juniper - do you need a broadband remote access server

WHITE PAPER

Copyright © 2010, Juniper Networks, Inc.

Do You NeeD a BroaDBaND remote access server?

Functionality and Trade-Offs of Using Smart DSLAMs and MSANs

ii Copyright © 2010, Juniper Networks, Inc.

WHIte PaPer - Do You Need a Broadband remote access server?

Table of FiguresFigure 1: centralized and distributed intelligence broadband models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Figure 2: centralized Bsr supporting multiple access methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Figure 3: simple broadband connection using PPPoX (for Internet access) and IPoe (for IPtv) . . . . . . . . . . . . . . . . . . 4

Figure 4: msaN per-service queuing based on 802 .1p bits marked by Bsr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Figure 5: Per-subscriber Qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Figure 6: Hierarchical per-subscriber Qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Figure 7: mcac at Bsr, based on subscriber link utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Figure 8: asymmetric security in a broadband network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Figure 9: overview of Juniper Networks routers supporting wireline broadband networks . . . . . . . . . . . . . . . . . . . . . 9

Table of Contentsexecutive summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

centralized control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

PPPoX termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

DHcP support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Quality of service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Dynamic Bandwidth management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Juniper support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

about Juniper Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Copyright © 2010, Juniper Networks, Inc. 1


Executive SummaryThere are many misconceptions about the role of the DSL Forum’s Broadband Network Gateway (BNG), better known as a Broadband Remote Access Server (BRAS) or Broadband Services Router (BSR). The BSR has evolved significantly from its original role of terminating PPPoX sessions. Proponents talk about enhanced subscriber management capabilities, while detractors claim that all needed functions can be done by a smart Digital Subscriber Line Access Multiplexer (DSLAM) or MSAN (Multiservice Access Node). These alternatives are shown in Figure 1.

Figure 1: centralized and distributed intelligence broadband models

There are several functions that must be performed to successfully support broadband traffic. This paper describes the key functions that may need to be implemented by the smart edge device, either the MSAN or the BSR.

It is not intended as a decision guide on whether to use PPPoX or IP over Ethernet (IPoE), nor to provide a tutorial on what enhancements are required to allow DHCP to be used on a broadband network.

In addition, the intent is not to advocate that a BSR be used in the network, but rather to provide an understanding of the functions that it typically provides. This allows you to determine whether these functions are required in your network, and whether these functions are best provided by a centralized BSR or by distributed MSANs. Juniper Networks® supports both network implementations.

What Is an MSAN?MSAN is a generic term for a device that aggregates xDSL, passive optical network (PON), Ethernet, plain old telephone service (POTS) and T1 traffic from subscribers. Some operators terminate these functions in single service MSANs, including DSLAMs, OLTs and data link controls (DLCs), while others are terminating multiple services using a single MSAN chassis.

MSAN Switch

Apps

Diributed“Smart MSAN”

Centralized“Broadband Services

Router (BSR)”

Switch

2 Copyright © 2010, Juniper Networks, Inc.


IntroductionThe BSR has evolved over time to provide a myriad of capabilities targeted at improving the service provider’s ability to control what each subscriber is doing based upon the service they have signed up for, as well as simplifying overall network operations. Table 1 summarizes the key functions of the BSR.

FEATURE FEATURE DESCRIPTION BENEFITcentralized control Single point of operational control Avoids needing to “touch” each MSAN to make a

network change

Access agnostic architecture Uses a common operational model to support all access devices, allowing you to select the lowest cost MSAN which meets your needs

MSAN independence Allows operator to select lowest-cost MSAN which aggregates subscriber traffic

PPPoX termination Establish connection-oriented sessions with keep-alives

Simplifies subscriber management

DHcP support DHCP Relay converts broadcast to unicast

Reduces network traffic

DHCP Proxy tracks DHCP lease life and renews leases

Improves security by hiding address of real DHCP server; simplifies network operations by ensuring that subscriber keeps same IP address

RADIUS Proxy communicates with RADIUS server

Allows single subscriber database for PPPoX and DHCP subscribers; allows use of RADIUS accounting

DHCP Local Server Eliminates need for separate DHCP servers

Quality of service (Qos) Per-service marking and queuing Provides basic application-level QoS without considering what different subscribers are doing

Per-subscriber Queues and schedules traffic separately for each subscriber

Hierarchical queuing Looks at various potential network bottlenecks to queue and schedule traffic independently for each subscriber

Multicast call admission control Ensures video quality by allowing new multicast (IPTV) sessions only if bandwidth is available

