copyright © 2007 juniper networks, inc. proprietary and confidential 1 srx overview branch and high...

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1

SRX Overview Branch and High End

Bernd Kunze/Rob Cameron


SRX 5000 overview


Evolution of Integrated Technology

•Separation of tasks•Expensive, high-touch

•No logical integration•Complex set-up & ongoing maintenance

•Uncompromised performance•Complete inheritance•Best in class services

Stand-aloneSpecialized functions

•Stateful FW•IPSec VPN•IDP•Routing

Bolt-onLoose functional integration &

coordination•FW “houses” add-on svcs•Single chassis convenience

Fully-integratedHW/SW optimized for full

integration – Tight coordination with apps & functions


High-End Security Systems Portfolio

SRX characteristics

Scalable PerformanceRich Standard Services

• Firewall• IDP• Routing• QoS• IPSec (9.3)

Extensible Security Services Integrated Networking Services


Feature comparison SRX vs. NetScreenFeature JUNOS 9.2 ScreenOS (6.0, 6.1)

Layer 2 VLAN Tagging (802.1Q) VLAN Tagging (802.1Q) , Switching

IPv4 Routing RIP, BGPv4, OSPF, VRRP (No IS-IS)

RIP, BGPv4, OSPF, VRRP

Firewall Sessions, zones, screens, Policies, Auth Session, zones, Screens, Policies, Auth

NAT Destination, Source, Static* (ruled based) Destination, Source, Static (policy based)

ALGs FTP, TFTP, MGCP SIP,H323,SCCP,MGCP,Avaya,NEC,RTSP,DNS, FTP,SQL,TFTP,PPTP

Content Security IDP IDP (ISG platforms)

HA Chassis Cluster (limited feature support), Active-Passive

NSRP

QoS Classification, Marking, Scheduling, Shaping Interface based, three level hierarchical queuing, two rate three color marker (No POLICING)

Interface based, classification, marking

Management JWEB, NSM, logging, SNMP, JUNOScript NSM, WebUI, SNMP (read-only)

Performance Multi-10Gig (120Gbps on 5800) Multi-Gig (30Gbps)

IPSec VPN* Remote access, site-to-site (No HUB/Spoke support)

Remote access, site-to-site, AC VPN

* 9.3R1 item


Missing features in FRS IPv4 Multicast Limited HA (Active/Active, software upgrades) Virtualization (LSYS and resource control) Tunneling (GRE, IP-IP) Layer2 (Switching) Hub and Spoke VPNs Transparent (Layer2) Mode IPv6 SNMP MPLS PCAP/port mirroring RPM Intrabox HA including Hardware hotswap


HW Design

Central Service Plane• Built around high-speed

switch fabric• Dedicated, separate

control & data planes Adaptive Platform

• Buildable, processing pool• Supplies scalable increase

to performance and capacity

Resiliency• Dual “everything”

Service Processing

Cards

Fa

bric

Input/Output Cards

MGT


SW Capabilities

Highly integrated services• Advanced services & features always present• Turn-on additional services - same card• High-density, programmable processing

Intelligent session load balancing • Pushed across compute elements• Elegant scale model for session set up,

service throughput

Extensible services• Up and down the “stack”• Rich L3 features – routing/QoS/NAT• Comprehensive L4-7 coverage – FW, VPN,

IDP

Service Processing

Card

Fa

bric


Packet Flow – Fully Integrated

Service Processing

Cards

Fa

bric

Input/Output Cards

MGT

Flow Lookup Classification DoS/DDoS Policing

Ingress Packet

Egress Packet

Services Processing FW/IPSec VPN/IDP/UTMNAT/Routing

Routing/MGT/ Device MGT

QoS/Shaping


Event Scheduler

Flow Module

Per Packet Filters

Per Packet Policers / Shapers

MatchSession

?

