enabling the next-generation mobile data center

WHITE PAPER

Copyright © 2009, Juniper Networks, Inc. 1

ENABLING THE NEXT-GENERATION MOBILE DATA CENTERArchitecting a Scalable, E!cient Data Center for the Next Generation of Mobile Services

2 Copyright © 2009, Juniper Networks, Inc.

WHITE PAPER - Enabling the Next-Generation Mobile Data Center

Table of Contents

Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Keeping Pace with Market Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Mobile Data Center Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Too Many Layers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Lack of Network Visibility and Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Reevaluating Centralization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Juniper’s Vision for a Next-Generation Mobile Data Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Virtualization Is the Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

MPLS: The Next Logical Step in the Evolution of Data Center Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Junos Software: The Silver Bullet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

MX Series Ethernet Services Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Security at Scale: SRX Series Services Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Enabling Network Visibility Through STRM Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

About Juniper Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Table of Figures

Figure 1: The traffic growth paradox—how to support traffic that is growing faster than revenue . . . . . . . . . . . . . . . . . . . . . .3

Figure 2: Impact that a small number of users can have on mobile traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Figure 3: Traditional data center architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Figure 4: MPLS enables virtualization of data center infrastructure and services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Figure 5: The Junos software advantage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Figure 6: Consolidating data center layers with EX Series and MX Series devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Figure 7: The MX Series advantage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14



Executive Summary

As data services become an increasingly dominant portion of mobile traffic, the data center is emerging as the heart

and soul of the mobile network. With the widespread deployment of third-generation (3G) (and soon 4G) technology

driving the speed of the access network, it is imperative that service providers’ mobile data center architecture is

capable of scaling and adapting to emerging business needs.

To keep costs in line and help drive revenue, mobile operators must design, implement, and operate data centers

with the maximum possible efficiency, scale, and performance. This paper outlines the market forces that are driving

data centers to the forefront of the mobile operator’s business strategy, and discusses the challenges presented by

traditional approaches to data center design.

Mobile network planners will learn how the Juniper Networks® portfolio of routing, switching, and security solutions can

help them architect a data center network that maximizes efficiency, performance, and scale. This paper is essential

reading for mobile operators faced with deploying a data center network that can both reduce costs and help drive

revenue.

Introduction

Service providers are continuing to spend billions of dollars to upgrade their wireless access networks to next-

generation 3G and 4G technologies such Long Term Evolution (LTE). As consumers’ appetite for mobile data services

continues to grow with each new smartphone introduction or application, upgrading the wireless access infrastructure

is a key part of the competitive race for customer loyalty. Fast access speed, though, is but one piece of the puzzle.

High-speed wireless access networks have the ability to attract customers, but with the increasing popularity of

unlimited data plans, they don’t always provide an increase in revenue that correlates with traffic growth. Rather, traffic

growth continues to accelerate at a rate that outpaces revenue. As Figure 1 illustrates, mobile service providers are faced

with a paradox—how to continue to grow and increase average revenue per user (ARPU) in line with traffic growth.

Figure 1: The traffic growth paradox—how to support traffic that is growing faster than revenue

In this environment, mobile service providers (MSPs) are pursuing two strategies in tandem: driving additional

revenue and improving ARPU with new value-added services; and reducing the cost of delivering these services. Key to

achieving both initiatives is a mobile service provider’s data center. As the hub for all service and application delivery,

Mobile Broadband Tra!c Forecast(peta bytes per month)

Tra!c and Revenue Challenge

North AmericaEastern Europe

South American & Caribbean

Source: Informa. Unstrung

Asia-PacificWestern Europe

Middle East & Africa

350

300

250

200

150

100

50

02008 2009 2010 2011 2012

Mobile operaterevenue, TCO and

Revenue decoupledTra!c

Cost

TIME

Revenue

Data Dominant

VoiceDominant



data centers have tremendous impact on mobile operators’ profitability and ability to deliver innovative services with

the speed consumers demand.

