Customer Nda M7im10i v9

Extending the Service-Built Edge
M7i & M10i Overview

Mike Capuano
October 2003
nfidential Information of Juniper Networks, Inc.
Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1

Agenda
 The Service-Built Edge

 M7i & M10i Overview
 Identifying Selling Opportunities
 Competitive Positioning
 Summary
Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

The Service-Built Edge Delivers
 New Service Models = More top line revenue; replace voice revenue
 Services Everywhere = Maximize addressable market
 More From Less = Consolidate platforms/networks; reduce opex
E-series M-series
BRAS (DSL, Cable, FTTx, 802.11) High Speed DA & Business Ethernet
Low Speed Dedicated Access

Extending Service-Built Edge
M7i:
 Enhanced provider edge services
 Integrated IP security: NAT, stateful firewall, J-Flow, IPSec
 Carrier class to customer premise for managed services
M10i
 Enhanced provider edge services
 Juniper’s most compact fully redundant platform

Service Built Architecture
Forwarding Control
Plane Plane
Programmable ASICs Scalable, Modular OS
Services
Plane
Hardware accelerated

Service-built M-series Edge Portfolio
Gbps
Redundant Fully Redundant
320 Power & Cooling
160
NOS
40 JU M160
20 M40e
New M20
10
New M10 M10i Single JUNOS image

- All features on all platforms
5 - Consistent services to all users
M7i
- Lowest operational cost
M5
Sm PoP / Campus Sm / Med PoP Med / Lg PoP Lg/Super PoP

Managed
CPE

Agenda

 Summary

Service-Built M7i router
 Leverages production proven technology
• Internet Processor II technology
• Feature rich JUNOS 6.0 software
 Uses existing M5/M10 PIC’s

• Broad set of interfaces available (45)
• Provides investment protection
 2 Rack Units high Ideal for:

 PE services, low density PoPs
 Carrier class head office CPE
 Four configurations:
• 4 open slots, 2 x FE fixed
• 4 open slots, 2 x FE fixed, adaptive services module
• 4 open slots, 1 x GE fixed (SFP)
• 4 open slots, 1 x GE fixed (SFP), adaptive services module

M7i with Adaptive Services Module
 Hardware-accelerated packet processing

with programmable ASICs
• Based on Adaptive Services PIC technology ASM
• High performance services

NAT IPsec
 J-Protect security toolkit Firewall Accounting
• High speed NAT

• High speed Stateful Firewall
• High speed IPSec (JUNOS 6.1)
 J-Flow accounting
• High speed accounting

M7i Components
Compact Forwarding Engine Built-in

4 slots for hot- swappable
Board (CFEB), w/optional tunnel services
M5/M10 PICs
Adaptive Services Module (850 Mbps)
Ultra-compact
3.5” high (2U) Side-to-side
18” deep cooling
Fixed Interface Card (FIC) Routing Engine Board (REB)

• 2 fixed FE port or • PCMCIA expandable memory Redundant AC or DC
•1 fixed GE port (SFP) • 2 serial aux ports Power Supplies
• Ethernet craft interface

ASM vs. ASP Performance
 ASP – Adaptive Services PIC
• Type 1 PIC that plugs into any M-series platform, uses one PIC slot
 ASM – Adaptive Services Module
• Integrated into the M7i CFEB, does not use a PIC slot
 Add additional ASPs to scale performance
Attribute Definition ASP ASM

Active Individual customer service 400K flows 100K
Sessions flows
Service Library of distinct service 100/ASP 100/ASM
Templates templates which can be
applied to logical interfaces
Session New sessions 12K/sec/ASP 12K/sec/ASM
Establishment
Throughput Standard performance 600 Mbps 155 Mbps
250 Kpps 100 Kpps

Service-Built M10i router
 Available with JUNOS 6.1, Nov 2003
 Leverages production proven technology
• Internet Processor II
• Feature rich JUNOS software
 Uses existing M5/M10 PIC’s for
investment protection
 Fully redundant configuration available
• Redundant forwarding engine board
• Redundant routing engine
• Redundant cooling Ideal for:
• Redundant power Fully redundant PE services
• M20 style redundancy solution for lower density PoPs
 Note: No integrated ASM

