06_1

| Copyright 2009 Juniper Networks, Inc. | www.juniper.net1

25 2009


()()

/


?


:

34% , 89%

91%

WX/WXCSecurity

SwitchRouter

: Nemertes 8/08


-

, , ...

Corporate Office

Branch Office

Remote Office

Data Center

Retail

Manufacturer

Government

BankKiosk

ATM

Home Office

SOA SAAS

Web 2.0

IT


EX8208

EX8216

M Series

MX Series

SRX650

SRX3000 Series

SRX240

SRX210

J SeriesEX2200

EX4200

EX3200

SRX100

SER

VIC

ES G

ATE

WA

YS

RO

UTE

RS

SRX5000 Series

Unified Management (NSM)

SWIT

CH

ES


VoIP

WLAN AP

Ethernet

IPS Web

UTM

= + Firewall + VPN +

UAC

Ethernet

FirewallIPSec VPN

3G MPLS

Metro Ethernet MPLS

WAN 3G

VoIP VoIP

Ethernet


SRX 2009 .

/

/

SRX 100

SRX 210

SRX 240

SRX 650

NSM

NSM+ WAN , 2 GigE, 6 FE,

PoE

+ 4 WAN , 16 Gig E

+ LAN ,


SRX

35K9K2K2K (CPS)

A/A A/

TBD

16 K / 32K

50 Mbps

65 Mbps

65 Kpps

175 Mbps

600 Mbps

60 Kpps

JUNOS 9.6

1

/

/

8 x FE

SRX100

48 GE, 250 W 500 W

16 GE, 150 W

4 50 W

Ethernet (802.3af, 802.3at)

JUNOS 9.5JUNOS 9.5JUNOS 9.5 JUNOS

900 Mbps250 Mbps80 Mbps

1.5 Gbps250 Mbps75 MbpsVPN AES256+SHA-1 3DES+SHA 1

512 K64K / 128K32K / 64K . (512MB/1GB RAM)

2.5 Gbps500 Mbps250 MbpsFirewall p (IMIX)

900Kpps150 Kpps75 KppsFirewall (Firewall + PPS 64)

A/A A/,GPIM hot swap,

CPU, PS

A/A A/A/A A/

SRX650SRX240SRX210

30 Mbps

750 Mbps

80Kpps

2

1 x mini PIM

2 x GE + 6 x FE

85 Mbps

1.5 Gbps

200Kpps

2

4 x SRX mini PIM

16 x GE

AV

900Kpps

Ethernet 4 x GE

WAN 8 x GPIM

USB (flash) 2

Firewall ( ) 7.0 Gbps

350 Mbps


, -

,

WAN, , LAN

JUNOS

, FW, VPN, UTM, UAC, IPS

AV IPS

,

$699, $1099, $2999, $16000 (.)

SRX Juniper

750/80 Mbps1 mini PIM SRX210

1500/250 Mbps4 mini PIM SRX240

SIP

FW/IPS-

SRX100 600/50 Mbps

SRX650 8 GPIM 7000/900 Mbps

FW / VPN /ROUTING

16 X Gigabit Ethernet

UTM

20X IPS

80%


SRX210

50200

1050

225

-

8 gPIMs

4 mPIMs

1 mPIM

#

2 FXO, 2 FXS3048SRX240

-

DSP

gPIM

816 (

)

0

2 FXO, 2FXSSRX210

T1/E14 FXO

2 FXS + 2 FXO

SRX650

T1/E1Dual T1/E16 FXO + 2

FXS2 FXO + 6

FXS

SRX SIP

SIP

SIP

FXS

FXO

1/1 FXO FXS

/


SIP

SIP

VOIP

PBX, Key System

Channelized T-1 / E1/ FXO

SIP VoIP

Juniper Open Communications 1:

WANMPLS

SIP VoIP

1

1

SIP sip ,

SIP SIP

22 23

3

3

SIP ()

34

4

4

5

5

X

X

SRX210 / SRX240

SIP VoIP ./

SIP Toll bypass,

SIP VoIP VoIP


SRX210

3G WAN

-

,

.

/ .

