Search the Community
- Tech Cafe
- The New Network
- Security Now
- Industry Solutions and Trends
- Partner Watch
- Community Talk
- Automation & Programmability
- SDN and NFV Era
- Packet-Optical Technologies
- Silicon and Systems
- Data Center Technologists
- Business and Finance
- Basic Cable
- Juniper German Blog
- Juniper France Tech Blog
- Government Trends and Insights
- Information Experience (iX)
- Your Business Edge
- All Things APAC
- AR Voices
- Corporate Social Responsibility
- Customer Stories and Successes
- Security Incident Response
- Application Acceleration
- Community Feedback
- Configuration Library
- Contrail Platform Developers
- Day One Tips
- Ethernet Switching
- Identity & Policy Control - SBR Carrier & SRC
- Intrusion Prevention
- Junos Automation (Scripting)
- Junos Space Developer
- ScreenOS Firewalls (NOT SRX)
- SRX Services Gateway
- Training, Certification, and Career Topics
- Wireless LAN
- Ambassador Program
- Ambassador Program
On June 20th, Juniper announced the concept or “Cloud-Grade Networking,” which builds on carrier-grade reach and reliability and enterprise-grade control and usability to bring cloud-level agility and operational scale to networks everywhere.
One of the tenets of Cloud-Grade Networking is the ability to run anywhere and everywhere—on any software, on any hardware, in any cloud. Juniper calls this requirement Everywhere Networking, and it refers specifically to the disaggregation of the networking technology stack so that applications can run in any cloud, cloud workloads can run on any device, and software can run on any hardware.
Good Engineering Practice
I started my career in software engineering almost two decades ago. When I joined Juniper, I found it odd that “disaggregation” was part of the corporate lexicon, with a specific emphasis on the separation of the control plane from the data plane. Wasn't this form of disaggregation merely table stakes for modern routers, or software engineering for that matter?
Disaggregation is just extending the core tenets of modular design to the commercial side of the business. When you have a large development team, the only practical way to build a product is to create clear interface boundaries, then decouple the components so that teams can act semi-autonomously. The more disciplined the engineering team is, the more strictly those boundaries are enforced.
The new conversation about disaggregation centers on the fact that vendors are now exposing these boundaries to the end customer. It's understood that the interface boundary has become hardened, mature, and standard enough that we can now let customers leverage them for their use. I do recognize that, from the customer’s perspective, this is revolutionary concept. I can't help but smile when I think about it because it feels like good engineering practice is finally emerging as the differentiator it should have been all along.
More than Economics
The central theme for most disaggregation discussions these days is how it will enable superior economic advantage. Separating hardware from software allows each layer to be procured independently. The classis scenario in short form is as follows: hardware devolves to the lowest common denominator, aka merchant silicon, resulting in huge savings for everyone.
However, while cost savings is important, I think reducing disaggregation to a mere cost-cutting technique misses the major point learned from the web-scale community. The web-scale community is printing money because of top-line growth, not bottom-line optimization. The real value in disaggregation is architectural; that’s what has separated the web-scale companies from the rest of the market. Architectural advantage equals business advantage. This is what's driving the growth.
One of the defining tenets of Cloud-Grade Networking addresses the question of how networks are operated. Basically, the major cloud properties have all built extensive monitoring and management frameworks around their resources (not only network, but also compute and storage), and they use these tools to optimize the underlying infrastructure. For optimization to be possible, they require fine-grained control. Disaggregation helps ensure that individual components (not just systems but also subsystems) are controllable. A strong interface layer provides a stable way of integrating with the surrounding tooling.
Also, for this extensive operational machinery to work, you want to make sure the underlying network is as simple as possible. The key to simplicity is stomping out snowflakes; uniqueness is bad for highly automated environments. So the web-scale companies have standardized on individual building blocks. Disaggregation allows them to isolate these building blocks, effectively locking them in place while allowing them to make changes elsewhere.
More than Hardware and Software
We deliberately chose the term “Everywhere Networking” because “disaggregation” has become so overused, it has drained it of any specific definition. When most people hear the word “disaggregation,” they immediately think about hardware and software decoupling. While that is a good thing to have, it is only one aspect of disaggregation—one that is critical for moving away from the legacy architectures perpetuated by a carrier-grade and enterprise-grade mentality to a new cloud-grade mindset.
For instance, you can apply the principles of Everywhere Networking to more than just a router or a switch; it can also be applied to large modular chassis. Line cards have historically been tightly coupled with the chassis design; with our June 20 announcement, we introduced a universal chassis by decoupling the line card feature functionality from the platform itself. This means that, for the first time, a single Juniper chassis can be leveraged for data center spin routing, core routing applications, and (in the near future) edge routing applications by simply selecting the appropriate branded QFX Series, PTX Series, or MX Series line card. This unique engineering accomplishment is a form of Everywhere Networking: disaggregation in the hardware itself.