ForwardingLookup

Screens RouteServices

ALGNATPolicyZones Session

Slow Path

Fast Path

Screens TCPServices

ALGNATYes

No

10Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

1) Pull Packet from queue

2) Police Packet

3) Filter Packet

4) Lookup Session:

4.a) No Match => Slow Path

a) FW Screen Check

b) Route Lookup

c) Find Destination Zone

d) Look-up Policy

e) Allocate NAT

f) Setup ALG vector

g) Install Session

4.b) Match => Fast Path

a) FW Screen Check

b) TCP Checks

c) NAT Translation

g) ALG Processing

5) Filter Packet

6) Shape Packet

7) Transmit Packet

Packet Flow – Inside the processor


SRX 5600: Product Overview Horizontal chassis system

• 1 Dedicated Fabric/RE• 6 interchangeable slots• MGT module – dual• Power AC/DC – 2+2, hot swap• Fan tray

Interfaces• 40-SFP• 4-10Gig

Dimensions – 8U chassis height

Performance & Capacities• FW – 60 Gbps • VPN – 18 Gbps

• IDP – 18 Gbps

• Concurrent sessions – 4M

• New and sustained cps – 300k

• Concurrent VPN tunnels – 100k Note: Route Engines, Switch Control Boards, Power supplies, and Ethernet blades are NOT interchangeable with MX series platforms


SRX 5800: Product Overview Vertical slot chassis system

• 2 Dedicated Fabric/RE• 12 interchangeable slots• MGT module – dual• Power AC/DC – Quad, hot swap• Fan tray

Interfaces• 40-SFP• 4-10Gig

Dimensions – 16U chassis height

Performance and Capacities• FW – 120 Gbps• VPN – 36 Gbps • IDP – 36 Gbps• Concurrent sessions – 8M• New and sustained cps – 300K• Concurrent VPN tunnels – 100k Note: Route Engines, Switch Control Boards, Power supplies,

and Ethernet blades are NOT interchangeable with MX series platforms


Performance scaling


System configuration flexibility

Flexible configuration of DPC and SPC cards• Examples:

• 6 SPC, 6 DPC• 1 SPC, 11 DPC• 11 SPC, 1 DPC• Etc…..

• This flexibility allows complete freedom of configuration to match deployment needs

• High port count, low processing• Low port count, high processing• Or anywhere in between


Performance Estimate of SRX 5000 Family based on number of Input/Output and Servicing Processing CardsBlue indicates performance of SRX 5600 (6 slots usable for IOC/SPC)Blue + white indicates performance of SRX 5800 (12 slots usable for IOC/SPC)Yellow indicates the supported system configurations in HA modeJUNOS 9.2 supports a maximum of 5xSPCs in an HA configurationPerformance is calculated based off of estimates but close to current QA tested performance


SRX 5600/5800 Deployment Scenarios


Deployment Scenario 1Data Center – Service Providers Key Customer Requirements

• DC consolidation results in increasing bandwidth requirements from fewer datacenters

• Increased requirements for high connection rate• Must reduce security appliance deployment and

management complexity


Deployment Scenario 2Data Center– Enterprise Key Customer Requirements

• Affordable carrier-grade security product• Separation of Control and Data Plane• Architecture enabling higher performance and longevity via fabric• I/O and SPC scalability and flexibility

Datacenter


Data Center Deployments

Key benefit with SRX• Additional services expected in future• DoS protection at line card and SPC

• No impact to data flow

Possible feature requirements• Multicast

• Requirements in some financial and other verticals• Expected JUNOS 9.5 or later

• ALGs• Dependent on specific applications traversing the datacenter• Additional ALG supported added in subsequent JUNOS

release (i.e., SIP ALG in JUNOS 9.4)


Deployment Scenario 3Departmental Firewall Aggregation Key Customer Requirements

• Aggregation of individual dept. internal FWs• Minimize incremental deployment cost• Minimize management overhead


Departmental Firewall Aggregation

Key benefit with SRX• Cost-effective scalability• Reduced operational expense• Support high-bandwidth requirements of network core

Possible feature requirements• VPN

• Centralized FW is often the network perimeter FW and supports VPN

• Hub-n-spoke VPN support expected in JUNOS 9.5 or later

• VSYS• Management of some FW aggregations may require VSYS rather

than VLANs and zones• VSYS support expected in 2H ‘09


SRX 5000 Series Competitive Analysis

Preliminary


Cisco FWSM vs. SRX 5000 seriesSRX 5600 SRX 5800 Cisco FWSM Cisco IPSec VPN SPA Cisco IPS Module

Max FW Throughput

60 Gbps 120 Gbps 5.5 Gbps per module (4 blades max /

chassis)