SRX210

3G Wireless

VPN


SRX Firewall, ,

UNTRUST

SRX

TRUST TRUST


Enterprise own Core

Private WAN (Managed Service)

Public WAN(Internet)

SOACollaboration Server Virtualization

Virtual Desktops

Unified Comms

LAN Access Control

Network Administration Interface

Employee

Guest

Customer

Partner

Managed/Hosted Datacenter

Datacenter

HQ/CampusHQ/Campus

RemoteRemote

SaaS

WANBranchBranch

Enterprise Loc. Hosted / Mgd Svc WAN AccessColor Code Legend:

SRX 3000 Line

SRX Series

M Series

MX Series

M Series SRX 5000

EX4200

EX8200

EX8200

EX Series

Video Server

Access Server

Intranet Server

Finance Server

Web Server

Video Server

EX4200

IC Series

M Series

EX4200

SRX Series

SRX 5000 Line

IDP Series

SA Series

WX Series / WXC Series


WX/WXC


MX Series

MX Series


MANAGED/HOSTED DATACENTER

HEADQUARTER / CAMPUS

DATACENTER

NOC

DATACENTERS

Enterprise own Core

DATACENTERS

SOHO OFFICE

3G wireless

REMOTE OFFICE

BRANCH OFFICE

Private WAN(Managed Services)





HQ/CAMPUS

DATACENTER

DATACENTERS

Enterprise own CoreDATACENTERS

SOHO OFFICESRX Series

3G wireless

REMOTE OFFICE

SRX Series

EX2200/3200

BRANCH OFFICE

SRX Series

EX4200 VC

EX8200SRX 3000

Line

EX4200

IC SeriesWX Series / WXC SeriesSA Series

M SeriesEX Series

SRX 5000 Line

STRM Series

NOCNSM Express

EX Series


MX Series

SA Series

IC Series

SRX 5000 Line

M Series



MX Series

MX Series


Scaling based on User Size and Survivability

Integrated and scalable connectivity, Security, and Management

SOHO

-

1 5 50 500 >1000

HQ/Campus

BranchOffice

Remote Office

MobileWorker




DATACENTER

NOC

DATACENTERS

Enterprise own Core

DATACENTERS

SOHO OFFICE

3G wireless

REMOTE OFFICE

BRANCH OFFICE



CONNECTIVITY MANAGEMENTSECURITY

(SOHO)


3G wireless

STRM

NOCNSM Express

PoE 3G WAN

QoS IPSec HA OSPF, BGP RIP

v1/v2

UAC VoIP

IPSec VPN UTM (Anti-

Virus, IDP) Firewall

Odyssey Access Client (OAC)

NSM, STRM, J-Web CLI

JUNOS

SRX Series

WX Series Client

PSTN




DATACENTER

NOC

DATACENTERS

Enterprise own Core

DATACENTERS

SOHO OFFICE

3G wireless

REMOTE OFFICE

BRANCH OFFICE




DC

Private WAN(Managed Services

POELocal

Printer

EX2200/EX3200

Access Point

POE

3G wireless

WX Client

SRX

STRM

NOCNSM Express

PoE QoS,

802.1p/DSCP/Phone Vlan - VoIP PC 3G IPSec HA

UAC UAC Agent 802.1X UTM (Anti-

Virus, IDP) Firewall


NSM, STRM, J-Web CLI JUNOS

PSTN




DATACENTER

NOC

DATACENTERS

Enterprise own Core

DATACENTERS

SOHO OFFICE

3G wireless

REMOTE OFFICE

BRANCH OFFICE



Private WAN

InternetDC


POE

LocalPrinter

WX Client

VirtualChassis

SRX

SRX

AccessPoint

POE

10x48 PoE

UTM (Anti-

Virus, IDP) UAC UAC Agent 802.1X Firewall



JUNOS

STRM

NOCNSM Express

PSTN

EX4200




DATACENTER

NOC

DATACENTERS

Enterprise own Core

DATACENTERS

SOHO OFFICE

3G wireless

REMOTE OFFICE

BRANCH OFFICE



WXC Series

MPLS L2/L3 Tunnels to DC Integrated WX Module Card in J Series Integrated 3g wireless End-to-end QoS including CoS, cRTP,

LFI for xDSL Integrated Avaya VoIP GW with PSTN

interfaces VoIP phone and terminal auto-sense


Adaptive Threat Management for malicious web-conferencing, file-sharing between OCS clients

