Access/SSL VPN, Media Access Control Security (MACsec) - Creates secure, reliable, and fast overlay link over public internet
- Employs anti-counterfeit features to protect from unauthorized hardware spares
- Includes high-performance CPU with built-in hardware to assist IPsec acceleration
- Provides TPM-based protection of device secrets such as passwords and certificates
- Offers secure and flexible remote access SSL VPN with Juniper Secure Connect
Threat protection IPS, antivirus, anti-spam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, and Threat Intelligence Feeds - Provides real-time updates to IPS signatures and protects against exploits
- Protects from zero-day attacks
- Implements industry-leading antivirus and URL filtering
- Integrates open threat intelligence platform with third-party feeds
- Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption
Application visibility On-box GUI, Security Director - Detects 4,275 Layer 3-7 applications, including Web 2.0
- Inspects and detects applications inside the SSL encrypted traffic
Easy to manage and scale On-box GUI, Security Director - Includes centralized management for auto-provisioning, firewall policy management, Network Address Translation (NAT), and IPsec VPN deployments, or simple, easy-to-use on-box GUI for local management
Minimize TCO Junos OS - Integrates routing, switching, and security in a single device
- Reduces operation expense with Junos automation capabilities
SRX300 Specifications
Software Specifications
Routing Protocols
- IPv4, IPv6, ISO, Connectionless Network Service (CLNS)
- Static routes
- RIP v1/v2
- OSPF/OSPF v3
- BGP with Route Reflector
- IS-IS
- Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF)
- Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE)
- Virtual routers
- Policy-based routing, source-based routing
- Equal-cost multipath (ECMP)
QoS Features
- Support for 802.1p, DiffServ code point (DSCP), EXP
- Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
- Marking, policing, and shaping
- Classification and scheduling
- Weighted random early detection (WRED)
- Guaranteed and maximum bandwidth
- Ingress traffic policing
- Virtual channels
- Hierarchical shaping and policing
Switching Features
- ASIC-based Layer 2 Forwarding
- MAC address learning
- VLAN addressing and integrated routing and bridging (IRB) support
- Link aggregation and LACP
- LLDP and LLDP-MED
- STP, RSTP, MSTP
- MVRP
- 802.1X authentication
Firewall Services
- Stateful and stateless firewall
- Zone-based firewall
- Screens and distributed denial of service (DDoS) protection
- Protection from protocol and traffic anomaly
- Integration with Pulse Unified Access Control (UAC)
- Integration with Aruba Clear Pass Policy Manager
- User role-based firewall
- SSL Inspection (Forward-proxy)
Network Address Translation (NAT)
- Source NAT with Port Address Translation (PAT)
- Bidirectional 1:1 static NAT
- Destination NAT with PAT
- Persistent NAT
- IPv6 address translation
VPN Features
- Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/ Dual Stack)
- Juniper Secure Connect: Remote access / SSL VPN
- Configuration payload: Yes
- IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
- IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
- Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
- IPsec (Internet Protocol Security): Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
- IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256
- IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
- Perfect forward secrecy, anti-reply
- Internet Key Exchange: IKEv1, IKEv2
- Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
- VPNs GRE, IP-in-IP, and MPLS
Network Services
- Dynamic Host Configuration Protocol (DHCP) client/server/relay
- Domain Name System (DNS) proxy, dynamic DNS (DDNS)
- Juniper real-time performance monitoring (RPM) and IP-monitoring
- Juniper flow monitoring (J-Flow)1
- Bidirectional Forwarding Detection (BFD)
- Two-Way Active Measurement Protocol (TWAMP)
- IEEE 802.3ah Link Fault Management (LFM)
- IEEE 802.1ag Connectivity Fault Management (CFM)
High Availability Features
- Virtual Router Redundancy Protocol (VRRP)
- Stateful high availability
- Dual box clustering
- Active/passive
- Active/active
- Configuration synchronization
- Firewall session synchronization
- Device/link detection
- In-Band Cluster Upgrade (ICU)
- Dial on-demand backup interfaces
- IP monitoring with route and interface failover
Management, Automation, Logging, and Reporting
- SSH, Telnet, SNMP
- Smart image download
- Juniper CLI and Web UI
- Mist AI
- Simplified management
- WAN Assurance
- Junos Space and Security Director
- Python
- Junos OS event, commit, and OP script
- Application and bandwidth usage reporting
- Auto installation
- Debug and troubleshooting tools
- Zero-Touch Provisioning with Contrail Service Orchestration
Advanced Routing Services
- Packet mode
- MPLS (RSVP, LDP)
- Circuit cross-connect (CCC), translational cross-connect (TCC)
- L2/L3 MPLS VPN, pseudowires
- Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
- MPLS traffic engineering and MPLS fast reroute
Application Security Services1
- Application visibility and control
- Application-based firewall
- Application QoS
- Application-based advanced policy-based routing
- Application quality of experience (AppQoE)
Enhanced SD-WAN Services
- Application-based advanced policy-based routing (APBR)
- Application-based link monitoring and switchover with Application quality of experience (AppQoE)
Threat Defense and Intelligence Services1
- Intrusion prevention
- Antivirus
- Antispam
- Category/reputation-based URL filtering
- Protection from botnets (command and control)
- Adaptive enforcement based on GeoIP
- Juniper Advanced Threat Prevention to detect and block zero-day attacks
- Adaptive Threat Profiling
- Encrypted Traffic Insights
- SecIntel to provide threat intelligence
Hardware Specifications
2SRX320 with PoE+ ports available as a separate SKU: SRX320-POE. 3SRX345 with dual AC PSU model. 4SRX320 non PoE model. 5SRX320-POE with 6 ports PoE+ model. 6SRX345 with DC power supply (operating temperature as per GR-63 Issue 4 2012 test criteria). 7As per GR63 Issue 4 (2012) test criteria. Specification SRX300 SRX320 SRX340 SRX345 SRX380 Connectivity Total onboard ports 8x1GbE 8x1GbE 16x1GbE 16x1GbE 20 (16x1GbE, 4x10GbE) Onboard RJ-45 ports 6x1GbE 6x1GbE 8x1GbE 8x1GbE 16x1GbE Onboard small form-factor pluggable (SFP) transceiver ports 2x1GbE 2x1GbE 8x1GbE 8x1GbE 4x10GbE SFP+ MACsec-capable ports 2x1GbE 2x1GbE 16x1GbE 16x1GbE 16x1GbE 4x10GbE Out-of-band (OOB) management ports 0 0 1x1GbE 1x1GbE 1x1GbE Mini PIM (WAN) slots 0 2 4 4 4 Console (RJ-45 + miniUSB) 1 1 1 1 1 USB 3.0 ports (type A) 1 1 1 1 1 PoE+ ports N/A 62 0 0 16 Memory and Storage System memory (RAM) 4 GB 4 GB 4 GB 4 GB 4GB Storage 8 GB 8 GB 8 GB 8 GB 100GB SSD SSD slots 0 0 1 1 1 Dimensions and Power Form factor Desktop Desktop 1 U 1 U 1U Size (WxHxD) 12.63 x 1.37 x 7.52 in. (32.08 x 3.47 x 19.10 cm) 11.81 x 1.73 x 7.52 in. (29.99 x 4.39 x 19.10 cm) 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) / 17.36 x 1.72 x 18.7 in. (44.09 x 4.36 x 47.5 cm)3 17.36 x 1.72 x 18.7 in. (44.09 x 4.37 x 47.5 cm) / 17.36 x 1.72 x 20.47 in. (44.09 x 4.37 x 52 cm) Weight (device and PSU) 4.38 lb (1.98 kg) 3.28 lb (1.51 kg)4 / 3.4 lb (1.55 kb)5 10.80 lb (4.90 kg) 10.80 lb (4.90 kg) / 11.02 lb (5 kg)6 15 lb (6.8 kg) with 1xPSU / 16.76 lb (7.6 kg) with 2xPSU Redundant PSU No No No No Yes Power supply AC (external) AC (external) AC (internal) AC (internal) / DC (internal)6 1+1 hot-swappable AC PSU Rated DC voltage range N/A N/A N/A -48 to -60 VDC (with -15% and +20% tolerance) NA Rated DC operating voltage range N/A N/A N/A -40.8 VDC to -72 VDC6 N/A Maximum PoE power N/A 180 W5 N/A N/A 480W Average power consumption 24.9 W 46 W4/221 W5 122 W 122 W 150 W (without PoE) 510 W (with PoE) Average heat dissipation 85 BTU/h 157 BTU/h4/755 BTU/h5 420 BTU/h 420 BTU/h 511.5 BTU/hr (without PoE) Maximum current consumption 0.346 A 0.634 A4/2.755 A5 1.496 A 1.496 A / 6A @ -48 VDC6 1.79A/7.32A Acoustic noise level 0dB (fanless) 37 dBA4/40 dBA5 45.5 dBA 45.5 dBA < 50dBA @ room temperature 27C Airflow/cooling Fanless Front to back Front to back Front to back Front to back Environmental, Compliance, and Safety Certification Operational temperature -4° to 140° F (-20° to 60° C)7 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C) -22° to 131° F (-30° to 55° C) for SRX345-DC 32° to 104° F (0° to 40° C) with MPIMs32° to 122° F (0° to 50° C) without MPIMs Nonoperational temperature -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -22° to 158° F (-30° to 70° C) for SRX345-DC -4° to 158° F (-20° to 70° C) Operating humidity 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing Nonoperating humidity 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing Meantime between failures (MTBF) 44.5 years 32.5 years4/ 26 years5 27 years 27.4 years 28.1 years FCC classification Class A Class A Class A Class A Class A RoHS compliance RoHS 2 RoHS 2 RoHS 2 RoHS 2 RoHS 2 FIPS 140-2 Level 2 (Junos 15.1X49-D60) Level 1 (Junos 15.1X49-D60) Level 2 (Junos 15.1X49-D60) Level 2 (Junos 15.1X49-D60) N/A Common Criteria certification NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) N/A Performance and Scale
8Throughput numbers based on UDP packets and RFC2544 test methodology. 9Throughput numbers based on HTTP traffic with 44 KB transaction size. 10Route scaling numbers are with enhanced route-scale features turned on. 11Next-Generation firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions 12Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions Parameter SRX300 SRX320 SRX340 SRX345 SRX380 Routing with packet mode (64 B packet size) in Kpps8 300 300 550 750 1700 Routing with packet mode (IMIX packet size) in Mbps8 800 800 1,600 2,300 5000 Routing with packet mode (1,518 B packet size in Mbps8 1,500 1,500 3,000 5,500 10,000 Stateful firewall (64 B packet size) in Kpps8 200 200 350 550 1700 Stateful firewall (IMIX packet size) in Mbps8 600 600 1,100 1,500 6,500 Stateful firewall (1,518 B packet size) in Mbps8 1,900 1,900 4,700 5,000 20,000 IPsec VPN (IMIX packet size) in Mbps8 116 116 239 325 1400 IPsec VPN (1,400 B packet size) in Mbps8 336 336 733 977 4,400 Application visibility and control in Mbps9 500 500 1,000 1,700 6,000 Recommended IPS in Mbps9 200 200 400 600 2,000 Next-generation firewall in Mbps11 226 226 420 430 2,500 Secure Web Access firewall in Mbps12 171 171 280 295 1,800 Route table size (RIB/FIB) (IPv4 or IPv6) 256,000/256,000 256,000/256,000 1 million/600,00010 1 million/600,00010 1 million/600,00010 Maximum concurrent sessions (IPv4 or IPv6) 64,000 64,000 256,000 375,000 380,000 Maximum security policies 1,000 1,000 2,000 4,000 4,000 Connections per second 5,000 5,000 10,000 15,000 50,000 NAT rules 1,000 1,000 2,000 2,000 3,000 MAC table size 15,000 15,000 15,000 15,000 16,000 IPsec VPN tunnels 256 256 1,024 2,048 2,048 Number of remote access/SSL VPN (concurrent) users 25 50 150 250 500 GRE tunnels 256 256 512 1,024 2,048 Maximum number of security zones 16 16 64 64 128 Maximum number of virtual routers 32 32 64 128 128 Maximum number of VLANs 1,000 1,000 2,000 3,000 3,000 AppID sessions 16,000 16,000 64,000 64,000 64,000 IPS sessions 16,000 16,000 64,000 64,000 64,000 URLF sessions 16,000 16,000 64,000 64,000 64,000 WAN and Wi-Fi Interface Support Matrix
WAN and Wi-Fi Interface SRX300 SRX320 SRX340 SRX345 SRX380 1 port T1/E1 MPIM (SRX-MP-1T1E1-R) No Yes Yes Yes Yes 1 port VDSL2 Annex A/M MPIM (SRX-MP-1VDSL2-R) No Yes Yes Yes Yes 4G / LTE MPIM (SRX-MP-LTE-AA and SRX-MP-LTE-AE) No Yes Yes Yes Yes 802.11ac Wave 2 Wi-Fi MPIM No Yes Yes Yes Yes WAN and Wi-Fi Interface Module Performance Data
Interface Module Description Performance 4G/LTE Dual SIM 4G/LTE-A CAT 6 Up to 300 Mbps download and 50 Mbps upload Wi-Fi MPIM Dual band 802.11 a/b/g/n/ac Wave 2 (2x2 MIMO) Up to 866 Mbps at 5GHz / 300 Mbps at 2.4GHz Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.Ordering Information
To order Juniper Networks SRX Series Firewalls, and to access software licensing information, please visit the How to Buy page at https://www.juniper.net/us/en/how-to-buy/form.html11 Based on concurrent users; two free licenses included SRXnnn-SYS-JB Hardware Included Management (CLI, JWEB, SNMP, Telnet, SSH) Included Ethernet switching (L2 Forwarding, IRB, LACP etc) Included L2 Transparent, Secure Wire Included Routing (RIP, OSPF, BGP, Virtual router) Included Multicast (IGMP, PIM, SSDP, DMVRP) Included Packet Mode Included Overlay (GRE, IP-IP) Included Network Services (J-Flow, DHCP, QOS, BFD) Included Stateful Firewall, Screens, ALGs Included NAT (static, SNAT, DNAT) Included IPSec VPN (Site-to-Site VPN, Auto VPN, Group VPN) Included Firewall policy enforcement (UAC, Aruba CPPM) Included Remote Access/SSL VPN (concurrent users)11 Optional Chassis Cluster, VRRP, ISSU/ICU Included Automation (Junos scripting, auto-installation) Included MPLS, LDP, RSVP, L3 VPN, pseudo-wires, VPLS Included Base System Model Numbers
Product Number Description SRX300-SYS-JB SRX300 Firewalls includes hardware (8GbE, 4G RAM, 8G Flash, power adapter and cable) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching). RMK not included. SRX320-SYS-JB SRX320 Firewalls includes hardware (8GbE, 2x MPIM slots, 4G RAM, 8G Flash, power adapter and cable) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching). RMK not included. SRX320-SYS-JB-P SRX320 Firewalls includes hardware (8GbE, 6-port POE+, 2x MPIM slots, 4G RAM, 8G Flash, power adapter and cable) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching). RMK not included. SRX340-SYS-JB SRX340 Firewalls includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching) SRX345-SYS-JB SRX345 Firewalls includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching) SRX345-SYS-JB-2AC SRX345 Firewalls includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, dual AC power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching) SRX345-SYS-JB-DC SRX345 Firewalls includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, single DC power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching) SRX380-P-SYS-JB-AC SRX380 Firewalls includes hardware (16GbE PoE+, 4x10GbE, 4x MPIM slots, 4GB RAM, 100GB SSD, single AC power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching) Software Licenses
12The S-SRXnnn-P2-1/3/5 year SKUs are only available for the SRX340, SRX345, and SRX380 models. Product Number Description S-SRXnnn-A1-1 SRXnnn Advanced 1 - JSE/SD-WAN, includes SD-WAN features App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack) and IPS; 1-year subscription (example: S-SRX380-A1-1) S-SRXnnn-A1-3 SRXnnn Advanced 1 - JSE/SD-WAN, includes SD-WAN features App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack) and IPS; 3-year subscription (example: S-SRX380-A1-3) S-SRXnnn-A1-5 SRXnnn Advanced 1 - JSE/SD-WAN, includes SD-WAN features App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack) and IPS; 5-year subscription (example: S-SRX380-A1-5] S-SRXnnn-P1-1 SRXnnn Premium 1, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Juniper ATP; 1-year subscription (example: S-SRX380-P1-1) S-SRXnnn-P1-3 SRXnnn Premium 1, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Juniper ATP; 3-year subscription (example: S-SRX380-P1-3) S-SRXnnn-P1-5 SRXnnn Premium 1, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Juniper ATP; 5-year subscription (example: S-SRX380-P1-5) S-SRXnnn-A2-1 SRXnnn Advanced 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Content Security (UTM, Cloud AV, URLF and AS); 1-year subscription (example: S-SRX380-A2-1) S-SRXnnn-A2-3 SRXnnn Advanced 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Content Security (UTM, Cloud AV, URLF and AS); 3-year subscription (example: S-SRX380-A2-3) S-SRXnnn-A2-5 SRXnnn Advanced 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Content Security (UTM, Cloud AV, URLF and AS); 5-year subscription (example: S-SRX380-A2-5) S-SRXnnn-P2-112 SRXnnn Premium 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS, Content Security (UTM, Cloud AV, URLF and AS) and Juniper Sky ATP; 1-year subscription (example: S-SRX380-P2-1) S-SRXnnn-P2-312 SRXnnn Premium 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS, Content Security (UTM, Cloud AV, URLF and AS) and Juniper Sky ATP; 3-year subscription (example: S-SRX380-P2-3) S-SRXnnn-P2-512 SRXnnn Premium 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS, Content Security (UTM, Cloud AV, URLF and AS) and Juniper Sky ATP; 5-year subscription (example: S-SRX380-P2-5) Remote Access/Juniper Secure Connect VPN Licenses
Product Number Description S-RA3-SRX300-S-1 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 1 Year S-RA3-SRX320-S-1 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 1 Year S-RA3-SRX340-S-1 SW, Remote Access VPN - Juniper, 150 Concurrent Users, Standard, with SW support, 1 Year S-RA3-SRX345-S-1 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 1 Year S-RA3-SRX380-S-1 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 1 Year S-RA3-5CCU-S-1 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 1 Year S-RA3-25CCU-S-1 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 1 Year S-RA3-50CCU-S-1 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 1 Year S-RA3-100CCU-S-1 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard, with SW support, 1 Year S-RA3-250CCU-S-1 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 1 Year S-RA3-500CCU-S-1 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 1 Year S-RA3-SRX300-S-3 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 3 Year S-RA3-SRX320-S-3 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 3 Year S-RA3-SRX340-S-3 SW, Remote Access VPN - Juniper, 150 Concurrent Users, Standard, with SW support, 3 Year S-RA3-SRX345-S-3 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 3 Year S-RA3-SRX380-S-3 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 3 Year S-RA3-5CCU-S-3 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 3 Year S-RA3-25CCU-S-3 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 3 Year S-RA3-50CCU-S-3 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 3 Year S-RA3-100CCU-S-3 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard, with SW support, 3 Year S-RA3-250CCU-S-3 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 3 Year S-RA3-500CCU-S-3 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 3 Year Interface Modules
Product Number Description SRX-MP-1T1E1-R 1 port T1E1, MPIM form factor supported on SRX320, SRX340, SRX345, SRX380, and SRX550M. ROHS complaint SRX-MP-1VDSL2-R 1 port VDSL2 (backward compatible with ADSL / ADSL2+), MPIM form factor supported on SRX320, SRX340, SRX345, SRX380, and SRX550M. ROHS complaint SRX-MP-LTE-AA 4G / LTE MPIM support 1, 3, 5, 7-8, 18-19, 21, 28, 38-41 LTE bands (for Asia and Australia). Supported on SRX320, SRX340, SRX345, SRX380, and SRX550M SRX-MP-LTE-AE 4G / LTE MPIM support 1-5, 7-8, 12-13, 30, 25-26, 29-30, 41 LTE bands (for Americas and EMEA). Supported on SRX320, SRX340, SRX345, SRX380, and SRX550M SRX-MP-WLAN-US Wireless access point (Wi-Fi) MPIM for SRX320, SRX34x, SRX380, and SRX550M. Supported for U.S. regulatory bands only. SRX-MP-WLAN-WW Wireless access point (Wi-Fi) MPIM for SRX320, SRX34x, SRX380, and SRX550M. Supported for worldwide regulatory bands (excluding U.S. and Israel). SRX-MP-WLAN-IL Wireless access point (Wi-Fi) MPIM for SRX320, SRX34x, SRX380, and SRX550M. Supported for Israel regulatory bands only. SRX-MP-ANT-EXT Antenna extension cable for WLAN MPIM on SRX Series platforms Accessories
Product Number Description SRX300-RMK0 SRX300 rack mount kit with adaptor tray SRX300-RMK1 SRX300 rack mount kit without adaptor tray SRX300-WALL-KIT0 SRX300 wall mount kit with brackets SRX320-P-RMK0 SRX320-POE rack mount kit with adaptor tray SRX320-P-RMK1 SRX300-POE rack mount kit without adaptor tray SRX320-RMK0 SRX320 rack mount kit with adaptor tray SRX320-RMK1 SRX320 rack mount kit without adaptor tray SRX320-WALL-KIT0 SRX320 wall mount kit with brackets SRX34X-RMK SRX340 and SRX345 rack mount kit EX-4PST-RMK SRX380 rack mount kit JSU-SSD-MLC-100 Juniper Storage Unit, SSD, MLC, 100GB JPSU-600-AC-AFO SRX380 600W AC PSU, front-to-back -
SRX380 Overview:
The SRX300 line of services gateways combines security, routing, switching, and WAN interfaces with next-generation firewall and advanced threat mitigation capabilities for costeffective, secure connectivity across distributed enterprise locations. By consolidating fast, highly available switching, routing, security, and next-generation firewall capabilities in a single device, enterprises can remove network complexity, protect and prioritize their resources, and improve user and application experience while lowering total cost of ownership (TCO).Product Description
Juniper Networks SRX300 line of services gateways delivers a next-generation networking and security solution that supports the changing needs of cloud-enabled enterprise networks. Whether rolling out new services and applications across locations, connecting to the cloud, or trying to achieve operational efficiency, the SRX300 line helps organizations realize their business objectives while providing scalable, easy to manage, secure connectivity and advanced threat mitigation capabilities. Next-generation firewall and unified threat management (UTM) capabilities also make it easier to detect and proactively mitigate threats to improve the user and application experience. The SRX300 line consists of four models:- SRX300: Securing small branch or retail offices, the SRX300 Services Gateway consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX300 supports up to 1 Gbps firewall and 300 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
- SRX320: Securely connecting small distributed enterprise branch offices, the SRX320 Services Gateway consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX320 supports up to 1 Gbps firewall and 300 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
- SRX340: Securely connecting midsize distributed enterprise branch offices, the SRX340 Services Gateway consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX340 supports up to 3 Gbps firewall and 600 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
- SRX345: Best suited for midsize to large distributed enterprise branch offices, the SRX345 Services Gateway consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX345 supports up to 5 Gbps firewall and 800 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
- SRX380: A high-performance and secure SD-WAN gateway, the SRX380 offers superior and reliable WAN connectivity while consolidating security, routing, and switching for distributed enterprise offices. The SRX380 features greater port density than other SRX300 models, with 16x1GbE PoE+ and 4x10GbE ports, and includes redundant dual power supplies, all in a 1 U form factor.
Highlights
The SRX300 line of services gateways consists of secure SD-WAN routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of remote sites. WAN or Internet connectivity and Wi-Fi module options include:- Ethernet, T1/E1, ADSL2/2+, and VDSL
- 3G/4G LTE wireless
- 802.11ac Wave 2 Wi-Fi
Mist AI
WAN Assurance Mist WAN Assurance is a cloud service that brings AI-powered automation and service levels to Juniper SRX Series Services Gateways, complementing the Juniper Secure SD-WAN solution. Mist WAN Assurance transforms IT operations from reactive troubleshooting to proactive remediation, turning insights into actions and delivering operational simplicity with seamless integration into existing deployments.- SRX Series firewalls, deployed as secure SD-WAN edge devices, deliver the rich Junos streaming telemetry that provides the insights needed for WAN health metrics and anomaly detection. This data is leveraged within the Mist Cloud and AI engine, driving simpler operations, reducing mean time to repair (MTTR) and providing greater visibility into end-user experiences.
- Insights derived from SRX Series SD-WAN gateway telemetry data allows WAN Assurance to compute unique “User Minutes” that indicate whether users are having a good experience.
- The Marvis assistant for WAN allows you to ask direct questions like “Why is my Zoom call bad?” and provides complete insights, correlation, and actions.
- Marvis Actions identifies and summarizes issues such as application latency conditions, congested WAN circuits, or negotiation mismatches.
- A Zero-Touch Provisioning (ZTP) feature simplifies branch network connectivity for initial deployment and ongoing management.
- SRX300 firewalls offer best-in-class secure connectivity.
- The SRX300 firewalls efficiently utilize multiple links and load balance traffic across the enterprise WAN, blending traditional MPLS with other connectivity options such as broadband internet, leased lines, 4G/LTE, and more.
- Policy- and application-based forwarding capabilities enforce business rules created by the enterprise to steer application traffic towards a preferred path.
Comprehensive Security Suite
The SRX300 line offers a comprehensive suite of application security services, threat defenses, and intelligence services. The services consist of intrusion prevention system (IPS), application security user role-based firewall controls and cloud-based antivirus, anti-spam, and enhanced Web filtering, protecting networks from the latest content-borne threats. Integrated threat intelligence via Juniper Networks SecIntel offers adaptive threat protection against Command and Control (C&C)-related botnets and policy enforcement based on GeoIP. Customers can also leverage their own custom and third-party feeds for protection from advanced malware and other threats. Integrating the Juniper Networks Advanced Threat Protection solution, the SRX300 line detects and enforces automated protection against known malware and zero-day threats with a very high degree of accuracy.Industry-Certified Junos Operating System
SRX300 Services Gateways run the Junos operating system, a proven, carrier-hardened OS that powers the top 100 service provider networks in the world. The rigorously tested, carrier-class, rich routing features such as IPv4/IPv6, OSPF, BGP, and multicast have been proven over 15 years of worldwide deployments. The SRX300 line also enables agile SecOps through automation capabilities that support Zero Touch Deployment, Python scripts for orchestration, and event scripting for operational management.Features & Benefits:
Business Requirement Feature/Solution SRX300 Advantages High performance Up to 5 Gbps of routing and firewall performance - Best suited for small, medium and large branch office deployments
- Addresses future needs for scale and feature capacity
Business continuity Stateful high availability (HA), IP monitoring - Uses stateful HA to synchronize configuration and firewall sessions
- Supports multiple WAN interface with dial-on-demand backup
- Route/link failover based on real-time link performance
SD-WAN Better end-user application and cloud experience and lower operational costs - ZTP simplifies remote device provisioning
- Advanced Policy-Based Routing (APBR) orchestrates business intent policies across the enterprise WAN
- Application quality of experience (AppQoE) measures application SLAs and improves end-user experience
- Controls and prioritizes traffic based on application and user role
End-user experience WAN assurance - Complements the Juniper Secure SD-WAN solution with AI-powered automation and service levels
- Provides visibility and insights into users, applications, WAN links, control and data plane, and CPU for proactive remediation
Highly secure IPsec VPN, Remote Access/SSL VPN, Media Access Control Security (MACsec) - Creates secure, reliable, and fast overlay link over public internet
- Employs anti-counterfeit features to protect from unauthorized hardware spares
- Includes high-performance CPU with built-in hardware to assist IPsec acceleration
- Provides TPM-based protection of device secrets such as passwords and certificates
- Offers secure and flexible remote access SSL VPN with Juniper Secure Connect
Threat protection IPS, antivirus, anti-spam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, and Threat Intelligence Feeds - Provides real-time updates to IPS signatures and protects against exploits
- Protects from zero-day attacks
- Implements industry-leading antivirus and URL filtering
- Integrates open threat intelligence platform with third-party feeds
- Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption
Application visibility On-box GUI, Security Director - Detects 3500+ Layer 3-7 applications, including Web 2.0
- Inspects and detects applications inside the SSL encrypted traffic
Easy to manage and scale On-box GUI, Security Director - Includes centralized management for auto-provisioning, firewall policy management, Network Address Translation (NAT), and IPsec VPN deployments, or simple, easy-to-use on-box GUI for local management
Minimize TCO Junos OS - Integrates routing, switching, and security in a single device
- Reduces operation expense with Junos automation capabilities
Technical Specifications:
Model: SRX300 SRX320 SRX340 SRX345 SRX380 Connectivity Total onboard ports 8x1GbE 8x1GbE 16x1GbE 16x1GbE 20 (16x1GbE, 4x10GbE) Onboard RJ-45 ports 6x1GbE 6x1GbE 8x1GbE 8x1GbE 16x1GbE Onboard small form-factor pluggable (SFP) transceiver ports 2x1GbE 2x1GbE 8x1GbE 8x1GbE 4x10GbE SFP+ MACsec-capable ports 2x1GbE 2x1GbE 16x1GbE 16x1GbE 16x1GbE 4x10GbE Out-of-Band (OOB) management ports 0 0 1x1GbE 1x1GbE 1x1GbE Mini PIM (WAN) slots 0 2 4 4 4 Console (RJ-45 + miniUSB) 1 1 1 1 1 USB 3.0 ports (type A) 1 1 1 1 1 Optional PoE+ ports N/A 61 0 0 16 Memory and Storage System memory (RAM) 4 GB 4 GB 4 GB 4 GB 4GB Storage (flash) 8 GB 8 GB 8 GB 8 GB 100GB SSD SSD slots 0 0 1 1 1 Dimensions and Power SRX300 SRX320 SRX340 SRX345 SRX380 Form factor Desktop Desktop 1U 1U 1U Size (WxHxD) 12.63 x 1.37 x 7.52 in. (32.08 x 3.47 x 19.10 cm) 11.81 x 1.73 x 7.52 in. (29.99 x 4.39 x 19.10 cm) 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) / 17.36 x 1.72 x 18.7 in. (44.09 x 4.36 x 47.5 cm)2 17.36 x 1.72 x 18.7 in. (44.09 x 4.37 x 47.5 cm) / 17.36 x 1.72 x 20.47 in. (44.09 x 4.37 x 52 cm) Weight (device and PSU) 4.38 lb (1.98 kg) 3.28 lb (1.51 kg)3 / 3.4 lb (1.55 kb)4 10.80 lb (4.90 kg) 10.80 lb (4.90 kg) / 11.02 lb (5 kg)5 15 lb (6.8 kg) with 1xPSU / 16.76 lb (7.6 kg) with 2xPSU Redundant PSU No No No Yes Yes Power supply AC (external) AC (external) AC (external) AC (internal) / DC (internal)5 1+1 hot-swappable AC PSU DC Input N/A N/A N/A -40.8 VDC to -72 VDC5 N/A Maximum PoE power N/A 180 W4 N/A N/A 480W Average power consumption 15.4 W 27 W3 / 112 W4 122 W 122 W 150 W (without PoE) 510 W (with PoE) Average heat dissipation 85 BTU/h 157 BTU/h3 / 755 BTU/h4 420 BTU/h 420 BTU/h 511.5 BTU/hr (without PoE) Maximum current consumption 0.346 A 0.634 A3 / 2.755 A4 1.496 A 1.496 A / 6A @ -48 VDC5 1.79A/7.32A Acoustic noise level 0dB (fanless) 37 dBA3 / 40 dBA4 45.5 dBA 45.5 dBA < 50dBA @ room temperature 27C Airflow/cooling Fanless Front to back Front to back Front to back Front to back Environmental, Compliance, and Safety Certification SRX300 SRX320 SRX340 SRX345 SRX380 Operating temperature 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C) -22° to 131° F (-30° to 55° C) for SRX345-DC 32° to 104° F (0° to 40° C) with MPIMs 32° to 122° F (0° to 50° C) without MPIMs Nonoperating temperature 4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -22° to 158° F (-30° to 70° C) for SRX345-DC -4° to 158° F (-20° to 70° C) Operating humidity 10% to 90% noncondensing Nonoperating humidity 5% to 95% noncondensing Meantime between failures (MTBF) 44.5 years 32.5 years3 / 26 years4 27 years 27.4 years 28.1 years FCC classification Class A Class A Class A Class A Class A RoHS compliance RoHS 2 RoHS 2 RoHS 2 RoHS 2 RoHS 2 FIPS 140-2 Level 2 (Junos 15.1X49-D60) Level 1 (Junos 15.1X49-D60) Level 2 (Junos 15.1X49-D60) Level 2 (Junos 15.1X49-D60) N/A Common Criteria certification NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) N/A Performance and Scale SRX300 SRX320 SRX340 SRX345 SRX380 Routing with packet mode (64 B packet size) in Kpps7 300 300 550 750 1,700 Routing with packet mode (IMIX packet size) in Mbps7 800 800 1,600 2,300 5,000 Routing with packet mode (1,518 B packet size in Mbps7 1,500 1,500 3,000 5,500 10,000 Stateful firewall (64 B packet size) in Kpps7 200 200 350 550 1,700 Stateful firewall (IMIX packet size) in Mbps7 500 500 1,100 1,700 4,000 Stateful firewall (1,518 B packet size) in Mbps7 1,000 1,000 3,000 5,000 10,000 IPsec VPN (IMIX packet size) in Mbps7 100 100 200 300 1,000 IPsec VPN (1,400 B packet size) in Mbps7 300 300 600 800 3,500 Application visibility and control in Mbps8 500 500 1,000 1,700 6,000 Recommended IPS in Mbps8 200 200 400 600 2,000 Next-generation firewall in Mbps8 100 100 200 300 1,000 Route table size (RIB/FIB) (IPv4 or IPv6) 256,000/256,000 256,000/256,000 1 million/600,0009 1 million/600,0009 1 million/600,0009 Maximum concurrent sessions (IPv4 or IPv6) 64,000 64,000 256,000 375,000 380,000 Maximum security policies 1,000 1,000 2,000 4,000 4,000 Connections per second 5,000 5,000 10,000 15,000 50,000 NAT rules 1,000 1,000 2,000 2,000 3,000 MAC table size 15,000 15,000 15,000 15,000 16,000 IPsec VPN tunnels 256 256 1,024 2,048 2,048 Number of remote access uses 25 50 150 250 500 GRE tunnels 256 256 512 1,024 2,048 Maximum number of security zones 16 16 64 64 128 Maximum number of virtual routers 32 32 64 128 128 Maximum number of VLANs 1,000 1,000 2,000 3,000 3,000 AppID sessions 16,000 16,000 64,000 64,000 64,000 IPS sessions 16,000 16,000 64,000 64,000 64,000 URLF sessions 16,000 16,000 64,000 64,000 64,000 WAN Interface SRX300 SRX320 SRX340 SRX345 SRX380 1 port T1/E1 MPIM (SRX-MP-1T1E1-R) No Yes Yes Yes Yes 1 port VDSL2 Annex A/M MPIM (SRX-MP-1VDSL2-R) No Yes Yes Yes Yes 1 port serial MPIM (SRX-MP-1SERIAL-R) No Yes Yes Yes Yes 4G / LTE MPIM (SRX-MP-LTE-AA & SRX-MP-LTE-AE) No Yes Yes Yes Yes Additional Specification Features:
Routing Protocols- IPv4, IPv6, ISO, Connectionless Network Service (CLNS)
- Static routes
- RIP v1/v2
- OSPF/OSPF v3
- BGP with Route Reflector
- IS-IS
- Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF)
- Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE)
- Virtual routers
- Policy-based routing, source-based routing
- Equal-cost multipath (ECMP)
- Support for 802.1p, DiffServ code point (DSCP), EXP
- Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
- Marking, policing, and shaping
- Classification and scheduling
- Weighted random early detection (WRED)
- Guaranteed and maximum bandwidth
- Ingress traffic policing
- Virtual channels
- Hierarchical shaping and policing
- ASIC-based Layer 2 Forwarding
- MAC address learning
- VLAN addressing and integrated routing and bridging (IRB) support
- Link aggregation and LACP
- LLDP and LLDP-MED
- STP, RSTP, MSTP
- MVRP
- 802.1X authentication
- Stateful and stateless firewall
- Zone-based firewall
- Screens and distributed denial of service (DDoS) protection
- Protection from protocol and traffic anomaly
- Integration with Pulse Unified Access Control (UAC)
- Integration with Aruba Clear Pass Policy Manager
- User role-based firewall
- SSL Inspection (Forward-proxy)
- Source NAT with Port Address Translation (PAT)
- Bidirectional 1:1 static NAT
- Destination NAT with PAT
- Persistent NAT
- IPv6 address translation
- Tunnels: Generic routing encapsulation (GRE)3, IP-IP3, IPsec
- Juniper Secure Connect: Remote access / SSL VPN
- Configuration payload: Yes
- IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
- IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
- Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
- IPsec (Internet Protocol Security): Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
- IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256
- IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
- Perfect forward secrecy, anti-reply
- Internet Key Exchange: IKEv1, IKEv2
- Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
- VPNs GRE, IP-in-IP, and MPLS
Network Services- Dynamic Host Configuration Protocol (DHCP) client/server/relay
- Domain Name System (DNS) proxy, dynamic DNS (DDNS)
- Juniper real-time performance monitoring (RPM) and IP-monitoring
- Juniper flow monitoring (J-Flow)
- Bidirectional Forwarding Detection (BFD)
- Two-Way Active Measurement Protocol (TWAMP)
- IEEE 802.3ah Link Fault Management (LFM)
- IEEE 802.1ag Connectivity Fault Management (CFM)
- Virtual Router Redundancy Protocol (VRRP)10
- Stateful high availability
- Dual box clustering
- Active/passive
- Active/active
- Configuration synchronization
- Firewall session synchronization
- Device/link detection
- In-Band Cluster Upgrade (ICU)
- Dial on-demand backup interfaces
- IP monitoring with route and interface failover
- SSH, Telnet, SNMP
- Smart image download
- Juniper CLI and Web UI
- Mist AI
- Simplified management
- WAN Assurance
- Junos Space and Security Director
- Python
- Junos OS event, commit, and OP script
- Application and bandwidth usage reporting
- Auto installation
- Debug and troubleshooting tools
- Zero-Touch Provisioning with Contrail Service Orchestration
- Packet mode
- MPLS (RSVP, LDP)
- Circuit cross-connect (CCC), translational cross-connect (TCC)
- L2/L3 MPLS VPN, pseudowires
- Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
- MPLS traffic engineering and MPLS fast reroute
- Application visibility and control
- Application-based firewall
- Application QoS
- Application-based advanced policy-based routing
- Application quality of experience (AppQoE)
- Application-based advanced policy-based routing (APBR)
- Application-based link monitoring and switchover with Application quality of experience (AppQoE)
- Intrusion prevention
- Antivirus
- Antispam
- Category/reputation-based URL filtering
- Protection from botnets (command and control)
- Adaptive enforcement based on GeoIP
- Juniper Advanced Threat Prevention to detect and block zero-day attacks
- Adaptive Threat Profiling
- Encrypted Traffic Insights
- SecIntel to provide threat intelligence
1 SRX320 with PoE+ ports available as a separate SKU: SRX320-POE. 2 3SRX345 with dual AC PSU model. 3 4SRX320 non PoE model. 4 5SRX320-POE with 6 ports PoE+ model. 5 6SRX345 with DC power supply (operating temperature as per GR-63 Issue 4 2012 test criteria). 6 7As per GR63 Issue 4 (2012) test criteria. 7 Throughput numbers based on UDP packets and RFC2544 test methodology. 8 9Throughput numbers based on HTTP traffic with 44 KB transaction size. 9 10Route scaling numbers are with enhanced route-scale features turned on. 10 Offered as advanced security services subscription licenses.
Views:
Top Front View
Front View
Rear View
Left Angle View
Right Angle ViewDocumentation:
Download the Juniper Networks SRX300 Line of Services Gateways Datasheet (PDF). -
Product Overview
The SRX550M Firewall combines security, SD-WAN, routing, switching, and WAN interfaces with next-generation firewall and advanced threat mitigation capabilities for secure, cost-effective connectivity across distributed enterprise locations. By consolidating fast, highly available switching, routing, security, and next-generation firewall in a single device, enterprises can remove network complexity, protect and prioritize their resources, and improve user and application experience while lowering total cost of ownership.
Product Description
Juniper Networks® SRX550M Firewall delivers a next-generation secure SD-WAN and security solution that supports the changing needs of cloud-enabled enterprise networks. Whether rolling out new services and applications across locations, connecting to the cloud, or trying to achieve operational efficiency, the SRX550M helps organizations realize their business objectives while providing scalable, easy to manage, secure connectivity and advanced threat mitigation capabilities. Next-generation firewall (NGFW) and advanced security also make it easier to detect and proactively mitigate threats to improve the user and application experience.Architecture and Key Components
The SRX550M Firewall is a secure router that brings high performance and proven deployment capabilities to enterprises building a worldwide network composed of thousands of remote sites. WAN or Internet connectivity module options include:- Ethernet, serial, T1/E1, ADSL2/2+, and VDSL
- 3G/4G LTE wireless
- 802.11ac Wave 2 Wi-Fi
Mist AI
WAN Assurance
Mist WAN Assurance is a cloud service that brings AI-powered automation and service levels to Juniper SRX Series Firewalls, complementing the Juniper Secure SD-WAN solution. Mist WAN Assurance transforms IT operations from reactive troubleshooting to proactive remediation, turning insights into actions and delivering operational simplicity with seamless integration into existing deployments.- SRX Series firewalls, deployed as secure SD-WAN edge devices, deliver the rich Junos streaming telemetry that provides the insights needed for WAN health metrics and anomaly detection. This data is leveraged within the Mist Cloud and AI engine, driving simpler operations, reducing mean time to repair (MTTR) and providing greater visibility into end-user experiences.
- Insights derived from SRX Series SD-WAN gateway telemetry data allows WAN Assurance to compute unique “User Minutes” that indicate whether users are having a good experience.
- The Marvis assistant for WAN allows you to ask direct questions like “Why is my Zoom call bad?” and provides complete insights, correlation, and actions.
- Marvis Actions identifies and summarizes issues such as application latency conditions, congested WAN circuits, or negotiation mismatches.
Simplifying Branch Deployments (Secure Connectivity/SD-WAN)
The SRX550M line delivers fully automated SD-WAN to both enterprises and service providers.- A Zero-Touch Provisioning (ZTP) feature simplifies branch network connectivity for initial deployment and ongoing management.
- SRX550M firewalls offer best-in-class secure connectivity.
- The SRX550M firewall efficiently utilizes multiple links and load balance traffic across the enterprise WAN, blending traditional MPLS with other connectivity options such as broadband internet, leased lines, 4G/LTE, and more.
- Policy- and application-based forwarding capabilities enforce business rules created by the enterprise to steer application traffic towards a preferred path.
Comprehensive Security Suite
At the perimeter, the SRX550M offers a comprehensive suite of application security services, threat defenses, and intelligence services. The services consist of intrusion prevention system (IPS), application security user role-based firewall controls and cloud-based antivirus, antispam, and enhanced Web filtering, protecting networks from the latest content-borne threats. Integrated threat intelligence via Juniper Networks SecIntel offers adaptive threat protection against Command and Control (C&C)-related botnets and policy enforcement based on GeoIP. Customers can also leverage their own custom and third-party feeds for protection from advanced malware and other threats. Integrating the Juniper Advanced Threat Protection solution, the SRX550M detects and enforces automated protection against known malware and zero-day threats with a high degree of accuracy.Industry-Certified Junos Operating System
SRX550M Firewalls run the Junos operating system, a proven, carrier-hardened OS that powers the top 100 service provider networks in the world. The rigorously tested, carrier-class, rich routing features such as IPv4/IPv6, OSPF, BGP, and multicast have been proven over 15 years of worldwide deployments. The SRX550M enables agile SecOps through automation capabilities that support Zero Touch Deployment, Python scripts for orchestration, and event scripting for operational management.Features and Benefits
Business Requirement Feature/Solution SRX550M Advantages High performance Up to 7 Gbps of routing and firewall performance - Meets the needs of small, medium, and large branch office deployments
- Addresses future needs for scale and feature capacity
Business continuity Stateful high availability (HA), IP monitoring - Uses stateful HA to synchronize configuration and firewall sessions
- Supports multiple WAN interface with dial-on-demand backup
- Performs route/link failover based on real-time link performance
SD-WAN Better end-user application and cloud experience and lower operational costs - ZTP simplifies remote device provisioning
- Orchestrates business intent policies across the enterprise WAN via centralized or local advanced policy-based routing (APBR)
- Measures application service-level agreements (SLAs) and improves end-user experience through application quality of experience (AppQoE)
- Detects 4,275 Layer 3-7 applications, including Web 2.0
- Inspects and detects applications in SSL-encrypted traffic
- Controls and prioritizes traffic based on application and user role
End-user experience WAN assurance - Provides AI-powered automation and service levels that complement the Juniper secure SD-WAN solution
- Provides visibility and insights into users, applications, WAN links, controls, and data plane CPU for proactive remediation
High security IPsec VPN, Remote Access/SSL VPN, Media Access Control Security (MACsec) - Creates secure, reliable, and fast overlay link over public Internet
- Employs anti-counterfeit features to defend against unauthorized hardware spares
- Includes high-performance CPU with built-in hardware assist IPsec acceleration
- Offers secure and flexible remote access SSL VPN with Juniper Secure Connect
Threat protection IPS, antivirus, antispam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, and Threat Intelligence Feeds - Provides real-time updates to IPS signatures and protects against exploits
- Implements industry-leading antivirus and URL filtering
- Protects against zero-day attacks
- Integrates open threat intelligence platform with third-party feeds
- Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption
Easy management and scale On-box GUI, Security Director - Includes centralized management for autoprovisioning, firewall policy management, Network Address Translation (NAT), and IPsec VPN deployments
- Includes simple, easy-to-use on-box GUI for local management
Minimal TCO Junos OS - Integrates routing, switching, and security in a single device
- Reduces operational expense with Junos OS automation capabilities
SRX550M Specifications
Software Specifications
Routing Protocols
- IPv4, IPv6, ISO, Connectionless Network Service (CLNS)
- Static routes
- RIP v1/v2
- OSPF/OSPF v3
- BGP with route reflector
- IS-IS
- Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF)
- Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE)
- Virtual routers
- Policy-based routing, source-based routing
- Equal-cost multipath (ECMP)
QoS Features
- Support for 802.1p, DiffServ code point (DSCP), EXP
- Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
- Marking, policing, and shaping
- Classification and scheduling
- Weighted random early detection (WRED)
- Guaranteed and maximum bandwidth
- Ingress traffic policing
- Virtual channels
- Hierarchical shaping and policing
Switching Features
- ASIC-based Layer 2 forwarding
- MAC address learning
- VLAN addressing and integrated routing and bridging (IRB) support
- Link aggregation and LACP
- Link Layer Discovery Protocol (LLDP) and Link Layer Discovery Protocol–Media Endpoint Discovery (LLDP-MED)
- Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP)
- Multiple VLAN Registration Protocol (MVRP)
- 802.1X authentication
Firewall Services
- Stateful and stateless firewall
- Zone-based firewall
- Screens and distributed denial of service (DDoS) protection
- Protection from protocol and traffic anomaly
- Integration with Pulse Unified Access Control (UAC)
- Integration with Aruba Clear Pass Policy Manager
- User role-based firewall
- SSL Inspection (forward-proxy)
Network Address Translation (NAT)
- Source NAT with Port Address Translation (PAT)
- Bidirectional 1:1 static NAT
- Destination NAT with PAT
- Persistent NAT
- IPv6 address translation
VPN Features
- Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4/IPv6/Dual Stack)
- Juniper Secure Connect: Remote access/SSL VPN
- Configuration payload: Yes
- IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
- IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
- Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
- IPsec (Internet Protocol Security): Authentication Header (AH)/Encapsulating Security Payload (ESP) protocol
- IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256
- IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
- Perfect forward secrecy, anti-reply
- Internet Key Exchange: IKEv1, IKEv2
- Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
- VPNs GRE, IP-in-IP, and MPLS
Network Services
- Dynamic Host Configuration Protocol (DHCP) client/server/relay
- Domain Name System (DNS) proxy, dynamic DNS (DDNS)
- Juniper real-time performance monitoring (RPM) and IP-monitoring
- Juniper flow monitoring (J-Flow)
- Bidirectional Forwarding Detection (BFD)
- Two-Way Active Measurement Protocol (TWAMP)
- IEEE 802.3ah Link Fault Management (LFM)
- IEEE 802.1ag Connectivity Fault Management (CFM)
High Availability Features
- Virtual Router Redundancy Protocol (VRRP)
- Stateful high availability
- Dual box clustering
- Active/passive
- Active/active
- Configuration synchronization
- Firewall session synchronization
- Device/link detection
- In-Band Cluster Upgrade (ICU)
- Dial on-demand backup interfaces
- IP monitoring with route and interface failover
Management, Automation, Logging, and Reporting
- SSH, Telnet, SNMP
- Smart image download
- Juniper CLI and Web UI
- Mist AI
- Simplified management
- WAN Assurance
- Junos Space and Security Director
- Python, PyEz, and Ansible modules
- Junos OS event, commit, and OP script
- Application and bandwidth usage reporting
- Auto installation
- Debug and troubleshooting tools
- ZTP with Contrail Service Orchestration
Advanced Routing Services
- Packet mode
- MPLS (RSVP, LDP)
- Circuit cross-connect (CCC), translational cross-connect (TCC)
- L2/L3 MPLS VPN, pseudowires
- Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
- MPLS traffic engineering and MPLS fast reroute
Application Security Services1
- Application visibility and control
- Application-based firewall
- Application QoS
Enhanced SD-WAN Services
- Application-based advanced policy-based routing (APBR)
- Application quality of experience (AppQoE)
- Application-based link monitoring and switchover with AppQoE
Threat Defense and Intelligence Services1
- Intrusion prevention system (IPS)
- Antivirus
- Antispam
- Category/reputation-based URL filtering
- Protection from botnets (command and control)
- Adaptive enforcement based on GeoIP
- Juniper Advanced Threat Prevention to detect and block zero-day attacks
- Adaptive Threat Profiling
- Encrypted Traffic Insights
- Juniper SecIntel to provide threat intelligence
Hardware Specifications
Network Connectivity
- Fixed I/O: 6 x 10/100/1000 BASE-T + 4 small form-factor pluggable transceivers (SFP transceivers)
- I/O slots: 2 x SRX Series Mini-PIM, 6 x Gigabit-Backplane Physical Interface Module (GPIM) or multiple GPIM and XPIM combinations
- Services and Routing Engine slots: No
- WAN/LAN interface options: See ordering information
- Maximum number of PoE ports (PoE optional on some SRX Series models): Up to 40 ports of 802.3af/at with maximum 247 W
- USB: 2
Flash and Memory
- Memory (DRAM): 4 GB
- Memory slots: 2 DIMM
- Flash memory: 8 GB, CF internal
- USB port for external storage: Yes
Dimensions and Power
- Dimensions (W x H x D): 17.5 x 3.5 x 18.2 in (44.4 x 8.8 x 46.2 cm)
- Weight (device and power supply): 21.96 lb (9.96 kg) (no interface modules, 1 power supply)
- Rack-mountable: Yes, 2 U
- Power supply (AC): 100-240 VAC, single 645 W or dual 645 W
- Maximum PoE power: 247 W redundant, or 494 W non-redundant
- Average power consumption: 85 W
- Input frequency: 50-60 Hz
- Maximum current consumption: 7.5 A @ 100 VAC with single PSU with PoE, 10.5 A @ 100 VAC with dual PSU with PoE
- Maximum inrush current: 45 A for half-cycle
- Average heat dissipation: 238 BTU/hr
- Maximum heat dissipation: 1449 BTU/hr
- Redundant power supply (hot swappable): Yes (up to maximum capacity of single PSU)
- Acoustic noise level (per ISO 7779 Standard): 51.8 dB
Environmental, Compliance, and Safety Certification
- Operational temperature: 32° to 104° F (0° to 40° C)
- Nonoperational temperature: 4° to 158° F, (-20° to 70° C)
- Humidity (operating): 10% to 90% noncondensing
- Humidity (nonoperating): 5% to 95% noncondensing
- Mean time between failures (Telcordia model): 9.6 years with redundant power
- FCC classification: Class A
- RoHS compliance: Yes
Performance and Scale
- Firewall performance (large packets)2: 7 Gbps
- Firewall performance (IMIX)2: 2 Gbps
- Firewall + routing pps (64 Byte)2: 700 Kpps
- Firewall performance (HTTP)3: 2 Gbps
- IPsec VPN throughput (large packets): 1.0 Gbps
- IPsec VPN tunnels: 2000
- Application firewall4: 2.0 Gbps
- Intrusion prevention system (IPS)3: 800 Mbps
- Antivirus: 300 Mbps (Sophos antivirus)
- Connections per second: 27,000
- Maximum concurrent sessions: 375,000
- Maximum security policies: 8000
- Maximum users supported: Unrestricted
- Route table size (RIB/FIB) (IPv4 or IPv6): 1.5 million/750,000
- NAT rules: 6144
- MAC table size: 15,000
- Number of remote access/SSL VPN (concurrent) users: 500
- GRE tunnels: 1500
- Maximum number of security zones: 96
- Maximum number of virtual routers: 128
- Maximum number of VLANs: 3967
- AppID sessions: 65,000
- IPS sessions: 64,000
- URL filtering (URLF) sessions: 64,000
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.Ordering Information
To order Juniper Networks SRX Series Firewalls, and to access software licensing information, please visit the How to Buy page at https://www.juniper.net/us/en/how-to-buy/form.html.Product Number Description SRX550M Base System SRX550-645AP-M SRX550M Firewall with 4 GB DRAM and 8 GB CF, 2 U height, 6 GPIM slots, 2 Mini-PIM slots, 6 10/100/1000BASE-T ports, 4GbE SFP ports, dual PS slots, and fans; ships with one 645 W AC power supply with 247 W PoE power (power cord and rack-mount kit included) SRX550-645DP-M SRX550M Firewall with 4 GB DRAM and 8 GB CF, 2 U height, 6 GPIM slots, 2 Mini-PIM slots, 6 10/100/1000BASE-T ports, 4GbE SFP ports, dual PS slots, and fans; ships with one 645 W DC power supply with 247 W PoE power (no power cord or rack-mount kit included) SRX550M Power Supplies and Accessories SRX600-PWR-645AC-POE Spare 645 W AC PoE power supply unit for SRX550M systems; one is included in SRX550M base system (SRX550M-645AC) SRX600-PWR-645DC-POE 645 W DC source power supply for SRX550M provides 397 W system power @ 12 V and 248 W PoE power @ 50 VDC; works with 43-56 VDC input; no power cord SRX550-CHAS-M SRX550M Firewall, 2 U height, 6 GPIM slots, 2 Mini-PIM slots, 6 10/100/1000BASE-T ports, 4 GbE SFP ports, dual PS slots, and fans (power supply not included) SRX550M Software Licenses SRX550-IDP One-year subscription for intrusion detection and prevention (IDP) updates on SRX550M SRX550-S2-AS One-year subscription for Juniper-Sophos antispam updates on SRX550M SRX550-W-EWF One-year subscription for Juniper Web filtering updates on SRX550M SRX550-S-SMB4-CS One-year security subscription for enterprise; includes Sophos antivirus, enhanced Web filtering, Sophos antispam, AppSecure, and IDP on SRX550M SRX550-ATP-1 One-year subscription for Advanced Threat Prevention Cloud for SRX550M SRX550-S-AV-3 Three-year subscription for Juniper-Sophos antivirus updates on SRX550M SRX550-IDP-3 Three-year subscription for IDP updates on SRX550M SRX550-S2-AS-3 Three-year subscription for Juniper-Sophos antispam updates on SRX550M SRX550-W-EWF-3 Three-year subscription for Juniper Web filtering updates on SRX550M SRX550-S-SMB4-CS-3 Three-year subscription for enterprise-includes Sophos antivirus, enhanced Web filtering, Sophos antispam, AppSecure, and IDP on SRX550M SRX550-ATP-3 Three-year subscription for Advanced Threat Prevention Cloud for SRX550M SRX550-IDP-5 Five-year license for IDP updates on SRX550M SRX550-W-EWF-5 Five-year subscription for Juniper Web filtering updates on SRX550M SRX550-S-SMB4-CS-5 Five year security subscription for enterprise; includes Sophos antivirus, enhanced Web filtering, Sophos antispam, AppSecure, and IDP on SRX550M SRX550-APPSEC-A-1 One-year subscription for Application Security and IPS updates for SRX550M SRX550-APPSEC-A-3 Three-year subscription for Application Security and IPS updates for SRX550M SRX550-APPSEC-A-5 Five-year subscription for Application Security and IPS updates for SRX550M SRX550-ATP-5 Five-year subscription for Advanced Threat Prevention Cloud for SRX550 Remote Access/Juniper Secure Connect VPN Licenses S-RA3-5CCU-S-1 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 1 Year S-RA3-25CCU-S-1 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 1 Year S-RA3-50CCU-S-1 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 1 Year S-RA3-100CCU-S-1 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard, with SW support, 1 Year S-RA3-250CCU-S-1 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 1 Year S-RA3-500CCU-S-1 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 3 Year S-RA3-5CCU-S-3 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 3 Year S-RA3-25CCU-S-3 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 3 Year S-RA3-50CCU-S-3 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 3 Year S-RA3-100CCU-S-3 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard, with SW support, 3 Year S-RA3-250CCU-S-3 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 3 Year S-RA3-500CCU-S-3 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 3 Year Interface Modules SRX-GP-16GE-POE 16-port 10/100/1000BASE-T PoE XPIM SRX-GP-8SFP 8-port GbE copper, fiber SFP XPIM SRX-GP-DUAL-T1-E1 Dual T1/E1 GPIM SRX-GP-QUAD-T1-E1 Quad T1/E1 GPIM SRX-GP-1DS3-E3 1-port clear channel DS3/E3 GPIM single GPIM slot SRX-MP-1T1E1-R 1 port T1E1, MPIM form factor supported on SRX320, SRX340, SRX345, SRX380, and SRX550M Firewalls; ROHS compliant SRX-MP-1VDSL2-R 1 port VDSL2 (backward compatible with ADSL/ADSL2+), MPIM form factor supported on SRX320, SRX340, SRX345, SRX380, and SRX550M Firewalls; ROHS compliant SRX-MP-1SERIAL-R 1 port Synchronous Serial, MPIM form factor supported on SRX320, SRX340, SRX345, SRX380, and SRX550M Firewalls; ROHS compliant SRX-MP-LTE-AA 4G/LTE MPIM support for 1, 3, 5, 7-8, 18-19, 21, 28, 38-41 LTE bands (for Asia and Australia); supported on SRX320, SRX340, SRX345, SRX380, and SRX550M Firewalls SRX-MP-LTE-AE 4G/LTE MPIM support for 1-5, 7-8, 12-13, 30, 25-26, 29-30, 41 LTE bands (for Americas and EMEA); supported on SRX320, SRX340, SRX345, SRX380, and SRX550M Firewalls SRX-MP-WLAN-US Wireless access point (Wi-Fi) MPIM for SRX320, SRX340, SRX345, SRX380, and SRX550M Firewalls; supported for U.S. regulatory bands only SRX-MP-WLAN-WW Wireless access point (Wi-Fi) MPIM for SRX320, SRX340, SRX345, SRX380, and SRX550M Firewalls; supported for worldwide regulatory bands (excluding U.S. and Israel) SRX-MP-WLAN-IL Wireless access point (Wi-Fi) MPIM for SRX320, SRX340, SRX345, SRX380, and SRX550M Firewalls; supported for Israel regulatory bands only SRX-MP-ANT-EXT Antenna extension cable for WLAN MPIM on SRX Series platforms -
Product Overview
The EX4100 line of Ethernet access switches offers secure, cloud-ready access for enterprise campus, branch, and data center networks in the AI era and optimized for the cloud. These platforms boost network performance and visibility, meeting the security demands of today—as well as for networks of the next decade. As part of the underlying infrastructure for Juniper Mist Wired Assurance, the EX4100 line is purpose-built for, and managed by, the cloud. The switches leverage Mist AI to simplify operations and provide better visibility into the experience of connected devices, delivering a refreshing, experience-first approach to access layer switching.
Product Description
The Juniper Networks® EX4100 line of Ethernet Switches offers a secure, cloud-ready portfolio of access switches ideal for enterprise branch, campus, and data center networks. The EX4100 switches combine the simplicity of the cloud, the power of Mist AI™, and a robust hardware foundation with best-in-class security and performance to deliver a differentiated approach to access switching in the cloud, mobile, and IoT era. With Juniper® Mist™ Wired Assurance, the EX4100 line of Switches can be effortlessly onboarded, configured, and managed from the cloud. This simplifies operations, improves visibility, and ensures a much better experience for connected devices. Key features of the EX4100 include:- Cloud-ready, driven by Mist AI with Juniper Mist Wired Assurance and Marvis Virtual Network Assistant
- Ethernet VPN–Virtual Extensible LAN (EVPN-VXLAN) to the access layer
- Standards-based microsegmentation using group-based policies (GBPs)
- Switch-to-switch encryption using Media Access Control Security (MACsec) AES256
- IEEE 802.3bt Power over Ethernet Plus (PoE++)
- Flow-based telemetry to monitor traffic flows for anomaly detection, ability to measure packet delays and report drop reasons
- Precision Timing Protocol–Transparent Clock
- 10-member Virtual Chassis support
- The EX4100-48MP, which offers 16 x 100 MB/1GbE/2.5GbE and 32 x 10 MB/100 MB/1GbE Power over Ethernet (PoE++) access ports, delivering up to 90 W per PoE port with an overall total 1620 W of PoE power budget (using two power supplies)
- The EX4100-24MP, which offers 8 x 100 MB/1GbE/2.5GbE/5GbE/10GbE and 16 x 10 MB/100 MB/1GbE PoE++ access ports, delivering up to 90 W per port with an overall total 1620 W of PoE power budget (using two power supplies)
- The EX4100-24T, which offers 24 x 1GbE non-PoE access ports
- The EX4100-24P, which offers 24 x 1GbE PoE+ access ports, delivering up to 30 W per port with an overall total 1440 W of PoE power budget (using two power supplies)
- The EX4100-48T, which offers 48 x 1GbE non PoE-access ports
- The EX4100-48P, which offers 48 x 1GbE PoE+ access ports, delivering up to 30 W per port with an overall total 1440 W of PoE power budget (using two power supplies)
Each EX4100 model offers 4 x 1/10GbE small form-factor pluggable plus transceiver (SFP+) fixed uplink ports. The EX4100 switches include 4 x 10GbE/25GbE SFP28 ports to support Virtual Chassis connections, which can be reconfigured for use as Ethernet ports for uplink connectivity. EX4100 switches also include high availability (HA) features such as redundant, hot-swappable power supplies and field-replaceable fans to ensure maximum uptime. In addition, -24 port and -48 port Multi-Gigabit Ethernet EX4100 switch models offer standards-based 802.3af/at/bt (PoE/PoE+/PoE++) for delivering up to 90 watts on any access port. The EX4100 switches can be configured to deliver fast PoE capability, which enables the switches to deliver PoE power to connected PoE devices within a few seconds of power being applied to the switches.Architecture and Key Components
Cloud Management with Juniper Mist Wired Assurance Driven by Mist AI
EX4100 switches can be quickly and easily onboarded (Day 0), provisioned (Day 1), and managed (Day 2+) from the cloud with Juniper Mist Wired Assurance, which brings AI-powered automation and insights that optimize experiences for end users and connected devices. The EX4100 provides rich Junos® operating system telemetry data for Mist AI, which helps achieve simpler operations, shorter mean time to repair (MTTR), and streamlined troubleshooting. For more information, read the Juniper Mist Wired Assurance datasheet. In addition to Juniper Mist Wired Assurance, Marvis Virtual Network Assistant—a key part of The Self-Driving Network™— makes the Mist AI engine interactive. A digital extension of the IT team, Marvis offers automatic fixes or recommended actions, allowing IT teams to streamline how they troubleshoot and manage their network operations.
Figure 1: EX4100 Virtual Chassis configuration interconnected via dedicated front-panel 25GbE portsEVPN-VXLAN Technology
Most traditional campus networks have a single-vendor, chassis-based architecture that worked well for smaller, static campuses with few endpoints. However, this approach is too rigid to support the changing needs of modern campus networks. The EX4100 supports EVPN-VXLAN, extending an end-to-end fabric from campus core to distribution to the access layer. An EVPN-VXLAN fabric is a simple, programmable, highly scalable architecture built on open standards. This technology can be applied in both data centers and campuses for architectural consistency. A campus EVPN-VXLAN architecture uses a Layer 3 IP-based underlay network and an EVPN-VXLAN overlay network. A flexible overlay network based on a VXLAN overlay with an EVPN control plane efficiently provides Layer 2 and/or Layer 3 connectivity throughout the network. EVPN-VXLAN also offers a scalable way to build and interconnect multiple campus sites, delivering:- Greater consistency and scalability across all network layers
- Multivendor deployment support
- Reduced flooding and learning
- Location-agnostic connectivity
- Consistent network segmentation
- Simplified management
Virtual Chassis Technology
Juniper’s Virtual Chassis technology allows multiple interconnected switches to operate as a single, logical unit, enabling users to manage all platforms as one virtual device. Up to 10 EX4100 switches can be interconnected as a Virtual Chassis using 4 x 25GbE SFP28 dedicated front-panel ports. Although configured as Virtual Chassis ports by default, the 4 x 25GbE SFP28 uplinks can also be configured as uplink ports. The EX4100 switches can form a Virtual Chassis with any other models within the EX4100 product line.Microsegmentation Using Group-Based Policy
GBP leverages underlying VXLAN technology to provide location-agnostic endpoint access control. This allows network administrators to implement consistent security policies across the enterprise network domains. The EX4100 supports a standards-based GBP solution, allowing different levels of access control for endpoints and applications even within the same VLAN. Customers can simplify their network configuration by using GBP, avoiding the need to configure large numbers of firewall filters on all their switches. GBP can block lateral threats by ensuring consistent application of security group policies throughout the network, regardless of the location of endpoints and/or users.Flow-Based Telemetry
Flow-based telemetry enables flow-level analytics, allowing network administrators to monitor thousands of traffic flows on the EX4100 without burdening the CPU. This improves network security by monitoring, baselining, and detecting flow anomalies. For example, if predefined flow thresholds are breached due to an attack, IP Flow Information Export (IPFIX) alerts can be sent to an external server to quickly identify the attack. Network administrators can also automate specific workflows, such as further examining the traffic or quarantining a port, to triage the issue. In addition to DOS attacks, Flow-Based Telemetry on EX4100 switches can measure packet delays at ingress, chip, and egress points, as well as report drop reasons.Features and Benefits
Simplified Operations with Juniper Mist Wired Assurance
The EX4100 is fully cloud onboarded, provisioned, and managed by Juniper Mist Wired Assurance. The EX4100 is designed from the ground up to deliver the rich telemetry that enables AI for IT Operations (AIOps) with simplified operations from Day 0 to Day 2 and beyond. Juniper Mist Wired Assurance provides detailed switch insights for easier troubleshooting and improved time to resolution by offering the following features:- Day 0 operations—Onboard switches seamlessly by claiming a greenfield switch or adopting a brownfield switch with a single activation code for true plug-and-play simplicity.
- Day 1 operations—Implement a template-based configuration model for bulk rollouts of traditional and campus fabric deployments, while retaining the flexibility and control required to apply custom site- or switch-specific attributes. Automate provisioning of ports via Dynamic Port Profiles.
- Day 2 operations—Leverage the AI in Juniper Mist Wired Assurance to meet service-level expectations such as throughput, successful connects, and switch health with key pre- and post-connection metrics (see Figure 1). Add the self-driving capabilities in Marvis Actions to detect loops, add missing VLANs, fix misconfigured ports, identify bad cables, isolate flapping ports, and discover persistently failing clients (see Figure 2). And perform software upgrades easily through Juniper Mist Cloud.
Figure 2: Juniper Mist Wired Assurance service-level expectations screen
Figure 3: Marvis Actions for wired switchesThe complimentary addition of Marvis Virtual Network Assistant, driven by Mist AI, lets you start building a Self-Driving Network that simplifies network operations and streamlines troubleshooting via automatic fixes for Juniper Networks EX Series Switches or recommended actions for external systems. For more information, see Juniper Mist Wired Assurance.Campus Fabric Deployments
EVPN-VXLAN for Campus Core, Distribution, and Access
The main advantages of EVPN-VXLAN in campus networks are:- Flexibility of consistent VLANs across the network: Endpoints can be placed anywhere in the network and remain connected to the same logical L2 network, enabling a virtual topology to be decoupled from the physical topology.
- Microsegmentation: The EVPN-VXLAN-based architecture lets you deploy a common set of policies and services across campuses with support for L2 and L3VPNs.
- Scalability: With an EVPN control plane, enterprises can scale out easily by adding more core, aggregation, and access layer devices as the business grows without having to redesign the network or perform a forklift upgrade. Using an L3 IP-based underlay coupled with an EVPN-VXLAN overlay, campus network operators can deploy much larger and more resilient networks than would otherwise be possible with traditional L2 Ethernet-based architectures.
Figure 4: Campus fabrics showing Virtual Chassis and EVPN-VXLAN-based architecturesAll three topologies are standards-based and interoperable with third-party vendors. The EX4100 switches can be deployed in campus and branch access layer networks in the EVPN-VXLAN architectures shown in Figure 4.Managing AI-Driven Campus Fabric with the Juniper Mist Cloud
Juniper Mist Wired Assurance brings cloud management and Mist AI to the campus fabric. It sets a new standard that moves away from traditional network management towards AI-driven operations, while delivering better experiences to connected devices. Juniper Mist Cloud streamlines deployment and management of campus fabric architectures by allowing:- Automated deployment and zero-touch deployment (ZTD)
- Anomaly detection
- Root cause analysis
Figure 5: EVPN multihoming configuration via the Juniper Mist cloudChassis-Class Availability
The EX4100 switches deliver high availability through redundant power supplies and fans, graceful Routing Engine switchover (GRES), and nonstop bridging and routing when deployed in a Virtual Chassis configuration. In a Virtual Chassis configuration, each EX4100 switch is capable of functioning as a Routing Engine (RE). When two or more EX4100 switches are interconnected, a single control plane is shared among all Virtual Chassis member switches. Junos OS automatically initiates an election process to assign a primary (active) and backup (hot-standby) RE. An integrated L2 and L3 GRES feature maintains uninterrupted access to applications, services, and IP communications in the unlikely event of a primary RE failure. When more than two switches are interconnected in a Virtual Chassis configuration, the remaining switch elements act as line cards and are available to assume the backup RE position should the designated primary RE fail. Primary, backup, and line card priority status can be assigned to dictate the order of ascension; this N+1 RE redundancy, coupled with the GRES, nonstop active routing (NSR), and nonstop bridging (NSB) capabilities of Junos OS, assures a smooth transfer of control plane functions following unexpected failures. The EX4100 implements the same slot/module/port numbering scheme as other Juniper chassis-based products when numbering Virtual Chassis ports, providing true chassis-like operations. By using a consistent operating system and a single configuration file, all switches in a Virtual Chassis configuration are treated as a single device, greatly simplifying overall system maintenance and management. Individually, the EX4100 offers a number of HA features that are typically associated with modular chassis-based switches. When combined with the field-proven Junos OS and L2/L3 failover capabilities, these features provide the EX4100 with true carrier-class reliability.- Redundant power supplies: The EX4100 line of switches supports redundant, load-sharing, hot-swappable, and field-replaceable power supplies to maintain uninterrupted operations. Thanks to its compact footprint, the EX4100 requires significantly less power than chassis-based switches delivering equivalent port densities.
- Hot-swappable fans: The EX4100 includes hot-swappable fans, providing sufficient cooling (for a short duration) even if one of the fans were to fail.
- Nonstop bridging and nonstop active routing: NSB and NSR on the EX4100 ensure that control plane protocols, states, and tables are synchronized between primary and standby REs to prevent protocol flaps or convergence issues following an RE failover.
- Redundant trunk group (RTG): To avoid the complexities of STP without sacrificing network resiliency, the EX4100 employs redundant trunk groups to provide the necessary port redundancy and simplify switch configuration.
- Cross-member link aggregation: Cross-member link aggregation allows redundant link aggregation connections between devices in a single Virtual Chassis configuration, providing an additional level of reliability and availability.
- IPv4 and IPv6 routing support: IPv4 and IPv6 Layer 3 routing (OSPF and BGP) is available with a Flex license, enabling highly resilient networks.
MACsec AES256
The EX4100 switches support IEEE 802.1ae MACsec with AES-256-bit encryption to increase security of point-to-point traffic communications. MACsec provides encrypted communication at the link layer that is capable of identifying and preventing threats from denial of service (DoS) and other intrusion attacks, as well as man-in-the-middle, masquerading, passive wiretapping, and playback attacks launched from behind the firewall. When MACsec is deployed on ports, the traffic is encrypted on the wire, but the traffic inside the switch is not. This allows the switch to apply network policies such as quality of service (QoS) or deep packet inspection (DPI) to each packet without compromising the security of packets on the wire.PoE/PoE+/PoE++ Power, Perpetual and Fast PoE
The EX4100 delivers PoE for supporting connected devices such as phones, surveillance cameras, IoT devices, and 802.11AX/Wi-Fi 6 access points, offering a PoE power budget of up to 1620W and supporting up to 90W per port based on the IEEE 802.3bt PoE standard. EX4100 switches support perpetual PoE, which provides uninterrupted power to connected PoE powered devices (PDs) even when the EX4100 switch is rebooting. The EX4100 switches also support a fast PoE capability that delivers PoE power to connected endpoints during a switch power-up, even before the switch is fully operational. This is especially beneficial in situations where the endpoint only needs the power and is not necessarily dependent on network connectivity.Junos Telemetry Interface
The EX4100 supports Junos telemetry interface (JTI), a modern telemetry streaming feature designed for switch health and performance monitoring. Sensor data can be streamed to a management system at configurable periodic intervals, enabling network administrators to monitor individual link and node utilization as well as troubleshoot issues such as network congestion in real time. JTI delivers the following features:- Performance management by provisioning sensors to collect and stream data and analyze application and workload flow paths through the network
- Capacity planning and optimization by proactively detecting hotspots and monitoring latency and microbursts
- Troubleshooting and root cause analysis via high-frequency monitoring and correlation of overlay and underlay networks
Junos Operating System
The EX4100 switches run Junos OS, Juniper’s powerful and robust network operating system that powers all Juniper switches, routers, and firewalls. By utilizing a common operating system, Juniper delivers a consistent implementation and operation of control plane features across all products. To maintain that consistency, Junos OS adheres to a highly disciplined development process that uses a single source code and employs a highly available modular architecture to prevent isolated failures from bringing down an entire system. These attributes are fundamental to the core value of the software, enabling all Junos OS-powered products to be updated simultaneously with the same software release. All features are fully regression tested, making each new release a true superset of the previous version. Customers can deploy the software with complete confidence that all existing capabilities are maintained and operate in the same way.Flex Licensing
Juniper Flex licensing offers a common, simple, and flexible licensing model for EX Series access switches, enabling customers to purchase features based on their network and business needs. Flex licensing is offered in Standard, Advanced, and Premium tiers. Standard tier features are available with the Junos OS image that ships with EX Series switches. Additional features can be unlocked with the purchase of a Flex Advanced or Flex Premium license. The Flex Advanced and Flex Premium licenses for the EX Series platforms are class-based, determined by the number of access ports on the switch. Class 1 (C1) switches have 12 ports, Class 2 (C2) switches have 24 ports, and Class 3 (C3) switches have 32 or 48 ports. The EX4100 switches support both subscription and perpetual Flex licenses. Subscription licenses are offered for three- and five-year terms. In addition to Junos OS features, the Flex Advanced and Flex Premium subscription licenses include Juniper Mist Wired Assurance. Flex Advanced and Flex Premium subscription licenses also allow portability across the same tier and class of switches, ensuring investment protection for the customer. For a complete list of features supported by the Flex Standard, Advanced, and Premium tiers, or to learn about Junos OS EX Series licenses, please visit: https://www.juniper.net/documentation/us/en/software/license/licensing/topics/concept/ flex-licenses-for-ex.html.Enhanced Limited Lifetime Warranty
The EX4100 includes an enhanced limited lifetime hardware warranty that provides return-to-factory switch replacement for as long as the original purchaser owns the product. The warranty includes lifetime software updates, advanced shipping of spares within one business day, and 24x7 Juniper Networks Technical Assistance Center (JTAC) support for 90 days after the purchase date. Power supplies and fan trays are covered for a period of five years. For complete details, please visit https://support.juniper.net/support/pdf/warranty/990240.pdf.Product Options
Available EX4100 models are listed in Table 1.Table 1. EX4100 Line of Ethernet SwitchesModel/Product SKU Access Port Configuration PoE/PoE+Ports PoE++Ports PoE Budget 1 PSU/2 PSU 10GbE Ports 25GbE Ports Power Supply Rating Cooling EX4100-24T 24-port 10/100/1000BASE-T 0 0 N/A 4 4 150 W AC AFO (front-to-back airflow) EX4100-48T 48-port 10/100/1000BASE-T 0 0 N/A 4 4 150 W AC AFO (front-to-back airflow) EX4100-48T-AFI 48-port 10/100/1000BASE-T 0 0 N/A 4 4 150 W AC AFI (back-to-front airflow) EX4100-24T-DC 24-port 10/100/1000BASE-T 0 0 N/A 4 4 150 W DC AFO (front-to-back airflow) EX4100-48T-DC 48-port 10/100/1000BASE-T 0 0 N/A 4 4 150 W DC AFO (front-to-back airflow) EX4100-24P 24-port 10/100/1000BASE-T 24 0 740 W/1440 W 4 4 920 W AC AFO (front-to-back airflow) EX4100-48P 48-port 10/100/1000BASE-T 48 0 740 W/1440 W 4 4 920 W AC AFO (front-to-back airflow) EX4100-24MP 8x 100 MB/1GbE/2.5GbE/5GbE/10GbE + 16x 10 MB/100 MB/1GbE 0 24 740W/1620 W 12 4 920 W AC AFO (front-to-back airflow) EX4100-48MP 16x 100 MB/1GbE/2.5GbE + 32x 10 MB/100 MB/1GbE 0 48 740 W/1620 W 4 4 920 W AC AFO (front-to-back airflow) The EX4100 also offers spare chassis options without power supplies or fans, providing customers with the flexibility to stock SKUs (see Table 2). See the Ordering Information section for additional details.Table 2. EX4100 Spare Chassis SKUsSpare Chassis SKU Description JPSU-150-AC-AFO + EX4100-FAN-AFO JPSU-150-AC-AFI + EX4100-FAN-AFI JPSU-150-DC-AFO + EX4100-FAN-AFO JPSU-920-AC-AFO + EX4100-FAN-AFO EX4100-24T-CHAS Spare chassis, 24-port 10/100/1000BASE-T Y X Y X EX4100-48T-CHAS Spare chassis, 48-port 10/100/1000BASE-T Y Y X X EX4100-24P-CHAS Spare chassis, 24-port 10/100/1000BASE-T X X X Y EX4100-48T-CHAS Spare chassis, 48-port 10/100/1000BASE-T X X Y X EX4100-24MP-CHAS Spare chassis, 8x100 MB/1GbE/2.5GbE/5GbE/10GbE + 16x10 MB/100 MB/1GbE ports X X X Y EX4100-48MP-CHAS Spare chassis, 16x100 MB/1GbE/2.5GbE + 32x10 MB/100 MB/1GbE ports X X X Y 
Figure 6: EX4100 line of SwitchesEX4100 Line Specifications
Physical Specifications
Backplane
- 200 Gbps Virtual Chassis interconnect to combine up to 10 units as a single logical device
Power Options
- Power supplies: Autosensing; 100-120 V/200-240 V; 150 W, 920 W AC AFO, and 150 W AC AFI dual load sharing hot-swappable internal redundant power supplies
- Maximum current inrush: 30 amps
- DC power supply: 150 W DC AFO; input voltage range 48-60 V max; dual load-sharing hot-swappable internal redundant power supplies
- Minimum number of PSUs required for fully loaded chassis: 1 per switch
Dimensions (W x H x D)
- Base Unit: 17.36 x 1.72 x 13.78 in (44.1 x 4.37 x 35 cm)
- With power supply installed: 17.36 x 1.72 x 15.05 in (44.1 x 4.37 x 38.24 cm)
- Height: 1 U
System Weight
- EX4100-24T switch (with no power supply or fan module): 9.72 lb (4.41 kg)
- EX4100-24P switch (with no power supply or fan module): 10 lb (4.54 kg)
- EX4100-48T switch (with no power supply or fan module): 10 lb (4.54 kg)
- EX4100-48P switch (with no power supply or fan module): 10.27 lb (4.66 kg)
- EX4100-24MP switch (with no power supply or fan module): 10.06 lb (4.57 kg)
- EX4100-48MP switch (with no power supply or fan module): 10.41 lb (4.72 kg)
- 150 W AC power supply: 1.43 lb (0.65 kg)
- 150 W DC power supply: 1.43 lb (0.65 kg)
- 920 W AC power supply: 1.87 lb (0.85 kg)
- Fan module: 0.16 lb (0.07 kg)
Environmental Ranges
- Operating temperature: 32° to 113° F (0° to 45° C)
- Storage temperature: -40° to 158° F (-40° to 70° C)
- Operating altitude: Up to 5000 ft at 40° C (1828.8 m)
- Nonoperating altitude: Up to 16,000 ft (4877 m)
- Relative humidity operating: 5% to 90% (noncondensing)
- Relative humidity non-operating: 0% to 90% (noncondensing)
Cooling [CFM] - Total maximum airflow with two power supplies and fans
- Field-replaceable fans: 2
- EX4100-24MP : 60.9
- EX4100-48MP : 61.7
- EX4100-24T : 65.6
- EX4100-24T-DC : 64.8
- EX4100-24P : 61.6
- EX4100-48T : 65.8
- EX4100-48T-DC : 66.2
- EX4100-48T-AFI : 61.8
- EX4100-48P : 64.1
Hardware Specifications Switching Engine Mode
- Store and forward
Memory
- DRAM: 4 GB with Error Correcting Code (ECC) on all models
- Storage: 8 GB on all models
CPU
- 1.7 GHz ARM CPU on all models
GbE Port Density per System
- EX4100-24P/24T: 32 (24 1GbE host ports + 4 10GbE/25GbE ports + 4 1GbE/10GbE ports)
- EX4100-48P/48T: 56 (48 1GbE host ports + 4 10GbE/25GbE ports + 4 1GbE/10GbE ports)
- EX4100-24MP: 32 (8 10GbE host ports + 16 1GbE host ports + 4 10GbE/25GbE ports + 4 1GbE/10GbE ports)
- EX4100-48MP: 56 (16 2.5GbE host ports + 32 1GbE host ports + 4 10GbE/25GbE ports + 4 port 1GbE/10GbE ports)
Physical Layer
- Time domain reflectometry (TDR) for detecting cable breaks and shorts: EX4100-24P/T and EX4100-48P/T, EX4100-24MP and EX4100-48MP
- Auto medium-dependent interface/medium-dependent interface crossover (MDI/MDIX) support: EX4100-24P/T, EX4100-48P/T, EX4100-24MP and EX4100-48MP
- Port speed downshift/setting maximum advertised speed on
- 10/100/1000BASE-T ports on EX4100-24P/T and EX4100-48P/T
- 100/1000BASE-T/2.5GBASE-T/5GBASE-T/10GBASE-T on EX4100-24MP
- 100/1000BASE-T/2.5GBASE-T on EX4100-48MP
Packet Switching Capacities (Maximum with 64 Byte Packets)
- EX4100-24P/24T: 164 Gbps (unidirectional)/328 Gbps (bidirectional)
- EX4100-48P/48T: 188 Gbps (unidirectional)/376 Gbps (bidirectional)
- EX4100-24MP: 236 Gbps (unidirectional)/472 Gbps (bidirectional)
- EX4100-48MP: 212 Gbps (unidirectional)/424 Gbps (bidirectional)
Software Specifications
Layer 2/Layer 3 Throughput (Mpps) (Maximum with 64 Byte Packets)
- EX4100-48P/T 279 Mpps
- EX4100-24P/T 244 Mpps
- EX4100-48MP 315 Mpps
- EX4100-24MP 351 Mpps
Security
- Media Access Control (MAC) limiting (per port and per VLAN)
- Allowed MAC addresses: 64,000
- Dynamic Address Resolution Protocol (ARP) dynamic ARP inspection (DAI)
- IP source guard
- Local proxy ARP
- Static ARP support
- Dynamic Host Configuration Protocol (DHCP) snooping
- Captive portal
- Persistent MAC address configurations
- Distributed denial of service (DDoS) protection (CPU control path flooding protection)
Layer 2 Switching
- Maximum MAC addresses per system: 64,000
- Jumbo frames: 9216 bytes
- Range of possible VLAN IDs: 1 to 4094
- Virtual Spanning Tree (VST) instances: 253
- Port-based VLAN
- Voice VLAN
- Physical port redundancy: Redundant trunk group (RTG)
- Compatible with Per-VLAN Spanning Tree Plus (PVST+)
- Routed VLAN interface (RVI)
- Uplink failure detection (UFD)
- ITU-T G.8032: Ethernet Ring Protection Switching
- IEEE 802.1AB: Link Layer Discovery Protocol (LLDP)
- LLDP-MED with VoIP integration
- Default VLAN and multiple VLAN range support
- MAC learning deactivate
- Persistent MAC learning (sticky MAC)
- MAC notification
- Private VLANs (PVLANs)
- Explicit congestion notification (ECN)
- Layer 2 protocol tunneling (L2PT)
- IEEE 802.1ak: Multiple VLAN Registration Protocol (MVRP)
- IEEE 802.1p: Class of service (CoS) prioritization
- IEEE 802.1Q: VLAN tagging
- IEEE 802.1X: Port Access Control
- IEEE 802.1ak: Multiple Registration Protocol
- IEEE 802.3: 10BASE-T
- IEEE 802.3u: 100BASE-T
- IEEE 802.3ab: 1000BASE-T
- IEEE 802.3z: 1000BASE-X
- IEEE 802.3ae: 10-Gigabit Ethernet
- IEEE 802.3by: 25-Gigabit Ethernet
- IEEE 802.3af: Power over Ethernet
- IEEE 802.3at: Power over Ethernet Plus
- IEEE 802.3bt: 90 W Power over Ethernet
- IEEE 802.3x: Pause Frames/Flow Control
- IEEE 802.3ah: Ethernet in the First Mile
Spanning Tree
- IEEE 802.1D: Spanning Tree Protocol
- IEEE 802.1s: Multiple Spanning Tree Protocol (MSTP)
- Number of MST instances supported: 64
- Number of VLAN Spanning Tree Protocol (VSTP) instances supported: 253
- IEEE 802.1w: Rapid reconfiguration of Spanning Tree Protocol
Link Aggregation
- IEEE 802.3ad: Link Aggregation Control Protocol
- 802.3ad (LACP) support:
- Number of LAGs supported: 128
- Maximum number of ports per LAG: 8
- LAG load-sharing algorithm bridged or routed (unicast or multicast) traffic:
- IP: S/D IP
- TCP/UDP: S/D IP, S/D Port
- Non-IP: S/D MAC
- Tagged ports support in LAG
Layer 3 Features: IPv4
- Maximum number of ARP entries: 32,000
- Maximum number of IPv4 unicast routes in hardware: 32,650 prefixes; 32,150 host routes
- Maximum number of IPv4 multicast routes in hardware: 16,100 multicast routes
- Routing protocols: RIPv1/v2, OSPF, BGP, IS-IS
- Static routing
- Routing policy
- Bidirectional Forwarding Detection (BFD)
- L3 redundancy: Virtual Router Redundancy Protocol (VRRP)
- VRF-Lite
Layer 3 Features: IPv6
- Maximum number of neighbor discovery (ND) entries: 16,000
- Maximum number of IPv6 unicast routes in hardware: 16,200 prefixes; 16,050 host routes
- Maximum number of IPv6 multicast routes in hardware: 8000 multicast routes
- Routing protocols: RIPng, OSPFv3, IPv6, IS-IS
- Static routing
Access Control Lists (ACLs) (Junos OS Firewall Filters)
- ACL entries (ACE) in hardware per system:
- Port-based ACL (PACL) ingress: 4092
- VLAN-based ACL (VACL) ingress: 4092
- Router-based ACL (RACL) ingress: 4092
- Port-based ACL (PACL) egress: 1022
- VLAN-based ACL (VACL) egress: 511
- Egress across RACL: 1022
- ACL counter for denied packets
- ACL counter for permitted packets
- Ability to add/remove/change ACL entries in middle of list (ACL editing)
- L2-L4 ACL
Access Security
- 802.1X port-based
- 802.1X multiple supplicants
- 802.1X with VLAN assignment
- 802.1X with authentication bypass access (based on host MAC address)
- 802.1X with VoIP VLAN support
- 802.1X dynamic ACL based on RADIUS attributes
- 802.1X Supported Extensible Authentication Protocol (EAP) types: Message Digest 5 (MD5), Transport Layer Security (TLS), Tunneled TLS (TTLS), Protected Extensible Authenticated Protocol (PEAP)
- MAC authentication (RADIUS)
- Control plane DoS protection
- Radius functionality over IPv6 for authentication, authorization, and accounting (AAA)
- DHCPv6 snooping
- IPv6 neighbor discovery
- IPv6 source guard
- IPv6 router advertisement (RA) guard
- IPv6 Neighbor Discovery Inspection
- MACsec
High Availability
- Redundant, hot-swappable power supplies
- Redundant, field-replaceable, hot-swappable fans
- GRES for Layer 2 hitless forwarding and Layer 3 protocols on RE failover
- Graceful protocol restart (OSPF, BGP)
- Layer 2 hitless forwarding on RE failover
- Nonstop bridging: LACP, xSTP
- Nonstop routing: PIM, OSPF v2 and v3, RIP v2, RIPng, BGP, BGPv6, IS-IS, IGMP v1, v2, v3
Quality of Service
- L2 QoS
- L3 QoS
- Ingress policing: 1 rate 2 color
- Hardware queues per port: 12 (8 unicast + 4 multicast)
- Scheduling methods (egress): Strict priority (SP), weighted deficit round-robin (WDRR)
- 802.1p, DiffServ code point (DSCP)/IP precedence trust and marking
- L2-L4 classification criteria: Interface, MAC address, Ethertype, 802.1p, VLAN, IP address, DSCP/IP precedence, TCP/UDP port numbers, and more
- Congestion avoidance capabilities: Tail drop, weighted random early detection (WRED)
Multicast
- IGMP: v1, v2, v3
- IGMP snooping
- Multicast Listener Discovery (MLD) snooping
- Protocol Independent Multicast-Sparse Mode (PIM-SM), PIM Source-Specific Mode (PIM-SSM), PIM Dense Mode (PIM-DM)
Management and Analytics Platforms
- Juniper Mist Wired Assurance for campus
- Junos Space® Network Director for campus
- Junos Space Management Applications
Device Management and Operations
- Junos OS CLI
- Out-of-band management: Serial; 10/100/1000BASE-T Ethernet
- Rescue configuration
- Configuration rollback
- Image rollback
- RMON (RFC2819) groups 1, 2, 3, 9
- Remote performance monitoring
- SNMP: v1, v2c, v3
- Network Time Protocol (NTP)
- DHCP server
- DHCP client and DHCP proxy
- DHCP relay and helper
- DHCP local server support
- RADIUS
- TACACS+
- SSHv2
- Secure copy
- HTTP/HTTPs
- Domain Name System (DNS) resolver
- System logging
- Temperature sensor
- Configuration backup via FTP/secure copy
Supported RFCs
- RFC 768 UDP
- RFC 783 TFTP
- RFC 791 IP
- RFC 792 ICMP
- RFC 793 TCP
- RFC 826 ARP
- RFC 854 Telnet client and server
- RFC 894 IP over Ethernet
- RFC 903 RARP
- RFC 906 TFTP Bootstrap
- RFC 951, 1542 BootP
- RFC 1027 Proxy ARP
- RFC 1058 RIP v1
- RFC 1112 IGMP v1
- RFC 1122 Host Requirements
- RFC 1195 Use of OSI IS-IS for Routing in TCP/IP and Dual Environments (TCP/IP transport only)
- RFC 1256 IPv4 ICMP Router Discovery (IRDP)
- RFC 1492 TACACS+RFC 1519 CIDR
- RFC 1587 OSPF NSSA Option
- RFC 1591 DNS
- RFC 1812 Requirements for IP Version 4 Routers
- RFC 1981 Path MTU Discovery for IPv6
- RFC 2030 SNTP, Simple Network Time Protocol
- RFC 2068 HTTP server
- RFC 2080 RIPng for IPv6
- RFC 2131 BOOTP/DHCP relay agent and DHCP server
- RFC 2138 RADIUS Authentication
- RFC 2139 RADIUS Accounting
- RFC 2154 OSPF w/Digital Signatures (password, MD-5)
- RFC 2236 IGMP v2
- RFC 2267 Network Ingress Filtering
- RFC 2328 OSPF v2 (edge-mode)
- RFC 2338 VRRP
- RFC 2362 PIM-SM (edge-mode)
- RFC 2370 OSPF Opaque LSA Option
- RFC 2453 RIP v2
- RFC 2460 Internet Protocol, Version 6 (IPv6) Specification
- RFC 2461 Neighbor Discovery for IP Version 6 (IPv6)
- RFC 2463 Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification
- RFC 2464 Transmission of IPv6 Packets over Ethernet Networks
- RFC 2474 DiffServ Precedence, including 12 queues/port
- RFC 2475 DiffServ Core and Edge Router Functions
- RFC 2526 Reserved IPv6 Subnet Anycast Addresses
- RFC 2597 DiffServ Assured Forwarding (AF)
- RFC 2598 DiffServ Expedited Forwarding (EF)
- RFC 2740 OSPF for IPv6
- RFC 2925 MIB for Remote Ping, Trace
- RFC 3176 sFlow
- RFC 3376 IGMP v3
- RFC 3484 Default Address Selection for Internet Protocol Version 6 (IPv6)
- RFC 3513 Internet Protocol Version 6 (IPv6) Addressing Architecture
- RFC 3569 draft-ietf-ssm-arch-06.txt PIM-SSM PIM Source Specific Multicast
- RFC 3579 RADIUS EAP support for 802.1x
- RFC 3618 Multicast Source Discovery Protocol (MSDP)
- RFC 3623 OSPF Graceful Restart
- RFC 4213 Basic Transition Mechanisms for IPv6 Hosts and Routers
- RFC 4291 IPv6 Addressing Architecture
- RFC 4443 ICMPv6 for the IPv6 Specification
- RFC 4541 IBMP and MLD snooping services
- RFC 4552 OSPFv3 Authentication
- RFC 4861 Neighbor Discovery for IPv6
- RFC 4862 IPv6 Stateless Address Autoconfiguration
- RFC 4915 MT-OSPF
- RFC 5095 Deprecation of Type 0 Routing Headers
- RFC 5176 Dynamic Authorization Extensions to RADIUS
- RFC 5798 VRRPv3 for IPv6
- Draft-ietf-bfd-base-05.txt Bidirectional Forwarding Detection
- Draft-ietf-idr-restart-10.txt Graceful Restart Mechanism
- Draft-ietf-isis-restart-02 Restart Signaling for IS-IS
- Draft-ietf-isis-wg-multi-topology-11 Multi Topology (MT) Routing in IS-IS for BGP
- Internet draft-ietf-isis-ipv6-06.txt, Routing IPv6 with IS-IS
- LLDP Media Endpoint Discovery (LLDP-MED), ANSI/ TIA-1057, draft 08
- PIM-DM Draft IETF PIM Dense Mode draft-ietf-idmr- pimdm-05.txt, draft-ietf-pim-dm-new-v2-04.txt
Supported MIBs
- RFC 1155 SMI
- RFC 1157 SNMPv1
- RFC 1212, RFC 1213, RFC 1215 MIB-II, Ethernet-Like MIB and TRAPs
- RFC 1493 Bridge MIB
- RFC 1643 Ethernet MIB
- RFC 1657 BGP-4 MIB
- RFC 1724 RIPv2 MIB
- RFC 1850 OSPFv2 MIB
- RFC 1905 RFC 1907 SNMP v2c, SMIv2 and Revised MIB-II
- RFC 2011 SNMPv2 for Internet Protocol using SMIv2
- RFC 2012 SNMPv2 for transmission control protocol using SMIv2
- RFC 2013 SNMPv2 for user datagram protocol suing SMIv2
- RFC 2096 IPv4 Forwarding Table MIB
- RFC 2287 System Application Packages MIB
- RFC 2570–2575 SNMPv3, user based security, encryption, and authentication
- RFC 2576 Coexistence between SNMP Version 1, Version 2, and Version 3
- RFC 2578 SNMP Structure of Management Information MIB
- RFC 2579 SNMP Textual Conventions for SMIv2
- RFC 2665 Ethernet-like interface MIB
- RFC 2787 VRRP MIB
- RFC 2819 RMON MIB
- RFC 2863 Interface Group MIB
- RFC 2863 Interface MIB
- RFC 2922 LLDP MIB
- RFC 2925 Ping/Traceroute MIB
- RFC 2932 IPv4 Multicast MIB
- RFC 3413 SNMP Application MIB
- RFC 3414 User-based Security model for SNMPv3
- RFC 3415 View-based Access Control Model for SNMP
- RFC 3621 PoE-MIB (PoE switches only)
- RFC 4188 STP and Extensions MIB
- RFC 4363 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and VLAN extensions
- RFC 5643 OSPF v3 MIB support
- Draft – blumenthal – aes – usm - 08
- Draft – reeder - snmpv3 – usm - 3desede -00
- Draft-ietf-bfd-mib-02.txt
- Draft-ietf-idmr-igmp-mib-13
- Draft-ietf-idmr-pim-mib-09
- Draft-ietf-idr-bgp4-mibv2-02.txt – Enhanced BGP-4 MIB
- Draft-ietf-isis-wg-mib-07
Troubleshooting
- Debugging: CLI via console, Telnet, or SSH
- Diagnostics: Show and debug command, statistics
- Traffic mirroring (port)
- Traffic mirroring (VLAN)
- IP tools: Extended ping and trace
- Juniper Networks commit and rollback
Traffic Monitoring
- ACL-based mirroring
- Mirroring destination ports per system: 4
- LAG port monitoring
- Multiple destination ports monitored to 1 mirror (N:1)
- Maximum number of mirroring sessions: 4
- Mirroring to remote destination (over L2): 1 destination VLAN
Safety and Compliance
Electromagnetic Compatibility (EMC) Requirements
- FCC 47 CFR Part 15
- ICES-003 / ICES-GEN
- EN 300 386 V1.6.1
- EN 300 386 V2.1.1
- EN 55032
- CISPR 32
- EN 55024
- CISPR 24
- EN 55035
- CISPR 35
- IEC/EN 61000 Series
- AS/NZS CISPR 32
- VCCI-CISPR 32
- BSMI CNS 13438
- KN 32 and KN 35
- KN 61000 Series
- TEC/SD/DD/EMC-221/05/OCT-16
- TCVN 7189
- TCVN 7317
Safety Requirements Chassis and Optics
- CAN/CSA-C22.2 No. 62368-1 and 60950-1
- UL 62368-1 and 60950-1
- IEC 62368-1 and 60950-1 (All country deviations): CB Scheme report
- IEC 62368-3 for USB and PoE: CB Scheme report
- CFR, Title 21, Chapter 1, Subchapter J, Part 1040
- REDR c 1370 OR CAN/CSA-E 60825-1- Part 1
- IEC 60825-1
- IEC 60825-2
Energy Efficiency
- AT&T TEER (ATIS-06000015.03.2013)
- ECR 3.0.1
- ETSI ES 203 136 V.1.1.1
- Verizon TEEER (VZ.TPR.9205)
Environmental
- Reduction of Hazardous Substances (ROHS) 6/6
Telco
- CLEI code
Noise Specifications
- Noise measurements based on operational tests taken from bystander position (front) and performed at 23° C in compliance with ISO 7779.