Graceful RE Switchover
 Works with Graceful Restart

• RE switchover is a passive event & does RE1
not cause network instability RE0 e

liv
CLI a
 RE checkpoint configurations are synch’d eep
k
• Routing info/forwarding state information
• FPC, PFE, PIC configuration data
 RE keepalive process
• Automatic failover to standby
• Configurable keepalive timer PFE Complex
• Default value set to 2 seconds
 RE failure does not reset PFE
• No effect upon traffic forwarding
• Alarms, SNMP traps on failover

In-Service Software Upgrades
 Leverages 3
1 Existing Release New Release
• Graceful RE Switchover
• Graceful Restart Protocol Extensions
 Delivers 2
• Non-disruptive software upgrades Graceful RE Switchover
RE
• Preserves Forwarding RE0 1
CLI CLI
• Particularly useful for time critical
situations (e.g. security patch)
 Caveats
• Minor releases only
• Upgrades to major release requires reboot
Packet Forwarding Engine
• Can in-service update jbundle
(including jroute & jkernel, but not jpfe)
• Check release notes for target version
caveats

M10i Components
8 slots for hot- swappable Redundant Forwarding
M5/M10 PICs Engine Boards (FEB)
Side-to-side
cooling
5U high
18” deep
Redundant AC or DC
Redundant Routing Engine Boards (REB) Power Supplies
• PCMCIA expandable memory
• 2 serial aux ports
• Ethernet craft interface

Agenda

• Provider Edge Services
• Enterprise Services
 Summary

Cisco 7200 and 7500 Inflection Point
 7200 & 7500 widely deployed at the provider edge
• But providers want to:
• move from bit transport to network-based services
• consolidate multiple networks and platforms
• 7200/7500 cannot support this transformation due to poor performance
 Cisco’s 7200 upgrade strategy is flawed
• 7200 to 7200VXR NPE-G1 or 7304
• NPE-G1 and 7304 do NOT deliver required performance
• Presents opportunity for M7i
 Cisco’s 7500 upgrade strategy is flawed
• 7500 to 7600
• 7600 is really a switch, does not support basic PE capabilities
• Presents opportunity for M10i for lower end 7600s
 Goal: Identify key PE applications where Cisco can’t perform

Running multiple VPNs on a single platform
Maximizes Revenues, Minimizes Costs
 Industry’s most comprehensive VPN portfolio

• L2 VPN (Kompella), L2 Virtual circuit (Martini), L2.5 Interworking VPNs (TCC), L3
2547 VPN, VPLS, IPSec mapped to MPLS, IPSec over MPLS, CoC VPN
 Common BGP discovery & signaling for L2 VPN, L2.5, L3 VPN, VPLS
• Reduces training costs – a single protocol to configure & provision all VPNs
• Only solution to support autodiscovery for all MPLS VPN types - operational
automation
• Only solution to support Inter-AS for all MPLS VPN types
L2 VPN
L2 VPN L2 Virtual Circuit
ATM FE
L2 Virtual Circuit
T1
L3 2547 L3 2547
FR M10i
M7i
ASx ASy
GE GE
VPLS VPLS
DS3 DS3
IPSec IPSec

Multiple VPNs on Single Platform
Maximizes Revenues, Minimizes Costs
 Different VPNS solve different customer problems
 Maximize revenue by delivering the most VPN types on a single platform
VPN type Customer Need M7i/M10i

L3 2547 VPN IP only (but any access), full mesh, minimize IT costs √
outsource routing, with QoS
L2 VPN Maintain ATM/FR/PL connectivity, point-to-point, √
L2 Virtual Circuit control own routing, with QoS
L2.5 VPN (TCC) Mixed network of ATM/FR & P2P Ethernet, point-to- √
point, control own routing, with QoS
VPLS Ethernet multipoint-multipoint connectivity, control √
own routing, with QoS
IPSec over Premium security over access link √
private IP/MPLS or end-to-end path of MPLS VPN, with QoS
IPSec over Low cost internet based VPNs √
public IP performed on managed CPE, without QoS

New revenues via enhanced VPN services
 Multicast over MPLS VPN

• Distance learning
• Retail kiosks
• Financial trading
information
 QoS within MPLS VPN

• Voice and video services
• Latency sensitive ERP
applications
• Best effort File transfer,
Email

Consolidated infrastructure, dramatic cost reduction
 High performance QoS paired with robust L2 VPN capability