N/A N/A

Max VPN Throughput

18 Gbps 36 Gbps N/A – requires VPN Module

25 Gbps* N/A

Max IPS Throughput

18 Gbps 36 Gbps N/A – requires IPS module

N/A 4 Gbps**

Interfaces 40 x SFP 4 x 10 GigE

40 x SFP 4 x 10 GigE

Catalyst Catalyst Catalyst

Concurrent VPN Tunnels

100,00 100,000 N/A 8,000 x 10 modules N/A

Max Sessions 4 million 8 million 1 million N/A N/A

New & Sustained CPS

300,000 300,000 100,000 N/A N/A

Max PPS 10 Mpps 18 Mpps 2.8 Mpps N/A N/A

List Price US$675,000 US$1,278,000 US$34,995 (blade only) US$29,995 (blade only) US$29,995 (blade only)

Price per FW Mbps Throughput

~US$11.25 / Mbps

~US$10.65 / Mbps

~US$6.4 / Mbps ~US$12 / Mbps ~US$60 / Mbps

Price per Mbps with Chassist

N/A N/A ~US$13.64 / Mbps ~US$30 / Mbps ~US$125 / Mbps

* 2.5 Gbps per module, up to 10 modules per system. Each module is half-slot wide; 2 modules per slot.** 500 Mbps inline, 600 Mbps passive, up to 8 modules per chassis to achieve 4 Gbps of inline throughputt Based on published list prices of chassis plus module bundle (~US$74,995)


Cisco ASA 5580 vs. SRX 5000 series

SRX 5600 SRX 5800 ASA 5580-20 ASA 5580-40

Max FW Throughput

60 Gbps 120 Gbps 5 Gbps (10 Gbps Jumbo Frame)

10 Gbps (20 Gbps Jumbo Frame)

Max VPN Throughput

18 Gbps 36 Gbps 1 Gbps 1 Gbps

Max IPS Throughput

18 Gbps 36 Gbps Not Supported Not Supported

Interfaces 40 x SFP

4 x 10 GigE

40 x SFP

4 x 10 GigE

4 10/100/1000

4 GigE

2 x 10 GigE fiber

4 10/100/1000

4 GigE

2 x 10 GigE fiber


100,00 100,000 10,000 10,000

Max Sessions 4 million 8 million 1 million 2 million

New & Sustained CPS

300,000 300,000 90,000 150,000

Max PPS 10 Mpps 18 Mpps 2.5 million 4 million

List Price (max. config)

US$675,000 US$1,278,000 US$59,995 US$129,995

Price per firewall Mbps Throughput

~US$11.25 / Mbps

~US$10.65 / Mbps

~US$12 / Mbps ~US$13 / Mbps


Check Point vs. SRX 5000 seriesSRX 5600 SRX 5800 Power-1 5070 Power-1 9070 Nokia IP2255 Nokia IP2450

Max FW Throughput

60 Gbps 120 Gbps 9 Gbps 14 Gbps 8.9 Gbps 20 Gbps*

Max VPN Throughput

18 Gbps 36 Gbps 2.4 Gbps 3.7 Gbps 2.3 Gbps 2.5 Gbps*

Max IPS Throughput

18 Gbps 36 Gbps 4.5 Gbps 6.1 Gbps N/A N/A

Interfaces 40 x SFP

4 x 10 GigE

40 x SFP

4 x 10 GigE

8 on-board 10/100/1000

4 x GE

2 x 10 GigE

8 on-board 10/100/1000

4 x GE

2 x 10 GigE

4 on-board 10/100/1000

8 x 10/100

4 x GE

1 x 10GigE

4 on-board 10/100/1000

4 x GE

2 x 10 GigE


100,00 100,000 Not Published Not Published Not Published Not Published

Max Sessions 4 million 8 million 1.1 million 1.1 million Not Published Not Published

New & Sustained CPS

300,000 300,000 Not Published Not Published 87,000 Not Published

Max PPS 10 Mpps 18 Mpps Not Published Not Published Not Published Not Published


US$675,000 US$1,278,000 US$36,500 US$49,500 US$79,995 US$129,985


~US$11.25 / Mbps

~US$10.65 / Mbps

~US$4.1 / Mbps

~US$3.5 / Mbps ~US$8.9 / Mbps ~US$6.5 / Mbps

* Requires Nokia IPSO 6.0 plus 2 (two) Nokia Accelerated Data Path (ADP) cards, otherwise max FWTP is 9.0 Gbps, max. VPN TP is 2.0 Gbps.