As we look at the rest of the technology stack, there are lots of opportunities for Everywhere Networking. Does the control plane need to be tightly coupled with the device? Can we disaggregate the chassis into smaller components by providing APIs to the underlying silicon? Should disaggregation only apply to merchant silicon?
The point here is that we need to take a much broader look at Everywhere Networking than just merchant silicon switches.
More than Breaking Things Apart
So far, our discussion has focused almost exclusively on how to break things apart; we haven’t spent enough time talking about how to bring them back together again. For every component that is developed and sold separately, there is a need to integrate it into a fully-operational solution.
Currently, the burden of achieving this integration falls largely on the major cloud providers. I should point out that once these providers settle on the disaggregated components, they buy them as integrated solutions through systems integrators. But if we want to democratize the cloud, we need to make integration easier for everyone.
This is a delicate balancing act. We don’t want a world where all components can be mixed and matched freely; this would effectively mean that everyone is running a snowflake instance, which makes things more unstable. We need to provide enough diversity to allow for meaningful choice, but not so much that everything stops working.
Juniper's approach here is to disaggregate by default as part of a robust engineering design, then be measured on how we integrate components. The end state simply cannot be more unstable than the starting state.
Commercializing Everywhere Networking
As one of the product evangelists at Juniper, I believe that everything starts with building great products. This has never been truer. In the past, engineers everywhere could cut corners knowing that they could address the technical debt later because it was hidden underneath a broader product veneer.
In an Everywhere Networking world, this simply isn't the case any longer. In many ways, we believe that disaggregation puts a bit of architectural purity on display. And this allows Juniper to commercialize our engineering discipline—something we have never been shy about in the past.
We shipped our first switching product some six years ago. Switching in Juniper has come a long way since then.
One of the very early things we did after formation of Campus and Datacenter business unit was to figure out how we could enable the best ideas. Everyone knows that the best ideas don’t necessarily come from any one person or group of people. Many times teams and organizations get so busy building and selling products that they forget how to innovate. Lack of innovation is often hidden by desperate acquisitions of “new technology” every few years or by finding creative but proprietary ways to lock in the customers.
Juniper is built around an open, innovative culture focused on high performance networking. However for the switching business unit the challenge was different, how do we build better products for our customers while using some of the same building blocks like everyone else?
The answer that first came to mind was simple, “We need to innovate”. That was quickly followed by discussions on how to hold Hackathons of various flavors, what kind of pizza to order and whether beer makes people better coders. This idea died after a spirited discussion. Hackathon has its usages but we wanted to focus on building better technology over time and not do an event.
We settled on some outcomes that we didn’t want.
- We can’t synchronize how people think and want to work so anointing some days on the calendar as “Innovation Days” is not useful. What we wanted to create was not a vehicle to show coding prowess of engineers but to foster ideas and build solutions that solve real customer problems.
- Innovation is not about getting more features done, so we shouldn’t expect engineers to do full day of work and then innovate in spare time.
- We can’t force people to innovate – it has to be opt-in as lot of engineering work is cyclical. There are no assigned targets and quota.
Here are the simple principles we decided to adhere to.
- Every engineer is free to spend 10% of their time on any project that they want to. The 10% of time can be spent as half day every week, one day every other week or two days a month.
- Engineers should let people around them know what they are working on and solicit participation if needed. The team can be one engineer or several.
- Managers don’t track what people are working on (no status reports!), we just ask that innovation work be related to networking (no pet training videos) and they create a working model (demo) of what they built.
- When completed, we expect engineers to take their work forward either as part of some product or a new product.
- We let engineers be engineers and do not try to manage the creative process. Some ideas work out well, other are interesting but may not practical, some others may need to start all over. We let engineers manage the outcome of work done in their “innovation time”.
For the most part the system has endured and worked well.
We hold the “Innovation Day” or “Demo Day” once every other quarter to share what people have created. Currently we are planning for the fourth such event and there is a fine event poster at the bottom. Demo days are much anticipated and are now becoming full day events. We have seen demos on new concepts, process improvements, new tools and products. We help people with equipment and some time with logistics but other than that people are on their own. They are essentially CEO of their idea and are responsible for taking it forward.
After a year and half since the concept was launched, some amazing technologies have come from the “10% off time”. I will list some of them and there are many that you are seeing and will be seeing in products from the engineering team. The participation is high and we get many surprises during demo day presentation.
