Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1
SRX Overview Branch and High End
Bernd Kunze/Rob Cameron
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 2
SRX 5000 overview
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 3
Evolution of Integrated Technology
•Separation of tasks•Expensive, high-touch
•No logical integration•Complex set-up & ongoing maintenance
•Uncompromised performance•Complete inheritance•Best in class services
Stand-aloneSpecialized functions
•Stateful FW•IPSec VPN•IDP•Routing
Bolt-onLoose functional integration &
coordination•FW “houses” add-on svcs•Single chassis convenience
Fully-integratedHW/SW optimized for full
integration – Tight coordination with apps & functions
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 4
High-End Security Systems Portfolio
SRX characteristics
Scalable PerformanceRich Standard Services
• Firewall• IDP• Routing• QoS• IPSec (9.3)
Extensible Security Services Integrated Networking Services
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 5
Feature comparison SRX vs. NetScreenFeature JUNOS 9.2 ScreenOS (6.0, 6.1)
Layer 2 VLAN Tagging (802.1Q) VLAN Tagging (802.1Q) , Switching
IPv4 Routing RIP, BGPv4, OSPF, VRRP (No IS-IS)
RIP, BGPv4, OSPF, VRRP
Firewall Sessions, zones, screens, Policies, Auth Session, zones, Screens, Policies, Auth
NAT Destination, Source, Static* (ruled based) Destination, Source, Static (policy based)
ALGs FTP, TFTP, MGCP SIP,H323,SCCP,MGCP,Avaya,NEC,RTSP,DNS, FTP,SQL,TFTP,PPTP
Content Security IDP IDP (ISG platforms)
HA Chassis Cluster (limited feature support), Active-Passive
NSRP
QoS Classification, Marking, Scheduling, Shaping Interface based, three level hierarchical queuing, two rate three color marker (No POLICING)
Interface based, classification, marking
Management JWEB, NSM, logging, SNMP, JUNOScript NSM, WebUI, SNMP (read-only)
Performance Multi-10Gig (120Gbps on 5800) Multi-Gig (30Gbps)
IPSec VPN* Remote access, site-to-site (No HUB/Spoke support)
Remote access, site-to-site, AC VPN
* 9.3R1 item
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 6
Missing features in FRS IPv4 Multicast Limited HA (Active/Active, software upgrades) Virtualization (LSYS and resource control) Tunneling (GRE, IP-IP) Layer2 (Switching) Hub and Spoke VPNs Transparent (Layer2) Mode IPv6 SNMP MPLS PCAP/port mirroring RPM Intrabox HA including Hardware hotswap
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 7
HW Design
Central Service Plane• Built around high-speed
switch fabric• Dedicated, separate
control & data planes Adaptive Platform
• Buildable, processing pool• Supplies scalable increase
to performance and capacity
Resiliency• Dual “everything”
Service Processing
Cards
Fa
bric
Input/Output Cards
MGT
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 8
SW Capabilities
Highly integrated services• Advanced services & features always present• Turn-on additional services - same card• High-density, programmable processing
Intelligent session load balancing • Pushed across compute elements• Elegant scale model for session set up,
service throughput
Extensible services• Up and down the “stack”• Rich L3 features – routing/QoS/NAT• Comprehensive L4-7 coverage – FW, VPN,
IDP
Service Processing
Card
Fa
bric
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 9
Packet Flow – Fully Integrated
Service Processing
Cards
Fa
bric
Input/Output Cards
MGT
Flow Lookup Classification DoS/DDoS Policing
Ingress Packet
Egress Packet
Services Processing FW/IPSec VPN/IDP/UTMNAT/Routing
Routing/MGT/ Device MGT
QoS/Shaping
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 10
Event Scheduler
Flow Module
Per Packet Filters
Per Packet Policers / Shapers
MatchSession
?