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, -
Product Overview
The EX4100-F line of Ethernet access switches offers a secure, cloud-ready, economical solution for access layer deployments in branch and remote offices, as well as enterprise campus networks. These platforms boost network performance and visibility, meeting the security demands of today—as well as for networks of the next decade. As part of the underlying infrastructure for Juniper Mist Wired Assurance, the EX4100-F is purpose-built for, and managed by, the cloud. The switches leverage Mist AI to simplify operations and provide better visibility into the experience of connected devices, delivering a refreshing, experience-first approach to access layer switching.
Product Description
The Juniper Networks® EX4100-F line of Switches offers a secure, cloud-ready portfolio of access switches ideal for enterprise branch, remote office, and enterprise campus networks. The EX4100-F switches combine the simplicity of the cloud, the power of Mist AI™, and a robust hardware foundation with high performance to deliver a differentiated approach to access switching in the cloud, mobile, and IoT era. With Juniper® Mist™ Wired Assurance, the EX4100-F line of Switches can be effortlessly onboarded, configured, and managed from the cloud. This simplifies operations, improves visibility, and ensures a much better experience for connected devices. Key features of the EX4100-F include:- Cloud-ready, driven by Mist AI with Juniper Mist Wired Assurance and Marvis Virtual Network Assistant
- Ethernet VPN–Virtual Extensible LAN (EVPN-VXLAN) to the access layer
- Standards-based microsegmentation using group-based policies (GBPs)
- Flow-based telemetry to monitor traffic flows for anomaly detection, ability to measure packet delays and report drop reasons
- 10-member Virtual Chassis support
- The EX4100-F-12T, which is a compact, fanless switch offering 12 x 1GbE non-PoE access ports.
- The EX4100-F-12P, which is a compact, fanless switch offering 12 x 1GbE Power over Ethernet Plus (PoE+) access ports and delivering up to 30 W per port with a total of 180 W of PoE power budget with an external power adapter. EX4100-F-12P can also be powered from an external 90 W power sourcing equipment (PSE) device connected via the uplink port. Additional 90 W of PoE budget is available if the second uplink port is connected to a PSE device. With external power adapter and the two uplink ports connected to 90 W external PSE, total PoE power budget supported is up to 300 W.
- The EX4100-F-24T, which offers 24 x 1GbE non-PoE access ports.
- The EX4100-F-24P, which offers 24 x 1GbE PoE+ access ports, delivering up to 30 W per port with an overall total 370 W of PoE power budget.
- The EX4100-F-48T, which offers 48 x 1GbE non-PoE access ports.
- The EX4100-F-48P, which offers 48 x 1GbE PoE+ access ports and delivers up to 30 W per port with an overall total PoE Power budget of 740 W.
Each EX4100-F -24 port and -48 port model offers a fixed power supply and 4 x 1GbE/10GbE small form-factor pluggable plus transceiver (SFP+ transceiver) fixed uplink ports. Each EX4100-F-12 port model offers 2 x 10GbE fixed copper uplink ports. The EX4100-F switches include 4 x 1GbE/10GbE SFP+ ports to support Virtual Chassis connections, which can be reconfigured for use as Ethernet ports for uplink connectivity. EX4100-F switch models offer standards-based 802.3af/at (PoE/PoE+) for delivering up to 30 watts on any access port. The EX4100-F switches can be configured to deliver Fast PoE capability and Perpetual PoE capability.Architecture and Key Components
Cloud Management with Juniper Mist Wired Assurance Driven by Mist AI
EX4100-F switches can be quickly and easily onboarded (Day 0), provisioned (Day 1), and managed (Day 2+) from the cloud with Juniper Mist Wired Assurance, which brings AI-powered automation and insights that optimize experiences for end users and connected devices. The EX4100-F provides rich Junos® operating system telemetry data for Mist AI, which helps achieve simpler operations, shorter mean time to repair (MTTR), and streamlined troubleshooting. For more information, read the Juniper Mist Wired Assurance datasheet. In addition to Juniper Mist Wired Assurance, Marvis Virtual Network Assistant—a key part of The Self-Driving Network™— makes the Mist AI engine interactive. A digital extension of the IT team, Marvis offers automatic fixes or recommended actions, allowing IT teams to streamline how they troubleshoot and manage their network operations.
Figure 1: EX4100-F Virtual Chassis configuration interconnected via dedicated front-panel 10GbE portsEVPN-VXLAN Technology
Most traditional campus networks have a single-vendor, chassis-based architecture that worked well for smaller, static campuses with few endpoints. However, this approach is too rigid to support the changing needs of modern campus networks. The EX4100-F supports EVPN-VXLAN, extending an end-to-end fabric from campus core to distribution to the access layer. An EVPN-VXLAN fabric is a simple, programmable, highly scalable architecture built on open standards. This technology can be applied in both data centers and campuses for architectural consistency. A campus EVPN-VXLAN architecture uses a Layer 3 IP-based underlay network and an EVPN-VXLAN overlay network. A flexible overlay network based on a VXLAN overlay with an EVPN control plane efficiently provides Layer 2 and/or Layer 3 connectivity throughout the network. EVPN-VXLAN also offers a scalable way to build and interconnect multiple campus sites, delivering:- Greater consistency and scalability across all network layers
- Multivendor deployment support
- Reduced flooding and learning
- Location-agnostic connectivity
- Consistent network segmentation
- Simplified management
Virtual Chassis Technology
Juniper’s Virtual Chassis technology allows multiple interconnected switches to operate as a single, logical unit, enabling users to manage all platforms as one virtual device. Up to 10 EX4100-F switches can be interconnected as a Virtual Chassis using 4 x 10GbE SFP+ dedicated front-panel ports. Although configured as Virtual Chassis ports by default, the 4 x 10GbE SFP+ ports can also be configured as uplink ports. The EX4100-F switches can form a Virtual Chassis with any other models within the EX4100-F product line.Microsegmentation Using Group-Based Policy
GBP leverages underlying VXLAN technology to provide location-agnostic endpoint access control. This allows network administrators to implement consistent security policies across the enterprise network domains. The EX4100-F supports a standards-based GBP solution, allowing different levels of access control for endpoints and applications even within the same VLAN. Customers can simplify their network configuration by using GBP, avoiding the need to configure large numbers of firewall filters on all their switches. GBP can block lateral threats by ensuring consistent application of security group policies throughout the network, regardless of the location of endpoints and/or users.Flow-Based Telemetry
Flow-based telemetry enables flow-level analytics, allowing network administrators to monitor thousands of traffic flows on the EX4100-F without burdening the CPU. This improves network security by monitoring, baselining, and detecting flow anomalies. For example, if predefined flow thresholds are breached due to an attack, IP Flow Information Export (IPFIX) alerts can be sent to an external server to quickly identify the attack. Network administrators can also automate specific workflows, such as further examining the traffic or quarantining a port, to triage the issue. In addition to DOS attacks, Flow-Based Telemetry on EX4100-F can measure packet delays at ingress, chip, and egress points as well as report drop reasons.Features and Benefits
Simplified Operations with Juniper Mist Wired Assurance
The EX4100-F is fully cloud onboarded, provisioned, and managed by Juniper Mist Wired Assurance. The EX4100-F is designed from the ground up to deliver the rich telemetry that enables AI for IT Operations (AIOps) with simplified operations from Day 0 to Day 2 and beyond. Juniper Mist Wired Assurance provides detailed switch insights for easier troubleshooting and improved time to resolution by offering the following features:- Day 0 operations—Onboard switches seamlessly by claiming a greenfield switch or adopting a brownfield switch with a single activation code for true plug-and-play simplicity.
- Day 1 operations—Implement a template-based configuration model for bulk rollouts of traditional and campus fabric deployments, while retaining the flexibility and control required to apply custom site- or switch-specific attributes. Automate provisioning of ports via Dynamic Port Profiles.
- Day 2 operations—Leverage the AI in Juniper Mist Wired Assurance to meet service-level expectations such as throughput, successful connects, and switch health with key pre-and post-connection metrics (see Figure 1). Add the self- driving capabilities in Marvis Actions to detect loops, add missing VLANs, fix misconfigured ports, identify bad cables, isolate flapping ports, and discover persistently failing clients (see Figure 2). And perform software upgrades easily through Juniper Mist Cloud.
Figure 2: Juniper Mist Wired Assurance service-level expectations screenFigure 3: Marvis Actions for wired switchesThe complementary addition of Marvis Virtual Network Assistant, driven by Mist AI, lets you start building a Self-Driving Network that simplifies network operations and streamlines troubleshooting via automatic fixes for Juniper Networks EX Series Switches or recommended actions for external systems. For more information, see Juniper Mist Wired Assurance.Campus Fabric Deployments
EVPN-VXLAN for Campus Core, Distribution, and Access
The main advantages of EVPN-VXLAN in campus networks are:- Flexibility of consistent VLANs across the network: Endpoints can be placed anywhere in the network and remain connected to the same logical L2 network, enabling a virtual topology to be decoupled from the physical topology.
- Microsegmentation: The EVPN-VXLAN-based architecture lets you deploy a common set of policies and services across campuses with support for L2 and L3VPNs.
- Scalability: With an EVPN control plane, enterprises can scale out easily by adding more core, aggregation, and access layer devices as the business grows without having to redesign the network or perform a forklift upgrade. Using an L3 IP-based underlay coupled with an EVPN-VXLAN overlay, campus network operators can deploy much larger and more resilient networks than would otherwise be possible with traditional L2 Ethernet-based architectures.
Figure 4: Campus fabrics showing Virtual Chassis and EVPN-VXLAN-based architecturesAll three topologies are standards-based and interoperable with third-party vendors. The EX4100 switches can be deployed in campus and branch access layer networks in the EVPN-VXLAN architectures shown in Figure 4.Managing AI-Driven Campus Fabric with the Juniper Mist Cloud
Juniper Mist Wired Assurance brings cloud management and Mist AI to the campus fabric. It sets a new standard that moves away from traditional network management towards AI-driven operations, while delivering better experiences to connected devices. Juniper Mist Cloud streamlines deployment and management of campus fabric architectures by allowing:- Automated deployment and zero-touch deployment (ZTD)
- Anomaly detection
- Root cause analysis
Figure 5: EVPN multihoming configuration via the Juniper Mist cloudChassis-Class Availability
The EX4100-F switches deliver high availability (HA) through graceful Routing Engine switchover (GRES), and nonstop bridging and routing when deployed in a Virtual Chassis configuration. In a Virtual Chassis configuration, each EX4100-F switch is capable of functioning as a Routing Engine (RE). When two or more EX4100-F switches are interconnected, a single control plane is shared among all Virtual Chassis member switches. Junos OS automatically initiates an election process to assign a primary (active) and backup (hot-standby) RE. An integrated L2 and L3 GRES feature maintains uninterrupted access to applications, services, and IP communications in the unlikely event of a primary RE failure. When more than two switches are interconnected in a Virtual Chassis configuration, the remaining switch elements act as line cards and are available to assume the backup RE position should the designated primary RE fail. Primary, backup, and line card priority status can be assigned to dictate the order of ascension; this N+1 RE redundancy, coupled with the GRES, nonstop active routing (NSR), and nonstop bridging (NSB) capabilities of Junos OS, assures a smooth transfer of control plane functions following unexpected failures. The EX4100-F implements the same slot/module/port numbering schema as other Juniper chassis-based products when numbering Virtual Chassis ports, providing true chassis-like operations. By using a consistent operating system and a single configuration file, all switches in a Virtual Chassis configuration are treated as a single device, greatly simplifying overall system maintenance and management. Individually, the EX4100-F offers a number of HA features that are typically associated with modular chassis-based switches. When combined with the field-proven Junos OS and L2/L3 failover capabilities, these features provide the EX4100-F with true carrier- class reliability.- Nonstop bridging and nonstop active routing: NSB and NSR on the EX4100-F ensure that control plane protocols, states, and tables are synchronized between primary and standby REs to prevent protocol flaps or convergence issues following an RE failover.
- Redundant trunk group (RTG): To avoid the complexities of STP without sacrificing network resiliency, the EX4100-F employs redundant trunk groups to provide the necessary port redundancy and simplify switch configuration.
- Cross-member link aggregation: Cross-member link aggregation allows redundant link aggregation connections between devices in a single Virtual Chassis configuration, providing an additional level of reliability and availability.
- IPv4 and IPv6 routing support: IPv4 and IPv6 Layer 3 routing (OSPF and BGP) is available with a Flex license, enabling highly resilient networks.
PoE/PoE+ Power, Perpetual and Fast PoE
The EX4100-F delivers PoE for supporting connected devices such as phones, surveillance cameras, IoT devices, and 802.11AX/Wi-Fi 6 access points, offering a PoE power budget of up to 740 W and supporting up to 30 W per port based on the IEEE 802.3at PoE standard. EX4100-F switches support perpetual PoE, which provides uninterrupted power to connected PoE powered devices (PDs) even when the power sourcing equipment switch (PSE) is rebooting. The EX4100-F switches also support a Fast PoE capability that delivers PoE power to connected endpoints during a switch power-up, even before the switch is fully operational. This is especially beneficial in situations where the endpoint only needs the power and is not necessarily dependent on network connectivity.Junos Telemetry Interface
The EX4100-F supports Junos telemetry interface (JTI), a modern telemetry streaming feature designed for switch health and performance monitoring. Sensor data can be streamed to a management system at configurable periodic intervals, enabling network administrators to monitor individual link and node utilization as well as troubleshoot issues such as network congestion in real time. JTI delivers the following features:- Performance management by provisioning sensors to collect and stream data and analyze application and workload flow paths through the network
- Capacity planning and optimization by proactively detecting hotspots and monitoring latency and microbursts
- Troubleshooting and root cause analysis via high-frequency monitoring and correlation of overlay and underlay networks
Junos Operating System
The EX4100-F switches run Junos OS, Juniper’s powerful and robust network operating system that powers all Juniper switches, routers, and firewalls. By utilizing a common operating system, Juniper delivers a consistent implementation and operation of control plane features across all products. To maintain that consistency, Junos OS adheres to a highly disciplined development process that uses a single source code and employs a highly available modular architecture to prevent isolated failures from bringing down an entire system. These attributes are fundamental to the core value of the software, enabling all Junos OS-powered products to be updated simultaneously with the same software release. All features are fully regression tested, making each new release a true superset of the previous version. Customers can deploy the software with complete confidence that all existing capabilities are maintained and operate in the same way.Flex Licensing
Juniper Flex licensing offers a common, simple, and flexible licensing model for EX Series access switches, enabling customers to purchase features based on their network and business needs. Flex licensing is offered in Standard, Advanced, and Premium tiers. Standard tier features are available with the Junos OS image that ships with EX Series switches. Additional features can be unlocked with the purchase of a Flex Advanced or Flex Premium license. The Flex Advanced and Flex Premium licenses for the EX Series platforms are class-based, determined by the number of access ports on the switch. Class 1 (C1) switches have 12 ports, Class 2 (C2) switches have 24 ports, and Class 3 (C3) switches have 32 or 48 ports. The EX4100-F switches support both subscription and perpetual Flex licenses. Subscription licenses are offered for three- and five-year terms. In addition to Junos OS features, the Flex Advanced and Flex Premium subscription licenses include Juniper Mist Wired Assurance. Flex Advanced and Flex Premium subscription licenses also allow portability across the same tier and class of switches, ensuring investment protection for the customer. For a complete list of features supported by the Flex Standard, Advanced, and Premium tiers, or to learn about Junos OS EX Series licenses, please visit: https://www.juniper.net/documentation/us/en/software/license/licensing/topics/concept/flex-licenses-for-ex.html.Enhanced Limited Lifetime Warranty
The EX4100-F includes an enhanced limited lifetime hardware warranty that provides return-to-factory switch replacement for as long as the original purchaser owns the product. The warranty includes lifetime software updates, advanced shipping of spares within one business day, and 24x7 Juniper Networks Technical Assistance Center (JTAC) support for 90 days after the purchase date. Power supplies and fan trays are covered for a period of five years. For complete details, please visit https://support.juniper.net/support/pdf/warranty/990240.pdfProduct Options
Available EX4100-F models are listed in Table 1.Table 1. EX4100-F Line of Ethernet SwitchesModel/Product SKU Access Port Configuration PoE/PoE+ Ports PoE Power Budget 10GbE Ports (Uplinks) 10GbE Ports (Stacking/Uplinks) Cooling EX4100-F-12T 12-port 10/100/1000BASE-T 0 N/A 2 4 AFO (front-to-back airflow) EX4100-F-12P 12-port 10/100/1000BASE-T 12 300 W1 2 4 AFO (front-to-back airflow) EX4100-F-24T 24-port 10/100/1000BASE-T 0 N/A 4 4 AFO (front-to-back airflow) EX4100-F-48T 48-port 10/100/1000BASE-T 0 N/A 4 4 AFO (front-to-back airflow) EX4100-F-24P 24-port 10/100/1000BASE-T 24 370 W 4 4 AFO (front-to-back airflow) EX4100-F-48P 48-port 10/100/1000BASE-T 48 740 W 4 4 AFO (front-to-back airflow) 
Figure 6: EX4100-F line of SwitchesTable 2. EX4100-F Switch Power OptionsModel Number Max System Power Consumption (Input Power without PoE) Total PoE Power Budget EX4100-F-12T 55 W 0 EX4100-F-12P 80 W 300 W1 EX4100-F-24T 55 W 0 EX4100-F-24P 80 W 370 W EX4100-F-48T 70 W 0 EX4100-F-48P 100 W 740 W EX4100-F Specifications
Physical Specifications
Backplane
- 80 Gbps Virtual Chassis interconnect to combine up to 10 units as a single logical device
Dimensions (W x H x D)
- EX4100-F-48P, EX4100-F-24P with power supply installed: 17.36 x 1.72 x 12.26 in. (44.09 x 4.37 x 31.14 cm)
- EX4100-F-48T, EX4100-F-24T with power supply installed: 17.36 x 1.72 x 10.1 in. (44.09 x 4.37 x 25.65 cm)
- EX4100-F-12P/12T: 10.59 x 1.75 x 9.66 in. (26.9 x 4.45 x 23.83 cm)
- Height: 1 U
System Weight
- EX4100-F-12T: 5.95 lb (2.7 kg)
- EX4100-F-12P: 6.61 lb (3 kg)
- EX4100-F-24T: 7.76 lb (3.52 kg)
- EX4100-F-48T: 8.57 lb (3.89 kg)
- EX4100-F-24P: 10.46 lb (4.75 kg)
- EX4100-F-48P: 11.46 lb (5.2 kg)
- EX4100-F-PWR-75W: 1.65 lb (0.75 kg)
- EX4100-F-PWR-280W: 2.98 lb (1.35 kg)
Environmental Ranges
- Operating temperature:
- -24 Port and -48 Port EX4100-F SKUs: 32° to 113° F (0° to 45°C)
- Storage temperature: -40° to 158° F (-40° to 70° C)
- Operating altitude: Up to 5000 ft at 40° C (1828.8 m)
- Nonoperating altitude: Up to 16,000 ft (4,877 m)
- Relative humidity operating: 5% to 90% (noncondensing)
- Relative humidity non-operating: 0% to 90% (noncondensing)
Cooling
- Airflow (CFM):
- EX4100-F-12T: 0
- EX4100-F-12P: 0
- EX4100-F-24T: 14.5
- EX4100-F-48T: 15.0
- EX4100-F-24P: 30.0
- EX4100-F-48P: 29.0
Hardware Specifications
Switching Engine Mode
- Store and forward
Memory
- DRAM: 4 GB with Error Correcting Code (ECC) on all models
- Storage: 8 GB on all models
CPU
- 1.7 GHz ARM CPU on all models
GbE Port Density per System
- EX4100-F-12T/12P: 20 (12 host ports + 2 port RJ45 1GbE/2GbE/5GbE/10GbE uplinks + 4 port 10GbE SFP+ Virtual Chassis/uplinks)
- EX4100-F-24T/24P: 24 (24 host ports + 4 port SFP/SFP+ uplinks + 4 port 10GbE SFP+ Virtual Chassis/uplinks)
- EX4100-F-48T/48P: 48 (48 host ports + 4 port SFP/SFP+ uplinks + 4 port 10GbE SFP+ Virtual Chassis/uplinks)
Physical Layer
- Time domain reflectometry (TDR) for detecting cable breaks and shorts: EX4100-F-24P/T and EX4100-F-48P/T
- Auto medium-dependent interface/medium-dependent interface crossover (MDI/MDIX) support: EX4100-F-24P/T and EX4100-F-48P/T
- Port speed downshift/setting maximum advertised speed on 10/100/1000BASE-T ports: EX4100-F-24P/T and EX4100-F-48P/T only
- Digital optical monitoring for optical ports
Packet Switching Capacities (Maximum with 64 Byte Packets)
- EX4100-F12P/12T: 72 Gbps (unidirectional)/144 Gbps (bidirectional)
- EX4100-F-24P/24T: 104 Gbps (unidirectional)/208 Gbps (bidirectional)
- EX4100-F-48P/48T: 128 Gbps (unidirectional)/256 Gbps (bidirectional)
Software Specifications
Layer 2/Layer 3 Throughput (Mpps) (Maximum with 64 Byte Packets)
- EX4100-F-12P/T 107 Mpps
- EX4100-F-24P/T 154 Mpps
- EX4100-F-48P/T 190 Mpps
Security
- Media Access Control (MAC) limiting (per port and per VLAN)
- Allowed MAC addresses: 64,000
- Dynamic Address Resolution Protocol (ARP) dynamic ARP inspection (DAI)
- IP source guard
- Local proxy ARP
- Static ARP support
- Dynamic Host Configuration Protocol (DHCP) snooping
- Captive portal
- Persistent MAC address configurations
- Distributed denial of service (DDoS) protection (CPU control path flooding protection)
Layer 2 Switching
- Maximum MAC addresses per system: 64,000
- Jumbo frames: 9216 bytes
- Range of possible VLAN IDs: 1 to 4094
- Virtual Spanning Tree (VST) instances: 253
- Port-based VLAN
- Voice VLAN
- Physical port redundancy: Redundant trunk group (RTG)
- Compatible with Per-VLAN Spanning Tree Plus (PVST+)
- Routed VLAN interface (RVI)
- Uplink failure detection (UFD)
- ITU-T G.8032: Ethernet Ring Protection Switching
- IEEE 802.1AB: Link Layer Discovery Protocol (LLDP)
- LLDP-MED with VoIP integration
- Default VLAN and multiple VLAN range support
- MAC learning deactivate
- Persistent MAC learning (sticky MAC)
- MAC notification
- Private VLANs (PVLANs)
- Explicit congestion notification (ECN)
- Layer 2 protocol tunneling (L2PT)
- IEEE 802.1ak: Multiple VLAN Registration Protocol (MVRP)
- IEEE 802.1p: Class of Service (CoS) prioritization
- IEEE 802.1Q: VLAN tagging
- IEEE 802.1X: Port Access Control
- IEEE 802.1ak: Multiple Registration Protocol
- IEEE 802.3: 10BASE-T
- IEEE 802.3u: 100BASE-T
- IEEE 802.3ab: 1000BASE-T
- IEEE 802.3z: 1000BASE-X
- IEEE 802.3ae: 10-Gigabit Ethernet
- IEEE 802.3by: 25-Gigabit Ethernet
- IEEE 802.3af: Power over Ethernet
- IEEE 802.3at: Power over Ethernet Plus
- IEEE 802.3x: Pause Frames/Flow Control
- IEEE 802.3ah: Ethernet in the First Mile
Spanning Tree
- IEEE 802.1D: Spanning Tree Protocol
- IEEE 802.1s: Multiple Spanning Tree Protocol (MSTP)
- Number of MSTP instances supported: 64
- Number of VLAN Spanning Tree Protocol (VSTP) instances supported: 253
- IEEE 802.1w: Rapid reconfiguration of Spanning Tree Protocol
Link Aggregation
- IEEE 802.3ad: Link Aggregation Control Protocol
- 802.3ad (LACP) support:
- Number of LAGs supported: 128
- Maximum number of ports per LAG: 8
- LAG load-sharing algorithm bridged or routed (unicast or multicast) traffic:
- IP: S/D IP
- TCP/UDP: S/D IP, S/D Port
- Non-IP: S/D MAC
- Tagged ports support in LAG
Layer 3 Features: IPv4
- Maximum number of ARP entries: 32,000
- Maximum number of IPv4 unicast routes in hardware: 32,650 prefixes; 32,150 host routes
- Maximum number of IPv4 multicast routes in hardware: 16,100 multicast routes
- Routing protocols: RIPv1/v2, OSPF, BGP, IS-IS
- Static routing
- Routing policy
- Bidirectional Forwarding Detection (BFD)
- L3 redundancy: Virtual Router Redundancy Protocol (VRRP)
- VRF-Lite
Layer 3 Features: IPv6
- Maximum number of neighbor discovery (ND) entries: 16,000
- Maximum number of IPv6 unicast routes in hardware: 16,200 prefixes; 16,050 host routes
- Maximum number of IPv6 multicast routes in hardware: 8000 multicast routes
- Routing protocols: RIPng, OSPFv3, IPv6, IS-IS
- Static routing
Access Control Lists (ACLs) (Junos OS Firewall Filters)
- ACL entries (ACE) in hardware per system:
- Port-based ACL (PACL) ingress: 4092
- VLAN-based ACL (VACL) ingress: 4092
- Router-based ACL (RACL) ingress: 4092
- Port-based ACL (PACL) egress: 1022
- VLAN-based ACL (VACL) egress: 511
- Egress across RACL: 1022
- ACL counter for denied packets
- ACL counter for permitted packets
- Ability to add/remove/change ACL entries in middle of list (ACL editing)
- L2-L4 ACL
Access Security
- 802.1X port-based
- 802.1X multiple supplicants
- 802.1X with VLAN assignment
- 802.1X with authentication bypass access (based on host MAC address)
- 802.1X with VoIP VLAN support
- 802.1X dynamic ACL based on RADIUS attributes
- 802.1X Supported Extensible Authentication Protocol (EAP) types: Message Digest 5 (MD5), Transport Layer Security (TLS), Tunneled TLS (TTLS), Protected Extensible Authenticated Protocol (PEAP)
- MAC authentication (RADIUS)
- Control plane DoS protection
- Radius functionality over IPv6 for authentication, authorization, and accounting (AAA)
- DHCPv6 snooping
- IPv6 neighbor discovery
- IPv6 source guard
- IPv6 router advertisement (RA) guard
- IPv6 Neighbor Discovery Inspection
High Availability
- GRES for Layer 2 hitless forwarding and Layer 3 protocols on RE failover
- Graceful protocol restart (OSPF, BGP)
- Layer 2 hitless forwarding on RE failover
- Nonstop bridging: LACP, xSTP
- Nonstop routing: PIM, OSPF v2 and v3, RIP v2, RIPng, BGP, BGPv6, IS-IS, IGMP v1, v2, v3
Quality of Service
- L2 QoS
- L3 QoS
- Ingress policing: 1 rate 2 color
- Hardware queues per port: 12 (8 unicast + 4 multicast)
- Scheduling methods (egress): Strict priority (SP), weighted deficit round-robin (WDRR)
- 802.1p, DiffServ code point (DSCP)/IP precedence trust and marking
- L2-L4 classification criteria: Interface, MAC address, Ethertype, 802.1p, VLAN, IP address, DSCP/IP precedence, TCP/UDP port numbers, and more
- Congestion avoidance capabilities: Tail drop, weighted random early detection (WRED)
Multicast
- IGMP: v1, v2, v3
- IGMP snooping
- Multicast Listener Discovery (MLD) snooping
- Protocol Independent Multicast-Sparse Mode (PIM-SM), PIM Source-Specific Mode (PIM-SSM), PIM Dense Mode (PIM-DM)
Management and Analytics Platforms
- Juniper Mist Wired Assurance for campus
- Junos Space® Network Director for campus
- Junos Space Management Applications
Device Management and Operations
- Junos OS CLI
- Out-of-band management: Serial; 10/100/1000BASE-T Ethernet
- Rescue configuration
- Configuration rollback
- Image rollback
- RMON (RFC2819) groups 1, 2, 3, 9
- Remote performance monitoring
- SNMP: v1, v2c, v3
- Network Time Protocol (NTP)
- DHCP server
- DHCP client and DHCP proxy
- DHCP relay and helper
- DHCP local server support
- RADIUS
- TACACS+
- SSHv2
- Secure copy
- HTTP/HTTPs
- Domain Name System (DNS) resolver
- System logging
- Temperature sensor
- Configuration backup via FTP/secure copy
Supported RFCs
- RFC 768 UDP
- RFC 783 TFTP
- RFC 791 IP
- RFC 792 ICMP
- RFC 793 TCP
- RFC 826 ARP
- RFC 854 Telnet client and server
- RFC 894 IP over Ethernet
- RFC 903 RARP
- RFC 906 TFTP Bootstrap
- RFC 951, 1542 BootP
- RFC 1027 Proxy ARP
- RFC 1058 RIP v1
- RFC 1112 IGMP v1
- RFC 1122 Host Requirements
- RFC 1195 Use of OSI IS-IS for Routing in TCP/IP and Dual Environments (TCP/IP transport only)
- RFC 1256 IPv4 ICMP Router Discovery (IRDP)
- RFC 1492 TACACS+RFC 1519 CIDR
- RFC 1587 OSPF NSSA Option
- RFC 1591 DNS
- RFC 1812 Requirements for IPv4 Routers
- RFC 1981 Path MTU Discovery for IPv6
- RFC 2030 SNTP, Simple Network Time Protocol
- RFC 2068 HTTP server
- RFC 2080 RIPng for IPv6
- RFC 2131 BOOTP/DHCP relay agent and DHCP server
- RFC 2138 RADIUS Authentication
- RFC 2139 RADIUS Accounting
- RFC 2154 OSPF w/Digital Signatures (password, MD-5)
- RFC 2236 IGMP v2
- RFC 2267 Network Ingress Filtering
- RFC 2328 OSPF v2 (edge-mode)
- RFC 2338 VRRP
- RFC 2362 PIM-SM (edge-mode)
- RFC 2370 OSPF Opaque LSA Option
- RFC 2453 RIP v2
- RFC 2460 Internet Protocol, Version 6 (IPv6) Specification
- RFC 2461 Neighbor Discovery for IP Version 6 (IPv6)
- RFC 2463 Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification
- RFC 2464 Transmission of IPv6 Packets over Ethernet Networks
- RFC 2474 DiffServ Precedence, including 12 queues/port
- RFC 2475 DiffServ Core and Edge Router Functions
- RFC 2526 Reserved IPv6 Subnet Anycast Addresses
- RFC 2597 DiffServ Assured Forwarding (AF)
- RFC 2598 DiffServ Expedited Forwarding (EF)
- RFC 2740 OSPF for IPv6
- RFC 2925 MIB for Remote Ping, Trace
- RFC 3176 sFlow
- RFC 3376 IGMP v3
- RFC 3484 Default Address Selection for Internet Protocol Version 6 (IPv6)
- RFC 3513 Internet Protocol Version 6 (IPv6) Addressing Architecture
- RFC 3569 draft-ietf-ssm-arch-06.txt PIM-SSM PIM Source Specific Multicast
- RFC 3579 RADIUS EAP support for 802.1x
- RFC 3618 Multicast Source Discovery Protocol (MSDP)
- RFC 3623 OSPF Graceful Restart
- RFC 4213 Basic Transition Mechanisms for IPv6 Hosts and Routers
- RFC 4291 IPv6 Addressing Architecture
- RFC 4443 ICMPv6 for the IPv6 Specification
- RFC 4541 IBMP and MLD snooping services
- RFC 4552 OSPFv3 Authentication
- RFC 4861 Neighbor Discovery for IPv6
- RFC 4862 IPv6 Stateless Address Autoconfiguration
- RFC 4915 MT-OSPF
- RFC 5095 Deprecation of Type 0 Routing Headers
- RFC 5176 Dynamic Authorization Extensions to RADIUS
- RFC 5798 VRRPv3 for IPv6
- Draft-ietf-bfd-base-05.txt Bidirectional Forwarding Detection
- Draft-ietf-idr-restart-10.txt Graceful Restart Mechanism
- Draft-ietf-isis-restart-02 Restart Signaling for IS-IS
- Draft-ietf-isis-wg-multi-topology-11 Multi Topology (MT) Routing in IS-IS for BGP
- Internet draft-ietf-isis-ipv6-06.txt, Routing IPv6 with IS-IS
- LLDP Media Endpoint Discovery (LLDP-MED), ANSI/ TIA-1057, draft 08
- PIM-DM Draft IETF PIM Dense Mode draft-ietf-idmr- pimdm-05.txt, draft-ietf-pim-dm-new-v2-04.txt
Supported MIBs
- RFC 1155 SMI
- RFC 1157 SNMPv1
- RFC 1212, RFC 1213, RFC 1215 MIB-II, Ethernet-Like MIB and TRAPs
- RFC 1493 Bridge MIB
- RFC 1643 Ethernet MIB
- RFC 1657 BGP-4 MIB
- RFC 1724 RIPv2 MIB
- RFC 1850 OSPFv2 MIB
- RFC 1905 RFC 1907 SNMP v2c, SMIv2 and Revised MIB-II
- RFC 2011 SNMPv2 for Internet Protocol using SMIv2
- RFC 2012 SNMPv2 for transmission control protocol using SMIv2
- RFC 2013 SNMPv2 for user datagram protocol suing SMIv2
- RFC 2096 IPv4 Forwarding Table MIB
- RFC 2287 System Application Packages MIB
- RFC 2570–2575 SNMPv3, user based security, encryption, and authentication
- RFC 2576 Coexistence between SNMP Version 1, Version 2, and Version 3
- RFC 2578 SNMP Structure of Management Information MIB
- RFC 2579 SNMP Textual Conventions for SMIv2
- RFC 2665 Ethernet-like interface MIB
- RFC 2787 VRRP MIB
- RFC 2819 RMON MIB
- RFC 2863 Interface Group MIB
- RFC 2863 Interface MIB
- RFC 2922 LLDP MIB
- RFC 2925 Ping/Traceroute MIB
- RFC 2932 IPv4 Multicast MIB
- RFC 3413 SNMP Application MIB
- RFC 3414 User-based Security model for SNMPv3
- RFC 3415 View-based Access Control Model for SNMP
- RFC 3621 PoE-MIB (PoE switches only)
- RFC 4188 STP and Extensions MIB
- RFC 4363 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and VLAN extensions
- RFC 5643 OSPF v3 MIB support
- Draft – blumenthal – aes – usm - 08
- Draft – reeder - snmpv3 – usm - 3desede -00
- Draft-ietf-bfd-mib-02.txt
- Draft-ietf-idmr-igmp-mib-13
- Draft-ietf-idmr-pim-mib-09
- Draft-ietf-idr-bgp4-mibv2-02.txt – Enhanced BGP-4 MIB
- Draft-ietf-isis-wg-mib-07
Troubleshooting
- Debugging: CLI via console, Telnet, or SSH
- Diagnostics: Show and debug command, statistics
- Traffic mirroring (port)
- Traffic mirroring (VLAN)
- IP tools: Extended ping and trace
- Juniper Networks commit and rollback
Traffic Monitoring
- ACL-based mirroring
- Mirroring destination ports per system: 4
- LAG port monitoring
- Multiple destination ports monitored to 1 mirror (N:1)
- Maximum number of mirroring sessions: 4
- Mirroring to remote destination (over L2): 1 destination VLAN
Safety and Compliance
Electromagnetic Compatibility (EMC) Requirements
- FCC 47 CFR Part 15
- ICES-003 / ICES-GEN
- EN 300 386 V1.6.1
- EN 300 386 V2.1.1
- EN 55032
- CISPR 32
- EN 55024
- CISPR 24
- EN 55035
- CISPR 35
- IEC/EN 61000 Series
- AS/NZS CISPR 32
- VCCI-CISPR 32
- BSMI CNS 13438
- KN 32 and KN 35
- KN 61000 Series
- TEC/SD/DD/EMC-221/05/OCT-16
- TCVN 7189
- TCVN 7317
Safety Requirements Chassis and Optics
- CAN/CSA-C22.2 No. 62368-1 and 60950-1
- UL 62368-1 and 60950-1
- IEC 62368-1 and 60950-1 (All country deviations): CB Scheme report
- IEC 62368-3 for USB and PoE: CB Scheme report
- CFR, Title 21, Chapter 1, Subchapter J, Part 1040
- REDR c 1370 OR CAN/CSA-E 60825-1- Part 1
- IEC 60825-1
- IEC 60825-2
Energy Efficiency
- AT&T TEER (ATIS-06000015.03.2013)
- ECR 3.0.1
- ETSI ES 203 136 V.1.1.1
- Verizon TEEER (VZ.TPR.9205)
Environmental
- Reduction of Hazardous Substances (ROHS) 6/6
Telco
- CLEI code
Noise Specifications
- Max Noise measurements based on operational tests taken from bystander position (front) and performed at 23° C in compliance with ISO 7779.
Table 3: Acoustic in dBAModel Number Acoustics Noise (dBA) EX4100-F-12T NA EX4100-F-12P NA EX4100-F-24T 35.4 EX4100-F-24P 45.1 EX4100-F-48T 37.1 EX4100-F-48P 46.5 Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.Ordering Information
Product Description EX4100-F-12T 12-port 10/100/1000BASE-T switch, 2x100Mb/1GbE/2.5GbE/5GbE/10GbE uplinks, 4x10GbE stacking/uplink ports, with Standard SW, 0ptics sold separately EX4100-F-12P 12-port 10/100/1000BASE-T PoE+ switch, 2x100Mb/1GbE/2.5GbE/5GbE/10GbE uplinks, 4x10GbE stacking/uplink ports, with Standard SW, optics sold separately EX4100-F-24T 24-port 10/100/1000BASE-T switch, 4x1GbE/10GbE SFP/SFP+ uplinks, 4x10GbE stacking/uplink ports, with Standard SW, optics sold separately, TAA compliant EX4100-F-24P 24-port 10/100/1000BASE-T PoE+ switch, 4x1GbE/10GbE SFP/SFP+ uplinks, 4x10GbE stacking/uplink ports, with Standard SW, optics sold separately, TAA compliant EX4100-F-48T 48-port 10/100/1000BASE-T switch, 4x1GbE/10GbE SFP/SFP+ uplinks, 4x10GbE stacking/uplink ports, with Standard SW, optics sold separately, TAA compliant EX4100-F-48P 48-port 10/100/1000BASE-T PoE+ switch, 4x1GbE/10GbE SFP/SFP+ uplinks, 4x10GbE stacking/uplink ports, with Standard SW, optics sold separately, TAA compliant Perpetual Licenses S-EX-A-C1-P Software, EX Series Advanced license, Class 1 (12 ports), Perpetual license for EX4100-F 12-port switches S-EX-P-C1-P Software, EX Series Premium license, Class 1 (12 ports), Perpetual license for EX4100-F 12-port switches S-EX-A-C2-P Software, EX Series Advanced license, Class 2 (24 ports), Perpetual license for EX4100-F 24-port switches S-EX-P-C2-P Software, EX Series Premium license, Class 2 (24 ports), Perpetual license for EX4100-F 24-port switches S-EX-A-C3-P Software, EX Series Advanced license, Class 3 (32 or 48 ports), Perpetual license for EX4100-F 48-port switches S-EX-P-C3-P Software, EX Series Premium license, Class 3 (32 or 48 ports), Perpetual license for EX4100-F 48-port switches S-EX4100-F-FBT-P Software, EX Series Flow Based Telemetry license, Perpetual license for all EX4100-F switches Subscription Licenses S-EX-A-C1-1 Software, EX Series Advanced license, Class 1 (12 ports), includes Juniper Mist Wired Assurance and VNA subscription for EX Series 12-port switches, 1 year S-EX-A-C1-3 Software, EX Series Advanced license, Class 1 (12 ports), includes Juniper Mist Wired Assurance and VNA subscription for EX Series 12-port switches, 3 year S-EX-A-C1-5 -
Overview:
The EX4400 line of Ethernet access switches offers secure, cloud-ready access for enterprise campus, branch, and data center networks for the AI era and optimized for the cloud. The platforms boost network performance and visibility, meeting the security demands of today as well as for networks of the next decade. As part of the underlying infrastructure for Juniper Mist Wired Assurance, the EX4400 is purpose-built for, and managed by, the cloud. The switch leverages Mist AI to simplify operations and provide better visibility into the experience of connected devices, delivering a refreshing, user experience-first approach to access layer switching. The Juniper Networks EX4400 line of Ethernet switches offers a secure, cloud-ready portfolio of access switches ideal for enterprise branch, campus, and data center networks. The EX4400 switches combine the simplicity of the cloud, the power of Mist AI™, and a robust hardware foundation with best-in-class security and performance to deliver a differentiated approach to access switching in the cloud, mobile, and IoT era. With Juniper Mist™ Wired Assurance, the EX4400 can be effortlessly onboarded, configured, and managed from the cloud. This simplifies operations, improves visibility, and ensures a much better experience for connected devices. Key features of the EX4400 include:- Cloud-ready, driven by Mist AI with Juniper Mist Wired Assurance and Marvis Virtual Network Assistant
- Ethernet VPN–Virtual Extensible LAN (EVPN-VXLAN) to the access layer
- End-to-end encryption using Media Access Control Security (MACsec) AES256
- IEEE 802.3bt Power over Ethernet (PoE++)
- Standards-based microsegmentation using group-based policies (GBP)
- Flow-based telemetry to monitor traffic flows for anomaly detection
- 10-member Virtual Chassis support
- The EX4400-48MP, which offers 12 x 100M/1/2.5/5/10GbE GbE and 36 x 100M/1/2.5GbE PoE access ports, delivering up to 90 W per PoE port with an overall total 2200 W of PoE power budget (using two power supplies)
- The EX4400-24MP, which offers 24 x 100M/1/2.5/5/10GbE PoE access ports, delivering up to 90 W per port with an overall total 1800 W of PoE power budget (using two power supplies)
- The EX4400-48F, which offers 12 x 10GbE SFP+ and 36 x 1GbE SFP fiber access ports
- The EX4400-24T, which offers 24 x 1GbE non-PoE access ports
- The EX4400-24P, which offers 24 x 1GbE PoE access ports, delivering up to 90 W per port with an overall total 1440W of PoE power budget (using two power supplies)
- The EX4400-48T, which offers 48 x 1GbE non PoE-access ports
- The EX4400-48P, which offers 48 x 1GbE PoE access ports, delivering up to 90 W per port with an overall total 1800W of PoE power budget (using two power supplies)
Architecture and Key Components:
Cloud Management with Juniper Mist Wired Assurance Driven by Mist AI
EX4400 switches can be quickly and easily onboarded (Day 0), provisioned (Day 1), and managed (Day 2+) from the cloud with Juniper Mist Wired Assurance, which brings AI-powered automation and insights that optimize experiences for endusers and connected devices. The EX4400 provides the rich Junos® operating system telemetry data for Mist AI, which helps achieve simpler operations, shorter mean time to repair (MTTR), and streamlined troubleshooting. As a complementary service to Juniper Mist Wired Assurance, Marvis Virtual Network Assistant—a key part of The SelfDriving Network™—makes the Mist AI engine interactive. A digital extension of the IT team, Marvis offers automatic fixes or recommended actions, allowing IT teams to streamline how they troubleshoot and manage their network operations.EVPN-VXLAN Technology
Most traditional campus networks have used a single-vendor, chassis-based architecture that worked well for smaller, static campuses with few endpoints. However, this approach is too rigid to support the scalability and changing needs of modern campus networks. The EX4400 supports EVPNVXLAN, extending an end-to-end fabric from campus core to distribution to the access layer. An EVPN-VXLAN fabric is a simple, programmable, highly scalable architecture built on open standards. This technology can be applied in both data centers and campuses for architectural consistency. A campus EVPN-VXLAN architecture uses a Layer 3 IP-based underlay network and an EVPN-VXLAN overlay network. A flexible overlay network based on a VXLAN overlay with an EVPN control plane efficiently provides Layer 2 and/or Layer 3 connectivity throughout the network. EVPNVXLAN also offers a scalable way to build and interconnect multiple campus sites, delivering:- Greater consistency and scalability across all network layers
- Multivendor deployment support
- Reduced flooding and learning
- Location-agnostic connectivity
- Consistent network segmentation
- Simplified management
Virtual Chassis Technology
Juniper’s Virtual Chassis technology allows multiple interconnected switches to operate as a single, logical unit, enabling users to manage all platforms as one virtual device. Up to 10 EX4400 switches can be interconnected as a Virtual Chassis using two dedicated 100GbE rear-panel ports. Although configured as Virtual Chassis ports by default, the 100GbE uplinks can also be channelized as 4 x 10GbE/25GbE Ethernet uplink ports. The EX4400 switches can form a Virtual Chassis with any other models within the EX4400 product line.
Figure 1: EX4400 Virtual Chassis configuration interconnected via dedicated rear-panel 100GbE portsMicrosegmentation Using Group-Based Policy
Group-based policies (GBP) leverage underlying VXLAN technology to provide location-agnostic endpoint access control. This allows network administrators to implement consistent security policies across the enterprise network domains. The EX4400 supports a standards-based GBP solution, allowing different levels of access control for endpoints and applications even within the same VLAN. Customers can simplify their network configuration by using GBP, avoiding the need to configure large numbers of firewall filters on all their switches. GBP can block lateral threats by ensuring consistent application of security group policies throughout the network, regardless of the location of endpoints and/or users.Flow-Based Telemetry
Flow-based telemetry enables flow-level analytics, allowing network administrators to monitor thousands of traffic flows on the EX4400 without burdening the CPU. This improves network security by monitoring, baselining, and detecting flow anomalies. For example, if predefined flow thresholds are breached due to an attack, IP Flow Information Export (IPFIX) alerts can be sent to an external server so the attack can be quickly identified and remedial action initiated. Network administrators can automate specific workflows, such as further examining the traffic or quarantining a port, to triage the issue.Features and Benefits:
Simplified Operations with Juniper Mist Wired Assurance
The EX4400 is fully cloud onboarded, provisioned, and managed by Juniper Mist Wired Assurance. The EX4400 is designed from the ground up to deliver the rich telemetry that enables AI for IT Operations (AIOps) with simplified operations from Day 0 to Day 2 and beyond. Juniper Mist Wired Assurance provides detailed switch insights for easier troubleshooting and improved time to resolution.Seamless Onboarding with Simplified Configuration and Automation (Day 0/1)
- Claim a greenfield switch or adopt a brownfield switch with a single activation code for true plug-and-play simplicity
- Learn the connectivity status of the switch without logging into a console via the cloud LED
- Implement a template-based configuration model for bulk rollouts while retaining the flexibility and control required to apply custom site- or switch-specific attributes
- Provision device and port profiles manually or automatically (dynamic port profiles)
- Automate troubleshooting, ticketing, and more with support for open APIs for third-party integrations
AI-Driven Operations (Day 2+)
- Monitor and measure wired service-level expectations such as throughput, successful connects, and switch health with key pre- and post-connection metrics (see Figure 2)
- Get insights into how switches are performing with devicelevel metrics such as CPU, memory utilization, and Virtual Chassis status
- Leverage Marvis Actions for self-driving capabilities to detect Spanning Tree Protocol (STP) loops, add missing VLANs, fix misconfigured ports, or identify bad cables (see Figure 3)
Figure 2: Juniper Mist Wired Assurance service-level expectations screen
Figure 3: Marvis Actions for wired switchesCampus Fabric Deployments
EVPN-VXLAN for Campus Core, Distribution, and Access
The EX4400 switches can be deployed in campus and branch access layer networks or as top-of-rack switches in data center environments using 10GbE/25GbE uplinks to support technologies such as EVPN multihoming. Juniper’s campus fabrics support the following validated architectures:- EVPN multihoming (collapsed core or distribution): A collapsed core architecture combines the core and distribution layers into a single switch, turning the traditional three-tier hierarchal network into a two-tier network. This eliminates the need for STP across the campus network by providing multihoming capabilities from the access to the core layer.
- Core/distribution: A pair of interconnected EX Series core or distribution switches provide L2 EVPN and L3 VXLAN gateway support. The IP Clos network between the distribution and core layers offers two modes: centrally or edge routed bridging overlay.
- IP Clos: The IP Clos architecture pushes VXLAN Layer 2 gateway functionality to the access layer. This model is also referred to as “end-to-end,” given that VXLAN tunnels are terminated at the access layer where the EX4400 is deployed.
Chassis-Class Availability
The EX4400 switches deliver high availability through redundant power supplies and fans, graceful Routing Engine switchover (GRES), and nonstop bridging and routing when deployed in a Virtual Chassis configuration. In a Virtual Chassis configuration, each EX4400 switch is capable of functioning as a Routing Engine. When two or more EX4400 switches are interconnected, a single control plane is shared among all Virtual Chassis member switches. Junos OS automatically initiates an election process to assign a master (active) and backup (hot-standby) RE. An integrated L2 and L3 GRES feature maintains uninterrupted access to applications, services, and IP communications in the unlikely event of a primary RE failure. When more than two switches are interconnected in a Virtual Chassis configuration, the remaining switch elements act as line cards and are available to assume the backup RE position should the designated master fail. Master, backup, and line card priority status can be assigned to dictate the order of ascension; this N+1 RE redundancy, coupled with the GRES, nonstop active routing (NSR), and nonstop bridging (NSB) capabilities of Junos OS, assures a smooth transfer of control plane functions following unexpected failures. The EX4400 implements the same slot/module/port numbering schema as other Juniper Networks chassis-based products when numbering Virtual Chassis ports, providing true chassislike operations. By using a consistent operating system and a single configuration file, all switches in a Virtual Chassis configuration are treated as a single device, simplifying overall system maintenance and management. Individually, the EX4400 offers a number of HA features that are typically associated with modular chassis-based switches. When combined with the field-proven Junos OS and L2/L3 failover capabilities, these features provide the EX4400 with true carrier-class reliability.- Redundant power supplies: The EX4400 line of Ethernet switches supports redundant, load-sharing, hot-swappable, and field-replaceable power supplies to maintain uninterrupted operations. Thanks to its compact footprint, the EX4400 requires significantly less power than chassisbased switches delivering equivalent port densities.
- Hot-swappable fans: The EX4400 includes hot-swappable fans, providing sufficient cooling (for a short duration) even if one of the fans were to fail.
- Nonstop bridging and nonstop active routing: NSB and NSR on the EX4400 ensure that control plane protocols, states, and tables are synchronized between primary and standby REs to prevent protocol flaps or convergence issues following a Routing Engine failover.
- Redundant trunk group (RTG): To avoid the complexities of Spanning Tree Protocol (STP) without sacrificing network resiliency, the EX4400 employs redundant trunk groups to provide the necessary port redundancy and simplify switch configuration.
- Cross-member link aggregation: Cross-member link aggregation allows redundant link aggregation connections between devices in a single Virtual Chassis configuration, providing an additional level of reliability and availability.
- IPv4 and IPv6 routing support: IPv4 and IPv6 Layer 3 routing (OSPF and BGP) is available with an Enhanced license, enabling highly resilient networks.
Figure 4: Campus fabrics showing Virtual Chassis and EVPN-VXLAN-based architecturesMACsec AES256
The EX4400 switches support IEEE 802.1ae MACsec with AES256-bit encryption to increase security of point-to-point traffic communications. MACsec provides encrypted communication at the link layer that is capable of identifying and preventing threats from denial of service (DoS) and other intrusion attacks, as well as man-in-the-middle, masquerading, passive wiretapping, and playback attacks launched from behind the firewall. When MACsec is deployed on all ports, the traffic is encrypted on the wire, but the traffic inside the switch is not. This allows the switch to apply network policies such as quality of service (QoS) or deep packet inspection (DPI) to each packet without compromising the security of packets on the wire. On the EX4400 switches, the MACsec AES-256 encryption capability is supported on all user-facing interfaces as well as the 10/25Gbe extension modules.PoE/PoE+/Poe++ Power and Fast PoE
The EX4400 delivers PoE for supporting connected devices such as phones, surveillance cameras, IoT devices, and 802.11AX/Wi-Fi 6 access points, offering a PoE power budget of up to 1800 W and supporting up to 90 W per port based on the IEEE 802.3bt PoE standard. The EX4400 switches also support a fast PoE capability that delivers PoE power to connected endpoints during a switch reboot, even before the switch is fully operational. This is especially beneficial in situations where the endpoint only needs the power and is not necessarily dependent on network connectivity.Junos Telemetry Interface
The EX4400 supports Junos telemetry interface (JTI), a modern telemetry streaming feature designed for switch health and performance monitoring. Sensor data can be streamed at configurable periodic intervals to a management system, enabling network administrators to monitor individual link and node utilization as well as troubleshoot issues such as network congestion in real time. JTI delivers the following features:- Performance management by provisioning sensors to collect and stream data and analyze application and workload flow paths through the network
- Capacity planning and optimization by proactively detecting hotspots and monitoring latency and microbursts
- Troubleshooting and root cause analysis via high-frequency monitoring and correlation of overlay and underlay networks
Junos Operating System
The EX4400 switches run Junos OS, Juniper’s powerful and robust network operating system that powers all Juniper switches, routers, and firewalls. By utilizing a common operating system, Juniper delivers a consistent implementation and operation of control plane features across all products. To maintain that consistency, Junos OS adheres to a highly disciplined development process that uses a single source code and employs a highly available modular architecture that prevents isolated failures from bringing down an entire system. These attributes are fundamental to the core value of the software, enabling all Junos OS-powered products to be updated simultaneously with the same software release. All features are fully regression tested, making each new release a true superset of the previous version. Customers can deploy the software with complete confidence that all existing capabilities are maintained and operate in the same way.Flex Licensing
Juniper Flex licensing offers a common, simple, and flexible licensing model for EX Series access switches, enabling customers to purchase features based on their network and business needs. Flex licensing is offered in Standard, Advanced, and Premium tiers. Standard tier features are available with the Junos OS image that ships with EX Series switches. Additional features can be unlocked with the purchase of a Flex Advanced or Flex Premium license. The Flex and Premium licenses for the EX Series platforms are class-based, determined by the number of access ports on the switch. Class 1 (C1) switches have 12 ports, Class 2 (C2) switches have 24 ports, and Class 3 (C3) switches have 32 or 48 ports. The EX4400 switches support both subscription and perpetual Flex licenses. Subscription licenses are offered for three- and five-year terms. In addition to Junos OS features, the Flex Advanced and Premium subscription licenses include Juniper Mist Wired Assurance. Flex Advanced and Premium subscription licenses also allow portability across the same tier and class of switches, ensuring investment protection for the customer.Product Options:
EX4400 Line of Ethernet Switches Model: Access Port Configuration PoE++ Ports PoE++ Budget 1 PSU/2 PSU 10GbE Ports (max. with module) 25GbE Ports (max. with module) 100GbE ports Power Supply Rating Cooling EX4400-48P 48-port 10/100/1000BASE-T 48 1290 W/ 1800 W 0 (4) 0 (4) 2 1600 W AC AFO (Front-toback airflow) EX4400-24P 24-port 10/100/1000BASE-T 24 788 W/ 1440 W 0 (4) 0 (4) 2 1050 W AC AFO (Front-to-back airflow ) EX4400-48T 48-port 10/100/1000BASE-T 0 N/A 0 (4) 0 (4) 2 550 W AC AFO (Front-to-back airflow ) EX4400-24T 24-port 10/100/1000BASE-T 0 N/A 0 (4) 0 (4) 2 550 W AC AFO (Front-to-back airflow ) EX4400-48F 48-port 10/100/1000BASE-T 0 N/A 12 (16) 0 (4) 2 550 W AC AFO (Front-to-back airflow ) EX4400-24MP 24x-port 100M/1/2.5/5/10GbE 24 780 W/ 1800 W 24 (28) 0 (4) 2 1050 W AC AFO (Front-to- back airflow) EX4400-48MP 48-port GbE (12x100M/1/2.5/5/10GbE + 36x100M/1/2.5GbE 48 1300 W/ 2200 W 12 (16) 0 (4) 2 1600 W AC AFO (Front-to- back airflow) EX4400-48T-AFI 48-port 10/100/1000BASE-T 0 N/A 0 (4) 0 (4) 2 550 W AC AFI (Back-to-front airflow) EX4400-24T-AFI 24-port 10/100/1000BASE-T 0 N/A 0 (4) 0 (4) 2 550 W AC AFI (Back-to-front airflow) EX4400-48T-DC 48-port 10/100/1000BASE-T 0 N/A 0 (4) 0 (4) 2 550 W DC AFO (Front-to-back airflow) EX4400-48T-DC-AFI 48-port 10/100/1000BASE-T 0 N/A 0 (4) 0 (4) 2 550 W DC AFI (Back-to-front airflow) EX4400-24T-DC 24-port 10/100/1000BASE-T 0 N/A 0 (4) 0 (4) 2 550 W DC AFO (Front-to-back airflow) EX4400-24T-DC-AFI 24-port 10/100/1000BASE-T 0 N/A 0 (4) 0 (4) 2 550 W DC AFI (Back-to-front airflow) EX4400-48F-AFI 12-port 1000/10000BASE-X + 36-port 100/1000BASE-X 0 N/A 12 (16) 0 (4) 2 550 W AC AFI (Back-to-front airflow) EX4400-48F-DC-AFI 12-port 1000/10000BASE-X + 36-port 100/1000BASE-X 0 N/A 12 (16) 0 (4) 2 550 W DC AFI (Back-to-front airflow) EX4400-48F-DC 12-port 1000/10000BASE-X + 36-port 100/1000BASE-X 0 N/A 12 (16) 0 (4) 2 550 W DC AFO (Front-to-back airflow) EX4400 Spare Chassis SKUs
The EX4400 also offers spare chassis options without power supplies or fans, providing customers with the flexibility to stock SKUs. See the Ordering Information section for additional details.EX4400 Spare Chassis SKUs Spare Chassis SKU Description JPSU-550- C-AC-AFO + EX4400-FAN JPSU-550- C-AC-AFI + EX4400-FANAFI JPSU-550- C-DC-AFO + EX4400-FAN JPSU-550- C-DC-AFI + EX4400-FAN-AFI JPSU-1050- C-AC-AFO + EX4400-FAN JPSU-1600- C-AC-AFO + EX4400-FAN EX4400-48P-S Spare chassis, 48-port 10/100/1000BASE-T X X X X X Y EX4400-24P-S Spare chassis, 24-port 10/100/1000BASE-T X X X X Y X EX4400-48T-S Spare chassis, 48-port 10/100/1000BASE-T Y Y Y Y X X EX4400-24T-S Spare chassis, 24-port 10/100/1000BASE-T Y Y Y Y X X EX4400-48F-S Spare chassis, 12-port 1000/10000BASE-X + 36-port 100/1000BASE-X Y Y Y Y X X EX4400-24MP-S Spare chassis, 24x100M/ 1/2.5/5/10GbE ports Y X X X X X EX4400-48MP-S Spare chassis, 12 x 100M/1/2.5/5/10GbE + 36x100M/1/2.5GbE ports X Y X X X X Y = supported; X = not supported
Specifications:
Model: EX4400-24P Physical Specifications Backplane 400 Gbps Virtual Chassis interconnect to combine up to 10 units as a single logical device Extension Module Options - EX4400-EM-4S, 4 port SFP+
- EX4400-EM-4Y, 4 port SFP28
Dimensions (W x H x D) - With power supply installed: 17.39 x 1.72 x 16.93 in. (44.17 x 4.37 x 43 cm)
- With power supply, extension module, and fan module: 17.39 x 1.72 x 17.26 in. (44.17 x 4.37 x 43.84 cm)
- Height: 1 U
Weight - EX4400 switch (with no power supply or fan module): 13.01 lb (5.9 kg)
- 550 W AC power supply: 1.76 lb (0.8 kg)
- 550 W DC power supply: 1.65 lb (0.75 kg)
- 1050 W AC power supply: 1.98 lb (0.9 kg)
- 1600 W AC power supply: 2.0 lb (0.91 kg)
- EX4400-EM-4S: 0.2 lb (0.09 kg)
- EX4400-EM-4Y: 0.29 lb (0.13kg)
- Fan module: 0.26 lb (0.12 kg)
Hardware Specifications Switching Engine Model Store and forward Memory - DRAM: 4 GB with Error Correcting Code (ECC) on all models
- Storage: 20 GB on all models
CPU 2.2 GHz Quad-Core Intel x86 CPU GbE port density per system - 30 (24 1GbE host ports + 2 100GbE ports + optional 4 port 1GbE/10GbE or 10/25GbE extension module)
- 100GbE port density per system:
- All models: 2
Physical Layer - Time domain reflectometry (TDR) for detecting cable breaks and shorts
- Auto medium-dependent interface/medium-dependent interface crossover (MDI/MDIX) support
- Port speed downshift/setting maximum advertised speed on 10/100/1000BASE-T ports
- Digital optical monitoring for optical ports
Packet Switching Capacities (Maximum with 64 Byte Packets) 324 Gbps (unidirectional)/648 Gbps (bidirectional) Power Options Power Supply Rating Autosensing; 100-120 V/200-240 V; 550 W, 1050 W, 1600 W AC AFO and 550 W AC AFI dual load sharing hot-swappable internal redundant power supplies Maximum Current Inrush 30 amps DC power supply 550 W DC AFO and 550 W DC AFI; input voltage range 48-60 V max; dual load-sharing hotswappable internal redundant power supplies Minimum number of PSUs required for fully loaded chassis 1 per switch Environment Operating Temperature 32° to 113° F (0º to 45º C) Storage Temperature -40º to 158º F (-40º to 70º C) Relative Humidity (Operating) 5% to 90% (noncondensing) Relative Humidity (Non-Operating) 0% to 90% (noncondensing) Altitude (Operating) Up to 6000 ft at 40° C (1828.8m) Altitude (Non-Operating) Up to 16,000 ft (4,877 m) Cooling Field-replaceable fans 2 Total maximum airflow throughput with two power supplies 61 CFM Safety and Compliance Electromagnetic Compatibility (EMC) Requirements - FCC 47 CFR Part 15
- ICES-003 / ICES-GEN
- EN 300 386 V1.6.1
- EN 300 386 V2.1.1
- EN 55032
- CISPR 32
- EN 55024
- CISPR 24
- EN 55035
- CISPR 35
- IEC/EN 61000 Series
- AS/NZS CISPR 32
- VCCI-CISPR 32
- BSMI CNS 13438
- KN 32 and KN 35
- KN 61000 Series
- TEC/SD/DD/EMC-221/05/OCT-16
- TCVN 7189
- TCVN 7317
Safety Requirements Chassis and Optics - CAN/CSA-C22.2 No. 62368-1 and 60950-1
- UL 62368-1 and 60950-1
- IEC 62368-1 and 60950-1 (All country deviations): CB Scheme report
- IEC 62368-3 for USB and PoE: CB Scheme report
- CFR, Title 21, Chapter 1, Subchapter J, Part 1040
- REDR c 1370 OR CAN/CSA-E 60825-1- Part 1
- IEC 60825-1
- IEC 60825-2
Energy Efficiency - AT&T TEER (ATIS-06000015.03.2013)
- ECR 3.0.1
- ETSI ES 203 136 V.1.1.1
- Verizon TEEER (VZ.TPR.9205)
Environmental Reduction of Hazardous Substances (ROHS) 6/6 Telco CLEI code Noise Specifications Noise measurements based on operational tests taken from bystander position (front) and performed at 23° C in compliance with ISO 7779 Additional Feature Specifications:
Security- MAC limiting (per port and per VLAN)
- Allowed MAC addresses: 112,000
- Dynamic Address Resolution Protocol (ARP) inspection (DAI)
- IP source guard
- Local proxy ARP
- Static ARP support
- Dynamic Host Configuration Protocol (DHCP) snooping
- Captive portal
- Persistent MAC address configurations
- Distributed denial of service (DDoS) protection (CPU control path flooding protection)
- Maximum MAC addresses per system: 112,000
- Jumbo frames: 9,216 Bytes
- Number of VLANs: 4,093
- Range of possible VLAN IDs: 1 to 4094
- Virtual Spanning Tree (VST) instances: 510
- Port-based VLAN
- Voice VLAN
- Physical port redundancy: Redundant trunk group (RTG)
- Compatible with Per-VLAN Spanning Tree Plus (PVST+)
- Routed VLAN Interface (RVI)
- Uplink Failure Detection (UFD)
- ITU-T G.8032 Ethernet Ring Protection Switching
- IEEE 802.1AB: Link Layer Discovery Protocol (LLDP)
- LLDP-MED with VoIP integration
- Default VLAN and multiple VLAN range support
- MAC learning deactivate
- Persistent MAC learning (sticky MAC)
- MAC notification
- Private VLANs (PVLANs)
- Explicit congestion notification (ECN)
- Layer 2 protocol tunneling (L2PT)
- IEEE 802.1ak: Multiple VLAN Registration Protocol (MVRP)
- IEEE 802.1p: CoS prioritization
- IEEE 802.1Q: VLAN tagging
- IEEE 802.1X: Port Access Control
- IEEE 802.1ak: Multiple Registration Protocol
- IEEE 802.3: 10BASE-T
- IEEE 802.3u: 100BASE-T
- IEEE 802.3ab: 1000BASE-T
- IEEE 802.3z: 1000BASE-X
- IEEE 802.3ae: 10-Gigabit Ethernet
- IEEE 802.3by: 25-Gigabit Ethernett
- IEEE 802.3af: Power over Ethernet
- IEEE 802.3at: Power over Ethernet Plus
- IEEE 802.3bt: 90 W Power over Ethernet
- IEEE 802.3x: Pause Frames/Flow Control
- IEEE 802.3ah: Ethernet in the First Mile
- IEEE 802.1D: Spanning Tree Protocol
- IEEE 802.1s: Multiple instances of Spanning Tree Protocol (MSTP)
- Number of MST instances supported: 64
- Number of VLAN Spanning Tree Protocol (VSTP) instances supported: 510
- IEEE 802.1w: Rapid reconfiguration of Spanning Tree Protocol
- IEEE 802.3ad: Link Aggregation Control Protocol
- 802.3ad (LACP) support:
- Number of LAGs supported: 128
- Maximum number of ports per LAG: 16
- LAG load-sharing algorithm bridged or routed (unicast or multicast) traffic:
- IP: S/D IP
- TCP/UDP: S/D IP, S/D Port
- Non-IP: S/D MAC
- Tagged ports support in LAG
- Maximum number of ARP entries: 24,000
- Maximum number of IPv4 unicast routes in hardware: 130,048 prefixes; 81,000 host routes
- Maximum number of IPv4 multicast routes in hardware: 40,000 multicast routes
- Routing protocols: RIPv1/v2, OSPF, BGP, IS-IS
- Static routing
- Routing policy
- Bidirectional Forwarding Detection (BFD)
- Layer 3 redundancy: Virtual Router Redundancy Protocol (VRRP)
- VRF-Lite
- Maximum number of Neighbor Discovery (ND) entries: 12,000
- Maximum number of IPv6 unicast routes in hardware: 87,000 prefixes; 40,000 host routes
- Maximum number of IPv6 multicast routes in hardware: 20,000 multicast routes
- Routing protocols: RIPng, OSPFv3, IPv6, ISIS
- Static routing
- Port-based ACL (PACL): Ingress and egress
- VLAN-based ACL (VACL): Ingress and egress
- Router-based ACL (RACL): Ingress and egress
- ACL entries (ACE) in hardware per system:
- Port-based ACL (PACL) ingress: 2048
- VLAN-based ACL (VACL) ingress: 2048
- Router-based ACL (RACL) ingress: 2048
- Egress shared across PACL and VACL: 512
- Egress across RACL: 1024
- ACL counter for denied packets
- ACL counter for permitted packets
- Ability to add/remove/change ACL entries in middle of list (ACL editing)
- L2-L4 ACL
- 802.1X port-based
- 802.1X multiple supplicants
- 802.1X with VLAN assignment
- 802.1X with authentication bypass access (based on host MAC address)
- 802.1X with VoIP VLAN support
- 802.1X dynamic ACL based on RADIUS attributes
- 802.1X Supported Extensible Authentication Protocol (EAP types): Message Digest 5 (MD5), Transport Layer Security (TLS), Tunneled TLS (TTLS), Protected Extensible Authenticated Protocol (PEAP)
- MAC authentication (RADIUS)
- Control plane DoS protection
- Radius functionality over IPv6 for authentication, authorization, and accounting (AAA)
- DHCPv6 snooping
- IPv6 neighbor discovery
- IPv6 source guard
- IPv6 RA guard
- IPv6 Neighbor Discovery Inspection
- Media Access Control security (MACsec)
- Redundant, hot-swappable power supplies
- Redundant, field-replaceable, hot-swappable fans
- Graceful Routing Engine switchover (GRES) for Layer 2 hitless forwarding and Layer 3 protocols on RE failover
- Graceful protocol restart (OSPF, BGP)
- Layer 2 hitless forwarding on RE failover
- Non-Stop Bridging - LACP, xSTP
- Non-Stop Routing - PIM, OSPF v2 and v3, RIP v2, RIPnG, BGP, BGPv6, ISIS, IGMP v1, v2, v3
- Online insertion and removal (OIR) uplink module
- Layer 2 QoS
- Layer 3 QoS
- Ingress policing: 1 rate 2 color
- Hardware queues per port: 12 (8 unicast + 4 multicast)
- Scheduling methods (egress): Strict priority (SP), weighted deficit round robin (wDRR)
- 802.1p, DiffCode (DSCP)/IP Precedence trust and marking
- L2-L4 classification criteria: Interface, MAC address, Ethertype, 802.1p, VLAN, IP address, DSCP/IP Precedence, TCP/UDP port numbers, and more
- Congestion avoidance capabilities: Tail drop, weighted random early detection (wRED)
- IGMP: v1, v2, v3
- IGMP snooping
- Multicast Listener Discovery (MLD) snooping
- Protocol Independent Multicast-Sparse Mode (PIM-SM), PIM Source-Specific Mode (PIM-SSM), PIM Dense Mode (PIM-DM)
- ACL-based mirroring
- Mirroring destination ports per system: 1
- LAG port monitoring
- Multiple destination ports monitored to 1 mirror (N:1)
- Maximum number of mirroring sessions: 4
- Mirroring to remote destination (over L2): 1 destination VLAN
Services and Manageability- Juniper Mist Wired Assurance
- Junos OS CLI
- Junos Space Management Applications
- Junos Space Network Director
- Junos Space Service Now for automated fault detection, simplified trouble ticket management, and streamlined operations
- Out-of-band management: Serial; 10/100/1000BASE-T Ethernet
- ASCII configuration
- Rescue configuration
- Configuration rollback
- Image rollback
- RMON (RFC2819) groups 1, 2, 3, 9
- Remote performance monitoring
- SNMP: v1, v2c, v3
- Network Time Protocol (NTP)
- DHCP server
- DHCP client and DHCP proxy
- DHCP relay and helper
- DHCP local server support
- RADIUS
- TACACS+
- SSHv2
- Secure copy
- HTTP/HTTPs
- Domain Name System (DNS) resolver
- System logging
- Temperature sensor
- Configuration backup via FTP/secure copy
- RFC 768 UDP
- RFC 783 TFTP
- RFC 791 IP
- RFC 792 ICMP
- RFC 793 TCP
- RFC 826 ARP
- RFC 854 Telnet client and server
- RFC 894 IP over Ethernet
- RFC 903 RARP
- RFC 906 TFTP Bootstrap
- RFC 951, 1542 BootP
- RFC 1027 Proxy ARP
- RFC 1058 RIP v1
- RFC 1112 IGMP v1
- RFC 1122 Host Requirements
- RFC 1195 Use of OSI IS-IS for Routing in TCP/IP and Dual Environments (TCP/IP transport only)
- RFC 1256 IPv4 ICMP Router Discovery (IRDP)
- RFC 1492 TACACS+RFC 1519 CIDR
- RFC 1587 OSPF NSSA Option
- RFC 1591 DNS
- RFC 1812 Requirements for IP Version 4 Routers
- RFC 1981 Path MTU Discovery for IPv6
- RFC 2030 SNTP, Simple Network Time Protocol
- RFC 2068 HTTP server
- RFC 2080 RIPng for IPv6
- RFC 2131 BOOTP/DHCP relay agent and DHCP server
- RFC 2138 RADIUS Authentication
- RFC 2139 RADIUS Accounting
- RFC 2154 OSPF w/Digital Signatures (Password, MD-5)
- RFC 2236 IGMP v2
- RFC 2267 Network Ingress Filtering
- RFC 2328 OSPF v2 (Edge-mode)
- RFC 2338 VRRP
- RFC 2362 PIM-SM (Edge-mode)
- RFC 2370 OSPF Opaque LSA Option
- RFC 2453 RIP v2
- RFC 2460 Internet Protocol, Version 6 (IPv6) Specification
- RFC 2461 Neighbor Discovery for IP Version 6 (IPv6)
- RFC 2463 Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification
- RFC 2464 Transmission of IPv6 Packets over Ethernet Networks
- RFC 2474 DiffServ Precedence, including 12 queues/port
- RFC 2475 DiffServ Core and Edge Router Functions
- RFC 2526 Reserved IPv6 Subnet Anycast Addresses
- RFC 2597 DiffServ Assured Forwarding (AF)
- RFC 2598 DiffServ Expedited Forwarding (EF)
- RFC 2740 OSPF for IPv6
- RFC 2925 MIB for Remote Ping, Trace
- RFC 3176 sFlow
- RFC 3376 IGMP v3
- RFC 3484 Default Address Selection for Internet Protocol Version 6 (IPv6)
- RFC 3513 Internet Protocol Version 6 (IPv6) Addressing Architecture
- RFC 3569 draft-ietf-ssm-arch-06.txt PIM-SSM PIM Source Specific Multicast
- RFC 3579 RADIUS EAP support for 802.1x
- RFC 3618 Multicast Source Discovery Protocol (MSDP)
- RFC 3623 OSPF Graceful Restart
- RFC 4213 Basic Transition Mechanisms for IPv6 Hosts and Routers
- RFC 4291 IP Version 6 Addressing Architecture
- RFC 4443 ICMPv6 for the IPv6 Specification
- RFC 4541 IBMP and MLD snooping services
- RFC 4861 Neighbor Discovery for IPv6
- RFC 4862 IPv6 Stateless Address Autoconfiguration
- RFC 4915 MT-OSPF
- RFC 5176 Dynamic Authorization Extensions to RADIUS
- RFC 5798 VRRPv3 for IPv6
- Draft-ietf-bfd-base-05.txt Bidirectional Forwarding Detection
- Draft-ietf-idr-restart-10.txt Graceful Restart Mechanism
- Draft-ietf-isis-restart-02 Restart Signaling for IS-IS
- Draft-ietf-isis-wg-multi-topology-11 Multi Topology (MT) Routing in IS-IS for BGP
- Internet draft-ietf-isis-ipv6-06.txt, Routing IPv6 with IS-IS
- LLDP Media Endpoint Discovery (LLDP-MED), ANSI/TIA-1057, draft 08
- PIM-DM Draft IETF PIM Dense Mode draft-ietf-idmr-pim-dm-05. txt, draft-ietf-pim-dm-new-v2-04.txt
- RFC 1155 SMI
- RFC 1157 SNMPv1
- RFC 1212, RFC 1213, RFC 1215 MIB-II, Ethernet-Like MIB and TRAPs
- RFC 1493 Bridge MIB
- RFC 1643 Ethernet MIB
- RFC 1657 BGP-4 MIB
- RFC 1724 RIPv2 MIB
- RFC 1850 OSPFv2 MIB
- RFC 1905 RFC 1907 SNMP v2c, SMIv2 and Revised MIB-II
- RFC 2011 SNMPv2 for Internet Protocol using SMIv2
- RFC 2012 SNMPv2 for transmission control protocol using SMIv2
- RFC 2013 SNMPv2 for user datagram protocol suing SMIv2
- RFC 2096 IPv4 Forwarding Table MIB
- RFC 2287 System Application Packages MIB
- RFC 2570 – 2575 SNMPv3, user based security, encryption, and authentication
- RFC 2576 Coexistence between SNMP Version 1, Version 2, and Version 3
- RFC 2578 SNMP Structure of Management Information MIB
- RFC 2579 SNMP Textual Conventions for SMIv2
- RFC 2665 Ethernet-like interface MIB
- RFC 2787 VRRP MIB
- RFC 2819 RMON MIB
- RFC 2863 Interface Group MIB
- RFC 2863 Interface MIB
- RFC 2922 LLDP MIB
- RFC 2925 Ping/Traceroute MIB
- RFC 2932 IPv4 Multicast MIB
- RFC 3413 SNMP Application MIB
- RFC 3414 User-based Security model for SNMPv3
- RFC 3415 View-based Access Control Model for SNMP
- RFC 3621 PoE-MIB (PoE switches only)
- RFC 4188 STP and Extensions MIB
- RFC 4363 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and VLAN extensions
- RFC 5643 OSPF v3 MIB support
- Draft – blumenthal – aes – usm - 08
- Draft – reeder - snmpv3 – usm - 3desede -00
- Draft-ietf-bfd-mib-02.txt
- Draft-ietf-idmr-igmp-mib-13
- Draft-ietf-idmr-pim-mib-09
- Draft-ietf-idr-bgp4-mibv2-02.txt – Enhanced BGP-4 MIB
- Draft-ietf-isis-wg-mib-07
- Debugging: CLI via console, Telnet, or SSH
- Diagnostics: Show and debug cmd, statistics
- Traffic mirroring (port)
- Traffic mirroring (VLAN)
- IP tools: Extended ping and trace
- Juniper Networks commit and rollback
Views:
Top Front View
Front View
Rear View
Left Angle View -
Product Overview
The EX4300 line of Ethernet switches delivers the performance, flexibility, and scale required for both campus and data center Gigabit Ethernet (GbE) access switch environments. When deployed in a Virtual Chassis configuration, the EX4300 delivers the operational simplicity and higher logical scale that businesses demand. Combining compact, pay-as-you-grow economics and low power and cooling with the performance, availability, and port densities of chassis-based platforms, the EX4300 enables businesses to deploy with speed and agility to increase revenue and improve productivity. The EX4300 is onboarded, provisioned, and managed in the Juniper Mist Cloud Architecture. Mist Wired Assurance delivers better experiences for connected devices through AI-powered automation and service levels.
Product Description
The Juniper Networks® EX4300 line of Ethernet switches with Virtual Chassis technology combines the carrier-class reliability of modular systems with the economics and flexibility of stackable platforms, delivering a high-performance, scalable solution for data center, campus, and branch office environments. Both 1GbE access and multigigabit switch options are available. Offering a full suite of Layer 2 and Layer 3 switching capabilities, the EX4300 enables a variety of deployments, including campus, branch, and data center access. A single 24-port or 48-port EX4300 switch can be deployed initially. As requirements grow, Juniper’s Virtual Chassis technology allows any combination of up to 10 EX4300 and/or EX4600 switches to be seamlessly interconnected and managed as a single device, delivering a scalable, pay-as-you-grow solution for expanding network environments. A pair of 32-port EX4300 fiber switches can also be deployed as a consolidated aggregation or small core switch. Additionally, the EX4300 can integrate with the Juniper Networks QFX5100 line of 10GbE and 40GbE data center access switches in a single stack or Virtual Chassis configuration, enabling nondisruptive 10GbE server upgrades and simplified management of a mixed access environment. The EX4300 switches can be interconnected over multiple 40GbE quad small form-factor pluggable plus (QSFP+) transceiver ports to form a 320 gigabit per second (Gbps) backplane. A flexible uplink module that supports both 1GbE and 10GbE options is also available, enabling high-speed connectivity to aggregation- or core-layer switches which connect multiple floors or buildings. All EX4300 switches include high availability (HA) features such as redundant, hot-swappable internal power supplies and field-replaceable fans to ensure maximum uptime. In addition, Power over Ethernet (PoE)-enabled EX4300 switch models offer standards-based 802.3at PoE+ for delivering up to 30 watts on all ports to support high-density IP telephony and 802.11n wireless access point deployments. Additionally, a multigigabit model, the EX4300-48MP, supports IEEE 802.3bz-compliant 100 Mbps, 1 Gbps, 2.5 Gbps, 5 Gbps, and 10 Gbps speeds on access ports. This enables 802.11ac Wave 2 access points, which require higher bandwidth, to connect to the switch. The EX4300 multigigabit switch also supports up to 95 watts of power on any of the access ports, enabling PoE++ devices requiring more than 30 watts to connect to and draw power from the switch. The EX4300 multigigabit switch also enables higher levels of Media Access Control Security (MACsec) AES256 encryption on all access and uplink ports, protecting customer traffic from unauthorized access. The EX4300-48MP includes four dedicated 40GbE QSFP+ transceiver ports that can be used as Virtual Chassis ports to create a 320 Gbps backplane.Chassis-Like Features in an Expandable Form Factor
The fixed-configuration EX4300 switches include a number of high availability features typically associated with chassis-based solutions, including the following:- Hot-swappable fans
- Modular Juniper Networks Junos® operating system (consistent with chassis systems)
- Dual Routing Engines (REs) with graceful Routing Engine switchover (GRES) in a Virtual Chassis configuration
- Single management interface
- Easy, centralized software upgrades
- Scalability from 24 to 480 10/100/1000BASE-T ports and 24 to 240 100/1000/2500/5000/10000BASE-T ports, with up to 40 10GbE uplinks and 40 40GbE uplinks (up to 40 10GbE uplinks, 20 40GbE uplinks, or 20 100GbE uplinks on multigigabit models, in addition to four dedicated 40 Gbps Virtual Chassis ports per switch)
Architecture and Key Components
The EX4300 switches are single rack unit (1 U) devices that deliver a compact solution for crowded wiring closets and access switch locations where space and power are at a premium. Each EX4300 supports standard 40GbE QSFP+ ports which are preconfigured to support high-speed Virtual Chassis backplane connections; on the 1GbE access switches, these ports can also serve as uplinks to upstream aggregation devices. In addition, each EX4300 supports an optional front panel uplink module offering 1GbE or 10GbE ports for high-speed backbone or link aggregation connections between wiring closets and upstream aggregation switches; the multigigabit model offers a choice between a 4-port 10GbE SFP+ uplink module or a 2-port 40GbE QSFP+/2-port 100GbE QSFP28 uplink module. Uplink modules can be installed without powering down the switch, enabling users to add high-speed connectivity at any time or migrate from one uplink type to the other, delivering the ultimate in flexible, high-performance interconnectivity.The 1GbE access EX4300 models also feature a front panel LCD that offers a flexible interface for performing device bring-up and configuration rollbacks, reporting switch alarm and LED status, or restoring the switch to its default settings. When deployed as a member of a Virtual Chassis configuration, the LCD also displays the switch’s chassis “slot number” and RE status for rapid identification and problem resolution. The four integrated rear panel 40GbE QSFP+ ports support EX4300 Virtual Chassis deployment over a 320 Gbps virtual backplane. When deployed in close proximity such as in wiring closets or in top-of-rack data center applications, the EX4300 switches can be securely connected using standard 40GbE QSFP+ direct attach copper (DAC) cables (available in 50 cm, 1 m, 3 m, and 5 m lengths). Switches deployed in Virtual Chassis configurations spread over larger areas can be interconnected using optical QSFP+ transceivers such as the QSFP+ SR4, which supports distances up to 150 m. A dedicated rear panel RJ-45 port is available for out-of-band management, while a rear panel USB port can be used to easily upload Junos OS and configuration files. In addition, a dedicated front panel USB console port and a rear panel RJ-45 console port offer flexible out-of-band console options.Cloud Management with Juniper Mist Wired Assurance
Juniper Mist Wired Assurance, a cloud-based service driven by Mist AI to claim, configure, manage, and troubleshoot the EX4300, delivers AI-powered automation and service levels to ensure a better experience for connected devices. Wired Assurance leverages rich Junos switch telemetry data to simplify operations, reduce mean time to repair, and improve visibility. Wired Assurance offers the following features:- Day 0 operations—Onboard switches seamlessly by claiming a greenfield switch or adopting a brownfield switch with a single activation code for true plug-and-play simplicity.
- Day 1 operations—Implement a template-based configuration model for bulk rollouts of traditional and campus fabric deployments, while retaining the flexibility and control required to apply custom site- or switch-specific attributes. Automate provisioning of ports via Dynamic Port Profiles.
- Day 2 operations—Leverage the AI in Juniper Mist Wired Assurance to meet service-level expectations such as throughput, successful connects, and switch health with key pre- and post-connection metrics (see Figure 1). Add the self-driving capabilities in Marvis Actions to detect loops, add missing VLANs, fix misconfigured ports, identify bad cables, isolate flapping ports, and discover persistently failing clients (see Figure 2). And perform software upgrades easily through Juniper Mist cloud.
Figure 1: Juniper Mist Wired Assurance service-level expectations screen
Figure 2: Marvis Actions for wired switchesThe addition of Marvis, a complementary Virtual Network Assistant driven by Mist AI, lets you start building a self-driving network that simplifies network operations and streamlines troubleshooting via automatic fixes for EX Series switches or recommended actions for external systems. For more information see Juniper Mist™ Wired Assurance.EVPN-VXLAN Technology
The EX4300-48MP embraces open standards and extends the industry-standard Ethernet VPN (EVPN)-Virtual Extensible LAN (VXLAN) technology already supported for campus fabric IP Clos networks. An IP Clos network between the distribution and the core layers can exist in two modes: centrally routed bridging overlay or edge routed bridging overlay.
Figure 3: Campus Fabric: IP Clos with EX4300-MPWith enterprise applications moving to the cloud, it has become necessary to deploy IP fabrics as enterprise fabrics with L2 extensions using VXLAN. The EX4300-48MP is capable of both L2 and L3 VXLAN gateway services, allowing you to deploy networks that provide L2 adjacencies for applications over L3 fabrics. EVPN-VXLAN offers a scalable way to build and interconnect multiple campuses, delivering:- Greater network efficiency
- Compliance with industry standards
- Scalability across all network layers
- Faster convergence
- Flexible and secure architecture
Campus Fabric Deployments
Juniper campus fabrics support these validated architectures with the EX4300 switch playing the role of access switch:- EVPN multihoming (collapsed core or distribution): A collapsed core architecture combines the core and distribution layers into a single switch, turning the traditional three-tier hierarchal network into a two-tier network. This eliminates the need for STP across the campus network by providing multihoming capabilities from the access to the core layer. EVPN multihoming can be deployed and managed using the Juniper Mist cloud.
- Core/distribution: A pair of interconnected EX Series core or distribution switches provide L2 EVPN and L3 VXLAN gateway support. The IP Clos network between the distribution and core layers offers two modes: centrally or edge routed bridging overlay.