One example is “Using QR codes for network management”. The team created a QR code generator for EX/QFX boxes, they also defined a concept of aggregate QR code where a whole rack could have a single QR code (useful in a data center). QR codes can be generated and printed on equipment/boxes from the factory using an Android app. They also wrote a QR code reader that can read the codes and upload the information to Junos Space Network Director application to quickly import networking devices in its configuration. There are no complicated spreadsheet listing what device is where and then the process of entering them in the Network Director app. Now one could walk in the DC aisle and just scan the codes on devices – rest all is taken care of by the software. Before this method, getting new equipment identified, installed in the ND app was a labor-intensive process subject to many errors. Keeping things current can now be much easier.
No one wrote a requirements document, there were no discussions on whether our engineers were experts in creating Android apps (they were not!) and how did this effort stack rank in priority to everything else that was on our list of things to do. Amazing things are possible when people across multiple teams work together and solve the actual problem that the customer is likely to see.
Here is one more example from a real world on how to view QFabric multicast trees. As the number of TORs increase (QFabric supports up to 128 TORs with single point of management) the network can get complex to visualize. Here is partial CLI output.
What you see above is part of CLI output from the QFabric interconnect chassis showing multicast adjacencies. This is a relatively small QFabric system but the output is complex and not easy to visualize. The problem is similar for any large network topology.
During very first demo day our multicast engineer added a CLI command which allows the user to see the same data quite differently:
switch> show fabric multicast graph core-tree core-tree-id 0 src-tor-id 4
See the difference!!
The innovation added the capability in switch to generate an output file, which can be viewed on an external Unix based viewer application. It helps that Junos OS CLI is logical and it is simple to get the XML output. Below is the screen snapshot.
Not only that with QFX5100 it is easy to integrate the external viewer in the same switch system. The VCF (Virtual Chassis Fabric) master can host applications in a separate VM and do such displays. An example of an application that runs on the switch itself is here: Visualizing Virtual Chassis Fabric. Ironically the visualization example at the link was created as part of the CDBU Innovation Day and was one of very first demos.
There are many more innovation day ideas and maybe you will notice some when Junos OS and CDBU products make your day to day job a little bit easier.
Because when you distill it down, the engineers at Juniper who build the products are the first customers of it. They run into the same problems as our customers do when products are difficult to use, it is quite natural for someone to build tools and software smarts that make their jobs easier. Our mantra in CDBU is “Simple, Open, Smart” and here is a whitepaper if you want to read more about where we are going. What we have done with CDBU Innovation is to create opportunity and time for our engineers to tinker and make the products better. In using innovative ideas to solve their everyday problems, they are making our products better for our customers.
Is your network built for the demands of 5G, IoT and emerging mobile applications? Is infrastructure complexity hindering your “agility” to respond? Perhaps it’s time to rethink your network infrastructure and its operations.
Contrail Network SlicingBot automates the provisioning and management of network slicing across both physical and virtual infrastructures. It ushers in a distinctive automation experience based on higher-level business requirements written in human language (“the what”) and translates into actionable workflows (“the how”). For example, ‘I need a slice with these characteristics: control plane, max latency, security’ or ‘I need a slice for IoT”. Contrail Network SlicingBot is designed to automate both CUPS (Control and User Plane Separation)and Junos Node Slicing end-to-end across the network at scale. By incorporating real-time analytics and continuously validating the intended business requirement, the Contrail Network SlicingBot leverages Juniper’s intent-driven software architecture, incorporating cross-domain resource management, cross-level resource modeling and extensible APIs for heterogeneous environment integration.
With the emergence of 5G, edge computing and IoT, network operators are facing complexities that are forcing them to rethink the way they design, provision and deploy these emerging services. In addition, customers are more empowered than ever, demanding applications on-demand, anywhere, anytime and customized for their specific needs. The current best-effort transport and edge services are not good enough, as both subscribers and applications have far higher expectations of quality.
Islands of heterogeneous service infrastructure are straining operational and management systems to the point of unsustainable economics. Network operators realize that they need a flexible network-as-a-platform built on high performance infrastructure that can be “sliced” into isolated networks that mask the complexities of the underlying environment - referred to as network slicing. Additionally, operators are embracing CUPS to enable a distributed cloud infrastructure. CUPS marries the scalability of virtual control-planes with high performance user-planes, increasing network agility and improving user experience.
Network slicing and CUPS form the foundational principles to enable network-as-a-platform for distributed mobile cloud. Network slicing is a powerful mechanism that an operator can use to create dedicated network resources from a shared network infrastructure to provide multiple services with specific user and application requirements. Slicing may be performed in various ways on a variety of network resources depending on the operator’s service environment. Typical examples include physical and logical isolation of network connectivity and services with differing QoS guarantees, isolated slices of residential, business, IOT and mobile services and specific pre-defined network functions. Network slicing also gives the operator full flexibility to either logically or physically lease a portion of their network to external or internal entities with specified functionality and expected quality of experience.