ForwardingLookup
Screens RouteServices
ALGNATPolicyZones Session
Slow Path
Fast Path
Screens TCPServices
ALGNATYes
No
10Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
1) Pull Packet from queue
2) Police Packet
3) Filter Packet
4) Lookup Session:
4.a) No Match => Slow Path
a) FW Screen Check
b) Route Lookup
c) Find Destination Zone
d) Look-up Policy
e) Allocate NAT
f) Setup ALG vector
g) Install Session
4.b) Match => Fast Path
a) FW Screen Check
b) TCP Checks
c) NAT Translation
g) ALG Processing
5) Filter Packet
6) Shape Packet
7) Transmit Packet
Packet Flow – Inside the processor
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 11
SRX 5600: Product Overview Horizontal chassis system
• 1 Dedicated Fabric/RE• 6 interchangeable slots• MGT module – dual• Power AC/DC – 2+2, hot swap• Fan tray
Interfaces• 40-SFP• 4-10Gig
Dimensions – 8U chassis height
Performance & Capacities• FW – 60 Gbps • VPN – 18 Gbps
• IDP – 18 Gbps
• Concurrent sessions – 4M
• New and sustained cps – 300k
• Concurrent VPN tunnels – 100k Note: Route Engines, Switch Control Boards, Power supplies, and Ethernet blades are NOT interchangeable with MX series platforms
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 12
SRX 5800: Product Overview Vertical slot chassis system
• 2 Dedicated Fabric/RE• 12 interchangeable slots• MGT module – dual• Power AC/DC – Quad, hot swap• Fan tray
Interfaces• 40-SFP• 4-10Gig
Dimensions – 16U chassis height
Performance and Capacities• FW – 120 Gbps• VPN – 36 Gbps • IDP – 36 Gbps• Concurrent sessions – 8M• New and sustained cps – 300K• Concurrent VPN tunnels – 100k Note: Route Engines, Switch Control Boards, Power supplies,
and Ethernet blades are NOT interchangeable with MX series platforms
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 13
Performance scaling
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 14
System configuration flexibility
Flexible configuration of DPC and SPC cards• Examples:
• 6 SPC, 6 DPC• 1 SPC, 11 DPC• 11 SPC, 1 DPC• Etc…..
• This flexibility allows complete freedom of configuration to match deployment needs
• High port count, low processing• Low port count, high processing• Or anywhere in between
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 15
Performance Estimate of SRX 5000 Family based on number of Input/Output and Servicing Processing CardsBlue indicates performance of SRX 5600 (6 slots usable for IOC/SPC)Blue + white indicates performance of SRX 5800 (12 slots usable for IOC/SPC)Yellow indicates the supported system configurations in HA modeJUNOS 9.2 supports a maximum of 5xSPCs in an HA configurationPerformance is calculated based off of estimates but close to current QA tested performance
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 16
SRX 5600/5800 Deployment Scenarios
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 17
Deployment Scenario 1Data Center – Service Providers Key Customer Requirements
• DC consolidation results in increasing bandwidth requirements from fewer datacenters
• Increased requirements for high connection rate• Must reduce security appliance deployment and
management complexity
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 18
Deployment Scenario 2Data Center– Enterprise Key Customer Requirements
• Affordable carrier-grade security product• Separation of Control and Data Plane• Architecture enabling higher performance and longevity via fabric• I/O and SPC scalability and flexibility
Datacenter
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 19
Data Center Deployments
Key benefit with SRX• Additional services expected in future• DoS protection at line card and SPC
• No impact to data flow
Possible feature requirements• Multicast
• Requirements in some financial and other verticals• Expected JUNOS 9.5 or later
• ALGs• Dependent on specific applications traversing the datacenter• Additional ALG supported added in subsequent JUNOS
release (i.e., SIP ALG in JUNOS 9.4)
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 20
Deployment Scenario 3Departmental Firewall Aggregation Key Customer Requirements