Figure 4: Campus fabrics showing Virtual Chassis and EVPN-VXLAN-based architecturesVirtual Chassis Technology
Up to 10 EX4300 switches can be interconnected using Virtual Chassis technology, creating a single logical device supporting up to 480 10/100/1000BASE-T ports, plus up to 40 10GbE or 40 40GbE uplink ports. For mixed 1GbE and 10GbE access environments, the EX4300 can be interconnected with the EX4600 enterprise campus and QFX5100 high-performance data center access switches. EX4300 Virtual Chassis configurations can be created to support a variety of port and density options for data center, campus, and branch deployments. Virtual Chassis connections can be formed using any of the 40GbE ports or 10GbE ports using standard DAC cables and optics. The EX4300 does not support Virtual Chassis technology on the GbE copper or fiber ports. With the EX4300 multigigabit model, up to 10 switches can be interconnected using dedicated 40GbE ports through Virtual Chassis technology, creating a single logical device supporting up to 240 10/100/1000BASE-T ports and 240 100/1000/2500/5000/10000BASE-T ports, with up to 40 10GbE uplinks, 20 40GbE uplinks, or 20 100GbE uplinks. The multigigabit EX4300 can also participate in a 10-member mixed-mode Virtual Chassis configuration with other 1GbE EX4300 access switches.Virtual Chassis Deployments in Campus Wiring Closets
In campus wiring closets, flexible topologies can be created usingstandard QSFP+ optics on the 40GbE ports to extend the VirtualChassis configuration across long distances spanning multiple wiringclosets, floors, or even buildings while using 10GbE or 40GbE foruplink connectivity. EX4300 fiber-based switches can also be usedfor campus aggregation or small core deployments.Virtual Chassis Deployments in the Data Center
When deployed in a Virtual Chassis configuration in the data center, all EX4300 switches are monitored and managed as a single device, enabling enterprises to separate physical topology from logical groupings of endpoints and allowing more efficient resource utilization. Highly resilient topologies can also be created using the 40GbE DAC cables.
Figure 5: Using Virtual Chassis technology, up to 10 EX4300 switches can be interconnected to create a single logical device spanning an entire building.Mesh Virtual Chassis Configurations for the Data Center
In data center top-of-rack deployments, a full mesh five-switch Virtual Chassis configuration can be created where every switch member is just one hop away from every other member, delivering the lowest possible latency. A mesh spanning distances of up to 150 meters can be created using standard QSFP+ optics on the 40GbE ports (DAC cables up to 3 m in length are available for shorter distances), while 10GbE ports can be used as uplinks to connect to upstream aggregation or core devices.
Figure 6: The EX4300 Ethernet Switch with Virtual Chassis technology delivers a high-performance, scalable, and highly reliable solution for the data center.
Figure 7: EX4300 switches in a full mesh Virtual Chassis configuration for the data center.Virtual Chassis Fabric Switching Architecture
Existing Virtual Chassis technology is further scaled and enhanced to support a spine-and-leaf topology that is ideal for high-performance and low-latency data center deployments. In its first instance, this topology, called Virtual Chassis Fabric, enables up to 20 switches to be deployed in a spine-and-leaf configuration, with two to four QFX5100 switches in the spine and up to 18 QFX5100 or EX4300 switches as leaf nodes. This architecture provides any-rack-to-any-rack deterministic throughput and low latency, while significantly simplifying network operations through a single point of management. A Virtual Chassis Fabric configuration supports mixed 1GbE, 10GbE, and 40GbE servers1.
Figure 8: EX4300, QFX3500, QFX3600, and QFX5100 at the access layer of a Virtual Chassis Fabric configuration.Features and Benefits
Managing AI-Driven Campus Fabric with the Juniper Mist Cloud
Juniper Mist Wired Assurance brings cloud management and Mist AI to campus fabric. It sets a new standard moving away from traditional network management towards AI-driven operations, while delivering better experiences to connected devices. The Juniper Mist cloud streamlines deployment and management of campus fabric architectures by allowing:- Automated deployment and zero touch deployment
- Anomaly detection
- Root cause analysis
Figure 9: EVPN multihoming configuration via the Juniper Mist cloudChassis-Class Availability
The EX4300 line of Ethernet switches delivers high availability through redundant power supplies and fans, GRES, and nonstop bridging and routing when deployed in a Virtual Chassis configuration. In a Virtual Chassis configuration, each EX4300 switch is capable of functioning as a Routing Engine. When two or more EX4300 switches are interconnected, a single control plane is shared among all Virtual Chassis member switches. When two EX4300 switches are interconnected, Junos OS automatically initiates an election process to assign a primary (active) and backup (hot-standby) RE. An integrated L2 and L3 GRES feature maintains uninterrupted access to applications, services, and IP communications in the unlikely event of a primary RE failure. When more than two switches are interconnected in a Virtual Chassis configuration, the remaining switch elements act as line cards and are available to assume the backup RE position should the designated primary fail. Primary, backup, and line card priority status can be assigned to dictate the order of ascension; this N+1 RE redundancy, coupled with the GRES, nonstop routing (NSR), and nonstop bridging (NSB) capabilities of Junos OS, assures a smooth transfer of control plane functions following unexpected failures. The EX4300 implements the same slot/module/port numbering schema as other Juniper Networks chassis-based products when numbering Virtual Chassis ports, providing true chassis-like operations. By using a consistent operating system and a single configuration file, all switches in a Virtual Chassis configuration are treated as a single device, simplifying overall system maintenance and management. In a mixed Virtual Chassis configuration with both EX4300 1GbE access and multigigabit switches, the EX4300 multigigabit switches must assume the role of the RE, while the 1GbE access EX4300 switches can only act as line cards. Individually, the EX4300 offers a number of HA features that are typically associated with modular chassis-based switches. When combined with the field-proven Junos OS and L2/L3 failover capabilities, these features provide the EX4300 with true carrier-class reliability.- Redundant power supplies: The EX4300 line of Ethernet switches supports internal redundant, load-sharing, hot-swappable, and field-replaceable power supplies to maintain uninterrupted operations. Thanks to its compact footprint, the EX4300 requires significantly less power than chassis-based switches delivering equivalent port densities. The EX4300 1GbE access switches offer both AC and DC options, while the EX4300 multigigabit switch supports only AC power supplies.
- Hot-swappable fans: The EX4300 includes hot-swappable fans, providing sufficient cooling even if one of the fans were to fail.
- Nonstop bridging and nonstop routing: NSB and NSR on the EX4300 ensure that control plane protocols, states, and tables are synchronized between primary and standby REs to prevent protocol flaps or convergence issues following a Routing Engine failover.
- Redundant trunk group (RTG): To avoid the complexities of Spanning Tree Protocol (STP) without sacrificing network resiliency, the EX4300 employs redundant trunk groups to provide the necessary port redundancy and simplify switch configuration.
- Cross-member link aggregation: Cross-member link aggregation allows redundant link aggregation connections between devices in a single Virtual Chassis configuration, providing an additional level of reliability and availability.
- Carrier-class hardware: The EX4300 leverages a purpose-built packet forwarding engine ASIC, the EX-PFE, which integrates much of the same intellectual property used in Juniper’s carrier-class routers. As a result, the EX4300 delivers the same predictable, scalable functionality found in the world’s largest networks.
- IPv4 and IPv6 routing support: IPv4 and IPv6 Layer 3 routing (OSPF and BGP) is available with an Enhanced license, enabling highly resilient networks.
Carrier-Class Operating System
The EX4300 runs on Junos OS, the same operating system software used by other Juniper Networks switches, routers, and security devices. By utilizing a common operating system, Juniper delivers a consistent implementation and operation of control plane features across all products. To maintain that consistency, Junos OS adheres to a highly disciplined development process that uses a single source code, follows a single quarterly release train, and employs a highly available modular architecture that prevents isolated failures from bringing an entire system down. These attributes are fundamental to the core value of the software, enabling all products powered by Junos OS to be updated simultaneously with the same software release. All features are fully regression tested, making each new release a true superset of the previous version. Customers can deploy the software with complete confidence that all existing capabilities will be maintained and operate in the same way.Converged Networks
The EX4300 line of Ethernet switches provides the highest levels of availability for the most demanding converged data, voice, and video environments, delivering the most reliable platform for unifying enterprise communications. The EX4300 supports rich quality of service (QoS) functionality for prioritizing data, voice, and video traffic. The switches support 12 QoS queues on every port, enabling them to maintain multilevel, end-to-end traffic prioritizations. The EX4300 also supports a wide range of policy options, including priority and weighted deficit round-robin (WDRR) queuing. By providing 15.4 watts of Class 3 802.3af PoE on all ports to power voice over IP (VoIP) telephones, closed-circuit security cameras, wireless access points, and other IP-enabled devices, the EX4300 delivers a future-proofed solution for converging disparate networks onto a single IP infrastructure. The EX4300 switches also support standards-based 802.3at PoE+, which delivers up to 30 watts per port for powering networked devices such as multiple radio IEEE 802.11n wireless access points and video phones that may require more power than available with IEEE 802.3af. The EX4300 multigigabit switch supports pre-standard IEEE 802.3bt PoE++, which delivers up to 95 watts per port for powering devices requiring more than the 30 watts of power provided by PoE+. Link Layer Discovery Protocol–Media Endpoint Discovery (LLDP-MED)-based granular PoE/PoE+ management allows the EX4300 to negotiate PoE/PoE+ usage down to a fraction of a watt on powered devices, enabling more efficient PoE utilization across the switch. To ease deployment, the EX4300 supports the industry-standard LLDP and LLDP-MED, which enable the switches to automatically discover Ethernet-enabled devices, determine their power requirements, and assign virtual LAN (VLAN) parameters. The EX4300 supports the IEEE 802.3az standard for Energy Efficient Ethernet (EEE) functionality, reducing power consumption of copper physical layers (PHY) during periods of low link utilization.Security
The EX4300 provides a full complement of port security features, including Dynamic Host Configuration Protocol (DHCP) snooping, dynamic ARP inspection (DAI), IP source guard, and media access control (MAC) limiting (per port and per VLAN) to defend against internal and external spoofing, man-in-the-middle and denial-of-service (DoS) attacks.MACsec
EX4300 switches support IEEE 802.1AE MACsec, providing support for link-layer data confidentiality, data integrity, and data origin authentication. The MACsec feature enables the EX4300 to support 88 Gbps of near line-rate hardware-based traffic encryption on all GbE and 10GbE ports, including the base unit and optional uplink modules. The multigigabit EX4300 model supports the MACsec AES 256 standard for encrypting traffic on all access and uplink ports. Defined by IEEE 802.1AE, MACsec provides secure, encrypted communication at the link layer that is capable of identifying and preventing threats from denial of service (DoS) and intrusion attacks, as well as man-in-the-middle, masquerading, passive wiretapping, and playback attacks launched from behind the firewall. When MACsec is deployed on switch ports, all traffic is encrypted on the wire but traffic inside the switch is not. This allows the switch to apply all network policies such as QoS, deep packet inspection, and sFlow to each packet without compromising the security of packets on the wire. Hop-by-hop encryption enables MACsec to secure communications while maintaining network intelligence. In addition, Ethernet-based WAN networks can use MACsec to provide link security over long haul connections. MACsec is transparent to Layer 3 and higher layer protocols and is not limited to IP traffic; it works with any type of wired or wireless traffic carried over Ethernet links.Simplified Operations
When employing Virtual Chassis technology, the EX4300 dramatically simplifies network management. Up to 10 interconnected EX4300 switches can be managed as a single device. Each Virtual Chassis group uses a single Junos OS image file and a single configuration file, reducing the overall number of units to monitor and manage. When Junos OS is upgraded on the primary switch in a Virtual Chassis configuration, the software is automatically upgraded on all other member switches at the same time. The EX4300 also includes port profiles that allow network administrators to automatically configure ports with security, QoS, and other parameters based on the type of device connected to the port. Six preconfigured profiles are available, including default, desktop, desktop plus IP phone, wireless access point, routed uplink, and L2 uplink. Users can select from the existing profiles or create their own and apply them through the command line interface (CLI), Junos Web interface, or management system.Flex Licensing
Juniper Flex licensing offers a common, simple, and flexible licensing model for EX Series access switches, enabling customers to purchase features based on their network and business needs. Flex licensing is offered in Standard, Advanced, and Premium tiers. Standard tier features are available with the Junos OS image that ships with EX Series switches. Additional features can be unlocked with the purchase of a Flex Advanced or Flex Premium license. The Flex Advanced and Premium licenses for the EX Series platforms are class based, determined by the number of access ports on the switch. Class 1 (C1) switches have 12 ports, Class 2 (C2) switches have 24 ports, and Class 3 (C3) switches have 32 or 48 ports. The EX4300 switches support both subscription and perpetual Flex licenses. Subscription licenses are offered for three- and five-year terms. In addition to Junos features, the Flex Advanced and Premium subscription licenses include Juniper Mist Wired Assurance. Flex Advanced and Premium subscription licenses also allow portability across the same tier and class of switches, ensuring investment protection for the customer. For a complete list of features supported by the Flex Standard, Advanced, and Premium tiers, or to learn more about Junos EX Series licenses, please visit https://www.juniper.net/documentation/us/en/software/license/licensing/topics/topic-map/understanding_software_licenses.html.Warranty
For warranty information, please visit https://support.juniper.net/support/warranty/.Product Options
Ten EX4300 switch models are available (see Table 1 below).Table 1. EX4300 Line of Ethernet Switches*Dedicated Virtual Chassis ports cannot be used in Ethernet mode Model/Product SKU Access Port Configuration PoE /PoE+ Ports PoE Budget 10GbE Ports (max. with module) 40GbE Ports (max. with module) 100GbE Ports (max. with module) Power Supply Rating Airflow EX4300-24T 24-port 10/100/1000BASE-T 0 0 W 0 (4) 4 0 350 W AC AFO (Front-to-back airflow) EX4300-24P 24-port 10/100/1000BASE-T 24 550 W 0 (4) 4 0 715 W AC AFO (Front-to-back airflow) EX4300-48T 48-port 10/100/1000BASE-T 0 0 W 0 (4) 4 0 350 W AC AFO (Front-to-back airflow) EX4300-48P 48-port 10/100/1000BASE-T 48 900 W 0 (4) 4 0 1100 W AC AFO (Front-to-back airflow) EX4300-48T-AFI 48-port 10/100/1000BASE-T 0 0 W 0 (4) 4 0 350 W AC AFI (Back-to-front airflow) EX4300-48T-DC 48-port 10/100/1000BASE-T 0 0 W 0 (4) 4 0 550 W DC AFO (Front-to-back airflow) EX4300-48T-DC-AFI 48-port 10/100/1000BASE-T 0 0 W 0 (4) 4 0 550 W DC AFI (Back-to-front airflow) EX4300-48MP 24-port 10/100/1000BASE-T, 24-port 100/1000/2500/5000/ 10000BASE-T 48 1100 24 (28) 4* (2) 0 (2) 1400 W AC AFO (Front-to-back airflow) EX4300-32F 32-port 100/1000BASE-X 0 0 W 4 (12) 2 (4) 0 350 W AC AFO (Front-to-back airflow) EX4300-32F-DC 32-port 100/1000BASE-X 0 0 W 4 (12) 2 (4) 0 550 W DC AFO (Front-to-back airflow The EX4300 also offers spare chassis options without power supplies or fans, providing customers with the flexibility to create custom SKUs. The supportability matrix for the EX4300 spare chassis SKUs is shown in Table 2. See Ordering Information section for registration details.Table 2. Supportability Matrix for EX4300 Spare Chassis SKUsNote: P: supported as a SKU; Y: supported combination; X: unsupported combination Spare Chassis SKU Description PSU-350-AC-AFO + EX4300-FAN JPSU-715-AC- AFO + EX4300-FAN JPSU-1100-AC-AFO + EX4300-FAN JPSU-1400-AC-AFO + EX4300-FAN JPSU-550-DC-AFO + EX4300-FAN JPSU-350-AC-AFI+ EX4300-FAN-AFI JPSU-550-DC-AFI + EX4300-FAN-AFI EX4300-48T-S Spare chassis, 48-port 10/100/1000BASE-T P EX4300-48T X Y X P EX4300-48T-DC P EX4300-48T-AFI P EX4300-48T-DC-AFI EX4300-48P-S Spare chassis, 48-port 10/100/1000BASE-T PoE+ Y Y P EX4300-48P X Y Y Y EX4300-48MP-S Spare chassis, 24-port 10/100/1000BASE-T, 24-port 100/1000/2500/5000/ 10000BASE-T 95 W PoE X Y Y Y Y X X EX4300-24T-S Spare chassis, 24-port 10/100/1000BASE-T P EX4300-24T X Y X Y Y Y EX4300-24P-S Spare chassis, 24-port 10/100/1000BASE-T PoE+ Y P EX4300-24P Y X Y Y Y EX4300-32F-S Spare chassis, 32-port 100/1000BASE-X SFP, 4x10GBASE-X SFP+, 2x40GBASE-X QSFP+ P EX4300-32F X Y X P EX4300-32F-DC Y Y 
EX4300 Specifications
Physical Specifications
Backplane
- 320 Gbps Virtual Chassis interconnect to combine up to 10 units as a single logical device
Uplink Module Options
- EX4300-32F/EX4300-32F-DC: 8-port dual-mode 10GbE/1GbE module with pluggable SFP+/SFP optics
- EX4300-32F/EX4300-32F-DC: 2-port dual-mode 40GbE module with pluggable QSFP+ optics
- EX4300-48MP: 4-port dual-mode 10GbE/1GbE module with pluggable SFP+/SFP optics or 2-port QSFP+/1-port QSFP28 module
- Others: 4-port dual-mode 10GbE/1GbE module with pluggable SFP+/SFP optics
Power Options
- Power supplies: Autosensing; 100-120 V/200-240 V; AC 350 W AFO, 350 W AFI, 715 W AFO, and 1100 W AFO dual load-sharing hot-swappable internal redundant power supplies
- Maximum current inrush: 50 amps
- EX4300-48MP: 100-120 V/200-240 V; AC 715 W AFO, 1100 W AFO, 1400 W AFO dual load-sharing hot-swappable internal redundant power supplies
- DC power supply: 550 W DC AFO and 550 W DC AFI; input voltage range 43.5-60 V max (+/- 0.5 V); dual input feed, dual load-sharing hot-swappable internal redundant power supplies
- Minimum number of PSUs required for fully loaded chassis: 1 per switch
Dimensions (W x H x D)
- EX4300-24P, -24T, -48P, -48T:
- Base unit: 17.36 x 1.72 x 16.38 in (44.1 x 4.37 x 41.6 cm)
- With power supply installed: 17.36 x 1.72 x 17.51 in (44.1 x 4.37 x 44.47 cm)
- With power supply and front module installed: 17.36 x 1.72 x 18 in (44.1 x 4.37 x 45.73 cm)
- EX4300-32F:
- Base unit: 17.36 x 1.72 x 17.87 in (44.1 x 4.37 x 45.4 cm)
- With power supply installed: 17.36 x 1.72 x 19 in (44.1 x 4.37 x 48.28 cm)
- With power supply and front module installed: 17.36 x 1.72 x 19.31 in (44.1 x 4.37 x 49.1 cm)
- EX4300-48MP:
- Base unit: 17.36 x 1.72 x 18.39 in (44.1 x 4.37 x 46.7 cm)
- With power supply installed: 17.36 x 1.72 x 19.63 in (44.1 x 4.37 x 49.99 cm)
- With power supply and front module installed: 17.36 x 1.72 x 20.06 in (44.1 x 4.37 x 50.96 cm)
System Weight
- EX4300 switch (with no power supply or fan module): 13 lb (5.9 kg)
- EX4300 switch (with single power supply and two fan modules): 16.1 lb (7.3 kg)
- 350 W AC power supply: 2.4 lb (1.1 kg)
- 715 W AC power supply: 2.4 lb (1.1 kg)
- 1100 W AC power supply: 2.4 lb (1.1 kg)
- 550 W DC power supply: 2.4 lb (1.1 kg)
- SFP+ uplink module: 0.44 lb (0.2 kg)
- Fan module: 0.33 lb (0.15 kg)
Environmental Ranges
- Operating temperature:
- AFO models: 32° to 113° F (0° to 45° C)
- AFI models: 32° to 95° F (0° to 35° C)
- Storage temperature: -40° to 158° F (-40° to 70° C)
- Operating altitude: up to 10,000 ft (3,049 m)
- Non-operating altitude: up to 16,000 ft (4,877 m)
- Relative humidity operating: 10% to 85% (noncondensing)
- Relative humidity non-operating: 0% to 95% (noncondensing)
Cooling
- Field-replaceable fans: 2
- Airflow: PSU-7.5 cubic feet per minute (CFM); fan-22 CFM
- Total maximum airflow throughput with two power supplies: 59 CFM
Hardware Specifications
Switching Engine Mode
- Store and forward
Memory
- DRAM: 8 GB with Error Correcting Code (ECC) on EX4300-48MP, 3 GB with ECC on EX4300-32F and EX4300-32F-DC; 2 GB with ECC on all other EX4300 switches
- Storage: 50 GB on EX4300-48MP, 4 GB on EX4300-32F and EX4300-32F-DC; 2 GB on all other EX4300 switches
CPU
- EX4300-48MP: 2.2 GHz Dual-Core Intel Broadwell CPU
- Other EX4300s: 1.5 GHz Dual-Core PowerPC CPU
GbE Port Density per System
- 24P/24T: 32 (24 host ports + four 40GbE ports + optional four-port 1/10GbE uplink module)
- 32F: 46 (32 host ports + four 10GbE ports + two 40GbE ports + optional eight-port 1/10GbE uplink module or two-port 40GbE uplink module)
- 48P/48T/48MP: 56 (48 host ports + four 40GbE ports + optional four-port 1/10GbE uplink module)
- 10GbE port density per system:
- 32F: 4 (fixed) + 8 (uplink module)
- 48MP: 24 (fixed) = 4 (uplink module)
- All others: 4 (uplink module)
- 40GbE port density per system:
- 32F: 2 (fixed) + 2 (uplink module)
- 48MP: 4 (fixed) + 2 (uplink module)
- All others: 4 (fixed)
- 100GbE port density per system:
- 48MP: 2 (uplink module)
Supported Optics
- GbE SFP optic/connector type: LC SFP fiber supporting SX (multimode), LX (single-mode)
- 10GbE SFP+ optic/connector type: 10GbE SFP+ LC connector, SR (multimode), USR (multimode), LR (single-mode), ER (single-mode), LRM (multimode), and DAC (direct-attach copper)
- 40 GbE QSFP+ optic/connector type: 40GbE QSFP+ LC connector type, SR (multimode), DAC (direct-attach copper)
- 100 GbE QSFP28 optic type: 100GbE QSFP SR4, LR4, DAC (direct-attach copper)
Physical Layer
- Time domain reflectometry (TDR) for detecting cable breaks and shorts: 24P/24T and 48P/48T only
- Auto medium-dependent interface/medium-dependent interface crossover (MDI/MDIX) support: 24P/24T and 48P/48T/48MP only (all ports)
- Port speed downshift/setting maximum advertised speed on 10/100/1000BASE-T ports: 24P/24T and 48P/48T/48MP only, on all ports
- Digital optical monitoring for optical ports
Packet Switching Capacities (Maximum with 64 Byte Packets)
- 24P/24T: 224 Gbps (unidirectional)/448 Gbps (bidirectional)
- 48P/48T: 248 Gbps (unidirectional)/496 Gbps (bidirectional)
- 48MP: 464 Gbps (unidirectional)/928 Gbps (bidirectional)
- 32F: 232 Gbps (unidirectional)/464 Gbps (bidirectional)
Software Specifications
Security
- MAC limiting (per port and per VLAN)
- Allowed MAC addresses configurable per port
- Dynamic ARP inspection (DAI)
- IP source guard
- Local proxy ARP
- Static ARP support
- DHCP snooping
- Captive portal
- Persistent MAC address configurations
- Distributed denial of service (DDoS) protection (CPU control path flooding protection)
Layer 2/Layer 3 Throughput (Mpps) (Maximum with 64 Byte Packets)
- EX4300-24P/24T: 333 Mpps (wire speed)
- EX4300-48P/48T: 369 Mpps (wire speed)
- EX4300-48MP: 714 Mpps
- EX4300-32F: 345 Mpps (wire speed)
Layer 2 Switching
- Maximum MAC addresses per system: 64,000
- Jumbo frames: 9216 Bytes
- Number of VLANs supported: 4093
- Range of possible VLAN IDs: 1 to 4094
- Virtual Spanning Tree (VST) instances: 510
- Port-based VLAN
- Voice VLAN
- Physical port redundancy: Redundant trunk group (RTG)
- Compatible with Per-VLAN Spanning Tree Plus (PVST+)
- Routed VLAN Interface (RVI)
- Uplink Failure Detection (UFD)
- ITU-T G.8032: Ethernet Ring Protection Switching
- IEEE 802.1AB: Link Layer Discovery Protocol (LLDP)
- LLDP-MED with VoIP integration
- Default VLAN and multiple VLAN range support
- MAC learning deactivate
- Persistent MAC learning (sticky MAC)
- MAC notification
- Private VLANs (PVLANs)
- Explicit congestion notification (ECN)
- Layer 2 protocol tunneling (L2PT)
- IEEE 802.1ak: Multiple VLAN Registration Protocol (MVRP)
- IEEE 802.1p: CoS prioritization
- IEEE 802.1Q: VLAN tagging
- IEEE 802.1X: Port Access Control
- IEEE 802.1ak: Multiple Registration Protocol
- IEEE 802.3: 10BASE-T
- IEEE 802.3u: 100BASE-T
- IEEE 802.3ab: 1000BASE-T
- IEEE 802.3z: 1000BASE-X
- IEEE 802.3ae: 10-Gigabit Ethernet
- IEEE 802.3ba: 40-Gigabit Ethernet
- IEEE 802.3af: Power over Ethernet
- IEEE 802.3at: Power over Ethernet Plus
- IEEE 802.3x: Pause Frames/Flow Control
- IEEE 802.3ah: Ethernet in the First Mile
Spanning Tree
- IEEE 802.1D: Spanning Tree Protocol
- IEEE 802.1s: Multiple instances of Spanning Tree Protocol (MSTP)
- Number of MST instances supported: 64
- Number of VLAN Spanning Tree Protocol (VSTP) instances supported: 510
- IEEE 802.1w: Rapid reconfiguration of Spanning Tree Protocol
Link Aggregation
- IEEE 802.3ad: Link Aggregation Control Protocol
- 802.3ad (LACP) support:
- Number of LAGs supported: 128
- Maximum number of ports per LAG: 16
- LAG load-sharing algorithm bridged or routed (unicast or multicast) traffic:
- IP: S/D IP
- TCP/UDP: S/D IP, S/D Port
- Non-IP: S/D MAC
- Tagged ports support in LAG
Layer 3 Features: IPv4
- Maximum number of ARP entries: 64,000
- Maximum number of IPv4 unicast routes in hardware: 16,000 prefixes; 32,000 host routes
- Maximum number of IPv4 multicast routes in hardware: 8000 multicast groups; 16,000 multicast routes
- Routing protocols: RIPv1/v2, OSPF, BGP, IS-IS
- Static routing
- Routing policy
- Bidirectional Forwarding Detection (BFD)
- L3 redundancy: Virtual Router Redundancy Protocol (VRRP)
- VRF-Lite
Layer 3 Features: IPv6
- Maximum number of Neighbor Discovery (ND) entries: 32,000
- Maximum number of IPv6 unicast routes in hardware: 4000 prefixes; 15,000 host routes
- Maximum number of IPv6 multicast routes in hardware: 8000 multicast groups; 16,000 multicast routes
- Routing protocols: RIPng, OSPFv3, IPv6, ISIS
- Static routing
Access Control Lists (ACLs) (Junos OS Firewall Filters)
- Port-based ACL (PACL): Ingress and egress
- VLAN-based ACL (VACL): Ingress and egress
- Router-based ACL (RACL): Ingress and egress
- ACL entries (ACE) in hardware per system:
- Port-based ACL (PACL) ingress: 3072
- VLAN-based ACL (VACL) ingress: 3500
- Router-based ACL (RACL) ingress: 7000
- Egress shared across PACL and VACL: 512
- Egress across RACL: 1024
- ACL counter for denied packets
- ACL counter for permitted packets
- Ability to add/remove/change ACL entries in middle of list (ACL editing)
- L2-L4 ACL
Access Security
- 802.1X port-based
- 802.1X multiple supplicants
- 802.1X with VLAN assignment
- 802.1X with authentication bypass access (based on host MAC address)
- 802.1X with VoIP VLAN support
- 802.1X dynamic ACL based on RADIUS attributes
- 802.1X Supported Extensible Authentication Protocol (EAP types): Message Digest 5 (MD5), Transport Layer Security (TLS), Tunneled TLS (TTLS), Protected Extensible Authenticated Protocol (PEAP)
- MAC authentication (RADIUS)
- Control plane DoS protection
- Radius functionality over IPv6 for authentication, authorization, and accounting (AAA)
- DHCPv6 snooping
- IPv6 neighbor discovery
- IPv6 source guard
- IPv6 RA guard
- IPv6 Neighbor Discovery Inspection
- Media Access Control security (MACsec)
High Availability
- Redundant, hot-swappable power supplies
- Redundant, field-replaceable, hot-swappable fans
- Graceful Routing Engine switchover (GRES) for Layer 2 hitless forwarding and Layer 3 protocols on RE failover
- Graceful protocol restart (OSPF, BGP)
- Layer 2 hitless forwarding on RE failover
- Nonstop bridging: LACP, xSTP
- Nonstop routing: PIM, OSPF v2 and v3, RIP v2, RIPnG, BGP, BGPv6, ISIS, IGMP v1, v2, v3
- Online insertion and removal (OIR) uplink module
Quality of Service
- L2 QoS
- L3 QoS
- Ingress policing: 1 rate 2 color
- Hardware queues per port: 12
- Scheduling methods (egress): Strict priority (SP), WDRR
- 802.1p, DiffCode (DSCP)/IP precedence trust and marking
- L2-L4 classification criteria: Interface, MAC address, Ethertype, 802.1p, VLAN, IP address, DSCP/IP precedence, TCP/UDP port numbers, and more
- Congestion avoidance capabilities: Tail drop, weighted random early detection (WRED)
Multicast
- IGMP: v1, v2, v3
- IGMP snooping
- Multicast Listener Discovery (MLD) snooping
- PIM-SM, PIM-SSM, PIM-DM
Management and Analytics Platforms
- Juniper Mist Wired Assurance for Campus
- Junos Space®Network Director for Campus
- Junos Space® Management
Services and Manageability
- Junos OS CLI
- Junos Web interface (J-Web)
- Out-of-band management: Serial; 10/100/1000BASE-T Ethernet
- ASCII configuration
- Rescue configuration
- Configuration rollback
- Image rollback
- LCD management
- Element management tools: Juniper Networks Network and Security Manager (NSM)
- Remote performance monitoring
- Proactive services support via Advanced Insight Solutions (AIS)
- SNMP: v1, v2c, v3
- RMON (RFC 2819) Groups 1, 2, 3, 9
- Network Time Protocol (NTP)
- DHCP server
- DHCP client and DHCP proxy
- DHCP relay and helper
- DHCP local server support
- RADIUS
- TACACS+
- SSHv2
- Secure copy
- HTTP/HTTPs
- Domain Name System (DNS) resolver
- System logging
- Temperature sensor
- Configuration backup via FTP/secure copy
-
Product Overview
The EX4300 line of Ethernet switches delivers the performance, flexibility, and scale required for both campus and data center Gigabit Ethernet (GbE) access switch environments. When deployed in a Virtual Chassis configuration, the EX4300 delivers the operational simplicity and higher logical scale that businesses demand. Combining compact, pay-as-you-grow economics and low power and cooling with the performance, availability, and port densities of chassis-based platforms, the EX4300 enables businesses to deploy with speed and agility to increase revenue and improve productivity. The EX4300 is onboarded, provisioned, and managed in the Juniper Mist Cloud Architecture. Mist Wired Assurance delivers better experiences for connected devices through AI-powered automation and service levels.Product Description
The Juniper Networks® EX4300 line of Ethernet switches with Virtual Chassis technology combines the carrier-class reliability of modular systems with the economics and flexibility of stackable platforms, delivering a high-performance, scalable solution for data center, campus, and branch office environments. Both 1GbE access and multigigabit switch options are available. Offering a full suite of Layer 2 and Layer 3 switching capabilities, the EX4300 enables a variety of deployments, including campus, branch, and data center access. A single 24-port or 48-port EX4300 switch can be deployed initially. As requirements grow, Juniper’s Virtual Chassis technology allows any combination of up to 10 EX4300 and/or EX4600 switches to be seamlessly interconnected and managed as a single device, delivering a scalable, pay-as-you-grow solution for expanding network environments. A pair of 32-port EX4300 fiber switches can also be deployed as a consolidated aggregation or small core switch. Additionally, the EX4300 can integrate with the Juniper Networks QFX5100 line of 10GbE and 40GbE data center access switches in a single stack or Virtual Chassis configuration, enabling nondisruptive 10GbE server upgrades and simplified management of a mixed access environment. The EX4300 switches can be interconnected over multiple 40GbE quad small form-factor pluggable plus (QSFP+) transceiver ports to form a 320 gigabit per second (Gbps) backplane. A flexible uplink module that supports both 1GbE and 10GbE options is also available, enabling high-speed connectivity to aggregation- or core-layer switches which connect multiple floors or buildings. All EX4300 switches include high availability (HA) features such as redundant, hot-swappable internal power supplies and field-replaceable fans to ensure maximum uptime. In addition, Power over Ethernet (PoE)-enabled EX4300 switch models offer standards-based 802.3at PoE+ for delivering up to 30 watts on all ports to support high-density IP telephony and 802.11n wireless access point deployments. Additionally, a multigigabit model, the EX4300-48MP, supports IEEE 802.3bz-compliant 100 Mbps, 1 Gbps, 2.5 Gbps, 5 Gbps, and 10 Gbps speeds on access ports. This enables 802.11ac Wave 2 access points, which require higher bandwidth, to connect to the switch. The EX4300 multigigabit switch also supports up to 95 watts of power on any of the access ports, enabling PoE++ devices requiring more than 30 watts to connect to and draw power from the switch. The EX4300 multigigabit switch also enables higher levels of Media Access Control Security (MACsec) AES256 encryption on all access and uplink ports, protecting customer traffic from unauthorized access. The EX4300-48MP includes four dedicated 40GbE QSFP+ transceiver ports that can be used as Virtual Chassis ports to create a 320 Gbps backplane.Chassis-Like Features in an Expandable Form Factor
The fixed-configuration EX4300 switches include a number of high availability features typically associated with chassis-based solutions, including the following:- Hot-swappable fans
- Modular Juniper Networks Junos® operating system (consistent with chassis systems)
- Dual Routing Engines (REs) with graceful Routing Engine switchover (GRES) in a Virtual Chassis configuration
- Single management interface
- Easy, centralized software upgrades
- Scalability from 24 to 480 10/100/1000BASE-T ports and 24 to 240 100/1000/2500/5000/10000BASE-T ports, with up to 40 10GbE uplinks and 40 40GbE uplinks (up to 40 10GbE uplinks, 20 40GbE uplinks, or 20 100GbE uplinks on multigigabit models, in addition to four dedicated 40 Gbps Virtual Chassis ports per switch)
Architecture and Key Components
The EX4300 switches are single rack unit (1 U) devices that deliver a compact solution for crowded wiring closets and access switch locations where space and power are at a premium. Each EX4300 supports standard 40GbE QSFP+ ports which are preconfigured to support high-speed Virtual Chassis backplane connections; on the 1GbE access switches, these ports can also serve as uplinks to upstream aggregation devices. In addition, each EX4300 supports an optional front panel uplink module offering 1GbE or 10GbE ports for high-speed backbone or link aggregation connections between wiring closets and upstream aggregation switches; the multigigabit model offers a choice between a 4-port 10GbE SFP+ uplink module or a 2-port 40GbE QSFP+/2-port 100GbE QSFP28 uplink module. Uplink modules can be installed without powering down the switch, enabling users to add high-speed connectivity at any time or migrate from one uplink type to the other, delivering the ultimate in flexible, high-performance interconnectivity.The 1GbE access EX4300 models also feature a front panel LCD that offers a flexible interface for performing device bring-up and configuration rollbacks, reporting switch alarm and LED status, or restoring the switch to its default settings. When deployed as a member of a Virtual Chassis configuration, the LCD also displays the switch’s chassis “slot number” and RE status for rapid identification and problem resolution. The four integrated rear panel 40GbE QSFP+ ports support EX4300 Virtual Chassis deployment over a 320 Gbps virtual backplane. When deployed in close proximity such as in wiring closets or in top-of-rack data center applications, the EX4300 switches can be securely connected using standard 40GbE QSFP+ direct attach copper (DAC) cables (available in 50 cm, 1 m, 3 m, and 5 m lengths). Switches deployed in Virtual Chassis configurations spread over larger areas can be interconnected using optical QSFP+ transceivers such as the QSFP+ SR4, which supports distances up to 150 m. A dedicated rear panel RJ-45 port is available for out-of-band management, while a rear panel USB port can be used to easily upload Junos OS and configuration files. In addition, a dedicated front panel USB console port and a rear panel RJ-45 console port offer flexible out-of-band console options.Cloud Management with Juniper Mist Wired Assurance
Juniper Mist Wired Assurance, a cloud-based service driven by Mist AI to claim, configure, manage, and troubleshoot the EX4300, delivers AI-powered automation and service levels to ensure a better experience for connected devices. Wired Assurance leverages rich Junos switch telemetry data to simplify operations, reduce mean time to repair, and improve visibility. Wired Assurance offers the following features:- Day 0 operations—Onboard switches seamlessly by claiming a greenfield switch or adopting a brownfield switch with a single activation code for true plug-and-play simplicity.
- Day 1 operations—Implement a template-based configuration model for bulk rollouts of traditional and campus fabric deployments, while retaining the flexibility and control required to apply custom site- or switch-specific attributes. Automate provisioning of ports via Dynamic Port Profiles.
- Day 2 operations—Leverage the AI in Juniper Mist Wired Assurance to meet service-level expectations such as throughput, successful connects, and switch health with key pre- and post-connection metrics (see Figure 1). Add the self-driving capabilities in Marvis Actions to detect loops, add missing VLANs, fix misconfigured ports, identify bad cables, isolate flapping ports, and discover persistently failing clients (see Figure 2). And perform software upgrades easily through Juniper Mist cloud.
Figure 1: Juniper Mist Wired Assurance service-level expectations screenFigure 2: Marvis Actions for wired switchesThe addition of Marvis, a complementary Virtual Network Assistant driven by Mist AI, lets you start building a self-driving network that simplifies network operations and streamlines troubleshooting via automatic fixes for EX Series switches or recommended actions for external systems. For more information see Juniper Mist™ Wired Assurance.EVPN-VXLAN Technology
The EX4300-48MP embraces open standards and extends the industry-standard Ethernet VPN (EVPN)-Virtual Extensible LAN (VXLAN) technology already supported for campus fabric IP Clos networks. An IP Clos network between the distribution and the core layers can exist in two modes: centrally routed bridging overlay or edge routed bridging overlay.Figure 3: Campus Fabric: IP Clos with EX4300-MPWith enterprise applications moving to the cloud, it has become necessary to deploy IP fabrics as enterprise fabrics with L2 extensions using VXLAN. The EX4300-48MP is capable of both L2 and L3 VXLAN gateway services, allowing you to deploy networks that provide L2 adjacencies for applications over L3 fabrics. EVPN-VXLAN offers a scalable way to build and interconnect multiple campuses, delivering:- Greater network efficiency
- Compliance with industry standards
- Scalability across all network layers
- Faster convergence
- Flexible and secure architecture
Campus Fabric Deployments
Juniper campus fabrics support these validated architectures with the EX4300 switch playing the role of access switch:- EVPN multihoming (collapsed core or distribution): A collapsed core architecture combines the core and distribution layers into a single switch, turning the traditional three-tier hierarchal network into a two-tier network. This eliminates the need for STP across the campus network by providing multihoming capabilities from the access to the core layer. EVPN multihoming can be deployed and managed using the Juniper Mist cloud.
- Core/distribution: A pair of interconnected EX Series core or distribution switches provide L2 EVPN and L3 VXLAN gateway support. The IP Clos network between the distribution and core layers offers two modes: centrally or edge routed bridging overlay.
Figure 4: Campus fabrics showing Virtual Chassis and EVPN-VXLAN-based architecturesVirtual Chassis Technology
Up to 10 EX4300 switches can be interconnected using Virtual Chassis technology, creating a single logical device supporting up to 480 10/100/1000BASE-T ports, plus up to 40 10GbE or 40 40GbE uplink ports. For mixed 1GbE and 10GbE access environments, the EX4300 can be interconnected with the EX4600 enterprise campus and QFX5100 high-performance data center access switches. EX4300 Virtual Chassis configurations can be created to support a variety of port and density options for data center, campus, and branch deployments. Virtual Chassis connections can be formed using any of the 40GbE ports or 10GbE ports using standard DAC cables and optics. The EX4300 does not support Virtual Chassis technology on the GbE copper or fiber ports. With the EX4300 multigigabit model, up to 10 switches can be interconnected using dedicated 40GbE ports through Virtual Chassis technology, creating a single logical device supporting up to 240 10/100/1000BASE-T ports and 240 100/1000/2500/5000/10000BASE-T ports, with up to 40 10GbE uplinks, 20 40GbE uplinks, or 20 100GbE uplinks. The multigigabit EX4300 can also participate in a 10-member mixed-mode Virtual Chassis configuration with other 1GbE EX4300 access switches.Virtual Chassis Deployments in Campus Wiring Closets
In campus wiring closets, flexible topologies can be created usingstandard QSFP+ optics on the 40GbE ports to extend the VirtualChassis configuration across long distances spanning multiple wiringclosets, floors, or even buildings while using 10GbE or 40GbE foruplink connectivity. EX4300 fiber-based switches can also be usedfor campus aggregation or small core deployments.Virtual Chassis Deployments in the Data Center
When deployed in a Virtual Chassis configuration in the data center, all EX4300 switches are monitored and managed as a single device, enabling enterprises to separate physical topology from logical groupings of endpoints and allowing more efficient resource utilization. Highly resilient topologies can also be created using the 40GbE DAC cables.Figure 5: Using Virtual Chassis technology, up to 10 EX4300 switches can be interconnected to create a single logical device spanning an entire building.Mesh Virtual Chassis Configurations for the Data Center
In data center top-of-rack deployments, a full mesh five-switch Virtual Chassis configuration can be created where every switch member is just one hop away from every other member, delivering the lowest possible latency. A mesh spanning distances of up to 150 meters can be created using standard QSFP+ optics on the 40GbE ports (DAC cables up to 3 m in length are available for shorter distances), while 10GbE ports can be used as uplinks to connect to upstream aggregation or core devices.Figure 6: The EX4300 Ethernet Switch with Virtual Chassis technology delivers a high-performance, scalable, and highly reliable solution for the data center.Figure 7: EX4300 switches in a full mesh Virtual Chassis configuration for the data center.Virtual Chassis Fabric Switching Architecture
Existing Virtual Chassis technology is further scaled and enhanced to support a spine-and-leaf topology that is ideal for high-performance and low-latency data center deployments. In its first instance, this topology, called Virtual Chassis Fabric, enables up to 20 switches to be deployed in a spine-and-leaf configuration, with two to four QFX5100 switches in the spine and up to 18 QFX5100 or EX4300 switches as leaf nodes. This architecture provides any-rack-to-any-rack deterministic throughput and low latency, while significantly simplifying network operations through a single point of management. A Virtual Chassis Fabric configuration supports mixed 1GbE, 10GbE, and 40GbE servers1.Figure 8: EX4300, QFX3500, QFX3600, and QFX5100 at the access layer of a Virtual Chassis Fabric configuration.Features and Benefits
Managing AI-Driven Campus Fabric with the Juniper Mist Cloud
Juniper Mist Wired Assurance brings cloud management and Mist AI to campus fabric. It sets a new standard moving away from traditional network management towards AI-driven operations, while delivering better experiences to connected devices. The Juniper Mist cloud streamlines deployment and management of campus fabric architectures by allowing:- Automated deployment and zero touch deployment
- Anomaly detection
- Root cause analysis
Figure 9: EVPN multihoming configuration via the Juniper Mist cloudChassis-Class Availability
The EX4300 line of Ethernet switches delivers high availability through redundant power supplies and fans, GRES, and nonstop bridging and routing when deployed in a Virtual Chassis configuration. In a Virtual Chassis configuration, each EX4300 switch is capable of functioning as a Routing Engine. When two or more EX4300 switches are interconnected, a single control plane is shared among all Virtual Chassis member switches. When two EX4300 switches are interconnected, Junos OS automatically initiates an election process to assign a primary (active) and backup (hot-standby) RE. An integrated L2 and L3 GRES feature maintains uninterrupted access to applications, services, and IP communications in the unlikely event of a primary RE failure. When more than two switches are interconnected in a Virtual Chassis configuration, the remaining switch elements act as line cards and are available to assume the backup RE position should the designated primary fail. Primary, backup, and line card priority status can be assigned to dictate the order of ascension; this N+1 RE redundancy, coupled with the GRES, nonstop routing (NSR), and nonstop bridging (NSB) capabilities of Junos OS, assures a smooth transfer of control plane functions following unexpected failures. The EX4300 implements the same slot/module/port numbering schema as other Juniper Networks chassis-based products when numbering Virtual Chassis ports, providing true chassis-like operations. By using a consistent operating system and a single configuration file, all switches in a Virtual Chassis configuration are treated as a single device, simplifying overall system maintenance and management. In a mixed Virtual Chassis configuration with both EX4300 1GbE access and multigigabit switches, the EX4300 multigigabit switches must assume the role of the RE, while the 1GbE access EX4300 switches can only act as line cards. Individually, the EX4300 offers a number of HA features that are typically associated with modular chassis-based switches. When combined with the field-proven Junos OS and L2/L3 failover capabilities, these features provide the EX4300 with true carrier-class reliability.- Redundant power supplies: The EX4300 line of Ethernet switches supports internal redundant, load-sharing, hot-swappable, and field-replaceable power supplies to maintain uninterrupted operations. Thanks to its compact footprint, the EX4300 requires significantly less power than chassis-based switches delivering equivalent port densities. The EX4300 1GbE access switches offer both AC and DC options, while the EX4300 multigigabit switch supports only AC power supplies.
- Hot-swappable fans: The EX4300 includes hot-swappable fans, providing sufficient cooling even if one of the fans were to fail.
- Nonstop bridging and nonstop routing: NSB and NSR on the EX4300 ensure that control plane protocols, states, and tables are synchronized between primary and standby REs to prevent protocol flaps or convergence issues following a Routing Engine failover.
- Redundant trunk group (RTG): To avoid the complexities of Spanning Tree Protocol (STP) without sacrificing network resiliency, the EX4300 employs redundant trunk groups to provide the necessary port redundancy and simplify switch configuration.
- Cross-member link aggregation: Cross-member link aggregation allows redundant link aggregation connections between devices in a single Virtual Chassis configuration, providing an additional level of reliability and availability.
- Carrier-class hardware: The EX4300 leverages a purpose-built packet forwarding engine ASIC, the EX-PFE, which integrates much of the same intellectual property used in Juniper’s carrier-class routers. As a result, the EX4300 delivers the same predictable, scalable functionality found in the world’s largest networks.
- IPv4 and IPv6 routing support: IPv4 and IPv6 Layer 3 routing (OSPF and BGP) is available with an Enhanced license, enabling highly resilient networks.
Carrier-Class Operating System
The EX4300 runs on Junos OS, the same operating system software used by other Juniper Networks switches, routers, and security devices. By utilizing a common operating system, Juniper delivers a consistent implementation and operation of control plane features across all products. To maintain that consistency, Junos OS adheres to a highly disciplined development process that uses a single source code, follows a single quarterly release train, and employs a highly available modular architecture that prevents isolated failures from bringing an entire system down. These attributes are fundamental to the core value of the software, enabling all products powered by Junos OS to be updated simultaneously with the same software release. All features are fully regression tested, making each new release a true superset of the previous version. Customers can deploy the software with complete confidence that all existing capabilities will be maintained and operate in the same way.Converged Networks
The EX4300 line of Ethernet switches provides the highest levels of availability for the most demanding converged data, voice, and video environments, delivering the most reliable platform for unifying enterprise communications. The EX4300 supports rich quality of service (QoS) functionality for prioritizing data, voice, and video traffic. The switches support 12 QoS queues on every port, enabling them to maintain multilevel, end-to-end traffic prioritizations. The EX4300 also supports a wide range of policy options, including priority and weighted deficit round-robin (WDRR) queuing. By providing 15.4 watts of Class 3 802.3af PoE on all ports to power voice over IP (VoIP) telephones, closed-circuit security cameras, wireless access points, and other IP-enabled devices, the EX4300 delivers a future-proofed solution for converging disparate networks onto a single IP infrastructure. The EX4300 switches also support standards-based 802.3at PoE+, which delivers up to 30 watts per port for powering networked devices such as multiple radio IEEE 802.11n wireless access points and video phones that may require more power than available with IEEE 802.3af. The EX4300 multigigabit switch supports pre-standard IEEE 802.3bt PoE++, which delivers up to 95 watts per port for powering devices requiring more than the 30 watts of power provided by PoE+. Link Layer Discovery Protocol–Media Endpoint Discovery (LLDP-MED)-based granular PoE/PoE+ management allows the EX4300 to negotiate PoE/PoE+ usage down to a fraction of a watt on powered devices, enabling more efficient PoE utilization across the switch. To ease deployment, the EX4300 supports the industry-standard LLDP and LLDP-MED, which enable the switches to automatically discover Ethernet-enabled devices, determine their power requirements, and assign virtual LAN (VLAN) parameters. The EX4300 supports the IEEE 802.3az standard for Energy Efficient Ethernet (EEE) functionality, reducing power consumption of copper physical layers (PHY) during periods of low link utilization.Security
The EX4300 provides a full complement of port security features, including Dynamic Host Configuration Protocol (DHCP) snooping, dynamic ARP inspection (DAI), IP source guard, and media access control (MAC) limiting (per port and per VLAN) to defend against internal and external spoofing, man-in-the-middle and denial-of-service (DoS) attacks.MACsec
EX4300 switches support IEEE 802.1AE MACsec, providing support for link-layer data confidentiality, data integrity, and data origin authentication. The MACsec feature enables the EX4300 to support 88 Gbps of near line-rate hardware-based traffic encryption on all GbE and 10GbE ports, including the base unit and optional uplink modules. The multigigabit EX4300 model supports the MACsec AES 256 standard for encrypting traffic on all access and uplink ports. Defined by IEEE 802.1AE, MACsec provides secure, encrypted communication at the link layer that is capable of identifying and preventing threats from denial of service (DoS) and intrusion attacks, as well as man-in-the-middle, masquerading, passive wiretapping, and playback attacks launched from behind the firewall. When MACsec is deployed on switch ports, all traffic is encrypted on the wire but traffic inside the switch is not. This allows the switch to apply all network policies such as QoS, deep packet inspection, and sFlow to each packet without compromising the security of packets on the wire. Hop-by-hop encryption enables MACsec to secure communications while maintaining network intelligence. In addition, Ethernet-based WAN networks can use MACsec to provide link security over long haul connections. MACsec is transparent to Layer 3 and higher layer protocols and is not limited to IP traffic; it works with any type of wired or wireless traffic carried over Ethernet links.Simplified Operations
When employing Virtual Chassis technology, the EX4300 dramatically simplifies network management. Up to 10 interconnected EX4300 switches can be managed as a single device. Each Virtual Chassis group uses a single Junos OS image file and a single configuration file, reducing the overall number of units to monitor and manage. When Junos OS is upgraded on the primary switch in a Virtual Chassis configuration, the software is automatically upgraded on all other member switches at the same time. The EX4300 also includes port profiles that allow network administrators to automatically configure ports with security, QoS, and other parameters based on the type of device connected to the port. Six preconfigured profiles are available, including default, desktop, desktop plus IP phone, wireless access point, routed uplink, and L2 uplink. Users can select from the existing profiles or create their own and apply them through the command line interface (CLI), Junos Web interface, or management system.Flex Licensing
Juniper Flex licensing offers a common, simple, and flexible licensing model for EX Series access switches, enabling customers to purchase features based on their network and business needs. Flex licensing is offered in Standard, Advanced, and Premium tiers. Standard tier features are available with the Junos OS image that ships with EX Series switches. Additional features can be unlocked with the purchase of a Flex Advanced or Flex Premium license. The Flex Advanced and Premium licenses for the EX Series platforms are class based, determined by the number of access ports on the switch. Class 1 (C1) switches have 12 ports, Class 2 (C2) switches have 24 ports, and Class 3 (C3) switches have 32 or 48 ports. The EX4300 switches support both subscription and perpetual Flex licenses. Subscription licenses are offered for three- and five-year terms. In addition to Junos features, the Flex Advanced and Premium subscription licenses include Juniper Mist Wired Assurance. Flex Advanced and Premium subscription licenses also allow portability across the same tier and class of switches, ensuring investment protection for the customer. For a complete list of features supported by the Flex Standard, Advanced, and Premium tiers, or to learn more about Junos EX Series licenses, please visit https://www.juniper.net/documentation/us/en/software/license/licensing/topics/topic-map/understanding_software_licenses.html.Warranty
For warranty information, please visit https://support.juniper.net/support/warranty/.Product Options
Ten EX4300 switch models are available (see Table 1 below).Table 1. EX4300 Line of Ethernet Switches*Dedicated Virtual Chassis ports cannot be used in Ethernet mode Model/Product SKU Access Port Configuration PoE /PoE+ Ports PoE Budget 10GbE Ports (max. with module) 40GbE Ports (max. with module) 100GbE Ports (max. with module) Power Supply Rating Airflow EX4300-24T 24-port 10/100/1000BASE-T 0 0 W 0 (4) 4 0 350 W AC AFO (Front-to-back airflow) EX4300-24P 24-port 10/100/1000BASE-T 24 550 W 0 (4) 4 0 715 W AC AFO (Front-to-back airflow) EX4300-48T 48-port 10/100/1000BASE-T 0 0 W 0 (4) 4 0 350 W AC AFO (Front-to-back airflow) EX4300-48P 48-port 10/100/1000BASE-T 48 900 W 0 (4) 4 0 1100 W AC AFO (Front-to-back airflow) EX4300-48T-AFI 48-port 10/100/1000BASE-T 0 0 W 0 (4) 4 0 350 W AC AFI (Back-to-front airflow) EX4300-48T-DC 48-port 10/100/1000BASE-T 0 0 W 0 (4) 4 0 550 W DC AFO (Front-to-back airflow) EX4300-48T-DC-AFI 48-port 10/100/1000BASE-T 0 0 W 0 (4) 4 0 550 W DC AFI (Back-to-front airflow) EX4300-48MP 24-port 10/100/1000BASE-T, 24-port 100/1000/2500/5000/ 10000BASE-T 48 1100 24 (28) 4* (2) 0 (2) 1400 W AC AFO (Front-to-back airflow) EX4300-32F 32-port 100/1000BASE-X 0 0 W 4 (12) 2 (4) 0 350 W AC AFO (Front-to-back airflow) EX4300-32F-DC 32-port 100/1000BASE-X 0 0 W 4 (12) 2 (4) 0 550 W DC AFO (Front-to-back airflow The EX4300 also offers spare chassis options without power supplies or fans, providing customers with the flexibility to create custom SKUs. The supportability matrix for the EX4300 spare chassis SKUs is shown in Table 2. See Ordering Information section for registration details.Table 2. Supportability Matrix for EX4300 Spare Chassis SKUsNote: P: supported as a SKU; Y: supported combination; X: unsupported combination Spare Chassis SKU Description PSU-350-AC-AFO + EX4300-FAN JPSU-715-AC- AFO + EX4300-FAN JPSU-1100-AC-AFO + EX4300-FAN JPSU-1400-AC-AFO + EX4300-FAN JPSU-550-DC-AFO + EX4300-FAN JPSU-350-AC-AFI+ EX4300-FAN-AFI JPSU-550-DC-AFI + EX4300-FAN-AFI EX4300-48T-S Spare chassis, 48-port 10/100/1000BASE-T P EX4300-48T X Y X P EX4300-48T-DC P EX4300-48T-AFI P EX4300-48T-DC-AFI EX4300-48P-S Spare chassis, 48-port 10/100/1000BASE-T PoE+ Y Y P EX4300-48P X Y Y Y EX4300-48MP-S Spare chassis, 24-port 10/100/1000BASE-T, 24-port 100/1000/2500/5000/ 10000BASE-T 95 W PoE X Y Y Y Y X X EX4300-24T-S Spare chassis, 24-port 10/100/1000BASE-T P EX4300-24T X Y X Y Y Y EX4300-24P-S Spare chassis, 24-port 10/100/1000BASE-T PoE+ Y P EX4300-24P Y X Y Y Y EX4300-32F-S Spare chassis, 32-port 100/1000BASE-X SFP, 4x10GBASE-X SFP+, 2x40GBASE-X QSFP+ P EX4300-32F X Y X P EX4300-32F-DC Y Y EX4300 Specifications
Physical Specifications
Backplane
- 320 Gbps Virtual Chassis interconnect to combine up to 10 units as a single logical device
Uplink Module Options
- EX4300-32F/EX4300-32F-DC: 8-port dual-mode 10GbE/1GbE module with pluggable SFP+/SFP optics
- EX4300-32F/EX4300-32F-DC: 2-port dual-mode 40GbE module with pluggable QSFP+ optics
- EX4300-48MP: 4-port dual-mode 10GbE/1GbE module with pluggable SFP+/SFP optics or 2-port QSFP+/1-port QSFP28 module
- Others: 4-port dual-mode 10GbE/1GbE module with pluggable SFP+/SFP optics
Power Options
- Power supplies: Autosensing; 100-120 V/200-240 V; AC 350 W AFO, 350 W AFI, 715 W AFO, and 1100 W AFO dual load-sharing hot-swappable internal redundant power supplies
- Maximum current inrush: 50 amps
- EX4300-48MP: 100-120 V/200-240 V; AC 715 W AFO, 1100 W AFO, 1400 W AFO dual load-sharing hot-swappable internal redundant power supplies
- DC power supply: 550 W DC AFO and 550 W DC AFI; input voltage range 43.5-60 V max (+/- 0.5 V); dual input feed, dual load-sharing hot-swappable internal redundant power supplies
- Minimum number of PSUs required for fully loaded chassis: 1 per switch
Dimensions (W x H x D)
- EX4300-24P, -24T, -48P, -48T:
- Base unit: 17.36 x 1.72 x 16.38 in (44.1 x 4.37 x 41.6 cm)
- With power supply installed: 17.36 x 1.72 x 17.51 in (44.1 x 4.37 x 44.47 cm)
- With power supply and front module installed: 17.36 x 1.72 x 18 in (44.1 x 4.37 x 45.73 cm)
- EX4300-32F:
- Base unit: 17.36 x 1.72 x 17.87 in (44.1 x 4.37 x 45.4 cm)
- With power supply installed: 17.36 x 1.72 x 19 in (44.1 x 4.37 x 48.28 cm)
- With power supply and front module installed: 17.36 x 1.72 x 19.31 in (44.1 x 4.37 x 49.1 cm)
- EX4300-48MP:
- Base unit: 17.36 x 1.72 x 18.39 in (44.1 x 4.37 x 46.7 cm)
- With power supply installed: 17.36 x 1.72 x 19.63 in (44.1 x 4.37 x 49.99 cm)
- With power supply and front module installed: 17.36 x 1.72 x 20.06 in (44.1 x 4.37 x 50.96 cm)
System Weight
- EX4300 switch (with no power supply or fan module): 13 lb (5.9 kg)
- EX4300 switch (with single power supply and two fan modules): 16.1 lb (7.3 kg)
- 350 W AC power supply: 2.4 lb (1.1 kg)
- 715 W AC power supply: 2.4 lb (1.1 kg)
- 1100 W AC power supply: 2.4 lb (1.1 kg)
- 550 W DC power supply: 2.4 lb (1.1 kg)
- SFP+ uplink module: 0.44 lb (0.2 kg)
- Fan module: 0.33 lb (0.15 kg)
Environmental Ranges
- Operating temperature:
- AFO models: 32° to 113° F (0° to 45° C)
- AFI models: 32° to 95° F (0° to 35° C)
- Storage temperature: -40° to 158° F (-40° to 70° C)
- Operating altitude: up to 10,000 ft (3,049 m)
- Non-operating altitude: up to 16,000 ft (4,877 m)
- Relative humidity operating: 10% to 85% (noncondensing)
- Relative humidity non-operating: 0% to 95% (noncondensing)
Cooling
- Field-replaceable fans: 2
- Airflow: PSU-7.5 cubic feet per minute (CFM); fan-22 CFM
- Total maximum airflow throughput with two power supplies: 59 CFM
Hardware Specifications
Switching Engine Mode
- Store and forward
Memory
- DRAM: 8 GB with Error Correcting Code (ECC) on EX4300-48MP, 3 GB with ECC on EX4300-32F and EX4300-32F-DC; 2 GB with ECC on all other EX4300 switches
- Storage: 50 GB on EX4300-48MP, 4 GB on EX4300-32F and EX4300-32F-DC; 2 GB on all other EX4300 switches
CPU
- EX4300-48MP: 2.2 GHz Dual-Core Intel Broadwell CPU
- Other EX4300s: 1.5 GHz Dual-Core PowerPC CPU
GbE Port Density per System
- 24P/24T: 32 (24 host ports + four 40GbE ports + optional four-port 1/10GbE uplink module)
- 32F: 46 (32 host ports + four 10GbE ports + two 40GbE ports + optional eight-port 1/10GbE uplink module or two-port 40GbE uplink module)
- 48P/48T/48MP: 56 (48 host ports + four 40GbE ports + optional four-port 1/10GbE uplink module)
- 10GbE port density per system:
- 32F: 4 (fixed) + 8 (uplink module)
- 48MP: 24 (fixed) = 4 (uplink module)
- All others: 4 (uplink module)
- 40GbE port density per system:
- 32F: 2 (fixed) + 2 (uplink module)
- 48MP: 4 (fixed) + 2 (uplink module)
- All others: 4 (fixed)
- 100GbE port density per system:
- 48MP: 2 (uplink module)
Supported Optics
- GbE SFP optic/connector type: LC SFP fiber supporting SX (multimode), LX (single-mode)
- 10GbE SFP+ optic/connector type: 10GbE SFP+ LC connector, SR (multimode), USR (multimode), LR (single-mode), ER (single-mode), LRM (multimode), and DAC (direct-attach copper)
- 40 GbE QSFP+ optic/connector type: 40GbE QSFP+ LC connector type, SR (multimode), DAC (direct-attach copper)
- 100 GbE QSFP28 optic type: 100GbE QSFP SR4, LR4, DAC (direct-attach copper)
Physical Layer
- Time domain reflectometry (TDR) for detecting cable breaks and shorts: 24P/24T and 48P/48T only
- Auto medium-dependent interface/medium-dependent interface crossover (MDI/MDIX) support: 24P/24T and 48P/48T/48MP only (all ports)
- Port speed downshift/setting maximum advertised speed on 10/100/1000BASE-T ports: 24P/24T and 48P/48T/48MP only, on all ports
- Digital optical monitoring for optical ports
Packet Switching Capacities (Maximum with 64 Byte Packets)
- 24P/24T: 224 Gbps (unidirectional)/448 Gbps (bidirectional)
- 48P/48T: 248 Gbps (unidirectional)/496 Gbps (bidirectional)
- 48MP: 464 Gbps (unidirectional)/928 Gbps (bidirectional)
- 32F: 232 Gbps (unidirectional)/464 Gbps (bidirectional)
Software Specifications
Security
- MAC limiting (per port and per VLAN)
- Allowed MAC addresses configurable per port
- Dynamic ARP inspection (DAI)
- IP source guard
- Local proxy ARP
- Static ARP support
- DHCP snooping
- Captive portal
- Persistent MAC address configurations
- Distributed denial of service (DDoS) protection (CPU control path flooding protection)
Layer 2/Layer 3 Throughput (Mpps) (Maximum with 64 Byte Packets)
- EX4300-24P/24T: 333 Mpps (wire speed)
- EX4300-48P/48T: 369 Mpps (wire speed)
- EX4300-48MP: 714 Mpps
- EX4300-32F: 345 Mpps (wire speed)
Layer 2 Switching
- Maximum MAC addresses per system: 64,000
- Jumbo frames: 9216 Bytes
- Number of VLANs supported: 4093
- Range of possible VLAN IDs: 1 to 4094
- Virtual Spanning Tree (VST) instances: 510
- Port-based VLAN
- Voice VLAN
- Physical port redundancy: Redundant trunk group (RTG)
- Compatible with Per-VLAN Spanning Tree Plus (PVST+)
- Routed VLAN Interface (RVI)
- Uplink Failure Detection (UFD)
- ITU-T G.8032: Ethernet Ring Protection Switching
- IEEE 802.1AB: Link Layer Discovery Protocol (LLDP)
- LLDP-MED with VoIP integration
- Default VLAN and multiple VLAN range support
- MAC learning deactivate
- Persistent MAC learning (sticky MAC)
- MAC notification
- Private VLANs (PVLANs)
- Explicit congestion notification (ECN)
- Layer 2 protocol tunneling (L2PT)
- IEEE 802.1ak: Multiple VLAN Registration Protocol (MVRP)
- IEEE 802.1p: CoS prioritization
- IEEE 802.1Q: VLAN tagging
- IEEE 802.1X: Port Access Control
- IEEE 802.1ak: Multiple Registration Protocol
- IEEE 802.3: 10BASE-T
- IEEE 802.3u: 100BASE-T
- IEEE 802.3ab: 1000BASE-T
- IEEE 802.3z: 1000BASE-X
- IEEE 802.3ae: 10-Gigabit Ethernet
- IEEE 802.3ba: 40-Gigabit Ethernet
- IEEE 802.3af: Power over Ethernet
- IEEE 802.3at: Power over Ethernet Plus
- IEEE 802.3x: Pause Frames/Flow Control
- IEEE 802.3ah: Ethernet in the First Mile
Spanning Tree
- IEEE 802.1D: Spanning Tree Protocol
- IEEE 802.1s: Multiple instances of Spanning Tree Protocol (MSTP)
- Number of MST instances supported: 64
- Number of VLAN Spanning Tree Protocol (VSTP) instances supported: 510
- IEEE 802.1w: Rapid reconfiguration of Spanning Tree Protocol
Link Aggregation
- IEEE 802.3ad: Link Aggregation Control Protocol
- 802.3ad (LACP) support:
- Number of LAGs supported: 128
- Maximum number of ports per LAG: 16
- LAG load-sharing algorithm bridged or routed (unicast or multicast) traffic:
- IP: S/D IP
- TCP/UDP: S/D IP, S/D Port
- Non-IP: S/D MAC
- Tagged ports support in LAG
Layer 3 Features: IPv4
- Maximum number of ARP entries: 64,000
- Maximum number of IPv4 unicast routes in hardware: 16,000 prefixes; 32,000 host routes
- Maximum number of IPv4 multicast routes in hardware: 8000 multicast groups; 16,000 multicast routes
- Routing protocols: RIPv1/v2, OSPF, BGP, IS-IS
- Static routing
- Routing policy
- Bidirectional Forwarding Detection (BFD)
- L3 redundancy: Virtual Router Redundancy Protocol (VRRP)
- VRF-Lite
Layer 3 Features: IPv6
- Maximum number of Neighbor Discovery (ND) entries: 32,000
- Maximum number of IPv6 unicast routes in hardware: 4000 prefixes; 15,000 host routes
- Maximum number of IPv6 multicast routes in hardware: 8000 multicast groups; 16,000 multicast routes
- Routing protocols: RIPng, OSPFv3, IPv6, ISIS
- Static routing
Access Control Lists (ACLs) (Junos OS Firewall Filters)
- Port-based ACL (PACL): Ingress and egress
- VLAN-based ACL (VACL): Ingress and egress
- Router-based ACL (RACL): Ingress and egress
- ACL entries (ACE) in hardware per system:
- Port-based ACL (PACL) ingress: 3072
- VLAN-based ACL (VACL) ingress: 3500
- Router-based ACL (RACL) ingress: 7000
- Egress shared across PACL and VACL: 512
- Egress across RACL: 1024
- ACL counter for denied packets
- ACL counter for permitted packets
- Ability to add/remove/change ACL entries in middle of list (ACL editing)
- L2-L4 ACL
Access Security
- 802.1X port-based
- 802.1X multiple supplicants
- 802.1X with VLAN assignment
- 802.1X with authentication bypass access (based on host MAC address)
- 802.1X with VoIP VLAN support
- 802.1X dynamic ACL based on RADIUS attributes
- 802.1X Supported Extensible Authentication Protocol (EAP types): Message Digest 5 (MD5), Transport Layer Security (TLS), Tunneled TLS (TTLS), Protected Extensible Authenticated Protocol (PEAP)
- MAC authentication (RADIUS)
- Control plane DoS protection
- Radius functionality over IPv6 for authentication, authorization, and accounting (AAA)
- DHCPv6 snooping
- IPv6 neighbor discovery
- IPv6 source guard
- IPv6 RA guard
- IPv6 Neighbor Discovery Inspection
- Media Access Control security (MACsec)
High Availability
- Redundant, hot-swappable power supplies
- Redundant, field-replaceable, hot-swappable fans
- Graceful Routing Engine switchover (GRES) for Layer 2 hitless forwarding and Layer 3 protocols on RE failover
- Graceful protocol restart (OSPF, BGP)
- Layer 2 hitless forwarding on RE failover
- Nonstop bridging: LACP, xSTP
- Nonstop routing: PIM, OSPF v2 and v3, RIP v2, RIPnG, BGP, BGPv6, ISIS, IGMP v1, v2, v3
- Online insertion and removal (OIR) uplink module
Quality of Service
- L2 QoS
- L3 QoS
- Ingress policing: 1 rate 2 color
- Hardware queues per port: 12
- Scheduling methods (egress): Strict priority (SP), WDRR
- 802.1p, DiffCode (DSCP)/IP precedence trust and marking
- L2-L4 classification criteria: Interface, MAC address, Ethertype, 802.1p, VLAN, IP address, DSCP/IP precedence, TCP/UDP port numbers, and more
- Congestion avoidance capabilities: Tail drop, weighted random early detection (WRED)
Multicast
- IGMP: v1, v2, v3
- IGMP snooping
- Multicast Listener Discovery (MLD) snooping
- PIM-SM, PIM-SSM, PIM-DM
Management and Analytics Platforms
- Juniper Mist Wired Assurance for Campus
- Junos Space®Network Director for Campus
- Junos Space® Management
Services and Manageability
- Junos OS CLI
- Junos Web interface (J-Web)
- Out-of-band management: Serial; 10/100/1000BASE-T Ethernet
- ASCII configuration
- Rescue configuration
- Configuration rollback
- Image rollback
- LCD management
- Element management tools: Juniper Networks Network and Security Manager (NSM)
- Remote performance monitoring
- Proactive services support via Advanced Insight Solutions (AIS)
- SNMP: v1, v2c, v3
- RMON (RFC 2819) Groups 1, 2, 3, 9
- Network Time Protocol (NTP)
- DHCP server
- DHCP client and DHCP proxy
- DHCP relay and helper
- DHCP local server support
- RADIUS
- TACACS+
- SSHv2
- Secure copy
- HTTP/HTTPs
- Domain Name System (DNS) resolver
- System logging
- Temperature sensor
- Configuration backup via FTP/secure copy
-
Product Overview
Juniper Networks EX3400 Ethernet Switch delivers a high-performance, flexible, and cost-effective solution for today’s most demanding converged data, voice, and video enterprise access environments. The EX3400 supports Juniper Networks Virtual Chassis technology, allowing up to 10 switches to be interconnected over uplink ports and managed as a single device, delivering a scalable, pay-as-you-grow solution for expanding network environments. The EX3400 is onboarded, provisioned, and managed in the Juniper Mist Cloud Architecture. Mist Wired Assurance delivers better experiences for connected devices through AI-powered automation and service levels.
Product Description
The Juniper Networks® EX3400 Ethernet Switch with Juniper Networks Virtual Chassis technology provides enterprises with the flexibility and ease of management that previously was only available with higher-end access switches. The fixed-configuration EX3400 supports a number of key features, including:- 24-port and 48-port models with and without Power over Ethernet (PoE/PoE+) are for campus wiring closet deployments.
- Cloud-ready and zero-touch provisioning (ZTP)-enabled for Juniper Mist Wired Assurance
- Data center-optimized cooling options offer both front-to-back and back-to-front airflows, making the EX3400 suitable for GbE data center access deployments.
- Two redundant, field-replaceable power supplies each provide up to 920 watts of power.
- 24-port data center models are included for metro deployments.
- Four dual-mode (GbE/10GbE) small form-factor pluggable transceiver (SFP/SFP+) uplink ports and two 40GbE QSFP+ ports are available.
- Uplink ports can be configured as Virtual Chassis interfaces and connected via standard 10GbE/40GbE optic interfaces (40GbE uplink ports are preconfigured by default as Virtual Chassis ports).
- Comprehensive Layer 2 functionality with RIP and static routing is provided.
- A compact, 13.8-inch deep 1 U form factor supports flexible deployment options.
- An easy-to-manage solution includes centralized software upgrades.
- Support is available for the same consistent modular Juniper Networks Junos operating system control plane feature implementation used by all other Juniper fixed-configuration Juniper Networks EX Series Ethernet Switches.
- Support is provided for Layer 3 (OSPF v2, IGMP v1/v2/v3, PIM, VRRP, BFD, virtual router) via an enhanced feature license (optional license required).
- Support is available for IPv6 management, including neighbor discovery, stateless auto configuration, telnet, SSH, DNS, system log, NTP, ping, traceroute, ACL, CoS static routing, and RIPng.
- IPv6 routing features (OSPFv3, virtual router support for unicast, VRRPv6, PIM, MLDv1/v2) are supported via an enhanced feature license.
- Support is available for Border Gateway Protocol (BGP), multiprotocol BGP (MBGP), and Intermediate System-to-Intermediate System (IS-IS) via an optional Advanced Feature license.
- Energy Efficient Ethernet (EEE) capability is provided.
Architecture and Key Components
Cloud Management with Juniper Mist Wired Assurance
Juniper Mist Wired Assurance, a cloud-based service driven by Mist AI to claim, configure, manage, and troubleshoot the EX3400, delivers AI-powered automation and service levels to ensure a better experience for connected devices. Wired Assurance leverages rich Junos switch telemetry data to simplify operations, reduce mean time to repair, and improve visibility. Wired Assurance offers the following features:- Day 0 operations—Onboard switches seamlessly by claiming a greenfield switch or adopting a brownfield switch with a single activation code for true plug-and-play simplicity.
- Day 1 operations—Implement a template-based configuration model for bulk rollouts of traditional and campus fabric deployments, while retaining the flexibility and control required to apply custom site- or switch-specific attributes. Automate provisioning of ports via Dynamic Port Profiles.
- Day 2 operations—Leverage the AI in Juniper Mist Wired Assurance to meet service-level expectations such as throughput, successful connects, and switch health with key pre- and post-connection metrics (see Figure 1). Add the self-driving capabilities in Marvis Actions to detect loops, add missing VLANs, fix misconfigured ports, identify bad cables, isolate flapping ports, and discover persistently failing clients (see Figure 2). And perform software upgrades easily through Juniper Mist cloud.
Figure 1: Juniper Mist Wired Assurance service-level expectationsFigure 2: Marvis Actions for wired switchesThe addition of Marvis, a complementary Virtual Network Assistant driven by Mist AI, lets you start building a self-driving network that simplifies network operations and streamlines troubleshooting via automatic fixes for EX Series switches or recommended actions for external systems. For more information see Juniper Mist Wired Assurance.Virtual Chassis Technology
The EX3400 supports Juniper Networks Virtual Chassis technology, allowing up to 10 switches to be interconnected over uplink ports and managed as a single logical device, delivering a scalable, pay-as-you-grow solution for expanding network environments. When deployed in a Virtual Chassis configuration, the EX3400 switches elect a primary and backup switch based on a set of criteria or preconfigured policies. The primary switch automatically creates and updates the switching and optional routing tables on all switches in the Virtual Chassis configuration. Virtual Chassis technology allows switches to be added or removed without service disruption. An EX3400 Virtual Chassis configuration operates as a highly resilient unified system, providing simplified management using a single IP address, single telnet session, single command-line interface (CLI), automatic version checking, and automatic configuration. The EX3400 switches are also capable of local switching, so that packets coming into a port destined for another port on the same switch do not have to traverse the Virtual Chassis, increasing the forwarding capacity of the switch. The EX3400 implements the same slot/module/port numbering schema as other Juniper Networks chassis-based products when numbering Virtual Chassis ports, providing true chassis-like operations. By using a consistent operating system and a single configuration file, all switches in a Virtual Chassis configuration are treated as a single device, simplifying overall system maintenance and management. The two QSFP+ ports on the EX3400 switch can be configured as Virtual Chassis ports or as uplinks to aggregation devices.
Figure 3: EX3400 Virtual Chassis deploymentsCampus Fabric Deployments
Juniper campus fabrics support these validated architectures with the EX3400 switch playing the role of access switch:- EVPN multihoming (collapsed core or distribution): A collapsed core architecture combines the core and distribution layers into a single switch, turning the traditional three-tier hierarchal network into a two-tier network. This eliminates the need for STP across the campus network by providing multihoming capabilities from the access to the core layer. EVPN multihoming can be deployed and managed using the Juniper Mist cloud.
- Core/distribution: A pair of interconnected EX Series core or distribution switches provide L2 EVPN and L3 VXLAN gateway support. The EVPN-VXLAN network between the distribution and core layers offers two modes: centrally or edge routed bridging overlay.
Figure 4: Campus fabrics showing Virtual Chassis and EVPN-VXLAN-based architecturesFeatures and Benefits
Managing AI-Driven Campus Fabric with the Juniper Mist Cloud
Juniper Mist Wired Assurance brings cloud management and Mist AI to campus fabric. It sets a new standard moving away from traditional network management towards AI-driven operations, while delivering better experiences to connected devices. The Juniper Mist Cloud streamlines deployment and management of campus fabric architectures by allowing:- Automated deployment and zero touch deployment
- Anomaly detection
- Root cause analysis
Figure 5. EVPN multihoming configuration via the Juniper Mist cloudJuniper Virtual Chassis
Virtual Chassis technology simplifies network management for smaller deployments. Up to 10 interconnected EX3400 switches can be managed as a single device utilizing a single Junos OS image and a single configuration file, reducing the overall number of units to monitor and manage. When the Junos OS is upgraded on the primary switch in an EX3400 Virtual Chassis configuration, the software is automatically upgraded on all other member switches at the same time. In addition, a feature called system snapshot makes a copy of all software files used to run the switch, including the Junos operating system, the active configuration, and the rescue configuration. These copies can be used to reboot the switch the next time it is powered up or as a backup boot option. The Junos OS software can also be preinstalled on a flash drive and used to boot the EX3400 at any time. Another feature, called automatic software download, enables network administrators to easily upgrade the EX3400 using the DHCP message exchange process to download and install software packages. Users simply configure the automatic software download feature on EX3400 switches acting as DHCP clients and establish a path to the server where the software package file is installed. The server then communicates the path to the software package file through DHCP server messages. The ZTP feature allows a DHCP server to push configuration details and software images to multiple switches at boot-up time.Power
The EX3400 supports the 802.3af Class 3 Power over Ethernet (PoE) and 802.3at PoE+ standards for supporting networked devices such as telephones, video cameras, IEEE 802.11ac WLAN access points, and videophones in converged networks. While EX3400 switches ship with a single power supply by default, they can support redundant 600W or 920W power supplies that provide PoE (15.4W) or PoE+ (30W) power to all ports in the switch. Spare power supplies can be ordered as needed. There are two PoE power mode settings on the EX3400 switches:- Static mode allows customers to specify the maximum PoE power setting on an individual port.
- Class mode allows end devices to specify PoE class and negotiate whether the switch can provide PoE power to the device.
Table 1. EX3400 PoE Power BudgetSKU Total 10/100/1000BASE-T Ports Total 30 W PoE+ Ports That Can Be Enabled Total 15.4 W PoE Ports That Can Be Enabled Power Supply Type PoE+ Power Budget (W) EX3400-24P 24 24 ports up to 30W 24 ports up to 15.4W AC 370W/720W EX3400-48P 48 48 ports up to 30W 48 ports up to 15.4W AC 740W/1440W Security
The EX3400 switches fully interoperate with Juniper Networks Access Policy Infrastructure, which consolidates all aspects of a user’s identity, device, and location, enabling administrators to enforce access control and security down to the individual port or user levels. Working as an enforcement point in the Access Policy Infrastructure, the EX3400 provides both standards-based 802.1X port-level access control and Layer 2-4 policy enforcement based on user identity, location, device, or a combination of these. A user’s identity, device type, machine posture check, and location can be used to not only grant or deny access but also to determine the duration of access. If access is granted, the switch assigns the user to a specific VLAN based on authorization levels. The switch can also apply QoS policies or mirror user traffic to a central location for logging, monitoring, or threat detection by an intrusion prevention system (IPS). The EX3400 also provides a full complement of port security features, including Dynamic Host Configuration Protocol (DHCP) snooping, dynamic ARP inspection (DAI), and media access control (MAC) limiting to defend against internal and external spoofing, man-in-the-middle, and denial-of-service (DoS) attacks.MACsec
EX3400 switches support IEEE 802.1ae MACsec, providing support for link-layer data confidentiality, data integrity, and data origin authentication. The MACsec feature enables the EX3400 to support 88 Gbps of near line-rate hardware-based traffic encryption on all GbE and 10GbE ports. Defined by IEEE 802.1AE, MACsec provides secure, encrypted communication at the link layer that is capable of identifying and preventing threats from DoS and intrusion attacks, as well as man-in-the-middle, masquerading, passive wiretapping, and playback attacks launched from behind the firewall. When MACsec is deployed on switch ports, all traffic is encrypted on the wire but traffic inside the switch is not. This allows the switch to apply all network policies such as QoS, deep packet inspection, and sFlow to each packet without compromising the security of packets on the wire.Hop-by-hop encryption enables MACsec to secure communications while maintaining network intelligence. In addition, Ethernet-based WAN networks can use MACsec to provide link security over long-haul connections. MACsec is transparent to Layer 3 and higher-layer protocols and is not limited to IP traffic—it works with any type of wired or wireless traffic carried over Ethernet links.Junos Operating System
The EX3400 switches run the same Junos OS that is used by other Juniper Networks EX Series Ethernet Switches, QFX Series Switches, Juniper Routers, Juniper SRX Firewalls, and the Juniper NFX Series Network Services Platform. By utilizing a common operating system, Juniper delivers a consistent implementation and operation of control plane features across all products. To maintain that consistency, Junos OS adheres to a highly disciplined development process that uses a single source code and employs a highly available modular architecture that prevents isolated failures from bringing an entire system down. These attributes are fundamental to the core value of the software, enabling all Junos OS-powered products to be updated simultaneously with the same software release. All features are fully regression tested, making each new release a true superset of the previous version. Customers can deploy the software with complete confidence that all existing capabilities are maintained and operate in the same way.Converged Environments
The EX3400 switches provide a flexible solution for demanding converged data, voice, and video environments. The EX3400-24P and EX3400-48P support PoE+, delivering up to 30 watts of power per port to support networked devices such as telephones, video cameras, IEEE 802.11ac wireless LAN (WLAN) access points, and videophones. The PoE+ standard provides nearly double the 15.4 watts per port available with the IEEE 802.3af PoE standard.Product Options
Table 2. EX3400 Ethernet Switch Models2 1 power supply 3 2 power supplies * Input power without PoE SKU Total 10/100/1000 BASE-T Ports Uplinks Airflow Power Supply Type PoE+ Power (Budget W) Max. System Power Consumption (W)* Power Supply Rating (W) EX3400-24T 24 10GbE/GbE SFP+/SFP ports 2 40GbE QSFP+ ports Front-to-back AC 0 100 150W EX3400-48T 48 Front-to-back AC 0 120 150W EX3400-48T-AFI 48 Back-to-front AC 0 120 150W EX3400-24P 24 PoE+ Front-to-back AC 370W2/720W3 110 600W EX3400-48P 48 PoE+ Front-to-back AC 740W2/1440W3 120 920W EX3400-24T-DC 24 Front-to-back DC 0 100 150W EX3400-48T-DC 48 Front-to-back DC 0 120 150W High Availability
The EX3400 line of Ethernet switches is designed to support many of the same failover capabilities and high availability (HA) functionality as other Juniper EX access switches with Virtual Chassis technology. Each EX3400 switch is capable of functioning as a Routing Engine (RE) when deployed in a Virtual Chassis configuration. When two or more EX3400 switches are interconnected in a Virtual Chassis configuration, all member switches share a single control plane. Junos OS automatically initiates an election process to assign a primary (active) and backup (hot-standby) Routing Engine. An integrated Layer 2 and Layer 3 graceful Routing Engine switchover (GRES) feature maintains uninterrupted access to applications, services, and IP communications in the unlikely event of a primary Routing Engine failure. When more than two switches are interconnected in a Virtual Chassis configuration, the remaining switch elements act as line cards and are available to take on the backup Routing Engine position should the designated primary fail. Primary, backup, and line card priority status can be assigned by the network operations team to dictate the order of ascension. This N+1 Routing Engine redundancy—coupled with GRES, the nonstop routing (NSR), and, in the future, the nonstop bridging (NSB) capabilities of Junos OS—ensures a smooth transfer of control plane functions following unexpected failures. The EX3400 also supports the following HA features:- Redundant trunk group—To avoid the complexities of Spanning Tree Protocol (STP) without sacrificing network resiliency, the EX3400 employs redundant trunk groups to provide the necessary port redundancy and simplify switch configuration.
- Cross-member link aggregation—Cross-member link aggregation allows redundant link aggregation connections between devices in a single Virtual Chassis configuration, providing an additional level of reliability and availability.
- Nonstop bridging (NSB) and nonstop active routing (NSR)—NSB and NSR on the EX3400 switch ensure control plane protocols, states, and tables are synchronized between primary and backup REs to prevent protocol flaps or convergence issues following a Routing Engine failover.
- Nonstop software upgrade (NSSU)—With NSSU, all members of an EX3400 Virtual Chassis configuration can be upgraded with a single command. Mission-critical traffic can be configured as a link aggregate across multiple Virtual Chassis switch members, ensuring minimal disruption during the upgrade process.
Flex Licensing
Juniper Flex licensing offers a common, simple, and flexible licensing model for EX Series access switches, enabling customers to purchase features based on their network and business needs. Flex licensing is offered in Standard, Advanced, and Premium tiers. Standard tier features are available with the Junos OS image that ships with EX Series switches. Additional features can be unlocked with the purchase of a Flex Advanced or Flex Premium license. The Flex Advanced and Premium licenses for the EX Series platforms are class based, determined by the number of access ports on the switch. Class 1 (C1) switches have 12 ports, Class 2 (C2) switches have 24 Ports, and Class 3 (C3) switches have 32 or 48 Ports.The EX3400 switches support both subscription and perpetual Flex licenses. Subscription licenses are offered for three- and five-year terms. In addition to Junos features, the Flex Advanced and Premium subscription licenses include Juniper Mist Wired Assurance. Flex Advanced and Premium subscription licenses also allow portability across the same tier and class of switches, ensuring investment protection for the customer. For a complete list of features supported by the Flex Standard, Advanced, and Premium tiers, or to learn more about Junos EX Series licenses, please visit https://www.juniper.net/documentation/us/en/software/license/licensing/topics/concept/flex-licenses-for-ex.html.Enhanced Limited Lifetime Warranty
The EX3400 includes an enhanced limited lifetime hardware warranty that provides return-to-factory switch replacement for as long as the original purchaser owns the product. The warranty includes lifetime software updates, advanced shipping of spares within one business day, and 24x7 Juniper Networks Technical Assistance Center (JTAC) support for 90 days after the purchase date. Power supplies and fan trays are covered for a period of five years. For complete details, please visit https://support.juniper.net/support/
Physical Specifications
Dimensions (W x H x D)
- Base unit: 17.36 x 1.72 x 13.78 in (44.1 x 4.37 x 35 cm)
- With power supply installed: 17.36 x 1.72 x 15.05 in (44.1 x 4.37 x 38.24 cm)
- With power supply and front module installed: 17.36 x 1.72 x 15.19 in (44.1 x 4.37 x 38.58 cm)
Backplane
- 160 Gbps (with QSFP+ ports) or 80 Gbps (with SFP+ ports) Virtual Chassis interconnect to link up to 10 switches as a single logical device
Uplink
- Fixed 4-port uplinks can be individually configured as GbE (SFP) or 10GbE (SFP+) ports; 2 x 40G QSFP+ ports.
