SRX Overview Branch and High End

morningbreadloafΔίκτυα και Επικοινωνίες

30 Οκτ 2013 (πριν από 4 χρόνια και 10 μέρες)

195 εμφανίσεις

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

SRX Overview

Branch and High End


Bernd Kunze/Rob Cameron


Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

SRX 5000 overview



Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Evolution of Integrated Technology


Separation of tasks


Expensive, high
-
touch


No logical integration


Complex set
-
up & ongoing
maintenance


Uncompromised performance


Complete inheritance


Best in class services

Stand
-
alone

Specialized functions


Stateful FW


IPSec VPN


IDP


Routing

Bolt
-
on

Loose functional integration &

coordination


FW “houses” add
-
on svcs


Single chassis convenience

Fully
-
integrated

HW/SW optimized for full
integration


Tight coordination
with apps & functions

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

High
-
End Security Systems Portfolio

SRX characteristics



Scalable Performance


Rich Standard Services


Firewall


IDP


Routing


QoS


IPSec (9.3)


Extensible Security Services


Integrated Networking Services

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Feature comparison SRX vs. NetScreen

Feature

JUNOS 9.2

ScreenOS (6.0, 6.1)

Layer 2

VLAN Tagging (802.1Q)

VLAN Tagging (802.1Q) ,
Switching

IPv4 Routing

RIP, BGPv4, OSPF, VRRP
(No
IS
-
IS)

RIP, BGPv4, OSPF, VRRP

Firewall

Sessions, zones, screens, Policies, Auth

Session, zones, Screens, Policies, Auth

NAT

Destination, Source, Static* (ruled based)

Destination, Source, Static (policy based)

ALGs

FTP, TFTP, MGCP

SIP,H323,SCCP,MGCP,Avaya,NEC,RTSP,D
NS, FTP,SQL,TFTP,PPTP

Content Security

IDP

IDP
(ISG platforms)

HA

Chassis Cluster (limited feature support),
Active
-
Passive

NSRP

QoS

Classification, Marking, Scheduling,
Shaping Interface based, three level
hierarchical queuing, two rate three color
marker
(No POLICING)

Interface based, classification, marking

Management

JWEB,
NSM
, logging, SNMP, JUNOScript

NSM, WebUI, SNMP (read
-
only)

Performance

Multi
-
10Gig (120Gbps on 5800)

Multi
-
Gig (30Gbps)

IPSec VPN*

Remote access, site
-
to
-
site
(No HUB/Spoke support)

Remote access, site
-
to
-
site,
AC VPN

* 9.3R1 item

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Missing features in FRS


IPv4 Multicast


Limited HA (Active/Active, software upgrades)


Virtualization (LSYS and resource control)


Tunneling (GRE, IP
-
IP)


Layer2 (Switching)


Hub and Spoke VPNs


Transparent (Layer2) Mode


IPv6


SNMP


MPLS


PCAP/port mirroring


RPM


Intrabox HA including Hardware hotswap


Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

HW Design


Central Service Plane


Built around high
-
speed
switch fabric


Dedicated, separate
control & data planes


Adaptive Platform


Buildable, processing pool


Supplies scalable increase
to performance and
capacity


Resiliency


Dual “everything”

Service
Processing
Cards

Fabric

Input/Output
Cards

MGT

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

SW Capabilities


Highly integrated services


Advanced services & features always present


Turn
-
on additional services
-

same card


High
-
density, programmable processing


Intelligent session load balancing


Pushed across compute elements


Elegant scale model for session set up,
service throughput


Extensible services


Up and down the “stack”


Rich L3 features


routing/QoS/NAT


Comprehensive L4
-
7 coverage


FW, VPN,
IDP

Service
Processing
Card

Fabric

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Packet Flow


Fully Integrated

Service
Processing
Cards

Fabric

Input/Output
Cards

MGT


Flow Lookup
Classification
DoS/DDoS
Policing


Ingress Packet


Egress Packet


Services Processing
FW/IPSec VPN/IDP/UTM

NAT/Routing

Routing/MGT/
Device MGT


QoS/Shaping

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Event Scheduler

Flow Module

Per Packet Filters

Per Packet Policers

/

Shapers

Match

Session

?