• Aggregation of individual dept. internal FWs• Minimize incremental deployment cost• Minimize management overhead
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 21
Departmental Firewall Aggregation
Key benefit with SRX• Cost-effective scalability• Reduced operational expense• Support high-bandwidth requirements of network core
Possible feature requirements• VPN
• Centralized FW is often the network perimeter FW and supports VPN
• Hub-n-spoke VPN support expected in JUNOS 9.5 or later
• VSYS• Management of some FW aggregations may require VSYS rather
than VLANs and zones• VSYS support expected in 2H ‘09
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 22
SRX 5000 Series Competitive Analysis
Preliminary
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 23
Cisco FWSM vs. SRX 5000 seriesSRX 5600 SRX 5800 Cisco FWSM Cisco IPSec VPN SPA Cisco IPS Module
Max FW Throughput
60 Gbps 120 Gbps 5.5 Gbps per module (4 blades max /
chassis)
N/A N/A
Max VPN Throughput
18 Gbps 36 Gbps N/A – requires VPN Module
25 Gbps* N/A
Max IPS Throughput
18 Gbps 36 Gbps N/A – requires IPS module
N/A 4 Gbps**
Interfaces 40 x SFP 4 x 10 GigE
40 x SFP 4 x 10 GigE
Catalyst Catalyst Catalyst
Concurrent VPN Tunnels
100,00 100,000 N/A 8,000 x 10 modules N/A
Max Sessions 4 million 8 million 1 million N/A N/A
New & Sustained CPS
300,000 300,000 100,000 N/A N/A
Max PPS 10 Mpps 18 Mpps 2.8 Mpps N/A N/A
List Price US$675,000 US$1,278,000 US$34,995 (blade only) US$29,995 (blade only) US$29,995 (blade only)
Price per FW Mbps Throughput
~US$11.25 / Mbps
~US$10.65 / Mbps
~US$6.4 / Mbps ~US$12 / Mbps ~US$60 / Mbps
Price per Mbps with Chassist
N/A N/A ~US$13.64 / Mbps ~US$30 / Mbps ~US$125 / Mbps
* 2.5 Gbps per module, up to 10 modules per system. Each module is half-slot wide; 2 modules per slot.** 500 Mbps inline, 600 Mbps passive, up to 8 modules per chassis to achieve 4 Gbps of inline throughputt Based on published list prices of chassis plus module bundle (~US$74,995)
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 24
Cisco ASA 5580 vs. SRX 5000 series
SRX 5600 SRX 5800 ASA 5580-20 ASA 5580-40
Max FW Throughput
60 Gbps 120 Gbps 5 Gbps (10 Gbps Jumbo Frame)
10 Gbps (20 Gbps Jumbo Frame)
Max VPN Throughput
18 Gbps 36 Gbps 1 Gbps 1 Gbps
Max IPS Throughput
18 Gbps 36 Gbps Not Supported Not Supported
Interfaces 40 x SFP
4 x 10 GigE
40 x SFP
4 x 10 GigE
4 10/100/1000
4 GigE
2 x 10 GigE fiber
4 10/100/1000
4 GigE
2 x 10 GigE fiber
Concurrent VPN Tunnels
100,00 100,000 10,000 10,000
Max Sessions 4 million 8 million 1 million 2 million
New & Sustained CPS
300,000 300,000 90,000 150,000
Max PPS 10 Mpps 18 Mpps 2.5 million 4 million
List Price (max. config)
US$675,000 US$1,278,000 US$59,995 US$129,995
Price per firewall Mbps Throughput
~US$11.25 / Mbps
~US$10.65 / Mbps
~US$12 / Mbps ~US$13 / Mbps
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 25
Check Point vs. SRX 5000 seriesSRX 5600 SRX 5800 Power-1 5070 Power-1 9070 Nokia IP2255 Nokia IP2450
Max FW Throughput
60 Gbps 120 Gbps 9 Gbps 14 Gbps 8.9 Gbps 20 Gbps*
Max VPN Throughput
18 Gbps 36 Gbps 2.4 Gbps 3.7 Gbps 2.3 Gbps 2.5 Gbps*
Max IPS Throughput
18 Gbps 36 Gbps 4.5 Gbps 6.1 Gbps N/A N/A
Interfaces 40 x SFP
4 x 10 GigE
40 x SFP
4 x 10 GigE
8 on-board 10/100/1000
4 x GE
2 x 10 GigE
8 on-board 10/100/1000
4 x GE
2 x 10 GigE
4 on-board 10/100/1000
8 x 10/100
4 x GE
1 x 10GigE
4 on-board 10/100/1000
4 x GE
2 x 10 GigE
Concurrent VPN Tunnels
100,00 100,000 Not Published Not Published Not Published Not Published
Max Sessions 4 million 8 million 1.1 million 1.1 million Not Published Not Published
New & Sustained CPS
300,000 300,000 Not Published Not Published 87,000 Not Published
Max PPS 10 Mpps 18 Mpps Not Published Not Published Not Published Not Published
List Price (max. config)
US$675,000 US$1,278,000 US$36,500 US$49,500 US$79,995 US$129,985
Price per firewall Mbps Throughput
~US$11.25 / Mbps
~US$10.65 / Mbps
~US$4.1 / Mbps
~US$3.5 / Mbps ~US$8.9 / Mbps ~US$6.5 / Mbps
* Requires Nokia IPSO 6.0 plus 2 (two) Nokia Accelerated Data Path (ADP) cards, otherwise max FWTP is 9.0 Gbps, max. VPN TP is 2.0 Gbps.