System Weight
- EX3400 switch (no power supply or fan module): 10.49 lb (4.76 kg) maximum
- EX3400 switch (with single power supply and two fan modules): 12.65 lb (5.74 kg) maximum
- 150 W AC power supply: 1.43 lb (0.65 kg)
- 600 W AC power supply: 1.82 lb (0.83 kg)
- 920 W AC power supply: 1.87 lb (0.85 kg)
- 150 W DC power supply: 1.43 lb (0.65 kg)
- Fan module: 0.16 lb (0.07 kg)
Environmental Ranges
- Operating temperature: 32° to 113° F (0° to 45° C)
- Storage temperature: -40° to 158° F (-40° to 70° C)
- Operating altitude: up to 10,000 ft (3048 m)
- Nonoperating altitude: up to 16,000 ft (4877 m)
- Relative humidity operating: 10% to 85% (noncondensing)
- Relative humidity nonoperating: 0% to 95% (noncondensing)
Hardware Specifications
Switching Engine Model
- Store and forward
DRAM
- 2 GB with ECC
Flash
- 2 GB
CPU
- Dual Core 1 GHz
GbE Port Density per System
- EX3400-24T/EX3400-24P/EX3400-24T-DC: 30 (24 host ports + four 1/10 GbE and two 40GbE uplink ports)
- EX3400-48T/EX3400-48T-AFI/EX3400-48P/EX3400-48T-DC: 54 (48 host ports + four 1/10 GbE and two 40GbE uplink ports)
Physical Layer
- Cable diagnostics for detecting cable breaks and shorts
- Auto medium-dependent interface/medium-dependent interface crossover (MDI/MDIX) support
- Port speed downshift/setting maximum advertised speed on 10/100/1000BASE-T ports
- Digital optical monitoring for optical ports
Packet-Switching Capacities (Maximum with 64-Byte Packets)
- EX3400-24T, EX3400-24P, EX3400-24T-DC: 144 Gbps (unidirectional)/288 Gbps (bidirectional)
- EX3400-48T, EX3400-48T-AFI, EX3400-48P, EX3400-48T-DC: 168 Gbps (unidirectional)/336 Gbps (bidirectional)
Software Specifications
Layer 2/Layer 3 Throughput (Mpps) (Maximum with 64 Byte Packets)
- 24P/24T/24T-DC: 214 Mpps
- 48P/48T/48T-BF/48T-DC: 250 Mpps
Layer 2 Features
- Maximum MAC addresses per system: 32,000
- Jumbo frames: 9216 bytes
- Number of VLANs supported: 4,096
- Range of possible VLAN IDs: 1-4094
- Port-based VLAN
- MAC-based VLAN
- Voice VLAN
- Layer 2 Protocol Tunneling (L2PT)
- Compatible with Per-VLAN Spanning Tree Plus (PVST+)
- RVI (routed VLAN interface)
- Persistent MAC (sticky MAC)
- RSTP and VSTP running concurrently
- IEEE 802.1AB: Link Layer Discovery Protocol (LLDP)
- LLDP-MED with VoIP integration
- IEEE 802.1ae Media Access Control Security (MACsec)
- IEEE 802.1ak Multiple VLAN Registration Protocol (MVRP)
- IEEE 802.1br: Bridge Port Extension
- IEEE 802.1D: Spanning Tree Protocol
- IEEE 802.1p: CoS prioritization
- IEEE 802.1Q-in-Q: VLAN stacking
- IEEE 802.1Q: VLAN tagging
- IEEE 802.1s: Multiple Spanning Tree Protocol (MSTP)
- Number of MST instances supported: 64
- Number of VSTP instances supported: 510
- IEEE 802.1w: Rapid Spanning Tree Protocol (RSTP)
- IEEE 802.1X: Port access control
- IEEE 802.3: 10BASE-T
- IEEE 802.3ab: 1000BASE-T
- IEEE 802.3ad: Link Aggregation Control Protocol (LACP)
- IEEE 802.1ad Q-in-Q tunneling
- IEEE 802.3ae: 10-Gigabit Ethernet
- IEEE 802.3af: PoE
- IEEE 802.3at: PoE+
- IEEE 802.3u: 100BASE-T
- IEEE 802.3z: 1000BASE-X
- IEEE 802.3x: Pause Frames/Flow Control
- Layer 3 VLAN-tagged subinterface
- PVLAN support
- Multicast VLAN routing
- Adding/removing single tag
- Filter-based SVLAN tagging
- Flexible CoS (outer .1P marking)
Layer 3 Features: IPv4
- Maximum number of ARP entries: 16,000
- Maximum number of IPv4 unicast routes in hardware: 14,000 prefixes; 36,000 host routes
- Maximum number of IPv4 multicast routes in hardware: 18,000 groups; 4,000 multicast routes
- Routing Protocols: RIP v1/v2, OSPF v2
- Static routing
- Layer 3 redundancy: VRRP
- IP directed broadcast—traffic forwarding
- Virtual router (VRF-Lite) supporting RIP, OSPF
- Routing policy
- Filter-based forwarding (FBF)
- Unicast reverse-path forwarding
Layer 3 Features: IPv6
- Maximum number of Neighbor Discovery entries: 8,000
- Maximum number of IPv6 unicast routes in hardware: 3,500 prefixes; 18,000 host routes
- Maximum number of IPv6 multicast routes in hardware: 9,000 groups; 2,000 multicast routes
- Neighbor discovery, system logging, Telnet, SSH, Junos Web, SNMP, Network Time Protocol (NTP), Domain Name System (DNS)
- Routing protocols: RIPng, OSPF v3
- Static routing
- IPv6 ACL (PACL, VACL, RACL)
- IPv6 CoS (BA, MF classification and rewrite, scheduling based on TC)
- MLDv1/v2 snooping
- IPv6 ping, traceroute
- IPv6 stateless auto-configuration
- IPv6 Layer 3 forwarding in hardware
- IPv6 Layer 3 redundancy: VRRP v6
- Virtual Router support for IPv6 unicast
- PIM for IPv6 multicast
Access Control Lists (ACLs) (Junos OS Firewall Filters)
- Port-based ACL (PACL)—ingress and egress
- VLAN-based ACL (VACL)—ingress and egress
- Router-based ACL (RACL)—ingress and egress
- ACL entries (ACE) in hardware per system: 1500
- ACL counter for denied packets
- ACL counter for permitted packets
- Ability to add/remove/change ACL entries in middle of list (ACL editing)
- L2-L4 ACL
- Trusted Network Connect (TNC) certified
- Static MAC authentication
- MAC-RADIUS
- Control plane denial-of-service (DoS) protection
- Firewall filter on me0 interface (control plane protection)
- Captive portal—Layer 2 interfaces
- Fallback authentication
- Media Access Control Security (MACsec)
Access Security
- MAC limiting
- Allowed MAC addresses, configurable per port
- Dynamic ARP inspection (DAI)
- Proxy ARP
- Static ARP support
- DHCP snooping
- 802.1X port-based
- 802.1X multiple supplicants
- 802.1X with VLAN assignment
- 802.1X with authentication bypass access (based on host MAC address)
- 802.1X with VoIP VLAN support
- 802.1X dynamic access control list (ACL) based on RADIUS attributes
- 802.1X supported EAP types: MD5, Transport Layer Security (TLS), Tunneled Transport Layer Security (TTLS), Protected Extensible Authentication
- Protocol (PEAP)
- IPv6 RA Guard
- IPv6 Neighbor Discovery Inspection
- Media Access Control security (MACsec)
High Availability
- Link aggregation:
- 802.3ad (LACP) support
- Number of link aggregation groups (LAGs) supported: 128
- Maximum number of ports per LAG: 16
- Tagged ports support in LAG
- Graceful Route Engine switchover (GRES) for IGMP v1/v2/v3 snooping
- Nonstop routing (OSPF v1/v2/v3, RIP/RIPng, PIM)
- Nonstop software upgrade (NSSU)
Quality of Service (QoS)
- Layer 2 QoS
- Layer 3 QoS
- Ingress policing: two-rate three-color
- Hardware queues per port: 12 (8 unicast, 4 multicast)
- Scheduling methods (egress): Strict Priority (SP), SDWRR
- 802.1p, DiffServ code point (DSCP/IP) precedence trust and marking
- L2-L4 classification criteria, including Interface, MAC address, EtherType, 802.1p, VLAN, IP address, DSCP/IP precedence, and TCP/UDP port numbers
- Congestion avoidance capabilities: Tail drop
Multicast
- IGMP snooping entries: 1000
- IGMP snooping
- IGMP v1/v2/v3
- PIM SM, PIM SSM, PIM DM
- VRF-Lite support for PIM and IBMP
- MLD v1/v2 snooping
- IGMP filter
- Multicast Source Discovery Protocol (MSDP)
- PIM for IPv6 multicast
Management and Analytics Platforms
- Juniper Mist Wired Assurance for Campus
- Junos Space® Network Director for Campus
- Junos Space® Management
Device Management and Operations
- Junos OS CLI
- Junos Web interface (J-Web)
- Out-of-band management: Serial, 10/100BASE-T Ethernet
- ASCII configuration
- Rescue configuration
- Configuration rollback
- Image rollback
- Real-time performance monitoring (RPM)
- SNMP: v1, v2c, v3
- Remote monitoring (RMON) (RFC 2819) Groups 1, 2, 3, 9
- Network Time Protocol (NTP)
- DHCP server
- DHCP client and DHCP proxy
- DHCP relay and helper
- VR-aware DHCP
- RADIUS authentication
- TACACS+ authentication
- SSHv2
- Secure copy
- HTTP/HTTPs
- DNS resolver
- System logging
- Temperature sensor
- Configuration backup via FTP/secure copy
- sFlow
- Interface range
- Port profile associations
- Uplink failure detection
- Zero Touch Provisioning using DHCP
Supported RFCs
- RFC 768 UDP
- RFC 783 Trivial File Transfer Protocol (TFTP)
- RFC 791 IP
- RFC 792 Internet Control Message Protocol (ICMP)
- RFC 793 TCP
- RFC 826 Address Resolution Protocol (ARP)
- RFC 854 Telnet client and server
- RFC 894 IP over Ethernet
- RFC 903 Reverse ARP (RARP)
- RFC 906 Bootstrap Loading using TFTP
- RFC 951, 1542 BootP
- LLDP-MED, ANSI/TIA-1057, draft 08
- RFC 1027 Proxy ARP
- RFC 1058 RIP v1
- RFC 1122 Host requirements
- RFC 1256 IPv4 ICMP Router Discovery (IRDP)
- RFC 1492 TACACS+
- RFC 1519 Classless Interdomain Routing (CIDR)
- RFC 1591 Domain Name System (DNS)
- RFC 1812 Requirements for IP Version 4 routers
- RFC 2030 Simple Network Time Protocol (SNTP)
- RFC 2068 HTTP/1.1
- RFC 2131 BootP/DHCP relay agent and DHCP server
- RFC 2138 RADIUS Authentication
- RFC 2139 RADIUS Accounting
- RFC 2267 Network Ingress Filtering
- RFC 2328 OSPF v2
- RFC 2453 RIP v2
- RFC 2474 DiffServ Precedence, including 8 queues/port
- RFC 2597 DiffServ Assured Forwarding (AF)
- RFC 2598 DiffServ Expedited Forwarding (EF)
- RFC 2710 Multicast Listener Discovery Version (MLD) for IPv6
- RFC 2925 Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations
- RFC 3569 PIM SSM
- RFC 3579 RADIUS Extensible Authentication Protocol (EAP) support for 802.1X
- RFC 3618 Multicast Source Discovery Protocol (MSDP)
- RFC 3768 VRRP
- RFC 3973 PIM DM
- RFC 4601 PIM SM
- RFC 5176 Dynamic Authorization Extensions to RADIUS
Supported MIBs
- RFC 1155 Structure of Management Information (SMI)
- RFC 1157 SNMPv1
- RFC 1212, RFC 1213, RFC 1215 MIB-II, Ethernet-like MIB, and Traps
- RFC 1493 Bridge MIB
- RFC 1643 Ethernet MIB
- RFC 1724 RIPv2 MIB
- RFC 1905 RFC 1907 SNMP v2c, SMIv2, and Revised MIB-II
- RFC 1981 Path MTU Discovery for IPv6
- RFC 2011 SNMPv2 Management Information Base for the IP using SMIv2
- RFC 2012 SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2
- RFC 2013 SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2
- RFC 2096 IPv4 Forwarding Table MIB
- RFC 2287 System Application Packages MIB
- RFC 2328 OSPF v2
- RFC 2460 IPv6 Specification
- RFC 2464 Transmission of IPv6 Packets over Ethernet Networks
- RFC 2570-2575 SNMPv3, user-based security, encryption, and authentication
- RFC 2576 Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework
- RFC 2578 SNMP Structure of Management Information MIB
- RFC 2579 SNMP textual conventions for SMIv2
- RFC 2665 Definitions of Managed Objects for the Ethernet-like Interface Types
- RFC 2819 RMON MIB
- RFC 2863 Interface Group MIB
- RFC 2863 The Interfaces Group MIB
- RFC 2922 LLDP MIB
- RFC 2925 Definitions of Managed Objects for Remote Ping/Traceroute, and Lookup Operations
- RFC 3413 SNMP application MIB
- RFC 3414 User-based Security Model for SNMPv3
- RFC 3415 View-based access control model (VACM) for SNMP
- RFC 3484 Default Address Selection for IPv6
- RFC 3621 PoE-MIB (PoE switches only)
- RFC 3810 Multicast Listener Discovery Version 2 (MLDv2) for IPv6
- RFC 4188 STP and Extensions MIB
- RFC 4213 Basic Transition Mechanisms for IPv6 Hosts and Routers
- RFC 4291 IPv6 Addressing Architecture
- RFC 4363 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and VLAN Extensions
- RFC 4443 ICMPv6 for the IPv6 Specification
- RFC 4861 Neighbor Discovery for IPv6
- RFC 4862 IPv6 Stateless Address Autoconfiguration
- RFC 5643 OSPF v3 MIB Support
- IEEE 802.1ad Q-in-Q
- Draft – blumenthal – aes – usm - 08
- Draft – reeder - snmpv3 – usm - 3desede -00
Troubleshooting
- Debugging: CLI via console, telnet, or SSH
- Diagnostics: Show and debug command statistics
- Traffic mirroring (port)
- Traffic mirroring (VLAN)
- Filter-based mirroring
- Mirroring destination ports per system: 4
- LAG port monitoring
- Multiple destination ports monitored to 1 mirror (N:1)
- Maximum number of mirroring sessions: 4
- Mirroring to remote destination (over L2): 1 destination VLAN
- Encapsulated Remote Switched Port Analyzer (ERSPAN)
- IP tools: Extended ping and trace
- Juniper Networks commit and rollback
Safety Certifications
- UL-UL60950-1 (Second Edition)
- C-UL to CAN/CSA 22.2 No.60950-1 (Second Edition)
- TUV/GS to EN 60950-1 (Second Edition), Amendment
- A1-A4, A11
- CB-IEC60950-1, (Second Edition with all country deviations)
- EN 60825-1 (Second Edition)
Electromagnetic Compatibility Certifications
- FCC 47CFR Part 15 Class A
- EN 55022 Class A
- ICES-003 Class A
- VCCI Class A
- AS/NZS CISPR 22 Class A
- CISPR 22 Class A
- EN 55024
- EN 300386
- CE
Telecom Quality Management
- TL9000
Environmental
- Reduction of Hazardous Substances (ROHS) 6
Telco
- CLEI code
Noise Specifications
- Noise measurements are based on operational tests taken from bystander position (front) and performed at 23° C in compliance with ISO 7779.
Table 3: Noise Test ResultsModel Acoustic Noise in DBA EX3400-24T 36 EX3400-24P 37 EX3400-24T-DC 36 EX3400-48T/EX3400-48T-DC 35 EX3400-48T-AFI 39 EX3400-48P 46 Warranty
- Limited lifetime switch hardware warranty
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.Ordering Information
Product Number Description Switches EX3400-24T EX3400 24-port 10/100/1000BASE-T with 4 SFP+ and 2 QSFP+ uplink ports (optics not included) EX3400-24P EX3400 24-port 10/100/1000BASE-T (24 PoE+ ports) with 4 SFP+ and 2 QSFP+ uplink ports (optics not included) EX3400-24T-DC EX3400 24-port 10/100/1000BASE-T with 4 SFP+ and 2 QSFP+ uplink ports (optics not included) and DC power supply EX3400-48T EX3400 48-port 10/100/1000BASE-T, 4 x 1/10GbE SFP/SFP+, 2 x 40GbE QSFP+, redundant fans, front-to-back airflow, 1 AC PSU JPSU-150-AC-AFO included (optics sold separately) EX3400-48T-AFI EX3400 48-port 10/100/1000BASE-T, 4 x 1/10GbE SFP/SFP+, 2 x 40GbE QSFP+, redundant fans, back-to-front airflow, 1 AC PSU JPSU-150-AC-AFI included (optics sold separately) EX3400-48P EX3400 48-port 10/100/1000BASE-T (48 PoE+ ports) with 4 SFP+ and 2 QSFP+ uplink ports (optics not included) EX3400-48T-DC EX3400 48-port 10/100/1000BASE-T with 4 SFP+ and 2 QSFP+ uplink ports (optics not included) and DC power supply EX3400-24T-TAA EX3400 TAA 24-port 10/100/1000BASE-T, 4 x 1/10GbE SFP/SFP+, 2 x 40GbE QSFP+, redundant fans, front-to-back airflow, 1 AC PSU JPSU-150-AC-AFO included (optics sold separately) EX3400-24P-TAA EX3400 TAA 24-port 10/100/1000BASE-T PoE+, 4 x 1/10GbE SFP/SFP+, 2 x 40GbE QSFP+, redundant fans, front-to-back airflow, 1 AC PSU JPSU-600-AC-AFO included (optics sold separately) EX3400-48T-TAA EX3400 TAA 48-port 10/100/1000BASE-T, 4 x 1/10GbE SFP/SFP+, 2 x 40GbE QSFP+, redundant fans, front-to-back airflow, 1 AC PSU JPSU-150-AC-AFO included (optics sold separately) EX3400-48P-TAA EX3400 TAA 48-port 10/100/1000BASE-T PoE+, 4 x 1/10GbE SFP/SFP+, 2 x 40GbE QSFP+, redundant fans, front-to-back airflow, 1 AC PSU JPSU-920-AC-AFO included (optics sold separately) Accessories EX-4PST-RMK Adjustable 4-post rack-mount kit for EX2200, EX3200, EX3400, and EX4200 EX-RMK Rack-mount kit for EX2200, EX3200, EX3400, and EX4200 EX-WMK EX4200, EX3200, EX3400, and EX2200 wall-mount kit with baffle CBL-EX-PWR-C13-AU AC power cable, Australia (10 A/250V, 2.5m) CBL-EX-PWR-C13-C14 AC power cable, patch cord (10 A/250V, 2.5 m) for EU only CBL-EX-PWR-C13-CH AC power cable, China (10 A/250V, 2.5m) CBL-EX-PWR-C13-EU AC power cable, Europe (10 A/250V, 2.5m) CBL-EX-PWR-C13-IT AC power cable, Italy (10 A/250V, 2.5m) CBL-EX-PWR-C13-JP AC power cable, Japan (12 A/125V, 2.5m) CBL-EX-PWR-C13-KR AC power cable, Korea (10 A/250V, 2.5m) CBL-EX-PWR-C13-SZ AC power cable, Switzerland (10 A/250V, 2.5m) CBL-EX-PWR-C13-UK AC power cable, UK (10 A/250V, 2.5m) CBL-EX-PWR-C13-US AC power cable, U.S. (13 A/125V, 2.5m)—not to be used with EX3400-48P SKUs CBL-PWR-C13-US-48P AC power cable, US/Canada (15A/125V, 2.5m)–for EX3400-48P only Subscription Licenses S-EX-A-C2-3 Software, EX Series Advanced license, Class 2 (24 ports), includes Wired Assurance subscription for EX Series 24-port switches, 3 year S-EX-A-C2-5 Software, EX Series Advanced license, Class 2 (24 ports), includes Wired Assurance subscription for EX Series 24-port switches, 5 year S-EX-P-C2-3 Software, EX Series Premium license, Class 2 (24 ports), includes Wired Assurance subscription for EX Series 24-port switches, 3 year S-EX-P-C2-5 Software, EX Series Premium license, Class 2 (24 ports), includes Wired Assurance subscription for EX Series 24-port switches, 5 year S-EX-A-C3-3 Software, EX Series Advanced license, Class 3 (32 or 48 ports), includes Wired Assurance subscription for EX Series 48-port switches, 3 year S-EX-A-C3-5 Software, EX Series Advanced license, Class 3 (32 or 48 ports), includes Wired Assurance subscription for EX Series 48-port switches, 5 year S-EX-P-C3-3 Software, EX Series Premium license, Class 3 (32 or 48 ports), includes Wired Assurance subscription for EX Series 48-port switches, 3 year S-EX-P-C3-5 Software, EX Series Premium license, Class 3 (32 or 48 ports), includes Wired Assurance subscription for EX Series 48-port switches, 5 year S-EX-A-C2-3-COR Software, EX Series Advanced license, Class 2 (24 ports), includes Wired Assurance subscription for EX Series 24-port switches, 3 year with SVC CORE support, 3 year S-EX-A-C2-5-COR Software, EX Series Advanced license, Class 2 (24 ports), includes Wired Assurance subscription for EX Series 24-port switches with SVC CORE support, 5 YEAR S-EX-P-C2-3-COR Software, EX Series Premium license, Class 2 (24 ports), includes Wired Assurance subscription for EX Series 24-port switches with SVC CORE support, 3 YEAR S-EX-P-C2-5-COR Software, EX Series Premium license, Class 2 (24 ports), includes Wired Assurance subscription for EX Series 24-port switches with SVC CORE support, 5 YEAR S-EX-A-C3-3-COR Software, EX Series Advanced license, Class 3 (32 or 48 ports), includes Wired Assurance subscription for EX Series 48-port switches, 3 year with SVC CORE support, 3 YEAR S-EX-A-C3-5-COR Software, EX Series Advanced license, Class 3 (32 or 48 ports), includes Wired Assurance subscription for EX Series 48-port switches, 3 year with SVC CORE support, 5 YEAR S-EX-P-C3-3-COR Software, EX Series Premium license, Class 3 (32 or 48 ports), includes Wired Assurance subscription for EX Series 48-port switches, 3 year with SVC CORE support, 3 YEAR S-EX-P-C3-5-COR Software, EX Series Premium license, Class 3 (32 or 48 ports), includes Wired Assurance subscription for EX Series 48-port switches, 3 year with SVC CORE support, 5 YEAR Perpetual Licenses S-EX-A-C2-P Software, EX Series Advanced license, Class 2 (24 ports), Perpetual license for EX3400 24-port switches S-EX-P-C2-P Software, EX Series Premium license, Class 2 (24 ports), Perpetual license for EX3400 24-port switches S-EX-A-C3-P Software, EX Series Advanced license, Class 3 (32 or 48 ports), Perpetual license for EX3400 48-port switches S-EX-P-C3-P Software, EX Series Premium license, Class 3 (32 or 48 ports), Perpetual license for EX3400 48-port switches EX-24-EFL Enhanced feature license for EX3400 24-port switches EX-48-EFL Enhanced feature license for EX3400 48-port switches EX-24-AFL Advanced feature license for EX3400-24T, and EX3400-24P switches EX-48-AFL Advanced feature license -
Product Overview
The Juniper Networks EX2300 Ethernet Switch offers an economical, entry-level, standalone solution for access-layer deployments in branch and remote offices, as well as enterprise campus networks. Both 1 Gbps and 2.5 Gbps access port options are available to provide higher-speed options, especially when connecting to 802.11ac Wave 2 access points. For small networks, up to four EX2300 switches can be interconnected in a Virtual Chassis configuration, allowing them to be managed as a single switch. The EX2300 is onboarded, provisioned, and managed in the Juniper Mist Cloud Architecture. Mist Wired Assurance delivers better experiences for connected devices through AI-powered automation and service levels.
Product Description
The Juniper Networks® EX2300 line of Ethernet switches offers a compact, high-performance solution for supporting today’s converged network access deployments. Each EX2300 switch includes an ASIC-based Packet Forwarding Engine (PFE) with an integrated CPU to consistently deliver wire-rate forwarding, even with all control plane features enabled. Based on existing, field-proven Juniper Networks technology, the PFE brings the same level of carrier-class performance and reliability to the EX2300 switches that Juniper Networks routers bring to the world’s largest service provider networks. Select EX2300 models also support the 802.3af Class 3 Power over Ethernet (PoE) and 802.3at PoE+ standards for supporting networked devices such as telephones, video cameras, IEEE 802.11ac WLAN access points, and videophones in converged networks. The PoE-enabled EX2300 switches include a maximum system budget of 750 watts to deliver up to 30 watts to select ports. Multiple EX2300 models are available, including versions offering multigigabit (up to 2.5 Gbps) PoE+ access ports that can accommodate higher-speed IEEE 802.11ac Wave 2 access points, enabling the switches to support more wireless users. The EX2300 fixed-configuration Ethernet switches provide exceptional value to enterprise customers by supporting the following key technologies:- Virtual Chassis technology enables up to four interconnected EX2300 switches to form a single logical device.
- Flexible 1GbE SFP/10GbE SFP+ uplinks provide high-speed connectivity to aggregation layer switches or other upstream devices.
- Up to 48 10/100/1000BASE-T ports are available with or without PoE/PoE+.
- Models offering 24 and 48 multigigabit ports support 1GbE/2.5GbE on 8 and 16 ports, respectively
- Energy Efficient Ethernet (EEE) support is provided on 1GbE ports.
- Complete Layer 2 and basic Layer 3 switching capabilities are available.
- Simplified onboarding and management with Juniper Mist Wired Assurance.
- PoE-enabled EX2300 switches can simultaneously deliver up to 15.4 watts of standards-based 802.3af Class 3 PoE to a maximum of 48 ports or 30 watts of standards-based 802.3at PoE+ to a maximum of 24 ports, based on a total system budget of 750 watts.
- Uplink ports can be configured as Virtual Chassis interfaces and connected via standard 10GbE optics interfaces (optional Virtual Chassis license required).
- Fixed power supply and uplink ports ensure operational simplicity.
- Low power consumption, low acoustic fans, and a small 10-inch deep footprint enable flexible, environmentally friendly deployment.
- Support for L2 protocols as well as L3 protocols like RIP and static routing are included in the base license.
- Support is available for IPv6 management, including neighbor discovery, telnet, SSH, DNS, system log, and NTP.
- A single release train for Juniper Networks Junos operating system is supported to ensure a consistent control plane feature implementation.
- Modular Junos OS prevents a switch reboot if a single protocol feature fails.
- Built-in Web interface (Juniper Networks J-Web Software) is provided.
- RJ-45 serial console port is available.
- USB mini console port is included on 1GbE access switch models.
- Out-of-band Ethernet management port is provided.
- Reduction of Hazardous Waste (RoHS) is certified.
Architecture and Key Components
The EX2300 occupies a single rack unit, delivering a compact solution for crowded wiring closets and access locations where space and power are at a premium. The EX2300 switch’s 10-inch/12-inch depth and low acoustics also make it ideal for open office deployments. For silent operation requirements, please see the EX2300-C, a c ompact, fanless version of the EX2300. Each EX2300 switch supports four fixed front-panel 1GbE/10GbE uplink ports (six 1/10GbE uplink ports on the 48-port multigigabit model) with pluggable optics (purchased separately) for high-speed backbone or link aggregation connections between wiring closets and upstream aggregation switches. The 1GbE EX2300 access switch models also feature a front-panel mode button that offers a simple interface for bringing devices up and selecting LED modes. A dedicated rear panel RJ-45 Ethernet port is available for outof-band management, while a rear panel USB port can be used to easily upload the Junos OS and configuration files.Cloud Management with Juniper Mist Wired Assurance
Juniper Mist Wired Assurance, a cloud-based service driven by Mist AI to claim, configure, manage, and troubleshoot the EX2300, delivers AI-powered automation and service levels to ensure a better experience for connected devices. Wired Assurance leverages rich Junos switch telemetry data to simplify operations, reduce mean time to repair, and improve visibility. Wired Assurance offers the following features:- Day 0 operations—Onboard switches seamlessly by claiming a greenfield switch or adopting a brownfield switch with a single activation code for true plug-and-play simplicity.
- Day 1 operations—Implement a template-based configuration model for bulk rollouts of traditional and campus fabric deployments, while retaining the flexibility and control required to apply custom site- or switch-specific attributes. Automate provisioning of ports via Dynamic Port Profiles.
- Day 2 operations—Leverage the AI in Juniper Mist Wired Assurance to meet service-level expectations such as throughput, successful connects, and switch health with key pre- and post-connection metrics (see Figure 1). Add the self-driving capabilities in Marvis Actions to detect loops, add missing VLANs, fix misconfigured ports, identify bad cables, isolate flapping ports, and discover persistently failing clients (see Figure 2). And perform software upgrades easily through Juniper Mist cloud.
Figure 1: Juniper Mist Wired Assurance service-level expectationsFigure 2: Marvis Actions for wired switchesThe addition of Marvis, a complementary Virtual Network Assistant driven by Mist AI, lets you start building a self-driving network that simplifies network operations and streamlines troubleshooting via automatic fixes for EX Series switches or recommended actions for external systems. For more information see Juniper Mist Wired Assurance.Virtual Chassis Technology
The EX2300 supports Juniper’s unique Virtual Chassis technology, enabling up to four interconnected EX2300 switches to be managed as a single logical device, delivering a scalable, pay-as-you-grow solution for expanding network environments. While EX2300 switches can be interconnected over any of the front-panel uplink ports using standard 10GbE SFP+ transceivers (sold separately), these ports can also be configured as 1GbE/10GbE uplinks to aggregation devices by disabling the Virtual Chassis technology. When deployed in a Virtual Chassis configuration, the EX2300 switches elect a primary and a backup switch based on a set of preconfigured policies or criteria. The primary switch automatically creates and updates the switching and optional routing tables on all other Virtual Chassis switch members. Switches can be added to or removed from the Virtual Chassis configuration without service disruption. EX2300 Virtual Chassis configurations operate as highly resilient unified systems, providing simplified management using a single IP address, single telnet session, single command-line interface (CLI), automatic version checking, and automatic configuration. The EX2300 switches are also capable of local switching, so packets coming into a port destined for another port on the same switch do not have to traverse the Virtual Chassis, increasing forwarding capacities.EX2300 Virtual Chassis configurations implement the same slot/module/port numbering schema as other Juniper Networks chassis-based products, providing true chassis-like operations. By using a consistent operating system and a single configuration file, all switches in a Virtual Chassis configuration are treated as a single device, simplifying overall system maintenance and management.Multigigabit Switches
IEEE 802.11ac Wave 2 access points require switch ports capable of handling up to 2.5 Gbps in order to support the growing number of wireless devices and the amount of traffic they produce. To address this need, specific multigigabit EX2300 models now offer 1 Gbps and 2.5 Gbps access ports to support these increased bandwidth requirements over existing Category 5e cabling. These switches run the same Junos image and support all the same software features as other EX2300 models. The EX2300 multigigabit switches can interoperate with other EX Series switches in Virtual Chassis deployments, protecting existing customer investments by enabling them to add multigigabit support to their existing Juniper network deployments. The EX2300 multigigabit switches support PoE+ on all access ports, provided the power demand is within the PoE budget.Table 1: EX2300 multigigabit switchesModel 1 Gbps Ports 1/2.5 Gbps Ports PoE/ PoE+ Uplinks Fans Air Flow EX2300- 24MP 8-23 0-7 All access ports 4 SFP+ 3 Side-side EX2300- 48MP 0-15; 32-47 16-31 All access ports 6 SFP+ 4 Side-side 
Figure 3: EX2300 switches support Virtual Chassis technology, which enables up to four interconnected switches to operate as a single, logical device.Virtual Chassis technology simplifies network management for smaller deployments. Up to four interconnected EX2300 switches can be managed as a single device utilizing a single Junos OS image and a single configuration file, reducing the overall number of units to monitor and manage. When the Junos OS is upgraded on the primary switch in an EX2300 Virtual Chassis configuration, the software is automatically upgraded on all other member switches at the same time. The EX2300 includes port profiles that allow network administrators to automatically configure ports with security, QoS, and other parameters based on the type of device connected to the port. Six preconfigured profiles are available, including default, desktop, desktop plus IP phone, WLAN access point, routed uplink, and Layer 2 uplink. Users can select from the existing profiles or create their own and apply them through the command-line interface (CLI), J-Web Software interface, or management system. In addition, a feature called system snapshot makes a copy of all software files used to run the switch—including the Junos operating system, the active configuration, and the rescue configuration. These files can be used to reboot the switch at the next power-up or as a backup boot option. The Junos OS software can also be preinstalled on a flash drive and used to boot the EX2300 at any time. Another feature, called automatic software download, enables network administrators to easily upgrade the EX2300 using the DHCP message exchange process to download and install software packages. Users simply configure the automatic software download feature on EX2300 switches acting as DHCP clients and establish a path to the server where the software package file is installed. The server then communicates the path to the software package file through DHCP server messages. The ZTP feature allows a DHCP server to push configuration details and software images to multiple switches at boot-up time.Campus Fabric Deployments
Juniper campus fabrics support these validated architectures with the EX2300 switch playing the role of access switch in a Virtual Chassis:- EVPN multihoming (collapsed core or distribution): A collapsed core architecture combines the core and distribution layers into a single switch, turning the traditional three-tier hierarchal network into a two-tier network. This eliminates the need for STP across the campus network by providing multihoming capabilities from the access to the core layer. EVPN multihoming can be deployed and managed using the Juniper Mist cloud.
- Core-Distribution: A pair of interconnected EX Series core or distribution switches provide L2 EVPN and L3 VXLAN gateway support. The EVPN-VXLAN network between the distribution and core layers offers two modes: centrally or edge routed bridging overlay.
Figure 4: Campus fabrics showing Virtual Chassis and EVPN-VXLAN-based architecturesFeatures and Benefits
Managing AI-Driven Campus Fabric with the Juniper Mist Cloud
Juniper Mist Wired Assurance brings cloud management and Mist AI to campus fabric. It sets a new standard moving away from traditional network management towards AI-driven operations, while delivering better experiences to connected devices. The Juniper Mist Cloud streamlines deployment and management of campus fabric architectures by allowing:- Automated deployment and zero touch deployment
- Anomaly detection
- Root cause analysis
Figure 5. EVPN multihoming configuration via the Juniper Mist cloudHigh Availability Features
To avoid the complexities of the Spanning Tree Protocol (STP) without sacrificing network resiliency, the EX2300 employs a redundant trunk group (RTG) to provide the necessary port redundancy and simplify switch configuration. It also supports cross-member link aggregation, which allows redundant link aggregation connections between devices in a single Virtual Chassis configuration, providing an additional level of reliability and availability.Junos Operating System
The EX2300 switches run the same Junos OS that is used by other Juniper Networks EX Series Ethernet Switches, QFX Series Switches, Juniper Routers, Juniper SRX Firewalls, and the Juniper NFX Series Network Services Platform. By utilizing a common operating system, Juniper delivers a consistent implementation and operation of control plane features across all products. To maintain that consistency, the Junos OS adheres to a highly disciplined development process that uses a single source code, and it employs a highly available modular architecture that prevents isolated failures from bringing down an entire system. These attributes are fundamental to the core value of the software, enabling all Junos OS-powered products to be updated simultaneously with the same software release. All features are fully regression-tested, making each new release a true superset of the previous version. Customers can deploy the software with complete confidence that all existing capabilities are maintained and operate in the same way.Converged Environments
The EX2300 provides the highest levels of flexibility and features in its class for the most demanding converged data, voice, and video environments, delivering a reliable platform for unifying enterprise communications. By providing a full 15.4 watts of Class 3 PoE to VoIP telephones, closed-circuit security cameras, wireless access points, and other IP-enabled devices, the EX2300 delivers a future-proofed solution for converging disparate networks onto a single IP infrastructure. The EX2300 PoE switches also support 802.3at standards-based PoE+, delivering 30 watts for powering networked devices such as IEEE 802.11ac wireless access points, and videophones that might require more power than available with IEEE 802.3af. To ease deployment, the EX2300 supports the industrystandard Link Layer Discovery Protocol (LLDP) and LLDPMedia Endpoint Discovery (LLDP-MED) protocol, enabling the switches to automatically discover Ethernet-enabled devices, determine their power requirements, and assign virtual LAN (VLAN) membership. LLDP-MED-based granular PoE management allows the EX2300 to negotiate PoE usage down to a fraction of a watt on powered devices, enabling more efficient PoE utilization across the switch. In addition, the EX2300 supports rich quality-of-service (QoS) functionality for prioritizing data, voice, and video traffic. The switches support eight class-of-service (CoS) queues on every port, enabling them to maintain multilevel, end-to-end traffic prioritizations. The EX2300 also supports a wide range of policy options, including strict priority, low latency, weighted random early detection (WRED), and shaped-deficit weighted roundrobin (SDWRR) queuing.Security
Working as an enforcement point in Access Policy Infrastructure, the EX2300 provides both standards-based 802.1X portlevel access control for multiple devices per port, as well as Layer 2-4 policy enforcement based on user identity, location, device, or a combination of these. A user’s identity, device type, machine posture check, and location can be used to determine whether access should be granted and for how long. If access is granted, the switch provides access to the network based on authorization attributes sent by the authentication server. The switch can also apply security policies, QoS policies, or both, or it can mirror user traffic to a central location for logging, monitoring, or threat detection by intrusion prevention systems. The EX2300 also provides a full complement of integrated port security and threat detection features, including Dynamic Host Configuration Protocol (DHCP) snooping, dynamic ARP inspection (DAI), and media access control (MAC) limiting to defend against internal and external spoofing, and man-in-themiddle and denial of service (DoS) attacks.Flex Licensing
Juniper Flex licensing offers a common, simple, and flexible licensing model for EX Series access switches, enabling customers to purchase features based on their network and business needs. Flex licensing is offered in Standard, Advanced, and Premium tiers. Standard tier features are available with the Junos OS image that ships with EX Series switches. Additional features can be unlocked with the purchase of a Flex Advanced or Flex Premium license.The Flex Advanced and Premium licenses for the EX Series platforms are class based, determined by the number of access ports on the switch. Class 1 (C1) switches have 12 ports, Class 2 (C2) switches have 24 Ports, and Class 3 (C3) switches have 32 or 48 Ports. The EX2300 switches support both subscription and perpetual Flex licenses. Subscription licenses are offered for three- and five-year terms. In addition to Junos features, the Flex Advanced and Premium subscription licenses include Juniper Mist Wired Assurance. Flex Advanced and Premium subscription licenses also allow portability across the same tier and class of switches, ensuring investment protection for the customer. For a complete list of features supported by the Flex Standard, Advanced, and Premium tiers, or to learn more about Junos EX Series licenses, please visit https://www.juniper.net/documentation/us/en/software/license/licensing/topics/concept/flex-licenses-for-ex.htmlEnhanced Limited Lifetime Warranty
The EX2300 includes an enhanced limited lifetime hardware warranty that provides return-to-factory switch replacement for as long as the original purchaser owns the product. The warranty includes lifetime software updates, advanced shipping of spares within one business day, and 24x7 Juniper Networks Technical Assistance Center (JTAC) support for 90 days after the purchase date. Power supplies and fan trays are covered for a period of five years. For complete details, please visit https://support.juniper.net/support/
Physical Specifications
Power Options
Model Max. System Power Consumption (Input Power without PoE) Total PoE Power Budget EX2300-24T 55 W AC 0 EX2300-24P 80 W AC 370 W EX2300-24MP 55 W AC 380 W EX2300-48T 70 W AC 0 EX2300-48P 100 W AC 750 W EX2300-48MP 90 W AC 750 W Dimensions (W x H x D)
- Width:
- 17.4 in (44.19 cm) for desktop installations
- 17.5 in (44.6 cm) with rack-mount brackets
- Height: 1.75 in (4.45 cm) for 1U installations
- Depth:
- EX2300-24T: 10.2 in (25.9 cm)
- EX2300-24P: 12.2 in (30.98 cm)
- EX2300-24MP: 10 in (25.4 cm)
- EX2300-48T: 10.2 in (25.9 cm)
- EX2300-48P: 12.2 in (30.98 cm)
- EX2300-48MP: 14.5 in (36.83 cm)
Backplane
- 80 Gbps Virtual Chassis interconnect to link up to four switches as a single logical device (EX2300-24/48T/P and EX2300-24/48 MP models)
System Weight
- EX2300-24T: 7.25 lb (3.29 kg)
- EX2300-24P: 9.89 lb (4.49 kg)
- EX2300-24MP: 8.82 lb (4 kg)
- EX2300-48T: 8.29 lb (3.76 kg)
- EX2300-48P: 11.07 lb (5.02 kg)
- EX2300-48MP: 14.33 lb (6.5 kg)
Environmental Ranges
- Operating temperature: 32° to 113° F (0° to 45° C)
- Storage temperature: -40° to 158° F (-40° to 70° C)
- Operating altitude: up to 13,000 ft (3962 m) at 40° C according to GR-63
- Non-operating altitude: up to 15,000 ft (4572 m)
- Relative humidity operating: 10% to 85% (noncondensing)
- Relative humidity non-operating: 0% to 95% (noncondensing)
Cooling
- Airflow:
- EX2300-24T: 25 cfm
- EX2300-24P: 23 cfm
- EX2300-48T: 24 cfm
- EX2300-48P: 25 cfm
Hardware Specifications
Switching Engine Model
- Store and forward
DRAM
- 2 GB (EX2300-24/48T/P)
Flash
- 2 GB (EX2300 non-multigigabit models)
- 8 GB (EX2300-24MP, EX2300-48MP)
CPU
- 1.25GHz ARM CPU
GbE Port Density per System
- EX2300-24P/24T/24MP: 28 (24 host ports + four-port SFP/SFP+ uplinks)
- EX2300-48P/48T: 52 (48 host ports + four-port SFP/SFP+ uplinks)
- EX2300-48MP: 54 (48 host ports + six-port SFP/SFP+ uplinks)
Supported Optics
- 10/100/1000BASE-T connector type RJ-45
- GbE SFP optic/connector type: RJ-45, or LC SFP fiber supporting 1000BASE-T SFP, SX (multimode), LX (singlemode), or LH (single-mode)
Physical Layer
- Physical port redundancy: Redundant trunk group (RTG)
- Cable diagnostics for detecting cable breaks and shorts
- Auto MDI/MDIX (medium-dependent interface/mediumdependent interface crossover) support
- Port speed downshift/setting maximum advertised speed on 10/100/1000BASE-T ports
- Digital optical monitoring for optical ports
Packet-Switching Capacities (Maximum with 64-Byte Packets)
- EX2300-24P/24T: 64 Gbps (unidirectional)/128 Gbps (bidirectional)
- EX2300-24MP: 76 Gbps (unidirectional)/ 152 Gbps (bidirectional)
- EX2300-48P/48T: 88 Gbps (unidirectional)/176 Gbps (bidirectional)
- EX2300-48MP: 132 Gbps (unidirectional)/264 Gbps (bidirectional)
Software Specifications
Layer 2/Layer 3 Throughput (Mpps) (Maximum with 64 Byte Packets)
- EX2300-24P/24T/24MP: 95 Mpps (wire speed)
- EX2300-48P/48T/48MP: 130 Mpps (wire speed)
Layer 2 Features
- Maximum MAC addresses in hardware: 16,000
- Jumbo frames: 9216 bytes
- Number of VLANs supported: 4093 (2044 active VLAN)
- Range of possible VLAN IDs: 1-4094
- Port-based VLAN
- MAC-based VLAN
- Voice VLAN
- Layer 2 Protocol Tunneling (L2PT)
- IEEE 802.1ak: Multiple VLAN Registration Protocol (MVRP)
- Compatible with Per-VLAN Spanning Tree Plus (PVST+)
- RVI (Routed VLAN Interface)
- IEEE 802.1AB: Link Layer Discovery Protocol (LLDP)
- LLDP-MED with VoIP integration
- IEEE 802.1ad Q-in-Q tunneling
- IEEE 802.1br: Bridge Port Extension
- IEEE 802.1D: Spanning Tree Protocol
- IEEE 802.1p: CoS Prioritization
- IEEE 802.1Q: VLAN Tagging
- IEEE 802.1Q-in-Q: VLAN Stacking
- IEEE 802.1s: Multiple Spanning Tree Protocol (MSTP)
- Number of MST instances supported: 64
- Number of VSTP instances supported: 253
- IEEE 802.1w: Rapid Spanning Tree Protocol (RSTP)
- IEEE 802.1X: Port Access Control
- IEEE 802.3: 10BASE-T
- IEEE 802.3u: 100BASE-T
- IEEE 802.3ab: 1000BASE-T
- IEEE 802.3z: 1000BASE-X
- IEEE 802.3af: PoE
- IEEE 802.3at: PoE+
- IEEE 802.3ad: Link Aggregation Control Protocol (LACP)
- IEEE 802.3x: Pause Frames/Flow Control
- IEEE 802.3az: Energy Efficient Ethernet
Layer 3 Features: IPv4
- Maximum number of ARP entries: 1,500
- Maximum number of IPv4 unicast routes in hardware: 512 prefixes; 4,096 host routes
- Maximum number of IPv4 multicast routes in hardware: 2,048 groups; 2,048 multicast routes
- Routing Protocols: RIP v1/v2, OSPF v1/v2
- Static routing
- Routing policy
- Bidirectional Forwarding Detection (BFD) with slow timers (> 3 sec)
- IP directed broadcast
Layer 3 Features: IPv6
- Maximum number of Neighbor Discovery (ND) entries: 1,500
- Maximum number of IPv6 unicast routes in hardware: 512 prefixes; 2,048 host routes
- Maximum number of IPv6 multicast routes in hardware: 1,024 groups; 1,024 multicast routes
- Neighbor discovery, system logging, Telnet, SSH, SNMP, Network Time Protocol (NTP), Domain Name System (DNS)
- Static routing
- Routing protocols: RIPng, OSPF v3, Multicast Listener Discovery, Multicast Listener Discovery v2
Access Control Lists (ACLs) (Junos OS Firewall Filters)
- Port-based ACL (PACL)—256 ingress; 256 egress
- VLAN-based ACL (VACL)— 256 ingress; 256 egress
- Router-based ACL (RACL)—256 ingress; 512 egress
- ACL entries (ACE) in hardware per system: 2,000
- ACL counter for denied packets
- ACL counter for permitted packets
- Ability to add/remove/change ACL entries in middle of list (ACL editing)
- L2-L4 ACL
Access Security
- MAC limiting
- Allowed MAC addresses—configurable per port
- Sticky MAC (persistent MAC address learning)
- Dynamic ARP inspection (DAI)
- Proxy ARP
- Static ARP support
- DHCP snooping
- 802.1X port-based
- 802.1X multiple supplicants
- 802.1X with VLAN assignment
- 802.1X with authentication bypass access (based on host MAC address)
- 802.1X with VoIP VLAN support
- 802.1X dynamic ACL based on RADIUS attributes
- 802.1X Supported EAP types: Message Digest 5 (MD5), Transport Layer Security (TLS), Tunneled Transport Layer Security (TTLS), Protected Extensible Authentication Protocol (PEAP)
- IPv6 RA Guard
- IPv6 Neighbor Discovery Inspection
- Captive Portal
- Static MAC authentication
- MAC-RADIUS
- Control plane DoS protection
- Fallback authentication
- Trusted Network Connect (TNC) certified
High Availability
- Link aggregation
- 802.3ad (LACP) support:
- Number of LAGs supported: 128
- Maximum number of ports per LAG: 8
- Tagged ports support in LAG
- Uplink Failure Detection
Quality of Service (QoS)
- Layer 2 QoS
- Layer 3 QoS
- Ingress policing: one-rate two-color; two-rate three-color markers
- Hardware queues per port: 8
- Scheduling methods (egress): Strict Priority (SP), shapeddeficit weighted round-robin (SDWRR)
- 802.1p, DSCP /IP precedence trust and marking
- L2-L4 classification criteria: Interface, MAC address, EtherType, 802.1p, VLAN, IP address, DSCP/IP precedence, TCP/UDP port numbers
- Congestion avoidance capabilities: Tail drop and WRED
Multicast
- IGMP snooping entries: 2,000
- IGMP: v1, v2, v3
- IGMP snooping
- PIM-SM, PIM-SSM, PIM-DM
- MLD snooping
Management and Analytics Platforms
- Juniper Mist Wired Assurance for Campus
- Junos Space® Network Director for Campus
- Junos Space® Management
Device Management and Operations
- Junos OS CLI
- Junos Web interface (J-Web)
- Out-of-band management: Serial, 10/100BASE-T Ethernet
- ASCII configuration
- Rescue configuration
- Configuration rollback
- Image rollback
- Simple Network Management Protocol (SNMP): v1, v2c, v3
- Remote monitoring (RMON) (RFC 2819) Groups 1, 2, 3, 9
- Network Time Protocol (NTP)
- DHCP server
- DHCP client and DHCP proxy
- DHCP relay and helper
- RADIUS authentication
- TACACS+ authentication
- SSHv2
- Secure copy
- HTTP/HTTPs
- DNS resolver
- System log logging
- Temperature sensor
- Configuration backup via FTP/secure copy
- Interface range
Supported RFCs
- RFC 768 UDP
- RFC 783 Trivial File Transfer Protocol (TFTP)
- RFC 791 IP
- RFC 792 Internet Control Message Protocol (ICMP)
- RFC 793 TCP
- RFC 826 ARP
- RFC 854 Telnet client and server
- RFC 894 IP over Ethernet
- RFC 903 Reverse ARP (RARP)
- RFC 906 Bootstrap Loading using TFTP
- RFC 951, 1542 BootP
- RFC 1027 Proxy ARP
- RFC 1058 RIP v1
- RFC 1122 Requirements for Internet Hosts
- RFC 1256 IPv4 ICMP Router Discovery (IRDP)
- RFC 1492 TACACS+
- RFC 1519 Classless Interdomain Routing (CIDR)
- RFC 1591 Domain Name System (DNS)
- RFC 1812 Requirements for IP Version 4 routers
- RFC 2030 Simple Network Time Protocol (SNTP)
- RFC 2068 HTTP/1.1
- RFC 2131 BOOTP/DHCP relay agent and DHCP server
- RFC 2138 RADIUS Authentication
- RFC 2139 RADIUS Accounting
- RFC 2267 Network Ingress Filtering
- RFC 2453 RIP v2
- RFC 2474 DiffServ Precedence, including 8 queues/port
- RFC 2597 DiffServ Assured Forwarding (AF)
- RFC 2598 DiffServ Expedited Forwarding (EF)
- RFC 2710 Multicast Listener Discovery Version (MLD) for IPv6
- RFC 2925 Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations
- RFC 3176 sFlow
- RFC 3579 RADIUS Extensible Authentication Protocol (EAP) support for 802.1X
- RFC 5176 Dynamic Authorization Extensions to RADIUS
- LLDP Media Endpoint Discovery (LLDP-MED), ANSI/TIA1057, draft 08
Supported MIBs
- RFC 1155 Structure of Management Information (SMI)
- RFC 1157 SNMPv1
- RFC 1212, RFC 1213, RFC 1215 MIB-II, Ethernet-like MIB, and TRAPs
- RFC 1493 Bridge MIB
- RFC 1643 Ethernet MIB
- RFC 1724 RIPv2 MIB
- RFC 1905 RFC 1907 SNMP v2c, SMIv2 and Revised MIB-II
- RFC 1981 Path MTU Discovery for IPv6
- RFC 2011 SNMPv2 Management Information Base for the IP using SMIv2
- RFC 2012 SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2
- RFC 2013 SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2
- RFC 2096 IPv4 Forwarding Table MIB
- RFC 2287 System Application Packages MIB
- RFC 2460 IPv6 Specification
- RFC 2464 Transmission of IPv6 Packets over Ethernet Networks
- RFC 2570-2575 SNMPv3, User-based Security, Encryption, and Authentication
- RFC 2576 Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework
- RFC 2578 SNMP Structure of Management Information MIB
- RFC 2579 SNMP Textual Conventions for SMIv2
- RFC 2665 Definitions of Managed Objects for the Ethernet-like Interface Types
- RFC 2819 RMON MIB
- RFC 2863 The Interfaces Group MIB
- RFC 2922 LLDP MIB
- RFC 2925 Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations
- RFC 3413 SNMP Application MIB
- RFC 3414 User-based Security Model for SNMPv3
- RFC 3415 View-based Access Control Model (VACM) for SNMP
- RFC 3484 Default Address Selection for IPv6
- RFC 3621 PoE-MIB (PoE switches only)
- RFC 3810 Multicast Listener Discovery Version 2 (MLDv2) for IPv6
- RFC 4188 STP and Extensions MIB
- RFC 4213 Basic Transition Mechanisms for IPv6 Hosts and Routers
- RFC 4291 IPv6 Addressing Architecture
- RFC 4363 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and VLAN Extensions
- RFC 4443 ICMPv6 for the IPv6 Specification
- RFC 4861 Neighbor Discovery for IPv6
- RFC 4862 IPv6 Stateless Address Autoconfiguration
- Draft – blumenthal – aes – usm - 08
- Draft – reeder - snmpv3 – usm - 3desede -00
Troubleshooting
- Debugging: CLI via console, telnet, or SSH
- Diagnostics: Show and debug command statistics
- Traffic mirroring (port)
- Traffic mirroring (VLAN)
- ACL-based mirroring
- Mirroring destination ports per system: 4
- LAG port monitoring
- Multiple destination ports monitored to 1 mirror (N:1)
- Maximum number of mirroring sessions: 4
- Mirroring to remote destination (over L2): 1 destination VLAN
- Encapsulated Remote Switched Port Analyzer (ERSPAN)
- IP tools: Extended ping and trace
- Juniper Networks commit and rollback
Safety Certifications
- UL-UL60950-1 (Second Edition)
- C-UL to CAN/CSA 22.2 No.60950-1 (Second Edition)
- TUV/GS to EN 60950-1 (Second Edition)
- CB-IEC60950-1 (Second Edition with all country deviations)
- EN 60825-1 (Second Edition)
Electromagnetic Compatibility Certifications
- FCC 47CFR Part 15 Class A
- EN 55022 Class A
- ICES-003 Class A
- VCCI Class A
- AS/NZS CISPR 22 Class A
- CISPR 22 Class A
- EN 55024
- EN 300386
- CE
Telecom Quality Management
- TL9000
Environmental
- Reduction of Hazardous Substances (ROHS) 6
Telco
- CLEI code
Noise Specifications
Noise measurements based on operational tests taken from bystander position (front) and performed at 25° C in compliance with ISO 7779. The PoE load was 370 W (24 ports powered at 15.4W each) on the EX2300-24P and 740 W (48 ports powered at 15.4W each) on the EX2300-48P.Model Acoustic Noise in DB EX2300-24T 34.2 EX2300-24P 40.6 EX2300-48T 34.6 EX2300-48P 51.4 EX2300-24MP 45.7 EX2300-48MP 45.8 Warranty
- Enhanced limited lifetime switch hardware warranty
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.Ordering Information
Product Number Description Switches EX2300-24T EX2300 24-port 10/100/1000BASE-T, 4 x 1/10GbE SFP/SFP+ (optics sold separately) EX2300-24T-VC EX2300 24-port non-PoE+ w/ Virtual Chassis License EX2300-24P EX2300 24-port 10/100/1000BASE-T PoE+, 4 x 1/10GbE SFP/SFP+ (optics sold separately) EX2300-24P-VC EX2300 24-port PoE+ w/ Virtual Chassis License EX2300-24MP EX2300 16-port 10/100/1000BASE-T PoE+, 8-port 10/100/1000/2500BASE-T PoE+, 4 x 1/10GbE SFP/ SFP+ (optics sold separately) EX2300-24T-DC EX2300 24-port 10/100/1000BASE-T with internal DC PSU, 4 x 1/10GbE SFP/SFP+ (optics sold separately EX2300-24T-TAA EX2300 TAA 24-port 10/100/1000BASE-T, 4 x 1/10GbE SFP/SFP+ (optics sold separately EX2300-24P-TAA EX2300 TAA 24-port 10/100/1000BASE-T PoE+, 4 x 1/10GbE SFP/SFP+ (optics sold separately) EX2300-48T EX2300 48-port 10/100/1000BASE-T, 4 x 1/10GbE SFP/SFP+ (optics sold separately) EX2300-48T-VC EX2300 48-port non-PoE+ w/ Virtual Chassis License EX2300-48P EX2300 48-port 10/100/1000BASE-T PoE+, 4 x 1/10GbE SFP/SFP+ (optics sold separately) EX2300-48P-VC EX2300 48-port PoE+ w/ Virtual Chassis License EX2300-48MP EX2300 32-port 10/100/1000BASE-T PoE+, 16-port 10/100/1000/2500BASE-T PoE+, 6 x 1/10GbE SFP/ SFP+ (optics sold separately) EX2300-48T-TAA EX2300 TAA 48-port 10/100/1000BASE-T, 4 x 1/10GbE SFP/SFP+ (optics sold separately) EX2300-48P-TAA EX2300 TAA 48-port 10/100/1000BASE-T PoE+, 4 x 1/10GbE SFP/SFP+ (optics sold separately) Accessories EX-RMK Rack-mount kit for EX2300 EX-4PST-RMK Adjustable 4-post rack-mount kit for EX2300 EX-WMK Wall-mount kit for EX2300 Subscription Licenses S-EX-A-C2-3 Software, EX Series Advanced license, Class 2 (24 ports), includes Wired Assurance subscription for EX Series 24-port switches, 3 year S-EX-A-C2-5 Software, EX Series Advanced license, Class 2 (24 ports), includes Wired Assurance subscription for EX Series 24-port switches, 5 year S-EX-A-C3-3 Software, EX Series Advanced license, Class 3 (32 or 48 ports), includes Wired Assurance subscription for EX Series 48-port switches, 3 year S-EX-A-C3-5 Software, EX Series Advanced license, Class 3 (32 or 48 ports), includes Wired Assurance subscription for EX Series 48-port switches, 5 year S-EX-A-C2-3-COR Software, EX Series Advanced license, Class 2 (24 ports), includes Wired Assurance subscription for EX Series 24-port switches with SVC CORE support, 3 year S-EX-A-C2-5-COR Software, EX Series Advanced license, Class 2 (24 ports), includes Wired Assurance subscription for EX Series 24-port switches with SVC CORE support, 5 year S-EX-A-C3-3-COR Software, EX Series Advanced license, Class 3 (32 or 48 ports), includes Wired Assurance subscription for EX Series 48-port switches with SVC CORE support, 3 year S-EX-A-C3-5-COR Software, EX Series Advanced license, Class 3 (32 or 48 ports), includes Wired Assurance subscription for EX Series 48-port switches with SVC CORE support, 5 year Perpetual Licenses EX2300-VC EX2300 Virtual Chassis License for EX2300 24- 48-port switches S-EX-A-C2-P Software, EX Series Advanced license, Class 2 Perpetual license for 24 port switches S-EX-A-C3-P Software, EX Series Advanced license, Class 3 Perpetual License for 48-port switches EX-24-EFL Enhanced Feature License for EX2300 24-port switches EX-48-EFL Enhanced Feature License for EX2300 48-port switches Pluggable Optics EX-SFP-1GE-T SFP 10/100/1000BASE-T copper; RJ-45 connector; 100m reach on UTP EX-SFP-1GE-SX SFP 1000BASE-SX; LC connector; 850 nm; 550m reach on multimode fiber EX-SFP-1GE-SX-ET SFP 1000BASE-SX; LC connector; 850 nm; 550m reach on multimode fiber, extended temperature EX-SFP-1GE-LX SFP 1000BASE-LX; LC connector; 1310 nm; 10 km reach on single-mode fiber EX-SFP-1GE-LH SFP 1000BASE-LH; LC connector; 1550 nm; 70 km reach on single-mode fiber EX-SFP-1GE-LX40K SFP 1000BASE-LX; LC connector; 1310 nm; 40 km reach on single-mode fiber EX-SFP-GE10KT13R14 SFP 1000BASE-BX; TX 1310 nm/RX 1490 nm for 10 km transmission on single-strand, single-mode fiber EX-SFP-GE10KT13R15 SFP 1000BASE-BX; TX 1310 nm/RX 1550 nm for 10 km transmission on single-strand, single-mode fiber EX-SFP-GE10KT14R13 SFP 1000BASE-BX; TX 1490 nm/RX 1310 nm for 10 km transmission on single-strand, single-mode fiber EX-SFP-GE10KT15R13 SFP 1000BASE-BX; TX 1550 nm/RX 1310 nm for 10 km transmission on single-strand, single-mode fiber EX-SFP-GE40KT13R15 SFP 1000BASE-BX; TX 1310 nm/RX 1550 nm for 40 km transmission on single-strand, single-mode fiber EX-SFPGE80KCW1470 SFP Gigabit Ethernet CWDM, LC connector; 1470 nm, 80 km reach on single-mode fiber EX-SFPGE80KCW1490 SFP Gigabit Ethernet CWDM, LC connector; 1490 nm, 80 km reach on single-mode fiber EX-SFPGE80KCW1510 SFP Gigabit Ethernet CWDM, LC connector; 1510 nm, 80 km reach on single-mode fiber EX-SFPGE80KCW1530 SFP Gigabit Ethernet CWDM, LC connector; 1530 nm, 80 km reach on single-mode fiber EX-SFPGE80KCW1550 SFP Gigabit Ethernet CWDM, LC connector; 1550 nm, 80 km reach on single-mode fiber EX-SFPGE80KCW1570 SFP Gigabit Ethernet CWDM, LC connector; 1570 nm, 80 km reach on single-mode fiber EX-SFPGE80KCW1590 SFP Gigabit Ethernet CWDM, LC connector; 1590 nm, 80 km reach on single-mode fiber EX-SFPGE80KCW1610 SFP Gigabit Ethernet CWDM, LC connector; 1610 nm, 80 km reach on single-mode fiber EX-SFP-10GE-USR SFP+ 10 Gigabit Ethernet Ultra Short Reach Optics, 850 nm for 10m on OM1, 20m on OM2, 100m on OM3 multimode fiber EX-SFP-10GE-SR SFP+ 10GBASE-SR; LC connector; 850 nm; 300m reach on 50 microns multimode fiber; 33m on 62.5 microns multimode fiber EX-SFP-10GE-LR SFP+ 10GBASE-LR; LC connector; 1310 nm; 10 km reach on single-mode fiber EX-SFP-10GE-ER SFP+ 10GBASE-ER 10 Gigabit Ethernet Optics, 1550 nm for 40 km transmission on single-mode fiber EX-SFP-10GE-ZR SFP+ 10GBASE-ZR; LC connector; 1550nm; 80 km reach on single-mode fiber EX-SFP-10GE-DAC1M SFP+ 10 Gigabit Ethernet Direct Attach Copper (twinax copper cable) – 1-meter length EX-SFP-10GE-DAC3M SFP+ 10 Gigabit Ethernet Direct Attach Copper (twinax copper cable) – 3-meter length EX-SFP-10GE-DAC5M SFP+ 10 Gigabit Ethernet Direct Attach Copper (twinax copper cable) – 5-meter length -
Product Overview
The Juniper Networks EX2300 Ethernet Switch offers an economical, entry-level, standalone solution for access-layer deployments in branch and remote offices, as well as enterprise campus networks. Both 1 Gbps and 2.5 Gbps access port options are available to provide higher-speed options, especially when connecting to 802.11ac Wave 2 access points. For small networks, up to four EX2300 switches can be interconnected in a Virtual Chassis configuration, allowing them to be managed as a single switch. The EX2300 is onboarded, provisioned, and managed in the Juniper Mist Cloud Architecture. Mist Wired Assurance delivers better experiences for connected devices through AI-powered automation and service levels.Product Description
The Juniper Networks® EX2300 line of Ethernet switches offers a compact, high-performance solution for supporting today’s converged network access deployments. Each EX2300 switch includes an ASIC-based Packet Forwarding Engine (PFE) with an integrated CPU to consistently deliver wire-rate forwarding, even with all control plane features enabled. Based on existing, field-proven Juniper Networks technology, the PFE brings the same level of carrier-class performance and reliability to the EX2300 switches that Juniper Networks routers bring to the world’s largest service provider networks. Select EX2300 models also support the 802.3af Class 3 Power over Ethernet (PoE) and 802.3at PoE+ standards for supporting networked devices such as telephones, video cameras, IEEE 802.11ac WLAN access points, and videophones in converged networks. The PoE-enabled EX2300 switches include a maximum system budget of 750 watts to deliver up to 30 watts to select ports. Multiple EX2300 models are available, including versions offering multigigabit (up to 2.5 Gbps) PoE+ access ports that can accommodate higher-speed IEEE 802.11ac Wave 2 access points, enabling the switches to support more wireless users. The EX2300 fixed-configuration Ethernet switches provide exceptional value to enterprise customers by supporting the following key technologies:- Virtual Chassis technology enables up to four interconnected EX2300 switches to form a single logical device.
- Flexible 1GbE SFP/10GbE SFP+ uplinks provide high-speed connectivity to aggregation layer switches or other upstream devices.
- Up to 48 10/100/1000BASE-T ports are available with or without PoE/PoE+.
- Models offering 24 and 48 multigigabit ports support 1GbE/2.5GbE on 8 and 16 ports, respectively
- Energy Efficient Ethernet (EEE) support is provided on 1GbE ports.
- Complete Layer 2 and basic Layer 3 switching capabilities are available.
- Simplified onboarding and management with Juniper Mist Wired Assurance.
- PoE-enabled EX2300 switches can simultaneously deliver up to 15.4 watts of standards-based 802.3af Class 3 PoE to a maximum of 48 ports or 30 watts of standards-based 802.3at PoE+ to a maximum of 24 ports, based on a total system budget of 750 watts.
- Uplink ports can be configured as Virtual Chassis interfaces and connected via standard 10GbE optics interfaces (optional Virtual Chassis license required).
- Fixed power supply and uplink ports ensure operational simplicity.
- Low power consumption, low acoustic fans, and a small 10-inch deep footprint enable flexible, environmentally friendly deployment.
- Support for L2 protocols as well as L3 protocols like RIP and static routing are included in the base license.
- Support is available for IPv6 management, including neighbor discovery, telnet, SSH, DNS, system log, and NTP.
- A single release train for Juniper Networks Junos operating system is supported to ensure a consistent control plane feature implementation.
- Modular Junos OS prevents a switch reboot if a single protocol feature fails.
- Built-in Web interface (Juniper Networks J-Web Software) is provided.
- RJ-45 serial console port is available.
- USB mini console port is included on 1GbE access switch models.
- Out-of-band Ethernet management port is provided.
- Reduction of Hazardous Waste (RoHS) is certified.
Architecture and Key Components
The EX2300 occupies a single rack unit, delivering a compact solution for crowded wiring closets and access locations where space and power are at a premium. The EX2300 switch’s 10-inch/12-inch depth and low acoustics also make it ideal for open office deployments. For silent operation requirements, please see the EX2300-C, a c ompact, fanless version of the EX2300. Each EX2300 switch supports four fixed front-panel 1GbE/10GbE uplink ports (six 1/10GbE uplink ports on the 48-port multigigabit model) with pluggable optics (purchased separately) for high-speed backbone or link aggregation connections between wiring closets and upstream aggregation switches. The 1GbE EX2300 access switch models also feature a front-panel mode button that offers a simple interface for bringing devices up and selecting LED modes. A dedicated rear panel RJ-45 Ethernet port is available for outof-band management, while a rear panel USB port can be used to easily upload the Junos OS and configuration files.Cloud Management with Juniper Mist Wired Assurance
Juniper Mist Wired Assurance, a cloud-based service driven by Mist AI to claim, configure, manage, and troubleshoot the EX2300, delivers AI-powered automation and service levels to ensure a better experience for connected devices. Wired Assurance leverages rich Junos switch telemetry data to simplify operations, reduce mean time to repair, and improve visibility. Wired Assurance offers the following features:- Day 0 operations—Onboard switches seamlessly by claiming a greenfield switch or adopting a brownfield switch with a single activation code for true plug-and-play simplicity.
- Day 1 operations—Implement a template-based configuration model for bulk rollouts of traditional and campus fabric deployments, while retaining the flexibility and control required to apply custom site- or switch-specific attributes. Automate provisioning of ports via Dynamic Port Profiles.
- Day 2 operations—Leverage the AI in Juniper Mist Wired Assurance to meet service-level expectations such as throughput, successful connects, and switch health with key pre- and post-connection metrics (see Figure 1). Add the self-driving capabilities in Marvis Actions to detect loops, add missing VLANs, fix misconfigured ports, identify bad cables, isolate flapping ports, and discover persistently failing clients (see Figure 2). And perform software upgrades easily through Juniper Mist cloud.
Figure 1: Juniper Mist Wired Assurance service-level expectationsFigure 2: Marvis Actions for wired switchesThe addition of Marvis, a complementary Virtual Network Assistant driven by Mist AI, lets you start building a self-driving network that simplifies network operations and streamlines troubleshooting via automatic fixes for EX Series switches or recommended actions for external systems. For more information see Juniper Mist Wired Assurance.Virtual Chassis Technology
The EX2300 supports Juniper’s unique Virtual Chassis technology, enabling up to four interconnected EX2300 switches to be managed as a single logical device, delivering a scalable, pay-as-you-grow solution for expanding network environments. While EX2300 switches can be interconnected over any of the front-panel uplink ports using standard 10GbE SFP+ transceivers (sold separately), these ports can also be configured as 1GbE/10GbE uplinks to aggregation devices by disabling the Virtual Chassis technology. When deployed in a Virtual Chassis configuration, the EX2300 switches elect a primary and a backup switch based on a set of preconfigured policies or criteria. The primary switch automatically creates and updates the switching and optional routing tables on all other Virtual Chassis switch members. Switches can be added to or removed from the Virtual Chassis configuration without service disruption. EX2300 Virtual Chassis configurations operate as highly resilient unified systems, providing simplified management using a single IP address, single telnet session, single command-line interface (CLI), automatic version checking, and automatic configuration. The EX2300 switches are also capable of local switching, so packets coming into a port destined for another port on the same switch do not have to traverse the Virtual Chassis, increasing forwarding capacities.EX2300 Virtual Chassis configurations implement the same slot/module/port numbering schema as other Juniper Networks chassis-based products, providing true chassis-like operations. By using a consistent operating system and a single configuration file, all switches in a Virtual Chassis configuration are treated as a single device, simplifying overall system maintenance and management.Multigigabit Switches
IEEE 802.11ac Wave 2 access points require switch ports capable of handling up to 2.5 Gbps in order to support the growing number of wireless devices and the amount of traffic they produce. To address this need, specific multigigabit EX2300 models now offer 1 Gbps and 2.5 Gbps access ports to support these increased bandwidth requirements over existing Category 5e cabling. These switches run the same Junos image and support all the same software features as other EX2300 models. The EX2300 multigigabit switches can interoperate with other EX Series switches in Virtual Chassis deployments, protecting existing customer investments by enabling them to add multigigabit support to their existing Juniper network deployments. The EX2300 multigigabit switches support PoE+ on all access ports, provided the power demand is within the PoE budget.Table 1: EX2300 multigigabit switchesModel 1 Gbps Ports 1/2.5 Gbps Ports PoE/ PoE+ Uplinks Fans Air Flow EX2300- 24MP 8-23 0-7 All access ports 4 SFP+ 3 Side-side EX2300- 48MP 0-15; 32-47 16-31 All access ports 6 SFP+ 4 Side-side Figure 3: EX2300 switches support Virtual Chassis technology, which enables up to four interconnected switches to operate as a single, logical device.Virtual Chassis technology simplifies network management for smaller deployments. Up to four interconnected EX2300 switches can be managed as a single device utilizing a single Junos OS image and a single configuration file, reducing the overall number of units to monitor and manage. When the Junos OS is upgraded on the primary switch in an EX2300 Virtual Chassis configuration, the software is automatically upgraded on all other member switches at the same time. The EX2300 includes port profiles that allow network administrators to automatically configure ports with security, QoS, and other parameters based on the type of device connected to the port. Six preconfigured profiles are available, including default, desktop, desktop plus IP phone, WLAN access point, routed uplink, and Layer 2 uplink. Users can select from the existing profiles or create their own and apply them through the command-line interface (CLI), J-Web Software interface, or management system. In addition, a feature called system snapshot makes a copy of all software files used to run the switch—including the Junos operating system, the active configuration, and the rescue configuration. These files can be used to reboot the switch at the next power-up or as a backup boot option. The Junos OS software can also be preinstalled on a flash drive and used to boot the EX2300 at any time. Another feature, called automatic software download, enables network administrators to easily upgrade the EX2300 using the DHCP message exchange process to download and install software packages. Users simply configure the automatic software download feature on EX2300 switches acting as DHCP clients and establish a path to the server where the software package file is installed. The server then communicates the path to the software package file through DHCP server messages. The ZTP feature allows a DHCP server to push configuration details and software images to multiple switches at boot-up time.Campus Fabric Deployments
Juniper campus fabrics support these validated architectures with the EX2300 switch playing the role of access switch in a Virtual Chassis:- EVPN multihoming (collapsed core or distribution): A collapsed core architecture combines the core and distribution layers into a single switch, turning the traditional three-tier hierarchal network into a two-tier network. This eliminates the need for STP across the campus network by providing multihoming capabilities from the access to the core layer. EVPN multihoming can be deployed and managed using the Juniper Mist cloud.
- Core-Distribution: A pair of interconnected EX Series core or distribution switches provide L2 EVPN and L3 VXLAN gateway support. The EVPN-VXLAN network between the distribution and core layers offers two modes: centrally or edge routed bridging overlay.
Figure 4: Campus fabrics showing Virtual Chassis and EVPN-VXLAN-based architecturesFeatures and Benefits
Managing AI-Driven Campus Fabric with the Juniper Mist Cloud
Juniper Mist Wired Assurance brings cloud management and Mist AI to campus fabric. It sets a new standard moving away from traditional network management towards AI-driven operations, while delivering better experiences to connected devices. The Juniper Mist Cloud streamlines deployment and management of campus fabric architectures by allowing:- Automated deployment and zero touch deployment
- Anomaly detection
- Root cause analysis
Figure 5. EVPN multihoming configuration via the Juniper Mist cloudHigh Availability Features
To avoid the complexities of the Spanning Tree Protocol (STP) without sacrificing network resiliency, the EX2300 employs a redundant trunk group (RTG) to provide the necessary port redundancy and simplify switch configuration. It also supports cross-member link aggregation, which allows redundant link aggregation connections between devices in a single Virtual Chassis configuration, providing an additional level of reliability and availability.Junos Operating System
The EX2300 switches run the same Junos OS that is used by other Juniper Networks EX Series Ethernet Switches, QFX Series Switches, Juniper Routers, Juniper SRX Firewalls, and the Juniper NFX Series Network Services Platform. By utilizing a common operating system, Juniper delivers a consistent implementation and operation of control plane features across all products. To maintain that consistency, the Junos OS adheres to a highly disciplined development process that uses a single source code, and it employs a highly available modular architecture that prevents isolated failures from bringing down an entire system. These attributes are fundamental to the core value of the software, enabling all Junos OS-powered products to be updated simultaneously with the same software release. All features are fully regression-tested, making each new release a true superset of the previous version. Customers can deploy the software with complete confidence that all existing capabilities are maintained and operate in the same way.Converged Environments
The EX2300 provides the highest levels of flexibility and features in its class for the most demanding converged data, voice, and video environments, delivering a reliable platform for unifying enterprise communications. By providing a full 15.4 watts of Class 3 PoE to VoIP telephones, closed-circuit security cameras, wireless access points, and other IP-enabled devices, the EX2300 delivers a future-proofed solution for converging disparate networks onto a single IP infrastructure. The EX2300 PoE switches also support 802.3at standards-based PoE+, delivering 30 watts for powering networked devices such as IEEE 802.11ac wireless access points, and videophones that might require more power than available with IEEE 802.3af. To ease deployment, the EX2300 supports the industrystandard Link Layer Discovery Protocol (LLDP) and LLDPMedia Endpoint Discovery (LLDP-MED) protocol, enabling the switches to automatically discover Ethernet-enabled devices, determine their power requirements, and assign virtual LAN (VLAN) membership. LLDP-MED-based granular PoE management allows the EX2300 to negotiate PoE usage down to a fraction of a watt on powered devices, enabling more efficient PoE utilization across the switch. In addition, the EX2300 supports rich quality-of-service (QoS) functionality for prioritizing data, voice, and video traffic. The switches support eight class-of-service (CoS) queues on every port, enabling them to maintain multilevel, end-to-end traffic prioritizations. The EX2300 also supports a wide range of policy options, including strict priority, low latency, weighted random early detection (WRED), and shaped-deficit weighted roundrobin (SDWRR) queuing.Security
Working as an enforcement point in Access Policy Infrastructure, the EX2300 provides both standards-based 802.1X portlevel access control for multiple devices per port, as well as Layer 2-4 policy enforcement based on user identity, location, device, or a combination of these. A user’s identity, device type, machine posture check, and location can be used to determine whether access should be granted and for how long. If access is granted, the switch provides access to the network based on authorization attributes sent by the authentication server. The switch can also apply security policies, QoS policies, or both, or it can mirror user traffic to a central location for logging, monitoring, or threat detection by intrusion prevention systems. The EX2300 also provides a full complement of integrated port security and threat detection features, including Dynamic Host Configuration Protocol (DHCP) snooping, dynamic ARP inspection (DAI), and media access control (MAC) limiting to defend against internal and external spoofing, and man-in-themiddle and denial of service (DoS) attacks.Flex Licensing
Juniper Flex licensing offers a common, simple, and flexible licensing model for EX Series access switches, enabling customers to purchase features based on their network and business needs. Flex licensing is offered in Standard, Advanced, and Premium tiers. Standard tier features are available with the Junos OS image that ships with EX Series switches. Additional features can be unlocked with the purchase of a Flex Advanced or Flex Premium license.The Flex Advanced and Premium licenses for the EX Series platforms are class based, determined by the number of access ports on the switch. Class 1 (C1) switches have 12 ports, Class 2 (C2) switches have 24 Ports, and Class 3 (C3) switches have 32 or 48 Ports. The EX2300 switches support both subscription and perpetual Flex licenses. Subscription licenses are offered for three- and five-year terms. In addition to Junos features, the Flex Advanced and Premium subscription licenses include Juniper Mist Wired Assurance. Flex Advanced and Premium subscription licenses also allow portability across the same tier and class of switches, ensuring investment protection for the customer. For a complete list of features supported by the Flex Standard, Advanced, and Premium tiers, or to learn more about Junos EX Series licenses, please visit https://www.juniper.net/documentation/us/en/software/license/licensing/topics/concept/flex-licenses-for-ex.htmlEnhanced Limited Lifetime Warranty
The EX2300 includes an enhanced limited lifetime hardware warranty that provides return-to-factory switch replacement for as long as the original purchaser owns the product. The warranty includes lifetime software updates, advanced shipping of spares within one business day, and 24x7 Juniper Networks Technical Assistance Center (JTAC) support for 90 days after the purchase date. Power supplies and fan trays are covered for a period of five years. For complete details, please visit https://support.juniper.net/support/Physical Specifications
Power Options
Model Max. System Power Consumption (Input Power without PoE) Total PoE Power Budget EX2300-24T 55 W AC 0 EX2300-24P 80 W AC 370 W EX2300-24MP 55 W AC 380 W EX2300-48T 70 W AC 0 EX2300-48P 100 W AC 750 W EX2300-48MP 90 W AC 750 W Dimensions (W x H x D)
- Width:
- 17.4 in (44.19 cm) for desktop installations
- 17.5 in (44.6 cm) with rack-mount brackets
- Height: 1.75 in (4.45 cm) for 1U installations
- Depth:
- EX2300-24T: 10.2 in (25.9 cm)
- EX2300-24P: 12.2 in (30.98 cm)
- EX2300-24MP: 10 in (25.4 cm)
- EX2300-48T: 10.2 in (25.9 cm)
- EX2300-48P: 12.2 in (30.98 cm)
- EX2300-48MP: 14.5 in (36.83 cm)
Backplane
- 80 Gbps Virtual Chassis interconnect to link up to four switches as a single logical device (EX2300-24/48T/P and EX2300-24/48 MP models)
System Weight
- EX2300-24T: 7.25 lb (3.29 kg)
- EX2300-24P: 9.89 lb (4.49 kg)
- EX2300-24MP: 8.82 lb (4 kg)
- EX2300-48T: 8.29 lb (3.76 kg)
- EX2300-48P: 11.07 lb (5.02 kg)
- EX2300-48MP: 14.33 lb (6.5 kg)
Environmental Ranges
- Operating temperature: 32° to 113° F (0° to 45° C)
- Storage temperature: -40° to 158° F (-40° to 70° C)
- Operating altitude: up to 13,000 ft (3962 m) at 40° C according to GR-63
- Non-operating altitude: up to 15,000 ft (4572 m)
- Relative humidity operating: 10% to 85% (noncondensing)
- Relative humidity non-operating: 0% to 95% (noncondensing)
Cooling
- Airflow:
- EX2300-24T: 25 cfm
- EX2300-24P: 23 cfm
- EX2300-48T: 24 cfm
- EX2300-48P: 25 cfm
Hardware Specifications
Switching Engine Model
- Store and forward
DRAM
- 2 GB (EX2300-24/48T/P)
Flash
- 2 GB (EX2300 non-multigigabit models)
- 8 GB (EX2300-24MP, EX2300-48MP)
CPU
- 1.25GHz ARM CPU
GbE Port Density per System
- EX2300-24P/24T/24MP: 28 (24 host ports + four-port SFP/SFP+ uplinks)
- EX2300-48P/48T: 52 (48 host ports + four-port SFP/SFP+ uplinks)
- EX2300-48MP: 54 (48 host ports + six-port SFP/SFP+ uplinks)
Supported Optics
- 10/100/1000BASE-T connector type RJ-45
- GbE SFP optic/connector type: RJ-45, or LC SFP fiber supporting 1000BASE-T SFP, SX (multimode), LX (singlemode), or LH (single-mode)
Physical Layer
- Physical port redundancy: Redundant trunk group (RTG)
- Cable diagnostics for detecting cable breaks and shorts
- Auto MDI/MDIX (medium-dependent interface/mediumdependent interface crossover) support
- Port speed downshift/setting maximum advertised speed on 10/100/1000BASE-T ports
- Digital optical monitoring for optical ports
Packet-Switching Capacities (Maximum with 64-Byte Packets)
- EX2300-24P/24T: 64 Gbps (unidirectional)/128 Gbps (bidirectional)
- EX2300-24MP: 76 Gbps (unidirectional)/ 152 Gbps (bidirectional)
- EX2300-48P/48T: 88 Gbps (unidirectional)/176 Gbps (bidirectional)
- EX2300-48MP: 132 Gbps (unidirectional)/264 Gbps (bidirectional)
Software Specifications
Layer 2/Layer 3 Throughput (Mpps) (Maximum with 64 Byte Packets)
- EX2300-24P/24T/24MP: 95 Mpps (wire speed)
- EX2300-48P/48T/48MP: 130 Mpps (wire speed)
Layer 2 Features
- Maximum MAC addresses in hardware: 16,000
- Jumbo frames: 9216 bytes
- Number of VLANs supported: 4093 (2044 active VLAN)
- Range of possible VLAN IDs: 1-4094
- Port-based VLAN
- MAC-based VLAN
- Voice VLAN
- Layer 2 Protocol Tunneling (L2PT)
- IEEE 802.1ak: Multiple VLAN Registration Protocol (MVRP)
- Compatible with Per-VLAN Spanning Tree Plus (PVST+)
- RVI (Routed VLAN Interface)
- IEEE 802.1AB: Link Layer Discovery Protocol (LLDP)
- LLDP-MED with VoIP integration
- IEEE 802.1ad Q-in-Q tunneling
- IEEE 802.1br: Bridge Port Extension
- IEEE 802.1D: Spanning Tree Protocol
- IEEE 802.1p: CoS Prioritization
- IEEE 802.1Q: VLAN Tagging
- IEEE 802.1Q-in-Q: VLAN Stacking
- IEEE 802.1s: Multiple Spanning Tree Protocol (MSTP)
- Number of MST instances supported: 64
- Number of VSTP instances supported: 253
- IEEE 802.1w: Rapid Spanning Tree Protocol (RSTP)
- IEEE 802.1X: Port Access Control
- IEEE 802.3: 10BASE-T
- IEEE 802.3u: 100BASE-T
- IEEE 802.3ab: 1000BASE-T
- IEEE 802.3z: 1000BASE-X
- IEEE 802.3af: PoE
- IEEE 802.3at: PoE+
- IEEE 802.3ad: Link Aggregation Control Protocol (LACP)
- IEEE 802.3x: Pause Frames/Flow Control
- IEEE 802.3az: Energy Efficient Ethernet
Layer 3 Features: IPv4
- Maximum number of ARP entries: 1,500
- Maximum number of IPv4 unicast routes in hardware: 512 prefixes; 4,096 host routes
- Maximum number of IPv4 multicast routes in hardware: 2,048 groups; 2,048 multicast routes
- Routing Protocols: RIP v1/v2, OSPF v1/v2
- Static routing
- Routing policy
- Bidirectional Forwarding Detection (BFD) with slow timers (> 3 sec)
- IP directed broadcast
Layer 3 Features: IPv6
- Maximum number of Neighbor Discovery (ND) entries: 1,500
- Maximum number of IPv6 unicast routes in hardware: 512 prefixes; 2,048 host routes
- Maximum number of IPv6 multicast routes in hardware: 1,024 groups; 1,024 multicast routes
- Neighbor discovery, system logging, Telnet, SSH, SNMP, Network Time Protocol (NTP), Domain Name System (DNS)
- Static routing
- Routing protocols: RIPng, OSPF v3, Multicast Listener Discovery, Multicast Listener Discovery v2
Access Control Lists (ACLs) (Junos OS Firewall Filters)
- Port-based ACL (PACL)—256 ingress; 256 egress
- VLAN-based ACL (VACL)— 256 ingress; 256 egress
- Router-based ACL (RACL)—256 ingress; 512 egress
- ACL entries (ACE) in hardware per system: 2,000
- ACL counter for denied packets
- ACL counter for permitted packets
- Ability to add/remove/change ACL entries in middle of list (ACL editing)
- L2-L4 ACL
Access Security
- MAC limiting
- Allowed MAC addresses—configurable per port
- Sticky MAC (persistent MAC address learning)
- Dynamic ARP inspection (DAI)
- Proxy ARP
- Static ARP support
- DHCP snooping
- 802.1X port-based
- 802.1X multiple supplicants
- 802.1X with VLAN assignment
- 802.1X with authentication bypass access (based on host MAC address)
- 802.1X with VoIP VLAN support
- 802.1X dynamic ACL based on RADIUS attributes
- 802.1X Supported EAP types: Message Digest 5 (MD5), Transport Layer Security (TLS), Tunneled Transport Layer Security (TTLS), Protected Extensible Authentication Protocol (PEAP)
- IPv6 RA Guard
- IPv6 Neighbor Discovery Inspection
- Captive Portal
- Static MAC authentication
- MAC-RADIUS
- Control plane DoS protection
- Fallback authentication
- Trusted Network Connect (TNC) certified
High Availability
- Link aggregation
- 802.3ad (LACP) support:
- Number of LAGs supported: 128
- Maximum number of ports per LAG: 8
- Tagged ports support in LAG
- Uplink Failure Detection
Quality of Service (QoS)
- Layer 2 QoS
- Layer 3 QoS
- Ingress policing: one-rate two-color; two-rate three-color markers
- Hardware queues per port: 8
- Scheduling methods (egress): Strict Priority (SP), shapeddeficit weighted round-robin (SDWRR)
- 802.1p, DSCP /IP precedence trust and marking
- L2-L4 classification criteria: Interface, MAC address, EtherType, 802.1p, VLAN, IP address, DSCP/IP precedence, TCP/UDP port numbers
- Congestion avoidance capabilities: Tail drop and WRED
Multicast
- IGMP snooping entries: 2,000
- IGMP: v1, v2, v3
- IGMP snooping
- PIM-SM, PIM-SSM, PIM-DM
- MLD snooping
Management and Analytics Platforms
- Juniper Mist Wired Assurance for Campus
- Junos Space® Network Director for Campus
- Junos Space® Management
Device Management and Operations
- Junos OS CLI
- Junos Web interface (J-Web)
- Out-of-band management: Serial, 10/100BASE-T Ethernet
- ASCII configuration
- Rescue configuration
- Configuration rollback
- Image rollback
- Simple Network Management Protocol (SNMP): v1, v2c, v3
- Remote monitoring (RMON) (RFC 2819) Groups 1, 2, 3, 9
- Network Time Protocol (NTP)
- DHCP server
- DHCP client and DHCP proxy
- DHCP relay and helper
- RADIUS authentication
- TACACS+ authentication
- SSHv2
- Secure copy
- HTTP/HTTPs
- DNS resolver
- System log logging
- Temperature sensor
- Configuration backup via FTP/secure copy
- Interface range
Supported RFCs
- RFC 768 UDP
- RFC 783 Trivial File Transfer Protocol (TFTP)
- RFC 791 IP
- RFC 792 Internet Control Message Protocol (ICMP)
- RFC 793 TCP
- RFC 826 ARP
- RFC 854 Telnet client and server
- RFC 894 IP over Ethernet
- RFC 903 Reverse ARP (RARP)
- RFC 906 Bootstrap Loading using TFTP
- RFC 951, 1542 BootP
- RFC 1027 Proxy ARP
- RFC 1058 RIP v1
- RFC 1122 Requirements for Internet Hosts
- RFC 1256 IPv4 ICMP Router Discovery (IRDP)
- RFC 1492 TACACS+
- RFC 1519 Classless Interdomain Routing (CIDR)
- RFC 1591 Domain Name System (DNS)
- RFC 1812 Requirements for IP Version 4 routers
- RFC 2030 Simple Network Time Protocol (SNTP)
- RFC 2068 HTTP/1.1
- RFC 2131 BOOTP/DHCP relay agent and DHCP server
- RFC 2138 RADIUS Authentication
- RFC 2139 RADIUS Accounting
- RFC 2267 Network Ingress Filtering
- RFC 2453 RIP v2
- RFC 2474 DiffServ Precedence, including 8 queues/port
- RFC 2597 DiffServ Assured Forwarding (AF)
- RFC 2598 DiffServ Expedited Forwarding (EF)
- RFC 2710 Multicast Listener Discovery Version (MLD) for IPv6
- RFC 2925 Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations
- RFC 3176 sFlow
- RFC 3579 RADIUS Extensible Authentication Protocol (EAP) support for 802.1X
- RFC 5176 Dynamic Authorization Extensions to RADIUS
- LLDP Media Endpoint Discovery (LLDP-MED), ANSI/TIA1057, draft 08
Supported MIBs
- RFC 1155 Structure of Management Information (SMI)
- RFC 1157 SNMPv1
- RFC 1212, RFC 1213, RFC 1215 MIB-II, Ethernet-like MIB, and TRAPs
- RFC 1493 Bridge MIB
- RFC 1643 Ethernet MIB
- RFC 1724 RIPv2 MIB
- RFC 1905 RFC 1907 SNMP v2c, SMIv2 and Revised MIB-II
- RFC 1981 Path MTU Discovery for IPv6
- RFC 2011 SNMPv2 Management Information Base for the IP using SMIv2
- RFC 2012 SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2
- RFC 2013 SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2
- RFC 2096 IPv4 Forwarding Table MIB
- RFC 2287 System Application Packages MIB
- RFC 2460 IPv6 Specification
- RFC 2464 Transmission of IPv6 Packets over Ethernet Networks
- RFC 2570-2575 SNMPv3, User-based Security, Encryption, and Authentication
- RFC 2576 Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework
- RFC 2578 SNMP Structure of Management Information MIB
- RFC 2579 SNMP Textual Conventions for SMIv2
- RFC 2665 Definitions of Managed Objects for the Ethernet-like Interface Types
- RFC 2819 RMON MIB
- RFC 2863 The Interfaces Group MIB
- RFC 2922 LLDP MIB
- RFC 2925 Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations
- RFC 3413 SNMP Application MIB
- RFC 3414 User-based Security Model for SNMPv3
- RFC 3415 View-based Access Control Model (VACM) for SNMP
- RFC 3484 Default Address Selection for IPv6
- RFC 3621 PoE-MIB (PoE switches only)
- RFC 3810 Multicast Listener Discovery Version 2 (MLDv2) for IPv6
- RFC 4188 STP and Extensions MIB
- RFC 4213 Basic Transition Mechanisms for IPv6 Hosts and Routers
- RFC 4291 IPv6 Addressing Architecture
- RFC 4363 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and VLAN Extensions
- RFC 4443 ICMPv6 for the IPv6 Specification
- RFC 4861 Neighbor Discovery for IPv6
- RFC 4862 IPv6 Stateless Address Autoconfiguration
- Draft – blumenthal – aes – usm - 08
- Draft – reeder - snmpv3 – usm - 3desede -00
Troubleshooting
- Debugging: CLI via console, telnet, or SSH
- Diagnostics: Show and debug command statistics
- Traffic mirroring (port)
- Traffic mirroring (VLAN)
- ACL-based mirroring
- Mirroring destination ports per system: 4
- LAG port monitoring
- Multiple destination ports monitored to 1 mirror (N:1)
- Maximum number of mirroring sessions: 4
- Mirroring to remote destination (over L2): 1 destination VLAN
- Encapsulated Remote Switched Port Analyzer (ERSPAN)
- IP tools: Extended ping and trace
- Juniper Networks commit and rollback
Safety Certifications
- UL-UL60950-1 (Second Edition)
- C-UL to CAN/CSA 22.2 No.60950-1 (Second Edition)
- TUV/GS to EN 60950-1 (Second Edition)
- CB-IEC60950-1 (Second Edition with all country deviations)
- EN 60825-1 (Second Edition)
Electromagnetic Compatibility Certifications
- FCC 47CFR Part 15 Class A
- EN 55022 Class A
- ICES-003 Class A
- VCCI Class A
- AS/NZS CISPR 22 Class A
- CISPR 22 Class A
- EN 55024
- EN 300386
- CE
Telecom Quality Management
- TL9000
Environmental
- Reduction of Hazardous Substances (ROHS) 6
Telco
- CLEI code
Noise Specifications
Noise measurements based on operational tests taken from bystander position (front) and performed at 25° C in compliance with ISO 7779. The PoE load was 370 W (24 ports powered at 15.4W each) on the EX2300-24P and 740 W (48 ports powered at 15.4W each) on the EX2300-48P.Model Acoustic Noise in DB EX2300-24T 34.2 EX2300-24P 40.6 EX2300-48T 34.6 EX2300-48P 51.4 EX2300-24MP 45.7 EX2300-48MP 45.8 Warranty
- Enhanced limited lifetime switch hardware warranty
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.Ordering Information
Product Number Description Switches EX2300-24T EX2300 24-port 10/100/1000BASE-T, 4 x 1/10GbE SFP/SFP+ (optics sold separately) EX2300-24T-VC EX2300 24-port non-PoE+ w/ Virtual Chassis License EX2300-24P EX2300 24-port 10/100/1000BASE-T PoE+, 4 x 1/10GbE SFP/SFP+ (optics sold separately) EX2300-24P-VC EX2300 24-port PoE+ w/ Virtual Chassis License EX2300-24MP EX2300 16-port 10/100/1000BASE-T PoE+, 8-port 10/100/1000/2500BASE-T PoE+, 4 x 1/10GbE SFP/ SFP+ (optics sold separately) EX2300-24T-DC EX2300 24-port 10/100/1000BASE-T with internal DC PSU, 4 x 1/10GbE SFP/SFP+ (optics sold separately EX2300-24T-TAA EX2300 TAA 24-port 10/100/1000BASE-T, 4 x 1/10GbE SFP/SFP+ (optics sold separately EX2300-24P-TAA EX2300 TAA 24-port 10/100/1000BASE-T PoE+, 4 x 1/10GbE SFP/SFP+ (optics sold separately) EX2300-48T EX2300 48-port 10/100/1000BASE-T, 4 x 1/10GbE SFP/SFP+ (optics sold separately) EX2300-48T-VC EX2300 48-port non-PoE+ w/ Virtual Chassis License EX2300-48P EX2300 48-port 10/100/1000BASE-T PoE+, 4 x 1/10GbE SFP/SFP+ (optics sold separately) EX2300-48P-VC EX2300 48-port PoE+ w/ Virtual Chassis License EX2300-48MP EX2300 32-port 10/100/1000BASE-T PoE+, 16-port 10/100/1000/2500BASE-T PoE+, 6 x 1/10GbE SFP/ SFP+ (optics sold separately) EX2300-48T-TAA EX2300 TAA 48-port 10/100/1000BASE-T, 4 x 1/10GbE SFP/SFP+ (optics sold separately) EX2300-48P-TAA EX2300 TAA 48-port 10/100/1000BASE-T PoE+, 4 x 1/10GbE SFP/SFP+ (optics sold separately) Accessories EX-RMK Rack-mount kit for EX2300 EX-4PST-RMK Adjustable 4-post rack-mount kit for EX2300 EX-WMK Wall-mount kit for EX2300 Subscription Licenses S-EX-A-C2-3 Software, EX Series Advanced license, Class 2 (24 ports), includes Wired Assurance subscription for EX Series 24-port switches, 3 year S-EX-A-C2-5 Software, EX Series Advanced license, Class 2 (24 ports), includes Wired Assurance subscription for EX Series 24-port switches, 5 year S-EX-A-C3-3 Software, EX Series Advanced license, Class 3 (32 or 48 ports), includes Wired Assurance subscription for EX Series 48-port switches, 3 year S-EX-A-C3-5 Software, EX Series Advanced license, Class 3 (32 or 48 ports), includes Wired Assurance subscription for EX Series 48-port switches, 5 year S-EX-A-C2-3-COR Software, EX Series Advanced license, Class 2 (24 ports), includes Wired Assurance subscription for EX Series 24-port switches with SVC CORE support, 3 year S-EX-A-C2-5-COR Software, EX Series Advanced license, Class 2 (24 ports), includes Wired Assurance subscription for EX Series 24-port switches with SVC CORE support, 5 year S-EX-A-C3-3-COR Software, EX Series Advanced license, Class 3 (32 or 48 ports), includes Wired Assurance subscription for EX Series 48-port switches with SVC CORE support, 3 year S-EX-A-C3-5-COR Software, EX Series Advanced license, Class 3 (32 or 48 ports), includes Wired Assurance subscription for EX Series 48-port switches with SVC CORE support, 5 year Perpetual Licenses EX2300-VC EX2300 Virtual Chassis License for EX2300 24- 48-port switches S-EX-A-C2-P Software, EX Series Advanced license, Class 2 Perpetual license for 24 port switches S-EX-A-C3-P Software, EX Series Advanced license, Class 3 Perpetual License for 48-port switches EX-24-EFL Enhanced Feature License for EX2300 24-port switches EX-48-EFL Enhanced Feature License for EX2300 48-port switches Pluggable Optics EX-SFP-1GE-T SFP 10/100/1000BASE-T copper; RJ-45 connector; 100m reach on UTP EX-SFP-1GE-SX SFP 1000BASE-SX; LC connector; 850 nm; 550m reach on multimode fiber EX-SFP-1GE-SX-ET SFP 1000BASE-SX; LC connector; 850 nm; 550m reach on multimode fiber, extended temperature EX-SFP-1GE-LX SFP 1000BASE-LX; LC connector; 1310 nm; 10 km reach on single-mode fiber EX-SFP-1GE-LH SFP 1000BASE-LH; LC connector; 1550 nm; 70 km reach on single-mode fiber EX-SFP-1GE-LX40K SFP 1000BASE-LX; LC connector; 1310 nm; 40 km reach on single-mode fiber EX-SFP-GE10KT13R14 SFP 1000BASE-BX; TX 1310 nm/RX 1490 nm for 10 km transmission on single-strand, single-mode fiber EX-SFP-GE10KT13R15 SFP 1000BASE-BX; TX 1310 nm/RX 1550 nm for 10 km transmission on single-strand, single-mode fiber EX-SFP-GE10KT14R13 SFP 1000BASE-BX; TX 1490 nm/RX 1310 nm for 10 km transmission on single-strand, single-mode fiber EX-SFP-GE10KT15R13 SFP 1000BASE-BX; TX 1550 nm/RX 1310 nm for 10 km transmission on single-strand, single-mode fiber EX-SFP-GE40KT13R15 SFP 1000BASE-BX; TX 1310 nm/RX 1550 nm for 40 km transmission on single-strand, single-mode fiber EX-SFPGE80KCW1470 SFP Gigabit Ethernet CWDM, LC connector; 1470 nm, 80 km reach on single-mode fiber EX-SFPGE80KCW1490 SFP Gigabit Ethernet CWDM, LC connector; 1490 nm, 80 km reach on single-mode fiber EX-SFPGE80KCW1510 SFP Gigabit Ethernet CWDM, LC connector; 1510 nm, 80 km reach on single-mode fiber EX-SFPGE80KCW1530 SFP Gigabit Ethernet CWDM, LC connector; 1530 nm, 80 km reach on single-mode fiber EX-SFPGE80KCW1550 SFP Gigabit Ethernet CWDM, LC connector; 1550 nm, 80 km reach on single-mode fiber EX-SFPGE80KCW1570 SFP Gigabit Ethernet CWDM, LC connector; 1570 nm, 80 km reach on single-mode fiber EX-SFPGE80KCW1590 SFP Gigabit Ethernet CWDM, LC connector; 1590 nm, 80 km reach on single-mode fiber EX-SFPGE80KCW1610 SFP Gigabit Ethernet CWDM, LC connector; 1610 nm, 80 km reach on single-mode fiber EX-SFP-10GE-USR SFP+ 10 Gigabit Ethernet Ultra Short Reach Optics, 850 nm for 10m on OM1, 20m on OM2, 100m on OM3 multimode fiber EX-SFP-10GE-SR SFP+ 10GBASE-SR; LC connector; 850 nm; 300m reach on 50 microns multimode fiber; 33m on 62.5 microns multimode fiber EX-SFP-10GE-LR SFP+ 10GBASE-LR; LC connector; 1310 nm; 10 km reach on single-mode fiber EX-SFP-10GE-ER SFP+ 10GBASE-ER 10 Gigabit Ethernet Optics, 1550 nm for 40 km transmission on single-mode fiber EX-SFP-10GE-ZR SFP+ 10GBASE-ZR; LC connector; 1550nm; 80 km reach on single-mode fiber EX-SFP-10GE-DAC1M SFP+ 10 Gigabit Ethernet Direct Attach Copper (twinax copper cable) – 1-meter length EX-SFP-10GE-DAC3M SFP+ 10 Gigabit Ethernet Direct Attach Copper (twinax copper cable) – 3-meter length EX-SFP-10GE-DAC5M SFP+ 10 Gigabit Ethernet Direct Attach Copper (twinax copper cable) – 5-meter length -
Product Overview
The Juniper Networks EX2300-C Ethernet Switch offers an economical, entry-level solution in a compact, fanless form factor for access layer deployments in branches, retail, and workgroup environments. The EX2300-C supports Juniper Networks Virtual Chassis technology, allowing up to four interconnected switches to be managed as a single logical device, delivering a scalable, pay-as-you-grow solution for expanding networks. The EX2300-C is onboarded, provisioned, and managed in the Juniper Mist Cloud Architecture, with Wired Assurance delivering better experiences for connected devices through AI-powered automation and service levels.
