Automation & Programmability
Showing results for 
Search instead for 
Do you mean 

Juniper Forwarding Interface

by Juniper Employee ‎07-27-2017 10:45 AM - edited ‎07-31-2017 02:20 PM

Disaggregation is a common topic in datacenter and telco cloud discussions. While most of the conversation is focused on the emergence of white box solutions, this really only represents half of the disaggregation dialogue.


The software in hardware-software disaggregation

When it comes to disaggregation, our industry is focused pretty squarely on the software. The emergence of white box solutions, while seemingly focused on the hardware, is really more about the software.


In a typical white box model, the hardware is reduced to commodity parts (typically based on Broadcom silicon, but the definition should expand to include other merchant silicon offerings over time). With the hardware reduced to the lowest common denominator, the software becomes the point of interest.


In this model, Junos is actually well-positioned to be the feature-rich network operating system that runs on these commodity hardware platforms inside datacenters, across the WAN, or inside the telco cloud.


The hardware in hardware-software disaggregation

But while the portable OS has dominated the disaggregation discussion, the other half of that equation is actually worth paying attention to.


Imagine settling on a set of software and then developing portable alternatives to the hardware. For instance, what if people could pick the portable OS of choice and then leverage more than just Broadcom silicon?


Juniper, for instance, has been able to produce custom silicon that can provide critical features for various customer use cases. And have been working on building out an open and extensible interface to that hardware, which would basically allow third-party software to run on Juniper hardware.


It’s disaggregation—just flipped on its head.


Forwarding software and Hardware Abstraction

Before we delve into the details, let’s explore a high-level view of what is required to build a router or switch. Operationally, routers and switches have these major layers:

  • Management plane, which enables configuration and operations
  • Control plane, which runs all the routing protocols, interface management etc.
  • Data plane, which includes software and hardware required for traffic forwarding


Forwarding Software in a Network ElementForwarding Software in a Network Element

Breaking this down further, within the data plane there are three components:

  • ASICs that do the actual packet forwarding job of receiving, processing and transmitting
  • FIB tables that the ASICs use to do lookups
  • Forwarding software that interacts with the control plane and programs the FIB with the forwarding elements that the ASIC can look up

A major aspect of forwarding software is to abstract the ASIC specific FIB programming from the control plane. Juniper’s forwarding software is designed and implemented to achieve this across a variety of custom and merchant ASICs and also effectively leverage the ASIC capabilities to extract maximum scale and performance from the silicon.


Juniper Forwarding Interface

A forwarding topology is a series of connected forwarding elements. These forwarding elements can be broadly classified into lookup tables and actions.


Juniper Forwarding Interface is the API that Juniper forwarding software provides to the control plane to configure, connect and manage these forwarding elements over its ASICs.


Juniper Forwarding InterfaceJuniper Forwarding Interface

Need for Open Forwarding APIs

The forwarding APIs vary across different vendor implementations. Because each silicon design is different, there is no standardized low-level APIs available that can work consistently on all ASICs.


Open forwarding APIs provide a mechanism for a custom control plane to be written on top of Juniper ASICs. Any third-party network operating system can interface with Juniper ASICs. Customers who have developed their own control plane can leverage the open APIs to integrate with Juniper switches and router hardware. And third-party vendors who want to provide the control plane without having to invest hundreds of millions of dollars in silicon development for high-end use cases can leverage Juniper hardware.



Use cases for Forwarding APIsUse cases for Forwarding APIs

Juniper Forwarding APIs additionally provide a powerful capability to be able to program forwarding slices. Customers can carve out slices of forwarding state, and run an independent control plane in each slice. This provides flexibility to the customers to program their own control plane for a cross section of the ports, such as their backplane. The rest of the hardware can run Junos.


Forwarding slices provide the ability to implement a feature that is not supported in Junos yet but could be very compelling. For example, EVPN signaled VPWS with Flexible Cross Connect is a feature that did not exist in Junos previously. The forwarding implementation for this feature was done using the Advanced Forwarding Toolkit (AFT) and was demonstrated at the P4 Summit in Stanford. The relevant IETF draft was published just a month before, thus unlocking capabilities in the silicon without going through an expansive development cycle.


Forwarding APIs also provide the ability to attach monitors, such as counters, to the existing forwarding topology at runtime. This is very useful for operational aspects of the network devices. For instance, operators can dynamically spin up counters during debug.


Introducing AFT

With the primary intent of providing forwarding APIs, we have modernized the forwarding software.  We call this the Advanced Forwarding Toolkit (AFT for short). AFT provides the PFE APIs that will be used by the control plane. And, very importantly, Junos uses the same set of APIs that third-party software would. If the APIs are good enough for third-party development, they are good enough for our engineering teams.