Fortinet FortiGate vs. SRX 5000 seriesSRX 5600 SRX 5800 FortiGate 5140 FortiGate 5050 FortiGate 5020

Max FW Throughput

60 Gbps 120 Gbps 70 Gbps* 25 Gbps* 10 Gbps*

Max VPN Throughput

18 Gbps 36 Gbps 8.4 Gbps* 3 Gbps* 1.2 Gbps*

Max IPS Throughput

18 Gbps 36 Gbps Not Published Not Published Not Published

Interfaces 40 x SFP

4 x 10 GigE

40 x SFP

4 x 10 GigE

6 x GigE

2 x FortiAccel SFP

6 x GigE

2 x FortiAccel SFP

6 x GigE

2 x FortiAccel SFP


100,00 100,000 Not Published Not Published Not Published

Max Sessions 4 million 8 million 14 million* 5 million* 2 million*

New & Sustained CPS

300,000 300,000 420,000 150,000 60,000

Max PPS 10 Mpps 18 Mpps Not Published Not Published Not Published


US$675,000 US$1,278,000 US$1,009,925 US$369,970 US$149,985


~US$11.25 / Mbps

~US$10.65 / Mbps

~US$14.3 / Mbps ~US$14.8 / Mbps ~US$15 / Mbps

* Performance based on FG-5005FA2 module which delivers: 5 Gbps FWTP, 600 Mbps IPSec VPN TP, 1 million sessions, and 30k cps. FortiGate 5140 has 14 available slots, FortiGate 5050 has 5 available slots, and FortiGate 5020 has 2 available slots for FG-5005FA2 modules.


SRX 3000 sneak preview(more in the hardware session)

Ships w/ 9.4R1 tentativly


SRX 3400: Product Overview

Performance & Capacities• FW – 10 Gbps • VPN – 8 Gbps • IDP – 8 Gbps• Concurrent sessions – 1M• New and sustained cps – 60k• Concurrent VPN tunnels – 10k

Modular Interfaces• 16-10/100/1000• 16-SFP• 2-XFP

Modular chassis• 7- slots: 4 front, 3 rear• Common form factor modules• MGT module – dual• Power AC/DC – dual, hot swap• Fan tray

Fixed Interfaces• 12 built-in (8-10/100/1000 + 4-SFP)• 1 AUX/Console Port (RJ45)• 2 Ethernet Management Port• 2 USB Ports

Dimensions – 3U height x 24” depth


SRX 3600: Product Overview Performance & Capacities

• FW – 20 Gbps• VPN – 12 Gbps • IDP – 12 Gbps • Concurrent sessions – 2M• New and sustained cps – 120k• Concurrent VPN tunnels – 30k

Modular chassis• 12 high slots: 6 front, 6 rear• Common form factor modules• MGT module – dual• Power AC/DC – 2+2, hot swap• Fan tray

Fixed Interfaces• 12 built-in (8-10/100/1000 + 4-SFP)• 1 AUX/Console Port (RJ45)• 2 Ethernet Management Port• 2 USB Ports

Modular Interfaces• 16-10/100/1000• 16-SFP• 2-XFP

Dimensions – 5U height x 24” depth


Product Comparison – ISG vs. SRX 3kISG

1000 SRX 3400 ISG 2000 SRX 3600

FW 1 Gbps 5 - 10 Gbps 4 Gbps 10 - 20 Gbps

VPN (IPSec) 1 Gbps 2.5 - 5 Gbps 2 Gbps 5-10 Gbps

IDP Up to 1 Gbps 2.5 - 5 Gbps Up to 2 Gbps 5-10 Gbps

AV (HTTP) N/A Up to 500 Mbps N/A Up to 1 Gbps

VPN (SSL) N/A Up to 5Gbps N/A Up to 10Gbps

Interfaces 4CG + Up to

4GE/16FE

8-12CG + Up to

8XG/64GE/64CG

Up to 8GE or 28FE

8-12CG + Up to

16XG/128GE/128CG

Slots (IOC,APC)

2+2 Up to 7 CFM slots

4+3 Up to 12 CFM slots

Power supply

Single modular

Single (Dual option)