Product Description
The Juniper Networks® EX2300-C Ethernet Switch delivers a compact, silent, and power-efficient platform for low-density branch deployments and commercial access or enterprise workgroup environments outside the wiring closet. Featuring 12 10/100/1000BASE-T access ports and two 10GbE uplink ports with and without Power over Ethernet (PoE/PoE+) in a fanless design, the EX2300-C switches deliver a powerful solution for supporting services such as unified communications, IP telephony, closed circuit television (CCTV), and other applications in office, classroom, hospitality, and other space and wiring-constrained environments. The key features of the EX2300-C switch include:- Multiple hardware configurations:
- 12 10/100/1000BASE-T access ports and two SFP+ 10GbE uplink ports
- 12 10/100/1000BASE-T PoE/PoE+ access ports and two SFP+ 10GbE uplink ports
- IEEE 802.3at (PoE+) compliance, allowing a variety of devices to draw power from the switch through the access ports
- Cloud-managed and driven by Mist AI with Juniper Mist Wired Assurance
- Virtual Chassis support, allowing up to four switches to be interconnected and managed as a single logical device (optional license required)
- Energy Efficient Ethernet (EEE) support for GbE access ports
- Compact design featuring fanless and noiseless operation
Architecture and Key Components
The fixed-configuration EX2300-C line of Ethernet switches delivers complete Layer 2 and basic Layer 3 switching capabilities to satisfy the low-density branch and low-density wiring closet connectivity requirements of today’s high-performance business needs. The EX2300-C models extend that reach into workgroup environments that reside outside the wiring closet, including branch offices, retail access applications, education, hospitality, and other locations where the switch is deployed in open areas inside a building. Two versions are available. The EX2300-C-12T offers 12 front panel 10/100/1000BASE-T access ports and two SFP+ 10GbE uplink ports. The EX2300-C-12P offers 12 front panel 10/100/1000BASE-T IEEE 802.3af/IEEE 802.3at (PoE/PoE+) access ports, which can be used for powering networked devices such as telephones, video cameras, multiple radio IEEE 802.11ac wireless LAN (WLAN) access points, and videophones in converged network environments. In addition, the EX2300-C-12P has two SFP+ 10GbE uplink ports.
Figure 1: EX2300-C branch and retail store deployments.The uplink ports can be used to connect to higher-layer devices such as aggregation switches or routers. The uplink ports can also be configured as Virtual Chassis interfaces and connected via standard 10GbE interfaces. A fixed internal power supply ensures operational simplicity.Cloud Management with Juniper Mist Wired Assurance
Juniper Mist Wired Assurance, a cloud-based service driven by Mist AI to claim, configure, manage, and troubleshoot the EX2300-C, delivers AI-powered automation and service levels to ensure a better experience for connected devices. Wired Assurance leverages rich Junos switch telemetry data to simplify operations, reduce mean time to repair, and improve visibility. Wired Assurance offers the following features:- Day 0 operations—Onboard switches seamlessly by claiming a greenfield switch or adopting a brownfield switch with a single activation code for true plug-and-play simplicity.
- Day 1 operations—Implement a template-based configuration model for bulk rollouts of traditional and campus fabric deployments, while retaining the flexibility and control required to apply custom site- or switch-specific attributes. Automate provisioning of ports via Dynamic Port Profiles.
- Day 2 operations—Leverage the AI in Juniper Mist Wired Assurance to meet service-level expectations such as throughput, successful connects, and switch health with key pre- and post-connection metrics (see Figure 2). Add the self-driving capabilities in Marvis Actions to detect loops, add missing VLANs, fix misconfigured ports, identify bad cables, isolate flapping ports, and discover persistently failing clients (see Figure 3). And perform software upgrades easily through Juniper Mist cloud.
Figure 2: Juniper Mist Wired Assurance service-level expectationsFigure 3: Marvis Actions for wired switchesThe addition of Marvis, a complementary Virtual Network Assistant driven by Mist AI, lets you start building a self-driving network that simplifies network operations and streamlines troubleshooting via automatic fixes for EX Series switches or recommended actions for external systems. For more information see Juniper Mist Wired Assurance.Virtual Chassis Technology
The EX2300-C supports Juniper’s unique Virtual Chassis technology, enabling up to four interconnected EX2300-C switches to be managed as a single logical device and delivering a scalable, pay-as-you-grow solution for expanding network environments. The EX2300-C can also be connected to an existing Virtual Chassis configuration composed of EX2300 switches.
Figure 4: When deployed in a Virtual Chassis configuration, up to four EX2300-C switches can operate as a single, logical device.While EX2300-C switches can be interconnected over either of the two front panel 10GbE uplink ports, these ports can also be configured as 1GbE uplinks to aggregation devices by disabling the Virtual Chassis technology. When deployed in a Virtual Chassis configuration, the EX2300-C switches elect a primary and a backup switch based on a set of preconfigured policies or criteria. The primary switch automatically creates and updates the switching and optional routing tables on all other Virtual Chassis switch members. Switches can be added to or removed from the Virtual Chassis configuration without service disruption. EX2300-C Virtual Chassis configurations operate as highly resilient unified systems, providing simplified management using a single IP address, single telnet/SSH session, single command-line interface (CLI), automatic version checking, and automatic configuration. The EX2300-C switches are also capable of local switching, so packets coming into a port destined for another port on the same switch do not have to traverse the Virtual Chassis, increasing forwarding capacities. EX2300-C Virtual Chassis configurations implement the same slot/module/port numbering schema as other Juniper Networks chassis-based products, providing true chassis-like operations. By using a consistent operating system and a single configuration file, all switches in a Virtual Chassis configuration are treated as a single device, simplifying overall system maintenance and management.Simplified Operations
Virtual Chassis technology simplifies network management for smaller deployments. Up to four interconnected EX2300-C switches can be managed as a single device utilizing a single Junos OS image and a single configuration file, reducing the overall number of units to monitor and manage. When the Junos OS is upgraded on the primary switch in an EX2300-C Virtual Chassis configuration, the software is automatically upgraded on all other member switches at the same time. Dedicated front panel RJ-45 and USB console ports offer flexible out-of-band management options, while a front panel USB port can be used to easily upload the Juniper Networks Junos operating system and configuration files. All front panel access and uplink ports have dedicated link status and link activity LEDs. In addition, a series of front panel LEDs offer system status information with a button that allows users to toggle through four different modes for reporting speed (SPD), duplex mode (DX), administrative status (EN), and PoE status (PoE). A fixed internal power supply ensures operational simplicity.Easy Provisioning
Auto-configuration and Auto-Image Install features allow the switches to be configured and imaged over the network using the Dynamic Host Configuration Protocol (DHCP) message exchange process. These features eliminate the need to stage devices prior to deployment, dramatically reducing operational expenses. Auto-configuration and Auto Image Install allow new branches and retail stores to rapidly deploy their networks, and they also enable software upgrades and security fixes to be performed at the touch of a button. The ZTP feature allows a DHCP server to push configuration details and software images to multiple switches at boot-up time.Campus Fabric Deployments
Juniper campus fabrics support these validated architectures with the EX2300-C switch playing the role of access switch in a Virtual Chassis:- EVPN multihoming (collapsed core or distribution): A collapsed core architecture combines the core and distribution layers into a single switch, turning the traditional three-tier hierarchal network into a two-tier network. This eliminates the need for STP across the campus network by providing multihoming capabilities from the access to the core layer. EVPN multihoming can be deployed and managed using the Juniper Mist cloud.
- Core-Distribution: A pair of interconnected EX Series core or distribution switches provide L2 EVPN and L3 VXLAN gateway support. The EVPN-VXLAN network between the distribution and core layers offers two modes: centrally or edge routed bridging overlay.
Figure 5: Campus fabrics showing Virtual Chassis and EVPN-VXLAN-based architecturesFeatures and Benefits
The EX2300-C model switches include a number of features that make them ideal for low-density, open space deployments.Managing AI-Driven Campus Fabric with the Juniper Mist Cloud
Juniper Mist Wired Assurance brings cloud management and Mist AI to campus fabric. It sets a new standard moving away from traditional network management towards AI-driven operations, while delivering better experiences to connected devices. The Juniper Mist Cloud streamlines deployment and management of campus fabric architectures by allowing:- Automated deployment and zero touch deployment
- Anomaly detection
- Root cause analysis
Figure 5. EVPN multihoming configuration via the Juniper Mist cloudCompact Form Factor
At 10.98 inches wide and 9.4 inches deep, EX2300-C switches can be easily and discreetly installed on desktops, on or under shelves, or on walls. An optional magnetic mounting pad is available for securing the EX2300-C switches to metal surfaces. Rack-mount kits are also available for installing the switches in standard 19-inch wiring racks. Wall mounting can be done using the flexible mounting slots on the bottom of the chassis to attach to the screws on the wall.Silent Operation
The EX2300-C switches are fanless, resulting in a silent operation suitable for deployments in workgroup areas. The fanless design also reduces power consumption and improves mean time between failures (MTBF) by eliminating moving parts.Low Power
The fanless design reduces the power consumed by the EX2300-C switches. Energy Efficient Ethernet (EEE) ports ensure low power consumption when the network link is idle.Access Security
Working as an enforcement point within the Access Policy Infrastructure, the EX2300-C provides standards-based 802.1X port-level access control as well as L2-L4 policy enforcement based on user identity, location, device, or a combination of these. If access is granted, the switch assigns the user to a specific VLAN based on authorization levels. The EX2300-C also provides a full complement of port security features, including DHCP snooping, dynamic ARP inspection (DAI), and media access control (MAC) limiting to defend against internal and external spoofing, and man-in-the-middle and denial-of-service (DoS) attacks.Physical Security
Security slots on either side of the switch accept locking devices that physically secure switches, preventing them from being easily removed in open space or unsecured environments.PoE/PoE+ Power
The EX2300-C-12P switch delivers power for supporting networked devices such as telephones, video cameras, IEEE 802.11n WLAN access points, and videophones. It supports the IEEE 802.3af PoE standard, as well as IEEE 802.3at PoE+ with a budget of 124 watts. At maximum power, the 12-port EX2300-C-12P can provide the full 15.4 watts of Class 3 PoE to a maximum of eight ports simultaneously, and the full 30 watts of PoE+ to a maximum of four ports simultaneously. Attached devices draw the necessary power until the PoE power budget is exhausted.Junos Operating System
The EX2300-C switches run the same Junos OS that is used by other Juniper Networks EX Series Ethernet Switches, QFX Series Switches, Juniper Routers, Juniper SRX Firewalls, and the Juniper NFX Series Network Services Platform. By using a common operating system, Juniper delivers a consistent implementation and operation of control plane features across all products.Flex Licensing
Juniper Flex licensing offers a common, simple, and flexible licensing model for EX Series access switches, enabling customers to purchase features based on their network and business needs. Flex licensing is offered in Standard, Advanced, and Premium tiers. Standard tier features are available with the Junos OS image that ships with EX Series switches. Additional features can be unlocked with the purchase of a Flex Advanced or Flex Premium license. The Flex Advanced and Premium licenses for the EX Series platforms are class based, determined by the number of access ports on the switch. Class 1 (C1) switches have 12 ports, Class 2 (C2) switches have 24 Ports, and Class 3 (C3) switches have 32 or 48 Ports. The EX2300-C switches support both subscription and perpetual Flex licenses. Subscription licenses are offered for three- and five-year terms. In addition to Junos features, the Flex Advanced and Premium subscription licenses include Juniper Mist Wired Assurance. Flex Advanced and Premium subscription licenses also allow portability across the same tier and class of switches, ensuring investment protection for the customer. For a complete list of features supported by the Flex Standard, Advanced, and Premium tiers, or to learn more about Junos EX Series licenses, please visit https://www.juniper.net/documentation/us/en/software/license/licensing/topics/concept/flex-licenses-for-ex.html.Enhanced Limited Lifetime Warranty
The EX2300-C switches include an enhanced limited lifetime hardware warranty that provides next business day advance hardware replacement for as long as the original purchaser owns the product. The warranty includes lifetime software updates, advanced shipping of spares within one business day, and 24x7 Juniper Networks Technical Assistance Center (JTAC) support for 90 days after the purchase date. Power supplies and fan trays are covered for a period of five years. For complete details, please visit https://support.juniper.net/support/.Product Options
Table 1. EX2300-C Ethernet Switch ModelsModel Access Port Configuration Uplink Ports PoE+ Capable Ports Height PoE+ Budget Power Supply Rating EX2300-C-12T 12-port 10/100/1000BASE-T Two SFP/SFP+ ports 0 1 RU N/A 40 W AC EX2300-C-12P 12-port 10/100/1000BASE-T Two SFP/SFP+ ports 12 1 RU 124 W 170 W AC 
Physical Specifications
Power Options
- Fixed internal power supply (AC)
Model Max. System Power Consumption (Input Power without PoE) Total PoE Power Budget EX2300-C-12T 20 W AC 0 EX2300-C-12P 24 W AC 124W Dimensions (W x H x D)
- EX2300-C-12T: 10.98 x 1.72 x 9.4 in (27.9 x 4.4 x 23.9 cm)
- EX2300-C-12P: 10.98 x 1.72 x 9.4 in (27.9 x 4.4 x 23.9 cm)
Backplane
- 40 Gbps Virtual Chassis interconnect to link up to four switches as a single logical device
System Weight
- EX2300-C-12T: 5.45 lb (2.48 kg)
- EX2300-C-12P: 6.99 lb (3.17 kg)
Environmental Ranges
- Operating temperature: 32° to 104° F (0° to 40° C)1, 2
- Storage temperature: -40° to 158° F (-40° to 70° C)
- Operating altitude: up to 5,000 ft (1524 m)
- Nonoperating altitude: up to 16,000 ft (4877 m)
- Relative humidity operating: 10% to 85% (noncondensing)
- Relative humidity nonoperating: 0% to 95% (noncondensing)
Cooling
- Fanless operation
Hardware Specifications
Switching Engine Model
- Store and forward
DRAM
- 2 GB with ECC
Flash
- 2 GB
CPU
- 1.25 GHz ARM CPU
GbE port density per system
- 14 (12 access ports + 2 uplink ports)
Physical Layer
- Physical port redundancy: Redundant trunk group (RTG)
- Cable diagnostics for detecting cable breaks and shorts
- Auto medium-dependent interface/medium-dependent interface crossover (MDI/MDIX) support
- Port speed downshift/setting maximum advertised speed on 10/100/1000BASE-T ports
- Digital optical monitoring for optical ports
Packet-Switching Capacities (Maximum with 64-Byte Packets)
- 32 Gbps (unidirectional)/64 Gbps (bidirectional)
Software Specifications
Layer 2/Layer 3 Throughput (Mpps) (Maximum with 64 Byte Packets)
- 47 Mpps (wire speed)
Layer 2 Features
- Maximum MAC addresses in hardware: 16,000
- Jumbo frames: 9216 bytes
- Number of VLANs supported: 4093 (2044 active VLAN)
- Range of possible VLAN IDs: 1-4094
- Port-based VLAN
- MAC-based VLAN
- Voice VLAN
- Layer 2 Protocol Tunneling (L2PT)
- IEEE 802.1ak: Multiple VLAN Registration Protocol (MVRP)
- Compatible with Per-VLAN Spanning Tree Plus (PVST+)
- RVI (Routed VLAN Interface)
- IEEE 802.1AB: Link Layer Discovery Protocol (LLDP)
- LLDP-MED with VoIP integration
- IEEE 802.1ad Q-in-Q tunneling
- IEEE 802.1br Bridge Port Extension
- IEEE 802.1D: Spanning Tree Protocol
- IEEE 802.1p: CoS Prioritization
- IEEE 802.1Q: VLAN Tagging
- IEEE 802.1Q-in-Q: VLAN Stacking
- IEEE 802.1s: Multiple Spanning Tree Protocol (MSTP)
- Number of MST instances supported: 64
- IEEE 802.1w: Rapid Spanning Tree Protocol (RSTP)
- IEEE 802.1X: Port Access Control
- IEEE 802.3: 10BASE-T
- IEEE 802.3u: 100BASE-TX
- IEEE 802.3ab: 1000BASE-T
- IEEE 802.3z: 1000BASE-X
- IEEE 802.3af: PoE
- IEEE 802.3at: PoE+
- IEEE 802.3ad: Link Aggregation Control Protocol (LACP)
- IEEE 802.3x: Pause Frames/Flow Control
Layer 3 Features: IPv4
- Maximum number of ARP entries: 1,500
- Maximum number of IPv4 unicast routes in hardware: 512 prefixes; 4,096 host routes
- Maximum number of IPv4 multicast routes in hardware: 2,048 groups; 2,048 multicast routes
- Routing Protocols: RIP v1/v2, OSPF v1/v2
- Static routing
- Routing policy
- Bidirectional Forwarding Detection (BFD) with slow timers (> 3 sec)
- IP directed broadcast
Layer 3 Features: IPv6
- Maximum number of Neighbor Discovery (ND) entries: 1,500
- Maximum number of IPv6 unicast routes in hardware: 512 prefixes; 2,048 host routes
- Maximum number of IPv6 multicast routes in hardware: 1,024 groups; 1,024 multicast routes
- Neighbor discovery, system logging, Telnet, SSH, SNMP, Network Time Protocol (NTP), Domain Name System (DNS)
- Static routing
- Routing protocols: RIPng, OSPF v3
Access control lists (ACLs) (Junos OS firewall filters)
- Port-based ACL (PACL)—256 ingress; 256 egress
- VLAN-based ACL (VACL)—256 ingress; 256 egress
- Router-based ACL (RACL)—256 ingress; 512 egress
- ACL entries (ACE) in hardware per system: 2,000
- ACL counter for denied packets
- ACL counter for permitted packets>
- Ability to add/remove/change ACL entries in middle of list (ACL editing)
- L2-L4 ACL
Access Security
- MAC limiting
- Allowed MAC addresses—configurable per port
- Sticky MAC (persistent MAC address learning)
- Dynamic ARP inspection (DAI)
- Proxy ARP
- Static ARP support
- DHCP snooping
- 802.1X port-based
- 802.1X multiple supplicants
- 802.1X with VLAN assignment
- 802.1X with authentication bypass access (based on host MAC address)
- 802.1X with VoIP VLAN support
- 802.1X dynamic access control list (ACL) based on RADIUS attributes
- 802.1X Supported EAP types: Message Digest 5 (MD5), Transport Layer Security (TLS), Tunneled Transport Layer Security (TTLS), Protected Extensible Authentication Protocol (PEAP)
- IPv6 RA Guard
- IPv6 Neighbor Discovery Inspection
- Captive Portal
- Static MAC authentication
- MAC-RADIUS
- Control plane DoS protection
- Fallback Authentication
- Trusted Network Connect (TNC) certified
High Availability
- Link Aggregation
- 802.3ad (LACP) support:
- Number of LAGs supported: 128
- Maximum number of ports per LAG: 8
- Tagged ports support in LAG
- Uplink failure detection
Quality of Service (QoS)
- Layer 2 QoS
- Layer 3 QoS
- Ingress policing: 2 rate 3 color
- Hardware queues per port: 8
- Scheduling methods (egress): Strict Priority (SP), shaped-deficit weighted round-robin (SDWRR)
- 802.1p: DSCP/IP precedence trust and marking
- L2-L4 classification criteria: Interface, MAC address, Ethertype, 802.1p, VLAN, IP address, DSCP/IP precedence, TCP/UDP port numbers
- Congestion avoidance capabilities: Tail drop and WRED
Multicast
- Internet Group Management Protocol (IGMP) snooping entries: 2,000
- IGMP: v1, v2, v3
- IGMP snooping
- PIM sparse mode (PIM SM), PIM source-specific multicast (PIM SSM), PIM dense mode (PIM DM)
Management and Analytics Platforms
- Juniper Mist Wired Assurance for Campus
- Junos Space® Network Director for Campus
- Junos Space® Management
Device Management and Operations
- Junos OS CLI
- Junos Web interface (J-Web)
- Out-of-band management: Serial, 10/100BASE-T Ethernet
- ASCII configuration
- Rescue configuration
- Configuration rollback
- Image rollback
- Simple Network Management Protocol (SNMP): v1, v2c, v3
- Remote monitoring (RMON) (RFC 2819) Groups 1, 2, 3, 9
- Network Time Protocol (NTP)
- DHCP server
- DHCP client and DHCP proxy
- DHCP relay and helper
- RADIUS authentication
- TACACS+ authentication
- SSHv2
- Secure copy
- HTTP/HTTPs
- DNS resolver
- System log logging
- Temperature sensor
- Configuration backup via FTP/secure copy
- Interface range
Supported MIBs
- RFC 1155 Structure of Management Information (SMI)
- RFC 1157 SNMPv1
- RFC 1212, RFC 1213, RFC 1215 MIB-II, Ethernet-like MIB, and TRAPs
- RFC 1493 Bridge MIB
- RFC 1643 Ethernet MIB
- RFC 1724 RIPv2 MIB
- RFC 1905 RFC 1907 SNMP v2c, SMIv2, and Revised MIB-II
- RFC 1981 Path MTU Discovery for IPv6
- RFC 2011 SNMPv2 Management Information Base for the IP using SMIv2
- RFC 2012 SNMPv2 Management Information Base for the transmission Control Protocol using SMIv2
- RFC 2013 SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2
- RFC 2096 IPv4 Forwarding Table MIB
- RFC 2287 System Application Packages MIB
- RFC 2460 IPv6 Specification
- RFC 2464 Transmission of IPv6 Packets over Ethernet Networks
- RFC 2570-2575 SNMPv3, User-based Security, Encryption, and Authentication
- RFC 2576 Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework
- RFC 2578 SNMP Structure of Management Information MIB
- RFC 2579 SNMP Textual Conventions for SMIv2
- RFC 2665 Definitions of Managed Objects for the Ethernet-like Interface Types
- RFC 2819 RMON MIB
- RFC 2863 The Interfaces Group MIB
- RFC 2922 LLDP MIB
- RFC 2925 Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations
- RFC 3413 SNMP Application MIB
- RFC 3414 User-based Security Model for SNMPv3
- RFC 3415 View-based Access Control Model (VACM) for SNMP
- RFC 3484 Default Address Selection for IPv6
- RFC 3621 PoE-MIB (PoE switches only)
- RFC 4188 STP and Extensions MIB
- RFC 4213 Basic Transition Mechanisms for IPv6 Hosts and Routers
- RFC 4291 IPv6 Addressing Architecture
- RFC 4363 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and VLAN Extensions
- RFC 4443 ICMPv6 for the IPv6 Specification
- RFC 4861 Neighbor Discovery for IPv6
- RFC 4862 IPv6 Stateless Address Autoconfiguration
- Draft - blumenthal - aes - usm - 08
- Draft - reeder - snmpv3 - usm - 3desede -0
Troubleshooting
- Debugging: CLI via console, telnet, or SSH
- Diagnostics: Show and debug command statistics
- Traffic mirroring (port)
- Traffic mirroring (VLAN)
- Filter-based mirroring
- Mirroring destination ports per system: 4
- LAG port monitoring
- Multiple destination ports monitored to 1 mirror (N:1)
- Maximum number of mirroring sessions: 4
- Mirroring to remote destination (over L2): 1 destination VLAN
- Encapsulated Remote Switched Port Analyzer (ERSPAN)
- IP tools: Extended ping and trace
- Juniper Networks commit and rollback
Safety Certifications
- UL-UL60950-1 (Second Edition)
- C-UL to CAN/CSA 22.2 No.60950-1 (Second Edition)
- TUV/GS to EN 60950-1 (Second Edition)
- CB-IEC60950-1 (Second Edition with all country deviations)
- EN 60825-1 (Second Edition)
Electromagnetic Compatibility Certifications
- FCC 47CFR Part 15 Class A
- EN 55022 Class A
- ICES-003 Class A
- VCCI Class A
- AS/NZS CISPR 22 Class A
- CISPR 22 Class A
- EN 55024
- EN 300386
- CE
Telecom Quality Management
- TL9000
Telco
- CLEI code
Noise Specifications
- 0 db (fanless)
- Multiple hardware configurations:
-
Product Overview
The EX9250 line of Ethernet switches provides compact, programmable, and scalable core and aggregation devices for enterprise environments, reducing cost and complexity while offering carrier-class reliability. The EX9250 Ethernet switches dramatically simplify campus and data center architectures by enabling Evolved Enterprise Core deployments with Ethernet VPN, creating a path to a 100GbE core.
Product Description
The Juniper Networks® EX9250 line of compact, programmable, and scalable Ethernet switches is ideal for aggregating access switches such as Juniper Networks EX2300, EX3400, EX4300, and EX4600 Ethernet Switches deployed in campus wiring closets and in on-premises data centers. The EX9250 is also a key component of Juniper’s AI-Driven Enterprise. The switch decouples the overlay network from the underlay with technologies such as Ethernet VPN (EVPN) and Virtual Extensible LAN (VXLAN), addressing the needs of the modern enterprise network by allowing network administrators to create logical L2 networks over different L3 networks. Two EX9250 chassis options are available, providing considerable deployment flexibility:- EX9251 Ethernet Switch is a fixed-configuration 1 U chassis that supports 8-port 1GbE/10GbE and 4-port 40GbE/100GbE.
- EX9253 Ethernet Switch is a two-slot modular 3 U chassis that supports any combination of the following line cards:
- EX9253-6Q12C, a 12-port QSFP28 40GbE/100GbE and 6-port QSFP+ 40GbE line card
- EX9253-6Q12C-M, a 12-port QSFP28 40GbE/100GbE and 6-port QSFP+ 40GbE line card with Media Access Control Security (MACsec) support
Custom Silicon
The EX9250 switches are based on Juniper One custom silicon, an ASIC designed by Juniper that provides a programmable Packet Forwarding Engine (PFE) and natively supports networking protocols such as virtualization using MPLS over IP and overlay network protocols. ASIC micro code changes, delivered through updates to Juniper Networks Junos® operating system, protect investments by allowing existing hardware to support new or future networking protocols. As a key component of Juniper’s Cloud-Enabled Enterprise architecture, EX9250 switches provide a simple, open, and smart approach to building enterprise networks. The EX9250 switches support Junos Fusion Enterprise technology, which enables a large number of devices deployed throughout a building to be managed as a single logical device. The EX9250 switches also support Data Center Interconnect (DCI), critical to workload mobility and application availability, by delivering leading technologies such as MPLS, virtual private LAN service (VPLS), and EVPN.EX9250 switches offer Evolved Enterprise Core capabilities that allow the creation of larger networks supporting both Layer 2 and Layer 3 application traffic. An Evolved Enterprise Core is enabled by combining technologies such as EVPN and VXLAN. EVPN uses control plane-based learning to ensure efficient network utilization and natively supports active/active multihoming. VXLAN overlay with EVPN allows L2 connectivity across the network while providing active/active redundancy, aliasing, and mass media access control (MAC) withdrawal. In an Evolved Enterprise Core, the provider edge (PE) switch/router can, in most cases, also use a VXLAN L3 gateway and route between VXLAN segments when required. Since the core is a standard IP network, EVPN/VXLAN allows the creation of an evolved core without having to replace the rest of the core infrastructure. Enabling an evolved core with EVPN provides flexibility by integrating with Junos Fusion and other technologies in the distribution/access layer, paving the way for a broader EVPN deployment over time. The EX9250 line of switches is designed with simplicity in mind to enable the Self-Driving Network™, with the goal of detecting and correcting network faults and anomalies before services or customer experiences can be impacted. The following capabilities, integrated into the EX9250 switches, make this possible.- Automation: In addition to integration with Puppet, Python, OpenStack, and other automation applications, Juniper Extension Toolkit (JET), available on the EX9250 switches, covers all phases of network design, construction, provisioning, and operations implemented with the APIs and programming tools to deliver more programmatic interaction. JET provides a notification API that allows users to subscribe to events and designate a callback function, as well as a service API that allows users to access the control plane and management plane to run operational and configuration commands.
- Analytics: Junos Telemetry Interface (JTI), available on the EX9250 switches, delivers advanced telemetry for collecting the data needed to detect the state of network resources and services. This includes capacity analysis, scenario simulation, and detection, as well as prevention of network incidents. JTI uses a push model to deliver data asynchronously, eliminating the need for polling, while allowing a management station to request data once and subscribe to streaming periodic updates. As a result, JTI can effectively scale to support thousands of devices, gathering telemetry data essential to the Self-Driving Network.
Table 1. EX9250 Features at a GlanceFeature EX9251 EX9253 Architecture Single data, control, and management plane Separate dedicated data, control, and management planes Power Holds up to two power supplies: - -40 to -72 V DC (1+1 redundancy)
- Autosensing 120/240 V AC (1+1 redundancy)
- Maximum power draw: 312 W (DC), 300 W (AC)
Holds up to six power supplies: - -40 to -72 V DC (3+1 redundancy)
- 100-120 V AC (3+1 redundancy)
- 200-240 V AC (3+1 redundancy)
- Maximum power draw: 2692 W (DC), 2692 W (AC)
Cooling Internally redundant fan tray with front-to-back airflow Internally redundant fan tray with front-to-back airflow Weight (fully loaded) 23.15 lb (10.5 kg) 120 lb (54.43 kg) Maximum throughput Up to 800 Gbps Up to 4.8 Tbps Routing Engine (RE) Integrated single RE 1.6 GHz, 8 core Intel Xeon processor Up to 32 gigabytes DRAM Solid-state drive (SSD) (up to 100 GB) Console, auxiliary serial, and Ethernet management ports USB storage interface Primary and backup REs (1+1 redundancy) 1.6 GHz, 8-core Intel Xeon processor Up to 64 gigabytes DRAM Dual front pluggable solid-state drive (SSD) (up to 100 GB each) Console, auxiliary serial, and Ethernet management ports USB storage interface Operating system Juniper Networks Junos operating system Juniper Networks Junos operating system High availability Hardware designed for continuous operation: - Secure, modular architecture that isolates faults
- Separate control and forwarding planes that enhance scalability and resiliency
Hardware designed for continuous operation: - Secure, modular architecture that isolates faults
- Separate control and forwarding planes that enhance scalability and resiliency
- Transparent failover and network recovery
- Graceful Routing Engine switchover (GRES)
- Nonstop active routing (NSR)
- Nonstop bridging (NSB)
Layer 2 features Up to 1 million MAC addresses Up to 512,000 Address Resolution Protocol (ARP) entries with mid-scale (ML) license (256,000 entries without ML license) Up to 512,000 forwarding information base (FIB) entries with ML license (256,000 entries without ML license) Jumbo frames (9192 bytes maximum) 32,000 VLANs VLAN Registration Protocol 802.3ad—Link Aggregation Control Protocol (LACP) 802.1D—Spanning Tree Protocol (STP) 802.1w—Rapid Spanning Tree Protocol (RSTP) 802.1s—Multiple Spanning Tree Protocol (MSTP) VLAN Spanning Tree Protocol (VSTP) Layer 2 Protocol Tunneling (L2PT) Layer 3 features 1 million IPv4 routing information base (RIB) 1 million IPv6 RIB Static routing RIP v1/v2 OSPF v1/v2 OSPF v3 Filter-based forwarding Virtual Router Redundancy Protocol (VRRP) IPv6 Bidirectional Forwarding Detection (BFD) Virtual routers BGP (Advanced Feature license) IS-IS (Advanced Feature license) Hardware tunneling GRE tunnels MPLS capabilities (Advanced Feature License) VPLS BGP/MPLS VPNs Ethernet VPNs Multicast Up to 256,000 IPv4 multicast routes Up to 256,000 IPv6 multicast routes Internet Group Management Protocol (IGMP) v1/v2/v3 IGMP snooping Multicast Listener Discovery (MLD) v1/v2 MLD snooping Protocol Independent Multicast PIM-SM, PIM-SSM, PIM-DM Multicast Source Discovery Protocol (MSDP) Firewall filters Ingress and egress L2-L4 access control lists (ACLs): Port ACLs VLAN ACLs Router ACLs Control plane denial-of-service (DoS) protection Quality of service (QoS) 16,000 policers per chassis 8 egress queues per port Weighted random early detection (WRED) scheduling Weighted round-robin (WRR) queuing Strict priority queuing Virtualization Integration with Juniper Contrail Platform Integration with VMware NSX vSphere Network virtualization protocols such as VXLAN VXLAN L2 and L3 gateway EVPN and VPLS for DCI Management Junos OS CLI Junos Space® Network Director Junos XML management protocol SNMP v1/v2/v3 RADIUS TACACS+ Extensive MIB support Firewall-based port mirroring Link Layer Discovery Protocol (LLDP) Advanced Insight Solutions (AIS) EX9250 Campus Deployment Options
The EX9250 is designed primarily for the following two use cases:- EVPN multihoming or MC-LAG: A pair of interconnected EX9250 switches can be deployed to provide EVPN multihoming (ESI-LAG) or multichassis link aggregation (MC-LAG) in a collapsed core/distribution configuration. This eliminates the need for Spanning Tree Protocol (STP) across the campus network by providing multihoming capabilities from the access to the distribution layer, while the distribution to the core layer is an L3 IP fabric. EVPN multihoming also supports horizontal scaling with more than two devices in the distribution layer and can extend EVPN to the core.
- Campus fabric: The AI-Driven Enterprise architecture decouples the overlay network from the underlay with technologies such as EVPN and VXLAN, addressing the needs of the modern enterprise network by allowing network administrators to create logical L2 networks over different L3 networks. Juniper supports various EVPN-VXLAN-based campus fabric architectures, including:
- Campus fabric core-distribution
- Campus fabric IP Clos
Figure 1: EX9250 as distribution and core in EVPN multihoming and campus fabric architectures.Campus fabric architectures let you manage your campus and data center as a single IP fabric, with over-the-top (OTT) policy and control provided by Juniper. Any number of switches can be connected in a Clos network or IP fabric; EVPN-VLAN extends the fabric and connects multiple enterprise buildings while VXLAN stretches L2 across the network. An IP Clos network between the distribution and core layers can exist in two modes: centrally routed bridging overlay or edge-routed bridging overlay.Architecture and Key Components
The EX9250 line delivers a number of common architectural elements across its campus distribution and core Ethernet switches. The REs employed by these switches run Junos OS, which processes all L2 and L3 protocols and manages the chassis. The EX9251 switch and the EX9253 line cards include Packet Forwarding Engines (PFEs) that process network traffic. The EX9251 is designed for small enterprise campus deployments. The switch’s shallow depth makes it ideal for wiring closets and distribution facilities. To maintain uninterrupted operation, redundant variable-speed fans cool the system, as well as the RE and PFE. Redundant hot-swappable power supplies convert building power to the internal voltage required by the system. The EX9253 is designed for medium-sized enterprises, with efficient multicast replication handling and deep buffering to ensure performance at scale. To maintain uninterrupted operation, trays with redundant, variable-speed fans cool the line cards, RE, and PFE. The EX9253 power supplies convert building power to the internal voltage required by the system. All EX9253 components are hot-swappable, and all central functions are available in redundant configurations, providing high operational availability and ensuring continuous system operation during maintenance or repairs.Software Functionality
The EX9251 and the EX9253 switches support an extensive set of L2 and L3 services. EX9250 switches are built on Juniper One custom silicon, which supports a wide range of L2 and L3 Ethernet functionality, including 802.1Q VLAN, link aggregation, Virtual Router Redundancy Protocol (VRRP), L2-to-L3 mapping, and port monitoring. Additionally, the line cards support filtering, sampling, load balancing, rate limiting, class of service (CoS), and other key features needed for the deployment of dependable, high-performance Ethernet infrastructure.EX9250 Routing Engine
The Routing Engine used by the EX9250 line of switches is based on the same field-proven hardware architecture used by Juniper Networks routers, bringing the same carrier-class performance and reliability to the EX9250 that Juniper routers bring to the world’s largest service provider networks. The RE’s central CPU performs all system control functions and maintains hardware forwarding table and routing protocol states for the switches.- The EX9251 supports control and management plane functionality with a single integrated RE that features an 8-core, 1.6 GHz Intel processor with 32 gigabytes of DRAM, and an internal fixed SSD providing 100 GB of storage for Junos OS images and logs. Dedicated hardware on the RE supports chassis management functions such as environmental monitoring.
- The EX9253 supports control and management plane functionality with an integrated RE that features an 8-core, 1.6 GHz Intel processor with 64 gigabytes of DRAM and dual front-pluggable SSDs, each providing 100 GB of storage for Junos OS images and logs. Dedicated hardware on the RE supports chassis management functions such as environmental monitoring. Communication between the RE modules and individual line cards takes place over a dedicated internal GbE out-of-band control interface.
Power
All EX9250 switches support both AC and DC power supplies; however, AC and DC supplies cannot be mixed in the same chassis.- The EX9251 supports up to two AC or DC power supplies. The AC supplies accept 100 to 240 V AC input and deliver 650 watts of power to the chassis, while the DC power supplies accept -40 to -72 V DC input and deliver 650 watts of power. The EX9251 can be provisioned with either one or two AC power supplies with high line (200-240 V AC) power inputs; one or two AC power supplies with low line (100-120 V AC) power inputs; or one or two DC power supplies.
- The EX9253 supports up to six AC or DC power supplies. The AC supplies accept 100 to 240 V AC input and deliver 6600 W at 110 V and 9600 W at 220 V, while the DC power supplies accept -40 to -72 V DC input and deliver 6600 W of power to the chassis. The EX9253 can be provisioned with three to six AC power supplies with high line (200-240 V AC) power inputs; three to six AC power supplies with low line (100-120 VAC) power inputs; or three to six DC power supplies.
Table 2. EX9253 Power ConsumptionTypical Power Maximum Power EX9253-6Q12C Line Card 740 W 800 W EX9253-6Q12C-M Line Card 770 W 770 W Table 3. EX9250 Maximum Power ConsumptionEX9251 EX9253 100-120 V AC Input 300 W 2692 W 200-240 V AC Input 300 W 2692 W -40 to -72 V DC Input 312 W 2692 W Features and Benefits
Simplified Network Architectures
The EX9250 line of switches is ideal for simplifying campus, data center, and combined campus and data center network environments by collapsing network layers. When deployed in an MC-LAG configuration in the campus, the EX9250 switches—working in conjunction with Juniper access layer switches like the EX4300, EX3400, and EX2300—eliminate the need for STP and collapse the core and aggregation layers, dramatically simplifying the network architecture and network operations. Similarly, in the data center, the EX9250 switches can be used to collapse core and aggregation layers. When used with Juniper access switches in an MC-LAG configuration, the EX9251 and EX9253 reduce the number of managed devices by more than 50% and eliminate the need for STP. In combined campus and data center environments, the EX9250 line consolidates network layers to simplify the network architecture and operations. In all scenarios, the EX9250 line of switches delivers a simple, secure, virtualized network environment that increases enterprise business agility.High Availability
When serving as core switches, the EX9250 line delivers a number of high availability features that ensure uninterrupted, carrier-class performance in addition to redundant, hot-swappable power supplies and field-replaceable fans. Each EX9253 chassis includes an extra slot to accommodate a redundant RE to serve as a backup in hot-standby mode, ready to take over in the event of a primary RE failure. If the primary RE fails, the integrated L2 and L3 GRES feature of Junos OS, working in conjunction with the NSR and NSB features, ensures a seamless transfer of control to the backup, maintaining uninterrupted access to applications, services, and IP communications.Carrier-Class Operating System
The EX9250 line of switches runs the same Junos OS used by all other Juniper Networks EX Series Ethernet Switches, as well as the Juniper Networks routers that power the world’s largest and most complex networks. By using a common operating system, Juniper delivers a consistent implementation and operation of control plane features across all products. To maintain that consistency, Junos OS adheres to a highly disciplined development process that uses a single source code, follows a single release train, and employs a highly available modular architecture that prevents isolated failures from bringing down an entire system.
Figure 2: EX9250 collapses layers in campus, data center, and combined campus and data center environments.These attributes are fundamental to the core value of the software, enabling all Junos OS-powered products to be updated simultaneously with the same software release. All features are fully regression tested, making each new release a true superset of the previous version; customers can deploy the software with complete confidence that all existing capabilities will be maintained and operate in the same way.Simplified Management and Operations
A range of system management options are available for the EX9250 line. The standard Junos OS CLI provides the same granular management capabilities and scripting parameters found in all Junos OS-powered devices. In addition, integrated Junos XML management protocol tools provide early detection and automatic resolution of potential problems related to the operating system. Juniper Networks Junos Space Network Director software provides system-level management across all EX Series switches, as well as other Juniper products deployed throughout the network—all from a single console.MACsec
The EX9253-12C8Q-M line card supports IEEE 802.1ae MACsec with AES-256 bit encryption, ensuring link-layer data confidentiality, data integrity, and data origin authentication. A single EX9253-SFL license is required for the EX9253 chassis to enable MACsec in software. Defined by IEEE 802.1ae, MACsec provides secure, encrypted communication at the link layer that is capable of identifying and preventing threats from DoS and other intrusion attacks, as well as man-in-the-middle, masquerading, passive wiretapping, and playback attacks launched from behind the firewall. When deployed on switch ports, MACsec encrypts all traffic on the wire but not inside the switch itself. This allows the switch to apply policies such as QoS, deep packet inspection, and sFlow to each packet without compromising the security of packets on the wire. Hop-by-hop encryption enables MACsec to secure communications while maintaining network intelligence. In addition, Ethernet-based WAN networks can use MACsec to secure links over long-haul connections. MACsec is transparent to L3 and higher layer protocols and is not limited to IP traffic; it works with any type of wired or wireless traffic traversing Ethernet links.Scale Licenses
EX9251-ML and EX9253-ML Mega Scale license SKUs enable an EX9250 line chassis to support 512,000 FIB and ARP entries. Only one ML license is required per chassis.
Specifications
Table 4. EX9250 System CapacityEX9251 EX9253 Maximum throughput bandwidth/slot 800 Gbps 400 Gbps full duplex 2.4 Tbps/slot 1.2 Tbps full duplex Maximum 10GbE port density (wire speed) 24 144 (with break out cables) Maximum 40GbE port density (wire speed) 4 36 Maximum 100GbE port density (wire speed) 4 24 Table 5. Chassis SpecificationsEX9251 EX9253 Dimensions (W x H x D): 17.6 x 1.75 x 18.7 in. (44.7 x 4.45 x 47.5 cm) 19 x 5.217 x 30 in. (48.26 x 13.25 x 76.2 cm) Total depth includes standard cable manager measurements. Rack units 1 U 3 U Weight (fully loaded) 23.15 lb (10.5 kg) 120 lb (54.43 kg) Total number of slots N/A 3 Slots available for line cards N/A 2 Table 6. EX9253 Line Card CapacitiesLine Cards EX9253 EX9253-6Q12C 2.4 Tbps EX9253-6Q12C-M 2.4 Tbps EX9253 Line Card Specifications
Dimensions (W x H x D)
- 1.25 x 17 x 22 in. (3.2 x 43.2 x 55.9 cm)
Weight
- EX9253-6Q12C: 14.0 lb (6.6 kg)
- EX9253-6Q12C-M: 14.8 lb (6.7 kg)
Feature Specifications
IEEE Compliance
- IEEE 802.1AB: Link Layer Discovery Protocol (LLDP)
- IEEE 802.1D-2004: Spanning Tree Protocol (STP)
- IEEE 802.1p: Class-of-service (CoS) prioritization
- IEEE 802.1Q: Virtual Bridged Local Area Networks
- IEEE 802.1s: Multiple Spanning Tree Protocol (MSTP)
- IEEE 802.1w: Rapid Spanning Tree Protocol (RSTP)
- IEEE 802.3: 10BASE-T
- IEEE 802.3u: 100BASE-T
- IEEE 802.3ab: 1000BASE-T
- IEEE 802.3z: 1000BASE-X
- IEEE 802.3ae: 10-Gigabit Ethernet
- IEEE 802.3ba: 40-Gigabit/100-Gigabit Ethernet
- IEEE 802.3ah: Operation, Administration, and Maintenance (OAM)
- IEEE 802.3ad: Link Aggregation Control Protocol (LACP)
- IEEE 802.1ae: Media Access Control Security
RFC Compliance
- RFC 768: UDP
- RFC 783: Trivial File Transfer Protocol (TFTP)
- RFC 791: IP
- RFC 792: Internet Control Message Protocol (ICMP)
- RFC 793: TCP
- RFC 826: ARP
- RFC 854: Telnet client and server
- RFC 894: IP over Ethernet
- RFC 903: Reverse Address Resolution Protocol (RARP)
- RFC 906: TFTP Bootstrap
- RFC 951, 1542: BootP
- RFC 1027: Proxy ARP
- RFC 1058: RIP v1
- RFC 1112: IGMP v1
- RFC 1122: Host Requirements
- RFC 1195: Use of Open Systems Interconnection (OSI) IS-IS for Routing in TCP/IP and Dual Environments (TCP/IP transport only)
- RFC 1256: IPv4 ICMP Router Discovery Protocol (IRDP)
- RFC 1492: TACACS+
- RFC 1519: Classless Interdomain Routing (CIDR)
- RFC 1587: OSPF NSSA Option
- RFC 1591: Domain Name System (DNS)
- RFC 1745: BGP4/IDRP for IP-OSPF Interaction
- RFC 1765: OSPF Database Overflow
- RFC 1771: Border Gateway Protocol 4
- RFC 1772: Application of the Border Gateway Protocol in the Internet
- RFC 1812: Requirements for IP Version 4 Routers
- RFC 1965: Autonomous System Confederations for BGP
- RFC 1981: Path maximum transmission unit (MTU) Discovery for IPv6
- RFC 1997: BGP Communities Attribute
- RFC 2030: Simple Network Time Protocol (SNTP)
- RFC 2068: HTTP server
- RFC 2080: RIPng for IPv6
- RFC 2081: RIPng Protocol Applicability Statement
- RFC 2131: BOOTP/Dynamic Host Configuration Protocol (DHCP) relay agent and DHCP server
- RFC 2138: RADIUS Authentication
- RFC 2139: RADIUS Accounting
- RFC 2154: OSPF with Digital Signatures (password, Message Digest 5)
- RFC 2236: IGMP v2
- RFC 2267: Network Ingress Filtering
- RFC 2270: BGP-4 Dedicated autonomous system (AS) for Sites/Single Provider
- RFC 2283: Multiprotocol Extensions for BGP-4
- RFC 2328: OSPF v2 (Edge mode)
- RFC 2338: VRRP
- RFC 2362: PIM-SM (Edge mode)
- RFC 2370: OSPF Opaque LSA Option
- RFC 2373: IPv6 Addressing Architecture
- RFC 2375: IPv6 Multicast Address Assignments
- RFC 2385: TCP MD5 Authentication for BGPv4
- RFC 2439: BGP Route Flap Damping
- RFC 2453: RIP v2
- RFC 2460: Internet Protocol, v6 (IPv6) specification
- RFC 2461: Neighbor Discovery for IP Version 6 (IPv6)
- RFC 2462: IPv6 Stateless Address Autoconfiguration
- RFC 2463: ICMPv6
- RFC 2464: Transmission of IPv6 Packets over Ethernet Networks
- RFC 2474: DiffServ Precedence, including 8 queues/port
- RFC 2475: DiffServ Core and Edge Router Functions
- RFC 2526: Reserved IPv6 Subnet Anycast Addresses
- RFC 2545: Use of BGP-4 Multiprotocol Extensions for IPv6 Interdomain Routing
- RFC 2547: BGP/MPLS VPNs
- RFC 2597: DiffServ Assured Forwarding (AF)
- RFC 2598: DiffServ Expedited Forwarding (EF)
- RFC 2710: Multicast Listener Discovery (MLD) for IPv6
- RFC 2711: IPv6 Router Alert Option
- RFC 2740: OSPF for IPv6
- RFC 2796: BGP Route Reflection (supersedes RFC 1966)
- RFC 2796: Route Reflection
- RFC 2858: Multiprotocol Extensions for BGP-4
- RFC 2893: Transition Mechanisms for IPv6 Hosts and Routers
- RFC 2918: Route Refresh Capability for BGP-4
- RFC 3031: Multiprotocol Label Switching Architecture
- RFC 3032: MPLS Label Stack Encoding
- RFC 3036: LDP Specification
- RFC 3065: Autonomous System Confederations for BGP
- RFC 3176: sFlow
- RFC 3215: LDP State Machine
- RFC 3306: Unicast-Prefix-based IPv6 Multicast Addresses
- RFC 3376: IGMP v3
- RFC 3392: Capabilities Advertisement with BGP-4
- RFC 3446: Anycast Rendezvous Point (RP) Mechanism using PIM and MSDP
- RFC 3478: Graceful Restart for Label Distribution Protocol
- RFC 3484: Default Address Selection for IPv6
- RFC 3513: Internet Protocol Version 6 (IPv6) Addressing
- RFC 3569: PIM-SSM PIM Source Specific Multicast
- RFC 3587: IPv6 Global Unicast Address Format
- RFC 3618: Multicast Source Discovery Protocol (MSDP)
- RFC 3623: OSPF Graceful Restart
- RFC 3768: Virtual Router Redundancy Protocol (VRRP)
- RFC 3810: Multicast Listener Discovery Version 2 (MLDv2) for IP
- RFC 3973: PIM-Dense Mode
- RFC 4213: Basic Transition Mechanisms for IPv6 Hosts and Routers
- RFC 4291: IPv6 Addressing Architecture
- RFC 4360: BGP Extended Communities Attribute
- RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs)
- RFC 4443: ICMPv6 for the IPv6 specification
- RFC 4486: Sub codes for BGP Cease Notification message
- RFC 4552: Authentication/Confidentiality for OSPFv3
- RFC 4604: Using Internet Group Management Protocol Version 3 (IGMPv3)
- RFC 4724: Graceful Restart Mechanism for BGP
- RFC 4761: Virtual Private LAN Service (VPLS) using BGP for auto-discovery and signaling
- RFC 4798: Connecting IPv6 Islands over IPv4 MPLS Using IPv6 Provider Edge Routers (6PE)
- RFC 4861: Neighbor Discovery for IPv6
- RFC 4862: IPv6 Stateless Address Autoconfiguration
- RFC 5095: Deprecation of Type 0 Routing Headers in IPv6
- RFC 5286, Basic Specification for IP Fast Reroute: Loop-Free Alternates
- RFC 5306: Restart Signaling for IS-IS
- RFC 5308: Routing IPv6 with IS-IS
- RFC 5340: OSPF for IPv6
- Draft-ietf-bfd-base-09.txt: Bidirectional Forwarding Detection
- RFC 7432: BGP MPLS-based Ethernet VPN
Management and Analytics Platforms
- Juniper Mist Wired Assurance for Campus
- Junos Space Network Director for Campus
- Junos Space® Management
Device Management and Operations
- Virtual Extensible Local Area Network (VXLAN)
- REST API
- NETCONF sessions over outbound HTTPS
- Juniper Extension Toolkit (JET)
- OpenFlow v1.3
- Junos OS CLI
- Out-of-band management: Serial; 10/100/1000BASE-T Ethernet
- ASCII configuration file
- Rescue configuration
- Configuration rollback
- Image rollback
- SNMP: v1, v2c, v3
- RMON (RFC 2819): Groups 1, 2, 3, 9
- Network Time Protocol (NTP)
- DHCP server
- DHCP relay with Option 82
- RADIUS
- TACACS+
- SSHv2
- Secure copy
- DNS resolver
- Syslog logging
- Environment monitoring
- Temperature sensor
- Configuration backup via FTP/secure copy
Network Management—MIB Support
- J-Flow
- RFC 1155: Structure of Management Information (SMI)
- RFC 1157: SNMPv1
- RFC 1212, RFC 1213, RFC 1215: MIB-II, Ethernet-like MIB, and traps
- RFC 1657: BGP-4 MIB
- RFC 1724: RIPv2 MIB
- RFC 1850: OSPFv2 MIB
- RFC 1901: Introduction to Community-based SNMPv2
- RFC 1902: Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2)
- RFC 1905, RFC 1907: SNMP v2c, SMIv2, and Revised MIB-II
- RFC 2011: SNMPv2 for IP using SMIv2
- RFC 2012: SNMPv2 for transmission control protocol using SMIv2
- RFC 2013: SNMPv2 for user datagram protocol using SMIv2
- RFC 2096: IPv4 Forwarding Table MIB
- RFC 2287: System Application Packages MIB
- RFC 2465: Management Information Base for IP Version 6
- RFC 2570–2575: SNMPv3, user-based security, encryption, and authentication
- RFC 2576: Coexistence between SNMP Version 1, Version 2, and Version 3
- RFC 2578: SNMP Structure of Management Information MIB
- RFC 2579: SNMP Textual Conventions for SMIv2
- RFC 2665: Ethernet-like interface MIB
- RFC 2787: VRRP MIB
- RFC 2819: RMON MIB
- RFC 2863: Interface Group MIB
- RFC 2863: Interface MIB
- RFC 2922: LLDP MIB
- RFC 2925: Ping/Traceroute MIB
- RFC 2932: IPv4 Multicast MIB
- RFC 3413: SNMP Application MIB
- RFC 3826: The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP
- RFC 4188: STP and Extensions MIB
- RFC 4363: Definitions of Managed Objects for Bridges with traffic classes, multicast filtering, and VLAN extensions
- Draft-ietf-idr-bgp4-mibv2-02.txt: Enhanced BGP-4 MIB
- Draft-ietf-isis-wg-mib-07
- Draft-reeder-snmpv3-usm-3desede-00
- Draft-ietf-idmr-igmp-mib-13
- Draft-ietf-idmr-pim-mib-09
- Draft-ietf-bfd-mib-02.txt
Troubleshooting
- Debugging: CLI via console, Telnet, or SSH
- Diagnostics: Show, debug, and statistics commands
- Firewall-based port mirroring
- IP tools: Extended ping and trace
- Juniper Networks commit and rollback
Environmental Ranges
- Operating temperature: 32° to 104° F (0° to 40° C)
- Storage temperature: -40° to 158° F (-40° to 70° C)
- Operating altitude: Up to 10,000 ft (3,048 m)
- Relative humidity operating: 5 to 90% (noncondensing)
- Relative humidity nonoperating: 5 to 95% (noncondensing)
- Seismic: Designed to meet GR-63, Zone 4 earthquake requirements
Maximum Thermal Output
- EX9251 AC power: 1,275 BTU/hour (360 W); DC power: 1,275 BTU/hour (360 W)
- EX9253 AC power: 13,600 BTU/hour (3840 W); DC power: 13,600 BTU/hour (3840 W)
Safety and Compliance
Safety
- CAN/CSA-22.2 No. 60950-00/UL 1950 Third Edition, Safety of Information Technology Equipment
- EN 60825-1 Safety of Laser Products—Part 1: Equipment Classification, Requirements, and User’s Guide
- EN 60950 Safety of Information Technology Equipment
- IEC 60950-1 (2001) Safety of Information Technology Equipment (with country deviations)
- EN 60825-1 +A1+A2 (1994) Safety of Laser Products—Part 1: Equipment Classification
- EN 60825-2 (2000) Safety of Laser Products—Part 2: Safety of Optical Fiber Comm. Systems
- C-UL to CAN/CSA 22.2 No.60950-1 (Second Edition)
- TUV/GS to EN 60950-1, Amendment A1-A4, A11
- CE-IEC60950-1, all country deviations
EMC
- AS/NZS CISPR22:2009
- EN 55022 2006+A1:2007 European Radiated Emissions
- FCC 47CFR , Part 15 Class A (2009) USA Radiated Emissions
- VCCI-V-3/2009.04 and V-4/2009.04 Japanese Radiated Emissions
- BSMI CNS 13438 and NCC C6357 Taiwan Radiated Emissions
- EN 300 386 V1.5.1 Telecom Network Equipment - EMC requirements
- ICES-003 Issue 4, Feb 2004 Canada Radiated Emissions
- CISPR 24:1997/A1:2001/A2:2002 IT Equipment Immunity Characteristics
Immunity
- EN 55024:1998/A1:2001/A2:2003 Information Technology Equipment Immunity Characteristics
- EN-61000-3-2 (2006) Power Line Harmonics
- EN-61000-3-3 +A1 +A2 +A3 (1995) Power Line Voltage Fluctuations
- EN-61000-4-2 +A1 +A2 (1995) Electrostatic Discharge
- EN-61000-4-3 +A1+A2 (2002) Radiated Immunity
- EN-61000-4-4 (2004) Electrical Fast Transients
- EN-61000-4-5 (2006) Surge
- EN-61000-4-6 (2007) Immunity to Conducted Disturbances
- EN-61000-4-11 (2004) Voltage Dips and Sags
Customer-Specific EMC Requirements
- GR-1089-Core Issue 6 (May, 2011) EMC and Electrical Safety for Network Telecommunications Equipment
- AT&T TP-76200 Issue 17 (2012) Network Equipment Power, Grounding, Environmental, and Physical Design Requirements
- Verizon TPR.9305 Issue 5 (2012) Verizon NEBS Compliance: NEBS Compliance Clarification Document
- Deutsche Telekom 1TR9 (2008) EMC Specification
- British Telecom EMC Immunity Requirements (2007)
- IBM C-S 2-0001-005 ESD
- IBM C-S 2-0001-012 Radio Frequency Electromagnetic Susceptibility
- ITU-T K.20 (2011) Resistibility of telecommunication equipment installed in telecom centers to over voltages and over currents
- Juniper Inductive GND (JIG)
ETSI
- ETSI EN-300386-2 Telecommunication Network Equipment Electromagnetic Compatibility Requirements
Network Equipment Building System (NEBS)
- SR-3580 NEBS Criteria Levels (Level 3 Compliance)
- GR-63-Core: NEBS, Physical Protection
Environmental
- Reduction of Hazardous Substances (ROHS) 5/6
Telco
- Common Language Equipment Identifier (CLEI) code
Warranty
For warranty information, please visit https://support.juniper.net/support/Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.Ordering Information
Model Number Description Hardware EX9251-8X4C EX9251 system with 8x10GbE SFP+ ports and 4x40GbE QSFP+/100GbE QSFP28 ports, 2x AC PSUs JNP-PWR650-AC, 3x fan tray JNP-FAN-1RU, and all necessary blank panels (optics sold separately) EX9251-8X4C-DC EX9251 system with 8x10GbE SFP+ ports and 4x40GbE QSFP+/100GbE QSFP28 ports, 2x DC PSUs JNP-PWR650-DC, 3x fan tray JNP-FAN-1RU, and all necessary blank panels (optics sold separately) EX9253-BASE-AC Base EX9253 system configuration: 3-slot EX9253-CHAS-3RU chassis with 4x fan tray JNP-C1-FAN-3RU, 1x Routing Engine EX9253-RE, 3x JNP-PWR1600-AC-BB AC PSUs, and all necessary blank panels EX9253-BASE-DC Base EX9253 system configuration: 3-slot EX9253-CHAS-3RU chassis with 4x fan tray JNP-C1-FAN-3RU, 1x Routing Engine EX9253-RE, 3x JNP-PWR1100-DC-BB DC PSUs, and all necessary blank panels EX9253-RED-AC Redundant EX9253 configuration: 3-slot EX9253-CHAS-3RU chassis with 4x fan tray JNP-C1-FAN-3RU, 2x Routing Engine EX9253-RE, 4x JNP-PWR1600-AC-BB AC PSUs, and all necessary blank panels EX9253-RED-DC Redundant EX9253 configuration: 3-slot EX9253-CHAS-3RU chassis with 4x fan tray JNP-C1-FAN-3RU, 2x Routing Engine EX9253-RE, 4x JNP-PWR1100-DC-BB DC PSUs, and all necessary blank panels EX9253-BND1 Bundle comprised of EX9253-BASE-AC and EX9253-6Q12C line card, shipped separately as two items EX9253 Line Cards EX9253-6Q12C EX9253 line card with 6x40GbE ports and 12x40GbE/100GbE ports EX9253-6Q12C-M EX9253 line card with 6x40GbE ports and 12x40GbE/100GbE MACsec AES256 ports EX9250 Pluggable Optics EX-SFP-10GE-SR Small form-factor pluggable transceiver (SFP transceiver) 10GbE (SFP+ transceiver) short reach (SR) optics EX-SFP-10GE-LR SFP transceiver 10GbE (SFP+ transceiver) long reach (LR) optics EX-SFP-10GE-LRM SFP transceiver 10GbE (SFP+ transceiver) long reach multimode (LRM) optics EX-SFP-10GE-ER SFP+ 10GBASE-ER 10GbE optics module, 1550 nm for 40 km transmission EX-SFP-10GE-ZR SFP+ 10GBASE-ZR 10GbE optics, 1550 nm for 80 km transmission on single-mode fiber-optic (SMF) JNP-SFP-10G-BX10D 10G BX optics over SMF,1330 nm up to 10 km JNP-SFP-10G-BX10U 10G BX optics over SMF, 1270 nm up to 10 km EX-SFP-10GE-USR SFP+ 10GbE ultra short reach; 850 nm; 10 m on OM1, 20 m on OM2, 100 m on OM3 multi-mode fiber-optic (MMF) JNP-QSFP-4X10GE-LR Quad small form-factor pluggable transceiver plus (QSFP+ transceiver) 40GBase optics, up to 10 km transmission on parallel single mode (4X10GbE LR up to 10 km) JNP-QSFP-4X10GE-IR QSFP+ 40GBASE-LR4 40 gigabit optics for up to 1 km transmission over parallel SMF JNP-QSFP-40GE-IR4 QSFP+ 40GBASE-LR4 40 gigabit optics for up to 1 km transmission over SMF QFX-QSFP-40G-SR4 QSFP+ 40GBASE-SR4 40 gigabit optics, 850 nm for up to 150 m transmission on MMF JNP-QSFP-40G-LR4 QSFP+ 40GBASE-LR4 40 gigabit optics for up to 10 km transmission on SMF QFX-QSFP-40G-ESR4 QSFP+ 40GBASE-eSR4 40 gigabit optics, 850 nm for up to 300 m transmission on MMF JNP-QSFP-40GE-ER4 QSFP+ 40GBASE-ER4 40 gigabit optics, 1310 nm for up to 40 km transmission on SMF JNP-QSFP-40G-LX4 QSFP+ 40GBASE-LX4 40 gigabit optics for up to 150 m transmission with OM4 over duplex MMF JNP-QSFP-100G-LR4 QSFP28 100GBASE-L4 optics for up to 10 km transmission over serial SMF JNP-QSFP-100G-SR4 QSFP28 100GBASE-SR4 optics for up to 100 m transmission over parallel MMF JNP-QSFP-100G-CWDM QSFP28 100GBASE-CWDM4 optics for up to 2 km transmission over serial SMF JNP-QSFP-100G-PSM4 QSFP28 100GBASE-PSM4 optics for up to 2 km transmission over parallel SMF EX-SFP-10GE-DAC-3M SFP+ 10GbE direct attach copper (twinax copper cable), 3 M EX-SFP-10GE-DAC-1M SFP+ 10GbE direct attach copper (twinax copper cable), 1 M EX-SFP-10GE-DAC-5M SFP+ 10GbE direct attach copper (twinax copper cable) 5 m QFX-QSFP-DAC-1M QSFP+ Cable Assy, 1 m, 30 AWG, passive, programmable ID JNP-QSFP-DAC-2M QSFP+ 40GBASE direct attach copper Cable 2-meter QFX-QSFP-DAC-3M QSFP+ Cable Assembly, 3 m, 30 AWG, passive, programmable ID JNP-QSFP-DAC-5M QSFP+ 40GBase direct attach copper Cable 5-meter, passive EX-QSFP-40GE-DAC-50CM QSFP+ 40GbE direct attach copper (twinax copper cable) for 50 cm transmission JNP-100G-DAC-1M QSFP28 to QSFP28 Ethernet direct attach copper (twinax copper cable) 1 m JNP-100G-DAC-3M QSFP28 to QSFP28 Ethernet direct attach copper (twinax copper cable) 3 m, active QFX-QSFP-DACBO-1M QSFP+ to SFP+ 10GbE direct attach breakout copper (twinax copper cable) 1 m QFX-QSFP-DACBO-3M QSFP+ to SFP+ 10GbE direct attach breakout copper (twinax copper cable) 3 m JNP-QSFP-DACBO-10M QSFP+ to SFP+ 10GbE direct attach breakout copper (twinax copper cable) 10 m, active QFX-SFP-DAC-1MA SFP+ 10GbE direct attach copper (active twinax copper cable) 1 m QFX-SFP-DAC-3MA SFP+ 10GbE direct attach copper (active twinax copper cable) 3 m QFX-SFP-DAC-5MA SFP+ 10GbE direct attach copper (active twinax copper cable) 5 m QFX-SFP-DAC-7MA SFP+ 10GbE direct attach copper (active twinax copper cable) 7 m QFX-SFP-DAC-10MA SFP+ 10GbE direct attach copper (active twinax copper cable) 10 m JNP-QSFP-DAC-5MA QSFP+ 40GBASE direct attach copper cable 5 m, active JNP-QSFP-DAC-7MA QSFP+ 40GBASE direct attach copper cable 7 m, active JNP-QSFP-DAC-10MA QSFP+ 40GBASE direct attach copper cable 10 m, active JNP-QSFP-DACBO-5MA QSFP+ to SFP+ 10GbE direct attach breakout copper (twinax copper cable) 5 m, active JNP-QSFP-DACBO-7MA QSFP+ to SFP+ 10GbE direct attach breakout copper (twinax copper cable) 7 m, active EX9250 Software Feature Licenses EX9251-AFL EX9251 Advanced Feature License EX9251-ML Mid-scale license to enable 512,000 FIB and ARP entries on EX9251 chassis (one required per chassis) EX9253-AFL EX9253 Advanced Feature License EX9253-ML Mid-scale license to enable 512,000 FIB and ARP entries on EX9253 chassis (one required per chassis) EX9253-SFL Security feature license for EX9250 to enable MACsec on EX9253-6Q12C-M EX9250 Power Cords CBL-M-PWR-RA-AU AC power cord, Australia (SAA/3/15), C19, 15 A/250 V, 2.5 m, right angle CBL-M-PWR-RA-CH AC power cord, China (GB 2099.1-1996, Angle), C19, 16 A/250 V, 2.5 m, right angle CBL-M-PWR-RA-EU AC power cord, Cont. Europe (VII), C19, 16 A/250 V, 2.5 m, right angle CBL-M-PWR-RA-IT AC power cord, Italy (I/3/16), C19, 16 A/250 V, 2.5 m, right angle CBL-M-PWR-RA-JP AC power cord, Japan (NEMA LOCKING), C19, 20 A/250 V, 2.5 m, right angle CBL-M-PWR-RA-TWLK-US AC power cord, U.S. (NEMA LOCKING), C19, 20 A/250 V, 2.5 m, right angle CBL-M-PWR-RA-UK AC power cord, UK (BS89/13), C19, 13 A/250 V, 2.5 m, right angle CBL-M-PWR-RA-US AC power cord, U.S./Canada (N6/20), C19, 20 A/250 V, 2.5 m, right angle CBL-PWR-C19S-162-JP AC power cord, Japan, NEMA 6-20 to C19, 16 A/250 V, 2.5 m, straight CBL-PWR-C19S-162-JPL Power cord, AC, Japan/U.S., C19 at 70-80 mm, 16 A/250 V, 2.5 m, straight, locking plug CBL-PWR-RA-JP15 AC power cable: JIS 8303 15 A/125 V 2.5 m length for Japan, right angle CBL-PWR-RA-TWLK-US15 AC power cable: NEMA L5-15P (twist lock) 15 A/125 V 2.5 m length for U.S., Canada, and Mexico, right angle CBL-PWR-RA-US15 AC power cable: NEMA 5-15 15 A/12 5 V 2.5 m length for North America, parts of South America, parts of Central America, parts of Africa, and parts of Asia, right angle EX9253 Field Replaceable Units EX9253-LC-BLNK EX9253 line card blank cover panel EX9253-RE EX9253 Routing Engine EX9253-CHAS-3RU EX9253 chassis, 3 U JNP-FAN-3RU Universal fan tray, 3 U JNP-PWR1600-AC Universal AC power supply, 1600 W, spare JNP-PWR1100-DC Universal DC power supply, 1100 W, spare EX9253-RE-BLNK EX9253 RE blank cover panel JNP-MPC2 Modular Port Concentrator, 6xQSFP+ JNP-MIC1 12x100GbE/12x40GbE/48x10GbE Modular Interface Card (MIC) JNP-MIC1-MACSEC 12x100GbE/12x40GbE/48x10GbE MACsec MIC JNP-CM-3RU 3 U universal chassis cable manager with air filter EX9251 Field Replaceable Units JNP-FAN-1RU Universal fan tray, 1 U JNP-PWR650-AC Universal AC power supply, 650 W, spare JNP-PWR650-DC Universal DC power supply, 650 W, spare -
Product Overview
The Juniper Networks EX9200 line of modular Ethernet switches provides a programmable, flexible, and scalable core for delivering mission critical applications in both campus and data center environments, reducing cost and complexity while offering carrier-class reliability. High port densities enable the EX9200 to consolidate and aggregate network layers, dramatically simplifying campus and data center architectures while reducing total cost of ownership (TCO) and lowering power, space and cooling requirements.
Product Description
The EX9200 line of programmable, flexible and scalable modular Ethernet core switches simplifies the deployment of cloud applications, virtualized servers and rich media collaboration tools across campus and data center environments. The EX9200 is also a key component of Juniper’s AI-Driven Enterprise. The switch decouples the overlay network from the underlay with technologies such as Ethernet VPN (EVPN) and Virtual Extensible LAN (VXLAN), addressing the needs of the modern enterprise network by allowing network administrators to create logical L2 networks over different L3 networks. The EX9200 is based on Juniper One custom silicon, an ASIC designed by Juniper which provides a programmable Packet Forwarding Engine (PFE) and allows for native support of networking protocols such as virtualization using MPLS over IP and overlay network protocols. ASIC micro code changes delivered through updates to Juniper Networks Junos® operating system provide investment protection by allowing existing hardware to support new or future networking protocols. The programmability of the EX9200 allows it to support Junos OS-based automation along with the Junos SDK, which enables integration with Puppet and other automation applications. The EX9200’s network programmability also enables integration with leading orchestration applications such as OpenStack. Three EX9200 chassis options are available, providing full deployment flexibility:- EX9204 Ethernet Switch, a 4-slot, 5 U chassis that supports up to three line cards
- EX9208 Ethernet Switch, an 8-slot, 8 U chassis that supports up to six line cards
- EX9214 Ethernet Switch, a 14-slot, 16 U chassis that supports up to 12 line cards
- EX9200-15C, a 15-port 100GbE QSFP28 or 40GbE QSFP+ line card
- EX9200-12QS, a multi-rate 12-port 40GbE QSFP+ or 4-port 100GbE QSFP28 line card
- EX9200-40XS, a 40-port 10GbE SFP+ line card that supports MACsec
- EX9200-32XS*, a 32-port 10GbE small form factor pluggable transceiver plus (SFP+) line card
- EX9200-40F*-M, a 40-port 100FX/1000BASE-X line card supporting MACsec
- EX9200-40F*, a 40-port 100FX/1000BASE-X small form-factor pluggable transceiver (SFP) line card
- EX9200-40T*, a 40-port 10/100/1000BASE-T RJ-45 line card
- EX9200-6QS*, a 6-port 40GbE QSFP+ or 24-port 10GbE SFP+ combo line card
- EX9200-2C-8XS*, a 2-port 100GbE C form-factor pluggable (CFP) + 8-port 10GbE SFP+ line card
The EX9200 chassis can also accommodate a flexible Modular Port Concentrator (MPC) line card, the EX9200-MPC, that can accept any combination of three modular interface cards (MICs):- EX9200-10XS-MIC, a 10-port 10GBASE-X (half-slot) MIC
- EX9200-20F-MIC, a 20-port GBASE-X (half-slot) MIC
- EX9200-40T-MIC, a 40-port 10/100/1000GBASE-T MIC that supports MACsec
Table 1. EX9200 Features at a Glance* ISSU is only supported on the EX9200-32XS, EX9200-40F, EX9200-40T, EX9200-40F-M, and EX9200-2C-8S, EX9200-6QS, and EX9200-2C-8S Feature EX9204 EX9208 EX9214 Architecture Separate dedicated data, control, and management planes Power Holds up to four power supplies: - -40 to -72 V DC (1+1 redundancy)
- 100-120 V AC (2+2 redundancy)
- 200-240 V AC (1+1 redundancy)
Holds up to four power supplies: - -40 to -72 V DC (2+2 redundancy)
- 100-120 V AC (3+1 redundancy)
- 200-240 V AC (2+2 redundancy)
Holds up to four power supplies (two power supplies per power zone; two power zones per system) - -40 to -72 V DC (1+1 redundancy per power zone)
- 200-240 V AC (1+1 redundancy per power zone)
Cooling - Internally redundant fan tray
- Side-to-side airflow
- Internally redundant fan tray
- Side-to-side airflow
- Front-to-back airflow
- Hot-swappable fan tray with 1+1 redundancy
Weight (fully loaded) 128.0 lbs (58.1 Kg) 163.6 lbs (74.2 Kg) 350.1 lbs (158.8 Kg) Fabric - Up to 3 Tbps backplane capacity
- Up to 1.5 Tbps (full duplex) per slot fabric capacity
- 1+1 fabric redundancy
- Up to 7.5 Tbps backplane capacity
- Up to 1.5 Tbps (full duplex) per slot fabric capacity
- 1+1 fabric redundancy
- Up to 12 Tbps backplane capacity
- Up to 1.5 Tbps (full duplex) per slot fabric capacity
- 2+1 fabric redundancy
Routing Engine - Master and backup Routing Engines (1+1 redundancy)
- Up to 64 gigabytes DRAM
- Dual front pluggable solid-state drive (SSD) (Up to 64 GB each)
- Console, auxiliary serial, and Ethernet management ports
- USB storage interface
Operating system Juniper Networks Junos operating system High availability Hardware designed for continuous operation: - Secure, modular architecture that isolates faults
- Separate control and forwarding planes that enhance scalability and resiliency
- Transparent failover and network recovery
- Graceful Routing Engine switchover (GRES)
- Nonstop active routing (NSR)
- Nonstop bridging (NSB)
- Unified in-service software upgrade (unified ISSU)*
Layer 2 features - Up to 1 million media access control (MAC) addresses
- Up to 512,000 Address Resolution Protocol (ARP) entries with ML license (256,000 entries without ML license)
- Up to 512,000 Forwarding Information Block (FIB) entries with ML license (256,000 entries without ML license)
- Jumbo frames (9,192 bytes maximum)
- 32,000 VLANs
- VLAN Registration Protocol
- 3ad – Link Aggregation Control Protocol (LACP)
- 1D – Spanning Tree Protocol (STP)
- 1w – Rapid Spanning Tree Protocol (RSTP)
- 1s – Multiple Spanning Tree Protocol (MSTP)
- VLAN Spanning Tree Protocol (VSTP)
* Supported in hardware on EX9200-15C and will be enabled on software in a future release Feature EX9204 EX9208 EX9214 Layer 3 features - 1 million IPv4 routing information base (RIB)
- 1 million IPv6 RIB
- Static routing
- RIP v1/v2
- OSPF v1/v2
- OSPF v3
- Filter-based forwarding
- Virtual Router Redundancy Protocol (VRRP)*
- IPv6
- Bidirectional Forwarding Detection (BFD)
- Virtual routers
- BGP (Advanced Feature license)
- IS-IS (Advanced Feature license)
Hardware tunneling - GRE tunnels
- MPLS capabilities (Advanced Feature License)
- VPLS
- BGP/MPLS VPNs
- Ethernet VPNs*
Multicast - Up to 256,000 IPv4 multicast routes
- Up to 256,000 IPv6 multicast routes
- Internet Group Management Protocol (IGMP) v1/v2/v3
- IGMP snooping
- MLD snooping
- Protocol Independent Multicast PIM-SM, PIM-SSM, PIM-DM
- Multicast Source Discovery Protocol (MSDP)
Firewall filters Ingress and egress L2-L4 access control lists (ACLs): - Port ACLs
- VLAN ACLs
- Router ACLs
Quality of service (QoS) - 16,000 policers per chassis
- 8 egress queues per port
- Weighted random early detection (WRED) scheduling
- Weighted round-robin (WRR) queuing
- Strict priority queuing
Virtualization - Integration with Juniper Networks Contrail
- Integration with VMware NSX SDN controllers
- Network virtualization protocols such as Virtual eXtensible LAN (VXLAN) and Open vSwitch Database (OVSDB)
- VXLAN Layer 2 and Layer 3 Gateway*
- EVPN*
- EVPN Multihoming (EVPN Switch Interface – Link aggregation)*
- EVPN VXLAN L2 and L3 gateway*
- Virtual Private LAN Service (VPLS) for Data Center Interconnect
Management - Junos OS command-line interface (CLI)
- Junos XML management protocol
- SNMP v1/v2/v3
- RADIUS
- TACACS+
- Extensive MIB support
- Firewall-based port mirroring
- Link Layer Discovery Protocol (LLDP)
- Advanced Insight Solutions (AIS)
Architecture and Key Components
The EX9200 campus and data center core Ethernet switches share a number of architectural elements. The Routing Engines employed by these switches run Junos OS, which processes all Layer 2 and Layer 3 protocols, while the Switch Fabric modules manage the chassis and provide switching functionality for data traffic coming from line cards. The EX9200 line cards, which are common across all EX9200 platforms, include Packet Forwarding Engines (PFEs) that process network traffic, as well as a line-card processor that provides scalable local control. In the data center, the EX9200 architecture is designed for very large deployments, with no head-of-line blocking, a single tier low latency switch fabric, efficient multicast replication handling, and deep buffering to ensure performance at scale. The EX9200 chassis midplane distributes the control and management signals over independent paths to the various system components and distributes power throughout the system. Data plane signals pass directly from the EX9200 line cards to the EX9200 Switch Fabric modules via a unique pass-through connector system that provides unparalleled signal quality for future generations of fabric ASICs. To maintain uninterrupted operation, the EX9200’s fan trays cool the line cards, Routing Engine, and Switch Fabric modules with redundant, variable speed fans. In addition, the EX9200 power supplies convert building power to the internal voltage required by the system. All EX9200 components are hot-swappable, and all central functions are available in redundant configurations, providing high operational availability by allowing continuous system operation during maintenance or repairs.EX9200 Campus Deployment Options
The EX9200 is designed primarily for the following two use cases:- EVPN multihoming* or MC-LAG**: A pair of interconnected EX9200 switches can be deployed to provide EVPN multihoming (ESI-LAG) or multichassis link aggregation (MC-LAG) in a collapsed core/distribution configuration. This eliminates the need for Spanning Tree Protocol (STP) across the campus network by providing multihoming capabilities from the access to the distribution layer, while the distribution to the core layer is an L3 IP fabric. EVPN multihoming also supports horizontal scaling with more than two devices in the distribution layer and can extend EVPN to the core.
- Campus fabric*: The AI-Driven Enterprise architecture decouples the overlay network from the underlay with technologies such as EVPN and VXLAN, addressing the needs of the modern enterprise network by allowing network administrators to create logical L2 networks over different L3 networks. Juniper supports various EVPN-VXLAN-based campus fabric architectures, including:
- Campus fabric core-distribution
- Campus fabric IP Clos
Figure 1: EX9200 EVPN multihoming/MC-LAG and campus fabric deployment options
EX9200 Line Cards
The EX9200 line cards support an extensive set of Layer 2 and Layer 3 services that can be deployed in any combination of L2-L3 applications. Each EX9200 line card is built upon Juniper One custom silicon, which supports a wide range of Layer 2 and Layer 3 Ethernet functionality including 802.1Q VLAN, link aggregation, Virtual Router Redundancy Protocol (VRRP), L2 to L3 mapping, and port monitoring. Additionally, the line cards support filtering, sampling, load balancing, rate limiting, class of service (CoS), and other key features needed for the deployment of dependable, high-performance Ethernet infrastructure.EX9200 Routing Engine
The EX9200 switch’s Routing Engine is based on the same field-proven hardware architecture used by Juniper Networks routers, bringing the same carrier-class performance and reliability to the EX9200 that Juniper routers bring to the world’s largest service provider networks. The RE’s central CPU performs all system control functions and maintains hardware forwarding table and routing protocol states for the EX9200. Dedicated hardware on the RE supports chassis management functions such as environmental monitoring. Communication between RE modules and individual line cards takes place over a dedicated internal GbE out-of-band control interface. There are two EX9200 Routing Engines: the EX9200-RE* and EX9200-RE2. The EX9200-RE* supports control and management plane functionality with an integrated Routing Engine that features a quad-core, 1.73 GHz Intel processor with 16 gigabytes of DRAM and dual front pluggable SSDs, each providing 32 GB of storage for Junos OS images and logs. The EX9200-RE2 features a six-core, 2 GHz Intel processor with 64 gigabytes of DRAM and dual front-pluggable SSDs, each providing 64 GB of storage for Junos OS images and logs. The 10GbE Routing Engine-to-switch fabric interface will allow running virtualized applications in the future. Both Routing Engines feature AUX, console, and Ethernet ports on the front panel to support out-of-band system management and monitoring, while an external USB port accommodates a removable media interface for manually installing Junos OS images.EX9200 Switch Fabric
The EX9200-SF3** and EX9200-SF2 Switch Fabric modules are hot- swappable and serves as the central non-blocking matrix through which all network data passes. The EX9200-SF2 supports 480 Gbps throughput per slot and the EX9200-SF3 supports 1.5 Tbps throughput per slot. On the EX9204 and EX9208 switches, two EX9200-SF3 or EX9200-SF2 Switch Fabric modules deployed in a redundant configuration deliver up to 1.5 Tbps or 480 Gbps system throughput per slot, respectively. The Switch Fabric module installed first functions as the master, while the second serves as a backup. On the EX9214, three EX9200-SF3 or EX9200-SF2 Switch Fabric modules deployed in a redundant configuration deliver 1.5 Tbps or 480 Gbps system throughput per slot, respectively. Traffic is load-balanced across the first two Switch Fabric modules installed, which together function as the master switch fabric, while the third serves as a backup. Switch Fabric modules perform the following key functions:- Monitoring and controlling system functions
- Interconnecting all line cards
- Clocking and system resets
- Acting as Routing Engine carrier
Table 2. EX9200 System Power ConsumptionEX9204 Typical Power EX9204 Reserved Power EX9208 Typical Power EX9208 Reserved Power EX9214 Typical Power EX9214 Reserved Power Base system 410 W 410 W 560 W 560 W 1,290 W 1,670 W Redundant system 690 W 690 W 800 W 800 W 1,530 W 1,910 W Power
Each EX9200 chassis contains four power supply bays to provide complete flexibility for provisioning and redundancy. The power supplies connect to the midplane, which distributes the different output voltages produced by the power supplies to the switch components, depending on their voltage requirements. Each power supply is cooled by its own internal cooling system. All EX9200 chassis support both AC and DC power supplies; however, AC and DC supplies cannot be mixed in the same chassis.- The AC supplies on the EX9204 chassis accept 100 to 240 V AC input and deliver 2,050 watts of power to the chassis, while the DC power supplies accept -40 to -72 V DC input and deliver 2,400 watts of power to the chassis. The EX9204 can be provisioned with either one or two AC power supplies with high line (200-240 V AC) power inputs, two or four AC power supplies with low line (100-120 V AC) power inputs, or one or two DC power supplies.
- The AC supplies on the EX9208 chassis accept 100 to 240 V AC input and deliver 2,050 W of power to the chassis, while the DC power supplies accept -40 to -72 V DC input and deliver 2,400 W of power to the chassis. The EX9208 can be provisioned with either two or four AC power supplies with high line (200-240 V AC) power inputs, three or four AC power supplies with low line (100-120 VAC) power inputs, or two or four DC power supplies.
- The AC supplies on the EX9214 chassis accept 200 to 240 V AC input and deliver 4,100 W of power to the chassis, while the DC power supplies accept -40 to -72 V DC input and deliver 4,100 W of power to the chassis. Power supplies on the EX9214 chassis are divided into two zones, with adjacent power supplies supporting separate zones. The EX9214 must be provisioned with a minimum of one and a maximum of two AC or DC power supplies per zone.
Table 3. EX9200 Power ConsumptionTypical Power Maximum Power EX9200-40T Line Card 206 W 239 W EX9200-40F Line Card 219 W 239 W EX9200-32XS Line Card 550 W 610 W EX9200-40XS Line Card 465 W 545 W EX9200-12QS 465 W 545 W EX9200-15C 700 W 785 W EX9200-2C-8XS Line Card 530 W 610 W EX9200-MPC 461 W 534 W EX9200-10XS-MIC 29.8 W 29.8 W EX9200-20F-MIC 37 W 37 W EX9200-40T-MIC 41 W 41 W EX9200 Switch Fabric 150 W 150 W EX9200 Switch Fabric-2 155 W 155 W EX9200 Switch Fabric-3 385 W 400 W EX9200 Routing Engine 90 W 90 W EX9200 Routing Engine-2 90 W 90 W Table 4. EX9200 Power Supply CapacityEX9204 EX9208 EX9214 100-120V AC Input 1,167 W 3,501 W N/A 200-240 V AC Input 2,050 W 4,100 W 8,200 W -40 to -72 V DC Input 2,400 W 4,100 W 8,200 W Table 5. Maximum number of line cards in a chassis*EX9204 EX9208 EX9214 * All line cards of the same type; some configurations could be over-subscribed ** EX9200-15C not supported on slots 0,1, 11 EX9200-40XS 3 6 11 EX9200-15C 2 6 7** EX9200-12QS 3 6 11 EX9200-32XS 2 4 10 EX9200-6QS 2 4 10 EX9200-2C-8XS 3 6 11 EX9200-40T 3 6 11 EX9200-40F 3 6 11 EX9200-MPC 3 6 11 Features and Benefits
Simplified Network Architectures
The EX9200 is ideal for simplifying campus, data center, and combined campus and data center network environments by collapsing network layers. In the campus, the EX9200 collapses the core and distribution layers; when used with Juniper access layer switches deployed in an MC-LAG configuration, (supported only with SF2), the EX9200 helps eliminate Spanning Tree Protocol, dramatically simplifying the network architecture and network operations. Similarly, in the data center the EX9200 can be used to collapse core and aggregation layers; again, when used with Juniper access switches in an MC-LAG configuration, the EX9200 helps reduce the number of managed devices by more than 50% and eliminates Spanning Tree Protocol from the network. In combined campus and data center environments, the EX9200 consolidates network layers to simplify the network architecture and operations. In all scenarios, the EX9200 delivers a simple, secure, virtualized network environment that increases enterprise business agility.High Availability
EX9200 core switches deliver a number of high availability features that ensure uninterrupted, carrier-class performance. Each EX9200 chassis includes an extra slot to accommodate a redundant Routing Engine module which serves as a backup in hot-standby mode, ready to take over in the event of a master Routing Engine failure. If the master fails, the integrated L2 and L3 graceful Routing Engine switchover (GRES) feature of Junos OS, working in conjunction with the nonstop active routing (NSR) and nonstop bridging (NSB) features, ensures a seamless transfer of control to the backup, maintaining uninterrupted access to applications, services, and IP communications.Carrier-Class Operating System
The EX9200 line of switches runs the same Junos OS used by all other Juniper Networks EX Series Ethernet Switches, as well as the Juniper Networks routers that power the world’s largest and most complex networks. By using a common operating system, Juniper delivers a consistent implementation and operation of control plane features across all products. To maintain that consistency, Junos OS adheres to a highly disciplined development process that uses a single source code, follows a single release train, and employs a highly available modular architecture that prevents isolated failures from bringing down an entire system. These attributes are fundamental to the core value of the software, enabling all Junos OS-powered products to be updated simultaneously with the same software release. All features are fully regression tested, making each new release a true superset of the previous version; customers can deploy the software with complete confidence that all existing capabilities will be maintained and operate in the same way.Simplified Management and Operations
A range of system management options are available for the EX9200 line of switches as well. The standard Junos OS CLI provides the same granular management capabilities and scripting parameters found in all Junos OS-powered devices. In addition, integrated Junos XML management protocol tools provide early detection and automatic resolution of potential problems related to the operating system. Juniper Networks Junos Space software provides system-level management across all EX Series Ethernet Switches, as well as other Juniper products deployed throughout the network—all from a single console.MACsec
The EX9200-40XS and EX9200-15C line cards support IEEE 802.1ae MACsec with AES-256 bit encryption, providing support for link-layer data confidentiality, data integrity, and data origin authentication. The EX9200-40F-M and EX9200-20F-MIC line cards support AES-128 bit encryption. A single EX9200-SFL license is required for the EX9200 chassis in order to enable MACsec in software. Defined by IEEE 802.1AE, MACsec provides secure, encrypted communication at the Link Layer that is capable of identifying and preventing threats from denial of service (DoS) and other intrusion attacks, as well as man-in-the-middle, masquerading, passive wiretapping, and playback attacks launched from behind the firewall. When MACsec is deployed on switch ports, all traffic is encrypted on the wire, but traffic inside the switch is not. This allows the switch to apply all network policies such as QoS, deep packet inspection and sFlow to each packet without compromising the security of packets on the wire. Hop-by-hop encryption enables MACsec to secure communications while maintaining network intelligence. In addition, Ethernet-based WAN networks can use MACsec to provide link security over longhaul connections. MACsec is transparent to Layer 3 and higher-layer protocols and is not limited to IP traffic; it works with any type of wired or wireless traffic carried over Ethernet links.Scale Licenses
EX9204-ML, EX9208-ML, and EX9214-ML Mega Scale license SKUs enable an EX9200 chassis to support 512K FIB and ARP entries. Only one ML license is required per chassis.