Forwarding

Lookup

Screens

Route

Services

ALG

NAT

Policy

Zones

Session

Slow Path

Fast Path

Screens

TCP

Services

ALG

NAT

Yes

No

10

Copyright © 2004 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

1) Pull Packet from queue

2) Police Packet

3) Filter Packet

4) Lookup Session:

4.a) No Match => Slow Path


a) FW Screen Check


b) Route Lookup


c) Find Destination Zone


d) Look
-
up Policy


e) Allocate NAT


f) Setup ALG vector


g) Install Session

4.b) Match => Fast Path


a) FW Screen Check


b) TCP Checks


c) NAT Translation


g) ALG Processing

5) Filter Packet

6) Shape Packet

7) Transmit Packet

Packet Flow


Inside the processor

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

SRX 5600: Product Overview


Horizontal chassis system


1 Dedicated Fabric/RE


6 interchangeable slots


MGT module


dual


Power AC/DC


2+2, hot swap


Fan tray


Interfaces


40
-
SFP


4
-
10Gig


Dimensions


8U chassis height



Performance & Capacities


FW


60 Gbps


VPN


18 Gbps


IDP


18 Gbps


Concurrent sessions


4M


New and sustained cps


300k


Concurrent VPN tunnels


100k

Note: Route Engines, Switch Control Boards, Power supplies,

and Ethernet blades are NOT interchangeable with MX series platforms

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

SRX 5800: Product Overview


Vertical slot chassis system


2 Dedicated Fabric/RE


12 interchangeable slots


MGT module


dual


Power AC/DC


Quad, hot swap


Fan tray


Interfaces


40
-
SFP


4
-
10Gig


Dimensions


16U chassis height



Performance and Capacities


FW


120 Gbps


VPN


36 Gbps


IDP


36 Gbps


Concurrent sessions


8M


New and sustained cps


300K


Concurrent VPN tunnels


100k

Note: Route Engines, Switch Control Boards, Power supplies,

and Ethernet blades are NOT interchangeable with MX series platforms

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Performance scaling

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

System configuration flexibility


Flexible configuration of DPC and SPC cards


Examples:


6 SPC, 6 DPC


1 SPC, 11 DPC


11 SPC, 1 DPC


Etc…..


This flexibility allows complete freedom of configuration
to match deployment needs


High port count, low processing


Low port count, high processing


Or anywhere in between

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›


Performance Estimate of SRX
5000 Family based on number of
Input/Output and Servicing
Processing Cards

Blue indicates performance of SRX
5600 (6 slots usable for IOC/SPC)

Blue + white indicates performance
of SRX 5800 (12 slots usable for
IOC/SPC)

Yellow indicates the supported
system configurations in HA mode

JUNOS 9.2 supports a maximum
of 5xSPCs in an HA configuration

Performance is calculated based
off of estimates but close to current
QA tested performance

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

SRX 5600/5800

Deployment Scenarios

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Deployment Scenario 1

Data Center


Service Providers


Key Customer Requirements


DC consolidation results in increasing bandwidth
requirements from fewer datacenters


Increased requirements for high connection rate


Must reduce security appliance deployment and
management complexity


Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Deployment Scenario 2

Data Center


Enterprise


Key Customer Requirements


Affordable carrier
-
grade security product


Separation of Control and Data Plane


Architecture enabling higher performance and longevity via fabric


I/O and SPC scalability and flexibility


Datacenter

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Data Center Deployments



Key benefit with SRX


Additional services expected in future


DoS protection at line card and SPC


No impact to data flow


Possible feature requirements


Multicast


Requirements in some financial and other verticals


Expected JUNOS 9.5 or later


ALGs


Dependent on specific applications traversing the datacenter


Additional ALG supported added in subsequent JUNOS
release (i.e., SIP ALG in JUNOS 9.4)

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Deployment Scenario 3

Departmental Firewall Aggregation


Key Customer Requirements


Aggregation of individual dept. internal FWs


Minimize incremental deployment cost


Minimize management overhead

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Departmental Firewall Aggregation



Key benefit with SRX


Cost
-
effective scalability


Reduced operational expense


Support high
-
bandwidth requirements of network core


Possible feature requirements


VPN


Centralized FW is often the network perimeter FW and supports
VPN


Hub
-
n
-
spoke VPN support expected in JUNOS 9.5 or later


VSYS


Management of some FW aggregations may require VSYS rather
than VLANs and zones


VSYS support expected in 2H ‘09

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

SRX 5000 Series Competitive Analysis

Preliminary

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Cisco FWSM vs. SRX 5000 series