For an operator to be successful, its data center needs to be able to accommodate new software/application

development models and the associated rapid shifts in traffic patterns and increased usage by consumers. To keep

costs in line, the data center must also be easy to manage and efficient—both in terms of energy consumption and in

terms of capital expenses and operational ease. Below we will learn how Juniper Networks data center solutions can

help network operators achieve all of these goals, but first let us take a step back and examine the challenges and

market forces that are shaping the requirements for next-generation data centers.

Keeping Pace with Market Requirements

Before considering how to best design a mobile data center, it is helpful to consider the market environment within which it

must operate. With constantly changing consumer tastes and fashions for both mobile devices and applications, perhaps

nowhere do demands on the network and data center change as rapidly as in the world of mobile communications.

An example is the ever increasing competitiveness in the industry which has driven phone manufacturers to open

their platforms to application developers (such as Apple, Inc.’s App Store and BlackBerry’s App World™). While these

applications are great selling points for the mobile device manufacturers, the sudden popularity of the “latest and

greatest” applications can change the behavior of the network dramatically in as little as a few hours.

This presents a very real challenge for MSPs to control costs, particularly as unlimited data plans can dilute ARPU. Add

to this the rise of social media and multimedia communications that extend user-to-user communication far beyond

the ability of voice telephony and simple text messages, and it becomes easy to understand why a single news event

can have a significant impact on the mobile Internet and service provider networks worldwide.

This potential for network volatility also has a significant impact on network capacity planning. In the past, a 12 to18

month window for capacity planning was considered standard practice; however, it is not unrealistic to imagine that we

are quickly approaching a time where information about network usage can be outdated in as little as a few weeks or

even a few days.

It is worth noting that the task of understanding how customers impact the network and how applications are used can

no longer be considered an exercise exclusively for network planners—this information is now vital to the business and

the proper monetization of the network.

Yet despite this, many mobile data centers today are not up to the task of delivering services quickly and efficiently.

Often a patchwork of legacy technologies, these data centers can add unnecessary costs and complexity and can

prohibit a service provider from capitalizing on the latest trends in consumer devices and applications.

Mobile Data Center Challenges

Data centers in many mobile networks were not designed to cope with the demands of today’s high bandwidth services

and applications—and are even less equipped to deal with the future demands that 4G technologies place on the

network. Even if uptake for a data service is relatively modest, it can have a tremendous impact on network and data

center traffic patterns overall. Figure 2 provides some context as to how just a small percentage of users on high-speed

devices can impact traffic on a mobile network.



Figure 2: Impact that a small number of users can have on mobile traffic

With this in mind, it is easy to understand how today’s data centers will be strained as data services and next-generation

technologies such as 4G continue to ramp. Two of the major challenges to the design of mobile data centers have been

their overall architecture—which today is a proliferation of different layers—and network security. In many data centers,

neither of these critical aspects of the network were designed to scale to the level that will soon be required.

Too Many Layers

Historically, the typical data center network has been built upon multiple levels of switches and routers deployed in

three general layers:

Access tier

Aggregation (or distribution) tier

Core tier

0%

10%

20%

30%

40%

50%

60%

70%

80%

Feature Phones

% Subscribers

Smart Phones Data Cards

Source: CSCDistribution of Mobile Data Tra!c

% Data Consumption



Figure 3: Traditional data center architecture

History and evolution are responsible for the large number of switch layers in today’s data center networks. As the

data center network has grown, the previous generation of already-deployed switches hasn’t been able to offer the

throughput or port densities required to support rapidly escalating demands for high-speed connectivity and bandwidth.

To overcome these limitations, switch vendors have offered a triage approach that allows customers to introduce new

devices into their networks to complement the existing infrastructure, while offering new features that are necessary

for the growth of the business.

Naturally, switch vendors have taken advantage of these conditions and used the opportunity to boost revenues by

selling myriad add-on devices and platforms designed to help customers “stay in the race” with their expanding enterprise.

In a quest to meet the ongoing demands of the business, many service providers have been forced to continue layering

devices in their data centers. As one can imagine, this approach adds considerable management complexity, reduced

network availability, and greatly increased capital and operational expenses.