• Policing, shaping, WRR, Strict priority, RED/WRED, marking
• Per VC, VP, DLCI, VLAN
• Preserve L2 QoS across IP/MPLS with L2 --> L3 mapping capabilities
 Diagnostics for diagnosis & troubleshooting
ATM ATM
Virtual Circuits
ATM IQ PIC
ATM IQ PIC
IP/MPLS
Ethernet Ethernet
GE GE
IQ PIC IQ PIC
Frame Frame
L2 VPN
Relay Channelized Channelized Relay
IQ PIC w/FRR IQ PIC

Single access link for VPN + Internet
Differentiated Service for Competitive Advantage
 Single access link for internet + VPN
• Enabled via M7i with integrated ASM or M10i with ASP
• Supports network-based NAT & stateful firewall are per 2547 VRF
 Single link reduces costs and complexity for enterprises
 New revenues for service provider, better competitive position
Inbound Private
traffic Addresses
Firewalled NAT’d
Internet
M7i w/ASM
M-series + ASP
Customer with Private

Addresses 10.x.x.x
CE Private MPLS VPN

Addresses
stay private

Provider Edge Positioning Summary
High
Juniper M7i
High Performance
IP/MPLS PE
MPLS PE Cisco 7200

Features
Cisco 7304
Basic
Aggregation
Cisco 7600
Low High
Packet processing performance

Agenda

• Provider Edge Services
• Enterprise Services
 Summary
 M7i & M10i Roadmap

Cisco 7200 and 7500 Inflection Point
 7200 & 7500 widely deployed in the enterprise, R&E, Government
• Head office routers, internet gateways, campus border, core routers
• Customers desire to transform their networks
• secure networks against malicious attacks, e.g. DOS attacks
• save costs, e.g. toll bypass
• gain competitive advantage through increased productivity
• 7200/7500 cannot support this transformation due to poor performance
 Cisco’s 7200 upgrade program is flawed

• 7200 to 7200VXR NPE-G1 or 7304
• NPE-G1, 7304 do NOT deliver required performance
• Presents opportunity for M7i
 Goal: identify key applications where Cisco can’t perform

M7i Collaborative Firewall Off-load
First Line of Defense
 Problem users
Software FW
• Existing software firewalls faltering w/increase in
traffic and attacks (e.g. DOS attack, Sobig)
• Example: Checkpoint1 is the number one FW, runs
on a Sun Server
• Enterprise networks are vulnerable to attack users 7200
• Existing 7200s
• Cannot provide any help as IOS FW is software only
• Vulnerable control plane because no separation of Internet
control and forwarding plane
 Unique Juniper solution users Software FW

• Creates a new more secure 2 tiered security
architecture
• M7i hardware based FW offloads stand-alone
s/w FW from common attacks like DOS users
• High perf filtering and antispoofing (uRPF) M7i
• Existing s/w F/W --> fine grain control
• Also, control plane protection enabled due to
separate control and forwarding planes Built-in firewall: Internet
• Off loads s/w firewall
• Protects control plane

QoS for Real Time Applications
 Problem
• QoS required even if average WAN band-
width is underutilized due to bursty traffic
Internet Border
• Existing 7200s not able to provide high router F/W
performance QoS for VoIP
• Results in poor quality voice and video
Internet
• Constrains enterprise move to VoIP Video
Conference
• 65% of enterprises will be moving to some
IP Phone
amount of VoIP in 20041
• 80% of enterprise IT managers concerned
about WAN performance for VoIP2 M7i Real
Time
WAN
Gateway
 Unique Juniper solution PC
• M7i w/high perf QoS delivers WRR, strict
priority, WRED, marking with no perf IP Phone IP PBX
compromise Flow
• Saves costs with toll bypass, adds new VoIP Collector
capabilities for productivity gains
1 Infonetics Research, User plans for WAN and Internet Access, US/Canada 2002, May 2002, pg 64
2 2003 VoIP state of the market report, Steve Taylor Distributed Networking Associates

Enterprise Positioning Summary
High
Juniper M7i
Transformed
IP Enterprise
Security Performance: Network
 Filtering
 DOS prevention
Basic
 Firewall/NAT
multiprotocol
connectivity
Cisco 7304
Cisco 7204/6
Low High
QoS performance for RT apps:
 VoIP, Video, latency sensitive ERP apps