Dynamic bandwidth management Ensures subscriber satisfaction by verifying network resource availability and dynamically marking packets

security IP Address Tracking Limits number of addresses which can be assigned to a subscriber, and drops traffic from other IP addresses

Firewall Protects network from attack by checking traffic from subscribers



Centralized ControlPerhaps the most important motivator for deploying a BSR has nothing to do with technology, but rather with minimizing the total cost. Using a BSR provides three key benefits:

• Single point for change control: If a network change needs to occur, it is simpler to make the change at a single BSR than at dozens, hundreds or even thousands of devices. This is a critical reason why virtually every large broadband operator has BSRs in the network. For example, it is simpler to update a single, centrally located security appliance than it is to push security updates to each MSAN. In addition, having a centrally located backup security appliance allows this upgrade to occur without taking subscribers out of service.

• Common access-agnostic operational model: Each MSAN has its own configuration tools, language and capabilities, driving up costs as technicians need to learn different products. This also limits the ability to move to newer products from different vendors, including migrating to a higher speed solution such as PON. Implementing different features on different MSANs is also operationally expensive, as technicians must figure out how customers are connected before resolving problems.

Figure 2: centralized Bsr supporting multiple access methods

• MSAN independence: Finally, adding intelligence into the MSAN drives up the cost of every MSAN in the network. Paying “a little bit more” for each MSAN often ends up costing more in the long run than deploying a BSR.

Allowing the MSAN to do what it does best—aggregating subscriber traffic—often leads to the lowest overall cost solution. This total cost of ownership (TCO) business case is most compelling for larger operators supporting thousands of MSANs. Smaller operators may be willing to focus on minimizing the cost benefits of deploying BSRs and deploy smarter, more expensive MSANs instead.

Switch

Dial Up

BSR

IP BACKBONE

Switch

DSL

Switch

Cable

Switch

LMDS802.11

Switch

Satellite(DVB)

Switch

EthernetVLAN

Switch

Leased LineIP or L2



PPPoX TerminationOriginally used for dial-in networks, Point-to-Point Protocol (PPP) was adopted by the DSL Forum because of its additional important functionality. As DHCP has been enhanced to provide many of these functions, it is becoming more common to build networks without PPP. One driving force behind this transition is the adoption of IPTV service across broadband networks, which does not work well with PPP. Since the BSR was initially designed to terminate PPP, the argument goes, it is no longer necessary to have one in the network1.

Many new deployments—notably smaller operators—elect to implement a pure DHCP solution, so PPP termination is rarely the motivator to deploy a new BSR. However, PPP is still widely deployed, with many established broadband providers continuing to use PPP for new subscribers because of its benefits. Regardless of whether PPPoX is used for Internet traffic, IPTV traffic is transmitted across a separate (non-PPPoX) connection as illustrated in Figure 3.

Figure 3: simple broadband connection using PPPoX (for Internet access) and IPoe (for IPtv)

DHCP SupportWhen using DHCP2, the network ideally provides several addressing capabilities:

• DHCP Relay: This capability minimizes network overhead and improves security by converting DHCP broadcasts to unicast.

• DHCP Proxy: This further improves security by hiding the address of the real DHCP server; and reduces network complexity by ensuring that each subscriber uses a single IP address.

• RADIUS Proxy: This allows the DHCP Relay Agent to receive information about the subscriber’s permissions from a RADIUS server, and to track subscriber usage via RADIUS accounting.

• DHCP Local Server: The DHCP Relay Agent can also serve as the DHCP server, assigning IP addresses to subscribers upon request. This eliminates the need to have a separate server farm supporting this function.

All of these functions are supported by BSRs. It is becoming increasingly common for MSANs to implement DHCP Relay, although DHCP Proxy and RADIUS Proxy are less frequently implemented. Only BSRs implement the Local Server function.

VLAN for Internet Access

PPP session carried within VLAN

Internet Traffic

IPTV contentVLAN for IPTV

BSRMSANDSL



Quality of ServiceAnother important requirement of the broadband network is its ability to effectively manage traffic in the access network. One approach, per-service QoS, prioritizes traffic based strictly on the priority bit settings within the packet. In the extreme case, a few subscribers running all high-priority applications could prevent low-priority traffic from reaching other subscribers. More realistically, the high-priority subscribers will receive more than their fair share of the bandwidth, at the expense of other subscribers. The second approach, per-subscriber QoS, manages traffic based on both priority bit settings and destination. This ensures that each subscriber gets a fair share of the bandwidth.