Integrated Security/VPN/WX & VoIP services

IPS, UAC & UTM Full UAC IE Support as 802.1X

Enforcer Personal Firewall

NSM, STRM, J-Web & CLI Mgmt JUNOS Software

Private WAN

InternetDC

LocalPrinter

AccessPoint

POE

WX Client

VirtualChassis

POEAvaya

J SeriesWXC

J Series

SRX

SRX

STRM

NOCNSM Express

DATA CENTER

PSTN




DATACENTER

NOC

DATACENTERS

Enterprise own Core

DATACENTERS

SOHO OFFICE

3G wireless

REMOTE OFFICE

BRANCH OFFICE



2


Private WAN

Internet

LocalPrinter

AccessPoint

Virtual Chassis

M Series

M Series

SA Series

WX

SRX

SRX

Local Servers

SRX3000

Intranet Controller

POEPOE

IDP

POEPOE

LocalPrinter

EX8200 orMX Series

CORE TIER ACCESS TIER

BUILDING 2

BUILDING 1

Core

POE STRM

NOCNSM Express

Virtual Chassis


JUNOS

LLDP-Med L3 L2 STP/RTP GbE 10 GbE

UAC IDPWeb-Filtering, Anti-Virus,

Anti-SpamALG VoIP

EX4200

EX4200

EX8200 orMX Series


SOHO

LocalPrinter

AccessPoint

POE

Virtual Chassis

Local Servers

ISG/IDP

SRX3000

EX4200-24F

EX4200-24F

Security Camera

POE

POE

POE

POE

LocalPrinter

EX8200 or MX Series

CORE/AGGREGATION TIER

ACCESS TIER

BUILDING N

BUILDING 1

POE

POE

REMOTE OFFICE

POE

LocalPrinter

Access Point

EX2200/3200

SRX

Media

CAMPUS

BRANCH OFFICE

POE Local Printer

Access Point

Virtual Chassis

SRX

LocalServer

Internet EnterpriseOwn Core

Private WAN

(MPLS, ATM)

ACCESS TIER

EX4200 Series

NSM STRMOCS and ServersCommunications Mgr

WX Series /WXC Series

M Series

EX8200 or MX Series

ISG/IDP

SA Series

SRX5800

IC Series

EX8200 or MX Series

M Series

CORE/AGGREGATION TIER

DATA CENTER

DC

SRXSRX

PSTNPSTN

PSTN

EX4200-24F

EX4200

Virtual Chassis

CONNECTIVITY

MANAGEMENT

SECURITY

PSTN


WAN

Distributed switch architecturefor multi-building campus

GbE/10GbE VC ring deployed in a campus or within a building

Deployment example Utilize the same MM fiber

One-switch LAN 1 to manage

1 to upgrade

1 software version

No L2 Loop/No STP required

High Availability Redundant Pwr/Cooling

Redundant Switch Fabric

Sub-second Convergence in case of device/link failure

Integrated Access Security

Integrated QoS for Voice/Video/Data

One Virtual Chassis to Manage for the

entire campus

1GbE uplink

GbE/10GbE VCP

1GbE uplink

GbE/10GbE VCP GbE/10GbE VCP

GbE/10GbE VCP

EX4200 Virtual Chassis

EX4200 Virtual Chassis

EX4200Virtual Chassis


Classroom Bldg 4

Recreation Bldg 5

Admin Bldg 1

Lab Bldg 2


Classroom Bldg 3

MX Series

MX Series


STRM500

NSM Xpress

IC Series

SBR

Oversubscription common

PoE Layer 2/3 NAC/UAC Access Security Auto detect/config QoS boundary

No Oversubscription Redundant power/cooling Redundant Control Plane

& fabric Layer 3 QoS enforcement Collapsed or 2-tier MX* - for Advanced routing

features such as MPLS/VPLS, low latency multicast, etc.

10/100/1000BASE-T

LAN Access

Typical campus 3 tier LAN connectivity

Remote DC(s)

GbE GbE 10 GbEGbE LAG

LAN Aggregation/Core

ISG/IDP

STRM500

NSM Xpress

IC Series

SBR

VoIP

EX4200 Virtual

Chassis

EX4200Virtual

Chassis

VoIP

EX4200Virtual

Chassis

VoIP

EX4200Virtual

Chassis

EX8200

MX Series

EX4200

EX4200

EX8200

MX Series

HQ DCWAN

M SeriesISG/IDP


(500 )

IOS MIOS

DCOS

Linux

Cat

OS

Linux

ION

Cat

OS

IOS

12.3NX

OS

IPS

IOS

12.4 BIN

OS

IOS

12.2

IOS

T

IOS

12.2

12.2IOS

12.3

PIX

OS


!