Agenda
 M7i Overview
 The Enterprise Opportunity
 The Edge Opportunity
 Launch & Ordering Info
 Summary

7200 – Headed to EOL
7300 – Performance with compromise
 7200VXR NPE-G1 struggles with features on DS3 and above

• Marketing claim: 1 Million pps
• Marketing Claim: 6 GE interfaces in one 7200
• With features (NAT/Netflow/ACL) performs around 450kpps
• 1Mpps = 40% line rate of a bi-directional GE (64 byte IP)
• IPv6 and multicast slow path switched
• We expect that Cisco will try to upgrade customers to 7304
 7304 with NPE-G100 offers the same performance as 7200 (after 7 years!)
• NPE-G100 offers 1 Mpps and around 450Kpps with features
• NSE-100 option claims 3.5 Mpps, but this has just EOL’d for the 7200 & has limited features due
to reliance on PXF, NPE-G100 is only customer option
• No channelized interfaces, discrete T1/E1, OC-12 ATM, modular GEs
• 7200-->7300 interface support is very limited, no investment protection
• Redundancy requires 2 interface slots, leaving only 2 slots for interfaces
• IPv6 and multicast slow path switched
• There is NO hardware acceleration of features like IPSEC,
Firewall features and other process intensive services on 7300

7500 – Headed to EOL
7600 OSR– Switch in router’s clothing
 7500
• VIP6-80 supports only 140Kpps, approximately 50% of an OC-3
• Any features such as QoS or Netflow use the same CPU as the VIP6-80, degrading performance
• Supports a total of 256 IP interfaces, extremely low for an edge platform
• No further major roadmap developments for 7500 as this platform will EOL soon
• Cisco trying to upgrade customers to the 7600
 7600 OSR
• Tremendously unstable/complex due to a switch being “frankensteined” into a router
• Runs 2 different versions of IOS – one on MFSC and one on SUP
• Service cards (e.g. BRAS) run a third IOS image!
• Currently unsupported PE features
• IPv6, Hitless Failover, Fast Reroute, VRRP,L2 VPNs for ATM/FR, Strict mode uRPF,
MPLS CoS, RSVP, MPLS TE
• Recent SUP720 for catalyst only, we surmise that it will not be available on 7600 for another
year
• Note: All GE interfaces included on OSM line cards are switch ports and cannot provide VLAN
QoS nor WAN functionality – do not be fooled into pricing that takes this into account

Competitive Positioning: M7i vs. 7200
Most M7i configs comparable price to Cisco

7204/7206, but with carrier class capabilities
Cisco 7204VXR/7206VXR w/NPE-G1 M7i

 Software based, CPU shared by all features  Service-Built (programmable ASIC)
 450 Kpps challenged to support services on  16 Mpps supports full chassis of OC-12 &
interface above DS-3, limits future scalability, GE, extends asset life
particularly for service provider edge
 Activating features (e.g. rate limiting, filtering,  Activate multiple features with no
multicast) degrades forwarding performance compromise
 Limited to small filter lists, inadequate for  Large filter lists and uRPF for robust DOS
DOS attack prevention attack prevention
 Software based NAT/FW, degrades  H/W based firewall delivers 100K NAT/FW
forwarding performance sessions @ line rate
 Multiple IOS versions to manage based on  Single JUNOS image on all M-series,
capabilities desired regardless of capabilities activated

Competitive Positioning: M7i vs. 7304
Most M7i configs comparable price to Cisco

7304, but with carrier class capabilities
Cisco 7304 w/NPE-G1 M7i

 Network-processor cycles shared by  Service-Built with separate control
all features and forwarding planes, ASIC based
 450 Kpps challenged to support  16 Mpps, supports full chassis of OC-
services on interface above DS-3, 12 & GE with small packets
limits future scalability, particularly for
service provider edge
 Multiple IOS versions based on  Single JUNOS image on all M-series,
required capabilities– high opex regardless of capabilities activated
 Poor selection of interface &  Supports 45 M5/M10 PICs for
investment protection investment protection
 Activating features like rate limiting,  Activate multiple features with no
firewall, multicast degrades forwarding performance compromise

Competitive Positioning: M10i CPE vs. 7600
M10i delivers true carrier class IP/MPLS router capabilities
Cisco 7600 M10i