Specifications
Table 6. EX9200 System CapacityEX9204 EX9208 EX9214 Backplane capacity Up to 3 Tbps* Up to 7.5Tbps* Up to 12 Tbps* Maximum fabric bandwidth/slot 1.5 Tbps/slot 1.5 Tbps/slot 1.5 Tbps/slot Maximum 1GbE wire speed port density (wire speed) 120 240 440 Maximum 10GbE wire speed port density (wire speed) 144 (96) 288 (240) 576 (480) Maximum 25GbE wire speed port density (wire speed) 120** 360** 480** Maximum 40GbE wire speed port density (wire speed) 30 90 120 Maximum 100GbE wire speed port density (wire speed) 30 90 120 Table 7. Chassis Specifications* With breakout cables ** No fabric redundancy with EX9200-15C EX9204 EX9208 EX9214 Dimensions (W x H x D) 17.5 x 8.7 x 27.75 in (44.5 x 22.1 x 70.5 cm)Total depth includes standard cable manager measurements. 17.5 x 14 x 27.75 in (44.5 x 35.6 x 70.5 cm)Total depth includes standard cable manager measurements. 17.5 x 27.8 x 27.75 in (44.5 x 70.5 x 70.5 cm)Total depth includes standard cable manager measurements. Rack units 5 U 8 U 16 U Weight Base configuration Redundant configuration Chassis with midplane Fully loaded chassis 68.3 lbs (31.0 kg) 97.8 lbs (44.4 kg) 52.0 lbs (23.6 kg) 128.0 lbs (58.1 kg) 88.4 lbs (40.1 kg) 111.2 lbs (50.5 kg) 65.5 lbs (29.7 kg) 163.6 lbs (74.2 kg) 203.5 lbs (92.3 kg) 225.1 lbs (102.1 kg) 150.0 lbs (68.0 kg) 350.1 lbs (158.8 kg) Total number of slots 4 8 14 Slots available for line cards** 2 with fabric redundancy (3 without)* 6* 11 with fabric redundancy (12 without)* Table 8. EX9200 Line Card Capacities with 128 bytes packetLine Cards EX9204 EX9208 EX9214 EX9200-32XS 773 Mpps 1.9 Bpps 3.9 Bpps EX9200-40T 178 Mpps 357 Mpps 654 Mpps EX9200-40F 178 Mpps 357 Mpps 654 Mpps EX9200-2C-8XS 568 Mpps 1.42 Bpps 2.84 Bpps EX9200-40F-M 178 Mpps 357 Mpps 654 Mpps EX9200-MPC 580 Mpps 1.16 Bpps 2.32 Bpps EX9200-40XS 730 Mpps 2.42 Bpps 4.02 Bpps EX9200-12QS 806 Mpps 2.42 Bpps 4.43 Bpps EX9200-15C 2.3 Bpps 6.99 Bpps 8.154 Bpps Line Card Specifications
Dimensions (W x H x D)
- 1.25 x 17 x 22 in (3.2 x 43.2 x 55.9 cm)
Weight
- EX9200-40T: 14.0 lbs (6.6 kg)
- EX9200-40F: 14.8 lbs (6.7 kg)
- EX9200-40F-M: 16.2 lbs (7.3 kg)
- EX9200-32XS: 19.2 lbs (8.7 kg)
- EX9200-6QS: 21.4 lbs (9.7 kg)
- EX9200-2C-8XS: 19.4 lbs (8.8 kg)
- EX9200-MPC: 15.96 lb (7.26 kg)
- EX9200-10XWS-MIC: 1.54 lb (0.70 kg)
- EX9200-20F-MIC: 1.2 lb (0.54 kg)
- EX9200-40T-MIC: 1.9 lb (0.9 kg)
- EX9200-40XS: 17 lb (7.7 kg)
- EX9200-12QS: 15.7 lb (7.12kg)
- EX9200-15C: 20.4 lb (9.25 kg)
- EX9200-SF3: 13.6 lb (6.2 kg)
IEEE Compliance
- IEEE 802.1AB: Link Layer Discovery Protocol (LLDP)
- IEEE 802.1D-2004: Spanning Tree Protocol (STP)
- IEEE 802.1p: Class-of-service (CoS) prioritization
- IEEE 802.1Q: Virtual Bridged Local Area Networks
- IEEE 802.1s: Multiple Spanning Tree Protocol (MSTP)
- IEEE 802.1w: Rapid Spanning Tree Protocol (RSTP)
- IEEE 802.3: 10BASE-T
- IEEE 802.3u: 100BASE-T
- IEEE 802.3ab: 1000BASE-T
- IEEE 802.3z: 1000BASE-X
- IEEE 802.3ae: 10-Gigabit Ethernet
- IEEE 802.3ba: 40-Gigabit/100-Gigabit Ethernet
- IEEE 802.3ah: Operation, Administration, and Maintenance (OAM)
- IEEE 802.3ad: Link Aggregation Control Protocol (LACP)
- IEEE 802.1ae: Media Access Control Security
RFC Compliance
- RFC 768: UDP
- RFC 783: Trivial File Transfer Protocol (TFTP)
- RFC 791: IP
- RFC 792: Internet Control Message Protocol (ICMP)
- RFC 793: TCP
- RFC 826: ARP
- RFC 854: Telnet client and server
- RFC 894: IP over Ethernet
- RFC 903: Reverse Address Resolution Protocol (RARP)
- RFC 906: TFTP Bootstrap
- RFC 951, 1542: BootP
- RFC 1027: Proxy ARP
- RFC 1058: RIP v1
- RFC 1112: IGMP v1
- RFC 1122: Host Requirements
- RFC 1195: Use of Open Systems Interconnection (OSI) IS-IS for Routing in TCP/IP and Dual Environments (TCP/IP transport only)
- RFC 1256: IPv4 ICMP Router Discovery Protocol (IRDP)
- RFC 1492: TACACS+
- RFC 1519: Classless Interdomain Routing (CIDR)
- RFC 1587: OSPF NSSA Option
- RFC 1591: Domain Name System (DNS)
- RFC 1745: BGP4/IDRP for IP-OSPF Interaction
- RFC 1765: OSPF Database Overflow
- RFC 1771: Border Gateway Protocol 4
- RFC 1772: Application of the Border Gateway Protocol in the Internet
- RFC 1812: Requirements for IP Version 4 Routers
- RFC 1965: Autonomous System Confederations for BGP
- RFC 1981: Path maximum transmission unit (MTU) Discovery for IPv6
- RFC 1997: BGP Communities Attribute
- RFC 2030: Simple Network Time Protocol (SNTP)
- RFC 2068: HTTP server
- RFC 2080: RIPng for IPv6
- RFC 2081: RIPng Protocol Applicability Statement
- RFC 2131: BOOTP/Dynamic Host Configuration Protocol (DHCP) relay agent* and DHCP server*
- RFC 2138: RADIUS Authentication
- RFC 2139: RADIUS Accounting
- RFC 2154: OSPF with Digital Signatures (password, Message Digest 5)
- RFC 2236: IGMP v2
- RFC 2267: Network Ingress Filtering
- RFC 2270: BGP-4 Dedicated autonomous system (AS) for Sites/Single Provider
- RFC 2283: Multiprotocol Extensions for BGP-4
- RFC 2328: OSPF v2 (Edge mode)
- RFC 2338: VRRP*
- RFC 2362: PIM-SM (Edge mode)
- RFC 2370: OSPF Opaque LSA Option
- RFC 2373: IPv6 Addressing Architecture
- RFC 2375: IPv6 Multicast Address Assignments
- RFC 2385: TCP MD5 Authentication for BGPv4
- RFC 2439: BGP Route Flap Damping
- RFC 2453: RIP v2
- RFC 2460: Internet Protocol, v6 (IPv6) specification
- RFC 2461: Neighbor Discovery for IP Version 6 (IPv6)
- RFC 2462: IPv6 Stateless Address Autoconfiguration
- RFC 2463: ICMPv6
- RFC 2464: Transmission of IPv6 Packets over Ethernet Networks
- RFC 2474: DiffServ Precedence, including 8 queues/port
- RFC 2475: DiffServ Core and Edge Router Functions
- RFC 2526: Reserved IPv6 Subnet Anycast Addresses
- RFC 2545: Use of BGP-4 Multiprotocol Extensions for IPv6 Interdomain Routing
- RFC 2547: BGP/MPLS VPNs
- RFC 2597: DiffServ Assured Forwarding (AF)
- RFC 2598: DiffServ Expedited Forwarding (EF)
- RFC 2710: Multicast Listener Discovery (MLD) for IPv6
- RFC 2711: IPv6 Router Alert Option
- RFC 2740: OSPF for IPv6
- RFC 2796: BGP Route Reflection (supersedes RFC 1966)
- RFC 2796: Route Reflection
- RFC 2858: Multiprotocol Extensions for BGP-4
- RFC 2893: Transition Mechanisms for IPv6 Hosts and Routers
- RFC 2918: Route Refresh Capability for BGP-4
- RFC 3031: Multiprotocol Label Switching Architecture
- RFC 3032: MPLS Label Stack Encoding
- RFC 3036: LDP Specification
- RFC 3065: Autonomous System Confederations for BGP
- RFC 3176 sFlow
- RFC 3215: LDP State Machine
- RFC 3306: Unicast-Prefix-based IPv6 Multicast Addresses
- RFC 3376: IGMP v3
- RFC 3392: Capabilities Advertisement with BGP-4
- RFC 3446: Anycast Rendevous Point (RP) Mechanism using PIM and MSDP
- RFC 3478: Graceful Restart for Label Distribution Protocol
- RFC 3484: Default Address Selection for IPv6
- RFC 3513: Internet Protocol Version 6 (IPv6) Addressing
- RFC 3569: PIM-SSM PIM Source Specific Multicast
- RFC 3587: IPv6 Global Unicast Address Format
- RFC 3618: Multicast Source Discovery Protocol (MSDP)
- RFC 3623: OSPF Graceful Restart
- RFC 3768: Virtual Router Redundancy Protocol (VRRP)*
- RFC 3810: Multicast Listener Discovery Version 2 (MLDv2) for IP
- RFC 3973: PIM-Dense Mode
- RFC 4213: Basic Transition Mechanisms for IPv6 Hosts and Routers
- RFC 4291: IPv6 Addressing Architecture
- RFC 4360: BGP Extended Communities Attribute
- RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs)
- RFC 4443: ICMPv6 for the IPv6 specification
- RFC 4486: Sub codes for BGP Cease Notification message
- RFC 4552: Authentication/Confidentiality for OSPFv3
- RFC 4604: Using Internet Group Management Protocol Version 3 (IGMPv3)
- RFC 4724: Graceful Restart Mechanism for BGP
- RFC 4761: Virtual Private LAN Service (VPLS) using BGP for auto-discovery and signaling
- RFC 4798: Connecting IPv6 Islands over IPv4 MPLS Using IPv6 Provider Edge Routers (6PE)
- RFC 4861: Neighbor Discovery for IPv6
- RFC 4862: IPv6 Stateless Address Autoconfiguration
- RFC 5095: Deprecation of Type 0 Routing Headers in IPv6
- RFC 5286, Basic Specification for IP Fast Reroute: Loop-Free Alternates
- RFC 5306: Restart Signaling for IS-IS
- RFC 5308: Routing IPv6 with IS-IS
- RFC 5340: OSPF for IPv6
- Draft-ietf-bfd-base-09.txt: Bidirectional Forwarding Detection
- Draft-ietf-l2vpn-evpn-00.txt: BGP MPLS-based Ethernet VPN
Services and Manageability
- Virtual eXtensible Local Area Network (VXLAN)*
- REST API
- NETCONF sessions over outbound HTTPS
- Juniper Extension Toolkit (JET)
- OpenFlow v1.3
- Junos OS CLI
- Out-of-band management: Serial; 10/100/1000BASE-T Ethernet
- ASCII configuration file
- Rescue configuration
- Configuration rollback
- Image rollback
- SNMP: v1, v2c, v3
- RMON (RFC 2819): Groups 1, 2, 3, 9
- Network Time Protocol (NTP)
- DHCP server*
- DHCP relay with Option 82*
- RADIUS
- TACACS+
- SSHv2
- Secure copy
- DNS resolver
- Syslog logging
- Environment monitoring
- Temperature sensor
- Configuration backup via FTP/secure copy
Network Management—MIB Support
- J-Flow
- RFC 1155: Structure of Management Information (SMI)
- RFC 1157: SNMPv1
- RFC 1212, RFC 1213, RFC 1215: MIB-II, Ethernet-like MIB, and traps
- RFC 1657: BGP-4 MIB
- RFC 1724: RIPv2 MIB
- RFC 1850: OSPFv2 MIB
- RFC 1901: Introduction to Community-based SNMPv2
- RFC 1902: Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2)
- RFC 1905, RFC 1907: SNMP v2c, SMIv2, and Revised MIB-II
- RFC 2011: SNMPv2 for IP using SMIv2
- RFC 2012: SNMPv2 for transmission control protocol using SMIv2
- RFC 2013: SNMPv2 for user datagram protocol using SMIv2
- RFC 2096: IPv4 Forwarding Table MIB
- RFC 2287: System Application Packages MIB
- RFC 2465: Management Information Base for IP Version 6
- RFC 2570–2575: SNMPv3, user-based security, encryption, and authentication
- RFC 2576: Coexistence between SNMP Version 1, Version 2, and Version 3
- RFC 2578: SNMP Structure of Management Information MIB
- RFC 2579: SNMP Textual Conventions for SMIv2
- RFC 2665: Ethernet-like interface MIB
- RFC 2787: VRRP MIB
- RFC 2819: RMON MIB
- RFC 2863: Interface Group MIB
- RFC 2863: Interface MIB
- RFC 2922: LLDP MIB
- RFC 2925: Ping/Traceroute MIB
- RFC 2932: IPv4 Multicast MIB
- RFC 3413: SNMP Application MIB
- RFC 3826: The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP
- RFC 4188: STP and Extensions MIB
- RFC 4363: Definitions of Managed Objects for Bridges with traffic classes, multicast filtering, and VLAN extensions
- Draft-ietf-idr-bgp4-mibv2-02.txt: Enhanced BGP-4 MIB
- Draft-ietf-isis-wg-mib-07
- Draft-reeder-snmpv3-usm-3desede-00
- Draft-ietf-idmr-igmp-mib-13
- Draft-ietf-idmr-pim-mib-09
- Draft-ietf-bfd-mib-02.txt
Troubleshooting
- Debugging: CLI via console, Telnet, or SSH
- Diagnostics: Show, debug, and statistics commands
- Firewall-based port mirroring
- IP tools: Extended ping and trace
- Juniper Networks commit and rollback
Environmental Ranges
- Operating temperature: 32° to 104° F (0° to 40° C)
- Storage temperature: -40° to 158° F (-40° to 70° C)
- Operating altitude: Up to 10,000 ft (3,048 m)
- Relative humidity operating: 5 to 90% (noncondensing)
- Relative humidity nonoperating: 5 to 95% (noncondensing)
- Seismic: Designed to meet GR-63, Zone 4 earthquake requirements
Maximum Thermal Output
- EX9204 AC power: 8,252 BTU/hour (2,420 W); DC power: 7,495 BTU/hour (2,198 W)
- EX9208 AC power: 16,473 BTU/hour (4,831 W); DC power: 14,963 BTU/hour (4,388 W)
- EX9214 AC power: 31,774 BTU/hour (9,318 W); DC power: 32,510 BTU/hour (9,354 W)
Safety and Compliance
Safety
- CAN/CSA-22.2 No. 60950-00/UL 1950 Third Edition, Safety of Information Technology Equipment
- EN 60825-1 Safety of Laser Products—Part 1: Equipment Classification, Requirements, and User’s Guide
- EN 60950 Safety of Information Technology Equipment
- IEC 60950-1 (2001) Safety of Information Technology Equipment (with country deviations)
- EN 60825-1 +A1+A2 (1994) Safety of Laser Products—Part 1: Equipment Classification
- EN 60825-2 (2000) Safety of Laser Products—Part 2: Safety of Optical Fiber Comm. Systems
- C-UL to CAN/CSA 22.2 No.60950-1 (Second Edition)
- TUV/GS to EN 60950-1, Amendment A1-A4, A11
- CE-IEC60950-1, all country deviations
EMC
- AS/NZS CISPR22:2009
- EN 55022 2006+A1:2007 European Radiated Emissions
- FCC 47CFR , Part 15 Class A (2009) USA Radiated Emissions
- VCCI-V-3/2009.04 and V-4/2009.04 Japanese Radiated Emissions
- BSMI CNS 13438 and NCC C6357 Taiwan Radiated Emissions
- EN 300 386 V1.5.1 Telecom Network Equipment - EMC requirements
- ICES-003 Issue 4, Feb 2004 Canada Radiated Emissions
- CISPR 24:1997/A1:2001/A2:2002 IT Equipment Immunity Characteristics
Immunity
- EN 55024:1998/A1:2001/A2:2003 Information Technology Equipment Immunity Characteristics
- EN-61000-3-2 (2006) Power Line Harmonics
- EN-61000-3-3 +A1 +A2 +A3 (1995) Power Line Voltage Fluctuations
- EN-61000-4-2 +A1 +A2 (1995) Electrostatic Discharge
- EN-61000-4-3 +A1+A2 (2002) Radiated Immunity
- EN-61000-4-4 (2004) Electrical Fast Transients
- EN-61000-4-5 (2006) Surge
- EN-61000-4-6 (2007) Immunity to Conducted Disturbances
- EN-61000-4-11 (2004) Voltage Dips and Sags
Customer-Specific EMC Requirements
- GR-1089-Core Issue 6 (May, 2011) EMC and Electrical Safety for Network Telecommunications Equipment
- AT&T TP-76200 Issue 17 (2012) Network Equipment Power, Grounding, Environmental, and Physical Design Requirements
- Verizon TPR.9305 Issue 5 (2012) Verizon NEBS Compliance: NEBS Compliance Clarification Document
- Deutsche Telekom 1TR9 (2008) EMC Specification
- British Telecom EMC Immunity Requirements (2007)
- IBM C-S 2-0001-005 ESD
- IBM C-S 2-0001-012 Radio Frequency Electromagnetic Susceptibility
- ITU-T K.20 (2011) Resistibility of telecommunication equipment installed in telecom centers to over voltages and over currents
- Juniper Inductive GND (JIG)
ETSI
- ETSI EN-300386-2 Telecommunication Network Equipment Electromagnetic Compatibility Requirements
Network Equipment Building System (NEBS)
- SR-3580 NEBS Criteria Levels (Level 3 Compliance)
- GR-63-Core: NEBS, Physical Protection
Environmental
- Reduction of Hazardous Substances (ROHS) 5/6
Telco
- Common Language Equipment Identifier (CLEI) code
Warranty
For warranty information, please visit https://support.juniper.net/support/warranty/.Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.Ordering Information
Product Number Description Hardware EX9204-BASE3B-AC Base EX9204 system configuration: 4-slot chassis with passive midplane and 1x fan tray, 1x EX9200-RE2 Routing Engine, 1x Switch Fabric-2 module, 2x 2,520 W AC PSUs, and all necessary blank panels. EX9204-RED3B-AC Redundant EX9204 system configuration: 4-slot chassis with passive midplane and 1x fan tray, 2xEX9200-RE2 Routing Engines, 2x Switch Fabric-2 modules, 4x 2,520 W AC PSUs, and all necessary blank panels. EX9204-RED3B-DC Redundant EX9204 system configuration: 4-slot chassis with passive midplane and 1x fan tray, 2x EX9200-RE2 Routing Engines, 2x Switch Fabric-2 modules, 4x 2,520W DC PSUs, and all necessary blank panels. EX9208-BASE3B-AC Base EX9208 system configuration: 8-slot chassis with passive midplane and 1x fan tray, 1x EX9200-RE2 Routing Engine, 1x Switch Fabric-2 modules, 3x 2,520 W AC PSUs, and all necessary blank panels. EX9208-RED3B-AC Redundant EX9208 system configuration: 8-slot chassis with passive midplane and 1x fan tray, 2x EX9200-RE2 Routing Engines, 2x Switch Fabric-2 modules, 4x 2,520 W AC PSUs, and all necessary blank panels. EX9208-RED3B-DC Redundant EX9208 system configuration: 8-slot chassis with passive midplane and 1x fan tray, 2x EX9200-RE2 Routing Engines, 2x Switch Fabric-2 modules, 4x 2,520 W DC PSUs, and all necessary blank panels. EX9214-BASE3B-AC Base EX9214 system configuration: 14-slot chassis with passive midplane and 2x fan trays, 1x EX9200-RE2 Routing Engine, 2x Switch Fabric-2 modules, 3x 4,100 W AC PSUs, and all necessary blank panels. EX9214-RED3B-DC Redundant EX9214 system configuration: 14-slot chassis with passive midplane and 2x fan trays, 2x EX9200-RE2 Routing Engines, 3x Switch Fabric-2 modules, 4x 4,100W DC PSUs, and all necessary blank panels. EX9204-AC-BND2 Bundle comprising of EX9204-BASE3B-AC and EX9200-32XS line card , shipped separately as two items EX9204-BASE3B-AC-T Base EX9204 TAA system configuration: 4-slot chassis with passive midplane and 1x fan tray, 1x EX9200-RE2 Routing Engine, 1x Switch Fabric-2 module, 2x 2,520 W AC PSUs, and all necessary blank panels. EX9204-RED3B-AC-T Redundant EX9204 TAA system configuration: 4-slot chassis with passive midplane and 1x fan tray, 2x EX9200-RE2 Routing Engines, 2x Switch Fabric-2 modules, 4x 2,520W AC PSUs, and all necessary blank panels. EX9208-BASE3B-AC-T Base EX9208 TAA system configuration: 8-slot chassis with passive midplane and 1x fan tray, 1x EX9200-RE2 Routing Engine, 1x Switch Fabric-2 modules, 3x 2,520W AC PSUs, and all necessary blank panels. EX9208-RED3B-AC-T Redundant EX9208 TAA system configuration: 8-slot chassis with passive midplane and 1x fan tray, 2x EX9200-RE2 Routing Engines, 2x Switch Fabric-2 modules, 4x 2,520W AC PSUs, and all necessary blank panels. EX9214-BASE3B-AC-T Base EX9214 TAA system configuration: 14-slot chassis with passive midplane and 2x fan trays, 1x EX9200-RE2 Routing Engine, 2x Switch Fabric-2 modules, 3x 4,100W AC PSUs, and all necessary blank panels. EX9214-RED3B-AC-T Redundant EX9214 TAA system configuration: 14-slot chassis with passive midplane and 2x fan trays, 2x EX9200-RE2 Routing Engines, 3x Switch Fabric-2 modules, 4x 4,100W AC PSUs, and all necessary blank panels. EX9214-RED-3B-AC Redundant EX9214 system configuration: 14-slot chassis with passive midplane and 2x fan trays, 2x EX9200-RE2 Routing Engines, 3x Switch Fabric-2 modules, 4x 4,100W AC PSUs, and all necessary blank panels. EX9204-BASE3C-AC Base EX9204 system configuration: 4-slot chassis with passive midplane and 1x fan tray, 1x EX9200-RE2 routing engin -
Product Overview
The EX4650 line of Ethernet switches delivers high scale, high availability, and high performance for campus distribution deployments. The EX4650 offers fixed 1GbE/10GbE/25GbE ports with 40GbE/100GbE uplinks that support advanced campus environments, allowing them to provide the onramp to multicloud, to deploy cutting edge cloud applications, and to embrace IoT technology. It is also flexible enough for use in enterprise on-premises top-of-rack and service provider aggregation deployments. The EX4650 is onboarded, provisioned, and managed in the Juniper Mist Cloud Architecture. Mist Wired Assurance delivers better experiences for connected devices through AI-powered automation and service levels.
Product Description
The Juniper Networks® EX4650 Ethernet Switch delivers 4 Tbps of Layer 2 and Layer 3 connectivity to networked devices such as secure routers, servers, and other switches. Featuring 48 wire-speed 10GbE/25GbE small form-factor pluggable and pluggable plus transceiver (SFP/SFP+/SFP28) ports and 8 wire-speed 40GbE/100GbE quad SFP+ transceiver (QSFP+/QSP28) ports in a compact 1 U platform, the EX4650 provides the flexibility to support mixed 1GbE, 10GbE, 25GbE, 40GbE, and 100GbE environments. Four models are available: two featuring AC power supplies with front-to-back or back-to-front airflow, and two featuring DC power supplies with front-to-back or back-to-front airflow. All models include dual power supplies.Key Components
The EX4650 switch includes native 25GbE (fiber only) and either 40GbE or 100GbE fixed-configuration options with rich L2, L3, Ethernet VPN (EVPN), and MPLS features. The EX4650 switches run the same reliable, high-performance Juniper Networks Junos® operating system used by Juniper Networks EX Series and QFX Series Ethernet Switches, SRX Series Services Gateways, and Juniper routers, ensuring a consistent control plane feature implementation and user experience across the entire Juniper infrastructure.EX4650 Switch Models
The EX4650 switch is a compact, 1 U platform that provides high throughput, very low latency, and a rich set of Junos OS features. The performance of the EX4650’s control plane is further enhanced with a powerful 2.3 GHz quad-core Intel CPU with 16 GB of memory and 64 GB SSD storage. The EX4650-48Y is a 25GbE/100GbE campus distribution switch offering 48 SFP28 transceiver ports and eight QSFP28 ports that can be configured as 8x40GbE or 8x100GbE ports, with an aggregate throughput of 4 Tbps or 2.98 Bpps per switch. For added flexibility, each QSFP28 port can also be configured as 4x25GbE ports using breakout cables, increasing the total number of supported 25GbE ports to 80 per switch.EX4650-48Y Highlights
The EX4650-48Y switch features the following:- Support for high-density, multispeed 1GbE/10GbE/25GbE downlinks and 40GbE/100GbE uplinks for access and aggregation configurations, with up to 48 25GbE ports and up to eight 100GbE uplink ports in a 1 U platform
- Throughput of up to 4 Tbps L2 and L3 performance, with latency as low as 550 nanoseconds
- A 2.3 GHz quad-core Intel CPU with 16 GB memory and 64 GB SSD storage
- Feature-rich automation capabilities with support for Python and Zero Touch Provisioning (ZTP)
- Support for virtualization protocols such as Virtual Extensible LAN (VXLAN)
- Advanced Junos OS features such as EVPN, BGP add-path, MPLS, L3 VPN, and IPv6 6PE
Architecture and Key Components
Cloud Management with Juniper Mist Wired Assurance
Juniper Mist Wired Assurance, a cloud-based service driven by Mist AI to claim, configure, manage, and troubleshoot the EX4650, delivers AI-powered automation and service levels to ensure a better experience for connected devices. Wired Assurance leverages rich Junos switch telemetry data to simplify operations, reduce mean time to repair, and improve visibility. Wired Assurance offers the following features:- Day 0 operations—Onboard switches seamlessly by claiming a greenfield switch or adopting a brownfield switch with a single activation code for true plug-and-play simplicity.
- Day 1 operations—Implement a template-based configuration model for bulk rollouts of traditional and campus fabric deployments, while retaining the flexibility and control required to apply custom site- or switch-specific attributes. Automate provisioning of ports via Dynamic Port Profiles.
- Day 2 operations—Leverage the AI in Juniper Mist Wired Assurance to meet service-level expectations such as throughput, successful connects, and switch health with key pre- and post-connection metrics (see Figure 1). Add the self-driving capabilities in Marvis Actions to detect loops, add missing VLANs, fix misconfigured ports, identify bad cables, isolate flapping ports, and discover persistently failing clients (see Figure 2). And perform software upgrades easily through Juniper Mist cloud.
Figure 1: Juniper Mist Wired Assurance service-level expectationsFigure 2: Marvis Actions for wired switchesThe addition of Marvis, a complementary Virtual Network Assistant driven by Mist AI, lets you start building a self-driving network that simplifies network operations and streamlines troubleshooting via automatic fixes for EX Series switches or recommended actions for external systems. For more information see Juniper Mist Wired Assurance.EVPN-VXLAN Technology
The EX4650 embraces open standards and extends the industry-standard EVPN-VXLAN technology already supported in both the data center and campus. With enterprise applications moving to the cloud, it has become necessary to deploy IP fabrics as enterprise fabrics with L2 extensions using VXLAN. The EX4650 is capable of both L2 and L3 VXLAN gateway services, allowing customers to deploy networks that provide L2 adjacencies for applications over L3 fabrics. EVPN-VXLAN offers a scalable way to build and interconnect multiple campuses, data centers, and public clouds, delivering the following benefits:- Greater network efficiency
- Based on industry standards
- Scalable at all network layers
- Faster convergence
- Flexible and secure architecture
Junos OS
The high-performance EX4650 runs Junos OS, Juniper’s powerful and robust network operating system that powers all Juniper switches, routers, and firewalls. Key Junos OS features that enhance the functionality and capabilities of the EX4650 include:- Software modularity, with process modules running independently in their own protected memory space and with the ability to do process restarts
- Commit and rollback functionality that ensures error-free network configurations
- A powerful set of scripts for on-box problem detection, reporting, and resolution
Junos OS Software License
The software features supported on the EX4650-48Y switch are categorized in three tiers: Base, Premium, and Advanced.- Base software features include basic L2 switching, basic L3 routing, multicast, automation, programmability, ZTP, and basic monitoring. A Base software feature license comes with the purchase of the hardware and does not require any explicit license keys.
- Premium software features include all Base license functionality, plus BGP, IS-IS, and EVPN-VXLAN to explicitly address the needs of enterprise customers. To enable these features, customers must purchase the EX4650-PFL license, generate unique license keys, and install them on the switch. The license is not portable across devices.
- Advanced software features include all Premium license functionality plus MPLS to explicitly address the needs of enterprise interconnect and edge use cases. To enable these features, customers must purchase the EX4650-AFL license, generate unique license keys, and install them on the switch. The license is not portable across devices.
EX4650 Campus Deployment Options
The EX4650 switch is designed primarily for the following use cases:- Virtual Chassis Technology: The EX4650 supports Juniper Networks unique Virtual Chassis technology, which enables up to four interconnected switches to operate as a single, logical device with a single IP address. Virtual Chassis technology allows enterprises to separate physical topology from logical groupings of endpoints, ensuring more efficient resource utilization. When deployed in a Virtual Chassis configuration, EX4650 switches can be connected using up to four of the 40GbE or 100GbE ports in link aggregation groups (LAGs) across 40GbE/1000GbE ports, providing an aggregate backplane capacity of up to 1.04 Tbps.
Figure 3: EX4650 as an enterprise distribution switch in a Virtual Chassis configuration- Campus Fabric Technology: Juniper Networks campus fabrics provide a single, standards-based Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) solution that can be deployed in any campus, whether a two-tier network with a collapsed core distribution or a campus-wide system that involves multiple buildings with separate distribution and core layers. Juniper’s campus fabrics support the following validated architectures:
- EVPN Multihoming (Collapsed Core/Distribution): A pair of interconnected EX4650 switches can be deployed to provide EVPN multihoming (ESI-LAG) in a collapsed core/distribution configuration. This eliminates the need for Spanning Tree Protocol (STP) across the campus network by providing multihoming capabilities from the access to the distribution layer, while distribution to core is an L3 IP fabric. ESI-LAG also supports horizontal scaling with more than two devices in the distribution layer and can extend EVPN to the core.
- Campus Fabric or Core Distribution: A pair of interconnected EX4650 switches can provide EVPN L2 and L3 VXLAN gateway support. This eliminates the need for STP across the campus network by providing a multihoming capability from the access to the distribution layer, while distribution to the core is an L3 IP fabric using EVPN technology. The IP fabric can also extend to connect multiple enterprise buildings, while VXLAN allows stretching L2 across buildings. An IP Clos network between the distribution and the core layers can exist in two modes, both of which are supported by the EX4650:
- Centrally routed bridging overlay: Integrated Routing and Bridging (IRB) interface placed at a central location in the fabric (in this case, a core device)
- Edge routed bridging overlay: IRB interface placed at the edge of the fabric (in this case, a distribution device)
- Campus Fabric IP Clos: The Campus Fabric IP Clos architecture pushes VXLAN Layer 2/3 gateway functionality to the access layer. In this architecture, EX4650 acts as an IP fabric distribution switch.
Figure 4: Campus fabrics architectures showing EX4650 in the distributionManaging AI-Driven Campus Fabric with the Juniper Mist Cloud
Juniper Mist Wired Assurance brings cloud management and Mist AI to campus fabric. It sets a new standard moving away from traditional network management towards AI-driven operations, while delivering better experiences to connected devices. The Juniper Mist cloud streamlines deployment and management of campus fabric architectures by allowing:- Automated deployment and zero touch deployment
- Anomaly detection
- Root cause analysis
Figure 5: EVPN multihoming configuration via the Juniper Mist cloudEnterprise On-Premises Server Connectivity: Data centers are demanding more high-speed, low-latency, storage- and I/O-converged networking solutions to maximize the performance of their physical servers, virtual servers, and storage. The EX4650 addresses these needs with low-latency, lossless, high-density 10GbE and 25GbE interfaces, as well as 100GbE uplinks to the core network. Furthermore, the EX4650 offers EVPN-VXLAN L2 and L3 gateway support, making it an ideal solution for overlay deployments in the enterprise on-premises data center.
Figure 6: EX4650 for enterprise on-premises server connectivityThe EX4650 also offers flexible airflow options, enabling them to support back-to-front and front-to-back cooling to ensure consistency with server designs for hot-aisle or cold-aisle deployments. Support for tri-speed 1GbE/10GbE/25GbE make the EX4650 ideal for enterprise server access; 48 ports of native 10GbE/25GbE for server connectivity and up to eight 40GbE or 100GbE ports for uplink connectivity provide very low oversubscription of 1.5:1 from access to aggregation. Each 40GbE port can be broken out into four 10GbE ports, providing additional options for server connectivity. The EX4650 operates in both cut-through and store-and-forward modes, delivering sustained wire-speed switching with sub-microsecond latency and low jitter for any packet size (including jumbo frames) in both modes. With features such as EVPN multihoming (ESI-LAG) and MC-LAG, the EX4650 supports active/active server dual homing and can utilize full bisectional bandwidth from server to switch.Features and Benefits
Wired Service Level Expectations
The Wired Assurance feature provides operational visibility into the wired experience with service-level expectations (SLEs) for EX Series Switches. Pre- and post-connection performance metrics help you monitor successful connects and switch health throughout the system, using Mist AI to measure and manage networks and simplify troubleshooting.Automation
The EX4650 supports a number of network automation and plug-and-play features, including ZTP and event scripts, automatic rollback, and Python scripting.Flexible Forwarding Table
The EX4650 includes a Unified Forwarding Table (UFT), which allows the hardware table to be divided into configurable partitions of L2 media access control (MAC), L3 host, and longest prefix match (LPM) tables. In a pure L2 environment, the EX4650 supports up to 288,000 MAC addresses; in L3 mode, the table can support up to 168,000 host entries; in LPM mode, the table can support up to 360,000 prefixes. Junos OS provides configurable options through a CLI to optimize the EX4650 for various deployment scenarios.Intelligent Buffer Management
The EX4650 features a total of 32 MB of shared buffers. While 25% of the total buffer space is dedicated, the rest is shared among all ports and is user configurable. The intelligent buffer mechanism in the EX4650 effectively absorbs traffic bursts while providing deterministic performance, significantly increasing performance over static allocation.MPLS
A broad set of MPLS features, including L3 VPN, IPv6 provider edge router (6PE), RSVP traffic engineering, and LDP, support standards-based network segmentation and virtualization, allowing the EX4650 to be deployed as a low-latency MPLS label-switching router (LSR).VXLAN Overlays
The EX4650 is capable of both L2 and L3 VXLAN gateway services. Customers can deploy overlay networks to provide L2 adjacencies for applications over L3 fabrics. The overlay networks utilize VXLAN in the data plane and EVPN for programming the overlays, which can operate without a controller or be orchestrated with an SDN controller like OpenContrail.Junos OS
Running Junos OS, which features the most advanced and robust routing capabilities in the industry, the EX4650 supports RIP and OSPF for both IPv4 and IPv6, as well as advanced routing capabilities such as IS-IS and BGP. With additional capabilities such as 64-way equal-cost multipath (ECMP) and BGP add path, the EX4650 is an ideal building block for deploying the most robust L3 underlay for SDN.EVPN-VXLAN
Many proprietary campus architectures are built on traditional L2 Ethernet-based architectures that address the desire to eliminate Spanning Tree Protocol (STP). With the increase of IoT devices in the enterprise, these networks will be expected to scale rapidly without adding complexity and resources. Some of these IoT devices, however, have limited networking capabilities and require L2 adjacency across buildings or campuses. To address this problem, traditional solutions extend VLANs across buildings and campuses using data plane flood-and-learn. Unfortunately, this solution is inefficient and difficult to manage. The increasing number of network endpoints, coupled with rapidly changing business needs, demands an open, standards-based network that is simple, scalable, and programmable across both the campus and the data center. Modern enterprise networks need a campus architecture that decouples the overlay network from the underlay network with technologies such as VXLAN, which enables network administrators to create logical L2 networks across different L3 networks. The EX4650 satisfies these requirements by supporting EVPN-VXLAN L2 and L3 gateway capabilities, providing the following benefits:- Improved network and host mobility efficiency
- Control plane MAC learning to reduce unknown-unicast flooding
- Reduced Address Resolution Protocol (ARP) flooding due to MAC-to-IP binding in control plane
- Multipath traffic over multiple core switches (VXLAN entropy)
- Multipath traffic to active/active dual-homed access layer switches
- Fast convergence
- Faster reconvergence when linked to dual-homed access switches fail (aliasing)
- Faster reconvergence when endpoints move
- Scalability
- Scalable BGP-based control plane
- Seamless expansion of the core, distribution, and access layers as business needs grow
- Seamless expansion of campuses as business needs grow
- Flexibility
- Easy integration with L3 and L2 VPNs
- BGP-based control plane functionality that allows application of fine-grained policies
- Nonproprietary
- Standards-based protocols that support multivendor core, distribution, and access layers
Junos Telemetry Interface
The EX4650 supports Junos Telemetry Interface (JTI), a modern telemetry streaming tool designed for performance monitoring in enterprise networks. Streaming data to a performance management system enables network administrators to measure trends in link and node utilization, and troubleshoot such issues as network congestion in real time. JTI delivers the following features:- Application visibility and performance management by provisioning sensors to collect and stream data and analyze application and workload flow paths through the network
- Capacity planning and optimization by proactively detecting hotspots and monitoring latency and microbursts
- Troubleshooting and root cause analysis via high-frequency monitoring
EX4650 Switch Specifications
Hardware
Switching Capacity
- 2 Tbps (unidirectional)/4 Tbps (bidirectional)
- Layer 2/Layer 3 throughput (maximum with 64 byte packets): 2976 Mpps (wire speed)
Weight
- 23.7 lb (10.75 kg)
Dimensions (HxWxD)
- 1.72 x 17.36 x 20.48 in (4.37 x 44.09 x 52.02 cm)
- Switching mode: Cut-through and store-and-forward
- Front-to-back (airflow out) for hot aisle deployment
- Back-to-front (airflow in) for cold aisle deployment
- Management and console port connections
Power Consumption
- Max load 450 W; typical load 260 W; idle load 160 W
Interface Options
- 1GbE SFP: 48 (24 copper 1GbE)
- 10GbE SFP+: 48/80 (with breakout cable)
- 25GbE SFP28: 48/80 (with breakout cable)
- 40GbE QSFP+: 8
- 100GbE QSFP28: 8
- Each QSFP+ port can be configured as a 4 x 10GbE interface or as a 40 Gbps port
- Each QSFP28 port can be configured as a 4 x 25GbE interface or as a 100 Gbps port
- 1 USB 2.0 port
- 1 RS-232 console port
- 2 management ports: 2 x RJ-45 ports
- Supported transceiver and direct attach cable (DAC)
- SFP 1GbE optical and copper module
- SFP+ 10GbE optical modules
- SFP+ DAC cables: 1/3 m twinax copper and 1/3/5/7 m active twinax copper
- SFP28 DAC cables: 1 m twinax copper
- SFP28 optics: SR, LR
- QSFP+ DAC cables: 1/3 m twinax copper
- QSFP+ optics: SR4, LX4, ESR4, ER4, LR4
- QSFP+ to SFP+ 10GbE direct attach breakout copper (1/3 m twinax copper cable)
- QSFP28 to SFP28 25GbE direct attach breakout copper (1 m twinax copper cable)
- QSFP28 optics: SR4, ER4, PSM4, CWDM4, LR4
Virtual Chassis
- 100GbE and 40GbE as Virtual Chassis port
- Virtual Chassis Routing Engine (RE) election
- Virtual Chassis pre-provisioning (plug-and-play)
- Auto-LAG formation of Virtual Chassis ports
- FCoE transit across Virtual Chassis members
- QoS on Virtual Chassis ports
- Local designated forwarding
- Graceful RE switchover (GRES)
- Nonstop routing (NSR)
- Nonstop bridging (NSB)
- Monitor distributed aggregate interface
- Control plane protection for virtual RE
Rack Installation Kit
- Versatile four-post mounting options for 19-in server rack or datacom rack
Airflow
- Redundant (N+1) and hot-pluggable fan modules for front-to-back and back-to-front airflow
- Redundant variable-speed fans to reduce power draw
Power Supply and Fan Modules
- Dual redundant (1+1) and hot-pluggable 650 W AC/DC power supplies
- 110-240 V single phase AC power
- -44 to -72 V DC power supply
- Redundant (4+1) and hot-pluggable fan modules for front-to-back or back-to-front airflow
Performance Scale (Unidimensional)
- Layer 2
- MAC addresses per system: 288,000
- VLAN IDs: 4093
- Number of link aggregation groups (LAGs): 80
- Number of ports per LAG: 64
- Multiple Spanning Tree Protocol (MSTP) instances: 64
- VLAN Spanning Tree Protocol (VSTP) instances: 509
- Jumbo frame: 9216 bytes
- Firewall filters
- Ingress filters: 1500
- Egress filters: 512
- Layer 3
- IPv4 unicast prefixes: 360,000
- IPv4 unicast routes: 208,000
- IPv4 multicast routes: 104,000
- ECMP paths: 64
- IPv6 unicast prefixes: 170,000
- IPv6 unicast routes: 104,000
- IPv6 multicast routes: 52,000
- ARP entries: 64,000
- Traffic mirroring
- Mirroring destination ports per switch: 4
- Maximum number of mirroring sessions: 4
- Mirroring destination VLANs per switch: 4
Software Features Supported
Layer 2 Features
- STP—IEEE 802.1D (802.1D-2004)
- Rapid Spanning Tree Protocol (RSTP) (IEEE 802.1w); MSTP (IEEE 802.1s)
- Redundant Trunk Group (RTG)
- Bridge protocol data unit (BPDU) protect
- Loop protect
- Root protect
- RSTP and VSTP running concurrently
- VLAN—IEEE 802.1Q VLAN trunking
- The Routed VLAN Interface (RVI)
- Port-based VLAN
- Private VLAN (PVLAN)
- VLAN translation
- Static MAC address assignment for interface
- Per VLAN MAC learning (limit)
- MAC learning deactivate
- Link Aggregation and Link Aggregation Control Protocol (LACP) (IEEE 802.3ad)
Link Aggregation
- Multichassis link aggregation (MC-LAG)
- EVPN Multihoming (ESI-LAG)
- LAG load-sharing algorithm—bridged or routed (unicast or multicast) traffic:
- IP: SIP, Dynamic Internet Protocol (DIP), TCP/UDP source port, TCP/UDP destination port
- L2 and non-IP: MAC SA, MAC DA, Ethertype, VLAN ID, source port
Layer 3 Features (IPv4)
- Static routing
- Routing protocols (RIP, OSPF, IS-IS, BGP)
- Virtual Router Redundancy Protocol (VRRP)
- Bidirectional Forwarding Detection (BFD) protocol
- Virtual router
- Dynamic Host Configuration Protocol (DHCP) relay
- Proxy Address Resolution Protocol (ARP)
Multicast Features
- Internet Group Management Protocol (IGMP): v1, v2, v3
- IGMP snooping: v1, v2, and v3 (L2 only)
- IGMP Filter
- PIM-SM, PIM-SSM, PIM-DM
- Multicast Source Discovery Protocol (MSDP)
Security and Filters
- Secure interface login and password
- RADIUS
- TACACS+
- Ingress and egress filters: Allow and deny, port filters, VLAN filters, and routed filters, including management port filters
- Filter actions: Logging, system logging, reject, mirror to an interface, counters, assign forwarding class, permit, drop, police, mark
- SSH v1, v2
- Static ARP support
- Storm control, port error deactivate, and autorecovery
- Sticky MAC address
- DHCP snooping
Quality of Service (QoS)
- L2 and L3 QoS: Classification, rewrite, queuing
- Rate limiting:
- Ingress policing: Single-rate two-color policer, two-rate three-color policer
- Egress policing: Policer, policer mark down action
- Egress shaping: Per queue on each port
- 10 hardware queues per port (8 unicast and 2 multicast)
- Strict-priority queuing (PQ), shaped-deficit weighted round-robin (SDWRR), weighted random early detection (WRED), weighted tail drop
- FCoE Initialization Protocol (FIP) snooping
- 802.1p remarking
- L2 classification criteria: Interface, MAC address, Ethertype, 802.1p, VLAN
- Congestion avoidance capabilities: WRED
- Trust IEEE 802.1p (ingress)
- Remarking of bridged packets
Data Center Bridging (DCB)
- Priority-based flow control (PFC)—IEEE 802.1Qbb
- Data Center Bridging Capability Exchange (DCBX), DCBx FCoE, and iSCSI type, length, and value (TLVs)
High Availability
- Bidirectional Forwarding Detection (BFD)
- Uplink failure detection
- Dynamic Load Balancing
MPLS
- Static label-switched paths (LSPs)
- RSVP-based signaling of LSPs
- LDP-based signaling of LSPs
- LDP tunneling (LDP over RSVP)
- MPLS class of service (CoS)
- MPLS LSR support
- IPv6 tunneling (6PE) (via IPv4 MPLS backbone)
- IPv4 L3 VPN (RFC 2547, RFC 4364)
Server Virtualization Management and SDN-Related Protocols
- VXLAN OVSDB
- EVPN-VXLAN
Management and Analytics Platforms
- Juniper Mist Wired Assurance for Campus
- Junos Space® Network Director for Campus
- Junos Space® Management
Device Management and Operations
- Role-based CLI management and access
- CLI via console, telnet, or SSH
- Extended ping and traceroute
- OpenConfig for Junos OS to support the YANG data models
- Junos OS configuration rescue and rollback
- Image rollback
- SNMP v1/v2/v3
- Junos XML management protocol
- sFlow v5
- Beacon LED for port and system
- Zero Touch Provisioning (ZTP)
- OpenStack Neutron Plug-in
- Python
- Junos OS event, commit, and OP scripts
- Junos Telemetry Interface (JTI)
Traffic Mirroring
- Port-based
- LAG port
- VLAN-based
- Filter-based
- Mirror to local
- Mirror to remote destinations (L2 over VLAN)
Standards Compliance
IEEE Standard
- IEEE standard
- IEEE 802.1D
- IEEE 802.1w
- IEEE 802.1
- IEEE 802.1Q
- IEEE 802.1p
- IEEE 802.1ad
- IEEE 802.3ad
- IEEE 802.1AB
- IEEE 802.3x
- IEEE 802.1Qbb
- IEEE 802.1Qaz
T11 Standards
- INCITS T11 FC-BB-5
Supported RFCs
- RFC 768 UDP
- RFC 783 Trivial File Transfer Protocol (TFTP)
- RFC 791 IP
- RFC 792 ICMP
- RFC 793 TCP
- RFC 826 ARP
- RFC 854 Telnet client and server
- RFC 894 IP over Ethernet
- RFC 903 RARP
- RFC 906 TFTP Bootstrap
- RFC 951 1542 BootP
- RFC 1058 Routing Information Protocol
- RFC 1112 IGMP v1
- RFC 1122 Host requirements
- RFC 1142 OSI IS-IS Intra-domain Routing Protocol
- RFC 1256 IPv4 ICMP Router Discovery (IRDP)
- RFC 1492 TACACS+
- RFC 1519 Classless Interdomain Routing (CIDR)
- RFC 1587 OSPF not-so-stubby area (NSSA) Option
- RFC 1591 Domain Name System (DNS)
- RFC 1745 BGP4/IDRP for IP—OSPF Interaction
- RFC 1772 Application of the Border Gateway Protocol in the Internet
- RFC 1812 Requirements for IP Version 4 routers
- RFC 1997 BGP Communities Attribute
- RFC 2030 SNTP, Simple Network Time Protocol
- RFC 2068 HTTP server
- RFC 2131 BOOTP/DHCP relay agent and Dynamic Host
- RFC 2138 RADIUS Authentication
- RFC 2139 RADIUS Accounting
- RFC 2154 OSPF w/Digital Signatures (Password, MD-5)
- RFC 2236 IGMP v2
- RFC 2267 Network ingress filtering
- RFC 2328 OSPF v2 (edge mode)
- RFC 2338 VRRP
- RFC 2362 PIM-SM (edge mode)
- RFC 2370 OSPF Opaque link-state advertisement (LSA) Option
- RFC 2385 Protection of BGP Sessions via the TCP Message Digest 5 (MD5) Signature Option
- RFC 2439 BGP Route Flap Damping
- RFC 2453 RIP v2
- RFC 2474 Definition of the Differentiated Services Field in the IPv4 and IPv6 Headers
- RFC 2597 Assured Forwarding PHB (per-hop behavior) Group
- RFC 2598 An Expedited Forwarding PHB
- RFC 2697 A Single Rate Three Color Marker
- RFC 2698 A Two Rate Three Color Marker
- RFC 2796 BGP Route Reflection—An Alternative to Full Mesh IBGP
- RFC 2918 Route Refresh Capability for BGP-4
- RFC 3065 Autonomous System Confederations for BGP
- RFC 3376 IGMP v3 (source-specific multicast include mode only)
- RFC 3392 Capabilities Advertisement with BGP-4
- RFC 3446, Anycast RP
- RFC 3569 SSM
- RFC 3618 MSDP
- RFC 3623 Graceful OSPF Restart
- RFC 4271 Border Gateway Protocol 4 (BGP-4)
- RFC 4360 BGP Extended Communities Attribute
- RFC 4456 BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP)
- RFC 4486 Subcodes for BGP Cease Notification Message
- RFC 4724 Graceful Restart Mechanism for BGP
- RFC 4812 OSPF Restart Signaling
- RFC 4893 BGP Support for Four-octet AS Number Space
- RFC 5176 Dynamic Authorization Extensions to RADIUS
- RFC 5396 Textual Representation of Autonomous System (AS) Numbers
- RFC 5668 4-Octet AS Specific BGP Extended Community
- RFC 5880 Bidirectional Forwarding Detection (BFD) Dynamic Host Configuration Protocol (DHCP) server
Supported MIBs
- RFC 1155 SMI
- RFC 1157 SNMPv1
- RFC 1212, RFC 1213, RFC 1215 MIB-II, Ethernet-Like MIB and TRAPs
- RFC 1850 OSPFv2 MIB
- RFC 1901 Introduction to Community-based SNMPv2
- RFC 2011 SNMPv2 for Internet protocol using SMIv2
- RFC 2012 SNMPv2 for transmission control protocol using SMIv2
- RFC 2013 SNMPv2 for user datagram protocol using SMIv2
- RFC 2233, The Interfaces Group MIB Using SMIv2
- RFC 2287 System Application Packages MIB
- RFC 2570 Introduction to Version 3 of the Internet-standard Network Management Framework
- RFC 2571 An Architecture for describing SNMP Management Frameworks (read-only access)
- RFC 2572 Message Processing and Dispatching for the SNMP (read-only access)
- RFC 2576 Coexistence between SNMP Version 1, Version 2, and Version 3
- RFC 2578 SNMP Structure of Management Information MIB
- RFC 2579 SNMP Textual Conventions for SMIv2
- RFC 2580 Conformance Statements for SMIv2
- RFC 2665 Ethernet-like interface MIB
- RFC 2787 VRRP MIB
- RFC 2790 Host Resources MIB
- RFC 2819 RMON MIB
- RFC 2863 Interface Group MIB
- RFC 2932 IPv4 Multicast MIB
- RFC 3410 Introduction and Applicability Statements for Internet Standard Management Framework
- RFC 3411 An architecture for describing SNMP Management Frameworks
- RFC 3412 Message Processing and Dispatching for the SNMP
- RFC 3413 Simple Network Management Protocol (SNMP) (all MIBs are supported except the Proxy MIB)
- RFC 3414 User-based Security Model (USM) for version 3 of SNMPv3
- RFC 3415 View-based Access Control Model (VACM) for the SNMP
- RFC 3416 Version 2 of the Protocol Operations for the SNMP
- RFC 3417 Transport Mappings for the SNMP
- RFC 3418 Management Information Base (MIB) for the SNMP
- RFC 3584 Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework
- RFC 3826 The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model
- RFC 4188 Definitions of Managed Objects for Bridges
- RFC 4318 Definitions of Managed Objects for Bridges with Rapid Spanning Tree Protocol
- RFC 4363b Q-Bridge VLAN MIB
Approvals
Safety
- CAN/CSA-C22.2 No. 60950-1 Information Technology Equipment - Safety
- UL 60950-1 (2nd Edition) Information Technology Equipment – Safety
- EN 60950-1: 2006/A2:2013 Information Technology Equipment – Safety
- IEC 60950-1: 2005/A2:2013 Information Technology Equipment - Safety (All country deviations): CB Scheme
- EN 60825-1 Safety of Laser Products - Part 1: Equipment classification and requirements
- Federal Information Processing Standards (FIPS) 140-2 Support
- Network Device Collaborative Protection Profile (NDcPP) version 2.1 Common Criteria
EMC
- EN 300 386 V1.6.1 (2012-09) Electromagnetic compatibility and Radio spectrum Matters (ERM) Telecommunication network equipment
- EN 300 386 V2.1.1 (2016-07) Telecommunication network equipment; EMC requirements; Harmonized Standard covering the essential requirements of the Directive 2014/30/EU
- EN 55032:2012 (CISPR 32:2012) Electromagnetic compatibility of multimedia equipment—Emission requirements
- EN 55024:2010 (CISPR 24:2010) Information technology equipment—Immunity characteristics—Limits and methods of measurement
- IEC/EN 61000 Immunity Test
- AS/NZS CISPR 32:2015 Australia/New Zealand Radiated and Conducted Emissions
- FCC 47 CFR Part 15 USA Radiated and Conducted Emissions
- ICES-003 Canada Radiated and Conducted Emissions
- VCCI-CISPR 32:2016 Japanese Radiated and Conducted Emissions
- BSMI CNS 13438 Taiwan Radiated and Conducted Emissions (at 10 Meters)
- KN32/KN35 Korea Radiated Emission and Immunity Characteristics (at 10 Meters)
- KN61000 Korea Immunity Test
- TEC/SD/DD/EMC-221/05/OCT-16 India EMC standard
Environmental Compliance
Restriction of Hazardous Substances (ROHS) 6/6
China Restriction of Hazardous Substances (ROHS)
Registration, Evaluation, Authorisation and Restriction of Chemicals (REACH)
Waste Electronics and Electrical Equipment (WEEE)
Recycled material
80 Plus Silver PSU Efficiency
Telco
- Common Language Equipment Identifier (CLEI) code
Environmental Ranges
- Operating temperature: 32° to 104° F (0° to 40° C)
- Storage temperature: -40° to 158° F (-40° to 70° C)
- Operating altitude: Up to 6000 ft (1829 m)
- Relative humidity operating: 5% to 90% (noncondensing)
- Relative humidity nonoperating: 0% to 95% (noncondensing)
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more information, please visit https://www.juniper.net/us/en/products.html.Installation and Implementation Service
Juniper Professional Services offers an Enterprise Switching QuickStart program to ensure that your solution is operational and you have a complete understanding of areas such as configuration and ongoing operations. The QuickStart service provides an onsite consultant who works with your team to quickly develop the initial configuration and deployment of a small Juniper Networks data center switching environment. A knowledge transfer session, which is intended as a review of local implementation and configuration options, is also included, but is not intended as a substitute for formalized training.Ordering Information
Product Description Switch Hardware EX4650-48Y-AFI 48 25GbE/10GbE/GbE SFP28/SFP+/SFP ports, 8 100GbE/40GbE QSFP28/QSFP+ ports, redundant fans, 2 AC power supplies, 2 power cords, 4-post rack mount kit, and back to front airflow EX4650-48Y-AFO 48 25GbE/10GbE/GbE SFP28/SFP+/SFP ports, 8 100GbE/40GbE QSFP28/QSFP+ ports, redundant fans, 2 AC power supplies, 2 power cords, 4-post rack mount kit, and front to back airflow EX4650-48Y-DC-AFI 48 25GbE/10GbE/GbE SFP28/SFP+/SFP ports, 8 100GbE/40GbE QSFP28/QSFP+ ports, redundant fans, 2 DC power supplies, 2 power cords, 4-post rack mount kit, and back to front airflow EX4650-48Y-DC-AFO 48 25GbE/10GbE/GbE SFP28/SFP+/SFP ports, 8 100GbE/40GbE QSFP28/QSFP+ ports, redundant fans, 2 DC power supplies, 2 power cords, 4-post rack mount kit, and front to back airflow JPSU-650W-AC-AFO Juniper 650 W AC power supply (port-side to FRU-side airflow) JPSU-650W-AC-AFI Juniper 650 W AC power supply (FRU-side to port-side airflow) JPSU-650W-DC-AFO Juniper 650 W DC power supply (port-side to FRU-side airflow) JPSU-650W-DC-AFI Juniper 650 W DC power supply (FRU-side to port-side airflow) QFX5110-FANAFI FANAFI fan model, back-to-front airflow QFX5110-FANAFO FANAFO fan model, front-to-back airflow EX-4PST-RMK 4 post rack mount kit Optics and Transceivers EX-SFP-1GE-T SFP 1000BASE-T copper transceiver module for up to 100 m transmission on Category 5 EX-SFP-1GE-SX SFP 1000BASE-SX GbE optics, 850 nm for up to 550 m transmission on multimode fiber EX-SFP-1GE-LX SFP 1000BASE-LX GbE optics, 1310 nm for 10 km transmission on single-mode fiber EX-SFP-10GE-USR SFP+ 10GbE ultra short reach optics, 850 nm for 10 m on OM1, 20 m on OM2, 100 m on OM3 multimode fiber EX-SFP-10GE-SR SFP+ 10GBASE-SR 10GbE optics, 850 nm for up to 300 m transmission on multimode fiber EX-SFP-10GE-LR SFP+ 10GBASE-LR 10GbE optics, 1310 nm for 10 km transmission on single-mode fiber EX-SFP-10GE-ER SFP+ 10GBASE-ER 10GbE optics, 1550 nm for 40 km transmission on single-mode fiber EX-SFP-10GE-ZR SFP+ 10GBASE-ZR 10GbE optics, 1550 nm for 80 km transmission on single-mode fiber EX-SFP-DAC-1M SFP+ 10GbE Direct Attach Copper (twinax copper cable), 1 m EX-SFP-DAC-3M SFP+ 10GbE Direct Attach Copper (twinax copper cable), 3 m QFX-SFP-DAC-1MA SFP+ 10GbE Direct Attach Copper (active twinax copper cable), 1 m QFX-SFP-DAC-3MA SFP+ 10GbE Direct Attach Copper (active twinax copper cable), 3 m QFX-SFP-DAC-5MA SFP+ 10GbE Direct Attach Copper (active twinax copper cable), 5 m QFX-SFP-DAC-7MA SFP+ 10GbE Direct Attach Copper (active twinax copper cable), 7 m JNP-SFPP-10GE-T SFP+ transceiver provides 100/1000/10000BASE-TX throughput up to 30m over a copper connection via an RJ-45 connector JNP-25G-SR SFP28 25GBASE-SR optics for up to 100 m transmission over serial multimode fiber-optic (MMF) OM4 fiber JNP-25G-LR SFP28 25GBASE-SR optics for up to 10 km transmission over serial single-mode fiber-optic (SMF) JNP-25G-DAC-1M 25GbE SFP28 to SFP28 copper cable, 1 m JNP-25G-DAC-3M 25GbE SFP28 to SFP28 copper cable, 3 m EX-QSFP-40G-LX4 40GbE QSFP+ LX4 optics EX-QSFP-40G-SR4 QSFP+ 40GBASE-SR4 40GbE optics, 850 nm for up to 150 m transmission on multimode fiber QFX-QSFP-40G-ESR4 QSFP+ 40GBASE-SR4 40GbE optics, 850 nm for up to 300 m transmission on multimode fiber QSFPP-40GBASE-ER4 40GBASE-ER4 QSFP+ pluggable transceiver EX-QSFP-40G-LR4 40GbE QSFP+ LR4 QFX-QSFP-DAC-1M QSFP+ to QSFP+ Ethernet Direct Attach Copper (twinax copper cable), 1 m passive QFX-QSFP-DAC-3M QSFP+ to QSFP+ Ethernet Direct Attach Copper (twinax copper cable), 3 m passive QFX-QSFP-DACBO-1M QSFP+ to SFP+ 10GbE Direct Attach Breakout Copper (twinax copper cable), 1 m QFX-QSFP-DACBO-3M QSFP+ to SFP+ 10GbE Direct Attach Breakout Copper (twinax copper cable), 3 m EX-QSFP-100G-SR4 QSFP28 100GbE, SR4, 100 m JNP-QSFP-100G-PSM4 QSFP28 100GBASE-PSM4 optics for up to 500 m transmission over parallel SMF JNP-QSFP-100G-CWDM QSFP28 100GbE, CWDM4, 2 km EX-QSFP-100G-LR4 QSFP28 100GbE, LR4, 10 km JNP-100G-DAC-1M QSFP28 to QSFP28 Ethernet Direct Attach Copper (twinax copper cable) 1 m JNP-100G-DAC-3M QSFP28 to QSFP28 Ethernet Direct Attach Copper (twinax copper cable) 3 m JNP-100G-4X25G-1M QSFP28 to SFP+ 25GbE Direct Attach Breakout Copper (twinax copper cable) 1 m JNP-100G-4X25G-3M QSFP28 to SFP+ 25 GbE Direct Attach Breakout Copper (twinax copper cable) 3 m EX-SFP-GE80KCW1470 SFP, Gigabit Ethernet CWDM optics, 1470 nm for 80 km transmission on SMF EX-SFP-GE80KCW1490 SFP, Gigabit Ethernet CWDM optics, 1490 nm for 80 km transmission on SMF EX-SFP-GE80KCW1530 SFP, Gigabit Ethernet CWDM optics, 1530 nm for 80 km transmission on SMF EX-SFP-GE80KCW1550 SFP, Gigabit Ethernet CWDM optics, 1550 nm for 80 km transmission on SMF EX-SFP-GE80KCW1570 SFP, Gigabit Ethernet CWDM optics, 1570 nm for 80 km transmission on SMF EX-SFP-GE80KCW1590 SFP, Gigabit Ethernet CWDM optics, 1590 nm for 80 km transmission on SMF EX-SFP-GE80KCW1610 SFP, Gigabit Ethernet CWDM optics, 1610 nm for 80 km transmission on SMF Software Feature Licenses EX4650-PFL EX4650 Premium Feature License EX4650-AFL EX4650 Advanced Feature License -
Product Overview
The QFX5700 Switch offers a high-density, cost-optimized, 5 U 400GbE, 8 slot fabric-less modular platform, ideal for data centers where capacity and cloud services are being added as business needs grow. These services require higher network bandwidth per rack, as well as flexibility, making the 10/25/40/50/100/200/400GbE interface options of the QFX5700 switch ideal for server and intra-fabric connectivity. The QFX5700 is an optimal choice for spine-and-leaf deployments in enterprise, service provider, and cloud provider data centers.Coupled with the widespread adoption of overlay technologies, the QFX5700 lays a strong foundation for your evolving business and network needs, offering deployment versatility to future-proof your network investment.
Product Description
The Juniper Networks® QFX5700 Switch is a next-generation, modular and fabric-less spine-and-leaf switch that offers flexibility, cost efficiency with lower-per-bit, high-density 400GbE, 200GbE*, 100GbE, 50GbE*, 40GbE, 25GbE, and 10GbE interfaces for server and intra-fabric connectivity. A versatile, future-proven solution for today’s data centers, the QFX5700 leverages the power of a fully programmable Broadcom’s Trident 4 chipset to support and deliver a diverse set of use cases. It supports advanced Layer 2, Layer 3, and Ethernet VPN (EVPN)- Virtual Extensible LAN (VXLAN) features. For large public cloud providers—early adopters of high-performance servers to meet explosive workload growth—the QFX5700 supports very large, dense, and fast 400GbE IP fabrics based on proven Internet scale technology. For enterprise customers seeking investment protection as they transition their server farms from 10GbE to 25GbE, the QFX5700 switch also provides a high radix-native 100GbE/400GbE EVPN-VXLAN spine option at reduced power and a smaller footprint. The QFX5700 supports diverse use cases such as Data Center Fabric Spine, EVPN-VXLAN Fabric, Data Center Interconnect/Border, Secure DCI, multi-tier campus, campus IP fabric, and connecting firewall clusters in the DC to the fabric. Delivering 25.6 Tbps of bidirectional bandwidth, the switch is optimally designed for spine-and-leaf deployments in enterprise, high-performance computing (HPC), service provider, and cloud data centers. The QFX5700 is a modular merchant silicon-based chassis offering a wide variety of ports configurations, including 400GbE, 200GbE*, 100GbE, 50GbE*, 40GbE, 25GbE, and 10GbE. The QFX5700 is equipped with up to four AC or DC power supplies, providing N+N feed redundancy or N+1 PSU redundancy when all power supplies are present. Two hot-swappable fan trays offer front-to-back (AFO) airflow, providing N+1 fan rotor redundancy at Chassis. The platform also includes support for in-line MACsec* line cards. The QFX5700 includes an Intel Hewitt Lake 6 core to drive the control plane, which runs the Junos® OS Evolved operating system software.Product Highlights
The QFX5700 includes the following capabilities. Please refer to the Specifications section for current shipping features.Native 400GbE Configuration
The QFX5700 offers 32 ports of 400GbE in a modular 8 slot 5 U form factor.High-Density Configurations
The QFX5700 is optimized for high-density fabric deployments, providing options for 32 ports of 400GbE, 64 ports of 200GbE (using Breakout cable), 128 ports of 100GbE, and 40GbE, 144 ports of 50GbE/ 40GbE/ 25GbE/ 10GbE with the opportunity to scale-as-you-grow.Flexible Connectivity Options
The QFX5700 offers a choice of interface speeds for server and intra-fabric connectivity, providing deployment versatility and investment protection.Key Product Differentiators
Increased Scale and Buffer
The QFX5700 provides enhanced scale with up to 1.24 million routes, 80,000 firewall filters, and 160,000 media access control (MAC) addresses. It supports high numbers of egress IPv4/IPv6 rules by programming matches in egress ternary content addressable memory (TCAM) along with ingress TCAM.132MB Shared Packet Buffer
Today’s cloud-native applications have critical dependency on buffer size to prevent congestion and packet drops. The QFX5700 has 132 MB shared packet buffer that is allocated dynamically to congested ports.Programmability
The QFX5700 revolutionizes performance for data center networks by providing a programmable software-defined pipeline in addition to the comprehensive feature set provided in the Juniper Networks QFX5120 Switch line. The QFX5700 uses a compiler-driven switch data plane with full software program control to enable and serve a diverse set of use cases, including in-band telemetry, fine-grained filtering for traffic steering, traffic monitoring, and support for new protocol encapsulations.Power Efficiency
With its low power 7nm technology, a fully loaded and fully redundant QFX5700 consumes typically 2,870 W, bringing improvements in speed, less power consumption, and higher density on chip.Features and Benefits
- Automation and programmability: The QFX5700 supports several network automation features for plug-and-play operations, including zero-touch provisioning (ZTP), Network Configuration Protocol (NETCONF), Juniper Extension Toolkit (JET), Junos telemetry interface, operations and event scripts, automation rollback, and Python scripting.
- Cloud-level scale and performance: The QFX5700 supports best-in-class cloud-scale L2/L3 deployments with a low latency of 630 ns and superior scale and performance. This includes L2 support for 160,000 MAC addresses and Address Resolution Protocol (ARP) learning, which scales up to 64,000 entries at 500 frames per second. It also includes L3 support for 1.24 million longest prefix match (LPM) routes and 160,000 host routes on IPv4. Additionally, the QFX5700 supports 610,000 LPM routes and 80,000 host routes on IPv6, 128-way equal- cost multipath (ECMP) routes, and a filter that supports 80,000 ingress and 18,000 egress exactly match filtering rules. The QFX5700 supports up to 128 link aggregation groups, 4096 VLANs, and Jumbo frames of 9216 bytes. Junos OS Evolved provides configurable options through a CLI, enabling each QFX5700 to be optimized for different deployment scenarios.
- VXLAN overlays*: The QFX5700 is capable of both L2 and L3 gateway services. Customers can deploy overlay networks to provide L2 adjacencies for applications over L3 fabrics. The overlay networks use VXLAN in the data plane and EVPN or Open vSwitch Database (OVSDB) for programming the overlays, which can operate without a controller or be orchestrated with an SDN controller.
- IEEE 1588 PTP Boundary Clock with Hardware Timestamping*: IEEE 1588 PTP transparent/boundary clock is supported on QFX5700, enabling accurate and precise sub-microsecond timing information in today’s data center networks. In addition, the QFX5700 supports hardware timestamping; timestamps in Precision Time Protocol (PTP) packets are captured and inserted by an onboard field-programmable gate array (FPGA) on the switch at the physical (PHY) level.
- Data packet timestamping*: When the optional data packet timestamping feature is enabled, select packets flowing through the QFX5700 are timestamped with references to the recovered PTP clock. When these packets are received by nodes in the network, the timestamping information can be mirrored onto monitoring tools to identify network bottlenecks that cause latency. This analysis can also be used for legal and compliance purposes in institutions such as financial trading, video streaming, and research establishments.
- RoCEv2*: As a switch capable of transporting data as well as storage traffic over Ethernet, the QFX5700 provides an IEEE data center bridging (DCB) converged network between servers with disaggregated flash storage arrays or an NVMe-enabled storage-area network (SAN). The QFX5700 offers a full-featured DCB implementation that provides strong monitoring capabilities on the top- of-rack switch for SAN and LAN administration teams to maintain clear separation of management. The RDMA over Converged Ethernet version 2 (RoCEv2) transit switch functionality, including priority-based flow control (PFC) and Data Center Bridging Capability Exchange (DCBX), are included as part of the default software.
- Junos Evolved features: The QFX5700 switch supports features such as L2/L3 unicast, EVPN-VXLAN*, BGP add- path, RoCEv2 and congestion management, multicast, 128- way ECMP, dynamic load balancing capabilities, enhanced firewall capabilities, and monitoring.
- Junos OS Evolved Architecture: Junos OS Evolved is a native Linux operating system that incorporates a modular design of independent functional components and enables individual components to be upgraded independently while the system remains operational. Component failures are localized to the specific component involved and can be corrected by upgrading and restarting that specific component without having to bring down the entire device. The switches control and data plane processes can run in parallel, maximizing CPU utilization, providing support for containerization, and enabling application deployment using LXC or Docker.
- Retained state: State is the retained information or status pertaining to physical and logical entities. It includes both operational and configuration state, comprising committed configuration, interface state, routes, hardware state, and what is held in a central database called the distributed data store (DDS). State information remains persistent, is shared across the system, and is supplied during restarts.
- Feature support: All key networking functions such as routing, bridging, management software, and management plane interfaces, as well as APIs such as CLI, NETCONF, JET, Junos telemetry interface, and the underlying data models, resemble those supported by the Junos operating system. This ensures compatibility and eases the transition to Junos Evolved.
Deployment Options
The QFX5700 can be deployed as a universal device in cloud data centers to support 100GbE server access and 400GbE spine-and-leaf configurations, optimizing data center operations by using a single device across multiple network layers (see Figure 1). The QFX5700 can also be deployed in more advanced overlay architectures like an EVPN-VXLAN fabric. Depending on where tunnel terminations are desired, the QFX5700 can be deployed in either a centrally routed or edge-routed architecture.Port Combinations Switch Deployment 32x400GbE QFX5700 400GbE spine 64x200GbE QFX5700 200GbE spine or leaf with breakout cables 128x100GbE QFX5700 100GbE access or leaf 144x50GbE QFX5700 50GbE access or leaf with 50GbE breakout cables 128x40GbE QFX5700 40GbE access or leaf 144x25GbE QFX5700 25GbE access or leaf with 25GbE break out cables 144x10GbE QFX5700 10GbE access or leaf with 10GbE break out cables 
Figure 1: Typical cloud data center deployment for the QFX5700Architecture and Key Components
The QFX5700 can be used in L2 fabrics and L3 networks. You can choose the architecture that best suits your deployment needs and easily adapt and evolve as requirements change over time. The QFX5700 serves as the universal building block for these switching architectures, enabling data center operators to build cloud networks in their own way. Layer 3 fabric: For customers looking to build scale-out data centers, a Layer 3 spine-and-leaf Clos fabric provides predictable, nonblocking performance and scale characteristics. A two-tier fabric built with QFX5700 switches as leaf devices and Juniper Networks QFX10000 modular switches in the spine can scale to support up to 128 40GbE ports or 128 25GbE and/or 10GbE server ports in a single fabric. Junos OS Evolved ensures a high feature and bug fix velocity and provides first-class access to system state, allowing customers to run DevOps tools, containerized applications, management agents, specialized telemetry agents, and more.Junos Telemetry Interface
The QFX5700 supports Junos telemetry interface, a modern telemetry streaming tool that provides performance monitoring in complex, dynamic data centers. Streaming data to a performance management system lets network administrators measure trends in link and node utilization and troubleshoot issues such as network congestion in real time. Junos telemetry interface provides:- Application visibility and performance management by provisioning sensors to collect and stream data and analyze the application and workload flow path through the network
- Capacity planning and optimization by proactively detecting hotspots and monitoring latency and microbursts
- Troubleshooting and root cause analysis via high frequency monitoring and correlating overlay and underlay networks
Specifications
Hardware
Table 1. QFX5700 System CapacitySpecification QFX5700 System throughput Up to 25.6 Tbps (bidirectional) Forwarding capacity 5.68 billion packets per second Port density 32 ports of QSFP56-DD 400GbE/ 128 Ports of QSFP28 100GbE Table 2. QFX5700 System SpecificationsSpecification QFX5700 Dimensions (W x H x D) 19.0 in x 8.74 in (5RU) x 32 in (48.2 x 22.2 x 81.5 cm) Rack units 5 U Weight 153.8 lbs. (69.8 kg) with all FRUs installed Operating system Junos OS Evolved CPU Intel Hewitt Lake, 32GB DDRAM Power - Redundant (N+N) hot-pluggable 3000 W AC/ DC power supplies (2n)
Cooling - Two hot-pluggable Fan trays with Four Counter Rotating Fans in each Fan Tray
- N+1 Fan rotor redundancy at Chassis level
- Front to Back air cooling
Total packet buffer 132MB Recommended Software Version Junos OS Evolved 21.2R2 EVO+ Warranty Juniper standard one-year warranty 
Figure 2: Cloud/Carrier-Class Junos OS Evolved Network Operating SystemSoftware
- MAC addresses per system: 160,000
- VLAN IDs: 4000 (QFX5700)
- Number of link aggregation groups (LAGs): 128
- Number of ports per LAG: 64
- Firewall filters:
Filters—TD4 Pipe supported Scale number IPACL—profile1 Yes (except LAG) Up to 80,000 EPACL Yes (except LAG) Up to 8,000 IPACL—profile1 Yes (except LAG and IRB) Up to 80,000 ERACLv4, ERACLv6 Yes (except LAG and IRB) Up to 4,000 IVACL—profile1 No Up to 20,000 EVACL No Up to 2,000 - 02.1AB Link Layer Discovery Protocol (LLDIPv4 unicast routes: 1.24 million* prefixes; 160,000 host routes
- IPv6 unicast routes: 610,000 prefixes; 80,000 host routes
- ARP entries: 32,000 (tunnel mode); 64,000 (non-tunnel mode)
- Neighbor Discovery Protocol (NDP) entries: 32,000 (tunnel mode); 64,000 (non-tunnel mode)
- Generic routing encapsulation (GRE) tunnels: 1000
- Jumbo frame: 9216 bytes
- Traffic mirroring: 8 destination ports per switch
Layer 2 Features
- STP—IEEE 802.1D (802.1D-2004)*
- Rapid Spanning Tree Protocol (RSTP) (IEEE 802.1w); MSTP (IEEE 802.1s)*
- Bridge protocol data unit (BPDU) protect*
- Loop protect*
- Root protect*
- RSTP and VLAN Spanning Tree Protocol (VSTP) running concurrently*
- VLAN—IEEE 802.1Q VLAN trunking
- Routed VLAN interface (RVI)
- Port-based VLAN
- MAC address filtering*
- Static MAC address assignment for interface
- MAC learning disable
- Link Aggregation and Link Aggregation Control Protocol (LACP) (IEEE 802.3ad)
- IEEE 802.1AB Link Layer Discovery Protocol (LLDP)
Link Aggregation
- LAG load sharing algorithm—bridged or routed (unicast or multicast) traffic:
- IP: Session Initiation Protocol (SIP), Dynamic Internet Protocol (DIP), TCP/UDP source port, TCP/UDP destination port
- L2 and non-IP: MAC SA, MAC DA, Ether type, VLAN ID, source port
Layer 3 Features
- Static routing
- OSPF v1/v2
- OSPF v3
- Filter-based forwarding
- Virtual Router Redundancy Protocol (VRRP)*
- IPv6
- Virtual routers
- Loop-free alternate (LFA)
- BGP (Advanced Services or Premium Services license)
- IS-IS (Advanced Services or Premium Services license)
- Dynamic Host Configuration Protocol (DHCP) v4/v6 relay
- VR-aware DHCP
- IPv4/IPv6 over GRE tunnels (interface-based with decap/ encap only)
Multicast*
- Internet Group Management Protocol (IGMP) v1/v2
- Multicast Listener Discovery (MLD) v1/v2
- IGMP proxy, querier
- IGMP v1/v2/v3 snooping*
- Intersubnet multicast using IRB interface*
- MLD snooping*
- Protocol Independent Multicast PIM-SM, PIM-SSM, PIM- DM, PIM-Bidir*
- Multicast Source Discovery Protocol (MSDP)*
Security and Filters
- Secure interface login and password
- Secure boot
- RADIUS
- TACACS+
- Ingress and egress filters: Allow and deny, port filters, VLAN filters, and routed filters, including management port filters and loopback filters for control plane protection
- Filter actions: Logging, system logging, reject, mirror to an interface, counters, assign forwarding class, permit, drop, police, mark
- SSH v1, v2
- Static ARP support
- Storm control, port error disable, and autorecovery*
- Control plane denial-of-service (DoS) protection
- Image rollback
Quality of Service (QoS)
- L2 and L3 QoS: Classification, rewrite, queuing
- Rate limiting:
- Ingress policing: 1 rate 2 color, 2 rate 3 color
- Egress policing: Policer, policer mark down action
- Egress shaping: Per queue, per port
- 12 hardware queues per port (8 unicast and 4 multicast)
- Strict priority queuing (LLQ), shaped-deficit weighted round-robin (SDWRR), weighted random early detection (WRED)
- 802.1p remarking
- Layer 2 classification criteria: Interface, MAC address, Ether type, 802.1p, VLAN
- Congestion avoidance capabilities: WRED
- Trust IEEE 802.1p (ingress)
- Remarking of bridged packets
EVPN-VXLAN*
- EVPN support with VXLAN transport
- EVPN pure type-5 route support with symmetric inter-irb routing
- All-active multihoming support for EVPN-VXLAN (ESI-LAG aka EVPN-LAG)
- Multiple EVI (EVPN instances) aka multiple MAC-VRF for Mac advertisement
- MAC-VRF (EVI) multiple EVPN service-type support: vlan- based, vlan-aware, vlan-bundle
- ARP/ND suppression aka proxy-arp/nd
- Ingress multicast Replication
- IGMPv2 snooping support fabric wide: using EVPN route type 6,
- IGMPv2 snooping support for L2 multihoming scenarios: EVPN route type-7 and type-8
- IP prefix advertisement using EVPN with VxLAN encapsulation
Data Center Bridging (DCB)*
- Explicit congestion notification (ECN)
- Priority-based flow control (PFC)—IEEE 802.1Qbb*
High Availability
- Bidirectional Forwarding Detection (BFD)
- Uplink failure detection (UFD)*
Visibility and Analytics
- Switched Port Analyzer (SPAN)
- Remote SPAN (RSPAN)
- Encapsulated Remote SPAN (ERSPAN)
- sFlow v5
- Junos telemetry interface
Management and Operations
- Role-based CLI management and access
- CLI via console, telnet, or SSH
- Extended ping and traceroute
- Junos OS Evolved configuration rescue and rollback
- SNMP v1/v2/v3
- Junos OS Evolved XML management protocol
- High frequency statistics collection
- Automation and orchestration
- Zero-touch provisioning (ZTP)
- Python
- Junos OS Evolved event, commit, and OP scripts
Standards Compliance
IEEE Standards
- IEEE 802.1D
- IEEE 802.1w
- IEEE 802.1
- IEEE 802.1Q
- IEEE 802.1p
- IEEE 802.1ad
- IEEE 802.3ad
- IEEE 802.1AB
- IEEE 802.3x
- IEEE 802.1Qbb*
- IEEE 802.1Qaz
- T11 Standards
- INCITS T11 FC-BB-5
Environmental Ranges
Parameters QFX5700 Operating temperature 32° to 104° F (0° to 40° C) Storage temperature -40° through 158° F Operating altitude Up to 6000 feet (1828.8 meters) Relative humidity operating 5 to 90% (noncondensing) Relative humidity nonoperating 5 to 95% (noncondensing) Seismic Designed to meet GR-63, Zone 4 earthquake requirements Thermal Output
Parameters QFX5700 Redundant System: Maximum power (without optics) 2830W Redundant System: Typical power (without optics) 2193W Non-redundant System: Maximum power (without optics) 2425W Non-redundant System: Typical power (without optics) 1847W Safety and Compliance
Safety
- CAN/CSA-C22.2 No. 60950-1 Information Technology Equipment—Safety
- UL 60950-1 Information Technology Equipment—Safety
- EN 60950-1 Information Technology Equipment—Safety
- IEC 60950-1 Information Technology Equipment—Safety (All country deviations)
- EN 60825-1 Safety of Laser Products—Part 1: Equipment Classification
- UL 62368-1 Second Edition
- UL IEC 62328-1 Second Edition
Security
- FIPS/CC*
- TAA*
Electromagnetic Compatibility
- FCC 47 CFR Part 15
- ICES-003 / ICES-GEN
- EN 300 386 V1.6.1
- EN 300 386 V2.1.1
- EN 55032
- CISPR 32
- EN 55024
- CISPR 24
- EN 55035
- CISPR 35
- IEC/EN 61000 Series
- AS/NZS CISPR 32
- VCCI-CISPR 32
- BSMI CNS 13438
- KN 32 and KN 35
- KN 61000 Series
- TEC/SD/DD/EMC-221/05/OCT-16
- TCVN 7189
- TCVN 7317
Telco
- Common Language Equipment Identifier (CLEI) code
Environmental Compliance
Restriction of Hazardous Substances (ROHS) 6/6
China Restriction of Hazardous Substances (ROHS)
Registration, Evaluation, Authorization and Restriction of Chemicals (REACH)
Waste Electronics and Electrical Equipment (WEEE)
Recycled material
80 Plus Silver PSU Efficiency
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.Ordering Information
Product Number Description QFX5700 Hardware QFX5700-CHAS QFX5700 Spare Chassis QFX5700-BASE-AC QFX5700 (hardware only; software services sold separately), with 1 FEB, 1 RCB, redundant fans, 2 AC power supplies, front-to- back airflow QFX5700 Line Cards QFX5K-FPC-4CD 4X400G line card for QFX5700 chassis QFX5K-FPC-20Y 10G/25G(SFP) line card for QFX5700 chassis QFX5K-FPC-16C 16X100G line card for QFX700 chassis QFX5700 Power Supply JNP-3000W-AC-AFO AC PS 3000W, AFO JNP-3000W-DC-AFO DC PS 3000W, AFO QFX5700-4PRMK 4-Post Rack Mount Kit for QFX5700 QFX5700-FAN Airflow out (AFO) front-to-back airflow fans for QFX5700 Software Licenses SKUs S-QFX5KC3-MACSEC-3 MACsec Software feature license for QFX5700, 16(100G) ports + 20(10G/25G) ports, 3 Year S-QFX5KC3-MACSEC-5 MACsec Software feature license for QFX5700, 16(100G) ports + 20(10G/25G) ports, 5 Year S-QFX5KC3-MACSEC-P MACsec Software feature license for QFX5700, 16(100G) ports + 20(10G/25G) ports, Perpetual S-QFX5K-C3-A1-X (X=3,5) Base L3 Software Subscription (X Years; X=3,5) License for QFX5700 S-QFX5K-C3-A2-X (X=3,5) Advanced Software Subscription (X Years; X=3,5) License for QFX5700 S-QFX5K-C3-P1-X (X=3,5) Premium Software Subscription (X Years; X=3,5) License for QFX5700 Cable SKUs CBL-JNP-SDG4-JPL Cable Specific, Japan CBL-JNP-SDG4-TW Cable Specific, Taiwan CBL-JNP-SDG4-US-L6 Cable Specific, US/North America, L6 CBL-JNP-PWR-EU Cable Specific, EU,Africa,China CBL-JNP-SDG4-US-L7 Cable Specific, US/North America, L7 CBL-JNP-SDG4-IN Cable Specific, India CBL-JNP-SDG4-SK Cable Specific, South Korea Additional SKUs JNP5K-FEB-BLNK Blank cover for empty FEB slot JNP5K-FPC-BLNK Blank cover for empty FPC (Line card) slot JNP5K-RCB-BLNK Blank cover for empty RCB (Routing Control Board) slot JNP5K-RMK-4POST Rack Mount Kit QFX5K-EMI Cable Manager Optics and Transceivers
QFX5700 supports varying port speeds at 400G, 100G, 50G, 40G, 25G, 10G with different transceiver options of DAC, AOC, BO. Up-to-date information on supported optics can be found at https://apps.juniper.net . -
Product Overview
Juniper Networks PTX10000 modular routers were specifically designed to meet new service level agreements in the cloud era. As cloud and 5G trends accelerate network transformation, core and peering networks face exponential traffic growth due to the massive increase in the number of connected devices, presenting operators with the same challenges but at a faster rate. Leading the 400G transition, these modular routers set new benchmarks of scale, flexibility, and reliability with high-performance custom silicon. These platforms share a common set of components and full feature sets, with various 400GbE-capable line cards available to satisfy specific core, peering, data center, and metro-core deployments in the most demanding environments.
Product Description
Increasingly sophisticated network operators and users seek highly responsive and customizable cloud-like online experiences and services that align with their unique needs and interests, creating more traffic that consumes increasing amounts of network bandwidth. The demands of the increased network traffic are driving the creation of new core and peering architectures. Cloud routing allows for more centralized, interconnected cores to help operators scale their networks to meet new service-level agreements. Competing with the ability to rapidly expand capacity is the need to reduce operational costs; providers are under enormous pressure to lower margins and compete with new entrants and disruptors that do not have legacy networks to maintain. There is immense pressure on core and peering routers to simultaneously address:- Scale: Providers may offer backbone connectivity that requires a large number of label-switched paths (LSPs). If they are using Segment Routing or RSVP to take advantage of the traffic engineering (SR-TE/RSVP-TE) functionality, the control plane signaling path must be able to scale in step with the growth of LSPs. This ability to scale is needed for both the primary and backup paths to support redundancy mechanisms like fast re-route (FRR). Today, the total number needed for backbone connectivity is a few million. This type of scaling challenge will be felt by operators who are trying to diversify their portfolios by adding a broader scope of connectivity options; for example, a data center operator who wants to provide cloud connectivity or VPN services to enterprise customers, or an operator of private line service who wants to add a collocation service to its offering.
- Operational Flexibility: Virtualized services and the explosion of cloud-based applications are creating increasingly erratic traffic patterns. To handle this unpredictability, service providers need architectures that are flexible and dynamic across all layers. Operators today rely on the flexibility and capacity of IP filters to mitigate the impact of increasing denial-of-service (DoS) attacks.
- Investment Protection: Ensuring operators are investing in platforms designed to last has become imperative to leveraging the next generation of ASIC improvements the industry is offering. The risk of packet drops from rip-and-replace strategies to yearly silicon upgrades severely impacts the reliability of future upgrades.
Figure 1: PTX10000 router deploymentIn order to address these challenges, network operators need a router that delivers scalability, flexibility, and reliability to the network. Juniper Networks® PTX Series Routers takes high-performance networking to the next level, easily fitting into both cloud- and service-providers networks across core, peering, data center spice, data center edge, and infrastructure edge routing. (Figure 1). The PTX Series Routers are powered by Juniper’s custom Express family ASICs, supporting 400GbE architectures and delivering predictable IP/MPLS packet performance and functionality, eliminating the complex packet profiles found in elaborate, over-engineered network processing units deployed in other core routers. The PTX Series Routers bring physical and virtual innovations to the cloud and service provider networks. These next-generation routers help network operators achieve their business goals while effectively handling current and future traffic demands through automation, optimization, and programmability. The PTX Series Routers combines the best of Juniper’s Express ASICs with the reliability and familiarity of Junos® OS. The PTX Series Routers are comprised of feature-rich, 400G-optimized fixed and modular platforms.PTX10004, PTX10008, PTX10016 Hardware
The PTX10004 (4-slot), PTX10008 (8-slot), and PTX10016 (16-slot) modular routers utilize Juniper’s Express4 ASIC powered line cards to support deep buffers, flexible packet filtering, and bandwidth demanding core and peering architectures.Table 1. PTX10004, PTX10008, PTX100016 Modular Chassis OptionsRouter Bandwidth Height 3T (30 x 100GbE; 144 x 10GbE) 4.8T (4 x 400GbE; 48 x 100GbE) 14.4T (36 x 400GbE; 144 x 100GbE) PTX10004 - 19.2T 57.6T 4 slots/7 RU PTX10008 24T 38.4T 115.2T 8 slots/13 RU PTX10016 48T 76.8T 230.4T 16 slots/21 RU The PTX10004, PTX10008, and PTX10016 are cloud-optimized to support the transition and expansion of 400GbE networks. These high density routers are designed for today’s space- and power-constrained facilities, supporting 400GbE architectures with inline Media Access Control Security (MACsec) on all ports for uncompromised security. PTX LC1201 and LC1202 line cards offer native SFP+ transceiver support through QSFP adapter, MAM1Q00A-QSA. This option enables deployments where 10GE connectivity over more than 10KM single mode fiber links is required. These modular routers enable network operators to build core architectures that optimize label-switching router (LSR), Internet backbone, peering, and optical convergence applications. As a result, operators can—for the first time—match traffic demands with enhanced core router performance and flexible deployments. With its ultra-optimized and compact form factor, the PTX10000 line is ideal for peering, collocation, and central office locations where space and power are at a premium.Silicon Innovations with Express Family ASICs
Continuous innovations in silicon enable the PTX10000 modular routers to accommodate scale-up and scale-out architectures with smooth migration paths as traffic patterns change. Juniper’s custom Express silicon allows adaptive load balancing, data structure sharing, and better resource utilization, as well as supporting value-added resources for additional filtering flexibility—all while lowering cost per bit. The PTX10004, PTX10008, and PTX10016 are powered by the highly scalable Juniper Express4 silicon, the industry’s first inline MACsec for 400GbE chip to support universal multirate QSFP56-DD. The Juniper Express4 silicon delivers consistently low latency, 8M counters, 256 Advanced Encryption Standard (AES) MACsec encryption supported on all ports, and wire-rate packet performance for IP traffic without sacrificing the optimized system power profile. Preserving the spirit of the Junos Express silicon family, Juniper Express4 silicon is the first purpose-built telecommunications silicon to incorporate a 3D memory architecture into the base design, offering the industry’s highest packet performance per gigabit in the fewest rack units. It also provides dynamic table memory allocation for massive IP routing scale while delivering tremendous power efficiency gains at 0.14 watts/gigabit. The ability to address a provider’s core networking requirements— scale, operational flexibility, and SDN control— begins with the silicon. With the PTX10000 line, operators can now deploy a core architecture with full Juniper Paragon Automation suite.Architecture and Key Components
The PTX10000 line of Packet Transport Routers features a number of key architectural elements. Dual redundant routing engines (REs) on the PTX10004, PTX10008, and PTX10016 run the Juniper Networks Junos operating system, where they manage all routing protocol processes, router interface control, and control plane functions such as chassis component, system management, and user access to the router. In addition, unique cryptographic digital identity has been added to the Trusted Platform Module (TPM 2.0), which is embedded in the latest generation of REs. This addition enables device attestation and enhances security. REs’ processes interact with the Packet Forwarding Engine (PFE) on the line cards via dedicated high- bandwidth management channels, providing a clean separation of the control and forwarding planes. The PTX10004, PTX10008, and PTX10016 Express-based line cards currently support 10GbE, 25GbE, 40GbE, 100GbE, and 400GbE interfaces. The horizontal line cards in the front of the chassis connect directly to the vertical switch fabric cards in the rear of the chassis via orthogonal interconnects without requiring a midplane. This provides unparalleled investment protection by ensuring a smooth upgrade path to higher speed switch fabric cards as they become available. The midplane-less design improves airflow with a front-to-back design and enables limitless scale. To maintain uninterrupted operation, the PTX10000 modular chassis fan trays cool the line cards and REs with redundant, variable-speed fans. In addition, the PTX10000 line power supplies convert building power to the internal voltage required by the system. All PTX10000 line components are hot-swappable, and all central functions are available in redundant configurations, providing high operational availability by allowing continuous system operation during maintenance or repairs.PTX10000 Line: Shared Hardware Components
Key hardware components of the PTX10004, PTX10008, and PTX10016 modular routers include the switch fabrics, REs, and line cards.Table 2: Shared Components Across PTX Modular ChassisPTX10004, PTX10008, PTX10016 Switch Fabrics - SF (3 Tbps/slot, Express2)
- SF3 (14.4Tbps/slot, Express4)
Routing Engines - JNP10K-RE0: The first-generation RE0 RE features a quad-core 2.5 GHz Intel processor with 32 GB memory and 2x50 GB solid-state drive (SSD) storage.