SRX 5600

SRX 5800

Cisco FWSM

Cisco IPSec VPN SPA

Cisco IPS Module

Max FW
Throughput

60 Gbps

120 Gbps

5.5 Gbps per module
(4 blades max / chassis)

N/A

N/A

Max VPN
Throughput

18 Gbps

36 Gbps

N/A


requires VPN
Module

25 Gbps*

N/A

Max IPS
Throughput

18 Gbps

36 Gbps

N/A


requires IPS
module

N/A

4 Gbps**

Interfaces

40 x SFP
4 x 10 GigE

40 x SFP
4 x 10 GigE

Catalyst

Catalyst

Catalyst

Concurrent VPN
Tunnels

100,00

100,000

N/A

8,000 x 10 modules

N/A

Max Sessions

4 million

8 million

1 million

N/A

N/A

New & Sustained
CPS

300,000

300,000

100,000

N/A

N/A

Max PPS

10 Mpps

18 Mpps

2.8 Mpps

N/A

N/A

List Price

US$675,000

US$1,278,000

US$34,995 (blade only)

US$29,995 (blade only)

US$29,995 (blade only)

Price per FW Mbps
Throughput

~US$11.25 /
Mbps

~US$10.65 /
Mbps

~US$6.4 / Mbps

~US$12 / Mbps

~US$60 / Mbps

Price per Mbps
with Chassis
t

N/A

N/A

~US$13.64 / Mbps

~US$30 / Mbps

~US$125 / Mbps

* 2.5 Gbps per module, up to 10 modules per system. Each module is half
-
slot wide; 2 modules per slot.

** 500 Mbps inline, 600 Mbps passive, up to 8 modules per chassis to achieve 4 Gbps of inline throughput

t

Based on published list prices of chassis plus module bundle (~US$74,995)

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Cisco ASA 5580 vs. SRX 5000 series

SRX 5600

SRX 5800

ASA 5580
-
20

ASA 5580
-
40

Max FW
Throughput

60 Gbps

120 Gbps

5 Gbps
(10 Gbps Jumbo Frame)

10 Gbps
(20 Gbps Jumbo Frame)

Max VPN
Throughput

18 Gbps

36 Gbps

1 Gbps

1 Gbps

Max IPS
Throughput

18 Gbps

36 Gbps

Not Supported

Not Supported

Interfaces

40 x SFP

4 x 10 GigE

40 x SFP

4 x 10 GigE

4 10/100/1000

4 GigE

2 x 10 GigE fiber

4 10/100/1000

4 GigE

2 x 10 GigE fiber

Concurrent VPN
Tunnels

100,00

100,000

10,000

10,000

Max Sessions

4 million

8 million

1 million

2 million

New & Sustained
CPS

300,000

300,000

90,000

150,000

Max PPS

10 Mpps

18 Mpps

2.5 million

4 million

List Price (max.
config)

US$675,000

US$1,278,000

US$59,995

US$129,995

Price per firewall
Mbps Throughput

~US$11.25 /
Mbps

~US$10.65 /
Mbps

~US$12 / Mbps

~US$13 / Mbps

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Check Point vs. SRX 5000 series

SRX 5600

SRX 5800

Power
-
1 5070

Power
-
1 9070

Nokia IP2255

Nokia IP2450

Max FW
Throughput

60 Gbps

120 Gbps

9 Gbps

14 Gbps

8.9 Gbps

20 Gbps*

Max VPN
Throughput

18 Gbps

36 Gbps

2.4 Gbps

3.7 Gbps

2.3 Gbps

2.5 Gbps*

Max IPS
Throughput

18 Gbps

36 Gbps

4.5 Gbps

6.1 Gbps

N/A

N/A

Interfaces

40 x SFP

4 x 10 GigE

40 x SFP

4 x 10 GigE

8 on
-
board
10/100/1000

4 x GE

2 x 10 GigE

8 on
-
board
10/100/1000

4 x GE

2 x 10 GigE

4 on
-
board
10/100/1000

8 x 10/100

4 x GE

1 x 10GigE

4 on
-
board
10/100/1000

4 x GE

2 x 10 GigE

Concurrent VPN
Tunnels

100,00

100,000

Not Published

Not Published

Not Published

Not Published

Max Sessions

4 million

8 million

1.1 million

1.1 million

Not Published

Not Published

New & Sustained
CPS

300,000

300,000

Not Published

Not Published

87,000

Not Published

Max PPS

10 Mpps

18 Mpps

Not Published

Not Published

Not Published

Not Published

List Price (max.
config)