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 26
Fortinet FortiGate vs. SRX 5000 seriesSRX 5600 SRX 5800 FortiGate 5140 FortiGate 5050 FortiGate 5020
Max FW Throughput
60 Gbps 120 Gbps 70 Gbps* 25 Gbps* 10 Gbps*
Max VPN Throughput
18 Gbps 36 Gbps 8.4 Gbps* 3 Gbps* 1.2 Gbps*
Max IPS Throughput
18 Gbps 36 Gbps Not Published Not Published Not Published
Interfaces 40 x SFP
4 x 10 GigE
40 x SFP
4 x 10 GigE
6 x GigE
2 x FortiAccel SFP
6 x GigE
2 x FortiAccel SFP
6 x GigE
2 x FortiAccel SFP
Concurrent VPN Tunnels
100,00 100,000 Not Published Not Published Not Published
Max Sessions 4 million 8 million 14 million* 5 million* 2 million*
New & Sustained CPS
300,000 300,000 420,000 150,000 60,000
Max PPS 10 Mpps 18 Mpps Not Published Not Published Not Published
List Price (max. config)
US$675,000 US$1,278,000 US$1,009,925 US$369,970 US$149,985
Price per firewall Mbps Throughput
~US$11.25 / Mbps
~US$10.65 / Mbps
~US$14.3 / Mbps ~US$14.8 / Mbps ~US$15 / Mbps
* Performance based on FG-5005FA2 module which delivers: 5 Gbps FWTP, 600 Mbps IPSec VPN TP, 1 million sessions, and 30k cps. FortiGate 5140 has 14 available slots, FortiGate 5050 has 5 available slots, and FortiGate 5020 has 2 available slots for FG-5005FA2 modules.
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 27
SRX 3000 sneak preview(more in the hardware session)
Ships w/ 9.4R1 tentativly
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 28
SRX 3400: Product Overview
Performance & Capacities• FW – 10 Gbps • VPN – 8 Gbps • IDP – 8 Gbps• Concurrent sessions – 1M• New and sustained cps – 60k• Concurrent VPN tunnels – 10k
Modular Interfaces• 16-10/100/1000• 16-SFP• 2-XFP
Modular chassis• 7- slots: 4 front, 3 rear• Common form factor modules• MGT module – dual• Power AC/DC – dual, hot swap• Fan tray
Fixed Interfaces• 12 built-in (8-10/100/1000 + 4-SFP)• 1 AUX/Console Port (RJ45)• 2 Ethernet Management Port• 2 USB Ports
Dimensions – 3U height x 24” depth
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 29
SRX 3600: Product Overview Performance & Capacities
• FW – 20 Gbps• VPN – 12 Gbps • IDP – 12 Gbps • Concurrent sessions – 2M• New and sustained cps – 120k• Concurrent VPN tunnels – 30k
Modular chassis• 12 high slots: 6 front, 6 rear• Common form factor modules• MGT module – dual• Power AC/DC – 2+2, hot swap• Fan tray
Fixed Interfaces• 12 built-in (8-10/100/1000 + 4-SFP)• 1 AUX/Console Port (RJ45)• 2 Ethernet Management Port• 2 USB Ports
Modular Interfaces• 16-10/100/1000• 16-SFP• 2-XFP
Dimensions – 5U height x 24” depth
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 30
Product Comparison – ISG vs. SRX 3kISG
1000 SRX 3400 ISG 2000 SRX 3600
FW 1 Gbps 5 - 10 Gbps 4 Gbps 10 - 20 Gbps
VPN (IPSec) 1 Gbps 2.5 - 5 Gbps 2 Gbps 5-10 Gbps
IDP Up to 1 Gbps 2.5 - 5 Gbps Up to 2 Gbps 5-10 Gbps
AV (HTTP) N/A Up to 500 Mbps N/A Up to 1 Gbps
VPN (SSL) N/A Up to 5Gbps N/A Up to 10Gbps
Interfaces 4CG + Up to
4GE/16FE
8-12CG + Up to
8XG/64GE/64CG
Up to 8GE or 28FE
8-12CG + Up to
16XG/128GE/128CG
Slots (IOC,APC)
2+2 Up to 7 CFM slots
4+3 Up to 12 CFM slots
Power supply
Single modular
Single (Dual option)
Dual Quad
Session/second
20K 60K 25K 100K
Total sessions
500K 2M 1M 4M
VPN tunnels 2,000 10,000 10,000 30,000
VSYS Up to 10 Up to 250 Up to 50 Up to 500
List Price $25k ~$25-45k $42k ~$40-60k
The slides on this page and next page are adapted from Glen’s slides deck. 10-20 Gbps capable for enterprise Major resolution to CPS, sessions, service flexibility and scale
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 31
SRX next-gen branch platforms (Loki)
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 31
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 32
Security and Routing Portfolio
Medium EnterprisetoLarge HQ
Micro Branch Small Office Managed Service
Branch/RegionalMedium Enterprise
Small Branch SME
ScreenOS
JUNOS
Additional M-series and T-series are not shown
JUNOS ES Products
Common Hardware
JUNOSGap
Asgard
4 Platforms
4 Performance Levels
JUNOS
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 33
What’s different with Next Gen Branch?