With this in mind, there are several capabilities that can be provided by the broadband network:

• Per-service marking and queuing: Subscriber-bound traffic must be marked to conform to service provider standards. For example, VoIP traffic may be marked differently than Web traffic. Individual packets may be prioritized based on Layer 3 IP DiffServ markings or based on Layer 2 Ethernet 802.1p markings. Application servers and gateways typically mark IP DiffServ bits, and IP routers can use these bits to prioritize traffic.

However, Layer 2 equipment such as lower-cost MSANs can only look at the Ethernet markings. Therefore, the choices are to purchase MSANs that have the processing and memory to examine DiffServ bits, or else have something in the network (typically a BSR) that sets the 802.1p bits based on the DiffServ settings. This is depicted in Figure 4.

Figure 4: msaN per-service queuing based on 802 .1p bits marked by Bsr

• Per-subscriber QoS: Ensuring that each subscriber gets his/her fair share of bandwidth requires per-subscriber QoS where there is a separate set of priority queues for every subscriber. This also allows the network to deliver different types of traffic to different subscribers at the same time. Figure 5 provides a simple example of per-subscriber queuing.

Due to the large number of queues and associated memory, per-subscriber queuing is typically provided only by custom application-specific integrated circuits (ASICs) in BSRs.

Figure 5: Per-subscriber Qos

Sche

dule

r

802.1p = 7

MSAN

BSR

802.1p = 7, 6

802.1p = 5, 4VoIP Frame• DiffServ = AF41• 802.1p = 45

VoIP Frame• DiffServ = AF41• 802.1p = (Not set)

802.1p = 3, 2

802.1p = 1, 0

802.1p = 6802.1p = 5802.1p = 4 Set

802.1p802.1p = 3802.1p = 2802.1p = 1802.1p = 0

Control1 1 2 2 1 1 2 2 1 1Sub. 1

IPTV

VoD

VoIP

VPNGaming

Web

ControlSub. 2

IPTV

VoD

VoIP

VPNGaming

Web

ControlSub. N

IPTV

VoD

VoIP

VPNGaming

Web

Sorted packets:• Packets to each subscriber in priority order• Each subscriber gets their fair share

Sorting based on:• Application requirements• Destination

Unsorted packets• Destined for two subscribers

Subscriber #2

Subscriber #1

MSAN

BSR



• Hierarchical queuing: A related capability is hierarchical queuing, which looks at different potential bottlenecks before determining how to schedule traffic. For example, the MSAN or BSR can look at bandwidth utilization on a shared PON link to ensure that this link is not oversubscribed, and to ensure that each subscriber gets their fair share of the shared fiber connection.

In addition, the BSR can verify that bandwidth to the MSAN is available. Internet-based video, video on demand (VoD) and HDTV are driving up bandwidth requirements to the MSAN, making this link a potential bottleneck. By controlling traffic being sent to the MSAN, the BSR further ensures that each subscriber gets a fair share of bandwidth.

This function, depicted in Figure 6, is provided by custom ASICs in a BSR.

Figure 6: Hierarchical per-subscriber Qos

QoS continues to be an important differentiator for BSRs. Commercial chipsets used in MSANs cannot support separate queues for each subscriber, and only the BSR can dynamically control bandwidth to each MSAN.

Dynamic Bandwidth ManagementClosely related to QoS is dynamic bandwidth management—ensuring that the bandwidth is available to support a new application, making network changes to support requests, and preventing new services that can affect existing sessions. This last capability is call admission control and is similar to what is done in traditional voice networks.

• Multicast Call Admission Control (MCAC): This capability prevents the network (MSAN or BSR) from honoring channel change requests that would oversubscribe bandwidth to the subscriber. For example, a subscriber may have enough bandwidth to support one SDTV and one HDTV connection. If one TV is already viewing HDTV content, then the other TVs must be prevented from attempting to view a different HD channel.

Most often, operators avoid this situation by only limiting the number and type (SD/HD) of set-top box receivers each subscriber can have. This is becoming a serious concern for both subscribers and operators, who often would like to support more TVs that use the same bandwidth or choose which TV on which to view the HD content. For these situations, MCAC is the preferred solution.

An additional complication arises as video traffic moves to a unicast model. In this case, it is more likely that the connection to the MSAN, rather than the link to the subscriber, can be the bandwidth bottleneck. Therefore, it is necessary to look at available bandwidth to both the MSAN and the subscriber to determine whether the request can be honored.