 7600 is a repurposed catalyst switch and does  Service-Built edge router with no
NOT have full PE feature set.
• No MPLS FRR
performance compromise
• No MPLS TE  JUNOS software contains all
• No IPv6 features available to other M-
• No ATM/FR over MPLS encapsulation
series platforms
• No multicast in a VPN  Single JUNOS image on all M-
• No filters on loopback address series, regardless of capabilities
• No filters to match packet of particular size activated
• No IPSec encryption of BGP
• No VRRP, Graceful Restart, APS
 SUP720 does not work with OSMs
 RSP 720 promised, but will be delayed

Agenda
 M7i Overview
 The Enterprise Opportunity
 The Edge Opportunity
 Launch & Ordering Info
 Summary

M7i Hardware Ordering Information
Component Description Model Number
Base unit, AC, 4 PIC slot chassis, FIC w/1 built-in Gigabit Ethernet port (optics M7iBASE-AC-1GE
Fixed 1 GE port sold separately), cooling, midplane, 1 AC power supply, 1 CFEB,
1 Routing Engine, JUNOS
Base unit, DC, 4 PIC slot chassis, FIC w/1 built-in Gigabit Ethernet port (optics M7iBASE-DC-1GE
Fixed 1 GE port sold separately), cooling, midplane, 1 DC power supply, 1
CFEB, 1 Routing Engine, JUNOS
Base unit, AC, 4 PIC slot chassis, FIC w/2 built-in Fast Ethernet ports, cooling, M7iBASE-AC-2FETX
Fixed 2 FE ports midplane, 1 AC power supply, 1 CFEB,
Base unit, DC, 4 PIC slot chassis, FIC w/2 built-in Fast Ethernet ports, cooling, M7iBASE-DC-2FETX
Fixed 2 FE ports midplane, 1 DC power supply, 1 CFEB,
 Must add to order:

• AC power cords separately
• compact flash separately
• SFBs for Gig E
 Order 256-MB DRAM memory modules separately to upgrade RE
to 512-MB or 768-MB DRAM

ASM Software Ordering Information
Model Number Description
S-NAT-FW-MULTI Can be used with applications where a single instance
(CPE) or multiple instances (PE) of a NAT/FW are
required. Each instance of NAT/FW is a set of rules and
policies that are applied to one or more customers.
S-ACCT Flow Accounting License
S-IPSEC IPSEC license
 Order M7i ASM, get one license for free

 Must purchase any additional software licenses
• Example M7i ASM gets multi instance NAT/FW for free
• Customer that also wanted IPSec or J-Flow would need to pay license fee for each
 Tunnel services included with both M7i and M7i ASM

M10i ordering information
Component Description Model Number
Base unit, AC 8 PIC slot chassis, cooling, midplane, 2 AC power M10iBASE-AC
supplies, 2 HCM, 1 CFEB, 1 Routing Engine,
JUNOS
Base unit, DC 8 PIC slot chassis, cooling, midplane, 2 DC power M10iBASE-DC
supplies, 2 HCM, 1 CFEB, 1 Routing Engine,
JUNOS
 Order 256-MB DRAM memory modules separately to upgrade RE to 512-

MB or 768-MB DRAM
 Must add to order:
• AC power cords, compact flash separately
• redundant CFEB and redundant RE if required
 AC redundancy can be achieved with 3 AC power supplies
 DC redundancy will typically be configured with 4 DC power supplies

Agenda

 M7i Overview
 M7i Applications
 Summary

Summary
 Performance challenged 7200 and 7500 provides an inflection point for
customers that want to transform their networks
 Service-Built M7i and M10i enables enhanced IP service delivery, network

consolidation and security with no performance compromise
 M7i and M10i for Service Provider Edge Services in smaller PoPs
• Industry’s richest set of VPNs
• Enhanced VPN services for incremental revenue
• Full Hardware Redundancy for M10i
 M7i as managed CPE for enterprises transforming their networks

• Carrier class security for fortified networks
• Real time applications for cost savings and productivity gains

