Junos Fusion Enterprise

Legal Disclaimer The detailed and most up to date roadmap can be found in Pathfinder: http://pathfinder-int.juniper.net/sopd/sopd.html This presentation sets forth Juniper Networks’ current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or functionality depicted in this presentation.

Junos Fusion: One Technology, Multiple Products One Technology , Many Use Cases Junos Fusion Enterprise Simplified management of wiring closets Junos Fusion Data Center Simplified management Plug n play Junos Fusion Edge Maximize the edge router slot utilization

Junos Fusion Enterprise Simple Smart Flexible Junos Fusion Enterprise Tomorrow’s enterprise: Simple, Smart, Flexible … Simple: one logical device to manage, plug-n-play, zero touch Junos Fusion Enterprise   Junos Fusion Enterprise is simple, smart and flexible. By collapsing the entire network infrastructure into one logical device it: tremendously simplifies management, brings consistency to operations and ultimately helps you realize CAPEX and OPEX savings. Simple Junos Fusion Enterprise greatly simplifies daily operations and reduces time spent on adds, moves and changes. Enterprise Fusion supports plug-and-play expansion with zero touch provisioning for satellite devices. Simply have your Smart Hands team plug in the device and Enterprise Fusion does the rest. The new satellite device is auto discovered, with no IT intervention. Also, VLANs are auto-sensed and automatically provisioned on the correct ports. Junos Fusion Enterprise also features Rolling Software Upgrades. This allows network operators to stagger the software upgrades for all satellite devices. For example this allows operators to qualify new software before a full rollout by only upgrading designated test satellite devices and not all satellite devices. Ultimately you get flexibility that ensures the highest availability for apps. Network Director provides single point of management for Junos Fusion Fabric—it centralizes management and orchestration all from a single-pane-of-glass. With ND you manage all Fusion Enterprise devices, services, policies, access control and VLANs. ND also allows you to visualize your entire enterprise, both campus and data center topologies, and it allows you to analyze traffic flows and execute bulk operations. Simple to Secure – with Fusion Enterprise you can instantly deploy and update access policies throughout the entire network. Simply apply the policy once in the EX9200 aggregation device and Fusion Enterprise does the rest. Simplifying configuration and keeping the network consistent, Fusion Enterprise eliminates error-prone, box-by-box manual changes that can lead to opening security gaps. Ultimately you get greater visibility into the network for faster identification, location and isolation of threats and intruders. Smart Junos Fusion Enterprise is built the open standards-based 802.11BR protocol, using open application programming interfaces (APIs). It delivers a loosely coupled system that allows for distributed forwarding scale. Fusion Enterprise supports native L2, L3, MPLS and Ethernet VPN (EVPN), providing a bridge to software-defined cloud networking with no protocol or vendor lock-in. Our commitment to programmability and open APIs also gives customers the flexibility to leverage solutions from Juniper’s ecosystem partners. Fusion Enterprise is also highly resilient. Since it employs the EX9200 as the core, Aggregation Device, a Fusion Enterprise fabric inherits these resiliency features: Separate, dedicated data, control and management planes Master and backup routing engines that can run in active-active mode. They’re capable of supporting different Junos versions for maximum availability and separation The EX9200 features hot-swappable, field replaceable components including line cards, fans, power supplies and routing engines The EX9200 also features ISSU, In-service Software Upgrades, allowing for seamless upgrades with no traffic loss or performance degradation. Fusion Enterprise’s Rolling software upgrade feature allows network admins to stagger network upgrades. So for example, they can choose to upgrade floors 1-5 at 8am, floors 6-15 at noon, and floors 16-20 at midnight. This reduces risk and prevents the need to perform massive, disruptive rollbacks of the entire network, for example. As you may know, the EX9200 features the ability to program its control and management planes via open APIs. This allows it to support Junos OS-based automation with Junos SDK, enabling integration with Puppet or other automation apps or integration with orchestrating apps like OpenStack. The beauty of Fusion is that it allows the entire network to inherit any these programmability features. So now the satellite devices are effectively programmable and controllable by automation and orchestration applications. Flexible Junos Fusion Enterprise’s flexibility provides you with investment protection. Today you can deploy EX9200 core switches and EX4300 access switches in your enterprise network using Virtual Chassis technology and, with a simple software upgrade, transform it into a Fusion Enterprise fabric tomorrow. And you can simply incorporate the existing wiring and topology. For instance, if you have a 10 member EX4300 Virtual Chassis configuration, that group automatically becomes a Fusion Enterprise cluster, with no need to touch wiring. Essentially, Fusion Enterprise allows you to use the same hardware and topology of your current infrastructure. Also, your on premise data center can be incorporated in Enterprise Fusion. The EX4300 EX4300 ToR switches become Satellite Devices as you connect them directly to the EX9200 Aggregation device. Through its use of the EX9200, Fusion Enterprise now gives you connectivity support from 1 to 100 GbE. At the access you can choose from 100BASE-T to 40 GbE. In terms of wiring Fusion Enterprise gives you maximum flexibility with options such as dual-homed satellites to a single aggregation device or dual-homed via different satellite cluster members. Simple, Smart, Flexible The result? True business agility. Smart: open APIs, highly resilient, intelligent software upgrades Flexible: investment protection, use current topology, flexible deployment models