Consider the impact a multilayered data center design has on reliability, for example. In most networks, devices such as

routers, switches, and firewalls are added in parallel pairs. In this case, the availability of the system (i.e., both devices)

is calculated by taking the product of one minus the availability of each component. For example, consider two devices

deployed in parallel that each have an availability of 0.995 (or 99.5%). The availability of this configuration is:

[ 1 – (1 – 0.995)2 ] = 0.9999975 or 99.99975% availability

End of Row

Top of Rack

1 GbE

L2/L3convergence

issues

L2/L3Switch

L2/L3Switch

GGSN GGSN GGSN GGSN



Deploying devices in this manner makes sense because the availability of the parallel configuration is greater than the

availability of either individual component. However, when we look at a multi-tier architecture, this is not a parallel

configuration but a serial one. Now consider the case of two devices deployed serially, with each having an availability of

0.99999 (99.999% or “five 9’s”). In this case, the availability of the system is the product of the two availability numbers:

0.99999 x 0.99999 = 0.99998 or 99.998% availability

The resulting availability calculation of the system is actually worse than the individual components. The implication

is clear—adding multiple layers of devices, especially when the job could be done using fewer devices and layers, never

increases availability.

Additionally, these multilayered data centers often employ technologies such as Spanning Tree Protocol (STP), 802.1p

quality of service (QoS), and 802.1Q VLANs to address the scaling, QoS, and segmentation issues inherent in such an

architecture. These technologies—while well-suited for LAN networks—were never intended to operate with the scale

and reliability required of a service provider’s data center.

Lack of Network Visibility and Security

While the data center architecture has a significant impact on how applications are delivered, it is just as important

that service providers consider how to limit malicious applications, users, or both from accessing these applications.

Network security should be a critical component of data center design, but much like the architectures discussed

above, traditional network security devices were designed for deployment in the LAN and are not capable of delivering

the capacity required by today’s mobile data centers. This has left service providers with the unpleasant choice of

neglecting network security, or deploying a proliferation of small-scale devices—at the expense of more capital

expenditures and operational complexity.

Further complicating matters is the fact that point-based security is not always sufficient to deal with increasingly

sophisticated threats. Given the unpredictability of mobile network traffic, and how suddenly and significantly a single

news event or new application can shift traffic patterns, having visibility into network traffic is critical. Visibility is

essential both to secure a mobile data center and to ensure an adequate strategy for dealing with shifting traffic patterns.

When most people think about having “visibility” into the network, they generally mean having real-time or near

real-time information about a specific piece of the network. Network sniffers, log file analysis tools, and network

management applications are common examples of the tools used to provide this type of information.

While this information about the network is necessary, these types of tools are not answering the bigger questions that

an operator needs to know to adjust to changing market dynamics.

What types of devices and operating systems are using the network?

What applications are being used?

What are the emerging trends?

Who are the top talkers?

What is the potential for network abuse or violation of service terms and conditions?

What are the most often used Web services?

What potential security threats are emerging?

The ability to answer these questions is critical to securing and planning the mobile network—not only in terms of

technology decisions, but also in terms of making the best possible decisions for the business.

Reevaluating Centralization

Historically, mobile data centers have been centralized to a few large hubs near major markets—and with good reason.

The mobile network architecture requires many ancillary services beyond gateway GPRS support nodes (GGSNs),

routers, and switches. Infrastructure components such as billing systems, content gateways, WAP-to-HTTP proxies,

DNS, and AAA servers all play critical roles in providing mobile data services to users.



The need for over-the-top applications to drive additional revenue (such as location-based services and targeted

ad insertion) also require infrastructure to support these capabilities. Couple with this the fact that many Mobile

Telephone Switching Offices (MTSOs) are simply not equipped to handle the infrastructure needs of these services

in terms of rack space, power, and cooling, and it is easy to understand the economies of scale that are gained by

centralizing these functions.

4G technologies such as LTE will most notably impact the network by dramatically increasing the data rates by at least

an order of magnitude beyond current 3G technologies. This monumental increase in network bandwidth presents

a significant challenge for the existing mobile data center using the current architecture. Some decentralization will

arguably be required to effectively scale the network—the question is “how much.” While some network functions

such as the Packet Data Network Gateway (PDN-GW) could be decentralized, this does little, if nothing, to address

the needs of infrastructure services, over-the-top applications, and content insertion which are better scaled in more

centralized locations.