Juniper is combining innovations defined as part of vision with our high-performance MX router to deliver network slicing. Control-plane independent node-slicing on the industry-leading MX Series, coupled with the programmable virtual Junos control-plane, forms the foundation of our network slicing solutions. The open MX platform also integrates partners’ virtual control-planes for innovative network slicing of various network domains, including mobile.
At Juniper, we strive to bring engineering simplicity to increasingly complex networks. We engineered operational simplicity into the Contrail Network SlicingBot to simplify network slicing across a distributed cloud infrastructure with the power of automation defined in human terms for next generation services.
Over two decades ago, when a friend of mine visited his parents in a remote countryside village in China, he had to first take train from Beijing to the provincial capital, then take a crowded coach on bumpy country roads to the county’s capital, next take passenger ship, and finally walk dozens of miles on the mountainous road to his parents’ village. The journey involved many forms of transportation, was exhausting, and took three days. Additionally, the logistics was difficult to manage and coordinate.
This problem also exists in networking industry. The explosion in data center traffic growth due to distributed applications such as distributed cloud applications, video streaming, and mobile applications is making it necessary to interconnect geographically dispersed locations to create a single hyper-scale logical resource pool. To achieve this interconnectivity, cloud operators have been deploying isolated packet and dense wavelength-division multiplexing (DWDM) equipment as separate domains with independent management tools. Just like my friend visiting his parents in the remote village, this infrastructure involves a diverse set of transportation domains and is difficult to manage.
The good news is that Juniper is now providing a perfect solution to this problem with the newly released Coherent DWDM Line card. Integrating DWDM into Juniper Networks® QFX10000 line of Switches (QFX10008 and QFX10016) eliminates these operational headaches by bringing packet and optical into a converged architecture, reducing space and power consumption, and eliminating the high cost of external transponder shelves.
The following graph illustrates how the traditional DCI can be simplified by integrating DWDM into Juniper Networks® QFX10000 line of Switches with this DWDM Line card.
And here is an image of the actual Coherent DWDM Line card.
This innovative and feature-rich DWDM Line card offers density, performance, and economics for cloud-scale applications, simplifies cloud deployment by collapsing spine/DCI into a single network, and provides consistent management interface for both packet and optical using Junos OS. The follows are the feature highlights:
- 19.2 Tbps per system with QFX10016
- 25.6 Tbps per fiber pair with 128 channels
- 1.2 Tbps per line card; 6x200 Gbps per line card
- 1.2 Tbps Packet Forwarding Engine (PFE) with deep buffers and large forwarding information base (FIB)
- 1.2 Tbps line rate IEEE 802.1AE Media Access Control Security (MACsec) encryption across all ports
- Up to 12x100GbE, 256-bit encryption Superior Performance for Metro or Long-Haul Applications
- Flex modulation to support both metro and long haul on the same line card
- 120 km without amplification
- 4,000 km with amplification
- 200 Gbps DP-16QAM (approximately 1000 km)
- 150 Gbps DP-8QAM (approximately 2,000 km)
- 100 Gbps DP-QPSK (approximately 4,000 km)
- Configurable modulation
- Compatible and interoperable with Juniper’s existing DWDM Line cards on PTX and MX routers
- Alien wavelength support over third-party line system
- YANG data model
- Junos OS CLI and SNMP
- Supports IP over DWDM for L2 or L3 applications
With so many features and benefits, as soon as this innovative DWDM Line card is released, customers immediately fall in love with it. See Fredrik "Hugge" Korsbäck's blog New toys – 200G DWDM in Juniper QFX10000.
Thanks to the recent rapid development in China’s high speed railway infrastructure, now my friend just needs to take the train from Beijing directly to his home village, and his parents will be there at the station welcoming him with big smiles – there was a new station built near his parents’ village, so no more alternating between transportation modes, no more logistics hassles, and no more exhaustion.
The same is true with the release of Juniper’s DWDM Line card on QFX10000 line of Switches. The end result: happy customers.
We launched Contrail Security as a newest member of the Juniper Contrail product family in August 2017. We’ve been overwhelmed with the positive responses we received for Contrail Security in addressing the security needs for Enterprises and Service Providers. Our next step was to demonstrate the strengths of Contrail Security and the Open Networking User Group (ONUG) was the ideal avenue.
