Junos
Junos

Junos differences

‎08-26-2019 10:27 AM

Hi There,

 

I am in the process to upgrade qfx5200-32c and 48y and I would like to install the recommended version, the 18.1R3-S6.

Heading to the Juniper website for sw download, now i am in front of 3 choices:

  • QFX 5e Series Switch with Enhanced Automation - Secure Boot
  • QFX 5e Series - Secure Boot
  • Limited - QFX 5e Series Switch - Secure Boot

So all of them have Secure Boot so no need to go deep on this topic.

What about the remaining meaning?

QFX 5e Series Switch with Enhanced Automation 

https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-flex-overview.html

This one looks to me that it is intended in case of any automation is needed and

"Veriexec is disabled, which enables you to run unsigned programs, such as programs that you develop with Python, Chef, and Puppet"

 

QFX 5e Series - Secure Boot

I am assuming that this one is like the above but with less support for automation but i could not find any exlapanation

 

Limited - QFX 5e Series Switch - Secure Boot

This one is for

https://www-origin.junipercloud.net/documentation/en_US/junos/topics/topic-map/software-install-and-...

"Version has no cryptographic support and is intended for countries in the Eurasian Customs Union (EACU). These countries have import restrictions on software containing data-plane encryption. "

and it is not my case cause the hardware i am going to upgrade is not located in any EACU state

 

Based on your experience do you agree with me that the correct choice here is the QFX 5e Series Switch with Enhanced Automation ?

Could someone bring any light on what is the QFX 5e Series - Secure Boot?

 

Thanks!

 

 

 

 

3 REPLIES 3
Junos

Re: Junos differences

Tuesday

I am facing the exact same choice. Have you had any answer somehow on the exact differences between all these versions ?

Junos

Re: Junos differences

Tuesday

Hi FabNewCert,

You have figured out most of the diference but here you go:

#Limited - QFX 5e Series Switch - Secure Boot:

The “Junos Limited” image does not have data-plane encryption and is intended only for countries in the Eurasian Customs Union because these countries have import restrictions on software containing data plane encryption. Unlike the “Junos Worldwide” image, the “Junos Limited” image supports control plane encryption through Secure Shell (SSH) and Secure Sockets Layer (SSL), thus allowing secure management of the system.

 

#QFX 5e Series Switch with Enhanced Automation - Secure Boot

This software bundle is identical to the other software bundle except that Veriexec is disabled, which enables you to run unsigned programs, such as programs that you develop with Python, Chef, and Puppet.

 

#QFX 5e Series Switch - Secure Boot

This is the normal Junos version which you can use. It doesn't allow you to run abovementioned unsigned programs. 

PS: Please mark my answer as resolution if it answers your query, kudos are appreicated too!

Thanks
Vishal

 

Junos

Re: Junos differences

Tuesday

This may have the info you are looking for about Junos and secure boot,

 

https://apps.juniper.net/feature-explorer/feature-info.html?fKey=7360&fn=Secure%20Boot

 

"A significant system security enhancement: Secure Boot. The Secure Boot implementation is based on the UEFI 2.4 standard. The BIOS has been hardened and serves as a core root of trust. The BIOS updates, the bootloader, and the kernel are cryptographically protected. Secure boot is enabled by default on supported platforms."