Therefore, it is imperative that the next-generation data center has the proper architecture, tools, technologies, and

flexibility to allow for some decentralization of network elements, while still providing a simple and effective architecture

to allow for integration with services that will continue to be centralized by necessity for the foreseeable future.

Juniper’s Vision for a Next-Generation Mobile Data Center

Juniper’s vision for a next-generation mobile data center addresses the challenges outlined above with a fresh

approach to data center design and architecture that leverages proven platforms and solutions that are already widely

deployed in service provider networks. Built upon the strong foundation of Juniper Networks Junos® software, Juniper’s

mobile data center architecture delivers consistent operations and ease of management. By leveraging advanced

hardware platforms such as Juniper Networks EX Series Ethernet Switches, MX Ethernet Services Routers, and SRX

Series Services Gateways, a Juniper data center can collapse layers while providing advanced security and application-

aware networking. And by taking advantage of technologies such as virtualization and MPLS—already in use in many

service provider networks—Juniper’s data center design can help service providers address the challenges associated

with data center centralization.

In short, Juniper’s next-generation data center architecture reduces capital and operational costs, improves reliability

and scalability, and enables mobile operators to capitalize on rapidly changing market trends. Below we will outline

the specific components of Juniper’s mobile data center architecture starting with the general technologies, and later

delving into specific product details. We will then discuss the role that each of these plays in addressing the market

needs of mobile operators.

Virtualization Is the Key

Virtualization is a technology familiar to most data center designers, widely used to improve the efficiency of storage

and computing resources. Generally speaking, virtualization is a technique for hiding the physical characteristics of

computing resources from the way in which other systems, applications, or end users interact with those resources.

This can mean making a single physical resource such as a server, an operating system, an application, or a storage

device appear to function as multiple logical resources (e.g., a server running multiple applications in separate virtual

machines), or making multiple physical resources such as storage devices or servers appear as a single logical resource

(e.g., network load balancers).

Virtualization technologies at various levels have been introduced in the data center in the context of storage arrays

and servers. Just as importantly, the data center network infrastructure can benefit from virtualization—both to

improve the resource utilization of routers and other networked devices and to help service providers flexibly allocate

resources across geographic locations. Network infrastructure manifests virtualization through VPNs, labels, and tags

of forwarding plane traffic, while network services can be virtualized through the definition of service instances and

application of unique processing logic to the different instances. Thus, the overall data virtualization capabilities of the

data center are key requirements that effectively drive efficiency.



MPLS: The Next Logical Step in the Evolution of Data Center Networks

MPLS is a set of networking technologies and protocols used to enhance IP network efficiency and quality. Although

sometimes perceived as complex, MPLS actually serves to simplify the network, reduce costs, and enable a

segmentation of the network that results in greater control and resiliency.

It is important to understand that MPLS is not just a protocol for the WAN. Many service providers were quick to see

the benefits that MPLS brought to their operation and implemented it on a wide scale. A large number of enterprise

IT, application service providers (ASPs), and data center organizations are now beginning to see the potential benefits

that virtualization, and specifically MPLS, brings to their network infrastructure—particularly where scale, resiliency,

availability, segmentation, and security are all very important considerations.

Why MPLS?

Simply put, MPLS brings the benefits of guaranteed and controllable bandwidth, secure virtualization, and high levels of resiliency—attributes which are all key to the success of the next-generation data center.

The next-generation mobile data center can take advantage of the same MPLS benefits that service providers

have enjoyed for many years. Technologies such as MPLS fast reroute, service traffic separation using L3 VPNs, and

automatic traffic engineering where label-switched paths (LSPs) are resized and moved as needed to other paths that

can accommodate the traffic load, have proven to be highly effective and scalable

As noted briefly above, many data centers today use non-MPLS mechanisms such as VLANs to achieve these goals.

