Juniper Unveils New Services Architecture, Gateways

Building off the credo that "it's not enough to connect anymore," Juniper has released what it's calling a "game-changing" Dynamic Services Architecture, which Mark Bauhaus, Juniper executive vice president and general manager of service layer technologies, said will let solution providers, enterprises and service providers take advantage of new service opportunities to address changing business requirements and deliver superior user experiences.

Bauhaus said in the past, companies had to choose performance or security, and sacrifice one in the process. To combat that problem, they'd add boxes and blades creating a siloed approach built upon several operating systems.

With the Dynamic Service Architecture, he said, Juniper is enabling the addition of services to the network that can be managed as one consolidated framework tying together application layer forwarding, threat prevention, access control, routing, firewall, IPsec VPN, NAT and a host of other services. The architecture is based on Juniper's JUNOS operating system at the bottom and uses one management system at the top, Bauhaus said.

Essentially, Bauhaus said, the Dynamic Services Architecture offers a dedicated dual-management engine and purpose-built carrier-class terabit speed fabric to deliver an extensible design that can both scale integrated services and network capabilities on a single architecture.

Sponsored post

The new architecture, Bauhaus said, will be the foundation for a pair of new Dynamic Services Gateways Juniper also unveiled on Monday. The gateways, the SRX 5600 and SRX 5800, run JUNOS software, Juniper's single-source code base network operating system.

The SRX series offers integrated services and scalable performance via a dedicated control plain, buildable processing pool, buildable I/O pool, a scalable service engine, a single policy and configuration engine and a single device to manage. The chassis-based system enables adding capabilities and services in the form of cards so that solution providers can build a services architecture for their clients that can evolve as needed, said Michael Frendo, Juniper's senior vice president of high end security systems. Any card can perform any service, he said. The SRX 5600 can support up to six cards, while the SRX 5800 can support up to 12.

The SRX services gateways can deliver up to 120-plus Gbps of firewall throughput, a massive increase of processing speed over traditional firewalls. Additionally, they tie in other key services such as Intrusion Prevention System (IPS), Distributed Denial of Service (DDos/DoS) protection, Network Address Translation (NAT), dynamic routing and Quality of Service (QoS). New features and services can be turned on as need to accelerate application and service deployments, Frendo said.

"It gives the flexibility of deploying the same tool to do multiple things," Frendo said.

According to Brian Lazear, director of product management for Juniper's service layer technology group, the SRX 5800 gateway can support more than 120 Gbps of stateful firewall, 30 Gbps of IPS, as well as 350,000 connections per second. Additionally, the SRX 5800 can be configured to support more than 400 Gbps interfaces with choices of Gigabit Ethernet or 10 GigE ports. The system uses services processing cards (SPC) and input/output cards (IOC) and can scale by the terabit speed fabric employed in the gateways, which allows for massive scale of Ethernet ports and services processing.

The SRX 5600 gateway uses the same SPCs and IOCs as the larger counterpart and can support up to 60 Gbps of stateful firewall and 15 Gbps of IPS.

Available now, the SRX 5600 and SRX 5800 dynamic services gateways list for $65,000 and $68,000, respectively, for the chassis. Services processing cards and I/O cards start at $100,000 each.