- JNP10K-RE1: The second-generation RE1 RE features a 10-core 2.2 GHz Intel processor with memory options of 64 GB or 128 GB and 2x200 GB solid-state drive (SSD) storage.
Table 3: Express-based Line CardsLine card Bandwidth Silicon 100GbE Ports 400GbE Ports PTX10K-LC1201-36CD (JNP10K-LC1201): 14.4 Tbps Express4 144 36 QSFP56-DD/ QSFP56/QSFP28-DD/QSFP28/QSFP+ PTX10K-LC1202-36MR (JNP10K-LC1202): 4.8 Tbps Express4 32 4 QSFP56-DD and QSFP28 PTX10K-LC1101 (JNP10K-LC1101): 3 Tbps Express2 30 - QSFP28/QSFP+. PTX10K-LC1102 (JNP10K-LC1102): 1.4 Tbps Express2 12 - QSFP28/QSFP+. PTX10K-LC1104 (JNP10K-LC1104): 1.2 Tbps Express2 6 - DWDM PTX10K-LC1105 (JNP10K-LC1105): 3 Tbps Express2 30 - QSFP28/QSFP+. The line cards also supports native MACsec without compromising throughput on any supported interface rate up to 400GbE, providing point-to-point security on Ethernet links. MACsec blocks security threats such as DoS, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks while securing links for most traffic frames from the Link Layer Discovery Protocol (LLDP), Link Aggregation Control Protocol (LACP), Dynamic Host Configuration Protocol (DHCP), Address Resolution Protocol (ARP), and others. All ports can support 400GbE ZR and ZR+ optics, making it ready for full packet/optical convergence without compromising density.Power
The PTX10004 has three power supply slots, the PTX10008 offers six power supply slots, and the PTX10016 has 10 power supply slots, providing complete flexibility for provisioning and redundancy. Each power supply has its own internal fan for cooling. The PTX10000 line supports both AC and DC power supplies; however, AC and DC supplies cannot be mixed in the same chassis. Two generations of power supplies exist: the first generation is designed to support Express2 line cards, while the second generation is designed to support both Express2 and Express4 line cards.. The first generation of AC power supplies on the PTX10000 line routers accept 200 to 240 volts alternating current (VAC) input, delivering 2700 watts of power to the chassis. The first generation of DC power supplies accept -40 to -72 volts direct current (VDC) input, delivering 2500 watts of power to the chassis. Each AC and DC power supply has two inputs for feed redundancy. Second-generation AC power supplies (AC2) on the PTX10000 line routers are high-capacity, high-line models designed to support either AC or DC systems in either a low-power or high-power mode. The power supply takes AC input and provides DC output of 12.3 VDC, delivering 5000 watts with a single feed and 5500 watts with a dual feed. For AC systems, the operating input is 180 to 305 VAC; for DC systems, the operating input is190 to 410 VDC. Second-generation DC power supplies (DC2) provide two power supplies in a single housing that accepts either 60 A or 80 A using four redundant input power feeds.Cooling
The PTX10000 line supports front-to-back cooling with air drawn in through the perforations on the REs and the line cards in the front of the platform. The fan trays are in front of the fabric cards and are accessible from the rear of the chassis. Hot air exhausts through the rear of the chassis.Chassis Management
The PTX10000 line delivers powerful Junos OS chassis management that allows environmental monitoring and field-replaceable unit (FRU) control. Chassis management provides a faster primary switchover, enhanced power budgeting with a modular power management, reduced power consumption for partially populated systems, granular control over FRU power-on, adaptive cooling, and CPU leveling during monitoring intervals.Simplified Management
The PTX10000 line routers simplify management based on the elegance and simplicity of the Junos OS. Management applications can receive streaming telemetry data to provide robust protocol analytics for an SDN environment. Junos OS enables resilience by design, operational consistency, and the versatility needed to evolve your network.SONiC Support on the PTX10008
The PTX10008 supports Juniper’s SONiC implementation, delivering best-of-breed hardware for cloud operators while taking advantage of the flexibility of SONiC’s open and disaggregated architecture. The SONiC-enabled PTX10008 plugs seamlessly into a unified SONiC network infrastructure, leveraging the existing PTX10008 hardware. The Juniper-provided SONiC image, installed on the hardware at the factory, includes the platform device drivers and Juniper's Hardware Abstraction Layer (HAL), including Juniper's implementation of the Switch Abstraction Interface (SAI) for the Express4 ASIC and the line card PFE software. As a modular and dense multi-PFE 400GbE/100GbE platform, the PTX10008 is perfectly suited for large spine layer applications in data center IP fabrics. Juniper complements the SONiC OS with the containerized Routing Protocol Daemon (cRPD), a full-function routing and management stack packaged as a container. This ensures a consistent end-to-end routing experience across different tiers in the data center. In addition, the cRPD enables high-performance telemetry, automation, and programmability in a lightweight deployment. For features available with SONiC, please refer to the SONiC deployment guide.Features and Benefits
Table 1 summarizes the features available on the PTX10004, PTX10008, and PTX10016 routers.Table 1. PTX10000 Line Features and BenefitsFeature Feature Description Benefits System capacity The four-slot PTX10004 scales to 57.6 Tbps in a single chassis, supporting up to 576 10GbE, 576 25GbE, 144 40GbE, 576 100GbE, or 144 400GbE interfaces. The PTX10008 scales to 115.2 Tbps in a single chassis, supporting up to 1152 10GbE, 1152 25GbE, 288 40GbE, 1152 100GbE, or 288 400GbE interfaces. The PTX10016 has 16 slots, each supporting 3 Tbps (6 Tbps half-duplex). A fully equipped PTX10016 can support 2304 10GbE, 576 40GbE, or 480 100GbE interfaces. The PTX10000 line gives network operators the performance and scalability needed to outpace increased traffic demands. Packet performance Groundbreaking Juniper silicon innovation powers the PTX10000 line routers with unparalleled packet processing for both full IP and MPLS functionality, thereby leveraging revolutionary 3D memory architecture. Exceptional packet processing capabilities help alleviate the challenge of scaling the network as traffic increases while optimizing IP/MPLS transit functionality around superior performance and elegant deployability. Full-scale IP and MPLS routing The PTX10000 line of routers features a rich set of IP/MPLS services, consistent low latency, and wire-rate forwarding at scale while providing the reliability needed to meet strict SLAs. Supports peering applications with more than 2 million IPv4 routes and 30 million routing information base (RIB) routing tables, 3000 OSPF adjacencies, and 4000 BGP sessions required to match expanding traffic demands. Segment Routing (SR) Junos OS supports Segment Routing, which provides the ability for a trusted source node to specify a forwarding path, other than the normal shortest path, that a particular packet will traverse. Enables traffic engineering at scale, link protection using topology-independent loop-free alternates (TI-LFA) implementation, VPN traffic steering, egress peering engineering, and path verification. High availability (HA) hardware The PTX10000 line is engineered with full hardware redundancy for cooling, power supply, REs, and switch fabric. High availability (HA) is a critical requirement for maintaining an always-on infrastructure base to meet stringent SLAs across the core. High availability software The PTX10000 line features a resilient operating system that supports HA features such as graceful RE switchover (GRES) and nonstop active routing (NSR) for high availability. PTX Series routers support 48 ms redundancy switchover under load. Junos OS supports HA features that allow software upgrades and changes without disrupting network traffic. 
Specifications
Table 2. PTX10000 Line Specifications*These numbers are power supply ratings. Actual power usage is much lower. **Assuming a max of 14W optics if fully populated and no air filter. Feature Specifications PTX10004 Physical dimensions (W x H x D) 17.4 x 12.2 x 35 in. (44.2 x 33 x 88.9 cm); 42.2 in. (107.7 cm) depth with EMI door Maximum weight 271.2 lb (116.7 kg) Mounting Front rack mount Power system rating* 200-240 VAC/50-60 Hz -48 VDC @ 60 A Typical power consumption 10.3 kW with Express4 line cards, fully loaded Operating temperature** 32° to 115° F (0° to 46° C) at sea level PTX10008 Physical dimensions (W x H x D) 17.4 x 22.55 x 32 in.(44.2 x 57.76 x 81.28 cm); 39.37 in. (100 cm) depth with EMI door Maximum weight 493 lb (223.62 kg) Mounting Front rack mount Power system rating* 200-240 VAC / 50-60 Hz -48 VDC @ 60 A Typical power consumption 17.3 kW with Express4 line cards, fully loaded Operating temperature 32° to 115° F (0° to 46° C) at sea level PTX10016 Physical dimensions (W x H x D) 17.4 x 36.65 x 35 in(44.2 x 93.09 x 88.90 cm); 42.40 in (107.7 cm) depth with EMI door Maximum weight 596 lb (270 kg) Mounting Front rack mount Power system rating* 200-240 VAC / 50-60 Hz -48 VDC @ 60 A Typical power consumption 18 kW with Express2 line cards, fully loaded Operating temperature 32° to 115° F (0° to 46° C) at sea level Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.PTX10000 Line Ordering Information
For more information, please contact your Juniper Networks representative.Product Number Description PTX10004 Premium and Base Units PTX10004-PREM3 PTX10004 redundant 4-slot chassis for 57.6Tbps. Includes 2 REs, 3 AC/HVDC or DC power supplies, 2 fan trays, 2 fan tray controllers, and 6 switch fabric cards. PTX10004-PREM2 PTX10004 redundant 4-slot chassis. Includes 2 REs, 3 AC/HVDC or DC power supplies, 2 fan trays, 2 fan tray controllers, and 4 switch fabric cards. PTX10004-BASE3 PTX10004 base 4-slot chassis. Includes 1 RE, 3 AC/HVDC or DC power supplies, 2 fan trays, 2 fan tray controllers, and 3 switch fabric cards. PTX10008 Premium and Base Units PTX10008-PREM3 PTX10008 redundant 8-slot chassis for 115.2Tbps. Includes 2 REs, 6 power supplies, 2 fan trays, 2 fan tray controllers, and 6 switch fabric cards. PTX10008-PREM2 PTX10008 redundant 8-slot chassis. Includes 2 REs, 6 AC/HVDC/DC power supplies, 2 fan trays, 2 fan tray controllers, and 4 switch fabric cards PTX10008-BASE3 PTX10008 base 8-slot chassis. Includes 1 RE, 6 AC/HVDC/DC power supplies, 2 fan trays, 2 fan tray controllers, and 3 switch fabric cards PTX10008-PREMIUM PTX10008 redundant 8-slot chassis [JNP10008]. Includes 2 REs, 6 power supplies, 2 fan trays, 2 fan tray controllers, and 6 switch fabric cards. PTX10008-BASE PTX10008 8-slot chassis [JNP10008]. Includes 1 RE, 3 power supplies, 2 fan trays, 2 fan tray controllers, and 5 switch fabric cards. PTX10008-PREM3-SON PTX10008 8-slot chassis for 14.4T LC, including 1 RE running SONiC, 6 AC/HVDC/DC power supplies, 2 fan trays, 2 fan tray controllers, and 6 switch fabric cards. PTX10008-PREM2-SON PTX10008 8-slot chassis for 14.4T LC, including 1 RE running SONiC, 6 AC/HVDC/DC power supplies, 2 fan trays, 2 fan tray controllers, and 4 switch fabric cards. PTX10008-BASE3-SON PTX10008 8-slot chassis for 14.4T LC, including 1 RE running SONiC, 6 AC/HVDC/DC power supplies, 2 fan trays, 2 fan tray controllers, and 3 switch fabric cards. PTX10016 Premium and Base Units PTX10016-PREM3 PTX10008 redundant 16-slot chassis for 230.4Tbps. Includes 2 REs, 10 power supplies, 2 fan trays, 2 fan tray controllers, and 6 switch fabric cards. PTX10016-PREM2 PTX10008 redundant 16-slot chassis. Includes 2 REs, 10 AC/ HVDC/DC power supplies, 2 fan trays, 2 fan tray controllers, and 4 switch fabric cards. PTX10016-BASE3 PTX10008 base 16-slot chassis. Includes 1 RE, 10 AC/HVDC/DC power supplies, 2 fan trays, 2 fan tray controllers, and 3 switch fabric cards. PTX10016-BASE PTX10016 16-slot chassis [JNP10016]. Includes 1 RE, 5 power supplies, 2 fan trays, 2 fan tray controllers, and 5 switch fabric cards. PTX10016-PREMIUM PTX10016 redundant 16-slot chassis [JNP10016]. Includes 2 REs, 10 power supplies, 2 fan trays, 2 fan tray controllers, and 6 switch fabric cards. PTX10000 Routing Engines JNP10K-RE0-BB PTX10000/JNP10000 RE X4, base bundle JNP10K-RE0-R PTX10000/JNP10000 RE X4, redundant JNP10K-RE0 PTX10000/JNP10000 RE X4 JNP10K-RE1-BB PTX10000/JNP10000 RE X8, base bundle JNP10K-RE1-R PTX10000/JNP10000 RE X8, redundant JNP10K-RE1 PTX10000/JNP10000 RE X8 JNP10K-RE1-E-BB PTX10000/JNP10000 RE X8 with Junos Evolved, base bundle JNP10K-RE1-E-R PTX10000/JNP10000 RE X8 with Junos Evolved, redundant JNP10K-RE1-E PTX10000/JNP10000 RE X8 with Junos Evolved JNP10K-RE1-S128-BB JNP10000 RE with SONiC, base bundle JNP10K-RE1-S128 JNP10000 RE with SONiC PTX10004 Switch Fabric JNP10004-SF3-BB PTX10004/JNP10004 switch fabric card supporting up to 14.4 Tbps LC, base bundle JNP10004-SF3-R PTX10004/JNP10004 switch fabric card supporting up to 14.4 Tbps LC, redundant JNP10004-SF3 PTX10004/JNP10004 switch fabric card supporting up to 14.4 Tbps LC PTX10008 Switch Fabric JNP10008-SF3-BB PTX10008/JNP10008 switch fabric card supporting up to 14.4 Tbps LC, base bundle JNP10008-SF3-R PTX10008/JNP10008 switch fabric card supporting up to 14.4 Tbps LC, redundant JNP10008-SF3 PTX10008/JNP10008 switch fabric card supporting up to 14.4 Tbps LC JNP10008-SF-BB PTX10008/JNP10008 switch fabric card, base bundle JNP10008-SF-R PTX10008/JNP10008 switch fabric card, redundant JNP10008-SF PTX10008/JNP10008 switch fabric card PTX10016 Switch Fabric JNP10016-SF3-BB PTX10016/JNP10016 switch fabric card supporting up to 14.4 Tbps LC, base bundle JNP10016-SF3-R PTX10016/JNP10016 switch fabric card supporting up to 14.4 Tbps LC, redundant JNP10016-SF3 PTX10016/JNP10016 switch fabric card supporting up to 14.4 Tbps LC JNP10016-SF-BB PTX10016/JNP10016 switch fabric card, base JNP10016-SF-R PTX10016/JNP10016 switch fabric card, redundant JNP10016-SF PTX10016/JNP10016 switch fabric card, base bundle PTX10000 Express4 Line Cards PTX10K-LC1201-36CD 36x400GbE/36x200GbE/36x100GbE/36x40GbE line card [JNP10K-LC1201] PTX10K-LC1202-36MR 4x400GbE and 32x100GbE [JNP10K-LC1202] S-PTX10K-144C-A1-3 SW, PTX10000 14.4T RTU Adv1 Lic, 3-year term, with SW support S-PTX10K-144C-A2-3 SW, PTX10000 14.4T RTU Adv2 Lic, 3-year term, with SW support S-PTX10K-144C-P1-3 SW, PTX10000 14.4T RTU Prem1 Lic, 3-year term, with SW support S-PTX10K-144C-P2-3 SW, PTX10000 14.4T RTU Prem2 Lic, 3-year term, with SW support S-PTX10K-144C-A1-5 SW, PTX10000 14.4T RTU Adv1 Lic, 5-year term, with SW support S-PTX10K-144C-A2-5 SW, PTX10000 14.4T RTU Adv2 Lic, 5-year term, with SW support S-PTX10K-144C-P1-5 SW, PTX10000 14.4T RTU Prem1 Lic, 5-year term, with SW support S-PTX10K-144C-P2-5 SW, PTX10000 14.4T RTU Prem2 Lic, 5-year term, with SW support S-PTX10K-144C-A1-P SW, PTX10K, 14.4T, Adv1, without SW support, perpetual S-PTX10K-144C-A2-P SW, PTX10K, 14.4T, Adv2, without SW support, perpetual S-PTX10K-144C-P1-P SW, PTX10K, 14.4T, Pre1, without SW support, perpetual S-PTX10K-144C-P2-P SW, PTX10K, 14.4T, Pre2, without SW support, perpetual S-PTX10K-48C-A1-3 SW, PTX10K, 4.8T, Advanced 1, with SW support, 3 year S-PTX10K-48C-A2-3 SW, PTX10K, 4.8T, Advanced 2, with SW support, 3 year S-PTX10K-48C-P1-3 SW, PTX10K, 4.8T, Premium 1, with SW support, 3 year S-PTX10K-48C-P2-3 SW, PTX10K, 4.8T, Premium 2, with SW support, 3 year S-PTX10K-48C-A1-5 SW, PTX10K, 4.8T, Advanced 1, with SW support, 5 year S-PTX10K-48C-A2-5 SW, PTX10K, 4.8T, Advanced 2, with SW support, 5 year S-PTX10K-48C-P1-5 SW, PTX10K, 4.8T, Premium 1, with SW support, 5 year S-PTX10K-48C-P2-5 SW, PTX10K, 4.8T, Premium 2, with SW support, 5 year S-PTX10K-48C-A1-P SW, PTX10K, 4.8T, Adv1, without SW support, perpetual S-PTX10K-48C-A2-P SW, PTX10K, 4.8T, Adv2, without SW support, perpetual S-PTX10K-48C-P1-P SW, PTX10K, 4.8T, Pre1, without SW support, perpetual S-PTX10K-48C-P2-P SW, PTX10K, 4.8T, Pre2, without SW support, perpetual PTX10000 Express2 Line Cards PTX10K-LC110 30x100GbE/30x40GbE line card [JNP10K-LC1101] PTX10K-LC1101-IR 30x100GbE/30x40GbE line card [JNP10K-LC1101], IR mode PTX10K-LC1101-R 30x100GbE/30x40GbE line card [JNP10K-LC1101], R mode PTX10K-LC1102 36X40GbE/12X100GbE line card [JNP10K-LC1102] PTX10K-LC1102-IR 36X40GbE/12X100GbE line card [JNP10K-LC1102], IR mode PTX10K-LC1102-R 36X40GbE/12X100GbE line card [JNP10K-LC1102], R mode PTX10K-LC1104 6x100GbE/150GbE/200GbE DWDM line card with MACsec [JNP10K-LC1104] PTX10K-LC1105 30x100GbE/30x40GbE line card with MACsec [JNP10K-LC1105] PTX10K-LC1105-IR 30x100GbE/30x40GbE line card with MACsec [JNP10K-LC1105], IR mode PTX10K-LC1105-R 30x100GbE/30x40GbE line card with MACsec [JNP10K-LC1105], R mode PTX10004 Fan Tray and Controller JNP10004-FAN2-BB JNP10004 fan, Gen2, base bundle JNP10004-FAN2 JNP10004 fan, Gen2 JNP10004-FTC2-BB JNP10004 fan tray controller, Gen2, base bundle JNP10004-FTC2 JNP10004 fan tray controller, Gen2 PTX10008 Fan Tray and Controller JNP10008-FAN-BB PTX10008/JNP10008 fan, base bundle JNP10008-FAN PTX10008/JNP10008 fan JNP10008FANCTRL-BB PTX10008/JNP10008 fan tray controller, base bundle JNP10008-FAN-CTRL PTX10008/JNP10008 fan tray controller JNP10008-FAN2-BB JNP10008 fan, Gen2, base bundle JNP10008-FAN2 JNP10008 fan, Gen2 JNP10008-FTC2-BB JNP10008 fan tray controller, Gen2, base bundle JNP10008-FTC2 JNP10008 fan tray controller, Gen2 PTX10016 Fan Tray and Controller JNP10016-FAN-BB PTX10016/JNP10016 fan, base bundle JNP10016-FAN PTX10016/JNP10016 fan JNP10016FANCTRL-BB PTX10016/JNP10016 fan tray controller, base bundle JNP10016-FAN-CTRL PTX10016/JNP10016 fan tray controller JNP10016-FAN2-BB JNP10016 fan, Gen2, base bundle JNP10016-FAN2 JNP10016 fan, Gen2 JNP10016-FTC2-BB JNP10016 fan tray controller, Gen2, base bundle JNP10016-FTC2 JNP10016 fan tray controller, Gen2 PTX10000 Power Cables CBL-PWR2-L6-30P Power cord, JNP10000 AC2 L6-30P CBL-PWR2-L6-30P-RA Power cord, JNP10000 AC2 RA L6-30P CBL-PWR2-330P6W Power cord, JNP10000 AC2 IEC309-330P6W CBL-PWR2-330P6W-RA Power cord, JNP10000 AC2 RA IEC309-330P6W CBL-PWR2-332P6W Power cord, JNP10000 AC2 IEC309-332P6W CBL-PWR2-332P6W-RA Power cord, JNP10000 AC2 RA IEC309-332P6W PTX10000 Power Modules JNP10K-PWR-AC2-BB JNP10000 5000 watts AC/HVDC power supply base bundle JNP10K-PWR-AC2-R JNP10000 5000 watts AC/HVDC power supply redundant JNP10K-PWR-AC2 JNP10000 5000 watts AC/HVDC power supply JNP10K-PWR-DC2-BB JNP10000 5000 watts DC power supply base bundle JNP10K-PWR-DC2-R JNP10000 5000 watts DC power supply redundant JNP10K-PWR-DC2 JNP10000 5000 watts DC power supply JNP10K-PWR-AC-BB PTX10000/JNP10000 2700 W AC power supply, base bundle JNP10K-PWR-AC-R PTX10000/JNP10000 2700 W AC power supply, redundant JNP10K-PWR-AC PTX10000/JNP10000 2700 W AC power supply JNP10K-PWR-DC-BB PTX10000/JNP10000 2500 W DC power supply, base bundle JNP10K-PWR-DC-R PTX10000/JNP10000 2500 W DC power supply,redundant JNP10K-PWR-DC PTX10000/JNP10000 2500 W DC power supply PTX10004 Front Panels JNP10004-FRPNL-BB PTX10004/JNP10004 front panel, base bundle JNP10004-FRNT-PNL PTX10004/JNP10004 front panel JNP10004-FRPNL1-BB PTX10004/JNP10004 front panel with filter, base bundle JNP10004-FRPNL1 PTX10004/JNP10004 front panel with filter JNP10004-FLTR PTX10004/JNP10004 replaceable filter PTX10008 Front Panels JNP10008-FRPNL-BB PTX10008/JNP10008 front panel, base bundle JNP10008-FRNT-PNL PTX10008/JNP10008 front panel JNP10008-FRPNL1-BB PTX10008/JNP10008 front panel with filter, base bundle JNP10008-FRPNL1 PTX10008/JNP10008 front panel with filter JNP10008-FLTR PTX10008/JNP10008 replaceable filter PTX10016 Front Panels JNP10008-FLTR PTX10008/JNP10008 replaceable filter JNP10016-FRPNL-BB PTX10016/JNP10016 front panel, base bundle JNP10016-FRNT-PNL PTX10016/JNP10016 front panel JNP10016-FRPNL1-BB PTX10016/JNP10016 front panel with filter, base bundle JNP10016-FRPNL1 PTX10016/JNP10016 front panel with filter JNP10016-FLTR PTX10016/JNP10016 replaceable filter -
Product Description: The Juniper Networks® QFX5130 Switch is a next-generation, fixed-configuration spine-and-leaf switch that offers flexible, cost-effective, high-density 400GbE, 100GbE, 50GbE, 40GbE, 25GbE, and 10GbE interfaces for server and intra-fabric connectivity. A versatile, future-proofed solution for today’s data centers, the QFX5130 leverages the power of a fully programmable chipset to support and deliver a diverse set of use cases. It supports advanced Layer 2, Layer 3, and Ethernet VPN (EVPN)Virtual Extensible LAN (VXLAN) features. For large public cloud providers—early adopters of high-performance servers to meet explosive workload growth—the QFX5130 supports very large, dense, and fast 400GbE IP fabrics based on proven Internet scale technology. For enterprise customers seeking investment protection as they transition their server farms from 10GbE to 25GbE, the QFX5130 switch also provides a high radix-native 100GbE/400GbE EVPN-VXLAN spine option at reduced power and a smaller footprint. The QFX5130 supports diverse use cases such as neural networks for AI applications, including autonomous driving, disaggregated storage, high frequency trading, packet brokering, and over-the-top streaming services. Delivering 25.6 Tbps of bidirectional bandwidth, the switch is optimally designed for spine-and-leaf deployments in enterprise, high-performance computing (HPC), service provider, and cloud data centers. The QFX5130-32CD offers 32 ports in a low-profile 1 U form factor. High-speed interfaces support a wide variety of port configurations, including 400GbE, 100GbE, 25GbE, 40GbE, and 10GbE. The QFX5130-32CD is equipped with two AC or DC power supplies, providing 1+1 redundancy when all power supplies are present. Six hot-swappable fans offer back-to-front (AFO) or front-to-back (AFI) airflow options, providing 5+1 redundancy. The QFX5130 includes an Intel XeonD-1500 processor to drive the control plane, which runs the Junos® OS Evolved operating system software. Product Highlights: The QFX5130 includes the following capabilities. Please refer to the Specifications section for currently shipping features. Native 400GbE Configuration The QFX5130-32CD offers 32 ports in a 1 U form factor. The high-speed ports support a wide variety of configurations, including 100GbE and 40GbE. High-Density Configurations The QFX5130 is optimized for high-density fabric deployments, providing options for 32 ports of 400GbE, 100GbE, or 40GbE. Flexible Connectivity Options The QFX5130 offers a choice of interface speeds for server and intra-fabric connectivity, providing deployment versatility and investment protection. Key Product Differentiators: Increased Scale and Buffer The QFX5130 provides enhanced scale with up to 1.24 million routes, 80,000 firewall filters, and 160,000 media access control (MAC) addresses. It supports high numbers of egress IPv4/ IPv6 rules by programming matches in egress ternary content addressable memory (TCAM) along with ingress TCAM. 132MB Shared Packet Buffer Today’s cloud-native applications have critical dependency on buffer size to prevent congestion and packet drops. The QFX5130 has 132 MB shared packet buffer that is allocated dynamically to congested ports. Programmability The QFX5130 revolutionizes performance for data center networks by providing a programmable software-defined pipeline in addition to the comprehensive feature set provided in the Juniper Networks QFX5120 Switch line. The QFX5130 uses a compiler-driven switch data plane with full software program control to enable and serve a diverse set of use cases, including in-band telemetry, fine-grained filtering for traffic steering, traffic monitoring, and support for new protocol encapsulations. Power Efficiency With its low-power 7 nm process, the QFX5130 consumes a maximum of 973 W, bringing improvements in speed, less power consumption, and higher density on chip. Management, Monitoring, and Analytics Data Center Fabric Management Juniper® Apstra provides operators with the power of intentbased network design to help ensure changes required to enable data center services can be delivered rapidly, accurately, and consistently. Operators can further benefit from the built-in assurance and analytics capabilities to resolve Day 2 operations issues quickly. Apstra key features are: • Automated deployment and zero-touch deployment • Continuous fabric validation • Fabric life-cycle management • Troubleshooting using advanced telemetry Features and Benefits: • Automation and programmability: The QFX5130-32CD supports a number of network automation features for plug-and-play operations, including zero-touch provisioning (ZTP), Network Configuration Protocol (NETCONF), Juniper Extension Toolkit (JET), Junos telemetry interface, operations and event scripts, automation rollback, and Python scripting. • Cloud-level scale and performance: The QFX5130 supports best-in-class cloud-scale L2/L3 deployments with a low latency of 630 ns and superior scale and performance. This includes L2 support for 160,000 MAC addresses and Address Resolution Protocol (ARP) learning, which scales up to 64,000 entries at 500 frames per second. It also includes L3 support for 1.24 million longest prefix match (LPM) routes and 160,000 host routes on IPv4. Additionally, the QFX5130 supports 610,000 LPM routes and 80,000 host routes on IPv6, 128-way equalcost multipath (ECMP) routes, and a filter that supports 80,000 ingress and 18,000 egress exact match filtering rules. The QFX5130 supports up to 128 link aggregation groups, 4096 VLANs, and Jumbo frames of 9216 bytes. Junos OS Evolved provides configurable options through a CLI, enabling each QFX5130 to be optimized for different deployment scenarios. • VXLAN overlays*: The QFX5130 is capable of both L2 and L3 gateway services. Customers can deploy overlay networks to provide L2 adjacencies for applications over L3 fabrics. The overlay networks use VXLAN in the data plane and EVPN or Open vSwitch Database (OVSDB) for programming the overlays, which can operate without a controller or be orchestrated with an SDN controller. • IEEE 1588 PTP Boundary Clock with Hardware Timestamping*: IEEE 1588 PTP transparent/boundary clock is supported on QFX5130, enabling accurate and precise sub-microsecond timing information in today’s data center networks. In addition, the QFX5130 supports hardware timestamping; timestamps in Precision Time Protocol (PTP) packets are captured and inserted by an onboard field-programmable gate array (FPGA) on the switch at the physical (PHY) level. • Data packet timestamping*: When the optional data packet timestamping feature is enabled, select packets f lowing through the QFX5130 are timestamped with references to the recovered PTP clock. When these packets are received by nodes in the network, the t imestamping information can be mirrored onto monitoringtools to identify network bottlenecks that cause latency. This analysis can also be used for legal and compliance purposes in institutions such as financial trading, video streaming, and research establishments. •RoCEv2*: As a switch capable of transporting data as well as storage traffic over Ethernet, the QFX5130 provides an IEEE data center bridging (DCB) converged network between servers with disaggregated flash storage arrays or an NVMe-enabled storage-area network (SAN). The QFX5130 offers a full-featured DCB implementation that provides strong monitoring capabilities on the topof-rack switch for SAN and LAN administration teams to maintain clear separation of management. The RDMA over Converged Ethernet version 2 (RoCEv2) transit switch functionality, including priority-based flow control (PFC) and Data Center Bridging Capability Exchange (DCBX), are included as part of the default software. • Junos Evolved features: The QFX5130 switch supports features such as L2/L3 unicast, EVPN-VXLAN*, BGP addpath, RoCEv2 and congestion management, multicast, 128way ECMP, dynamic load balancing capabilities, enhanced f irewall capabilities, and monitoring. • Junos OS Evolved Architecture: Junos OS Evolved is a native Linux operating system that incorporates a modular design of independent functional components and enablesindividual components to be upgraded independently while the system remains operational. Component failures are localized to the specific component involved and can be corrected by upgrading and restarting that specific component without having to bring down the entire device. The switches control and data plane processes can run in parallel, maximizing CPU utilization, providing support for containerization, and enabling application deployment using LXC or Docker. • Retained state: State is the retained information or status pertaining to physical and logical entities. It includes both operational and configuration state, comprising committed configuration, interface state, routes, hardware state, and what is held in a central database called the distributed data store (DDS). State information remains persistent, is shared across the system, and is supplied during restarts. • Feature support: All key networking functions such as routing, bridging, management software, and management plane interfaces, as well as APIs such as CLI, NETCONF, JET, Junos telemetry interface, and the underlying data models, resemble those supported by the Junos operating system. This ensures compatibility and eases the transition to Junos Evolved. full datasheet: here -
Product Overview
Emerging 5G, IoT, and low latency services present a unique opportunity for network operators to transform their networks for new and increasingly complex services and applications. The ACX7100 line brings new benchmarks of capacity, density, agility, and low latency to the ACX7000 Family of multiservice routers. Designed to address the accelerating requirements of traffic growth, latency-dependent applications, and cloud-inspired port rates, the ACX7100 platforms are powered by Junos OS Evolved and Juniper Paragon Automation. They deliver the service-aware features, precision-timing support, and capabilities required to facilitate improved business outcomes in a single, converged, multiservice network.
Product Description
Juniper Networks® ACX7100 Cloud Metro Routers are designed to help operators achieve their capital, operational, and differentiated user experience goals. Part of the Juniper Networks ACX7000 Family of routers, the ACX7100 line delivers exceptional TCO and investment protection. It supports Juniper® Cloud Metro solutions for 5G, Internet of Things (IoT), and cloud applications, making it ideal for service provider, enterprise, data center, and residential use cases requiring high-density, power-efficient platforms.ACX7000 Family Overview
The ACX7000 Family of routers, purposely built for the IP-service fabric underlay of a Juniper® Cloud Metro, leverages the industry’s fastest chipset, provides a unique balance of system design, and delivers the most sustainable high-performance portfolio available in the market. Managed by Junos® OS Evolved and Juniper Paragon Automation, ACX7000 routers are embedded with Paragon Active Assurance and Zero Trust security, enabling operators to deliver highly differentiated customer experiences. Available in hardened, fixed, fixed-plus-modular, and modular designs, these energy and footprint efficient, multiservice routers support high-precision timing technologies and are engineered for service provider, enterprise (including PON with the Juniper Unified PON Solution), IoT, and 4G/5G mobile applications.
Figure 1. Juniper Networks ACX7000 Family—engineered for the IP service fabric of a Juniper Cloud MetroThe ACX7100 line offers groundbreaking performance and power efficiency in a compact 1 U footprint. They deliver 4.8 Tbps of forwarding capacity and cloud-inspired native port speeds that include 400GbE interfaces. The integrated low-speed and high-speed port variety, density, and flexibility provide scale for long-term network transformation. The ACX7100 routers come with redundant, field replaceable 6x fans and 2x AC or DC power supply options. A cost-effective and efficient thermal design enables unrestricted high-power ZR/ZR+ transceiver use across all supporting ports. The ACX7100 routers come in two models—ACX7100-32C and ACX7100-48L—each equipped to address the challenges and opportunities of today and tomorrow. ACX7100-32C: The ACX7100-32C delivers high-end multiservices in a 1 U fixed, compact (60 cm deep), and power-efficient footprint. It provides 4.8 Tbps forwarding capacity, supports 32 ports of 40GbE/100GbE and 4 ports of 400GbE, making it ideal for applications that require a dense fan-out option. This platform supports full line-rate Media Access Control Security (MACsec) encryption on all ports and provides efficient cooling with front-to-back airflow design. ACX7100-48L: The ACX7100-48L provides 4.8 Tbps throughput for high-end multiservices in a 1 U fixed and power-efficient footprint. It is designed for applications that require dense port distribution in a small (60 cm deep) footprint. It supports cloud-inspired service rates and port-by-port configuration of native 10GbE, 25GbE, and 50GbE on all 48 ports, including 6 ports of 400GbE enabling operators to perform today’s most common upgrades on a port-by-port basis. The 100GbE port speed is supported through breakout connectivity on 4 x 400GbE ports. The dual front-to-back and back-to-front airflow design makes this platform ideal for data center use cases. The ACX7100 platforms support 5G and Juniper Cloud Metro solutions, and they are designed for service provider, enterprise, wholesale, and data center use cases.Features and Benefits
The ACX7100 routers are engineered for sustainability to address the challenges of evolving service requirements and relentless traffic growth imposed by 5G, IoT, and the cloud era. With the ACX7100, providers are primed and ready to thrive in today’s competitive marketplace.Table 1: Features and BenefitsFeature Benefits Junos OS Evolved and Embedded Active Assurance Managed by Junos OS Evolved, Juniper Paragon Active Assurance test agents are embedded into all ACX7000 platforms, enabling automated monitoring, diagnosis, remediation, and optimization of service delivery, service performance, and user experience. Rugged and Efficient Design Compact footprint is suitable for environments with limited space, and the efficient thermal design allows use of unrestricted ZR/ZR+ transceivers across all supporting ports. Build-As-You-Grow Operational Simplicity The ACX7100 platforms are engineered to establish new benchmarks for what can be achieved on a 1 U platform. They deliver multispeed 10GbE, 25GbE, 40GbE, 50GbE, 100GbE, and 400GbE ports distribution—ideal for an aggregation use case—and allow the flexibility to manage and scale the network with growing network requirements. Next-Gen Capabilities Leading protocols are supported, including segment routing, SRv6, MPLS, Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN), advanced programmability, leading network slicing, telemetry, and support for any overlay, underlay, or service. Zero-Trust Security Enhanced security capabilities include MACsec encryption, secure boot, integrated tamper-proof design, and trust anchor with DevID, enabling device attestation and enhanced security through a unique cryptographic digital identity. Cloud Metro-Ready With deep buffering for end-to-end service delivery assurance, precision-timing capabilities include Synchronous Ethernet, Precision Time Protocol (PTP), and advanced Class C timing for latency-optimized 5G service experiences, as well as Global Navigation Satellite System (GNSS)/GPS (grand master clock support via external GNSS receiver) network synchronization. ACX7100 platforms are an ideal choice for service provider, enterprise, and residential use cases, including support for Juniper Unified PON, IoT, and 4G/5G mobile applications. 
Figure 2. Juniper ACX7100-32C—engineered for the IP service fabric of a Juniper Cloud Metro
Figure 3. Juniper ACX7100-48L—engineered for the IP service fabric of a Juniper Cloud MetroTable 1. Built-In Interface Options for ACX7100 ModelsModel 10GbE/25GbE/ 50GbE SFP-56 100GbE QSFP28/ QSFP-DD 400GbE QSFP56-DD ACX7100-32C 0 32 4 ACX7100-48L 481 0 6 Table 2. ACX7100 Platforms Port Breakout OptionsModel 4X 25GbE 4X 10GbE 4X 100GbE 2X 100GbE 2X 50GbE 8X 50GbE ACX7100-32C: Port 0-31 Y Y N N Y N ACX7100-32C: Port 32-35 Y Y Y Y Y Y ACX7100-48L: Port 0-47 N N N N N N ACX7100-48L: Port 48-53 Y Y Y Y Y Y Table 3. Maximum Port Capacity Supported Per Port SpeedPort Speed ACX7100-32C ACX7100-48L 400GbE 4 6 100GbE 48 24 50GbE 96 952 40GbE 36 6 25GbE 801 721 10GbE 801 721 Table 4: ACX7100 Router Platform Feature MatrixFeature ACX7100-32C ACX7100-48L System ASIC throughput 4.8 Tbps 4.8 Tbps Chassis type Fixed Fixed Cooling 6x fans, front-to-back 6x fans, front-to-back/back-to-front Layer 2 Bridging IEEE 802.1ad (Q-in-Q) Yes Yes Integrated routing and bridging (IRB) Yes Yes IEEE 802.1Q VLAN encapsulation Yes Yes Link Aggregation Control Protocol (LACP): IEEE 802.3ad Yes Yes Static Media Access Control (MAC) Yes Yes Jumbo frames Yes Yes Layer 2 Tunneling Protocol (L2TP) Yes Yes Layer 2 ingress access control List (ACL) Yes Yes MPLS LDP Yes Yes LDP tunneling (LDP over RSVP) Yes Yes RSVP Yes Yes IP IPv4/IPv6 Yes Yes Unicast reverse-path forwarding (unicast RPF) Yes Yes 128-way equal-cost multipath (ECMP) Yes Yes RIP/RIPng Yes Yes OSPF v2/v3 Yes Yes IS-IS Yes Yes BGP Yes Yes Layer 3 ingress and egress ACL Yes Yes Virtual Router Redundancy Protocol (VRRP) Yes Yes Basic segment routing Yes Yes PCEP Yes Yes MPLS Service (Layer 2 and Layer 3) L2VPN Yes Yes L3VPN Yes Yes Virtual private LAN service (VPLS) Yes Yes EVPN, EVPN-VPWS (virtual private wire service) Yes Yes Timing and Synchronization PTP transparent clock Yes Yes PTP master/client capability Yes Yes IEEE 1588v2 boundary clock Yes Yes Synchronous Ethernet Enhanced (G.8262.1) Yes Yes Class C Yes Yes Operation, Administration, and Maintenance Connectivity fault management (CFM) Yes Yes Link fault management (LFM) Yes Yes Security MACsec Yes (all ports) No Secure boot Yes Yes Secure Shell (SSH) Yes Yes Authentication, Authorization, and Accounting (AAA) Yes Yes Multicast Physical Interface Module (PIM)-source-specific multicast (SSM) Yes Yes Multicast Listener Discovery (MLD), MLD-V2, Internet Group Management Protocol (IGMP-V2 and IGMP-V3) Yes Yes NG-VPN Yes Yes Quality of Service Behavior aggregate (BA) classification Yes Yes Rewrite Yes Yes Multifield classification Yes Yes 8 queues for traffic Yes Yes Ingress policer Yes Yes Hierarchical quality of service (HQoS) Yes Yes Automation Zero-touch provisioning (ZTP) Yes Yes Network Configuration Protocol (NETCONF) Yes Yes Yet Another Next Generation (YANG) Yes Yes Openconfig Yes Yes Python scripts Yes Yes Specifications
This section lists basic specifications for the ACX7100 routers. For further detail, please refer to the hardware installation manuals at www.juniper.net/techpubs.Specification ACX7100-32C ACX7100-48L Dimensions (W x H x D) 17.36 x 1.75 x 23.42 in. (44.09 x 4.45 x 59.49 cm) 17.36 x 1.75 x 23.42 in. (44.09 x 4.45 x 59.49 cm) Weight (lb/kg) fully configured 28.0 lb/12.7 kg 26.9 lb/12.2 kg Power (DC) -48 VDC through -60 VDC -48 VDC through -60 VDC Power (AC) 115 VAC/240 VAC 115 VAC/240 VAC Typical power draw (without optics) * 570 W 270 W Maximum power draw (without optics) * 960 W 620 W Operating temperature Operating (0-40 C), short term (0-55 C) GR-63 NEBS-L3 Operating (0-40C), short term (0-55 C) GR-63 NEBS-L3 Humidity 5% through 90% noncondensing 5% through 90% noncondensing Interfaces 32 x 100GbE QSFP28/ QSFP-DD 4 x 400GbE QSFP56-DD 48 x 10GbE/25GbE/50GbE SFP56 6 x 400GbE QSFP56-DD Synchronization interfaces - 1x RJ-45 port + time of day (TOD)
- 1 M/10 M PPS input and output
- 1x RJ-45 port + TOD
- 1 M/10 M PPS input and output
Approvals
ACX7100-32C ACX7100-48L Safety Approvals - CAN/CSA-C22.2 No. 60950-1 Information Technology Equipment—Safety
Yes Yes - UL 60950-1 (2nd Edition) Information Technology Equipment—Safety
Yes Yes - EN 60950-1: 2006/A2:2013 Information Technology Equipment—Safety
Yes Yes - IEC 60950-1: 2005/A2:2013 Information Technology Equipment—Safety (All country deviations): CB Scheme
Yes Yes - CAN/CSA-C22.2 No. 62368-1-14 Information Technology Equipment—Safety
Yes Yes - UL 62368-1 Information Technology Equipment—Safety
Yes Yes - EN 62368-1: 2014 Information Technology Equipment—Safety
Yes Yes - IEC 62368-1: 2014 2nd Edition Information Technology Equipment—Safety (All country deviations): CB Scheme
Yes Yes - EN 60825-1 Safety of Laser Products—Part 1: Equipment classification and requirements
Yes Yes Electromagnetic Capability (EMC) - EN 300 386 V1.6.1 Class A Telecom Network Equipment—EMC requirements
Yes Yes - EN 300 386 V2.1.1 Class A Telecom Network Equipment—EMC requirements
Yes Yes - FCC 47 CFR Part 15 Class A USA Radiated and Conducted Emissions
Yes Yes - EN 55032 Class A European Radiated and Conducted Emissions
Yes Yes - AS/NZS CISPR 32 Class A Australia/New Zealand Radiated and Conducted Emissions
Yes Yes - ICES-003 Class A Canada Radiated and Conducted Emissions
Yes Yes - VCCI- CISPR 32 Class A Japanese Radiated and Conducted Emissions
Yes Yes - BSMI CNS 13438 and NCC C6357 Taiwan Radiated and Conducted Emissions (at 10 meter)
Yes Yes - KN32 Korea Radiated and Conducted Emission (at 10 meter)
Yes Yes - TEC/EMI/TEL-001/FEB-09
Yes Yes - TEC-SD-DD-EMC-221-05-OCT-16
Yes Yes Network Equipment Building System (NEBS) - SR-3580 NEBS Criteria Levels (Level 3 Compliance)
Yes Yes - GR-63-CORE: NEBS, Physical Protection
Yes Yes - GR-1089-CORE: EMC and Electrical Safety for Network Telecommunications Equipment
Yes Yes - Data Center DC 3160
Yes Yes Immunity - EN 300 386 V1.6.1 Class A Telecom Network Equipment—Immunity requirements
Yes Yes - EN 300 386 V2.1.1 Class A Telecom Network Equipment—Immunity requirements
Yes Yes - EN 55024 (CISPR 24)
Yes Yes - IEC/EN 61000-4-X (-2, -3, -4, -5, -6, -11)
Yes Yes - KN35 Korea Immunity
Yes Yes - KN61000-4-X (-2, -3, -4, -5, -6, -11) Korea Immunity
Yes Yes - TEC/EMI/TEL-001/FEB-09 India Immunity
Yes Yes - TEC-SD-DD-EMC-221-05-OCT-16
Yes Yes - IG Surge
Yes Yes - EN 55035 (CISPR 35:2016) Electromagnetic compatibility of multimedia equipment
Yes Yes Ordering Information
Product Number Description Hardware ACX7100-48L-AC-AI ACX7100 chassis with 48 SFP56/6 QSFP56-DD multi-rate ports, AC PSU, airflow in (AFI) ACX7100-48L-AC-AO ACX7100 chassis with 48 SFP56/6 QSFP56-DD multi-rate ports, AC PSU, airflow out (AFO) ACX7100-48L-DC-AI ACX7100 chassis with 48 SFP56/6 QSFP56-DD multi-rate ports, DC PSU, AFI ACX7100-48L-DC-AO ACX7100 chassis with 48 SFP56/6 QSFP56-DD multi-rate ports, DC PSU, AFO ACX7100-32C-AC-AO ACX7100 chassis with 32 QSFP28/4 QSFP56-DD multi-rate ports, AC PSU, AFO ACX7100-32C-DC-AO ACX7100 chassis with 32 QSFP28/4 QSFP56-DD multi-rate ports, DC PSU, AFO Spares JNP7100-32C-CHAS JNP7100 chassis with 32 QSFP28/4 QSFP56-DD multi-rate ports JNP7100-48L-CHAS JNP7100 chassis with 48 SFP56/6 QSFP56-DD multi-rate ports. JNP7100-FAN1RU-AO 7100 front-to-back fan tray, 1 U JNP7100-FAN1RU-AI 7100 back-to-front fan tray, 1 U JPSU-1600W-1UACAFO QFX5220-32CD 1600 W 1 U AC PSU AFO JPSU-1600W-1UDCAFO QFX5220-32CD 1600 W 1 U DC PSU AFO JPSU-1600W-1UACAFI QFX5220-32CD 1600 W 1 U AC PSU AFI JPSU-1600W-1UDCAFI QFX5220-32CD 1600 W 1 U DC PSU AFI Software S-EACX-100G-A-1 SW, EACX Software 1-year Subscription Advance license; per 100GbE capacity, with software support S-EACX-100G-A-3 SW, EACX Software 3-year Subscription Advance license; per 100GbE capacity, with software support S-EACX-100G-A-5 SW, EACX Software 5-year Subscription Advance license; per 100GbE capacity, with software support S-EACX-100G-A1-P SW, EACX Software Perpetual Advanced 1 license; per 100GbE capacity, without software support S-EACX-100G-P-1 SW, EACX Software 1-year Subscription Premium license; per 100GbE capacity, includes ADV SW Subscription license, with software support S-EACX-100G-P-3 SW, EACX Software 3-year Subscription Premium license; per 100GbE capacity, includes ADV SW Subscription license, with software support S-EACX-100G-P-5 SW, EACX Software 5-year Subscription Premium license; per 100GbE capacity, includes ADV SW Subscription license, with software support S-EACX-100G-P1-P SW, EACX Software Perpetual Premium 1 license; per 100GbE capacity, includes ADV SW Subscription license, without software support S-EACX-400G-A-1 SW, EACX Software 1-year Subscription Advance license; per 400GbE capacity, with software support S-EACX-400G-A-3 SW, EACX Software 3-year Subscription Advance license; per 400GbE capacity, with software support S-EACX-400G-A-5 SW, EACX Software 5-year Subscription Advance license; per 400GbE capacity, with software support S-EACX-400G-A1-P SW, EACX Software Perpetual Advanced 1 license; per 400GbE capacity, without software support S-EACX-400G-P-1 SW, EACX Software 1-year Subscription Premium license; per 400GbE capacity, includes ADV SW Subscription license, with software support S-EACX-400G-P-3 SW, EACX Software 3-year Subscription Premium license; per 400GbE capacity, includes ADV SW Subscription license, with software support S-EACX-400G-P-5 SW, EACX Software 5-year Subscription Premium license; per 400GbE capacity, includes ADV SW Subscription license, with software support S-EACX-400G-P1-P SW, EACX Software Perpetual Premium 1 license; per 400GbE capacity, includes ADV SW Subscription license, without software support MACsec License S-ACXEVO100GMSEC-P SW, ACXEVO, 100GbE, MACsec license, without customer support, must purchase CS separately, Perpetual S-ACXEVO400GMSEC-P SW, ACXEVO, 400GbE, MACsec License, without customer support, must purchase CS separately, Perpetual S-ACXEVO100GMSEC-1 SW, ACXEVO, 100GbE, MACsec License, 1 Year Subscription, with Software Support S-ACXEVO100GMSEC-3 SW, ACXEVO, 100GbE, MACsec License, 3 Year Subscription, with Software Support S-ACXEVO100GMSEC-5 SW, ACXEVO, 100GbE, MACsec License, 5 Year Subscription, with Software Support S-ACXEVO400GMSEC-1 SW, ACXEVO, 400GbE, MACsec License, 1 Year Subscription, with Software Support S-ACXEVO400GMSEC-3 SW, ACXEVO, 400GbE, MACsec License, 3 Year Subscription, with Software Support S-ACXEVO400GMSEC-5 SW, ACXEVO, 400GbE, MACsec License, 5 Year Subscription, with Software Support Data Center Software S-ACXCLDDC48L-A1-3 SW, ACX7100-48L, Cloud Data Center (CLLDC), Advanced 1, with SVC customer support, 3 years S-ACXCLDDC48L-A1-5 SW, ACX7100-48L, Cloud Data Center (CLLDC), Advanced 1, with SVC customer support, 5 years S-ACXCLDDC48L-A1-P SW, ACX7100-48L, Cloud Data Center (CLLDC), Advanced 1, without customer support, must purchase CS SKU separately, Perpetual S-ACXCLDDC48L-A2-3 SW, ACX7100-48L, Cloud Data Center (CLLDC), Advanced 2, with SVC customer support, 3 years S-ACXCLDDC48L-A2-5 SW, ACX7100-48L, Cloud Data Center (CLLDC), Advanced 2, with SVC customer support, 5 years S-ACXCLDDC48L-A2-P SW, ACX7100-48L, Cloud Data Center (CLLDC), Advanced 2, without customer support, must purchase CS SKU separately, Perpetual S-ACXCLDDC32C-A1-3 SW, ACX7100-32C, Cloud Data Center (CLLDC), Advanced 1, with SVC Customer Support, 3 years S-ACXCLDDC32C-A1-5 SW, ACX7100-32C, Cloud Data Center (CLLDC), Advanced 1, with SVC Customer Support, 5 years S-ACXCLDDC32C-A1-P SW, ACX7100-32C, Cloud Data Center (CLLDC), Advanced 1, without Customer Support, must purchase CS SKU separately, Perpetual S-ACXCLDDC32C-A2-3 SW, ACX7100-32C, Cloud Data Center (CLLDC), Advanced 2, with SVC Customer Support, 3 years S-ACXCLDDC32C-A2-5 SW, ACX7100-32C, Cloud Data Center (CLLDC), Advanced 2, with SVC Customer Support, 5 years S-ACXCLDDC32C-A2-P SW, ACX7100-32C, Cloud Data Center (CLLDC), Advanced 2, without Customer Support, must purchase CS SKU separately, Perpetual Optics and Transceivers
ACX7100 supports varying port speeds with different transceiver options of direct attach copper (DAC), active optical cable (AOC), and breakout cable (BO). The most recent information on supported optics can be found at https://apps.juniper.net.Juniper Networks Service and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html. -
Product Overview
Changing market dynamics have intensified the challenge of accommodating growth with traditional products and architectures. Juniper’s secure and automated solutions help cloud-based networks quickly react to these evolving conditions, accelerating service delivery with world-class products and innovative architectural components. PTX Series Fixed Configuration Routers with custom Express3 and Express4 silicon are an integral part of this solution, delivering a massively scalable and efficient core architecture across space- and power-constrained cloud provider, service provider, and enterprise networks, reducing TCO with innovative, highly flexible, high-performance platforms built for the most demanding environments.
Product Description
The Juniper Networks® PTX Series Packet Transport Routers transform the core network with physical and virtual innovations that deliver unprecedented scale at the lowest cost per bit. Four fixed-configuration platforms are available: the PTX1000 Packet Transport Router, the industry’s first 2 U packet transport routing device; the PTX10001-36MR Packet Transport Router, a compact, power-optimized 400GbE platform based on custom Express4 silicon; the PTX10002 Packet Transport Router, a second-generation device that doubles the density of the PTX1000 with Juniper Networks Express3™ silicon; and the PTX10003, the industry’s first 3U 400-GbE enabled packet transport routing device. These transport routers give cloud and communication providers the freedom to develop and deliver new virtualized services anywhere in the network with elastic architectures and precise traffic controls, without compromising the service experience.The Evolving Landscape
New traffic dynamics such as mobility, video, and cloud-based services are transforming traditional network patterns and topologies. Stratified, statically designed, and manually operated networks must evolve to support the constantly growing volumes of traffic quickly and economically. Many operators have seen their profits stagnate and TCO grow under the burden that these growing traffic volumes are imposing. Cloud and service providers need to become more agile in order to optimize their existing network resources, shorten planning cycles, and remove rigid network layers. Operators are facing the following challenges under the current environment:- Static scale: The cloud and communication providers’ backbone handles the full weight of network traffic. Therefore, it is paramount that core networks are inherently designed for scalability and efficiency. The 400GbE-capable platforms, 100/400GbE inline MACsec, silicon, system, and SDN innovations for the core empower network operators to scale faster than the traffic in an elegant, elastic, redundant package—without requiring forklift upgrades.
- Static architecture: Virtualized services and the explosion of cloud-based applications are creating increasingly unpredictable traffic patterns. To handle this unpredictability, service providers need a dynamic, scale-out architecture across all layers to create programmable, traffic-optimized networks that support any service, anywhere.
- Power costs: For cloud and communication providers, the operational cost of transmitting a packet through the core is less than the cost of the power required to move that packet. In fact, projections suggest that over a few short years, the total power draw will exceed the cost of deploying the entire network infrastructure. Efficient power utilization by the core router requires a holistic ground-up engineering approach.
- Facility limitations: Service providers cannot grow their facilities exponentially forever. They need innovations that provide a low-touch deployment model optimized around space availability, facility power requirements, and floor weight thresholds. Transport-oriented central office locations have the added burden of meeting European Telecommunications Standards Institute (ETSI) standard depth. Any transit router innovation must operate within these constraints.
Architecture and Key Components
The PTX1000, PTX10001-36MR, PTX10002, and PTX10003 fixed-configuration packet transport routers bring physical and virtual innovation to the cloud and service provider core networks, addressing concerns about operational expenditures while scaling organically to keep pace with growing traffic demands with the following features:- Core routing: The PTX1000, PTX10001-36MR, PTX10002, and PTX10003 employ a massively scalable yet compact 1, 2, or 3 U form factor with secure connectivity and high flexibility.
- Peering: The PTX Series fixed platforms are perfect for scale-out peering in space- and power-constrained environments with full traffic visibility and L3 services.
- LSR: The PTX Series fixed platforms provide 2.88 Tbps to 16 Tbps aggregate capacity for multi-plane core networks as an LSR router. They can also be positioned as an LSR fabric node in spine-leaf architectures for increased scale and reduced blast radius.
- CDN Gateway: The compact PTX Series offers high routing scale in a 1, 2, or 3 U fixed form factor for full traffic statistics visibility and deep buffers.
- Data Center Interconnect (DCI): The PTX10001-36MR and PTX10003 offer secure inline MACsec with no compromise in throughput or latency, and an extended range enabled by 400GbE ZR / ZR+.
Innovations in Silicon
Physical innovations at the core silicon level enable the PTX Series fixed-configuration routers to reduce OpEx and accommodate scale-out architectures with smooth migration paths as traffic patterns change.Express3 and Express-Based Silicon
The PTX1000 and PTX10002 are powered by Express3 silicon, delivering predictable IP/MPLS packet performance and functionality. The PTX10003 is powered by functionally equivalent Express3 Silicon to support high-density 100/200/400GbE interfaces and inline MACsec with no performance penalty while delivering the same IP/MPLS functionality. Express3 silicon eliminates the complex sawtooth packet profile found in elaborate, over-engineered network processing units (NPUs) deployed in other core routers. This delivers the peering scale required to match expanding traffic demands. These devices build upon the Juniper Networks Junos® Express silicon concepts of low consistent latency and wire-rate packet performance for both IP traffic and MPLS transport, without sacrificing the optimized system power profile. These concepts are incorporated into the PTX Series design along with full IP functionality, preserving the spirit of the original Junos Express chipset. The Express3 silicon is the first purpose-built telecommunications silicon to engineer a 3D memory architecture into the base design for more than 1.6 billion filter operations per second, dynamic table memory allocation for mammoth IP routing scale, and enormous power efficiency gains. The PTX10003 supports inline MACsec on all interfaces using 10/40/100GbE.Express4 Silicon
The PTX10001-36MR is powered by the highly scalable, next-generation ASIC in the Express silicon family, Juniper Express4 silicon—the industry’s first inline MACsec for 400GbE chips that supports universal multirate QSFP56-DD. Juniper Express4 silicon delivers consistently low latency, 8m counters, 256 AES MACsec encryption supported on all ports, and wire-rate packet performance for IP traffic without sacrificing the optimized system power profile. Preserving the spirit of the Junos Express silicon family, Juniper Express4 silicon is the first purpose-built telecommunications silicon to incorporate a 3D memory architecture into the base design, offering the industry’s highest packet performance per gigabit in the fewest rack units. It also provides dynamic table memory allocation for massive IP routing scale while delivering tremendous power efficiency gains at 0.14 Watts/Gig. The ability to address a provider’s core networking requirements—scale, operational flexibility, and SDN control—begins with the silicon. With the PTX Series fixed-configuration routers, operators can now deploy a core architecture with SDN control. Combining Juniper Networks NorthStar Controller with a robust full-featured Internet backbone router, and a regional IP/MPLS core router with integrated 100GbE coherent transport for superior performance, operators can tune their network infrastructure through proactive monitoring and what-if planning capabilities. The NorthStar Controller dynamically creates explicit routing paths using a global view based on user-defined constraints to create a fully autonomous operation. Scale is one of the guiding design principles for the PTX Series routers, allowing network operators to smoothly handle increased traffic demands. The PTX Series fixed-configuration routers simplify network engineering challenges with predictable system latency, improving the overall service experience by delivering best-in-class resiliency to help providers meet strict customer service-level agreements (SLAs). Operational efficiency is another design attribute for the PTX Series routers, focusing on power, space, and weight—fundamental concerns that affect network operators’ operational budgets. Juniper has designed the PTX Series to fit the requirements of current and future data center facilities. SDN programmability brings virtual innovations to the service provider core, while the NorthStar Controller offers an open, standards-based solution that optimizes both the IP layer and the transport layer with precise SDN control, allowing network operators to fully automate and scale their operations with ease.PTX1000, PTX10002, and PTX10003 Fixed-Configuration Packet Transport Routers
PTX1000
The PTX1000, with its rich IP/MPLS feature set, lets service providers organically distribute peering points throughout the network without sacrificing performance and deployability—the main contributors to eroding TCO for service providers when peering. The PTX1000 expands the applications scope that the PTX Series architecture addresses, enabling service providers to implement a distributed core architecture for interconnecting growing cloud services. Service providers can distribute peering points to match traffic demand with an optimized core router without sacrificing performance or deployability. The PTX1000 is a first-generation fixed-configuration core router, providing up to 3 million FIB and 10+ million routing information base (RIB) in a 2 U footprint, making it easily deployable in space-constrained Internet exchange locations, remote central offices, and embedded peering points anywhere in the network, including cloud-hosted services. The PTX1000 operates at 2.88 Tbps in a fixed core router configuration and supports flexible interface configuration options, including 288 10GbE ports via a quad small form-factor pluggable plus transceiver (QSFP+) breakout, 72 40GbE ports via QSFP+, and 24 100GbE ports via QSFP28.PTX10001-36MR
The PTX10001-36MR features a compact, 1 U form factor that is easy to deploy in space- and power-constrained Internet exchange locations, remote central offices, and embedded peering points throughout the network, including cloud- hosted services. The PTX10001-36MR is particularly suited for power-constrained environments, providing unprecedented power efficiency of 0.14 watts/Gbps. It offers up to 4 million IPv4 FIB, deep buffers, and integrated 100GbE and 400GbE MACsec capabilities. The PTX10001-36MR operates at 9.6 Tbps in a fixed core router configuration with 36 multi-rate ports—24 400GbE (QSFP56-DD) ports and 12 100GbE (QSFP28) ports to facilitate the migration from 100GbE to 400GbE deployments. The PTX10001-36MR features flexible interface configuration options with universal multi-rate QSFP-DD for 100GbE/400GbE to support 120 10GbE ports with QSFP+ breakout, 60 100GbE ports with QSFP28-DD (24x2) and QSFP28 (12), 108 100GbE ports with QSFP56-DD breakout (24x4) and QSFP28 (12), and 24 400GbE ports with QSFP56-DD. PTX10001-36MR supports MACSec on all ports, regardless of the port speed.PTX10002
The PTX10002 is a second-generation PTX Series fixed-configuration core router featuring a compact, 2 U form factor that is easy to deploy in space-constrained Internet exchange locations, remote central offices, and embedded peering points throughout the network, including cloud-hosted services. The PTX10002 operates at 6 Tbps in a fixed core router configuration. It supports flexible interface configuration options, offering 60 physical quad small form-factor pluggable 28 (QSFP28) 100GbE ports, 60 QSFP+ 40GbE ports, and 192 10GbE ports via QSFP+ breakout cables.PTX10003
The PTX10003 is a fixed-configuration core router featuring a compact, 3 U form factor that is easy to deploy in space-constrained Internet exchange locations, remote central offices, and embedded peering points throughout the network, including cloud-hosted services. It offers up to 4 million FIB, deep buffers, and integrated 100GbE MACsec capabilities. The PTX10003 uniquely addresses power-constrained environments by providing unprecedented power efficiency of 0.2 watts/Gbps. Two versions of the PTX10003 are available, supporting 8 Tbps and 16 Tbps respectively in a 3 U footprint. Operating in a fixed core router configuration, the 8 Tbps model features flexible interface configuration options with universal multi-rate QSFP-DD for 100GbE/400GbE to support 160 (QSFP+) 10GbE ports, 80 (QSFP28) 100GbE ports, 32 (QSFP28-DD) 200GbE ports, and 16 (QSFP56-DD) 400GbE ports. The 16 Tbps model also offers universal multi-rate QSFP-DD for 100GbE/400GbE to support 320 (QSFP+) 10GbE ports, 160 (QSFP28) 100GbE ports, 64 (QSFP28-DD) 200GbE ports, and 32 (QSFP56-DD) 400GbE ports. PTX10001-36MR and PTX10003 routers offer native SFP+ transceiver support through QSFP adapter, MAM1Q00A-QSA . This option enables deployments where 10GE connectivity over more than 10KM single mode fiber links is required.Features and Benefits
Performance is one of the guiding design principles for the PTX Series Packet Transport Routers. This focus empowers cloud and service providers with superior scale to match increased traffic levels and network engineering challenges with predictable system latency to improve the overall service experience, deliver best-in-class resiliency, and ensure that services meet strict customer SLAs. Deployability is the other guiding design principle for the PTX Series routers, focusing on power, space, and weight—fundamental concerns that impact service providers’ operational budget with respect to growing traffic. Infinite programmability with automation and telemetry brings virtual innovations to the cloud and service provider core, while the NorthStar Controller is an open, standards-based solution that optimizes both the IP layer and the transport layer with precise SDN control, allowing service providers to automate and scale operations with efficiency, simplicity, and security. One Junos Experience delivers operational consistency and uniformity across PTX Series platforms and solutions. The most modern OS on the market, Junos Evolved, is designed from the ground up for reliability, resiliency, velocity, and integration simplicity. Table 1 summarizes the features available on the fixed-configuration PTX Series Packet Transport Routers.Table 1. Fixed-Configuration PTX Series Features and BenefitsFeature Feature Description Benefit System capacity The PTX1000 scales to 3 Tbps in a single chassis, breaking out into 288 10GbE, 72 40GbE, and 24 100GbE interfaces. The PTX10001-36MR scales to 9.6 Tbps in a single chassis, featuring flexible interface configuration options with universal multi-rate QSFP-DD for 100GbE/400GbE to support 120 10GbE ports with QSFP+ breakout, 60 100GbE ports with QSFP28-DD (24x2) and QSFP28 (12), 108 100GbE ports with QSFP56-DD breakout (24x4) and QSFP28 (12), and 24 400GbE ports with QSFP56-DD. The PTX10002 scales to 6 Tbps in a single chassis, breaking out into 192 10GbE, 60 40GbE, and 60 100GbE interfaces. The PTX10003 8 Tbps model scales to 8 Tbps is a single chassis, breaking out into 160 10GbE, 80 100GbE, 32 200GbE, and 16 400GbE interfaces. The PTX10003 16 Tbps model scales to 16 Tbps in a single chassis, breaking out into 320 10GbE, 160 100GbE, 64 200GbE, and 32 400GbE interfaces. The PTX1000, PTX10001-36MR, PTX10002, and PTX10003 give cloud and service providers the performance and scalability needed to outpace growing traffic demands. High availability (HA) hardware The PTX1000, PTX10001-36MR, PTX10002 and PTX10003 are built with hardware redundancy for cooling, power supplies, and forwarding. HA is critical for service providers to maintain an always-on infrastructure base and meet stringent SLAs across the core. Packet performance The PTX1000 and PTX10002 include groundbreaking Express3 silicon, empowering them with unparalleled packet processing for both full IP functionality and MPLS transport, leveraging a revolutionary 3D memory architecture. The PTX10003 uses a newer version of Express3 silicon that delivers inline MACsec on all ports and dense 100/400GbE. The PTX10001-36MR uses the next generation of Express, Express4 silicon, that delivers 100/400GbE inline MACsec on all ports for dense 400GbE architectures. Exceptional packet processing capabilities help alleviate the challenge of scaling the network as traffic levels increase while optimizing IP/MPLS transit functionality around superior performance and elegant deployability. Ultra-compact 1 U, 2 U and 3 U form factor With cutting-edge innovation in power and cooling technology, the PTX fixed-configuration core routers provide compact, power-optimized scale and efficiency. The PTX1000 provides 2.88 Tbps of capacity in a 2 U form factor; the PTX10001-36MR provides 9.6 Tbps in a 1 U form factor; the PTX10002 provides 6 Tbps of capacity in a 2 U form factor; the PTX10003 provides up to 16 Tbps of capacity in a 3 U form factor. Space efficiency is a critical requirement for peering Internet exchange points, peering collocations, central offices, and regional networks, especially in emerging markets. Security The PTX Series Packet Transport routers use a combination of hardware-based mechanisms like MACsec and software-based features like firewall filters and DDoS to provide scalable security. 100GbE and 400GbE inline MACsec is supported on all ports with no compromise in latency. Inline data plane MACsec security with no throughput or latency penalties in addition to control plane security with DDoS. 
PTX Series Fixed-Configuration Routers Specifications
Hardware PTX1000 PTX10001-36MR PTX10002 PTX10003 (8T) PTX10003 (16T) System throughput 3 Tbps 9.6 Tbps 6 Tbps 8 Tbps 16 Tbps Forwarding capacity Up to 2 Bpps Up to 6 Bpps Up to 4 Bpps Up to 5.3 Bpps Up to 10.6 Bpps Max. 10GbE port density 288 120 192 160 320 Max. 40GbE port density 72 30 60 40 80 Max. 100GbE port density 24 108 60 80 160 Max 200GbE port density - 48 - 32 64 Max 400GbE port density - 24 - 16 32 Dimension (WxHxD) 17.4 x 3.46 x 31 in (44.2 x 8.8 x 78.7 cm) 17.3 x 1.75 x 25.5 in (44 x 4.45 x 64.8 cm) 17.4 x 3.46 x 31 in (44.2 x 8.8 x 78.7 cm) 17.4 x 5.25 x 31 in (44.2 x 13.3 x 78.7 cm) 17.4 x 5.25 x 31 in (44.2 x 13.3 x 78.7 cm) Rack units 2 U 1 U 2 U 3 U 3 U Weight 68 lb (31 kg) 39.7 lb (18 kg) 68 lb (31 kg) 88 lb (40 kg) 110 lb (50 kg) CPU Intel Quad Core Ivy Bridge 2.5 GHz CPU Intel Xeon 12-Core 2.1 GHz CPU Intel Quad Core Ivy Bridge 2.5 GHz CPU Intel Broadwell CPU with 12 Cores Intel Broadwell CPU with 12 Cores RAM 32 Gb SDRAM 64 Gb SDRAM 32 Gb SDRAM 64 Gb SDRAM 64 Gb SDRAM SSD 64 GBx2 200 GBx2 64 GBx2 200 GBx2 200 GBx2 Maximum power draw 1425 W (AC, DC), 4862 BTU/hr 2164 W (AC, DC), 7384 BTU/hr 2425 W (AC, DC), 8274 BTU/hr ~2500 W (AC,DC), 8525 BTU/hr ~4000 W (AC.DC), 13640 BTU/hr Typical power draw 1050 W (AC, DC), 3583 BTU/hr 1300 W (AC, DC), 4436 BTU/hr 1850 W (AC, DC), 6312 BTU/hr ~1600 W (AC,DC), 5456 BTU/hr ~3100W (AC,DC), 10571 BTU/hr Power supply 4x1600 watts (AC/DC) 2x3000 watts (AC/DC) 4x1600 watts (AC/DC) 2x3000 watts (AC/DC) 4x3000 watts (AC/DC) Cooling (front-to-back fan) 3 hot-swappable redundant fans 6 hot-swappable redundant fans 3 hot-swappable redundant fans 3 hot-swappable redundant fans 5 hot-swappable redundant fans Packet buffer 24 Gb 24 Gb 24 Gb 64 Gb 128 Gb Latency 2.5 µs within Packet Forwarding Engine (PFE), 5 µs between PFEs 2.5 µs within PFE, 5 us between PFEs 2.5 µs within PFE, 5 us between PFEs 2.5 µs within PFE, 5 us between PFEs 2.5 µs within PFE, 5 us between PFEs Power Efficiency (watts/Gbps) 0.4 0.14 0.3 0.2 0.2 PTX1000, PTX10002, and PTX10003 Software Feature Table
Feature PTX1000 PTX10001-36MR PTX10002 PTX10003 (8/16 Tbps) MPLS-TE Yes Yes Yes Yes MPLS LSR Yes Yes Yes Yes Firewall filters ACL Yes Yes Yes Yes SPRINGv4 Yes Yes Yes Yes DDoS control plane Yes Yes Yes Yes JFlow/SFlow Yes Yes Yes Yes BGP FlowSpec, EPE, URPF, L3VPN Yes Yes Yes Yes Integrated routing and bridging (IRB) Yes Yes Yes Yes Telemetry, NETCONF/YANG Yes Yes Yes Yes Zero Touch Provisioning (ZTP) Yes Yes Yes Yes PCEP, BGP-LS Yes Yes Yes Yes Fast restoration Yes Yes Yes Yes Operation, Administration, and Maintenance (OAM) Yes Yes Yes Yes Management Interfaces
- 1 small form-factor pluggable transceiver (SFP/SFP+) port or Precision Time Protocol (PTP) Grandmaster
- Fiber (SFP) or 10/100/1000BASE-T (RJ-45) Ethernet management port
- SMB in, SMB out, 10 MHz in, 10 MHz out
- One console port
- USB 2.0 storage interface
Environmental Ranges
- Operating temperature: 32° to 115° F (0° to 46° C) at sea level
- Storage temperature: -40° to 158° F (-40° to 70° C)
- Operating altitude: Up to 10,000 ft. (3048 m)
- Relative humidity operating: 5 to 90% (noncondensing)
- Relative humidity nonoperating: 5 to 95% (noncondensing)
- Seismic: Designed to meet GR-63, Zone 4 earthquake requirements
Safety and Compliance
Safety
- CAN/CSA-C22.2 No. 60950-1 Information Technology Equipment—Safety
- UL 60950-1 Information Technology Equipment—Safety
- EN 60950-1 Information Technology Equipment—Safety
- IEC 60950-1 Information Technology Equipment—Safety (all country deviations)
- EN 60825-1 Safety of Laser Products—Part 1: Equipment Classification
Electromagnetic Compatibility
- 47CFR Part 15, (FCC) Class A
- ICES-003 Class A
- EN 55022 Class A
- CISPR 22 Class A
- EN 55024
- CISPR 24
- EN 300 386
- VCCI Class A
- AS/NZA CISPR22 Class A
- KN22 Class A
- CNS 13438 Class A
- EN 61000-3-2
- EN 61000-3-3
- ETSI
- ETSI EN 300 019: Environmental Conditions & Environmental Tests for Telecommunications Equipment
- ETSI EN 300 019-2-1 (2000)—Storage
- ETSI EN 300 019-2-2 (1999)—Transportation
- ETSI EN 300 019-2-3 (2003)—Stationary Use at Weather-protected Locations
- ETS 300753 (1997)—Acoustic noise emitted by telecommunications equipment
Environmental Compliance
Restriction of Hazardous Substances (ROHS) 6/6
Silver PSU Efficiency
Recycled material
Waste Electronics and Electrical Equipment (WEEE)
Registration, Evaluation, Authorisation and Restriction of Chemicals (REACH)
China Restriction of Hazardous Substances (ROHS)
Telco
- Common Language Equipment Identifier (CLEI) code
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.Automated Support and Prevention
Juniper’s Automated Support and Prevention consists of an ecosystem of tools, applications, and systems targeted towards simplifying and streamlining operations, delivering operational efficiency, reducing downtime, and increasing your network’s ROI running Juniper Networks Junos operating system. Automated Support and Prevention brings operational efficiency by automating several time-consuming tasks such as incident management, inventory management, proactive bug notification, and on-demand EOL/EOS/EOE reports. The Junos Space® Service Now and Service Insight service automation tools are standard entitlements of all Juniper Care contracts.Warranty
For warranty information, please visit https://support.juniper.net/support/warranty/Ordering Information
Product Number Description PTX1000 PTX1K-72Q-AC PTX1000 base system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-72Q-DC PTX1000 base system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX1K-72Q-AC-IR PTX1000 LSR/peering system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-72Q-DC-IR PTX1000 LSR/peering system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX1K-72Q-AC-R PTX1000 full IP system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-72Q-DC-R PTX1000 full IP system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX1K-36Q-AC PTX1000 base system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-36Q-DC PTX1000 base system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX1K-36Q-AC-IR PTX1000 LSR/peering system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-36Q-DC-IR PTX1000 LSR/peering system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX1K-36Q-AC-R PTX1000 full IP system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-36Q-DC-R PTX1000 full IP system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX1K-18Q-AC PTX1000 base system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-18Q-DC PTX1000 base system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX1K-18Q-AC-IR PTX1000 LSR/peering system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-18Q-DC-IR PTX1000 LSR/peering system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX1K-18Q-AC-R PTX1000 full IP system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-18Q-DC-R PTX1000 full IP system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays S-PTX1K-72Q-SCA-UP PTX1000 scale-up software license to upgrade 72 port system (base to LSR or LSR to full IP) S-PTX1K-36Q-SCA-UP PTX1000 scale-up software license to upgrade 36 port system (base to LSR or LSR to full IP) S-PTX1K-18Q-SCA-UP PTX1000 scale-up software license to upgrade 18 port system (base to LSR or LSR to full IP) S-PTX1K-UPG-18Q PTX1000 software license to add 18 more ports to base system S-PTX1K-UPG-18Q-IR PTX1000 software license to add 18 more ports to LSR/peering system S-PTX1K-UPG-18Q-R PTX1000 software license to add 18 more ports to full IP system JPSU-1600W-AC-AFO PTX1000 1600 W AC power supply JPSU-1600W-DC-AFO PTX1000 1600 W DC power supply PTX1000-FAN-S PTX1000 fan JNP-3000W-DC-AFO DC power supply for JNP10003-160C and JNP10003-80C fixed platforms PTX10001-36MR PTX10001-36MR-AC PTX10001 36 QSFP56-DD / QSFP28 multi-rate port base system with redundant AC Power supplies, FAN trays, Junos Evolved PTX10001-36MR-DC PTX10001 36 QSFP56-DD / QSFP28 multi-rate port base system with redundant DC Power supplies, FAN trays, Junos Evolved JNP-FAN2-1RU Fan Tray for JNP10001-36MR platform JNP10001-36MR JNP10001 chassis with 36 QSFP56-DD / QSFP28 multi-rate ports, no power supplies or fans JNP-3000W-AC-AFO AC power supply for JNP10001-36MR fixed platform JNP-3000W-DC-AFO DC power supply for JNP10001-36MR fixed platform S-PTX10K-108C-A1-P SW, PTX10K fixed platform, 10.8T, right-to-use Advanced1 tier, without SW support, Perpetual S-PTX10K-108C-A2-P SW, PTX10K fixed platform, 10.8T, right-to-use Advanced2 tier, without SW support, Perpetual S-PTX10K-108C-P1-P SW, PTX10K fixed platform, 10.8T, right-to-use Premium1 tier, without SW support, Perpetual S-PTX10K-108C-P2-P SW, PTX10K fixed platform, 10.8T, right-to-use Premium2 tier, without SW support, Perpetual S-PTX10K-108C-A1-5 SW, PTX10K fixed platform, 10.8T, right-to-use Advanced1 tier, with SW support, 5 Years S-PTX10K-108C-A2-5 SW, PTX10K fixed platform, 10.8T, right-to-use Advanced2 tier, with SW support, 5 Years S-PTX10K-108C-P1-5 SW, PTX10K fixed platform, 10.8T, right-to-use Premium1 tier, with SW support, 5 Years S-PTX10K-108C-P2-5 SW, PTX10K fixed platform, 10.8T, right-to-use Premium2 tier, with SW support, 5 Years S-PTX10K-108C-A1-3 SW, PTX10K fixed platform, 10.8T, right-to-use Advanced1 tier, with SW support, 3 Years S-PTX10K-108C-A2-3 SW, PTX10K fixed platform, 10.8T, right-to-use Advanced2 tier, with SW support, 3 Years S-PTX10K-108C-P1-3 SW, PTX10K fixed platform, 10.8T, right-to-use Premium1 tier, with SW support, 3 Years S-PTX10K-108C-P2-3 SW, PTX10K fixed platform, 10.8T, right-to-use Premium2 tier, with SW support, 3 Years S-PTX10K100GMSEC-P SW, PTX10K 100G MACsec License SKU, w/out Customer Support, must purchase CS SKU separately, Perpetual S-PTX10K400GMSEC-P SW, PTX10K 400G MACsec License SKU, w/out Customer Support, must purchase CS SKU separately, Perpetual PTX10002 PTX10002-60C-AC PTX10002 base system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX10002-60C-DC PTX10002 base system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX10002-60C-AC-IR PTX10002 LSR/peering system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX10002-60C-DC-IR PTX10002 LSR/peering system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX10002-60C-AC-R PTX10002 full IP system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX10002-60C-DC-R PTX10002 full IP system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX10K2-60C-H-AC PTX10002 base system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX10K2-60C-H-DC PTX10002 base system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX10K2-60C-H-ACIR PTX10002 LSR/peering system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX10K2-60C-H-DCIR PTX10002 LSR/peering system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX10K2-60C-H-AC-R PTX10002 full IP system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX10K2-60C-H-DC-R PTX10002 full IP system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays JPSU-1600W-AC-AFO PTX1000 1600 W AC power supply JPSU-1600W-DC-AFO PTX1000 1600 W DC power supply JNP10002-FAN1 PTX10002 fan S-PTX10K2-60C-S-UP PTX10002 scale-up software license to upgrade 60-port system (base to LSR or LSR to full IP) S-PTX10K2-30C-S-UP PTX10002 scale-up software license to upgrade 30-port system (base to LSR or LSR to full IP) S-PTX10K2-15C-S-UP PTX10002 scale-up software license to upgrade 15-port system (base to LSR or LSR to full IP) S-PTX10K2-U-15C PTX10002 software license to add 15 more ports to base system S-PTX10K2-U-15C-IR PTX10002 software license to add 15 more ports to LSR/peering system S-PTX10K2-U-15C-R PTX10002 software license to add 15 more ports to full IP system PTX10003 PTX10003-160C-AC PTX10003-160C base system with 160 100GbE ports or 32 400GbE ports, 4 3000W AC power supplies, 4 power cables, and 5 fan trays, with standard tier right-to-use license PTX10003-160C-DC PTX10003-160C base system with 160 100GbE ports or 32 400GbE ports, 4 3000W DC power supplies, and 5 fan trays, with standard tier right-to-use license PTX10003-80C-AC PTX10003-80C base system with 80 100GbE ports or 16 400GbE ports, 2 3000W AC power supplies, 2 power cables, and 3 fan trays, with standard tier right-to-use license PTX10003-80C-DC PTX10003-80C base system with 80 100GbE ports or 16 400GbE ports, 2 3000W DC power supplies, and 3 fan trays, with standard tier right-to-use license S-PTX10K3-16T-A1-P 16T PTX10003 Advanced1 tier right-to-use license, perpetual, without SW support S-PTX10K3-16T-A2-P 16T PTX10003 Advanced2 tier right-to-use license, perpetual, without SW support S-PTX10K3-16T-P1-P 16T PTX10003 Premium1 tier right-to-use license, perpetual, without SW support S-PTX10K3-16T-P2-P 16T PTX10003 Premium2 tier right-to-use license, perpetual, without SW support S-PTX10K3-16T-A1-5 16T PTX10003 Advanced1 tier right-to-use license, 5-year term, with SW support S-PTX10K3-16T-A2-5 16T PTX10003 Advanced2 tier right-to-use license, 5-year term, with software support S-PTX10K3-16T-P1-5 16T PTX10003 Premium1 tier right-to-use license, 5-year term, with software support S-PTX10K3-16T-P2-5 16T PTX10003 Premium2 tier right-to-use license, 5-year term, with software support S-PTX10K3-16T-A1-3 16T PTX10003 Advanced1 tier right-to-use license, 3-year term, with SW support S-PTX10K3-16T-A2-3 16T PTX10003 Advanced2 tier right-to-use license, 3-year term, with software support S-PTX10K3-16T-P1-3 16T PTX10003 Premium1 tier right-to-use license, 3-year term, with software support S-PTX10K3-16T-P2-3 16T PTX10003 Premium2 tier right-to-use license, 3-year term, with software support S-PTX10K3-8T-A1-P 8T PTX10003 Advanced1 tier right-to-use license, perpetual, without SW support S-PTX10K3-8T-A2-P 8T PTX10003 Advanced2 tier right-to-use license, perpetual, without SW support S-PTX10K3-8T-P1-P 8T PTX10003 Premium1 tier right-to-use license, perpetual, without SW support S-PTX10K3-8T-P2-P 8T PTX10003 Premium2 tier right-to-use license, perpetual, without SW support S-PTX10K3-8T-A1-5 8T PTX10003 Advanced1 tier right-to-use license, 5-year term, with software support S-PTX10K3-8T-A2-5 8T PTX10003 Advanced2 tier right-to-use license, 5-year term, with software support S-PTX10K3-8T-P1-5 8T PTX10003 Premium1 tier right-to-use license, 5-year term, with software support S-PTX10K3-8T-P2-5 8T PTX10003 Premium2 tier right-to-use license, 5-year term, with software support S-PTX10K3-8T-A1-3 8T PTX10003 Advanced1 tier right-to-use license, 3-year term, with software support S-PTX10K3-8T-A2-3 8T PTX10003 Advanced2 tier right-to-use license, 3-year term, with software support S-PTX10K3-8T-P1-3 8T PTX10003 Premium1 tier right-to-use license, 3-year term, with software support S-PTX10K3-8T-P2-3 8T PTX10003 Premium2 tier right-to-use license, 3-year term, with software support JNP10003-160C-CHAS JNP10003-160C spare chassis with 160 100GbE ports or 32 400GbE ports JNP10003-80C-CHAS JNP10003-80C spare chassis with 80 100GbE ports or 16 400GbE ports JNP10003-FAN Fan tray for 3RU 8T and 16T fixed platforms JNP-3000W-AC-AFO AC power supply for JNP10003-160C and JNP10003-80C fixed platforms -
Product Overview
QFX5110 access and aggregation switches deliver low latency, rich Layer 2 and Layer 3 features, VXLAN overlay deployments, and 100GbE uplinks, making it the industry’s most nimble line of switches. Featuring L3 gateway capabilities for bridging between virtualized and bare-metal servers, the QFX5110 is designed for extremely agile data centers that demand support for overlay/underlay network architectures. The high-density 10GbE, 40GbE, and 100GbE ports also make the QFX5110 ideally suited for use in data center spine and leaf topologies and campus distribution..
Product Description
Data centers are rapidly adopting cloud services, whether completely off-premises models or hybrid models with critical services offered through on-premise private clouds. The tremendous growth of off-premises cloud services, coupled with the widespread adoption of overlay technologies, has created a need for highly agile switching platforms that can satisfy the demands of these evolving data centers. The high-performance Juniper Networks® QFX5110 line of Ethernet switches fit the bill, providing the foundation for dynamic data centers. As a critical enabler for IT transformation, the data center network supports cloud and SDN adoption, network virtualization, integrated/scale-out storage, and the rapid deployment and delivery of mission-critical applications that significantly increase east-west traffic within the data center. Furthermore, increasing demand for 100GbE spine ports is driving the need for 100GbE uplinks for all server access speeds, including 10GbE and 40GbE. The QFX5110 includes 100GbE uplinks, enabling it to support a diverse set of switching architectures, including fabric, Layer 3, and spine-and-leaf deployments, enabling users to easily adapt as requirements change over time. The QFX5110 switch can be positioned in campus distribution and core deployments.Architecture and Key Components
The QFX5110 switches include 10GbE (fiber) and 40GbE or 100GbE fixed-configuration options with rich Layer 2, Layer 3, and MPLS features. The QFX5110 switches run the same reliable, high-performance Juniper Networks Junos® operating system that is used by the Juniper Networks QFX5100 family of products, EX Series Ethernet Switches, Juniper Networks routers, and Juniper Networks SRX Series Services Gateways, ensuring a consistent implementation and operation of control plane features across the entire Juniper infrastructure.QFX5110 Switch Models
The QFX5110 switches are compact, 1 U platforms that provide wire-speed packet performance, very low latency, and a rich set of Junos OS features. In addition to a high-throughput Packet Forwarding Engine (PFE), the performance of the QFX5110 control plane is further enhanced with a powerful 1.8 GHz quad-core Intel CPU with 16 GB of memory and 64 GB SSD storage. Two QFX5110 switch models are available:- QFX5110-48S—A 10GbE/100GbE data center access switch, the QFX5110-48S offers 48 small form-factor pluggable plus (SFP+) transceiver ports and four QSFP28 ports that can be configured as 4x40GbE or 4x100GbE ports, with an aggregate throughput of 1.76 Tbps or 1.32 Bpps per switch. For added flexibility, each QSFP28 port can also be configured as 4x10GbE ports using breakout cables, increasing the total number of supported 10GbE ports to 64 per switch.
- QFX5110-32Q—A 40GbE/100GbE data center access and aggregation switch, the QFX5110-32Q offers up to 32 QSFP+ ports, or 20 QSFP+ ports and four QSFP28 ports, with an aggregate throughput of 2.56 Tbps or 1.44 Bpps per switch. For added flexibility, the QSFP+ ports can also be configured as 4x10GbE ports using QSFP+-to-SFP+ direct attach copper (DAC) or QSFP+-to-SFP+ fiber breakout cables and optics, or as 24 4x10GbE and eight QSFP+ ports, increasing the total number of supported 10GbE ports to 96 per switch.
QFX5110 Highlights
The QFX5110 switches feature the following highlights:- Support high-density, multi-speed configurations for 10/40/100GbE access and aggregation, with up to 64 or 96 10GbE ports, up to four 100GbE uplink ports, and up to 32 40GbE ports in a 1 U platform
- Deliver up to 2.56 Tbps Layer 2 and Layer 3 performance, with latency as low as 550 nanoseconds
- Include a 1.8 GHz quad-core Intel CPU with 16 GB memory and 64 GB SSD storage
- Feature rich automation capabilities with support for Python and zero touch provisioning (ZTP)
- Support virtualization protocols such as Virtual Extensible LAN (VXLAN) and Open vSwitch Database (OVSDB) protocol as L2 Gateway or L3 Gateway
- Offer advanced Junos OS features such as BGP add-path, MPLS, L3 VPN, and IPv6 6PE
Junos OS
The high-performance QFX5110 switches run Junos OS, Juniper’s powerful and robust network operating system that powers all Juniper switches, routers, and firewalls. Key Junos OS features that enhance the functionality and capabilities of the QFX5110 include:- Software modularity, with process modules running independently in their own protected memory space and with the ability to do process restarts
- Uninterrupted routing and forwarding, with features such as nonstop active routing (NSR) and nonstop bridging (NSB)
- Commit and rollback functionality that ensures error-free network configurations
- A powerful set of scripts for on-box problem detection, reporting, and resolution
Junos OS Software License
The software features supported on the QFX5110 switches are categorized into three tiers: Base, Premium, and Advanced.- Base software features include basic Layer 2 switching, basic Layer 3 routing, multicast, automation, programmability, zero touch provisioning (ZTP), and basic monitoring. A Base software features license comes with the purchase of the hardware and does not require any explicit license keys.
- Premium software features include all Base license functionality, plus BGP, IS-IS, and EVPN Virtual Extensible LAN (VXLAN) to explicitly address the needs of enterprise customers. To enable these features, customers must purchase the QFX5K-C1-PFL license, generate unique license keys, and install them on the switch. The license is not portable across devices.
- Advanced software features include all Premium license functionality plus MPLS to explicitly address the needs of data center interconnect and edge use cases. To enable these features, customers must purchase the QFX5K-C1-AFL license, generate unique license keys, and install them on the switch. The license is not portable across devices.
Data Center Deployments
Today’s data centers are typically built with high-performance, small form-factor, multicore blade and rack servers. The greater compute capacity and server densities enabled by these devices are increasing traffic volume, creating a need for high-speed, low-latency, storage-converged and I/O-converged networking solutions that can maximize performance for physical servers, virtual servers, and storage. The QFX5110 switches deliver low-latency, lossless, high-density 10GbE and 40GbE interfaces, as well as 100GbE uplinks to the core network demanded by today’s data center. Furthermore, the QFX5110 offers VXLAN Layer 2 and Layer 3 gateway support, making it an ideal solution for overlay deployments in the data center. All QFX5110 switches are designed to consume the lowest possible power while optimizing space, reducing data center operating costs. Flexible airflow direction options enable the QFX5110 switches to support back-to-front and front-to-back cooling, ensuring consistency with server designs for hot-aisle or cold-aisle deployments.