EX

- SRX

JUNOS

WX

IOS MIOS

Cat

OS

Linux

ION

Cat

OS

IOS

12.3NX

OS

IOS

12.4 BIN

OS

IOS

T

IOS

12.2

IOS

12.3

DCOS

Linux

IPS

IOS

12.2

12.2

PIX

OS

SRX

SRX

SRX

EX

Virtual Chassis

EX

Virtual Chassis

EX

DistSwitch

WX

WX

(500 )

| Copyright 2009 Juniper Networks, Inc. | www.juniper.net34 | Copyright 2009 Juniper Networks, Inc. | www.juniper.net34

?

CNA

vFrame

DCNM

ASDM

SDM

CSM

PIXDM

LMS

LMS

Ciscoview

!!!

Firewall

Switch

Router

Antivirus

Spyware

Antispam

(500 )

| Copyright 2009 Juniper Networks, Inc. | www.juniper.net35 | Copyright 2009 Juniper Networks, Inc. | www.juniper.net35

!

NSM

- STRM

- AIS

CNA

vFrame

DCNM

ASDM

SDM

CSM

PIXDM

LMS

LMS

Ciscoview

!!!

Switch

Router

Antivirus

Spyware

Firewall

AntispamIDP

Gateway

NSM

STRM

JUNIPER

AIS

(500 )


TCO

% $2.59M $7.97M 62.9% CAPEX

( )

JUNOS IOS 25% OPEX( )

Total CAPEX (with no price discount)

Operating Systems (time to manage)

Ongoing Maintenance/ Support Costs $0.69M $1.80M 61.4%

Catalyst ISR routers

NAC

5 next day access PoE

EX SRX

Unified Access Control

5 next day

access PoE

Juniper Solution

: , -,

2500 3 * 500 400 * 8

Cisco

= 7200


Branch Financial Analysis Tool (B-FAT) v.15


SRX


SRX100

, , SOHO

8 x 10/100 Ethernet

UTM IDP - Web UAC UTM

(UTM, )

A/A A/

TBD

16 K / 32K. (512MB/1GB RAM)

2K (CPS)

50 Mbps

65 MbpsVPN AES256+SHA-1 3DES+SHA 1

65 KppsFirewall (Firewall + PPS 64)

175 MbpsFirewall p (IMIX)

600 MbpsFirewall ()

60 Kpps

JUNOS 9.6 JUNOS

AV

1USB ()

/WAN

/ Ethernet (802.3af, 802.3at)

8 x FE Ethernet

SRX100 (2009Q3)


SRX210

UTM

IDP, Antivirus, -, Web ,

UAC UTM

mini-PIM Q3 2009

(Q3 2009)

2K (CPS)

4 50 W


JUNOS 9.5 JUNOS

80 Mbps


32K / 64K . (512MB/1GB RAM)



A/A A/

SRX210

30 Mbps

750 Mbps

80Kpps

2

1 x mini PIM

2 x GE + 6 x FE

AV

Ethernet

WAN

USB ()

Firewall ( )


-

UTM IDP, Antivirus, -, Web

,

UAC UTM

mini-PIM Q4 2009

(Q4 2009)

SRX240

* JUNOS 9.6

9K (CPS)

16 GE, 150 W


JUNOS 9.5 JUNOS

250 Mbps


64K / 128K. (512MB/1GB RAM)



A/A* A/

SRX240

85 Mbps

1.5 Gbps

200Kpps

2

4 x SRX mini PIM

16 x GE

AV

Ethernet

WAN

USB ()

Firewall ( )


SRX650

,

- LAN

()

(

PIM 2010)

UTM IDP, Antivirus, -, Web

, UAC

Max Gig E 52 (2 x 24 GE PIM + 4 )

* JUNOS 9.6

35K (CPS)

48 GE, 250 W 500 W


JUNOS 9.5 JUNOS

900 Mbps

1.5 GbpsVPN AES256+SHA-1 3DES+SHA 1

512 K. (512MB/1GB RAM)

2.5 GbpsFirewall p (IMIX)

900KppsFirewall (Firewall + PPS 64)