Home 1Queues

VLANPer MSAN Scheduler

(if required)

To DSLAM or SwitchGigE

BSR

VoIPInternet AccessVPN ServiceBroadcast TV

IP/VLAN Node(per household)

IP QueueService Queues(per subscriber)

Home 2Queues

Business 1Queues

DSLAM x DSLAM y DSLAM 1

Multicast Traffic(unique VLAN)



Figure 7 shows a sample calculation to decide whether a channel change request can be honored. In this example, this function is performed by the BSR, based solely upon bandwidth to the subscriber. An analogous calculation can check bandwidth available to the MSAN as well. Some MSANs also support multicast CAC, although only BSRs can consider bandwidth to the MSAN when determining whether to honor the request.

Figure 7: mcac at Bsr, based on subscriber link utilization

• Unicast bandwidth management: Incoming requests to establish new sessions can be checked against criteria such as available bandwidth to determine whether the connection can be permitted. For instance, a session border controller that cannot accept any more calls must inform the MSAN or BSR that the call cannot be completed.

Unlike multicast IPTV, these applications each have their own control protocols. Therefore, the application server must ask the network whether resources are available, after determining the required resources. For example, when a subscriber requests to view VoD content, the VoD system first determines that the requested content is 3.75 Mbps (SDTV), and then asks whether this much bandwidth is available from server to subscriber.

To accomplish this, there must be a single device that holds a complete picture of the network, including existing bandwidth commitments. This device, architecturally called a Policy Decision Point (PDP), makes the decision about whether new requests can be honored. In addition to informing the application, it may also need to tell certain network elements, called Policy enforcement Points (PePs), how to treat this traffic. For example, once it is determined that a VoIP session can be supported, this traffic can be marked as high priority if (and only if) the subscriber has signed up for VoIP service. Otherwise, a different policy is applied to mark it as “best efforts” traffic.

Dynamic bandwidth management is recognized as an important mechanism for protecting the network and improving revenues by controlling network access. Current MSANs do not work with PDPs (that is, do not function as a PEP), while many BSRs do support this. An important requirement is that the PDP use standard Web services such as Simple Object Access Protocol (SOAP) to communicate with application servers, making it as easy as possible to support a wide range of applications.

Group Bandwidth

Bandwidth per channel

IGMP (join 224.1.1.2)

Bandwidth (per subscriber)

224.1.1.2

224.1.12.101

224.1.12.102

2 (SD)

6 (HD)

6 (HD)

Sub Total Commit Request

Approved: Total bandwidth is < 10 Mbps

Approved: Total bandwidth is < 10 Mbps

Denied: Total bandwidth exceeds 10 Mbps

Total

10.10.1.3 10 0 2 2

Sub Total Commit Request Total

10.10.1.3 10 2 6 8

Sub Total Commit Request Total

10.10.1.3 10 8 6 14

IGMP (join 224.1.12.101)

IGMP (join 224.1.12.102)

Denial Message

10 Mbps

Subscriber

1 Gbps 1 Gbps

DSLAM Port

Channel 318

Channel 2

MSAN Switch BSR



SecurityProtecting the application servers from attack is another fundamental network requirement.

• IP Address Tracking: The network should ensure that only authorized subscribers can access the network by dropping traffic from IP addresses that have not been assigned to this subscriber. This information can be learned from DHCP flows. As a related capability, the network should limit the number of IP addresses that can be assigned to a subscriber.

• Firewall: Incoming traffic from subscribers can be redirected to a security appliance to protect against network attacks. If an attack is noted, the policy enforcement node can be instructed to drop incoming packets from a given subscriber. Generally, all traffic from all subscribers is validated, while traffic to subscribers (which originates at trusted servers within the network) bypasses the security check. This prevents the security appliance from being overwhelmed by IP video traffic.

Figure 8 depicts a network supporting asymmetric security. On the left, traffic from the subscriber is checked and allowed to pass to the application server, which responds by forwarding application traffic. On the right, an attack is detected, so the security device notifies the network to drop all traffic from this subscriber. In addition, information about the attack will be displayed on an operator console. The application server does not see the attack.

Providing this function requires deploying a security appliance alongside the redirection engine, as well as support for this asymmetric model. It is not cost effective to do the former, and most MSANs do not support the latter. The most common solution is to have the MSAN itself provide some level of checking to protect against common attacks such as Distributed Denial of Service (DDoS). The MSAN vendor provides periodic updates that the operator must apply to each MSAN.