AFT - Advanced Forwarding ToolkitAFT - Advanced Forwarding Toolkit

AFT provides a programming model that involves three main elements:


AFT ElementsAFT Elements

Forwarding Sandbox:

A sandbox is essentially a walled area within a forwarding path. AFT Clients can program forwarding paths within this sandbox.


AFT Nodes

Basic forwarding path elements in AFT are called nodes. Different nodes may vary in their complexity and connection options. Example of nodes are tables, trees, lookups and conditionals.


AFT Node Entries

Node entries are the individual matches in a lookup node. Entries are the individual match elements for a particular container.
 Examples are route entries, port entries.


AFT provides forwarding APIs that can be used to setup sandboxes, nodes, and entries required for a forwarding topology. These APIs are provided as a library.


AFT APIs as a libraryAFT APIs as a library

Workflow with AFT

Using AFT API is fairly straightforward. The AFT API library is published in GitHub ( Customers can build specific clients by using this library and adding their implementation. These clients can talk to the AFT server that runs on Juniper hardware.


Workflow with AFTWorkflow with AFT


There are several ongoing industry efforts to standardize the APIs for forwarding plane programming. These efforts include SAI, Openflow, P4, and so on. AFT is designed to provide low level of forwarding constructs and can be used to address any and all use cases that the underlying ASICs can support. These APIs can be adapted to implement any higher-level abstractions that are seen in the other industry standards. Basically, as these other standards emerge, they will plug directly into AFT. More directly, we are not competing with those efforts—we see these as complementary initiatives.


Using Forwarding APIs to support SAI, P4, etc...Using Forwarding APIs to support SAI, P4, etc...


Hardware-software disaggregation is about flexibility, choice, and economics. There are many options for software, hardware and silicon to choose from. The Juniper Forwarding Interface provides APIs into the forwarding plane of Juniper routers and switches. At the heart of this is an advanced forwarding toolkit, called AFT that provides a programming model to configure and connect forwarding elements. These APIs allow users to be able to directly interface with the forwarding plane and create customized network elements.


Essentially, Juniper is completing the other half of hardware-software disaggregation. We fundamentally believe that customers should have choice. And we would like to extend that choice down into the silicon to complement the work already happening on the portable OS side.


by manasm
on ‎07-28-2017 07:15 PM

Great writeup Surya. This is a vey nice explanation of the Juniper Forwarding Interface.

by Juniper Employee
on ‎08-03-2017 09:36 AM

Good article understand the AFT

by Juniper Employee
on ‎08-06-2017 01:47 PM

Thanks Surya for this simplified and detailed article on AFT..

Juniper Networks Technical Books
About the Author
  • Ben has been working with service providers around the world for the last 15 years developing business cases for a variety of product concepts and new ventures. Ben holds an MBA from MIT and a BS & MS in Mechanical Engineering from Johns Hopkins University.
  • Part of Juniper PS EMEA since 2005 Primarily interested in making technology do the boring repetitive work so I can do fun new work.
  • Donyel Jones-Williams is the Director of Service Provider Product Marketing Management overseeing all of Juniper's Service Provider Products for Juniper Networks. In this role, he leads all of the internal and external marketing activities for Juniper with respect to routing, automation, SDN and NFV. Prior to joining Juniper Networks in January 2014, Donyel was a Senior Product Line Manager for Cisco Systems with in the High End Optical Routing Group managing product lifecycle for multiple products lines helping telecom providers operate efficiently and effectively including; ONS 155xx Product Family, ONS 15216, ONS 15454 MSTP, Carrier Packet Transport Product Family, ME 2600x, & ASR 9000v. He also negotiated favorable agreements with 3rd-party vendors furnishing components and parts and conducted both outbound and inbound marketing (webinars, case study-development, developed and delivered both business & technical at Cisco Live 2005-2012). Donyel graduated from California Polytechnic State University-San Luis Obispo with a Bachelor of Science in Computer Science. While attending Cal Poly SLO he was a collegiate student athlete playing football as a wide receiver and a key member of the National Society of Black Engineers. Donyel is now an active volunteer for V Foundation.
  • Dwayne loves everything related to automation and enjoys talking about it: Automation benefits outweigh any associated disruption.
  • Ebben Aries is a Principal Engineer for Junos Manageability in the Juniper Development and Innovation Division.
  • Michael Pergament, JNCIE-SP #510, JNCIE-ENT #23, JNCIE-DC #3
  • Marcel Wiget is a member of the Routing TME team. His career within Juniper started back in 2009 as a Senior Systems Engineer driving one of the first MX based Broadband Edge deployment to success. Prior to Juniper, Marcel held various positions in pre-sales, professional services and development at Chantry Networks, Spring Tide, Nortel Networks and Wellfleet.
  • Surya Nimmagadda is a Distinguished Engineer working on packet forwarding software for Juniper Networks routing and switching platforms.
  • Pallavi Mahajan is Vice President Engineering, Junos Engineering, and leads the Junos Programmability & Automation teams
  • Product Manager, JUNOS Automation