While these approaches may work, they were originally designed for LANs and as such, are very hard to manage, require

an enormous amount of manual provisioning and static mappings end-to-end, and are prone to configuration mishaps.

When we compare the fundamental abilities of traditional VLANs to MPLS, we can see many similarities, yet MPLS

provides many advantages that traditional VLAN-based architectures cannot address (see Table 1).

Table 1: Extending VLAN Knowledge to MPLS

VLAN COMPONENTS MPLS COMPONENTS

VLAN segmentation is localized and limited in scale Allows network-wide segmentation with very large scale

VLAN tags (4 bytes)

16-bit PID

3-bit priority

1-bit CFI

12-bit VLAN ID

MPLS label stack (4 bytes)

20-bit label

3-bit QoS (EXP)

1-bit bottom of stack flag

8-bit time-to-live (TTL) field

Only L2 segmentation Flexible L2 and L3 segmentation

Spanning Tree Protocol (STP) OSPF, Link Control Protocol (LDP), RSVP

Active/blocking of ports Equal-cost multipath (ECMP)

VLAN trunking LSP switching

VLAN access control lists (ACLs) IP ACLs

802.1p QoS markings Di"Serv code point (DSCP)/EXP QoS markings

Ethernet failures/repair Fast reroute capabilities and Bidirectional Forwarding Detection (BFD)

With MPLS VPNs, provisioning is done only at the edge of the network, and the endpoints are discovered through

autodiscovery (AD) mechanisms (multiprotocol BGP). Whether using L2 or L3 VPNs, the underlying protocols and

concepts work the same way, providing a consistent model for both provisioning and operations.



Layer 3 VPNs can be used within the next-generation mobile data center in several different ways.

To partition consumers accessing the network into unique “zones” based on their service type and billing plan

To present virtualized applications and services into each VPN in a manner that allows for continued flexibility,

scalability, and “atomic” application failover between data centers

To provide unique VPNs for large commercial customers

To separate Internet and external partner routing information

For example, a DNS server should simply be viewed as a service with a finite amount of capacity. In which data center the

service exists should not matter—in fact, using techniques such as IP Anycast within a Layer 3 VPN, the service can exist

in multiple locations simultaneously. Using this technique will help increase service availability for customers by avoiding

the disruption caused by rerouting them to another Network Data Center (NDC) when a service fails in one NDC.

Advantage of MPLS VPNs

Consistent operations and provisioning model for both Layer 2 and Layer 3 VPNs.

Isolation of VPNs from the network core increases both scalability and reliability.

Segmentation of traffic means that problems that occur in one VPN cannot impact applications or services in another VPN.

VPLS can be used to effectively extend a common Layer 2 domain within the same data center or even across multiple data centers.

MPLS VPNs are also a way to gracefully introduce IPv6 into the network without having to introduce IPv6 on all devices.

Layer 2 VPNs may also be used to address other problems that cannot be easily addressed by Layer 3 solutions. Virtual

private LAN service (VPLS) is a point-to-multipoint L2 VPN technology that emulates a LAN service that can be used

to provide connectivity where L3 routing is not an option. For example, some server high availability (HA) protocols

rely on a strictly Layer 2 heartbeat mechanism to detect service failures. In addition, using VPLS also offers innovative

geographic redundancy and disaster recovery solutions by effectively eliminating the requirement that active and

backup servers must be co-located with one another.



Figure 4: MPLS enables virtualization of data center infrastructure and services

In conclusion, MPLS L2 and L3 VPNs offer the ability to address several problems that are not easily solved by today’s

conventional solutions. These technologies provide flexible solutions that enable mobile operators to virtualize

infrastructure services and content applications, regardless of geographic boundaries.

Junos So!ware: The Silver Bullet

From a product perspective, the starting point for Juniper’s ability to improve efficiency and operations costs lies in

Junos software, the single operating system that unifies routing, switching, security, and network services from Juniper

Networks. Every Juniper switch and router employs Junos software, ensuring consistent and predictable behavior

across the entire product family.