Contrail Security is a simple, open, fully distributed cloud security solution that enables operators to secure their applications in any cloud at scale. Policies based on application attributes defined by tags, labels, and other grouping constructs can be universally applied without having to rewrite them for every new environment. This evolution of the policy framework stems the policy proliferation and helps in decentralizing the definition of the security posture.
Juniper participated in the ONUG Innovation Awards on October 18th, 2017, and Contrail Security won the award in the Software Defined Security Services (S-DSS) category. The award highlights the propriety of Contrail Security to directly address enterprise IT user needs especially the use cases that are important to the ONUG Community as defined by the ONUG Working Groups (described in detail in the PoC guidelines).
A panel of independent industry analysts including Stephen Collins from ACG Research, Eric Hanselman from 451 Research, and Zeus Kerravala from ZK Research acted as judges to select three awardees that met the PoC criteria from over 20 PoC submissions.
Watch the demo that we showed on Contrail Security at ONUG Innovation Awards.
We’re really excited and proud of winning the ONUG Innovation award and are looking forward to bringing the security solution to addresses the security needs of our customers.
To learn more about the technical details of Contrail Security, read Pratik Roychowdhury’s blog.
A colleague of mine made a wonderful comment in a meeting I was in a few weeks back when he pointed out that ‘somebody’ did not exist in our company directory. The comment came as part of a planning discussion where, almost inevitably, it’s easy to fall into the ‘somebody should fix that’ kind of comment trap as you assess the planning horizon and consider the goals and objectives you need to achieve.
Good for him that he did as it re-enforced the fact that the answers to some of the challenges in front of you lie much closer to home rather than simply offloading them to a mythical, virtual individual called somebody.
I was reflecting on that comment as I sat in the UK Digital Summit on Policy and Business for a Smart Society, organized by the Big Innovation Centre at the offices of The Digital Catapult in London on Wednesday 17th December.
The Big Innovation Centre, launched in September 2011, exists to make the UK a global open innovation hub, to build a world-class innovation ecosystem, and re-balance and grow the UK economy.
The event itself brought together representatives from Government, Enterprises, Vendors, Academia and public bodies to debate a number of angles related to that goal but focusing in specifically on the potential opportunities created by the ‘smart society’ and how UK PLC needs to move and take advantage of that opportunity, clearly a key pillar of an innovation agenda.
In many ways, ‘UK PLC’ does have a lot going for it in terms of it has a great track record of fostering a creative gene pool of talent that has over many years developed some incredibly innovative, breakthrough ideas and developments.
Where it has unfortunately often failed, is executing on those innovations and getting them into market consistently.
Alas, Innovation without execution is hallucination.
Question is how do you change that, how do you marry the bright ideas with business plans, funding and a go to market model that gets those ideas to market quickly, consistently with machine like repeatability in a way that signals to the Global Market that the UK is The world’s new innovation hub.
Clearly if it was easy, it would have been done by now. It isn’t and it requires input, support and most crucially action from a number of interested parties, many of whom were represented at the event in London.
A great debate ensued amongst the 100 or so people gathered that ranged from enlightened Government Policy to easier access to finance to whether the education system in the UK is doing enough to foster tomorrow’s innovators to how do you measure innovation?
Birgitte Andersen who is the CEO of BIC led a really interesting and passionate debate on the ‘intangible revolution’. As a society we are good at measuring the value of tangible assets and finance organisations particularly will base a hefty weighting of their lending disposition on quantifying those assets. But what if the assets are intangible, what if they are based more on intellectual property that needs funding to develop? Birgitte’s call to action in this session was the need to create an ‘Innovation Bank’ to address that current shortfall and support the innovators and entrepreneurs in developing and bringing that ‘IP’ to market.
There is an excellent storify posting from the team at IBM who presented at the event here that captures a number of the key discussions, a great ‘social’ overview.
The whole discussion, the event itself and I guess the goals of the BIC overall are being brought into sharp relief by the advent of all things ‘smart’ and the development of the Internet of things.
In my brief presentation, I commented on IOT being the 5th wave of digital ecosystem, the previous 4 being the Internet itself, The Mobile Network, The World Wide Web and the App. The reason I positioned in that way was to make the point that each of the first 4 waves had three things in common
- They were ‘Open’ – no one vendor or institution ‘owned’ them
- They became widely available to consumers and business alike because their value was and is clear.
- They delivered a platform
Whenever you create a platform with those characteristics, wonderful things can happen, you effectively unleash the genie of creativity and stand back and watch as it works its magic.
UK PLC won’t achieve a desired status of an ‘Innovation Hub’ unless it can show and prove by the things that its companies and people do that it deserves that status. Its path to getting there may well be best served by focusing on the developing smart society needs and using that as an execution catalyst.
