Juniper Employee , Juniper Employee Juniper Employee
The NFX Series Network Services Platform
Nov 16, 2015

Last week, Juniper announced the NFX250 Network Services Platform.


The NFX250 is the first member of an entirely new family of products that is an integral part of the fully automated Juniper Cloud CPE solution. The NFX Series is targeted at Managed Service Providers (MSPs), who will deploy the services platform at their customer sites in branch offices, in the campus, in data centers, etc.

At first sight, you might think that the NFX250 is a traditional Customer Premises Equipment (CPE) secure branch router. In fact, it is much more than that.
Traditional CPE devices offer a fixed set of functionality that is determined by the vendor and baked in at the factory. If you want additional functionality, you have to either replace the CPE device or deploy additional devices. Either way, it's an expensive proposition from both a CAPEX and OPEX (truck roll) perspective.
Not so for the NFX250, which is a Universal CPE (UCPE) device. Rather than just providing a fixed set of functionality, the NFX250 can do whatever you want it do by deploying Juniper or third-party Virtual Network Functions (VNFs) on the platform — hence the term Universal CPE.
The NFX250 is an example of Juniper's newly announced strategy of disaggregating software from the hardware. The NFX250 runs Linux as the host operating system. The KVM hypervisor is used to host multiple VNFs from Juniper or from third parties in the form of virtual machines on the device itself.
The NFX250 hardware is optimized to make it a Network Services Platform​:
  • A powerful 6-core Intel Xeon D processor provides sufficient processing capacity for VNFs.
  • Virtualization features such as VT-x, VT-d, and SR-IOV enable high-performance virtualization and service chaining.
  • 16 GB or 32 GB of RAM provide plenty of memory for multiple large VNFs.
  • 128 GB or 512 GB of SSD provide lots of storage for VNFs that require for operations such as caching.
  • 12 x 1GbE data ports, 2 x 10GbE data ports, and a combined 1GbE data and management port eliminate the need for a separate switch.
  • A networking ASIC for hardware port-to-port forwarding guarantees sufficient performance, regardless of the load on the CPU.
  • A 20 Gbps high-performance internal data path to the Virtual Network Functions.

​The NFX250 also runs the same proven Junos operating system​ that runs on other Juniper routing, switching and security devices, providing a rich suite of proven carrier-class protocols. Just like the VNFs, Junos runs in a virtual machine.

The NFX250 hosts the Juniper vSRX virtual security gateway​ as a VNF, providing industry-leading high-performance security capabilities such as Next Generation Firewall (NGFW), Unified Threat Management (UTM), Intrusion Protection Service (IPS), Application-aware Security (AppSecure), and IPsec VPNs.


The NFX250 software also includes several new features designed to seamlessly integrate the network services platform into the Network Function Virtualization (NFV) orchestration framework.

For example, the NFX250 contains a new software component called the Junos Device Manager (JDM) that runs in a container, providing the following functionality:

  • Manages the lifecycle of virtual machines.
  • Creates service chains between ports and virtual machines, either in hardware using SR-IOV or in software using a software switch.
  • Provides “phone home” functionality for zero-touch deployment.
The NFX250 provides a standard YANG and NETCONF interfaces for all functionality (including virtual machine life cycle management and service chaining) for easy integration with commercial and open source service orchestration system.
The NFX250 is also designed to seamlessly integrate with the Juniper Contrail orchestration portfolio.
When Juniper announced the NFX Series, we also announced a new member of the Contrail family, Contrail Service Orchestration, which augments existing Contrail Networking and Contrail Cloud products used to virtualize the Telco cloud infrastructure.
Contrail Service Orchestration provides orchestration of the service layer, providing an operator portal that allows service providers to:
  • ​​On-board Juniper and third-party VNFs.
  • Design service offerings for customers by combining VNFs into more complex service chains.
  • Publish these service offerings in a service catalog for end customers.
  • Manage and monitor the infrastructure used to host the VNFs.


Contrail Service Orchestration also provides a user portal that allows end-customers to:

  • Order services offered in the service catalog.
  • Centrally instantiate VNFs in the Telco cloud or distribute them on the NFX Series Universal CPE devices.
  • Manage and monitor the instantiated services.
All the functionality mentioned above is also available in the form of REST APIs for service providers who prefer to build their own portals and for integration with Operation Support Systems (OSS) and Business Support Systems (BSS).
These products—the NFX250 Network Services Platform, the Contrail portfolio including the new Contrail Service Orchestration, and Virtual Network Functions (VNFs) such as the vSRX virtual firewall—provide a complete, end-to-end solution for Cloud CPE.