US$675,000

US$1,278,000

US$36,500

US$49,500

US$79,995

US$129,985

Price per firewall
Mbps Throughput

~US$11.25 /
Mbps

~US$10.65 /
Mbps

~US$4.1 / Mbps

~US$3.5 / Mbps

~US$8.9 / Mbps

~US$6.5 / Mbps

* Requires Nokia IPSO 6.0 plus 2 (two) Nokia Accelerated Data Path (ADP) cards, otherwise max FWTP is 9.0 Gbps, max. VPN TP i
s 2
.0 Gbps.

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Fortinet FortiGate vs. SRX 5000 series

SRX 5600

SRX 5800

FortiGate 5140

FortiGate 5050

FortiGate 5020

Max FW
Throughput

60 Gbps

120 Gbps

70 Gbps*

25 Gbps*

10 Gbps*

Max VPN
Throughput

18 Gbps

36 Gbps

8.4 Gbps*

3 Gbps*

1.2 Gbps*

Max IPS
Throughput

18 Gbps

36 Gbps

Not Published

Not Published

Not Published

Interfaces

40 x SFP

4 x 10 GigE

40 x SFP

4 x 10 GigE

6 x GigE

2 x FortiAccel
SFP

6 x GigE

2 x FortiAccel
SFP

6 x GigE

2 x FortiAccel
SFP

Concurrent VPN
Tunnels

100,00

100,000

Not Published

Not Published

Not Published

Max Sessions

4 million

8 million

14 million*

5 million*

2 million*

New & Sustained
CPS

300,000

300,000

420,000

150,000

60,000

Max PPS

10 Mpps

18 Mpps

Not Published

Not Published

Not Published

List Price (max.
config)

US$675,000

US$1,278,000

US$1,009,925

US$369,970

US$149,985

Price per firewall
Mbps Throughput

~US$11.25 /
Mbps

~US$10.65 /
Mbps

~US$14.3 / Mbps

~US$14.8 / Mbps

~US$15 / Mbps

* Performance based on FG
-
5005FA2 module which delivers: 5 Gbps FWTP, 600 Mbps IPSec VPN TP, 1 million sessions, and 30k cps. F
ortiGate 5140
has 14 available slots, FortiGate 5050 has 5 available slots, and FortiGate 5020 has 2 available slots for FG
-
5005FA2 modules.

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

SRX 3000 sneak preview

(more in the hardware session)

Ships w/ 9.4R1 tentativly



Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

SRX 3400: Product Overview


Performance & Capacities


FW


10 Gbps


VPN


8 Gbps


IDP


8 Gbps


Concurrent sessions


1M


New and sustained cps


60k


Concurrent VPN tunnels


10k


Modular Interfaces


16
-
10/100/1000


16
-
SFP


2
-
XFP


Modular chassis


7
-

slots: 4 front, 3 rear


Common form factor modules


MGT module


dual


Power AC/DC


dual, hot swap


Fan tray


Fixed Interfaces


12 built
-
in (8
-
10/100/1000 + 4
-
SFP)


1 AUX/Console Port (RJ45)


2 Ethernet Management Port


2 USB Ports


Dimensions


3U height x 24” depth

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

SRX 3600: Product Overview


Performance & Capacities


FW


20 Gbps


VPN


12 Gbps


IDP


12 Gbps


Concurrent sessions


2M


New and sustained cps


120k


Concurrent VPN tunnels


30k



Modular chassis


12 high slots: 6 front, 6 rear


Common form factor modules


MGT module


dual


Power AC/DC


2+2, hot swap


Fan tray


Fixed Interfaces


12 built
-
in (8
-
10/100/1000 + 4
-
SFP)