A/A* A/,GPIM

, *,

SRX650

AV

900Kpps

Ethernet 4 x GE

WAN 8 x GPIM

USB () 2

Firewall ( ) 7.0 Gbps

350 Mbps

* JUNOS 9.6


802.1Q VLAN

4,096 VLAN ( )

Routed VLAN Interface (RVI)

GARP VLAN Registration Protocol (GVRP)

QOS VLAN

L3 Strict priority queuing (LLQ)

L3 Smoothed Deficit Weighted Round Robin (SDWRR)

L3 Weighted Random Early Discard (WRED)

L3 (shaping)

802.1x Port based Authentication

802.3ad (AX) link aggregation*

STP, Spanning Tree Protocol

802.1D Spanning Tree Protocol

802.1S Multiple STP

802.1w Rapid STP

Jumbo Frame (9,216 Byte)*

Ethernet

SRX210 SRX240 SRX650

( Ethernet) SRX100

8 10/100 ( )

SRX210 2 10/100/1000 + 6 10/100 (

) 802.3af POE (2FE + 2GE)

SRX240 16 10/100/1000 (

) Ethernet ( ) 802.3af, 802.3at

SRX650 4 10/100/1000 ()

Ethernet PIMs SRX Mini-PIM (SRX210/SRX240)

1 SFP

16 GigE XPIM SRX650

20 Gbps 16 GE PoE

24 GigE 4 SFP XPIM SRX650 POE - 24 GE PoE 4 SFP

20 Gbps

SRX GE SFP LH | SRX GE SFP LX | SRX GE SFP SX |

SRX GE SFP 1000 Base-T | SRX FE FX SFP

SRX100

* SRX100


Unified Threat Management (UTM)

Symantec /

IPS

-

Web

Juniper IDP

/ , , DOS (L4/L7),

Juniper IDP

/ , , DOS (L4/L7),

WebSense, SurfControl

, , Spyware, Adware, Key loggers

, , Spyware, Adware, Key

loggers

SRX

Firewall, VPN, Firewall, VPN,


Access Point

Juniper 802.11n

.11a/b/g

300Mbps ()

200Mbps (160Mbps )

: 2x2:2, 2x3:2, 3x3:2

UL2043 .

50 ( )

AP 16 SSID

802.11e WMM ready

1 Gigabit Ethernet POE

PS

L2 SRX

SRX AP 4,8,16 .


Juniper Networks Unified Access Control (UAC)

EX L2

802.1X &

IC

1

NSSSG

ISG

22

3

,

,

, ,

1

SRX

Juniper Firewall

UAC

UAC


Juniper

Juniper

, ,

NBI NMS 3-

EMS NMS Visibility Diagnostics

SNMP, Syslog, XMLSNMP, Syslog

NetConf, DMI, Syslog, Sflow

Security Threat Response Manager

Network & Security Manager (NSM)

JUNOScope Advanced Insight Manager

JUNOS

CLI, JUNOScript

J-Web

Web UI

HTTP / HTTPS XML

Telnet, SSH, XML

ISG/IDP

SSL VPN

Infranet Controller SRX5600


Network Security Manager

SRX, NSM Juniper *

NSM ScreenOS JUNOS

Juniper


Security Threat Response Manager

STRM SRX (IPS)

220+

: ,

PCI, SOX, FISMA, GLBA, HIPAA

: NIST, ISO CoBIT


-

-

-

Network Security Manager

10.0

SRX 210

ID

/

IP /

6. SRX

2. USB

3.

4. NSM

5.

1.


Juniper SSG, SRX, J

SSG FW, VPN, NAT, UAC

IPv6

(WLAN)

Unified Threat Management

: DI

Web -Websense

- -Symantec

J FW, VPN, NAT, UAC

, , QOS, MPLS

WXISM 200

VoIPAvaya Integ. Gway

Unified Threat Management IDPJuniper

Web - Websense

-- Symantec

SRX

Unified Threat Management

IDPJuniper

Web Websense

-Symantec

VoIP Juniper Ethernet

FW, VPN, NAT, UAC

SSG320M

SSG5 Wireless

SSG20 Wireless J2320

J2350SSG140

SSG350M

SSG520SSG520M

J6350SSG550SSG550M

J4350

SRX 100

SRX 210

SRX 240

SRX 650

06_1

Documents

Transcript of 06_1