Aggregation Device (AD) Satellite Device Cluster Terminology Aggregation Device (AD) Cascade Port Upstream Port LFOS … Satellite Device (SD) Yocto Linux Extended port Satellite Device Cluster AP

EX4300: Mid-Level Satellite, Entry-Level Satellite Supported Devices Aggregation Device Satellite Devices Change the switches to EX9200 EX9200 EX4300: Mid-Level Satellite, Entry-Level Satellite

High-Level Software Architecture Satellite Device Linux Forwarding Engine Software LLDP API (JSON) Aggregation Device IEEE 802.1BR CSP Yocto Linux CSP: Control and Status Protocol

Control Plane Protocols LLDP for discovery and setting up inband IP management CSP – 802.1BR CSP extended to provide support for multiple uplinks, software update; command/response TLV; add/delete/update/up/down/params change; Satellite device provides JSON RPC API – Environment Monitoring, S/W Image Management, Visibility Stack management protocol (SSMP) is running between satellite device and aggregation device and responsible for publishing the stack topology information and also to acquire a slot-id and other device-level provisioning information that is acquired via LLDP by satellite in non-stacking solution. Aggregation Device Satellite LLDP IS-IS [SSMP, CSP, J-RPC] Discovery LLDP CSP IP Connectivity Provisioning

Extended Mode: Data Plane Aggregation Device 1 n ECID: Port 1 ECID: Port 2 Ethernet Header Payload IEEE 802.1BR Ethernet Header Payload IEEE 802.1BR Satellite Device Ethernet Header Payload Ethernet Header Payload 1 2 Ethernet Traffic IEEE 802.1BR traffic

Single Aggregation Device Dual Aggregation Devices Mode of Deployment Single Aggregation Device Dual Aggregation Devices Reduced port and installation costs Simple management; reduced network layers Easy to extend existing architecture Chassis-level redundancy Centralized point of management for access ports Aggregation devices remain independent

Single Aggregation Device xe-0/0/2 Junos Fusion is enabled per port, not per device Configuration for all ports is done in Aggregation device Aggregation devices remain independent Each satellite is seen as a line card All access ports are seen as local ports State and statistic for ports on satellites are available on aggregation device Management of Satellites is done on Aggregation device FPC 101 FPC 102 Redundancy is provided with other protocols Ports on Satellite can be configured as any Ethernet L3 or L2 encapsulation xe-101/0/1 xe-102/0/1

Dual Aggregation Devices MC-LAG Automation

Dual Aggregation Devices Junos Fusion is enabled per port on the AD xe-0/0/2 xe-0/0/2 Configuration for all extended ports is done in either Aggregation device; shared configuration is synchronized Aggregation devices remain independent for ports not on satellites. No master/backup. Each Satellite is seen as a line card per both Aggregation devices All extended ports are seen as local States and statistics for extended ports are available on both aggregation devices Management of Satellites is done on either of the Aggregation devices FPC 101 FPC 103 Redundancy is embedded into the architecture Extended ports can be configured as L2 only. xe-101/0/1 xe-103/0/1

Dual Aggregation Devices There is no concept of Master/Backup for Satellite management Each SD has autonomous CSP sessions open to both ADs SD is sending same information to both ADs Each AD is pulling statistics and info from SDs CSP sessions

Satellite Device/Satellite Device Cluster SD does not run Junos Windriver Yacto Linux as base OS Linux Forwarding Engine software runs as an application on top of the Linux OS No local switching on the SD Junos Fusion Enterprise supports Satellite Device Cluster Eliminates the need to connect every SD to the AD Multiple SDs can be deployed behind a Cascade port 10 SDs in a cluster; this may change in newer releases …

Extended Mode Extended All traffic is processed on Aggregation devices Full features-set of Aggregation devices available

Multicast Replication All multicast traffic L2/L3 is replicated on AD Default Mode

Class Of Service AD 1. Extended Port – Port level BA Classifiers 2. Uplink Port Schedulers 3 4 3. Extended port logical interface BA Classifiers, MF Classifiers and Policers 2 SD 4. Extended port rewrite rules and cascade port schedulers 5 1 5. Honors forwarding class from AD and uses the extended port scheduler

Uplink Failure Detection Junos Fusion Enterprise Admin can configure minimum links for UFD If Satellite device loses complete connectivity with Aggregation device once UFD feature is enabled, it brings down all ports except candidate uplink ports.