Performance• Multi-Core CPU Architecture
• Hardware Acceleration for UTM for IDP & AV Reliability
• JUNOS High-Performance Resiliency and Reliability
• Separation of Control Plane & Forwarding with dedicated cores
Integrated Branch-in-a-Box Solution• Service integration with best-in-class Routing, FW/VPN, UTM, and
Switching (Voice and Wireless future release)
Services for Mass Deployment• Zero touch – bootstrap mode
• Low touch – rapid deployment with USB (future)
• New License Server architecture (future)
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 34
• Four CPE Platforms • Entry level platforms for the small branch• High performance• Services integration• Routing• Firewall/ PSEC• UTM (AV, Web Filtering, Anti-
Spam, IDP)• Switching• VoIP FXS/FXO (future)
• 8 to16 Ethernet ports• Modular architecture with mini-PIM
slots
Asgard Product Portfolio
New in 9.4
Vali
STAT US
P OWER
P IM 2
P IM 1
CH B 2
CH B 1
T X/RX
SYNC
1 2
ADSL 2/2+ (B )ISDN (BRI )
0 /0 0/1 0/2 0/ 3
T X / R X
1 0/ 1 0 0 1 0/ 1 0 0 1 0/ 1 0 0 1 0 / 1 0 0 0/0 0/1 0 /2 0/31 0 / 1 0 0 1 0 /1 0 0 1 0 / 1 0 0 1 0/ 1 0 0
L I N K
RESETAUX CONSOLE
Vali
Vidar
Vidar
RESETSTAT
USALARM
POWER
HA
SLAVE
MASTER
0/1 0/3
TX/RX
SY NC
ADSL 2/2+ (B)
TX/RX
SY NC
ADSL 2/2+ (B)
0/5 0/7AUX CONSOLE
TX/RX
SY NC
ADSL 2/2+ (B)
TX/RX
SY NC
ADSL 2/2+ (B)
0/9 0/11 0/13 0/15 0/1 0/3 0/5 0/7 0/9 0/11 0/13 0/15
Narfi
Loki
Loki CH B2
CH B1
ISDN (BRI)
STATUS
POWER
AUX CONSOLETX/RX LINK TX/RX LINK TX/RX LINK TX/RX LINKTX/RX LINK TX/RX LINK TX/RX LINK TX/RX LINK
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 35
Fixed Memory• Low Memory - 512MB RAM/1GB flash
• High Memory - 1GB RAM/1GB flash
4 x POE Option (802.3af) External PC Card Slot for 3G Wireless EVDO/HSDPA External Power Supply Hardware RegEx Acceleration for AV & IDP
1RU High 2xGE + 6xFE Ports 1xMini-PIM Slot 1xConsole port 2xUSB (2.0) Mini-PIM Options
• 1xT1/E1• 1xSFP • 1xSync Serial (Future)• 1xVDSL2 (Future)
Target Performance• 200Mbps+ FW,
100Kpps• 100Mbps IDP• 50Mbps Quick AV
Optional Accessories:• Desktop Stand• Rack Mount• Wall Mount
Loki Overview
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 36
Loki Hardware – Front View
ConsolePort
2xUSBPowerButton
1 x mPIM Slot
2 x GE 6 x GE
POE (Port 0/0-0/3) (Factory Option)
Voice Ports(Future)Reset Pinhole
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 37
Loki Hardware – Rear View
External Power Connector
Power Cord Lock
Chassis Cable Lock
ExpressCard Slot (3G)
Ground Lug
Slot Cover
FanVent
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 38
3G ExpressCard - Wireless Backup Applications
• High speed wireless backup for remote branch offices, retail stores, kiosks, ATMs…
• Replacement for v.92 and ISDN backup ExpressCard for Loki
• Sierra EVDO/HSDPA in first phase• Leverage contract deals with providers• Other vendors and technologies later• Carrier card is Juniper product• Modem must be ordered separately (not