Fundamental to the value of Junos are the “three ones”—one source code, one release train, and one modular

architecture. Running a common operating system across Juniper products dramatically reduces maintenance and

management overhead while ensuring a single, consistent implementation of each control plane feature, as well as a

consistent implementation and management of those features.

EX4200



Figure 5: The Junos software advantage

Contrast the singular approach of Junos to the multilayered design of many data centers as discussed above, and it

is easy to see how Junos can reduce operating costs and complexity. In a traditional implementation, many of these

disparate layers will run different operating systems for each variety of network equipment—sometimes more than one

OS per layer. Additionally, because Junos is already deployed in virtually all major service provider networks today, using

Junos-based platforms to provide data center networking capabilities will ensure consistent operations not just within

the data center—but across the data center and the network backbone as well.

MX Series Ethernet Services Routers

The centerpiece of Juniper’s next-generation mobile data center solution is the MX Series. MX Series platforms have

set the bar in the industry as the most scalable, cost-effective, and feature-rich family of Ethernet Services Routers.

Together with their high density and switching capabilities, MX Series routers are the platform of choice for the next-

generation mobile data center.

The MX Series enables mobile operators to virtualize their data center networks and services—both by supporting

virtualization within the platform, and through MPLS VPNs as discussed above. All flavors of MPLS VPNs are supported

in hardware today, including L2 BGP/LDP VPLS, and L3 VPNs (IPv4, IPv6, and multicast).

When combined with the Virtual Chassis technology in the EX Series Ethernet Switches, the EX Series and MX Series

can enable mobile operators to eliminate many of the layers that have plagued their data centers in the past. The

flexibility of Juniper Networks EX4200 Ethernet Switch with Virtual Chassis architecture enables the distribution of

load-sharing, and redundant 10GbE links from the access to the core to flexibly meet customer network configuration

requirements. With fewer ports required at the aggregation layer, fewer devices are required, effectively removing the

need for the layer and “collapsing” it with the core.

Delivers Management and Operational Simplicity

Leverage E!ciencies Across Portfolio

J Series TX Matrix

ONE OS

ONE RELEASE

ONE ARCHITECTURE

9.4

9.59.4 9.6

ModuleX

Frequent releases

AP

I

T Series

MX SeriesSRX5800

SRX5600 M Series

J Series

EX8200 Line

EX8200 Line

EX4200 Line

NSMExpress

NSM

EX3200 Line



Figure 6: Consolidating data center layers with EX Series and MX Series devices

Additionally, the MX Series provides a wide range of hardware-based Ethernet services, including L2 bridging, switching

and media access control (MAC) learning, and software support for up to 1 million MAC addresses per chassis. Because

the MX Series provides industry leading port densities and energy efficiency (Figure 7), mobile operators will see a

reduction in ongoing operating expenses, as well as initial costs (because fewer platforms are required to support the

same number of interfaces). Juniper estimates that the MX Series can improve energy efficiency by as much as 30%

compared to competitive platforms—over the life of the equipment, this can be a tremendous savings.

Core ONLY



Figure 7: The MX Series advantage

Security at Scale: SRX Series Services Gateways

To overcome the challenges of securing a next-generation data center requires a new approach—security appliances

designed for the LAN simply do not provide the scale or reliability required of mobile networks. Juniper Networks SRX

Series Services Gateways provide this new approach: the SRX Series hardware leverages over 10 years of experience

from all of Juniper’s various products, applying many of the principles of service provider router design to create

the industry’s highest capacity security platform. In particular, the SRX Series has been designed using a similar

architecture to that employed in the Juniper Networks MX Series Ethernet Services Routers.

Like the MX Series and all of Juniper’s service provider routers, the SRX Series has true separation between control and

forwarding planes. The control plane allows all of the management and dynamic routing interaction to occur separate

from the data plane processing. The data plane is a high-performance switching backplane that allows for line rate

transversal of traffic between Services Processing Cards (SPCs) and interface cards. This ensures that the chassis can

push traffic as fast as it can be processed by the SPCs.

The interface cards also are similar to the interfaces used on the MX Series platforms. The difference is that the SRX

Series needs to be able to implement secure traffic services—and the SPCs provide this capability. The SPCs offer line

rate performance, creating no road blocks for getting traffic in and out of the interfaces.

