Data Center Technologists
Showing results for 
Search instead for 
Do you mean 

The QFX5100 Takes Virtualization to Heart

by Recognized Expert Recognized Expert ‎02-21-2014 04:47 PM - edited ‎02-21-2014 08:22 PM

Everywhere you look there's virtualization. Hypervisors, NAS, and Containers. What about networking? Some people say VLANs. Others say MPLS. A topic of recent discussion is overlay technologies and VXLAN. But what if it went deeper than that? What would happen if you apply some of the server virtualization to networking? What would the result be?

Under the hood each networking switch has a control plane, which is basically full blown computer. It has a CPU, memory, and local storage. What would happen if the QFX5100 virtualized its control plane? Well, it did.
The QFX5100 natively boots into Linux and uses KVM as a hypervisor to create virtual machines. Junos, the network operating system, runs inside of a VM. At first glance, one might ask what's the big deal? You just added to layers of abstraction between the switch and Junos. However with abstraction comes the ability to do more than what was previously possible.
Traditional Switch vs Juniper QFX5100
One great example of Junos engineering is the ability to perform In-Service Software Upgrades (ISSU) on the M, T, and MX series. This allows you to upgrade the networking operating system without interrupting the traffic flowing through the box. However this feature requires two control planes. At a high level there is a master and backup routing engine. As one routing engine is being upgraded, the other continues to take care of the switch.
Traditionally on 1RU switches, there was only a single control plane. There just wasn't enough space or budget to include a second control plane. However the QFX5100 uses Linux KVM and is able to create two virtual machines running Junos. Now by simply adding two layers of abstraction, we're able to have two control planes and support ISSU on the same 1RU switch.
So what else is possible? Your imagination is the limit. Another possibility is to create a third virtual machine and install Linux. You could use this virtual machine to execute operational scripts and programs that monitor various aspects of the network. You could collect statistics with MRTG and display it on a web page.
Check out the QFX5100 today. What will you do with the power of virtualization? 

by Distinguished Expert
‎02-22-2014 08:41 AM - edited ‎02-22-2014 08:41 AM

Hi Doug,


what about running this on a VM:


- VSRX (and terminate ipsec tunnels on a switch....)

- VWLC (and terminate CAPWAP tunnel directly on the switch)

- SSL or UAC virtual appliances


The infrastructure as we know it will change ........

by Juniper Employee
on ‎02-22-2014 02:39 PM

It sounds we might not have to use overlay to achieve NFV since the switch itself is virtualized. If so, this is awesome since overlay introduces some troubleshooting problems due to lack of visibility, and extra management burden.


Second, virutalize the switch is great, but do we really need running a full stack for each V-switch? Can we use LXC (eg, Docker) instead of VM inside the switch? I know container is still not mature enough until it addresses security issue.


Last but not least, the 3rd VM could also run some user applications (ubuntu+web server, eg.). If the switch supports enough RAM+CPU, the single rack switch can act as a server and storage and switch, so that we do not need any dedicated server, or storage, or rack switch. This is what a future data center should look like.


Does this sound exciting?

by Distinguished Expert
on ‎03-03-2014 03:33 AM



When LXC/Docker gets a more mature security model, then there would be no reason you couldn't just boot an underlying linux image on the Guest VM running a single instance of Docker.  It certainly opens the door to possibilites.


Other thoughts:

- STRM Event Collector

- Virtualised Route Server/Reflector (either Juniper or 3rd party like BIRD/Quagga)

- SFlow Collector (might hammer the SSD a bit too much though, maybe aggregate to a RAM disk and send to an upstream server)

- Super ZTP Server - have your core switch automatically build your network based on what it sees (query the switch) and knows (topology stored on the Guest VM)

- Network Infrastructure Services (DNS, NTP etc)



by keith4
on ‎04-09-2014 11:03 AM

This exciting. The one thing that I am concerned about is th eintroduction of possible bugs that can compromise the systrem, if we were to now use it for storage and web services. Heartbleed, is exactly the kind of things give me pause. Not to mention, the additional resources to serve up webpages and and process file transfer. Novel idea, but to me it is introducing another avenue of attack.

Why is that I have to keep changing the name and email address i use to comment?

by christianVP
on ‎11-30-2015 02:43 AM


What are the limitations of VMs on the QFX5k?

How much can I give a VM of:

- disk-space


- CPUs 



With respect to routing, does the traffic to and from the VM run in paralel to the trafic to and from the REs?


Juniper Networks Technical Books
About the Author
  • Anil Lohiya is a Principal Engineer in the Campus and Data Center Business unit in Juniper Networks. In his current role, he is leading some of the SDN and Network Virtualization initiatives.
  • I am an Engineer with expertise in Data Packet Forwarding, Software Design & Programming with major domain expertise in QoS (Quality of Services). I have worked across the domains in Data communications field. I love water and am a good swimmer too.
  • Remarkably organized stardust.
  • I have been in the networking industry for over 35 years: PBXs, SNA, Muxes, ATM, routers, switches, optical - I've seen it all. Twelve years in the US, over 25 in Europe, at companies like AT&T, IBM, Bay Networks, Nortel Networks and Dimension Data. Since 2007 I have been at Juniper, focusing on solutions and services: solving business problems via products and projects. Our market is characterized by amazing technological innovations, but technology is no use if you cannot get it to work and keep it working. That is why services are so exciting: this is where the technology moves out of the glossy brochures and into the real world! Follow me on Twitter: @JoeAtJuniper For more about me, go to my LinkedIn profile:
  • Ken Briley is Data Center TME at Juniper Networks focused on Juniper switching product lines. Prior to Juniper Networks, Ken worked at Cumulus Networks as a TME supporting the dis-aggregation movement and before that he spent 15 years at Cisco Systems working in various roles: Technical Support, Technical Marketing Engineer, Network Consulting Engineer and Product Management. Ken has an MS in Electrical Engineering and is CCIE # 9754.
  • Michael Pergament, JNCIE-SP #510, JNCIE-ENT #23, JNCIE-DC #3
  • Raj is a Sr. Cloud Technology Architect with Juniper Networks and focuses on technologies such as VMware, SDN, and OpenStack etc.
  • Rakesh Dubey is the engineering head for Campus and Data Center business unit at Juniper Networks. He has been with Juniper for past six years leading multiple switching products.
  • Sarath Chandra Mekala is a staff engineer with Juniper networks and focuses on implementing Juniper's Openstack Neutron plugins in the areas of Switching, Routing, Firewall and VPN. He is an official contributor to Openstack Neutron FWaaS v2.
  • Sriram is a Sr. Manager in the Campus and Datacenter Business Unit. He is part of the Network Director team and focuses on technologies such as VMware integration, OpenStack etc.
  • An accomplished network engineer with 18+ years’ experience, and a Juniper employee since 2004, Tony leads the IT team focused on deploying “Juniper on Juniper”, using Juniper technology to run the business and deliver core business services across the enterprise. Tony holds a BS degree from California Polytechnic State University. Outside of work, Tony serves on a School Advisory Council, loves biking and good coffee.