on the Juniper price list) Certifications
• Generic GSM certification• Specific certifications per carrier as
necessary• Carrier card design makes certifications
easier
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 39
External Wireless AP Solution (2H09) Juniper 802.11n Solution
• Backwards compatible to 802.11a/b/g
• 2x3 MIMO w/ ~300Mbps performance
• 50 Meter range (indoor)
Unit can be mounted on ceiling or wall Seamless management as single device Single port 10/100/1000Mbps POE Support – 802.3af or 802.3at External DC power supply option Plenum rating support Basic Access Controller support
• L2 Clustering support – up to 16 APs per device Richer Access Controller rollout in 2H09-1H10 time-
frame
Diagrams illustrative only – Not to scale
Sample
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 40
Competitive PerformanceSummary - Loki
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 40
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 41
Loki vs Cisco (Today) – to be updated
Cisco 871 Narfi Loki Vali Cisco ISR1811 Cisco ISR1841
Fixed I/O 4 10/100 8xFE 2xGE + 6xFE 8xGE 2WAN+8LAN 10/100
2 10/100
I/O expansion slots None None 1xMini-PIM 2xMini-PIMs None 2 WICs
Backup Options AUX 3G, USB 3G, USB or mPIM
3G, USB, or mPIM
v.92 (1812 w/ ISDN)
AUX
Routing PPS 30Kpps 80Kpps 100Kpps 150Kpps 50-60Kpps (est)
50-60Kpps (est)
FW performance 65Mbps 150Mbps IMIX
200Mbps IMIX 300Mbps IMIX
100Mbps 100Mbps
UTM performance (AV, IDP)
N/A 75Mbps 100Mbps 150Mbps N/A N/A
POE Integration No No 4xPoE (Factory Option)
8xPOE (Factory option)
w/ Injector w/ Injector
Voice No No Yes – 2FXS/1FXO and mini-PIM
Yes – 2FXS/1FXO and mini-PIM
No No
Integrated xDSL? ADSL2 VDSL2 VDSL2 (via mini-PIM)
VDSL2 (via mini-PIM)
No No
List Price (Base Unit) $649 to $799 $799 $1,295 $1,395
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 42
Loki vs Cisco Next Gen – to be updated Cisco 881 Narfi Loki Vali Cisco ISR19xx
Fixed I/O 4xFE 8xFE 2xGE + 6FE 8xGbE GE
I/O expansion slots None None 1 Mini-PIM 2 Mini-PIMs Yes
RAM / FLASH 256MB / 128MB
512MB / 1GB 512MB / 1GB 512MB / 1GB tbd
Backup Options 3G 3G, USB 3G, USB or mPIM
3G, USB, or mPIM
tbd
FW performance tbd 150Mbps IMIX 200Mbps IMIX 300Mbps IMIX tbd
SSL VPN Yes Yes (Dynamic VPN Client)
Yes (Dynamic VPN Client)
Yes (Dynamic VPN Client)
Yes
Wireless 802.11a/b/g/n Option
a/b/g/n option a/b/g/n option a/b/g/n (external)
a/b/g/n (external)
tbd
POE Integration Yes (2 ports only)
No 4xPoE (50W) Optional
8xPOE (75W) Optional
Yes
Integrated Voice No No Yes – 2FXS/1FXO and mini-PIM
Yes – 2FXS/1FXO and mini-PIM
Yes
Integrated xDSL? G.SHDSL or
VDSL
VDSL Via Mini-PIM Via Mini-PIM TBD
List Price (Base Unit) $649 $799 tbd
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 43
Q&A