Satellite Registration – Plug-and-Play

SD Registration – Single Satellite (Plug-and-Play) SD is auto discovered. SD specific config not necessary. Connectivity-based or Unique-ID based Configure the port leading to SD as “cascade-port” SD discovery and auto-provisioning of in-band management IP connectivity 1 loopback address per SD and 2 addresses per link between SD and AD Sync all extended port operational state between SD and AD Aggregation Device xe 2/0/0 10.2.0.1 CSP LLDP 10.2.0.2 Satellite Device Slot ID 100 172.16.0.100

SD Registration – Multiple Satellites on a Cascade Port (Not Completely Plug-and-Play) [edit chassis] satellite-management { stack bldgB-floor7-closet-1 { stack-id 1; cascade-ports [xe-0/0/1]; fpc 100 { # Slot 100 assigned to SD named as “SD0” member-id 1; serial-number <sd0-sn>; } fpc 101 { # Slot 101 assigned to SD named as “SD1” member-id 2; serial-number <sd1-sn>; fpc 102 { # Slot 102 assigned to SD named as “SD2” member-id 3; serial-number <sd2-sn>; redundancy-groups { chassis-id 1; group1 { redundancy-group-id 1 peer-chassis-id 2 icl ae0; stack [bldgB-floor7-closet-1]; Admin must map the FPC number with SD serial number for AD0 SD0 (Slot-ID: 100) SD1 (Slot-ID: 101) 1. LLDP (Discovery + Physical Interface IP address assignment from AD) 10.1.1.2 10.1.1.1 1. IS-IS (Neighbor and Topology Discovery + Physical Interface IP address assignment) 10.100.1.1 10.100.1.2 10.101.1.2 10.101.1.1 2. SSMP Learn following information from AD: 1. Stack Member-ID 2. Slot-ID 3. LB Address 4. Misc.) 4. SSMP

Auto LAG Aggregation Device No LAG configuration required between SD and AD Adding a new cascade port towards SD results in auto formation of a LAG bundle No traffic loss during addition of LAG members Single or dual-homed satellites Aggregation Device xe 2/0/0 xe 2/0/1 Satellite Device Slot ID 100 172.16.0.100

Flexible Deployment Models Fusion … … … … Dual-homed to single Aggregation device* Dual-homed to redundant Aggregation device Single- homed to single Aggregation device* Dual-homed via different stack members Standard STP or LAG to non-Fabric devices * Under Investigation

Unifying Enterprise Networks Data Center Core Campus EX9200 Finance Finance VPN L4-7 services Sales VPN Sales Engineering VPN Guest VPN B54 Engineering User VLANs Guest Coherent virtual network (vNS) Efficient Network Segmentation across Campus/Datacenter using EVPN

Unifying Enterprise Networks Closet Floor n Closet IDF Satellite Devices Floor 0 Closet … EX4300 EX9200 Aggregation Devices Junos Fusion Data Center Enterprise Junos Space Network Director Building 1 Building n

Rolling Software Upgrades

Software Upgrade – Any Version Anywhere Remove dual AD Each component can run its own software version Upgrade and downgrade can partial or span across long period of time Satellites can be grouped into Upgrade Groups to simplify operations and management of large numbers of satellites 15.2R1 1.0 1.0 2.0

Software Upgrade Group 1 Software Upgrade Group N Junos Fusion SD software management from AD SD software image automatically upgraded when discovered Group SDs into different software upgrade groups for flexibility SDs in different software upgrade groups can have different image Software Upgrade Group 1 Software Upgrade Group N

Junos Fusion Enterprise Junos Fusion Data Center Product Comparison Junos Fusion Enterprise Junos Fusion Data Center Junos Fusion Edge Enterprise Specific Features like 802.1X, PoE, LLDP-MED, MACsec, etc. Yes1 No Satellite Device Cluster Yes Extended Mode Local Switching Endpoints Connected to Multiple SDs Remote Satellites L2 Multicast Egress Replication at SD 1. Some features not available at FRS

Junos Fusion Enterprise vs. Cisco IA JFE Cisco Instant Access Number of Extended Ports 6000 2000 Number of SDs 128 42 Number of SDs in a Cluster 10 5 AD High Availability AD redundancy based on MC-LAG (Independent Control planes) IA parent redundancy based on VSS AD/SD Connectivity 40/10/1G 10G only Special Stack Cables Required for Cluster No Yes Topology-Independent Components All AD and SD devices can be used as part of JFE or non-JFE deployments 6800ia can only be used in IA deployments. Some IA clients cannot be used in non-IA deployments

Thank You