1 AUX/Console Port (RJ45)


2 Ethernet Management Port


2 USB Ports


Modular Interfaces


16
-
10/100/1000


16
-
SFP


2
-
XFP


Dimensions


5U height x 24” depth

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Product Comparison


ISG vs. SRX 3k

ISG 1000

SRX 3400

ISG 2000

SRX 3600

FW

1 Gbps

5
-

10 Gbps

4 Gbps

10
-

20 Gbps

VPN (IPSec)

1 Gbps

2.5
-

5 Gbps

2 Gbps

5
-
10 Gbps

IDP

Up to 1 Gbps

2.5
-

5 Gbps

Up to 2 Gbps

5
-
10 Gbps

AV (HTTP)

N/A

Up to 500 Mbps

N/A

Up to 1 Gbps

VPN (SSL)

N/A

Up to 5Gbps

N/A

Up to 10Gbps

Interfaces

4CG +

Up to
4GE/16FE

8
-
12CG +

Up to
8XG/64GE/64CG

Up to 8GE or
28FE

8
-
12CG +

Up to 16XG/128GE/128CG

Slots (IOC,APC)

2+2

Up to 7 CFM slots

4+3

Up to 12 CFM sl ots

Power supply

Single modular

Single (Dual option)

Dual

Quad

Session/secon
d

20K

60K

25K

100K

Total sessions

500K

2M

1M

4M

VPN tunnels

2,000

10,000

10,000

30,000

VSYS

Up to 10

Up to 250

Up to 50

Up to 500

List Price

$25k

~$25
-
45k

$42k

~$40
-
60k


The slides on this page and next page are adapted from Glen’s slides deck.


10
-
20 Gbps capable for enterprise


Major resolution to CPS, sessions, service flexibility and scale


Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

SRX next
-
gen branch platforms

(Loki)

Copyright © 2008 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

31

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Security and Routing Portfolio

Medium Enterprise

to

Large HQ

Micro Branch

Small Office

Managed Service

Branch/Regional

Medium Enterprise

Small Branch

SME

ScreenOS

JUNOS

Additional M
-
series and T
-
series are not shown

JUNOS ES Products

Common Hardware

JUNOS

Gap

Asgard


4 Platforms


4 Performance Levels


JUNOS

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

What’s different with Next Gen Branch?


Performance


Multi
-
Core CPU Architecture


Hardware Acceleration for UTM for IDP & AV



Reliability


JUNOS High
-
Performance Resiliency and Reliability


Separation of Control Plane & Forwarding with dedicated cores


Integrated Branch
-
in
-
a
-
Box Solution


Service integration with best
-
in
-
class Routing, FW/VPN, UTM, and
Switching (Voice and Wireless future release)


Services for Mass Deployment


Zero touch


bootstrap mode


Low touch


rapid deployment with USB (future)


New License Server architecture (future)

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›


Four CPE Platforms


Entry level platforms for the small
branch


High performance


Services integration


Routing


Firewall/ PSEC


UTM (AV, Web Filtering, Anti
-
Spam, IDP)


Switching


VoIP FXS/FXO (future)


8 to16 Ethernet ports


Modular architecture with mini
-
PIM
slots

Asgard Product Portfolio

New in 9.4

Vali

Vidar

Narfi

Loki

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›



Fixed Memory


Low Memory
-

512MB RAM/1GB flash


High Memory
-

1GB RAM/1GB flash


4 x POE Option (802.3af)


External PC Card Slot for 3G Wireless EVDO/HSDPA


External Power Supply


Hardware RegEx Acceleration for AV & IDP


1RU High


2xGE + 6xFE Ports


1xMini
-
PIM Slot


1xConsole port


2xUSB (2.0)


Mini
-
PIM Options


1xT1/E1


1xSFP


1xSync Serial (Future)


1xVDSL2 (Future)


Target Performance


200Mbps+ FW,
100Kpps


100Mbps IDP


50Mbps Quick AV


Optional Accessories:


Desktop Stand


Rack Mount


Wall Mount

Loki Overview

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Loki Hardware


Front View

Console

Port

2xUSB

Power

Button

1 x mPIM Slot

2 x GE

6 x GE

POE (Port 0/0
-
0/3)
(Factory Option)

Voice Ports

(Future)

Reset Pinhole

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Loki Hardware


Rear View

External Power
Connector

Power Cord
Lock

Chassis Cable
Lock

ExpressCard
Slot (3G)