Bringing together large telecoms companies, system integrators, finance, government and most crucially, the small entrepreneurial companies and individual inventors whose ideas and products will be at the heart of cracking the code of smart solutions may at first pass seem an onerous task.
Brokering those ecosystems and consortia is where organisations such as The Big Innovation Centre shows its real value. Innovation does start with ‘I’ and each of the organisations involved with BIC need to play an active, execution oriented role in bringing the goal outlined above to reality.
In short, Think Big, Start Small, Act Quickly.
Whether it’s with customers or colleagues, most of my conversations involve the cloud in one way or another, and more often than not, cloud is the conversation. Why? Because customers want to rapidly and efficiently scale and customize services on their terms and they only want to pay for what they need. And there’s no doubt that the cloud has already impacted businesses across virtually every market segment—a November 2016 study by IDG found that 70% of organizations had moved at least one application or a portion of their infrastructure to the cloud—and continues to do so, as the cloud service industry has grown 42% year-over-year.
Juniper Networks supports your cloud strategy transition with a fast, scalable firewall in virtual form factor - the vSRX - and the industry’s most advanced virtual router, the vMX; both available on Amazon AWS and Microsoft Azure.
The Juniper Networks vSRX offers the same features as our physical SRX Series firewalls, and is part of Juniper Networks’ Software Defined Secure Network (SDSN). The vSRX can be deployed in AWS or Azure as a VPN gateway to provide remote users with secure access to their workloads. It can also be deployed as a segmentation gateway to block lateral threats.
The Juniper Networks vMX offers the same features as our physical MX Series routers, and provides comprehensive VPN and automation features that help securely extend your network into the cloud, maintain high availability across zones, and easily interconnect multiple vNET as your cloud network grows.
Taking advantage of the vSRX and vMX on Amazon AWS and Microsoft Azure couldn’t be simpler. Customers can bring their own licenses (‘BYOL’) or access hourly and annual pay-as-you-go (‘PAYG’) licenses in granular bandwidth increments, allowing you to use pre-configured vSRX software in minutes, with AWS and Microsoft managing all aspects of metering, billing, payment collection and financial reporting for PAYG usage.
Importantly, free vSRX and vMX trials are available on both AWS and Azure, which allow you to assess the power of these products without risk or penalty.
On AWS, you can access your
On Azure, you can access your
Juniper understands that whatever your unique mix of on-prem, hybrid cloud and public cloud resources, you need a simple, secure solution—with feature and operational consistency—network-wide. Whether physical or virtual, Juniper solutions provide a seamless, consistent experience across physical networks and public and hybrid clouds without compromising agility, visibility or management.
“It ain’t braggin’ if it’s the truth.” – Babe Ruth
The industry’s most powerful, cost-optimized core routing platform.
The world’s most advanced ASIC (application-specific integrated circuit) for networking.
The industry’s first silicon leveraging 3D memory architecture to improve density efficiency by 20 times.
The first software defined network (SDN) controller capable of automating the control of multiple network layers – IP and optical.
The first purpose-built data center aggregation switch family to be powered by Juniper’s organically developed ASIC, offering unparalleled performance, port density and scale to grow cloud networks.
The highest port density needed for 100G networks and the most compact 100GE-capable switch available on the market today.
The first data center firewall to deliver latency as low as seven microseconds, capable of processing a packet of information literally faster than the blink of an eye.
All of these are characteristics of the new innovations in routing, switching and security announced by Juniper today. These are not exaggerations, nor are they hyperbole. They are facts.
These new innovations were developed through the lens of the three elements that we believe are key to our customers’ success: Automate. Scale. Create. Three simple words that pack a powerful punch. Automate to drive greater operational efficiencies. Scale to maximize the impact of your capital investment. Create to enable the new services and revenue streams that delight your customers and lead to shareholder value. Our routing, switching and security products are key to achieving this automated, cost-effective scale and enable the service creation our customers need to unleash the full potential of their creativity as a company.
When it comes to routing, for us, the Core is the heart of the network and needs to support the explosion of traffic in a way that makes business sense. In our view, silicon is the key to the routers our customers need to accommodate daily data traffic that is expected to expand to more than 4,000 PB per day by 2018 (IDC).
As such, our PTX line of routers will be powered by the industry’s first silicon leveraging 3D memory architecture to improve density efficiency by 20 times and will be capable of performing more than 1.5 billion filtered operations per second. If one bit of data equaled one drop of water, that’s the equivalent of the PTX5000 being able to transfer every drop of water in the Indian Ocean in one week. The new silicon also makes our PTX3000 91% smaller than the nearest competitor, yet still having the capacity to stream HD video to Tokyo, the Bay Area, and Los Angeles with enough capacity leftover to also accommodate New York City.