The interface capability of the Juniper Networks SRX5000 line is extremely high density for a firewall. It can support up

to 10 slots of interfaces mixing and matching 4-port 10GbE interface cards and 40-port GbE interfaces. The remaining

slots can be used for SPCs.

The SRX Series is also unique in the industry in that it has been designed from day one to have an expandable security

processing hardware architecture. This allows initial deployments to start small in terms of the number of SPCs that

are used, and additional cards can be added later to scale the performance over time. Each new SPC that is added to

the system increases the performance in a predictable way, and this allows the organization to plan for the hardware it

needs as its needs grow.

On the SRX5000 line, each SPC contains two Services Processing Units (SPUs), each acting as a high density

processor. The first SPC uses one of the SPUs as a central point. The central point processes traffic like each of the

other SPUs, but it also is the central truth for determining if a session already exists or not. The central point is used

as the central truth whether or not a session is already created. If traffic enters the SRX Series and the session is not

created, then the central point sends the traffic to the next available SPU based upon its load-balancing algorithm.

The SPU performs most of the security services on SRX Series Services Gateways. This is essentially the heavy lifting

Physicaldimensions

Capacity

10 GigE/GigE portsMACAddresses

5 RU(9 per 7 ! rack)

240 Gbps

32/120

1 million

8 RU/(6 per 7 ! rack)

480 Gbps

96/240

1 million

16 RU/(3 per 7 ! rack)

MX240 MX480 MX960

960 Gbps

176/480

1 million



on these devices. All firewall functions, intrusion prevention system (IPS), and session state maintenance is done on

the SPU. If more performance is needed, an additional SPC can be added to increase performance. This reduces the

need to perform an expensive forklift upgrade of a low performance device.

Furthermore, the SRX Series runs Junos as its network operating system. Juniper is the only company in the industry

with routing and security platforms that run the same OS. This consistency across product families provides a

tremendous cost and time advantage in the mobile data center, where platforms will often be deployed side-by-side

and managed by the same team.

The SRX Series is the only platform in the industry capable of delivering the type of performance and scalability

required in the mobile data center. As such, an SRX Series appliance can be deployed in the data center with

confidence that it will be able to handle all of the necessary sessions without impacting service quality.

Enabling Network Visibility Through STRM Series

While the SRX Series provides a highly scalable security platform, increasingly sophisticated and distributed threats

are not always detectable by traditional methods such as firewalls and intrusion prevention systems. Especially in a

mobile data center environment, where users are accessing services and applications from a wide array of devices and

locations, service providers need visibility into network trends and events to supplement platform-based security such

as that provided by the SRX Series.

Juniper Networks STRM Series Security Threat Response Managers are carrier class appliances that deliver this

network-wide visibility. Using data from network-based devices like firewalls and routers, the STRM Series provides

scalable security threat management, as well as flow and event monitoring, to deliver robust information about the

scope and natures of applications and services running on the network.

STRM Series devices survey the entire network using input from sources such as SRX Series firewalls and flow

monitoring capabilities on Juniper routers and switches deployed in the data center network. This enables Layer 3 and

Layer 4 analyses of application behavior and a detailed history of all network flow activity. Leveraging flow information

as a source, STRM Series discovers the rate, volume, and nature of network traffic to detect issues that affect service

levels, and it offers early detection of security threats that would otherwise go unnoticed.

Additionally, STRM Series QFlow collectors can be connected to the network at strategic points (the network core,

perimeter, and in front of key server farms) to monitor critical network traffic. STRM Series devices analyze these

traffic flows to create a flow record that contains details of the conversation, including a deep packet inspection that

identifies the actual application (regardless of port).

The STRM Series uses the information it collects from flow monitoring sources to create a picture of the assets that

exist within a network environment, their vulnerability level, and business value. These asset profiles are then used

as a contextual correlation source for other incoming security events. By providing network-wide intelligence and

contextual information about network security events, the STRM Series completes the security equation in mobile data

center networks—with the SRX Series providing high-performance, highly scalable firewall and IPS services, and the

STRM Series providing contextual intelligence which operators can use to both counteract threats and adjust network

properties to accommodate changing traffic patterns. With the STRM Series, mobile operators can be assured that

their data is both secure and prepared to adapt to whatever consumers can throw at it.