Figure 1: QFX5110 switches supporting a data center server access configurationData Center Server Access
The QFX5110 switches are ideal for top-of-rack deployments of various densities and speeds. The QFX5110-48S offers 48 ports of native 10GbE for server connectivity, plus up to four 40GbE or 100GbE ports for uplink connectivity, providing very low oversubscription of 1.2:1 from access to aggregation. Meanwhile, the QFX5110-32Q offers 20 QSFP+ 40GbE ports for server connectivity and up to four 100GbE ports for uplink connectivity, providing an oversubscription of 2:1 from access to aggregation. Each 40GbE port can be further broken out into four 10GbE ports, providing additional options for server connectivity. The QFX5110 switches can operate in both cut-through and store-and-forward modes, delivering sustained wire-speed switching with sub-microsecond latency and low jitter for any packet size (including jumbo frames) in both modes. All QFX Series switches support extensive Layer 2 features, enabling the device to support high-density 10GbE Layer 2 access deployments. With features such as multichassis link aggregation group (MC-LAG), the QFX5110 supports active/active server dual homing and can utilize full bisectional bandwidth from server to switch. When the QFX5110 is deployed in the access layer, MC-LAG on QFX10000 switches in the aggregation layer provides maximum resiliency and full Layer 2 multipathing in the network. The Junos OS features the most advanced and robust routing capabilities in the industry. All QFX5110 switches include support for RIP and OSPF for both IPv4 and IPv6 in the base software. Advanced routing capabilities such as IS-IS and BGP are also supported. With additional capabilities like 64-way equal-cost multipath (ECMP) and BGP add path, the QFX5110 is an ideal building block for deploying the most robust Layer 3 underlay for SDN.Campus Deployments
Juniper Networks campus fabrics provide a single, standards-based Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) solution that can be deployed in any campus, whether a two-tier network with a collapsed core distribution or a campus-wide system that involves multiple buildings with separate distribution and core layers. The QFX5110-48S switch is ideal as campus distribution switches with 10GbE downlinks and 40GbE/100GbE uplinks supporting technologies like MC-LAG and EVPN multihoming. The QFX5110-32Q switch is ideal as a campus core switch with 32 ports of 40GbE and support for campus fabric with EVPN-VXLAN. Juniper campus fabrics support these validated architectures:- MC-LAG and EVPN Multihoming (Collapsed Core/Distribution). A pair of interconnected QFX5110 switches can be deployed to provide EVPN multihoming (ESI-LAG) or multichassis link aggregation (MC-LAG) in a collapsed core/distribution configuration. This eliminates the need for Spanning Tree Protocol (STP) across the campus network by providing multihoming capabilities from the access to the distribution layer, while distribution to the core is an L3 IP fabric. ESI-LAG also supports horizontal scaling with more than two devices in the distribution layer and can extend EVPN to the core.
Figure 2: QFX5110 switch as a campus collapsed core/distribution switch with EVPN multihoming (ESI-LAG) and MC-LAG support- Campus Fabric Core-Distribution. A pair of interconnected QFX5110 switches can provide EVPN L2 and L3 VXLAN gateway support. This eliminates the need for STP across the campus network by providing a multihoming capability from the access to the distribution layer, while distribution to the core is an L3 IP fabric using EVPN technology. The IP fabric can also extend to connect multiple enterprise buildings, while VXLAN allows stretching L2 across buildings. An IP Clos network between the distribution and the core layers can exist in two modes, both of which are supported by the QFX5110 switch:
- Centrally routed bridging overlay: An IRB interface placed at a central location in the fabric (in this case, a core device)
- Edge routed bridging overlay: An IRB interface placed at the edge of the fabric (in this case, a distribution device)
- Campus Fabric IP Clos: The campus fabric IP Clos architecture pushes VXLAN Layer 2/3 gateway functionality to the access layer. In this architecture, the QFX5110 switch acts as an IP fabric distribution switch.
Figure 3: QFX5110 switch as a campus distribution switch with EVPN-VXLAN L2/L3 gateway supportFeatures and Benefits
- Automation—The QFX5110 switches support a number of features for network automation and plug-and-play operations. Features include zero touch provisioning, operations and event scripts, automatic rollback, and Python scripting. The switch also supports integration with VMware NSX Layer 2 Gateway Services, and OpenStack.
- Flexible Forwarding Table—The QFX5110 includes a Unified Forwarding Table (UFT), which allows the hardware table to be carved into configurable partitions of Layer 2 media access control (MAC), Layer 3 host, and longest prefix match (LPM) tables. In a pure L2 environment, the QFX5110 supports 288,000 MAC addresses. In Layer 3 mode, the table can support 208,000 host entries. In LPM mode, it can support 128,000 prefixes. Junos OS provides configurable options through a CLI so that each QFX5110 can be optimized for different deployment scenarios.
- Intelligent Buffer Management—The QFX5110 switches have a total of 16 MB shared buffers. While 25% of the total buffer space is dedicated, the rest is shared among all ports and is user configurable. The intelligent buffer mechanism in the QFX5110 effectively absorbs traffic bursts while providing deterministic performance, significantly increasing performance over static allocation.
- MPLS—QFX5110 switches support a broad set of MPLS features, including L3 VPN, IPv6 provider edge router (6PE), RSVP traffic engineering, and LDP to allow standards-based network segmentation and virtualization. This enables the QFX5110 to be deployed as a low-latency MPLS label-switching router (LSR).
- VXLAN Overlays—The QFX5110 switch is capable of supporting Layer 2 and Layer 3 gateway services. Customers can deploy overlay networks to provide Layer 2 adjacencies for applications over Layer 3 fabrics. The overlay networks utilize VXLAN in the data plane and EVPN or OVSDB to program the overlays. The overlays can operate without a controller, or they can be orchestrated with an SDN controller.
Management, Monitoring, and Analytics
Data Center Fabric Management: Juniper Apstra provides operators with the power of intent-based network design to help ensure changes required to enable data center services can be delivered rapidly, accurately, and consistently. Operators can further benefit from the built-in assurance and analytics capabilities to resolve Day 2 operations issues quickly. Apstra Key Features- Automated deployment and zero-touch deployment
- Continuous fabric validation
- Fabric lifecycle management
- Troubleshooting using advanced telemetry
For managing AI-driven campus fabrics, Juniper Mist Wired Assurance brings cloud management and Mist AI to campus fabrics. It sets a new standard moving away from traditional network management towards AI-driven operations, while delivering better experiences to connected devices. Wired Assurance key features are:- Automated deployment and zero touch deployment
- Anomaly detection
- Root cause analysis
Juniper® Paragon Insights (formerly HealthBot). combines the power of telemetry, programmability, advanced algorithms, and Machine Learning. It delivers the following features and benefits for enhanced monitoring and analytics:- Key performance indicator collection and visualization
- Anomaly detection
- Root cause analysis
- Automated remediation
- Multivendor support
- Customizable playbooks
- JTI telemetry
Junos Telemetry Interface
The QFX5110 supports Junos Telemetry Interface (JTI), a modern telemetry streaming tool designed for performance monitoring in complex, dynamic data centers. Streaming data to a performance management system enables network administrators to measure trends in link and node utilization, as well as troubleshoot issues such as network congestion, in real time. JTI provides the following capabilities:- Application visibility and performance management by provisioning sensors to collect and stream data and analyze application and workload flow path through the network.
- Capacity planning and optimization by proactively detecting hotspots and monitoring latency and microbursts.
- Troubleshooting and root cause analysis via high-frequency monitoring and correlating overlay and underlay networks.
QFX5110 Deployment Options
Table 1 shows some of the many QFX5110 deployment options.Table 1. QFX5110 Deployment OptionsPort Combinations Switch Deployment 48x10GbE + 4x40GbE QFX5110-48S Leaf 20x40GbE + 4x100GbE QFX5110-32Q Spine Figure 4 shows QFX5110 top-of-rack switches deployed with QFX5110-32Q spine switches acting as centralized gateways. In this topology, VXLAN tunnel encapsulation and de-capsulation occur on the QFX5110-32Q spine switches. Other members of the QFX5100 and QFX5200 lines of switches can also be deployed as leaf nodes in this deployment.
Figure 4: QFX5110-48S and QFX5110-32Q leaf-spine deployment.Figure 5 depicts the QFX5110 deployed as a leaf and acting as a distributed gateway. In this topology, VXLAN tunnel encapsulation and de-capsulation occur on the QFX5110 leaf switch, while the QFX5200 spine switches act as IP transit. QFX5110-32Q switches can also serve as spines in this topology (see Figure 6).
Figure 5: Distributed gateway at leaf with QFX5200/QFX5210 as spine.
Figure 6: Distributed gateway at leaf with QFX5110-32Q as spine.
Table 2. QFX5110 Switching CapacitySpecification QFX5110-48S QFX5110-32Q System Throughput Up to 1.76 Tbps (bidirectional) Up to 2.56 Tbps (bidirectional) Forwarding Capacity 1.32 Bpps 1.44 Bpps Interface Options - 1GbE SFP: 48 (24 copper 1GbE)
- 10GbE SFP+: 48/64 (with breakout cable)
- 40GbE QSFP+: 4
- 100GbE QSFP28: 4
- 1GbE SFP: N/A
- 10GbE QSFP+: 96 (with breakout cable)
- 40GbE QSFP+: 32
- 100GbE QSFP28: 4
Other Interface Notes - Each QSFP+ port can be configured as a 4 x 10GbE interface or as a 40 Gbps port
- Each QSFP28 port can be configured as a 4 x 10GbE interface a 40 Gbps port or as a 100 Gbps port
- 1 USB 2.0 port
- 1 RS-232 console port
- 2 management ports: 2x SFP fiber ports or 1x RJ-45 and 1x copper SFP ports
- Supported transceiver and direct attach cable
- SFP+ 10GbE optical modules
- SFP+ DAC cables: 1/3/5 m twinax copper and 1/3/5/7/10 m active twinax copper
- SFP GbE optical and copper module
- QSFP+ DAC cables: 1/3/5 m twinax copper and 7/10 m active twinax copper
- QSFP+ AOC cables: 1/3/5/7/10/15/20/30 m cable
- QSFP+ Optics: SR4, LX4, ESR4, IR, LR4
- QSFP+ to SFP+ 10GbE direct attach breakout copper (1/3/10 m twinax copper and 5/7 m active twinax copper cable)
- QSFP28 Optics: SR4, CWDM4, LR4
- QSFP28 AOC: 10 m cable
Table 3. QFX5110 System SpecificationsSpecification QFX5110-48S QFX5110-32Q Dimensions (W x H x D) 1.72 x17.36 x 20.48 in (4.37 x 44.09 x 52.02 cm) Rack units 1 U Weight 23 lb (10.43 kg) 24.6 lb (11.16 kg) Operating system Junos OS CPU 1.8 GHz quad-core Intel CPU Power - AFO/AFI: Max load: 300 W, Typical load: 195 W, Idle load: 150 W
- Dual redundant (1+1) and hot-pluggable power supplies
- 110-240 V single phase AC power
- -36 to -72 V DC power
- AFO/AFI: Max load: 340 W, Typical load: 290 W, Idle load: 250 W
- Dual redundant (1+1) and hot-pluggable power supplies
- 110-240 V single phase AC power
- -36 to -72 V DC power
Cooling - Redundant (N+1) and hot-pluggable fan modules for front-to- back and back-to-front airflow
- Redundant variable-speed fans to reduce power draw
Total packet buffer 16 MB Warranty Juniper standard one-year warranty Table 4. Performance Scale (Unidimensional)Parameter Value MAC addresses per system 288,000 VLAN IDs 4,093 Number of link aggregation groups (LAGs) 104 Number of ports per LAG 32 Firewall filters (ingress / egress) 6,142 / 1,022 IPv4 unicast routes 128,000 prefixes; 208,000 host routes; 64 ECMP paths IPv4 multicast routes 104,000 IPv6 unicast routes 84,000 IPv6 multicast routes 52,000 ARP entries 48,000 Jumbo frame 9,216 bytes Spanning Tree Protocol (STP) - Multiple Spanning Tree Protocol (MSTP) Instances: 64
- VLAN Spanning Tree Protocol (VSTP) Instances: 253
Traffic mirroring - Mirroring destination ports per switch: 4
- Maximum number of mirroring sessions: 4
- Mirroring destination VLANs per switch: 4
Software Features Supported
Layer 2 Features
- STP—IEEE 802.1D (802.1D-2004)
- Rapid Spanning Tree Protocol (RSTP) (IEEE 802.1w); MSTP (IEEE 802.1s)
- Bridge protocol data unit (BPDU) protect
- Loop protect
- Root protect
- RSTP and VSTP running concurrently
- VLAN—IEEE 802.1Q VLAN trunking
- The Routed VLAN Interface (RVI)
- Port-based VLAN
- Private VLAN (PVLAN)
- VLAN translation
- Static MAC address assignment for interface
- Per VLAN MAC learning (limit)
- MAC learning disable
- Link Aggregation and Link Aggregation Control Protocol (LACP) (IEEE 802.3ad)
Link Aggregation
- Multichassis link aggregation (MC-LAG)
- Redundant Trunk Group (RTG)
- LAG load sharing algorithm—bridged or routed (unicast or multicast) traffic:
- IP: SIP, Dynamic Internet Protocol (DIP), TCP/UDP source port, TCP/UDP destination port
- Layer 2 and non-IP: MAC SA, MAC DA, Ethertype, VLAN ID, source port
Layer 3 Features (IPv4)
- Static routing
- Routing protocols (RIP, OSPF, IS-IS, BGP)
- Virtual Router Redundancy Protocol (VRRP)
- Virtual router
- Dynamic Host Configuration Protocol (DHCP) relay
- Proxy Address Resolution Protocol (ARP)
Multicast Features
- Internet Group Management Protocol (IGMP): v1, v2, v3
- IGMP snooping: v1, v2, and v3 (Layer 2 only)
- IGMP Filter
- PIM-SM
- Multicast Source Discovery Protocol (MSDP)
Security and Filters
- Secure interface login and password
- RADIUS
- TACACS+
- Ingress and egress filters: Allow and deny, port filters, VLAN filters, and routed filters, including management port filters
- Filter actions: Logging, system logging, reject, mirror to an interface, counters, assign forwarding class, permit, drop, police, mark
- SSH v1, v2
- Static ARP support
- Storm control, port error disable, and autorecovery
- IP source guard
- Dynamic ARP Inspection (DAI)
- Sticky MAC address
- DHCP snooping
Quality of Service (QoS)
- L2 and L3 QoS: Classification, rewrite, queuing
- Rate limiting:
- Ingress policing: Single-rate two-color policer, two-rate three-color policer
- Egress policing: Policer, policer mark down action
- Egress shaping: Per queue on each port
- 12 hardware queues per port (8 unicast and 4 multicast)
- Strict-priority queuing (PQ), shaped-deficit weighted round-robin (SDWRR), weighted random early detection (WRED), weighted tail drop
- 802.1p remarking
- Layer 2 classification criteria: Interface, MAC address, Ethertype, 802.1p, VLAN
- Congestion avoidance capabilities: WRED
- Trust IEEE 802.1p (ingress)
- Remarking of bridged packets
Data Center Bridging (DCB)
- Priority-based flow control (PFC)—IEEE 802.1Qbb
- Enhanced transmission selection (ETS)—IEEE 802.1Qaz
- Data Center Bridging Capability Exchange (DCBX), DCBx FCoE, and iSCSI type, length, and value (TLVs)
High Availability
- Sub-second Bidirectional Forwarding Detection (BFD)
- Uplink failure detection
MPLS
- Static label-switched paths (LSPs)
- RSVP-based signaling of LSPs
- LDP-based signaling of LSPs
- LDP tunneling (LDP over RSVP)
- MPLS class of service (CoS)
- MPLS LSR support
- IPv6 tunneling (6PE) (via IPv4 MPLS backbone)
- IPv4 L3 VPN (RFC 2547, RFC 4364)
Server Virtualization Management and SDN-Related Protocols
- VXLAN OVSDB
- EVPN VXLAN
- OpenFlow 1.3 client
Management and Analytics Platforms
- Juniper Apstra for Data Center
- Juniper Mist Wired Assurance for Campus
- Junos Space® Network Director for Campus
- Paragon Insights
Device Management and Operations
- Role-based CLI management and access
- CLI via console, telnet, or SSH
- Extended ping and traceroute
- Junos OS configuration rescue and rollback
- Image rollback
- SNMP v1/v2/v3
- Junos XML management protocol
- sFlow v5
- Beacon LED for port and system
- Zero touch provisioning (ZTP)
- OpenStack Neutron Plug-in
- Python
- Junos OS event, commit, and OP scripts
- Junos Telemetry Interface
Traffic Mirroring
- Port-based
- LAG port
- VLAN-based
- Filter-based
- Mirror to local
- Mirror to remote destinations (L2 over VLAN)
Standards Compliance
IEEE Standard
- IEEE standard
- IEEE 802.1D
- IEEE 802.1w
- IEEE 802.1
- IEEE 802.1Q
- IEEE 802.1p
- IEEE 802.1ad
- IEEE 802.3ad
- IEEE 802.1AB
- IEEE 802.3x
- IEEE 802.1Qbb
- IEEE 802.1Qaz
T11 Standards
- INCITS T11 FC-BB-5
Supported RFCs
- RFC 768 UDP
- RFC 783 Trivial File Transfer Protocol (TFTP)
- RFC 791 IP
- RFC 792 ICMP
- RFC 793 TCP
- RFC 826 ARP
- RFC 854 Telnet client and server
- RFC 894 IP over Ethernet
- RFC 903 RARP
- RFC 906 TFTP Bootstrap
- RFC 951 1542 BootP
- RFC 1058 Routing Information Protocol
- RFC 1112 IGMP v1
- RFC 1122 Host requirements
- RFC 1142 OSI IS-IS Intra-domain Routing Protocol
- RFC 1256 IPv4 ICMP Router Discovery Protocol (IRDP)
- RFC 1492 TACACS+
- RFC 1519 Classless Interdomain Routing (CIDR)
- RFC 1587 OSPF not-so-stubby area (NSSA) Option
- RFC 1591 Domain Name System (DNS)
- RFC 1745 BGP4/IDRP for IP—OSPF Interaction
- RFC 1772 Application of the Border Gateway Protocol in the Internet
- RFC 1812 Requirements for IP Version 4 Routers
- RFC 1997 BGP Communities Attribute
- RFC 2030 SNTP, Simple Network Time Protocol
- RFC 2068 HTTP server
- RFC 2131 BOOTP/DHCP relay agent and Dynamic Host
- RFC 2138 RADIUS Authentication
- RFC 2139 RADIUS Accounting
- RFC 2154 OSPF with Digital Signatures (Password, MD-5
- RFC 2236 IGMP v2
- RFC 2267 Network ingress filtering
- RFC 2328 OSPF v2 (edge mode)
- RFC 2338 VRRP
- RFC 2362 PIM-SM (edge mode)
- RFC 2370 OSPF Opaque LSA Option
- RFC 2385 Protection of BGP Sessions via the TCP MD5 Signature Option
- RFC 2439 BGP Route Flap Damping
- RFC 2453 RIP v2
- RFC 2474 Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers
- RFC 2597 Assured Forwarding PHB (per-hop behavior) Group
- RFC 2598 An Expedited Forwarding PHB
- RFC 2697 A Single Rate Three Color Marker
- RFC 2698 A Two Rate Three Color Marker
- RFC 2796 BGP Route Reflection—An Alternative to Full Mesh IBGP
- RFC 2918 Route Refresh Capability for BGP-4
- RFC 3065 Autonomous System Confederations for BGP
- RFC 3376 IGMP v3 (source-specific multicast include mode only)
- RFC 3392 Capabilities Advertisement with BGP-4
- RFC 3446 Anycast RP
- RFC 3569 SSM
- RFC 3618 MSDP
- RFC 3623 Graceful OSPF Restart
- RFC 4271 Border Gateway Protocol 4 (BGP-4)
- RFC 4360 BGP Extended Communities Attribute
- RFC 4456 BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP)
- RFC 4486 Subcodes for BGP Cease Notification Message
- RFC 4724 Graceful Restart Mechanism for BGP
- RFC 4812 OSPF Restart Signaling
- RFC 4893 BGP Support for Four-octet AS Number Space
- RFC 5176 Dynamic Authorization Extensions to RADIUS
- RFC 5396 Textual Representation of Autonomous System (AS) Numbers
- RFC 5668 4-Octet AS Specific BGP Extended Community
- RFC 5880 Bidirectional Forwarding Detection (BFD) Dynamic Host Configuration Protocol (DHCP) server
Supported MIBs
- RFC 1155 SMI
- RFC 1157 SNMPv1
- RFC 1212, RFC 1213, RFC 1215 MIB-II, Ethernet-Like MIB and TRAPs
- RFC 1850 OSPFv2 MIB
- RFC 1901 Introduction to Community-based SNMPv2
- RFC 2011 SNMPv2 for Internet Protocol using SMIv2
- RFC 2012 SNMPv2 for the Transmission Control Protocol using SMIv2
- RFC 2013 SNMPv2 for the User Datagram Protocol using SMIv2
- RFC 2233 The Interfaces Group MIB using SMIv2
- RFC 2287 System Application Packages MIB
- RFC 2570 Introduction to Version 3 of the Internet-standard Network Management Framework
- RFC 2571 An Architecture for describing SNMP Management Frameworks (read-only access)
- RFC 2572 Message Processing and Dispatching for the SNMP (read-only access)
- RFC 2576 Coexistence between SNMP Version 1, Version 2, and Version 3
- RFC 2578 SNMP Structure of Management Information MIB
- RFC 2579 SNMP Textual Conventions for SMIv2
- RFC 2580 Conformance Statements for SMIv2
- RFC 2665 Ethernet-like Interface MIB
- RFC 2787 VRRP MIB
- RFC 2790 Host Resources MIB
- RFC 2819 RMON MIB
- RFC 2863 Interface Group MIB
- RFC 2932 IPv4 Multicast MIB
- RFC 3410 Introduction and Applicability Statements for Internet Standard Management Framework
- RFC 3411 An Architecture for Describing SNMP Management Frameworks
- RFC 3412 Message Processing and Dispatching for the SNMP
- RFC 3413 Simple Network Management Protocol (SNMP) Applications—(all MIBs are supported except the Proxy MIB)
- RFC 3414 User-based Security Model (USM) for version 3 of SNMPv3
- RFC 3415 View-based Access Control Model (VACM) for the SNMP
- RFC 3416 Version 2 of the Protocol Operations for the SNMP
- RFC 3417 Transport Mappings for the SNMP
- RFC 3418 Management Information Base (MIB) for the SNMP
- RFC 3584 Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework
- RFC 3826 The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model
- RFC 4188 Definitions of Managed Objects for Bridges
- RFC 4318 Definitions of Managed Objects for Bridges with Rapid Spanning Tree Protocol
- RFC 4363b Q-Bridge VLAN MIB
Approvals
Safety
- CAN/CSA-C22.2 No. 60950-1 Information Technology Equipment—Safety
- UL 60950-1 (Second Edition) Information Technology Equipment—Safety
- IEC 60950-1 Information Technology Equipment—Safety (All country deviations): CB Scheme report
- EN 60825-1 Safety of Laser Products—Part 1: Equipment Classification
NEBS
- GR-63-Core Network Equipment, Building Systems (NEBS) Physical Protection
- GR-1089-Core EMC and Electrical Safety for Network Telecommunications Equipment
EMC
- FCC 47CFR, Part 15 Class A USA Radiated Emissions
- ICES-003 Class A
- EN 55022 Class A European Radiated Emissions
- CISPR 22 Class A
- EN 55032 Class A
- CISPR 32 Class A
- EN 55024
- CISPR 24
- EN 300 386
- VCCI Class A Japanese Radiated Emissions
- BSMI CNS 13438 Taiwan Radiated Emissions
- AS/NZS CISPR22
- AS/NZS CISPR32
Environmental Compliance
Restriction of Hazardous Substances (ROHS) 6/6
Silver PSU Efficiency
Recycled material
Waste Electronics and Electrical Equipment (WEEE)
Registration, Evaluation, Authorisation and Restriction of Chemicals (REACH)
China Restriction of Hazardous Substances (ROHS)
Telco
- Common Language Equipment Identifier (CLEI) code
Environmental Ranges
Table 5. Environmental RangesParameters Value Operating temperature 32° to 104° F (0° to 40° C) Storage temperature -40° to 158° F (-40° to 70° C) Operating altitude Up to 2,000 ft (610 m) Relative humidity operating Operating: 5% to 90% (noncondensing) Relative humidity non-operating Non-operating: 0% to 95% (noncondensing) Juniper Networks Services and Support
Juniper Networks leads the market in performance-enabling services designed to accelerate, extend, and optimize your deployments. Our services enable you to maximize operational efficiency, reduce costs, and minimize risk while achieving a faster time-to-value for your network. By leveraging best practices from across the industry, you get the maximum levels of system performance, designed and delivered by the world’s leading professional technology experts. For more information, please visit https://www.juniper.net/us/en/products.html.Ordering Information
Product Number Description Switch Hardware QFX5110-48S-AFI QFX5110, 48 SFP+ and 4 QSFP28, back-to-front AC QFX5110-48S-AFO QFX5110, 48 SFP+ and 4 QSFP28, front-to-back AC QFX5110-48S-DC-AFI QFX5110, 48 SFP+ and 4 QSFP28, back-to-front DC QFX5110-48S-DC-AFO QFX5110, 48 SFP+ and 4 QSFP28, front-to-back DC QFX5110-32Q-AFI 32 QSFP+/20 QSFP+ QSFP28, back-to-front AC QFX5110-32Q-AFO 32 QSFP+/20 QSFP+ QSFP28, front-to-back AC QFX5110-32Q-DC-AFI 32 QSFP+/20 QSFP+ QSFP28, back-to-front DC QFX5110-32Q-DC-AFO 32 QSFP+/20 QSFP+ QSFP28, front—to-back DC QFX5110-FANAFI QFX5110-FANAFI fan model, back-to-front airflow QFX5110-FANAFO QFX5110-FANAFO fan model, front-to-back airflow JPSU-650W-AC-AFO Juniper 650W AC power supply (port-side-to-FRU-side airflow) JPSU-650W-AC-AFI Juniper 650W AC power supply (FRU-side-to-port-side airflow) JPSU-650W-DC-AFO Juniper 650W DC power supply (port-side-to-FRU-side airflow) JPSU-650W-DC-AFI Juniper 650W DC power supply (FRU-side-to-port-side airflow) Optics and Transceivers QFX-SFP-1GE-T SFP 1000BASE-T copper transceiver module for up to 100 m transmission on Category 5 QFX-SFP-1GE-SX SFP 1000BASE-SX GbE optics, 850 nm for up to 550 m transmission on multimode fiber QFX-SFP-1GE-LX SFP 1000BASE-LX GbE optics, 1,310 nm for 10 km transmission on single-mode fiber QFX-SFP-10GE-USR SFP+ 10GbE ultra short reach optics, 850 nm for 10 m on OM1, 20 m on OM2, 100 m on OM3 multimode fiber QFX-SFP-10GE-SR SFP+ 10GBASE-SR 10GbE optics, 850 nm for up to 300 m transmission on multimode fiber QFX-SFP-10GE-LR SFP+ 10GBASE-LR 10GbE optics, 1310 nm for 10 km transmission on single-mode fiber QFX-SFP-10GE-ER SFP+ 10GBASE-ER 10GbE optics, 1,550 nm for 40 km transmission on single-mode fiber EX-SFP-10GE-ZR SFP+ 10GBASE-ZR 10GbE optics, 1,550 nm for 80 km transmission on single-mode fiber QFX-SFP-DAC-1M SFP+ 10GbE Direct Attach Copper (twinax copper cable), 1 m QFX-SFP-DAC-3M SFP+ 10GbE Direct Attach Copper (twinax copper cable), 3 m QFX-SFP-DAC-5M SFP+ 10GbE Direct Attach Copper (twinax copper cable), 5 m QFX-SFP-DAC-1MA SFP+ 10GbE Direct Attach Copper (active twinax copper cable), 1 m QFX-SFP-DAC-3MA SFP+ 10GbE Direct Attach Copper (active twinax copper cable), 3 m QFX-SFP-DAC-5MA SFP+ 10GbE Direct Attach Copper (active twinax copper cable), 5 m QFX-SFP-DAC-7MA SFP+ 10GbE Direct Attach Copper (active twinax copper cable), 7 m QFX-SFP-DAC-10MA SFP+ 10GbE Direct Attach Copper (active twinax copper cable), 10 m JNP-QSFP-40G-LX4 40GbE QSFP+ LX4 optics QFX-QSFP-40G-SR4 QSFP+ 40GBASE-SR4 40GbE optics, 850 nm for up to 150 m transmission on multimode fiber QFX-QSFP-40G-ESR4 QSFP+ 40GBASE-SR4 40GbE optics, 850 nm for up to 300 m transmission on multimode fiber JNP-QSFP-40GE-IR4 QSFP+ 40GBASE-LR4 40GbE optics for up to 1 km transmission over single-mode fiber JNP-QSFP-4x10GE-IR QSFP+ 40GBASE-LR4 40GbE optics for up to 1 km transmission over parallel single-mode fiber JNP-QSFP-40G-LR4 40GbE QSFP+ LR4 EX-QSFP-40GE-DAC-50CM 40GbE QSFP+ 0.5 m Direct attach QFX-QSFP-DAC-1M QSFP+ to QSFP+ Ethernet Direct Attach Copper (twinax copper cable), 1 m passive QFX-QSFP-DAC-3M QSFP+ to QSFP+ Ethernet Direct Attach Copper (twinax copper cable), 3 m passive JNP-QSFP-DAC-5M QSFP+ to QSFP+ Ethernet Direct Attach Copper (twinax copper cable), 5 m passive JNP-QSFP-DAC-7MA 40GbE QSFP+ 7 m, direct attach JNP-QSFP-DAC-10MA 40GbE QSFP+ 10 m, direct attach QFX-QSFP-DACBO-1M QSFP+ to SFP+ 10GbE Direct Attach Breakout Copper (twinax copper cable), 1 m JNP-QSFP-DACBO-5MA QSFP+ to SFP+ 10GbE Direct Attach Breakout Copper (twinax copper cable), 5 m active JNP-QSFP-DACBO-7MA QSFP+ to SFP+ 10GbE Direct Attach Breakout Copper (twinax copper cable), 7 m active JNP-QSFP-DACBO-10M QSFP+ to SFP+ 10GbE Direct Attach Breakout Copper (twinax copper cable), 10 m active JNP-QSFP-100G-SR4 QSFP28 100GbE, SR4, 100 m JNP-QSFP-100G-CWDM QSFP28 100GbE, CWDM4, 2 km JNP-QSFP-100G-LR4 QSFP28 100GbE, LR4, 10 km JNP-100G-AOC-1M QSFP28, 100GbE, AOC, 1 m JNP-100G-AOC-3M QSFP28, 100GbE, AOC, 3 m JNP-100G-AOC-5M QSFP28, 100GbE, AOC, 5 m JNP-100G-AOC-7M QSFP28, 100GbE, AOC, 7 m JNP-100G-AOC-10M QSFP28, 100GbE, AOC, 10 m JNP-100G-AOC-15M QSFP28, 100GbE, AOC, 15 m JNP-100G-AOC-20M QSFP28, 100GbE, AOC, 20 m JNP-100G-AOC-30M QSFP28, 100GbE, AOC, 30 m Software Feature Licenses QFX5K-C1-PFL QFX5000 Class 1 Premium Feature License QFX5K-C1-AFL QFX5000 Class 1 Advanced Feature License -
Product Overview
Changing market dynamics have intensified the challenge of accommodating growth with traditional products and architectures. Juniper’s secure and automated solutions help cloud-based networks quickly react to these evolving conditions, accelerating service delivery with world-class products and innovative architectural components. PTX Series Fixed Configuration Routers with custom Express3 and Express4 silicon are an integral part of this solution, delivering a massively scalable and efficient core architecture across space- and power-constrained cloud provider, service provider, and enterprise networks, reducing TCO with innovative, highly flexible, high-performance platforms built for the most demanding environments.Product Description
The Juniper Networks® PTX Series Packet Transport Routers transform the core network with physical and virtual innovations that deliver unprecedented scale at the lowest cost per bit. Four fixed-configuration platforms are available: the PTX1000 Packet Transport Router, the industry’s first 2 U packet transport routing device; the PTX10001-36MR Packet Transport Router, a compact, power-optimized 400GbE platform based on custom Express4 silicon; the PTX10002 Packet Transport Router, a second-generation device that doubles the density of the PTX1000 with Juniper Networks Express3™ silicon; and the PTX10003, the industry’s first 3U 400-GbE enabled packet transport routing device. These transport routers give cloud and communication providers the freedom to develop and deliver new virtualized services anywhere in the network with elastic architectures and precise traffic controls, without compromising the service experience.The Evolving Landscape
New traffic dynamics such as mobility, video, and cloud-based services are transforming traditional network patterns and topologies. Stratified, statically designed, and manually operated networks must evolve to support the constantly growing volumes of traffic quickly and economically. Many operators have seen their profits stagnate and TCO grow under the burden that these growing traffic volumes are imposing. Cloud and service providers need to become more agile in order to optimize their existing network resources, shorten planning cycles, and remove rigid network layers. Operators are facing the following challenges under the current environment:- Static scale: The cloud and communication providers’ backbone handles the full weight of network traffic. Therefore, it is paramount that core networks are inherently designed for scalability and efficiency. The 400GbE-capable platforms, 100/400GbE inline MACsec, silicon, system, and SDN innovations for the core empower network operators to scale faster than the traffic in an elegant, elastic, redundant package—without requiring forklift upgrades.
- Static architecture: Virtualized services and the explosion of cloud-based applications are creating increasingly unpredictable traffic patterns. To handle this unpredictability, service providers need a dynamic, scale-out architecture across all layers to create programmable, traffic-optimized networks that support any service, anywhere.
- Power costs: For cloud and communication providers, the operational cost of transmitting a packet through the core is less than the cost of the power required to move that packet. In fact, projections suggest that over a few short years, the total power draw will exceed the cost of deploying the entire network infrastructure. Efficient power utilization by the core router requires a holistic ground-up engineering approach.
- Facility limitations: Service providers cannot grow their facilities exponentially forever. They need innovations that provide a low-touch deployment model optimized around space availability, facility power requirements, and floor weight thresholds. Transport-oriented central office locations have the added burden of meeting European Telecommunications Standards Institute (ETSI) standard depth. Any transit router innovation must operate within these constraints.
Architecture and Key Components
The PTX1000, PTX10001-36MR, PTX10002, and PTX10003 fixed-configuration packet transport routers bring physical and virtual innovation to the cloud and service provider core networks, addressing concerns about operational expenditures while scaling organically to keep pace with growing traffic demands with the following features:- Core routing: The PTX1000, PTX10001-36MR, PTX10002, and PTX10003 employ a massively scalable yet compact 1, 2, or 3 U form factor with secure connectivity and high flexibility.
- Peering: The PTX Series fixed platforms are perfect for scale-out peering in space- and power-constrained environments with full traffic visibility and L3 services.
- LSR: The PTX Series fixed platforms provide 2.88 Tbps to 16 Tbps aggregate capacity for multi-plane core networks as an LSR router. They can also be positioned as an LSR fabric node in spine-leaf architectures for increased scale and reduced blast radius.
- CDN Gateway: The compact PTX Series offers high routing scale in a 1, 2, or 3 U fixed form factor for full traffic statistics visibility and deep buffers.
- Data Center Interconnect (DCI): The PTX10001-36MR and PTX10003 offer secure inline MACsec with no compromise in throughput or latency, and an extended range enabled by 400GbE ZR / ZR+.
Innovations in Silicon
Physical innovations at the core silicon level enable the PTX Series fixed-configuration routers to reduce OpEx and accommodate scale-out architectures with smooth migration paths as traffic patterns change.Express3 and Express-Based Silicon
The PTX1000 and PTX10002 are powered by Express3 silicon, delivering predictable IP/MPLS packet performance and functionality. The PTX10003 is powered by functionally equivalent Express3 Silicon to support high-density 100/200/400GbE interfaces and inline MACsec with no performance penalty while delivering the same IP/MPLS functionality. Express3 silicon eliminates the complex sawtooth packet profile found in elaborate, over-engineered network processing units (NPUs) deployed in other core routers. This delivers the peering scale required to match expanding traffic demands. These devices build upon the Juniper Networks Junos® Express silicon concepts of low consistent latency and wire-rate packet performance for both IP traffic and MPLS transport, without sacrificing the optimized system power profile. These concepts are incorporated into the PTX Series design along with full IP functionality, preserving the spirit of the original Junos Express chipset. The Express3 silicon is the first purpose-built telecommunications silicon to engineer a 3D memory architecture into the base design for more than 1.6 billion filter operations per second, dynamic table memory allocation for mammoth IP routing scale, and enormous power efficiency gains. The PTX10003 supports inline MACsec on all interfaces using 10/40/100GbE.Express4 Silicon
The PTX10001-36MR is powered by the highly scalable, next-generation ASIC in the Express silicon family, Juniper Express4 silicon—the industry’s first inline MACsec for 400GbE chips that supports universal multirate QSFP56-DD. Juniper Express4 silicon delivers consistently low latency, 8m counters, 256 AES MACsec encryption supported on all ports, and wire-rate packet performance for IP traffic without sacrificing the optimized system power profile. Preserving the spirit of the Junos Express silicon family, Juniper Express4 silicon is the first purpose-built telecommunications silicon to incorporate a 3D memory architecture into the base design, offering the industry’s highest packet performance per gigabit in the fewest rack units. It also provides dynamic table memory allocation for massive IP routing scale while delivering tremendous power efficiency gains at 0.14 Watts/Gig. The ability to address a provider’s core networking requirements—scale, operational flexibility, and SDN control—begins with the silicon. With the PTX Series fixed-configuration routers, operators can now deploy a core architecture with SDN control. Combining Juniper Networks NorthStar Controller with a robust full-featured Internet backbone router, and a regional IP/MPLS core router with integrated 100GbE coherent transport for superior performance, operators can tune their network infrastructure through proactive monitoring and what-if planning capabilities. The NorthStar Controller dynamically creates explicit routing paths using a global view based on user-defined constraints to create a fully autonomous operation. Scale is one of the guiding design principles for the PTX Series routers, allowing network operators to smoothly handle increased traffic demands. The PTX Series fixed-configuration routers simplify network engineering challenges with predictable system latency, improving the overall service experience by delivering best-in-class resiliency to help providers meet strict customer service-level agreements (SLAs). Operational efficiency is another design attribute for the PTX Series routers, focusing on power, space, and weight—fundamental concerns that affect network operators’ operational budgets. Juniper has designed the PTX Series to fit the requirements of current and future data center facilities. SDN programmability brings virtual innovations to the service provider core, while the NorthStar Controller offers an open, standards-based solution that optimizes both the IP layer and the transport layer with precise SDN control, allowing network operators to fully automate and scale their operations with ease.PTX1000, PTX10002, and PTX10003 Fixed-Configuration Packet Transport Routers
PTX1000
The PTX1000, with its rich IP/MPLS feature set, lets service providers organically distribute peering points throughout the network without sacrificing performance and deployability—the main contributors to eroding TCO for service providers when peering. The PTX1000 expands the applications scope that the PTX Series architecture addresses, enabling service providers to implement a distributed core architecture for interconnecting growing cloud services. Service providers can distribute peering points to match traffic demand with an optimized core router without sacrificing performance or deployability. The PTX1000 is a first-generation fixed-configuration core router, providing up to 3 million FIB and 10+ million routing information base (RIB) in a 2 U footprint, making it easily deployable in space-constrained Internet exchange locations, remote central offices, and embedded peering points anywhere in the network, including cloud-hosted services. The PTX1000 operates at 2.88 Tbps in a fixed core router configuration and supports flexible interface configuration options, including 288 10GbE ports via a quad small form-factor pluggable plus transceiver (QSFP+) breakout, 72 40GbE ports via QSFP+, and 24 100GbE ports via QSFP28.PTX10001-36MR
The PTX10001-36MR features a compact, 1 U form factor that is easy to deploy in space- and power-constrained Internet exchange locations, remote central offices, and embedded peering points throughout the network, including cloud- hosted services. The PTX10001-36MR is particularly suited for power-constrained environments, providing unprecedented power efficiency of 0.14 watts/Gbps. It offers up to 4 million IPv4 FIB, deep buffers, and integrated 100GbE and 400GbE MACsec capabilities. The PTX10001-36MR operates at 9.6 Tbps in a fixed core router configuration with 36 multi-rate ports—24 400GbE (QSFP56-DD) ports and 12 100GbE (QSFP28) ports to facilitate the migration from 100GbE to 400GbE deployments. The PTX10001-36MR features flexible interface configuration options with universal multi-rate QSFP-DD for 100GbE/400GbE to support 120 10GbE ports with QSFP+ breakout, 60 100GbE ports with QSFP28-DD (24x2) and QSFP28 (12), 108 100GbE ports with QSFP56-DD breakout (24x4) and QSFP28 (12), and 24 400GbE ports with QSFP56-DD. PTX10001-36MR supports MACSec on all ports, regardless of the port speed.PTX10002
The PTX10002 is a second-generation PTX Series fixed-configuration core router featuring a compact, 2 U form factor that is easy to deploy in space-constrained Internet exchange locations, remote central offices, and embedded peering points throughout the network, including cloud-hosted services. The PTX10002 operates at 6 Tbps in a fixed core router configuration. It supports flexible interface configuration options, offering 60 physical quad small form-factor pluggable 28 (QSFP28) 100GbE ports, 60 QSFP+ 40GbE ports, and 192 10GbE ports via QSFP+ breakout cables.PTX10003
The PTX10003 is a fixed-configuration core router featuring a compact, 3 U form factor that is easy to deploy in space-constrained Internet exchange locations, remote central offices, and embedded peering points throughout the network, including cloud-hosted services. It offers up to 4 million FIB, deep buffers, and integrated 100GbE MACsec capabilities. The PTX10003 uniquely addresses power-constrained environments by providing unprecedented power efficiency of 0.2 watts/Gbps. Two versions of the PTX10003 are available, supporting 8 Tbps and 16 Tbps respectively in a 3 U footprint. Operating in a fixed core router configuration, the 8 Tbps model features flexible interface configuration options with universal multi-rate QSFP-DD for 100GbE/400GbE to support 160 (QSFP+) 10GbE ports, 80 (QSFP28) 100GbE ports, 32 (QSFP28-DD) 200GbE ports, and 16 (QSFP56-DD) 400GbE ports. The 16 Tbps model also offers universal multi-rate QSFP-DD for 100GbE/400GbE to support 320 (QSFP+) 10GbE ports, 160 (QSFP28) 100GbE ports, 64 (QSFP28-DD) 200GbE ports, and 32 (QSFP56-DD) 400GbE ports. PTX10001-36MR and PTX10003 routers offer native SFP+ transceiver support through QSFP adapter, MAM1Q00A-QSA . This option enables deployments where 10GE connectivity over more than 10KM single mode fiber links is required.Features and Benefits
Performance is one of the guiding design principles for the PTX Series Packet Transport Routers. This focus empowers cloud and service providers with superior scale to match increased traffic levels and network engineering challenges with predictable system latency to improve the overall service experience, deliver best-in-class resiliency, and ensure that services meet strict customer SLAs. Deployability is the other guiding design principle for the PTX Series routers, focusing on power, space, and weight—fundamental concerns that impact service providers’ operational budget with respect to growing traffic. Infinite programmability with automation and telemetry brings virtual innovations to the cloud and service provider core, while the NorthStar Controller is an open, standards-based solution that optimizes both the IP layer and the transport layer with precise SDN control, allowing service providers to automate and scale operations with efficiency, simplicity, and security. One Junos Experience delivers operational consistency and uniformity across PTX Series platforms and solutions. The most modern OS on the market, Junos Evolved, is designed from the ground up for reliability, resiliency, velocity, and integration simplicity. Table 1 summarizes the features available on the fixed-configuration PTX Series Packet Transport Routers.Table 1. Fixed-Configuration PTX Series Features and BenefitsFeature Feature Description Benefit System capacity The PTX1000 scales to 3 Tbps in a single chassis, breaking out into 288 10GbE, 72 40GbE, and 24 100GbE interfaces. The PTX10001-36MR scales to 9.6 Tbps in a single chassis, featuring flexible interface configuration options with universal multi-rate QSFP-DD for 100GbE/400GbE to support 120 10GbE ports with QSFP+ breakout, 60 100GbE ports with QSFP28-DD (24x2) and QSFP28 (12), 108 100GbE ports with QSFP56-DD breakout (24x4) and QSFP28 (12), and 24 400GbE ports with QSFP56-DD. The PTX10002 scales to 6 Tbps in a single chassis, breaking out into 192 10GbE, 60 40GbE, and 60 100GbE interfaces. The PTX10003 8 Tbps model scales to 8 Tbps is a single chassis, breaking out into 160 10GbE, 80 100GbE, 32 200GbE, and 16 400GbE interfaces. The PTX10003 16 Tbps model scales to 16 Tbps in a single chassis, breaking out into 320 10GbE, 160 100GbE, 64 200GbE, and 32 400GbE interfaces. The PTX1000, PTX10001-36MR, PTX10002, and PTX10003 give cloud and service providers the performance and scalability needed to outpace growing traffic demands. High availability (HA) hardware The PTX1000, PTX10001-36MR, PTX10002 and PTX10003 are built with hardware redundancy for cooling, power supplies, and forwarding. HA is critical for service providers to maintain an always-on infrastructure base and meet stringent SLAs across the core. Packet performance The PTX1000 and PTX10002 include groundbreaking Express3 silicon, empowering them with unparalleled packet processing for both full IP functionality and MPLS transport, leveraging a revolutionary 3D memory architecture. The PTX10003 uses a newer version of Express3 silicon that delivers inline MACsec on all ports and dense 100/400GbE. The PTX10001-36MR uses the next generation of Express, Express4 silicon, that delivers 100/400GbE inline MACsec on all ports for dense 400GbE architectures. Exceptional packet processing capabilities help alleviate the challenge of scaling the network as traffic levels increase while optimizing IP/MPLS transit functionality around superior performance and elegant deployability. Ultra-compact 1 U, 2 U and 3 U form factor With cutting-edge innovation in power and cooling technology, the PTX fixed-configuration core routers provide compact, power-optimized scale and efficiency. The PTX1000 provides 2.88 Tbps of capacity in a 2 U form factor; the PTX10001-36MR provides 9.6 Tbps in a 1 U form factor; the PTX10002 provides 6 Tbps of capacity in a 2 U form factor; the PTX10003 provides up to 16 Tbps of capacity in a 3 U form factor. Space efficiency is a critical requirement for peering Internet exchange points, peering collocations, central offices, and regional networks, especially in emerging markets. Security The PTX Series Packet Transport routers use a combination of hardware-based mechanisms like MACsec and software-based features like firewall filters and DDoS to provide scalable security. 100GbE and 400GbE inline MACsec is supported on all ports with no compromise in latency. Inline data plane MACsec security with no throughput or latency penalties in addition to control plane security with DDoS. PTX Series Fixed-Configuration Routers Specifications
Hardware PTX1000 PTX10001-36MR PTX10002 PTX10003 (8T) PTX10003 (16T) System throughput 3 Tbps 9.6 Tbps 6 Tbps 8 Tbps 16 Tbps Forwarding capacity Up to 2 Bpps Up to 6 Bpps Up to 4 Bpps Up to 5.3 Bpps Up to 10.6 Bpps Max. 10GbE port density 288 120 192 160 320 Max. 40GbE port density 72 30 60 40 80 Max. 100GbE port density 24 108 60 80 160 Max 200GbE port density - 48 - 32 64 Max 400GbE port density - 24 - 16 32 Dimension (WxHxD) 17.4 x 3.46 x 31 in (44.2 x 8.8 x 78.7 cm) 17.3 x 1.75 x 25.5 in (44 x 4.45 x 64.8 cm) 17.4 x 3.46 x 31 in (44.2 x 8.8 x 78.7 cm) 17.4 x 5.25 x 31 in (44.2 x 13.3 x 78.7 cm) 17.4 x 5.25 x 31 in (44.2 x 13.3 x 78.7 cm) Rack units 2 U 1 U 2 U 3 U 3 U Weight 68 lb (31 kg) 39.7 lb (18 kg) 68 lb (31 kg) 88 lb (40 kg) 110 lb (50 kg) CPU Intel Quad Core Ivy Bridge 2.5 GHz CPU Intel Xeon 12-Core 2.1 GHz CPU Intel Quad Core Ivy Bridge 2.5 GHz CPU Intel Broadwell CPU with 12 Cores Intel Broadwell CPU with 12 Cores RAM 32 Gb SDRAM 64 Gb SDRAM 32 Gb SDRAM 64 Gb SDRAM 64 Gb SDRAM SSD 64 GBx2 200 GBx2 64 GBx2 200 GBx2 200 GBx2 Maximum power draw 1425 W (AC, DC), 4862 BTU/hr 2164 W (AC, DC), 7384 BTU/hr 2425 W (AC, DC), 8274 BTU/hr ~2500 W (AC,DC), 8525 BTU/hr ~4000 W (AC.DC), 13640 BTU/hr Typical power draw 1050 W (AC, DC), 3583 BTU/hr 1300 W (AC, DC), 4436 BTU/hr 1850 W (AC, DC), 6312 BTU/hr ~1600 W (AC,DC), 5456 BTU/hr ~3100W (AC,DC), 10571 BTU/hr Power supply 4x1600 watts (AC/DC) 2x3000 watts (AC/DC) 4x1600 watts (AC/DC) 2x3000 watts (AC/DC) 4x3000 watts (AC/DC) Cooling (front-to-back fan) 3 hot-swappable redundant fans 6 hot-swappable redundant fans 3 hot-swappable redundant fans 3 hot-swappable redundant fans 5 hot-swappable redundant fans Packet buffer 24 Gb 24 Gb 24 Gb 64 Gb 128 Gb Latency 2.5 µs within Packet Forwarding Engine (PFE), 5 µs between PFEs 2.5 µs within PFE, 5 us between PFEs 2.5 µs within PFE, 5 us between PFEs 2.5 µs within PFE, 5 us between PFEs 2.5 µs within PFE, 5 us between PFEs Power Efficiency (watts/Gbps) 0.4 0.14 0.3 0.2 0.2 PTX1000, PTX10002, and PTX10003 Software Feature Table
Feature PTX1000 PTX10001-36MR PTX10002 PTX10003 (8/16 Tbps) MPLS-TE Yes Yes Yes Yes MPLS LSR Yes Yes Yes Yes Firewall filters ACL Yes Yes Yes Yes SPRINGv4 Yes Yes Yes Yes DDoS control plane Yes Yes Yes Yes JFlow/SFlow Yes Yes Yes Yes BGP FlowSpec, EPE, URPF, L3VPN Yes Yes Yes Yes Integrated routing and bridging (IRB) Yes Yes Yes Yes Telemetry, NETCONF/YANG Yes Yes Yes Yes Zero Touch Provisioning (ZTP) Yes Yes Yes Yes PCEP, BGP-LS Yes Yes Yes Yes Fast restoration Yes Yes Yes Yes Operation, Administration, and Maintenance (OAM) Yes Yes Yes Yes Management Interfaces
- 1 small form-factor pluggable transceiver (SFP/SFP+) port or Precision Time Protocol (PTP) Grandmaster
- Fiber (SFP) or 10/100/1000BASE-T (RJ-45) Ethernet management port
- SMB in, SMB out, 10 MHz in, 10 MHz out
- One console port
- USB 2.0 storage interface
Environmental Ranges
- Operating temperature: 32° to 115° F (0° to 46° C) at sea level
- Storage temperature: -40° to 158° F (-40° to 70° C)
- Operating altitude: Up to 10,000 ft. (3048 m)
- Relative humidity operating: 5 to 90% (noncondensing)
- Relative humidity nonoperating: 5 to 95% (noncondensing)
- Seismic: Designed to meet GR-63, Zone 4 earthquake requirements
Safety and Compliance
Safety
- CAN/CSA-C22.2 No. 60950-1 Information Technology Equipment—Safety
- UL 60950-1 Information Technology Equipment—Safety
- EN 60950-1 Information Technology Equipment—Safety
- IEC 60950-1 Information Technology Equipment—Safety (all country deviations)
- EN 60825-1 Safety of Laser Products—Part 1: Equipment Classification
Electromagnetic Compatibility
- 47CFR Part 15, (FCC) Class A
- ICES-003 Class A
- EN 55022 Class A
- CISPR 22 Class A
- EN 55024
- CISPR 24
- EN 300 386
- VCCI Class A
- AS/NZA CISPR22 Class A
- KN22 Class A
- CNS 13438 Class A
- EN 61000-3-2
- EN 61000-3-3
- ETSI
- ETSI EN 300 019: Environmental Conditions & Environmental Tests for Telecommunications Equipment
- ETSI EN 300 019-2-1 (2000)—Storage
- ETSI EN 300 019-2-2 (1999)—Transportation
- ETSI EN 300 019-2-3 (2003)—Stationary Use at Weather-protected Locations
- ETS 300753 (1997)—Acoustic noise emitted by telecommunications equipment
Environmental Compliance
Restriction of Hazardous Substances (ROHS) 6/6
Silver PSU Efficiency
Recycled material
Waste Electronics and Electrical Equipment (WEEE)
Registration, Evaluation, Authorisation and Restriction of Chemicals (REACH)
China Restriction of Hazardous Substances (ROHS)
Telco
- Common Language Equipment Identifier (CLEI) code
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.Automated Support and Prevention
Juniper’s Automated Support and Prevention consists of an ecosystem of tools, applications, and systems targeted towards simplifying and streamlining operations, delivering operational efficiency, reducing downtime, and increasing your network’s ROI running Juniper Networks Junos operating system. Automated Support and Prevention brings operational efficiency by automating several time-consuming tasks such as incident management, inventory management, proactive bug notification, and on-demand EOL/EOS/EOE reports. The Junos Space® Service Now and Service Insight service automation tools are standard entitlements of all Juniper Care contracts.Warranty
For warranty information, please visit https://support.juniper.net/support/warranty/Ordering Information
Product Number Description PTX1000 PTX1K-72Q-AC PTX1000 base system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-72Q-DC PTX1000 base system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX1K-72Q-AC-IR PTX1000 LSR/peering system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-72Q-DC-IR PTX1000 LSR/peering system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX1K-72Q-AC-R PTX1000 full IP system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-72Q-DC-R PTX1000 full IP system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX1K-36Q-AC PTX1000 base system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-36Q-DC PTX1000 base system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX1K-36Q-AC-IR PTX1000 LSR/peering system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-36Q-DC-IR PTX1000 LSR/peering system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX1K-36Q-AC-R PTX1000 full IP system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-36Q-DC-R PTX1000 full IP system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX1K-18Q-AC PTX1000 base system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-18Q-DC PTX1000 base system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX1K-18Q-AC-IR PTX1000 LSR/peering system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-18Q-DC-IR PTX1000 LSR/peering system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX1K-18Q-AC-R PTX1000 full IP system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX1K-18Q-DC-R PTX1000 full IP system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays S-PTX1K-72Q-SCA-UP PTX1000 scale-up software license to upgrade 72 port system (base to LSR or LSR to full IP) S-PTX1K-36Q-SCA-UP PTX1000 scale-up software license to upgrade 36 port system (base to LSR or LSR to full IP) S-PTX1K-18Q-SCA-UP PTX1000 scale-up software license to upgrade 18 port system (base to LSR or LSR to full IP) S-PTX1K-UPG-18Q PTX1000 software license to add 18 more ports to base system S-PTX1K-UPG-18Q-IR PTX1000 software license to add 18 more ports to LSR/peering system S-PTX1K-UPG-18Q-R PTX1000 software license to add 18 more ports to full IP system JPSU-1600W-AC-AFO PTX1000 1600 W AC power supply JPSU-1600W-DC-AFO PTX1000 1600 W DC power supply PTX1000-FAN-S PTX1000 fan JNP-3000W-DC-AFO DC power supply for JNP10003-160C and JNP10003-80C fixed platforms PTX10001-36MR PTX10001-36MR-AC PTX10001 36 QSFP56-DD / QSFP28 multi-rate port base system with redundant AC Power supplies, FAN trays, Junos Evolved PTX10001-36MR-DC PTX10001 36 QSFP56-DD / QSFP28 multi-rate port base system with redundant DC Power supplies, FAN trays, Junos Evolved JNP-FAN2-1RU Fan Tray for JNP10001-36MR platform JNP10001-36MR JNP10001 chassis with 36 QSFP56-DD / QSFP28 multi-rate ports, no power supplies or fans JNP-3000W-AC-AFO AC power supply for JNP10001-36MR fixed platform JNP-3000W-DC-AFO DC power supply for JNP10001-36MR fixed platform S-PTX10K-108C-A1-P SW, PTX10K fixed platform, 10.8T, right-to-use Advanced1 tier, without SW support, Perpetual S-PTX10K-108C-A2-P SW, PTX10K fixed platform, 10.8T, right-to-use Advanced2 tier, without SW support, Perpetual S-PTX10K-108C-P1-P SW, PTX10K fixed platform, 10.8T, right-to-use Premium1 tier, without SW support, Perpetual S-PTX10K-108C-P2-P SW, PTX10K fixed platform, 10.8T, right-to-use Premium2 tier, without SW support, Perpetual S-PTX10K-108C-A1-5 SW, PTX10K fixed platform, 10.8T, right-to-use Advanced1 tier, with SW support, 5 Years S-PTX10K-108C-A2-5 SW, PTX10K fixed platform, 10.8T, right-to-use Advanced2 tier, with SW support, 5 Years S-PTX10K-108C-P1-5 SW, PTX10K fixed platform, 10.8T, right-to-use Premium1 tier, with SW support, 5 Years S-PTX10K-108C-P2-5 SW, PTX10K fixed platform, 10.8T, right-to-use Premium2 tier, with SW support, 5 Years S-PTX10K-108C-A1-3 SW, PTX10K fixed platform, 10.8T, right-to-use Advanced1 tier, with SW support, 3 Years S-PTX10K-108C-A2-3 SW, PTX10K fixed platform, 10.8T, right-to-use Advanced2 tier, with SW support, 3 Years S-PTX10K-108C-P1-3 SW, PTX10K fixed platform, 10.8T, right-to-use Premium1 tier, with SW support, 3 Years S-PTX10K-108C-P2-3 SW, PTX10K fixed platform, 10.8T, right-to-use Premium2 tier, with SW support, 3 Years S-PTX10K100GMSEC-P SW, PTX10K 100G MACsec License SKU, w/out Customer Support, must purchase CS SKU separately, Perpetual S-PTX10K400GMSEC-P SW, PTX10K 400G MACsec License SKU, w/out Customer Support, must purchase CS SKU separately, Perpetual PTX10002 PTX10002-60C-AC PTX10002 base system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX10002-60C-DC PTX10002 base system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX10002-60C-AC-IR PTX10002 LSR/peering system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX10002-60C-DC-IR PTX10002 LSR/peering system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX10002-60C-AC-R PTX10002 full IP system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX10002-60C-DC-R PTX10002 full IP system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX10K2-60C-H-AC PTX10002 base system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX10K2-60C-H-DC PTX10002 base system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX10K2-60C-H-ACIR PTX10002 LSR/peering system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX10K2-60C-H-DCIR PTX10002 LSR/peering system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays PTX10K2-60C-H-AC-R PTX10002 full IP system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays PTX10K2-60C-H-DC-R PTX10002 full IP system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays JPSU-1600W-AC-AFO PTX1000 1600 W AC power supply JPSU-1600W-DC-AFO PTX1000 1600 W DC power supply JNP10002-FAN1 PTX10002 fan S-PTX10K2-60C-S-UP PTX10002 scale-up software license to upgrade 60-port system (base to LSR or LSR to full IP) S-PTX10K2-30C-S-UP PTX10002 scale-up software license to upgrade 30-port system (base to LSR or LSR to full IP) S-PTX10K2-15C-S-UP PTX10002 scale-up software license to upgrade 15-port system (base to LSR or LSR to full IP) S-PTX10K2-U-15C PTX10002 software license to add 15 more ports to base system S-PTX10K2-U-15C-IR PTX10002 software license to add 15 more ports to LSR/peering system S-PTX10K2-U-15C-R PTX10002 software license to add 15 more ports to full IP system PTX10003 PTX10003-160C-AC PTX10003-160C base system with 160 100GbE ports or 32 400GbE ports, 4 3000W AC power supplies, 4 power cables, and 5 fan trays, with standard tier right-to-use license PTX10003-160C-DC PTX10003-160C base system with 160 100GbE ports or 32 400GbE ports, 4 3000W DC power supplies, and 5 fan trays, with standard tier right-to-use license PTX10003-80C-AC PTX10003-80C base system with 80 100GbE ports or 16 400GbE ports, 2 3000W AC power supplies, 2 power cables, and 3 fan trays, with standard tier right-to-use license PTX10003-80C-DC PTX10003-80C base system with 80 100GbE ports or 16 400GbE ports, 2 3000W DC power supplies, and 3 fan trays, with standard tier right-to-use license S-PTX10K3-16T-A1-P 16T PTX10003 Advanced1 tier right-to-use license, perpetual, without SW support S-PTX10K3-16T-A2-P 16T PTX10003 Advanced2 tier right-to-use license, perpetual, without SW support S-PTX10K3-16T-P1-P 16T PTX10003 Premium1 tier right-to-use license, perpetual, without SW support S-PTX10K3-16T-P2-P 16T PTX10003 Premium2 tier right-to-use license, perpetual, without SW support S-PTX10K3-16T-A1-5 16T PTX10003 Advanced1 tier right-to-use license, 5-year term, with SW support S-PTX10K3-16T-A2-5 16T PTX10003 Advanced2 tier right-to-use license, 5-year term, with software support S-PTX10K3-16T-P1-5 16T PTX10003 Premium1 tier right-to-use license, 5-year term, with software support S-PTX10K3-16T-P2-5 16T PTX10003 Premium2 tier right-to-use license, 5-year term, with software support S-PTX10K3-16T-A1-3 16T PTX10003 Advanced1 tier right-to-use license, 3-year term, with SW support S-PTX10K3-16T-A2-3 16T PTX10003 Advanced2 tier right-to-use license, 3-year term, with software support S-PTX10K3-16T-P1-3 16T PTX10003 Premium1 tier right-to-use license, 3-year term, with software support S-PTX10K3-16T-P2-3 16T PTX10003 Premium2 tier right-to-use license, 3-year term, with software support S-PTX10K3-8T-A1-P 8T PTX10003 Advanced1 tier right-to-use license, perpetual, without SW support S-PTX10K3-8T-A2-P 8T PTX10003 Advanced2 tier right-to-use license, perpetual, without SW support S-PTX10K3-8T-P1-P 8T PTX10003 Premium1 tier right-to-use license, perpetual, without SW support S-PTX10K3-8T-P2-P 8T PTX10003 Premium2 tier right-to-use license, perpetual, without SW support S-PTX10K3-8T-A1-5 8T PTX10003 Advanced1 tier right-to-use license, 5-year term, with software support S-PTX10K3-8T-A2-5 8T PTX10003 Advanced2 tier right-to-use license, 5-year term, with software support S-PTX10K3-8T-P1-5 8T PTX10003 Premium1 tier right-to-use license, 5-year term, with software support S-PTX10K3-8T-P2-5 8T PTX10003 Premium2 tier right-to-use license, 5-year term, with software support S-PTX10K3-8T-A1-3 8T PTX10003 Advanced1 tier right-to-use license, 3-year term, with software support S-PTX10K3-8T-A2-3 8T PTX10003 Advanced2 tier right-to-use license, 3-year term, with software support S-PTX10K3-8T-P1-3 8T PTX10003 Premium1 tier right-to-use license, 3-year term, with software support S-PTX10K3-8T-P2-3 8T PTX10003 Premium2 tier right-to-use license, 3-year term, with software support JNP10003-160C-CHAS JNP10003-160C spare chassis with 160 100GbE ports or 32 400GbE ports JNP10003-80C-CHAS JNP10003-80C spare chassis with 80 100GbE ports or 16 400GbE ports JNP10003-FAN Fan tray for 3RU 8T and 16T fixed platforms JNP-3000W-AC-AFO AC power supply for JNP10003-160C and JNP10003-80C fixed platforms -
Product Overview
Cloud providers and network operators are increasingly deploying scale-out, spine-and-leaf IP fabric architectures built on fixed-configuration switches to support growing east-west traffic in the data center. The QFX5220 Switch is optimally suited for these high-speed, high-density, spine-and-leaf IP fabrics. Supporting 400GbE, 200GbE*, 100GbE, 50GbE*, 40GbE, 25GbE, and 10GbE connections and offering an advanced L2, L3, and MPLS feature set, the QFX5220 enables cloud service providers and network operators to build large, next-generation IP fabrics that support network virtualization and intelligent traffic forwarding based on proven, Internet-scale technology.
Product Description
The Juniper Networks® QFX5220 Switch is a next-generation, fixed-configuration spine-and-leaf switch. It offers flexible, cost-effective, high-density 400GbE, 200GbE*, 100GbE, 50GbE*, 40GbE, 25GbE, and 10GbE interfaces for server and intra-fabric connectivity, and delivers a versatile, future-proofed solution for today’s data centers. QFX5220 switches support advanced Layer 2, Layer 3, and MPLS features. For large public cloud providers—early adopters of high-performance servers to meet explosive workload growth—the QFX5220 supports very large, dense, and fast 400GbE IP fabrics based on proven internet-scale technology. For enterprise customers seeking investment protection as they transition their server farms from 10GbE to 25GbE, the QFX5220 switch also provides a high radix-native 100GbE lean-spine option at reduced power and a smaller footprint. Two QFX5220 models are available, supporting different configurations and use cases. Delivering 25.6 Tbps of bandwidth, both models are optimally designed for spine-and-leaf deployments in enterprise, HPC, service provider, and cloud data centers. QFX5220-32CD: The QFX5220-32CD offers 32 ports in a low-profile 1 U form factor. High-speed ports support a wide variety of port configurations, including 400GbE, 200GbE, 100GbE, 25GbE, 40GbE, and 10GbE. The QFX5220-32CD is equipped with two AC or DC power supplies, providing 1+1 redundancy when all power supplies are present, and six hot-swappable fans offering ports-to-FRUs (AFO) or FRUs-to-ports (AFI) airflow options, providing (5x2+1)+1 redundancy. QFX5220-128C: The QFX5220-128C offers 128 ports in a 4 U form factor. The high-speed ports support a wide variety of configurations, including 100GbE and 40GbE. The switch is equipped with four AC or DC power supplies, providing 2+2 redundancy when all power supplies are present, and six hot-swappable ports-to-FRUs (AFO) airflow fans, providing (5x2+1) +1 redundancy. Both QFX5220 switch models include an Intel XeonD-1500 processor to drive the control plane, which runs the Juniper Networks Junos® OS Evolved operating system software.Product Highlights
The QFX5220 includes the following capabilities. Please refer to the Specifications section for currently shipping features.Native 400GbE Configuration
The QFX5220-32CD offers 32 ports in a 1 U form factor. The high-speed ports support a wide variety of configurations, including 100GbE and 400GbE.High-Density Configurations
The QFX5220 switches are optimized for high-density fabric deployments. The QFX5220-32CD provides an option of either 32 ports of 400GbE, 100GbE, or 40GbE, while the QFX5220-128C provides an option of either 128 QSFP28 100GbE ports or 64 40GbE QSFP ports.Flexible Connectivity Options
The QFX5220 offers a choice of interface speeds for server and intra-fabric connectivity, providing deployment versatility and investment protection.- Rich automation capabilities: The QFX5220 switches support a number of network automation features for plug-and-play operations, including zero-touch provisioning (ZTP), operations and event scripts, automatic rollback, and Python scripting.
- Advanced Junos Evolved features: The QFX5220 switch supports features such as BGP add-path, MPLS, L3 VPN, RoCEv2, and Multicast capabilities.
- Junos Evolved software architecture: The QFX5220 supports a modular Junos Evolved software architecture that allows the switch’s control and data plane processes and functions to run in parallel, maximizing utilization of the high-performance quad-core CPU, support for seamless component upgrade without bringing the switch down, and support for containerization, enabling application deployment using LXC or Docker.
Deployment Options
The QFX5220-32CD can be deployed as a universal device in cloud data centers to support 100GbE server access and 400GbE spine-and-leaf configurations, optimizing data center operations by using a single device across multiple layers of the network (see Figure 1). The QFX5220-128C is a high-radix 100GbE lean-spine switch optimized to aggregate 10GbE and 25GbE top-of-rack switches in these environments. Many cloud, service provider, data center, and enterprise networks are deploying 100GbE to handle growing demand. Figure 2 and Figure 3 show multiple use cases with the QFX5220-128C as a lean spine.
Figure 1: Typical cloud data center deployment for the QFX5220-32CD
Figure 2: 100GbE fabric in a typical cloud data center
Figure 3: Private cloud data center with the QFX5220-128C as lean spineArchitecture and Key Components
The QFX5220 can be used in L3 fabrics and L2 networks. You can choose the architecture that best suits your deployment needs and easily adapt and evolve as requirements change over time. The QFX5220 serves as the universal building block for these two switching architectures, enabling data center operators to build cloud networks in their own way.- Layer 3 fabric: For customers looking to build scale-out data centers, a Layer 3 spine-and-leaf Clos fabric provides predictable, nonblocking performance and scale characteristics. A two-tier fabric built with QFX5220 switches as leaf devices and Juniper Networks QFX10000 line of Switches as the spine can scale to support up to 128 40GbE ports or 128 25GbE and/or 10GbE server ports in a single fabric. One of the most complicated tasks when building an IP fabric is assigning all the implementation details, including IP addresses, BGP autonomous system numbers, routing policies, loopback address assignments, and others. Automating the creation of an IP fabric at a large scale is equally difficult. To address these challenges, Juniper has created the OpenClos project to provide free, open-source tools that automate the creation of IP fabrics in the data center. A set of Python scripts developed as an open-source project on GitHub, OpenClos takes a set of inputs that describe the shape and size of a data center and produces switch configuration files and a cabling plan
Figure 4: Cloud/Carrier-Class Junos OS Evolved Network Operating SystemManagement, Monitoring, and Analytics
Data Center Fabric Management: Juniper® Apstra provides operators with the power of intent-based network design to help ensure changes required to enable data center services can be delivered rapidly, accurately, and consistently. Operators can further benefit from the built-in assurance and analytics capabilities to resolve Day 2 operations issues quickly. Apstra key features are:- Automated deployment and zero-touch deployment
- Continuous fabric validation
- Fabric life-cycle management
- Troubleshooting using advanced telemetry
Features and Benefits
- Automation and programmability: The QFX5220 supports numerous network automation features, including operations and event scripts and ZTP.
- Cloud-level scale and performance: The QFX5220 supports best-in-class cloud-scale L2/L3 deployments with a low latency of 750 ns and a superior scale and performance. This includes L2 support for 8192 media access control (MAC) addresses and Address Resolution Protocol (ARP) learning, which scales up to 32,000 entries at 500 frames per second. It also includes L3 support for 336,000 longest prefix match (LPM) routes and 380,000 host routes on IPv4. Additionally, the QFX5220 supports 130,000 LPM routes and 130,000 host routes on IPv6, 128-way equal-cost multipath (ECMP) routes, and a filter that supports 768 (ingress) and 2558† (egress) exact match filtering rules. The QFX5220 supports up to 128 link aggregation groups, 4096 VLANs, and Jumbo frames of 9216 bytes. Junos Evolved provides configurable options through a CLI, enabling each QFX5220 to be optimized for different deployment scenarios.
- MPLS: The QFX5220 supports a broad set of MPLS features, including L3 VPN, RSVP traffic engineering, and LDP to support standards-based multitenancy and network virtualization with per-flow service-level agreements (SLAs) at scale. The QFX5220 can also be deployed as a low-latency MPLS label-switching router (LSR) or MPLS provider edge (PE) router in smaller scale environments. The QFX5220, along with Juniper Networks QFX5100 and QFX5200 switches, are the most compact, low-latency, high-density, low-power family of switches to offer an MPLS feature set in the industry.
- IEEE 1588 PTP Boundary Clock with Hardware Timestamping*: IEEE 1588 PTP Transparent/Boundary Clock is supported on QFX5220, enabling accurate and precise sub-microsecond timing information in today’s data center networks. In addition, the QFX5220 supports hardware timestamping; timestamps in Precision Time Protocol (PTP) packets are captured and inserted by an onboard field-programmable gate array (FPGA) on the switch at the physical (PHY) level.
- Data packet timestamping*: When the optional data packet timestamping feature is enabled, selected packets flowing through QFX5220 switches are timestamped with references to the recovered PTP clock. When these packets are received by nodes in the network, the packet timestamping information can be mirrored onto monitoring tools for detailed analysis, helping identify bottlenecks in the network that cause latency. This information also helps with network performance analysis and record keeping for legal and compliance purposes, which is required by certain business transactions such as financial trading, video streaming, and research establishments.
- RoCEv2: As a switch capable of transporting data as well as storage traffic over Ethernet, the QFX5220 provides an IEEE data center bridging (DCB) converged network between servers with disaggregated flash storage arrays or an NVMe-enabled storage area network (SAN). The QFX5220 offers a full-featured DCB implementation that provides strong monitoring capabilities on the top-of-rack switch for SAN and LAN administration teams to maintain clear separation of management. The RDMA over Converged Ethernet version 2 (RoCEv2) transit switch functionality, including priority-based flow control (PFC) and Data Center Bridging Capability Exchange (DCBX), are included as part of the default software.
- Junos OS Evolved: Junos Evolved is a native Linux operating system that incorporates a modular design of independent functional components and enables individual components to be upgraded independently while the system remains operational. Component failures are localized to the specific component involved and can be corrected by upgrading and restarting that specific component without having to bring down the entire device.
- Retained state: State is the retained information or status pertaining to physical and logical entities. It includes both operational and configuration state, comprising committed configuration, interface state, routes, hardware state, and what is held in a central database called the distributed data store (DDS). State information remains persistent, is shared across the system, and is supplied during restarts.
- Feature support: All key networking functions such as routing, bridging, management software, and management plane interfaces, as well as APIs such as CLI, NETCONF, Juniper Extension Toolkit (JET), Junos Telemetry Interface (JTI), and the underlying data models, resemble those supported by Junos. This ensures compatibility and eases the transition to Junos Evolved.
Junos Telemetry Interface
The QFX5220 supports Junos Telemetry Interface (JTI), a modern telemetry streaming tool that provides performance monitoring in complex, dynamic data centers. Streaming data to a performance management system lets network administrators measure trends in link and node utilization and troubleshoot issues such as network congestion in real time. JTI provides:- Application visibility and performance management by provisioning sensors to collect and stream data and analyze the application and workload flow path through the network
- Capacity planning and optimization by proactively detecting hotspots and monitoring latency and microbursts
- Troubleshooting and root cause analysis via high-frequency monitoring and correlating overlay and underlay networks.
Specifications
Hardware
Table 1: QFX5220 System CapacitySpecification QFX5220-32CD QFX5220-128C System throughput Up to 25.6 Tbps (bidirectional) Up to 25.6 Tbps (bidirectional) Forwarding capacity 8 billion packets per second 8 billion packets per second Port density 32 ports of QSFP56-DD 400GbE 128 ports of QSFP28 100GbE SFP+/SFP28 2 SFP+ transceiver ports for in-band network management 2 SFP+ transceiver ports for in-band network management Table 2: QFX5220 System SpecificationsSpecification QFX5220-32CD QFX5220-128C Dimensions (W x H x D) 17.26 x 1.72 x 21.1 in. (43.8 x 4.3 x 53.59 cm) 17.26 x 6.88 x 29 in. (43.8 x 17.47 x 73.66 cm) Rack units 1 U 4 U Weight 24.5 lb (11.11 kg) with power supplies and fans installed 98 lb (44.44 kg) with 4 power supplies and 6 fan trays installed Operating system Junos OS Evolved Junos OS Evolved CPU Intel Xeon D-1518 Intel Xeon D-1518 Power - Redundant (1+1) hot-pluggable 1600 W AC/DC power supplies (2n)
- 115-240 V single phase AC power
- -48 to -60 V DC power
- Redundant (1+1) hot-pluggable 1600 W AC/DC power supplies
- 115-240 V single phase AC power
- -48 to -60 V DC power
Cooling - Ports-to-FRUs (AFO) and FRUs-to-ports (AFI) cooling
- Redundant (5x2+1)+1 hot-pluggable fan modules with variable speed to minimize power draw
- Ports-to-FRUs (AFO) cooling
- Redundant (5x2+1) + 1 hot-pluggable fan modules with variable speed to minimize power draw
Total packet buffer 64 MB 64 MB Recommended Software Version Junos OS Evolved 19.2R1 and Later Junos OS Evolved 19.3R1 and Later Warranty Juniper standard one-year warranty Juniper standard one-year warranty Software
- MAC addresses per system: 8192
- VLAN IDs: 3968 (QFX5220-32CD) 3952 (QFX5220-128C)
- Number of link aggregation groups (LAGs): 128
- Number of ports per LAG: 64
- Firewall filters:
- Ingress: 768 Routed ACL (RACL), VLAN ACL (VACL), and Port ACL (PACL) rules
- Egress: 2558† RACL; 512 VACL and PACL rules
- IPv4 unicast routes: 380,000 prefixes; 380,000 host routes
- IPv6 unicast routes: 130,000 prefixes; 130,000 host routes
- Address Resolution Protocol (ARP) entries: 32,000
- Generic routing encapsulation (GRE) tunnels: 2000
- MPLS labels: 16,000
- Jumbo frame: 9216 bytes
- Traffic mirroring
- Mirroring destination ports per switch: 4
- Maximum number of mirroring sessions: 4
- Mirroring destination VLANs per switch: 4
Layer 2 Features
- STP—IEEE 802.1D (802.1D-2004)*
- Rapid Spanning Tree Protocol (RSTP) (IEEE 802.1w); MSTP (IEEE 802.1s)*
- Bridge protocol data unit (BPDU) protect*
- Loop protect*
- Root protect*
- RSTP and VSTP running concurrently*
- VLAN—IEEE 802.1Q VLAN trunking
- Routed VLAN interface (RVI)
- Port-based VLAN
- MAC address filtering*
- Static MAC address assignment for interface
- MAC learning disable
- Link Aggregation and Link Aggregation Control Protocol (LACP) (IEEE 802.3ad)
- IEEE 802.1AB Link Layer Discovery Protocol (LLDP)
Link Aggregation
- LAG load sharing algorithm—bridged or routed (unicast or multicast) traffic:
- IP: Session Initiation Protocol (SIP), Dynamic Internet Protocol (DIP), TCP/UDP source port, TCP/UDP destination port
- L2 and non-IP: MAC SA, MAC DA, Ether type, VLAN ID, source port
Layer 3 Features
- Static routing
- OSPF v1/v2
- OSPF v3
- Filter-based forwarding
- Virtual Router Redundancy Protocol (VRRP)*
- IPv6
- Virtual routers
- Loop-free alternate (LFA)
- BGP (Advanced Services or Premium Services license)
- IS-IS (Advanced Services or Premium Services license)
- Dynamic Host Configuration Protocol (DHCP) v4/v6 relay
- VR-aware DHCP
- IPv4/IPv6 over GRE tunnels (interface-based with decap/encap only)
Multicast*
- Internet Group Management Protocol (IGMP) v1/v2
- Multicast Listener Discovery (MLD) v1/v2
- IGMP proxy, querier
- IGMP v1/v2/v3 snooping
- Intersubnet multicast using IRB interface
- MLD snooping
- Protocol Independent Multicast PIM-SM, PIM-SSM, PIM-DM, PIM-Bidir*
- Multicast Source Discovery Protocol (MSDP)*
Security and Filters
- Secure interface login and password
- RADIUS
- TACACS+
- Ingress and egress filters: Allow and deny, port filters, VLAN filters, and routed filters, including management port filters, loopback filters for control plane protection
- Filter actions: Logging, system logging, reject, mirror to an interface, counters, assign forwarding class, permit, drop, police, mark
- SSH v1, v2
- Static ARP support
- Storm control, port error disable, and autorecovery*
- Control plane denial-of-service (DoS) protection
Quality of Service (QoS)
- L2 and L3 QoS: Classification, rewrite, queuing
- Rate limiting:
- Ingress policing: 1 rate 2 color, 2 rate 3 color
- Egress policing: Policer, policer mark down action
- gress shaping: Per queue, per port
- 10 hardware queues per port (8 unicast and 2 multicast)
- Strict priority queuing (LLQ), shaped-deficit weighted round-robin (SDWRR), weighted random early detection (WRED)
- 802.1p remarking
- Layer 2 classification criteria: Interface, MAC address, Ethertype, 802.1p, VLAN
- Congestion avoidance capabilities: WRED, ECN
- Trust IEEE 802.1p (ingress)
- Remarking of bridged packets
- Configurable shared buffer and buffer monitoring
MPLS (Premium Services License)
- Static label-switched paths (LSPs)
- RSVP-based signaling of LSPs
- LDP-based signaling of LSPs
- LDP tunneling (LDP over RSVP)
- MPLS class of service (CoS)*
- MPLS access control list (ACL)/policers*
- MPLS LSR support
- IPv4 L3 VPN (RFC 2547, 4364)
- MPLS fast reroute (FRR)
Data Center Bridging (DCB)*
- Priority-based flow control (PFC)—IEEE 802.1Qbb
- Data Center Bridging Exchange Protocol (DCBX)*
High Availability
- Bidirectional Forwarding Detection (BFD)
- Uplink failure detection (UFD)*
Visibility and Analytics
- Switched Port Analyzer (SPAN)
- Remote SPAN (RSPAN)
- Encapsulated Remote SPAN (ERSPAN)
- sFlow v5
- Junos Telemetry Interface
Management and Operations
- Contrail Networking*
- Role-based CLI management and access
- CLI via console, telnet, or SSH
- Extended ping and traceroute
- Junos OS Evolved configuration rescue and rollback
- Image rollback
- SNMP v1/v2/v3
- Junos OS Evolved XML management protocol
- High frequency statistics collection
- Automation and orchestration
- Zero-touch provisioning (ZTP)
- Python
- Junos OS Evolved event, commit, and OP scripts
Standards Compliance
IEEE Standards
- IEEE 802.1D
- IEEE 802.1w
- IEEE 802.1
- IEEE 802.1Q
- IEEE 802.1p
- IEEE 802.1ad
- IEEE 802.3ad
- IEEE 802.1AB
- IEEE 802.3x
- IEEE 802.1Qbb*
- IEEE 802.1Qaz
T11 Standards
- INCITS T11 FC-BB-5
Supported RFCs
- RFC 768 UDP
- RFC 783 Trivial File Transfer Protocol (TFTP)
- RFC 791 IP
- RFC 792 ICMP
- RFC 793 TCP
- RFC 826 ARP
- RFC 854 Telnet client and server
- RFC 894 IP over Ethernet
- RFC 903 RARP
- RFC 906 TFTP Bootstrap
- RFC 951 1542 BootP
- RFC 1058 Routing Information Protocol
- RFC 1112 IGMP v1
- RFC 1122 Host requirements
- RFC 1142 OSI IS-IS Intra-domain Routing Protocol
- RFC 1256 IPv4 ICMP Router Discovery (IRDP)
- RFC 1492 TACACS+
- RFC 1519 Classless Interdomain Routing (CIDR)
- RFC 1587 OSPF not-so-stubby area (NSSA) Option
- RFC 1591 Domain Name System (DNS)
- RFC 1745 BGP4/IDRP for IP—OSPF Interaction
- RFC 1772 Application of the Border Gateway Protocol in the Internet
- RFC 1812 Requirements for IP Version 4 routers
- RFC 1997 BGP Communities Attribute
- RFC 2030 SNTP, Simple Network Time Protocol
- RFC 2068 HTTP server
- RFC 2131 BOOTP/DHCP relay agent and Dynamic Host
- RFC 2138 RADIUS Authentication
- RFC 2139 RADIUS Accounting
- RFC 2154 OSPF w/Digital Signatures (password, MD-5)
- RFC 2236 IGMP v2
- RFC 2267 Network ingress filtering
- RFC 2328 OSPF v2 (edge mode)
- RFC 2338 VRRP
- RFC 2362 PIM-SM (edge mode)
- RFC 2370 OSPF Opaque link-state advertisement (LSA) Option
- RFC 2385 Protection of BGP Sessions via the TCP Message Digest 5 (MD5) Signature Option
- RFC 2439 BGP Route Flap Damping
- RFC 2474 Definition of the Differentiated Services Field in the IPv4 and IPv6 Headers
- RFC 2597 Assured Forwarding PHB (per-hop behavior) Group
- RFC 2598 An Expedited Forwarding PHB
- RFC 2697 A Single Rate Three Color Marker
- RFC 2698 A Two Rate Three Color Marker
- RFC 2796 BGP Route Reflection—An Alternative to Full Mesh IBGP
- RFC 2918 Route Refresh Capability for BGP-4
- RFC 3065 Autonomous System Confederations for BGP
- RFC 3376 IGMP v3 (source-specific multicast include mode only)
- RFC 3392 Capabilities Advertisement with BGP-4
- RFC 3446, Anycast RP
- RFC 3569 Source-specific multicast (SSM)
- RFC 3618 MSDP
- RFC 3623 Graceful OSPF Restart
- RFC 4271 Border Gateway Protocol 4 (BGP-4)
- RFC 4360 BGP Extended Communities Attribute
- RFC 4456 BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP)
- RFC 4486 Subcodes for BGP Cease Notification Message
- RFC 4724 Graceful Restart Mechanism for BGP
- RFC 4812 OSPF Restart Signaling
- RFC 4893 BGP Support for Four-octet AS Number Space
- RFC 5176 Dynamic Authorization Extensions to RADIUS
- RFC 5396 Textual Representation of Autonomous System (AS) Numbers
- RFC 5668 4-Octet AS Specific BGP Extended Community
- RFC 5880 Bidirectional Forwarding Detection (BFD)
- Configuration Protocol (DHCP) server
Supported MIBs
- RFC 155 SMI
- RFC 1157 SNMPv1
- RFC 1212, RFC 1213, RFC 1215 MIB-II, Ethernet-Like MIB and TRAPs
- RFC 1850 OSPFv2 MIB
- RFC 1901 Introduction to Community-based SNMPv2
- RFC 2011 SNMPv2 for Internet protocol using SMIv2
- RFC 2012 SNMPv2 for transmission control protocol using SMIv2
- RFC 2013 SNMPv2 for user datagram protocol using SMIv2
- RFC 2233, The Interfaces Group MIB using SMIv2
- RFC 2287 System Application Packages MIB
- RFC 2570 Introduction to Version 3 of the Internet standard Network Management Framework
- RFC 2571 An Architecture for describing SNMP Management Frameworks (read-only access)
- RFC 2572 Message Processing and Dispatching for the SNMP (read-only access)
- RFC 2576 Coexistence between SNMP Version 1, Version 2, and Version 3
- RFC 2578 SNMP Structure of Management Information MIB
- RFC 2579 SNMP Textual Conventions for SMIv2
- RFC 2580 Conformance Statements for SMIv2
- RFC 2665 Ethernet-like interface MIB
- RFC 2787 VRRP MIB
- RFC 2790 Host Resources MIB
- RFC 2819 RMON MIB
- RFC 2863 Interface Group MIB
- RFC 2932 IPv4 Multicast MIB
- RFC 3410 Introduction and Applicability Statements for Internet Standard Management Framework
- RFC 3411 An architecture for describing SNMP Management Frameworks
- RFC 3412 Message Processing and Dispatching for the SNMP
- RFC 3413 Simple Network Management Protocol
- RFC 3414 User-based Security Model (USM) for SNMPv3
- RFC 3415 View-based Access Control Model (VACM) for the SNMP
- RFC 3416 Version 2 of the Protocol Operations for the SNMP
- RFC 3417 Transport Mappings for the SNMP
- RFC 3418 Management Information Base (MIB) for the SNMP
- RFC 3584 Coexistence between Version 1, Version 2, and Version 3 of the Internet Standard Network Management Framework
- RFC 3826 The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model
- RFC 4188 Definitions of Managed Objects for Bridges
- RFC 4318 Definitions of Managed Objects for Bridges with Rapid Spanning Tree Protocol
- RFC 4363b Q-Bridge VLAN MIB
Environmental Ranges
Parameters QFX5220-32CD QFX5220-128C Operating temperature 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C) Storage temperature -40° through 158° F -40° through 158° F Operating altitude Up to 6000 feet (1828.8 meters) Up to 6000 feet (1828.8 meters) Relative humidity operating 5 to 90% (noncondensing) 5 to 90% (noncondensing) Relative humidity nonoperating 5 to 95% (noncondensing) 5 to 95% (noncondensing) Seismic Designed to meet GR-63, Zone 4 earthquake requirements Designed to meet GR-63, Zone 4 earthquake requirements Maximum Thermal Output
Parameters QFX5220-32CD QFX5220-128C Maximum power draw 115-127 V: 973 W; 220-240 V: 958 W 115-127 V: 2023 W; 220-240 V: 1990 W Typical power draw 115-127 V: 730 W; 220-240 V: 775 W 115-127 V: 1433 W; 220-240 V: 1394 W Safety and Compliance
Safety
- CAN/CSA-C22.2 No. 60950-1 Information Technology Equipment—Safety
- UL 60950-1 Information Technology Equipment—Safety
- EN 60950-1 Information Technology Equipment—Safety
- IEC 60950-1 Information Technology Equipment—Safety (All country deviations)
- EN 60825-1 Safety of Laser Products—Part 1: Equipment Classification
Security
- FIPS/CC*
- TAA*
Electromagnetic Compatibility
- 47 CFR Part 15, (FCC) Class A
- ICES-003 Class A
- EN 55022/EN 55032, Class A
- CISPR 22/CISPR 32, Class A
- EN 55024
- CISPR 24
- EN 300 386
- VCCI Class A
- AS/NZS CISPR 32, Class A
- KN32/KN35
- BSMI CNS 13438, Class A
- EN 61000-3-2
- EN 61000-3-3
- ETSI
- ETSI EN 300 019: Environmental Conditions & Environmental Tests for Telecommunications Equipment
- ETSI EN 300 019-2-1 (2000)—Storage
- ETSI EN 300 019-2-2 (1999)—Transportation
- ETSI EN 300 019-2-3 (2003)—Stationary Use at Weatherprotected Locations
- ETSI EN 300 019-2-4 (2003)—Stationary Use at NonWeather-protected Locations
- ETS 300753 (1997)—Acoustic noise emitted by telecommunications equipment
Environmental Compliance
Restriction of Hazardous Substances (ROHS) 6/6
Silver PSU Efficiency
Recycled material
Waste Electronics and Electrical Equipment (WEEE)
Registration, Evaluation, Authorisation and Restriction of Chemicals (REACH)
China Restriction of Hazardous Substances (ROHS)
Telco
- Common Language Equipment Identifier (CLEI) code
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.Ordering Information
Product Number Description Hardware QFX5220-32CD-AFI QFX5220 (hardware with base software), 32 QSFP-DD/QSFP+/QSFP28 ports, redundant fans, 2 AC power supplies, back-to-front airflow QFX5220-32CD-AFO QFX5220 (hardware with base software), 32 QSFP-DD/QSFP+/QSFP28 ports, redundant fans, 2 AC power supplies, front-to-back airflow QFX5220-32CD-D-AFI QFX5220 (hardware with base software), 32 QSFP-DD/QSFP+/QSFP28 ports, redundant fans, 2 DC power supplies, back-to-front airflow QFX5220-32CD-D-AFO QFX5220 (hardware with base software), 32 QSFP-DD/QSFP+/QSFP28 ports, redundant fans, 2 DC power supplies, front-to-back airflow QFX5220-128C-AFO QFX5220 (hardware with base software), 128 QSFP+/QSFP28 ports, redundant fans, 4 AC power supplies, front-to-back airflow QFX5220-128C-D-AFO QFX5220 (hardware with base software), 128 QSFP+/QSFP28 ports, redundant fans, 4 DC power supplies, front-to-back airflow JPSU-1600W-1UACAFI QFX5220-32CD-AFI 1 U AC power supply unit JPSU-1600W-1UACAFO QFX5220-32CD-AFO 1 U AC power supply unit JPSU-1600W-1UDCAFI QFX5220-32CD-D-AFI 1 U DC power supply unit JPSU-1600W-1UDCAFO QFX5220-32CD-D-AFO 1 U DC power supply unit JPSU-1600W-AC-AFO QFX5220-128C-AFO 2 U AC power supply unit JPSU-1600W-DC-AFO QFX5220-128C-AFO 2 U DC power supply unit QFX5220-32CD-4PRMK 4-Post Rack Mount Kit for QFX5220-32CD RKMT-4PST-4U 4-Post Rack Mount Kit for QFX5220-128C QFX5220-32CD-FANAI Airflow in (AFI) back-to-front airflow fans for QFX5220-32CD QFX5220-32CD-FANAO Airflow out (AFO) front-to-back airflow fans for QFX5220-32CD QFX5220-128C-FANAO Airflow out (AFO) front-to-back airflow fans for QFX5220-128C QFX5220-14I-EMI-DR QFX5220-128C 14 in. EMI door Optics and Transceivers QDD-400G-DAC-1M QSFP56-DD 400GbE DAC 1 M QDD-400G-DAC-2P5M QSFP56-DD 400GbE DAC 2.5 M QDD-4x100G-FR QSFP-DD 4x100GBASE-FR breakout 1310 nm PAM4 transceiver module, 2 km reach QDD-400G-DR4 QSFP-DD 400GBASE-DR4 / 4x100GBASE-DR 1310 nm PAM4 transceiver module, 500 m reach QDD-400G-FR4 QSFP-DD 400GBASE-FR4 1310 nm PAM4 transceiver module, 2 km reach QDD-400G-AOC-XM 400GbE QSFP56-DD active optical cable of XM (X=1,3,5,7,10,15,20,30) JNP-100G-4x25G-1M 100GbE QSFP28 to 4x25GbE SFP28 passive direct attach copper breakout cable, length: 1 m JNP-100G-4x25G-3M 100GbE QSFP28 to 4x25G SFP28 passive direct attach copper breakout cable, length: 3 m JNP-QSFP-100G-BXSR* 100GbE SR-bidirectional QSFP transceiver, LC, 100 M, OM4 multimode fiber-optic (MMF) Software Licenses SKUs S-QFX5K-C3-A1-X (X=3,5) Base L3 Software Subscription (X Years; X=3,5) License for QFX5220-32CD/QFX5220-128C S-QFX5K-C3-A2-X (X=3,5) Advanced Software Subscription (X Years; X=3,5) License for QFX5220-32CD/QFX5220-128C S-QFX5K-C3-P1-X (X=3,5) Premium Software Subscription (X Years; X=3,5) License for QFX5220-32CD/QFX5220-128C