To help maximize the efficiency of our customers’ networks, we’re also introducing Northstar, the first SDN controller capable of automating the control of multiple network layers – IP and Optical. Think of it as the SDN version of Waze for the network. It tells you exactly what’s happening with the data on your network, where the traffic jams are and what are the alternative available routes.
For switching, networks are rapidly moving from 10G to 40G and ultimately to 100G networks. To enable that transition for our customers, Juniper will offer our QFX10000 line of switches – the first purpose-built data center aggregation switch family to be powered by Juniper’s organically built ASIC, offering unparalleled performance, port density and scale to grow cloud networks. The QFX10000 line offers the highest port density needed for those 100G networks and also has the most compact 100GE-capable switch available on the market today. The line is built on open architecture-based industry standards to provide customers choice and flexibility for their networks and is designed to make network management and provisioning simple and automated.
To underscore Juniper’s commitment to automation in switching, Juniper is also announcing Junos® Fusion and EVPN/VXLAN support. Junos Fusion is based on an open architecture, designed for mid-to-large data centers. With Junos Fusion, an entire data center can be managed as a single coherent network, rather than managing elements individually. Junos Fusion makes it easy to automate the scale of deploying new switches resulting in a highly scalable switch fabric through automation. To give you an idea of the scale we are offering our customers with our new innovations in switching, the combination of Junos Fusion, QFX10000, and EVPN could construct a data center capable of offering a virtual machine for every person in the city of London, upwards of 12 million people.
Finally, a word on security. Juniper’s approach to security is layered and multi-faceted. Our goal is to ensure both protection and resiliency, and to do so through the use of analytics, security intelligence, multi-threat feeds, and advanced threat protection. Prevention, however, is still key to cyber security; specifically, the use of firewalls. As we share more of our information broadly and use new tools for doing business, our attack surface is increasing. The key is to understand how big your attack surface area is and the best way to minimize attacks to each surface.
“Surface area” means data centers, desktop/laptops, mobile devices and apps. Just like there are micro-climates for weather in a compact geographical area, the same dynamic exists for everything connected to a network, only it’s called “micro-segmentation.”
Deploying firewalls on a micro-segmented basis can be cumbersome, expensive, slow to update, and rife with sub-par implementations. Automation and orchestration of the distribution of firewalls is key. Juniper provides that with today’s announcement of AppSecure 2.0 for Juniper’s virtual firewall, vSRX (formerly Firefly Perimeter) – application security with automation capabilities between virtual and physical environments. The vSRX portfolio of software-based network and security services supports a variety of network function virtualization (NFV) and software-defined networking (SDN) solutions such as Juniper Contrail, OpenContrail and third-party SDN solutions.
While virtualization and micro-segmentation are key for enabling new architectures in the data center, there is still going to be a need for a physical firewalls for years to come. As such, we have launched Express Path for the SRX5000 family –Juniper’s carrier-grade security devices powered by Junos. With Express Path, customers can now keep pace with today’s massive data traffic processing at critical edges of their network such as data centers and mobile networks. Express Path offers customers a 1 Tbps firewall with an 80% reduction in latency; specifically, it can offer latency as low as seven microseconds. What that means in plain English is that it’s capable of processing a packet of information literally faster than the blink of an eye.
Automate. Scale. Create. These are the tenants that have guided the development of all of our innovations announced today in routing, switching, and security. They will continue to be the basis for what we innovate in the future. There will be more “firsts,” more “most advanced,” and more “most powerful.” And like the Babe said, “It ain’t braggin’ if it’s the truth.”
Why Network Innovation Matters
While machines and humans have natural limitations in their capabilities, there is virtually no limit to those capabilities when we connect machines and people together. For this reason, I would argue that the network is the single greatest vehicle for knowledge, understanding, and human advancement that the world has ever known.
Network Evolution Continues
Juniper’s vision is to be the worldwide leader in network innovation. And when it comes to innovation, we are maniacally focused on two dimensions.
The first is in the area of performance and I must say that this is an area that the industry tends to take for granted these days. The fact is that due to fundamental limits in memory technology, thermal considerations, and flattening generational improvements in transistor performance, it is becoming increasingly more difficult to move the needle in performance gains. But that is no excuse for not achieving those required gains.
By 2020 there will be 7.6 billion Internet users1 with 50 billion connected devices2, accessing data around the clock and around the globe. Our customers are looking for cost-effective ways to keep up with the demand this puts on the network. At Juniper we will never be confused about how important it is for us to innovate in the dimension of performance and improve the economics of connectivity, overcoming any and all technical obstacles in our way.