Ground Lug

Slot Cover

Fan

Vent

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

3G ExpressCard
-

Wireless Backup


Applications


High speed wireless backup for remote
branch offices, retail stores, kiosks,
ATMs…


Replacement for v.92 and ISDN backup



ExpressCard for Loki


Sierra EVDO/HSDPA in first phase


Leverage contract deals with providers


Other vendors and technologies later


Carrier card is Juniper product


Modem must be ordered separately (not
on the Juniper price list)


Certifications


Generic GSM certification


Specific certifications per carrier as
necessary


Carrier card design makes certifications
easier

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

External Wireless AP Solution (2H09)


Juniper 802.11n Solution


Backwards compatible to 802.11a/b/g


2x3 MIMO w/ ~300Mbps performance


50 Meter range (indoor)


Unit can be mounted on ceiling or wall


Seamless management as single device


Single port 10/100/1000Mbps


POE Support


802.3af or 802.3at


External DC power supply option


Plenum rating support


Basic Access Controller support


L2 Clustering support


up to 16 APs per device


Richer Access Controller rollout in 2H09
-
1H10 time
-
frame

Diagrams illustrative only


Not to scale

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Competitive Performance

Summary
-

Loki

Copyright © 2008 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

40

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Loki vs Cisco (Today)


to be updated

Cisco 871

Narfi

Loki

Vali

Cisco ISR1811

Cisco ISR1841

Fixed I/O

4 10/100

8xFE

2xGE + 6xFE

8xGE

2WAN+8LAN
10/100

2 10/100

I/O expansion slots

None

None

1xMini
-
PIM

2xMini
-
PIMs

None

2 WICs

Backup Options

AUX

3G, USB

3G, USB or
mPIM

3G, USB, or
mPIM

v.92 (1812 w/
ISDN)

AUX

Routing PPS

30Kpps

80Kpps

100Kpps

150Kpps

50
-
60Kpps
(est)

50
-
60Kpps
(est)

FW performance

65Mbps

150Mbps
IMIX

200Mbps IMIX

300Mbps
IMIX

100Mbps

100Mbps

UTM performance (AV,
IDP)

N/A

75Mbps

100Mbps

150Mbps

N/A

N/A

POE Integration

No

No

4xPoE
(Factory
Option)

8xPOE
(Factory
option)

w/ Injector

w/ Injector

Voice

No

No

Yes


2FXS/1FXO
and mini
-
PIM

Yes


2FXS/1FXO
and mini
-
PIM

No

No

Integrated xDSL?

ADSL2

VDSL2

VDSL2 (via
mini
-
PIM)

VDSL2 (via
mini
-
PIM)

No

No

List Price (Base Unit)

$649 to $799

$799

$1,295

$1,395

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Loki vs Cisco Next Gen


to be updated

Cisco 881

Narfi

Loki

Vali

Cisco ISR19xx

Fixed I/O

4xFE

8xFE

2xGE + 6FE

8xGbE

GE

I/O expansion slots

None

None

1 Mini
-
PIM

2 Mini
-
PIMs

Yes

RAM / FLASH

256MB /
128MB

512MB / 1GB

512MB / 1GB

512MB / 1GB

tbd

Backup Options

3G

3G, USB

3G, USB or
mPIM

3G, USB, or
mPIM

tbd

FW performance

tbd

150Mbps IMIX

200Mbps IMIX

300Mbps IMIX

tbd

SSL VPN

Yes

Yes (Dynamic
VPN Client)

Yes (Dynamic
VPN Client)

Yes (Dynamic
VPN Client)

Yes

Wireless
802.11a/b/g/n Option

a/b/g/n option

a/b/g/n option

a/b/g/n
(external)

a/b/g/n
(external)

tbd


POE Integration

Yes (2 ports
only)

No

4xPoE (50W)
Optional

8xPOE (75W)
Optional

Yes

Integrated Voice

No

No

Yes


2FXS/1FXO
and mini
-
PIM

Yes


2FXS/1FXO
and mini
-
PIM

Yes

Integrated xDSL?

G.SHDSL or

VDSL

VDSL

Via Mini
-
PIM

Via Mini
-
PIM

TBD

List Price (Base Unit)

$649

$799

tbd

Copyright © 2007 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

‹#›

Q&A