Dual Quad

Session/second

20K 60K 25K 100K

Total sessions

500K 2M 1M 4M

VPN tunnels 2,000 10,000 10,000 30,000

VSYS Up to 10 Up to 250 Up to 50 Up to 500

List Price $25k ~$25-45k $42k ~$40-60k

The slides on this page and next page are adapted from Glen’s slides deck. 10-20 Gbps capable for enterprise Major resolution to CPS, sessions, service flexibility and scale


SRX next-gen branch platforms (Loki)



Security and Routing Portfolio

Medium EnterprisetoLarge HQ

Micro Branch Small Office Managed Service

Branch/RegionalMedium Enterprise

Small Branch SME

ScreenOS

JUNOS

Additional M-series and T-series are not shown

JUNOS ES Products

Common Hardware

JUNOSGap

Asgard

4 Platforms

4 Performance Levels

JUNOS


What’s different with Next Gen Branch?

Performance• Multi-Core CPU Architecture

• Hardware Acceleration for UTM for IDP & AV Reliability

• JUNOS High-Performance Resiliency and Reliability

• Separation of Control Plane & Forwarding with dedicated cores

Integrated Branch-in-a-Box Solution• Service integration with best-in-class Routing, FW/VPN, UTM, and

Switching (Voice and Wireless future release)

Services for Mass Deployment• Zero touch – bootstrap mode

• Low touch – rapid deployment with USB (future)

• New License Server architecture (future)


• Four CPE Platforms • Entry level platforms for the small branch• High performance• Services integration• Routing• Firewall/ PSEC• UTM (AV, Web Filtering, Anti-

Spam, IDP)• Switching• VoIP FXS/FXO (future)

• 8 to16 Ethernet ports• Modular architecture with mini-PIM

slots

Asgard Product Portfolio

New in 9.4

Vali

STAT US

P OWER

P IM 2

P IM 1

CH B 2

CH B 1

T X/RX

SYNC

1 2

ADSL 2/2+ (B )ISDN (BRI )

0 /0 0/1 0/2 0/ 3

T X / R X

1 0/ 1 0 0 1 0/ 1 0 0 1 0/ 1 0 0 1 0 / 1 0 0 0/0 0/1 0 /2 0/31 0 / 1 0 0 1 0 /1 0 0 1 0 / 1 0 0 1 0/ 1 0 0

L I N K

RESETAUX CONSOLE

Vali

Vidar

Vidar

RESETSTAT

USALARM

POWER

HA

SLAVE

MASTER

0/1 0/3

TX/RX

SY NC

ADSL 2/2+ (B)

TX/RX

SY NC

ADSL 2/2+ (B)

0/5 0/7AUX CONSOLE

TX/RX

SY NC

ADSL 2/2+ (B)

TX/RX

SY NC

ADSL 2/2+ (B)

0/9 0/11 0/13 0/15 0/1 0/3 0/5 0/7 0/9 0/11 0/13 0/15

Narfi

Loki

Loki CH B2

CH B1

ISDN (BRI)

STATUS

POWER

AUX CONSOLETX/RX LINK TX/RX LINK TX/RX LINK TX/RX LINKTX/RX LINK TX/RX LINK TX/RX LINK TX/RX LINK


Fixed Memory• Low Memory - 512MB RAM/1GB flash

• High Memory - 1GB RAM/1GB flash

4 x POE Option (802.3af) External PC Card Slot for 3G Wireless EVDO/HSDPA External Power Supply Hardware RegEx Acceleration for AV & IDP

1RU High 2xGE + 6xFE Ports 1xMini-PIM Slot 1xConsole port 2xUSB (2.0) Mini-PIM Options

• 1xT1/E1• 1xSFP • 1xSync Serial (Future)• 1xVDSL2 (Future)

Target Performance• 200Mbps+ FW,

100Kpps• 100Mbps IDP• 50Mbps Quick AV

Optional Accessories:• Desktop Stand• Rack Mount• Wall Mount

Loki Overview


Loki Hardware – Front View

ConsolePort

2xUSBPowerButton

1 x mPIM Slot

2 x GE 6 x GE

POE (Port 0/0-0/3) (Factory Option)