The second important dimension of our innovation lies in automation. There is a lot of great discussion and debate in the industry today about architectural approaches such as virtualization and SDN. As important as these concepts are, we view them as primarily a means to an end, and that end is automation.
With operational costs spiraling upward, and the ever-present burden of large amounts of error prone and mundane manual labor, it is becoming exceedingly important for the networking industry to reap the benefits of automation as other industries have. Automation will bring new levels of cost efficiency and agility for our customers and Juniper intends to lead in automation as it has led in performance and scale for years.
Our focus on improving performance and automation is the foundation of our technology strategy, and it is equally applicable across routing, switching or security. Our customers rely on us to maintain our innovation engine at top speed to support an ever-connected world and our announcements last week at Juniper's Innovation Showcase (video playlist) demonstrate our steadfast leadership.
We’re delivering ground-breaking silicon technology that powers infrastructure at rates and efficiency never seen before. We’re delivering powerful software algorithms that allow our customers to peer into their networks to optimize and automate operations. And since it’s such a hot topic of discussion in the industry, I want to remind everybody that at Juniper we take our silicon investments extremely seriously. Our only religion is that of building great products, and we will use the very best technology components to do that, whether we build those components ourselves or buy them from our technology partners. See my blog, Making the Right Silicon Decisions in Networking, dedicated to this important topic.
A Higher Purpose
Every day, our teams around the world are helping our customers architect and design the best networks on the planet. Every innovation we envision, every technology we create is informed by our desire to help solve our customers’ toughest challenges so they can compete and thrive today and into the future. Such innovation doesn’t just occur by happenstance. It comes from nurturing a great culture. Our employees around the world are committed to guiding principles and behaviors to set the standard for what we expect to see from each other, and what our customers expect to see from us.
At Juniper, what drives us is the ‘why’. Why we exist as a company to solve the problems that we solve. Yes, we build awesome routers, switches, and security devices. But the net effect is that we are delivering the technology that connects things and humans together, and in doing so, enables researchers to find cures for deadly diseases, permits scientists to bring clean tech energies that make this planet a better place, and brings education to Third World countries. I feel incredibly energized by all the ways in which Juniper improves not just this industry but also the world in which we live.
I am very excited about our opportunity, our product portfolio, our people, and our ability to help our customers transform their business in our connected world. I couldn’t be more proud to lead this company in delivering innovation that matters.
1 “The State of Broadband 2014: Broadband For All,” Broadband Commission, September 2014, available at: http://www.broadbandcommission.org/Documents/reports/bb-annualreport2014.pdf
2 “Investing in the Internet of Things,” Morgan Stanley, January 2015, available at: http://www.morganstanley.com/articles/internet-of-things-opportunities-for-investors/
Unlike the newer, non-traditional players within the FSI sector, major companies struggle to innovate and modernize their products and services, largely due to the complexity and inertia generated by their legacy systems.
Given that many of these organisations have systems that were developed in the 1970s and 1980s, their in-house IT applications and infrastructure have been patch-worked together over the decades – layer upon layer – for added functionality. This setup makes it difficult to upgrade and programme various applications, and ultimately, limits the organisation’s ability to evolve as quickly and effectively in today’s business environment.
While it is not unusual for a FSI organisation to have around 9000 – 10,000 different applications – and in the case of a large banks it might be even higher – when it comes to modernising these applications, it can lead to downtime which would be unacceptable for customers and stakeholders. Also, finding developers who can work with archaic programming languages can be difficult too. To get around this, FSI organisations need to look at how they can develop a platform and test the integration process of these legacy applications, to get them working with the increasing number of cloud native applications which are being used in the industry.
One large bank in the US came to us with a problem saying that any change in their applications typically took about six and a half months to develop and launch. So we initiated the integration of an open API with a range of their legacy applications using Juniper OpenLab, as well as some other open source tools. This took approximately three months to test and integrate everything, but at the end of the process, the bank now had the capability to roll out application changes or even launch entirely new applications in 14 days flat. That’s a major competitive advantage in terms of reduced cost, reduced risk and of course, greatly reduced time to market.
Having this underlying platform, facilitated by Juniper OpenLab, provides customers with complete openness, flexibility and agility, allowing them to integrate their applications with the backend. That’s the biggest benefit we hear back from customers once we have completed a digital or automation journey with them.
This is part 3 of a 3 part series about innovation in the FSI sector. To learn more about the latest innovative technology and services in FSI, don’t miss our earlier articles originally featured on CIO Asia about Asia’s Most Innovative FSI Services and Best Practices Implementing Cutting Edge Tech in FSI.