Questions?
Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 41

Service-Built M-Series Routers
M5 M7i M10 M10i M20

Small PoP PE, Small PoP PE,
Network Med PoP PE, Med PoP PE,
campus border campus border, Med PoP PE
Location small PoP PE small PoP PE
router mngd enterprise
System
5+Gbps 7+ Gbps 10+Gbps 10+Gbps 20+Gbps
Bandwidth
DS-0 to
Maximum DS-0 to DS-0 to DS-0 to DS0 to
OC-12c/STM-
Speed OC-12c/STM-4 OC-12c/STM-4 OC-48c/STM-16 OC-48c/STM-16
4
Density 48 DS-3 48 DS-3 96 DS-3 96 DS-3 192 DS-3, 64
Sweet Spot 16 OC-3 16 OC-3 32 OC-3 32 OC-3 OC-3, 16 OC-12
PICs Per 4
4 (+2FE or 1 GE fixed)
8 8 16
Chassis
Chassis Per
15 24 15 9 5
Rack
Redundancy Power & Cooling Power & Cooling Power & Cooling Full Full

NAT Capabilities
 Available on
• I-ASM (integrated, lower cost solution for M7i)
• or Adaptive Services PIC (more powerful, discrete PIC for M7i or M10i)
 Private-to-Internet, intra-VPN and inter-VPN deployments
 Source NAT - change private address to public
• Outbound - Source IP address and checksums translated
• Inbound - Destination IP address and checksums translated
• Proxy ARP
 NAPT - translates transport identifiers
(TCP/UDP port numbers, ICMP query identifiers)
M7i or M7i w/I-ASM

M10i
Customer Network Internet
with Private Addresses 10.x.x.x
Server NAT NAT

Stateful Firewall Capabilities
 Available on  Track top talkers – sessions, packets
• ASM or ASP and bandwidth usage
• or Adaptive Services PIC (more • Flows, Src, Dst IP addresses, end-
powerful, discrete PIC for M7i or M10i) point pairs
 Stateful Packet Filtering • Sites under attack and potential hacker
sites
• Per flow state table
 Detect and protect against specific
• Allow packets matching policy and attacks
protocol state only
• Examples
 Check the higher layer state
• SYN attack - TCP SYN Defender
• Drop packets based on application (timeout), TCP Intercept (syncookie)
protocols
• ICMP and UDP flood
• TCP option checking
• Ping of death
• Etc.
M7i or
M10i M7i w/I-ASM
Customer Network with Internet
Private Addresses
10.x.x.x
Server FW FW

J-Flow Accounting Capabilities
 Available on ASM & ASP
• Type 5 or Type 8 flowd records Billing Collector/Engine
• Active or passive monitoring
• Independent of data & control plane –
no performance degradation
 Multiple OSS Alliance Partners
compatible today
 Version 5 provides accounting of: Flow Export
• SA and DA, protocol, port, AS
• Input and output interface
• Packets and bytes for flow duration
• Type of Service
 Version 8 provides accounting of: M7i or
• M10i
Flows, packets and bytes per
AS/Protocol/Prefix
ASP

Customer Nda M7im10i v9

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Customer Nda M7im10i v9

Uploaded by

Copyright:

Available Formats

Extending the Service-Built Edge

M7i & M10i Overview

nfidential Information of Juniper Networks, Inc.

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1

 The Service-Built Edge

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

Low Speed Dedicated Access

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

Programmable ASICs Scalable, Modular OS

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

New M10 M10i Single JUNOS image

Sm PoP / Campus Sm / Med PoP Med / Lg PoP Lg/Super PoP

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

 The Service-Built Edge

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

 Uses existing M5/M10 PIC’s

 2 Rack Units high Ideal for:

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

 Hardware-accelerated packet processing

• High performance services

 J-Protect security toolkit Firewall Accounting

• High speed NAT

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

Compact Forwarding Engine Built-in

Fixed Interface Card (FIC) Routing Engine Board (REB)

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

Attribute Definition ASP ASM

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

 Works with Graceful Restart

not cause network instability RE0 e

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

 The Service-Built Edge

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

 Goal: Identify key PE applications where Cisco can’t perform

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

 Industry’s most comprehensive VPN portfolio

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

VPN type Customer Need M7i/M10i

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

 Multicast over MPLS VPN

 QoS within MPLS VPN

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

 High performance QoS paired with robust L2 VPN capability

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

Customer with Private

CE Private MPLS VPN

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

MPLS PE Cisco 7200

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

 The Service-Built Edge

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

 Cisco’s 7200 upgrade program is flawed

 Goal: identify key applications where Cisco can’t perform

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

 Unique Juniper solution users Software FW

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net