Conclusion

Aging network systems and old habits have dictated how mobile service providers invest in data center networks.

As a result, a large percentage, if not a majority, of investment is being spent to merely “stay in the race.” While this

model keeps revenue streams flowing for legacy network vendors, it doesn’t necessarily help mobile operators gain a

competitive advantage by “winning the race” or “changing the rules.”

Juniper can change this economic model by delivering a new family of solutions that reduce capital and operational

expenses in mobile data center networks. By freeing up these budget dollars, service providers can invest in other

innovative technologies that will further reduce the cost of doing business, while improving competitiveness and

focusing on activities that will have the greatest positive impact on the bottom line.

2000330-001-EN Oct 2009

Copyright 2009 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. Junos is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

EMEA Headquarters

Juniper Networks Ireland

Airside Business Park

Swords, County Dublin, Ireland

Phone: 35.31.8903.600

EMEA Sales: 00800.4586.4737

Fax: 35.31.8903.601

APAC Headquarters

Juniper Networks (Hong Kong)

26/F, Cityplaza One

1111 King’s Road

Taikoo Shing, Hong Kong

Phone: 852.2332.3636

Fax: 852.2574.7803

Corporate and Sales Headquarters

Juniper Networks, Inc.

1194 North Mathilda Avenue

Sunnyvale, CA 94089 USA

Phone: 888.JUNIPER (888.586.4737)

or 408.745.2000

Fax: 408.745.2100

www.juniper.net

To purchase Juniper Networks solutions,

please contact your Juniper Networks

representative at 1-866-298-6428 or

authorized reseller.

Printed on recycled paper



Our products, including a new family of high-performance Ethernet switches and security products, redefine the

way mobile operators build their data center networks. Offering high port densities, wire-speed connectivity, and

high availability in compact, pay-as-you-grow platforms, the MX Series Ethernet Switches and SRX Series Services

Gateways represent a powerful yet cost-effective alternative to the aging and expensive solutions pushed by today’s

incumbent switch vendors. By offering a smaller footprint combined with lower power and cooling requirements,

Juniper’s solutions represent the efficient and “green” solutions that operators are looking for to power the networks of

the future.

Since Juniper Networks switches, routers, and firewalls are powered by a single, consistent operating system, the

network infrastructure is exceedingly easy to deploy, configure, and upgrade, saving considerable resources that can be

reallocated to further improve business operations and increase revenue. Combined with technologies such as MPLS

and virtualization, Juniper’s mobile data center solutions enable service providers to optimize their data centers and

rapidly adjust to changing market demands.

By deploying a mobile data center network based on Juniper’s routing, security, and switching solutions, service

providers can stop spending on upgrading legacy systems and begin investing in their future. A Juniper-based data

center network enables mobile operators to achieve both cost reductions and increased revenue through service

velocity, and it helps provide a solution that can accelerate revenue to keep pace with traffic growth.

References

For more information on this topic, please refer to the additional whitepapers and implementation guides listed below.

Junos: The Power of One Operating System

www.juniper.net/us/en/local/pdf/brochures/1500059-en.pdf

Opportunities and Challenges with Next-Generation Data Centers

www.juniper.net/us/en/local/pdf/whitepapers/2000315-en.pdf

Implementing L2 at the Data Center Access Layer on Juniper Networks Infrastructure

www.juniper.net/us/en/local/pdf/implementation-guides/8010014-en.pdf

The High-Performance Data Center

www.juniper.net/us/en/local/pdf/brochures/1600028-en.pdf

About Juniper Networks

Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network

infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and

applications over a single network. This fuels high-performance businesses. Additional information can be found at

www.juniper.net.

enabling the next-generation mobile data center

Technology

mobile data services

data center design

cient data center

data centers

generation of mobile

mobile network planners

ex series

srx series services