Figure 8: asymmetric security in a broadband network

ISG Series

BSR

PolicyEnforcement

Point

SecurityAppliance

SRC PolicyEngine

COREMSAN

ISG Series

BSR

PolicyEnforcement

Point

SecurityAppliance

COREMSAN



Juniper SupportAs shown in Figure 9, Juniper supports a wide range of connectivity for access networks. MSANs and aggregation switches can connect upstream to any of three Juniper Networks routers:

• Ethernet aggregation switches (Juniper Networks MX Series 3D Universal Edge Routers)

• IP routers with high Ethernet density (Juniper Networks M Series Multiservice Edge Routers)

• Broadband Services Routers (Juniper Networks E Series Broadband Services Routers)

Figure 9: overview of Juniper Networks routers supporting wireline broadband networks

For networks that require a BSR, Juniper Networks E Series portfolio of IP edge routing platforms is a critical element in the control, delivery and accounting of services at the network edge. The E Series routers support DHCP and PPPoX operational models including PPPoX termination and DHC Proxy Relay. In addition, they shape traffic to individual subscribers, to MSANs, and to aggregation switches. Policy enforcement is provided in conjunction with the Juniper Networks SRC Series Session and Resource Control Modules, which provides the policy decision point function.

For networks using smart MSANs, the Juniper Networks M Series Multiservice Edge Routing portfolio and MX Series 3D Universal Edge Routers combine best-in-class capabilities with unmatched reliability, stability, security and service richness. These products allow providers to consolidate multiple networks into a single infrastructure while simultaneously generating new revenues with leading-edge services. M Series Multiservice Edge Routers support both Ethernet-based and ATM-based MSANs, while the MX Series 3D Universal Edge Routers establish a new industry standard for Carrier Ethernet capacity, density and performance. The Juniper Neworks MX960 Ethernet Services Router is the industry’s largest-capacity Carrier Ethernet platform, with up to 960 gigabits per second of switching and routing capacity, while the Juniper Networks MX480 and Juniper Networks MX240 Ethernet Services Routers provide smaller capacity routers for those locations and subscriber densities where fewer ports are required. In addition, the MX Series can serve as a smart Ethernet switch that aggregates MSAN traffic while supporting required broadband functions such as Internet Group Management Protocol (IGMP) snooping.

MSAN

MSAN

M Series

T Series

BSR

Head-End

MX Series

E Series

Apps

MX Series



ConclusionEach of the the functions described in this paper may be provided by MSANs that use commercially available chipsets, by MSANs that use custom ASICs or by BSRs. It’s not surprising that MSANs with custom ASICs cost more than those using commercially available chipsets but provide more functionality. Similarly, BSRs generally provide more functionality than MSANs. Table 2 summarizes which type of platform supports each function.

FEATURE DESCRIPTION COMMERCIAL MSANS

ADVANCED MSANS JUNIPER NETWORKS E SERIES BSR

Centralized Control

single point of control, access agnostic, msaN independence

3

DHCP Support

DHcP relay 3 3 3

DHcP Proxy, DHcP raDIus Proxy 3 3

DHcP Local server 3

PPPoX

PPPoX termination 3 3

QoS

Qos per service 3 3 3

Qos per subscriber, hierarchical Qos 3

Dynamic Bandwidth Management

mcac 3 3

unicast bandwidth management, policy enforcement point

3

Security

IP address tracking 3 3 3

centralized Firewall 3

BSRs have evolved from their initial role for terminating PPPoX traffic. Most importantly, they increase Average Revenue per User (ARPU) potential by controlling network access and using bandwidth more efficiently, while reducing operational costs. However, the initial cost of implementing a BSR may outweigh the benefits, notably for smaller service providers with relatively few MSANs.


Printed on recycled paper2000259-002-EN Oct 2010

Copyright 2010 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

EMEA Headquarters

Juniper Networks Ireland

Airside Business Park

Swords, County Dublin, Ireland

Phone: 35.31.8903.600

EMEA Sales: 00800.4586.4737

Fax: 35.31.8903.601

APAC Headquarters

Juniper Networks (Hong Kong)

26/F, Cityplaza One

1111 King’s Road

Taikoo Shing, Hong Kong

Phone: 852.2332.3636

Fax: 852.2574.7803

Corporate and Sales Headquarters

Juniper Networks, Inc.

1194 North Mathilda Avenue

Sunnyvale, CA 94089 USA

Phone: 888.JUNIPER (888.586.4737)

or 408.745.2000

Fax: 408.745.2100

www.juniper.net

To purchase Juniper Networks solutions, please contact your Juniper Networks representative at 1-866-298-6428 or authorized reseller.

About Juniper NetworksJuniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at www .juniper .net .

juniper - do you need a broadband remote access server

Documents