Voice Ports(Future)Reset Pinhole


Loki Hardware – Rear View

External Power Connector

Power Cord Lock

Chassis Cable Lock

ExpressCard Slot (3G)

Ground Lug

Slot Cover

FanVent


3G ExpressCard - Wireless Backup Applications

• High speed wireless backup for remote branch offices, retail stores, kiosks, ATMs…

• Replacement for v.92 and ISDN backup ExpressCard for Loki

• Sierra EVDO/HSDPA in first phase• Leverage contract deals with providers• Other vendors and technologies later• Carrier card is Juniper product• Modem must be ordered separately (not

on the Juniper price list) Certifications

• Generic GSM certification• Specific certifications per carrier as

necessary• Carrier card design makes certifications

easier


External Wireless AP Solution (2H09) Juniper 802.11n Solution

• Backwards compatible to 802.11a/b/g

• 2x3 MIMO w/ ~300Mbps performance

• 50 Meter range (indoor)

Unit can be mounted on ceiling or wall Seamless management as single device Single port 10/100/1000Mbps POE Support – 802.3af or 802.3at External DC power supply option Plenum rating support Basic Access Controller support

• L2 Clustering support – up to 16 APs per device Richer Access Controller rollout in 2H09-1H10 time-

frame

Diagrams illustrative only – Not to scale

Sample


Competitive PerformanceSummary - Loki



Loki vs Cisco (Today) – to be updated

Cisco 871 Narfi Loki Vali Cisco ISR1811 Cisco ISR1841

Fixed I/O 4 10/100 8xFE 2xGE + 6xFE 8xGE 2WAN+8LAN 10/100

2 10/100

I/O expansion slots None None 1xMini-PIM 2xMini-PIMs None 2 WICs

Backup Options AUX 3G, USB 3G, USB or mPIM

3G, USB, or mPIM

v.92 (1812 w/ ISDN)

AUX

Routing PPS 30Kpps 80Kpps 100Kpps 150Kpps 50-60Kpps (est)

50-60Kpps (est)

FW performance 65Mbps 150Mbps IMIX

200Mbps IMIX 300Mbps IMIX

100Mbps 100Mbps

UTM performance (AV, IDP)

N/A 75Mbps 100Mbps 150Mbps N/A N/A

POE Integration No No 4xPoE (Factory Option)

8xPOE (Factory option)

w/ Injector w/ Injector

Voice No No Yes – 2FXS/1FXO and mini-PIM

Yes – 2FXS/1FXO and mini-PIM

No No

Integrated xDSL? ADSL2 VDSL2 VDSL2 (via mini-PIM)

VDSL2 (via mini-PIM)

No No

List Price (Base Unit) $649 to $799 $799 $1,295 $1,395


Loki vs Cisco Next Gen – to be updated Cisco 881 Narfi Loki Vali Cisco ISR19xx

Fixed I/O 4xFE 8xFE 2xGE + 6FE 8xGbE GE

I/O expansion slots None None 1 Mini-PIM 2 Mini-PIMs Yes

RAM / FLASH 256MB / 128MB

512MB / 1GB 512MB / 1GB 512MB / 1GB tbd

Backup Options 3G 3G, USB 3G, USB or mPIM

3G, USB, or mPIM

tbd

FW performance tbd 150Mbps IMIX 200Mbps IMIX 300Mbps IMIX tbd

SSL VPN Yes Yes (Dynamic VPN Client)

Yes (Dynamic VPN Client)

Yes (Dynamic VPN Client)

Yes

Wireless 802.11a/b/g/n Option

a/b/g/n option a/b/g/n option a/b/g/n (external)

a/b/g/n (external)

tbd

POE Integration Yes (2 ports only)

No 4xPoE (50W) Optional

8xPOE (75W) Optional

Yes

Integrated Voice No No Yes – 2FXS/1FXO and mini-PIM

Yes – 2FXS/1FXO and mini-PIM

Yes

Integrated xDSL? G.SHDSL or

VDSL

VDSL Via Mini-PIM Via Mini-PIM TBD

List Price (Base Unit) $649 $799 tbd


Q&A

copyright © 2007 juniper networks, inc. proprietary and confidential 1 srx overview branch and high...

Documents

juniper networks

overview slide

hardware hotswap slide

3r1 item slide

performance multi

gbps ipsec vpn

integrated hwsw

ipv4 routing rip