JunOS UpdateAndrey Nushtaev
Systems Engineer
21 April 2015
LEGAL STATEMENT
• This statement of product direction
sets forth Juniper Networks’
current intention and is subject to
change at any time without
notice. No purchases are
contingent upon Juniper Networks
delivering any feature or
functionality depicted in this
presentation.
Agenda
• Junos Modernization
• Junos new release model
• New Features introduced in 14.1 and 14.2
• Junos Automation & Programmability
Key Platform Improvements in 14.1
JAM (Juniper Agile Deployment Methodology)
Release software support for new hardware as a dynamic pluggable and loadable module on already released Junos versions/releases
Provide customers with an option to adopt new hardware, using previously qualified and hardened Junos versions
In-Service Software Upgrade (ISSU) Enhancements
Extending ISSU support with MX-VC, LFM, LNS, LACP Fast Hellos
MX-VC “Locality Bias” Support
• Bias unicast transit traffic to prefer local chassis egress
• Prefer local-MX egress rather than remote-MX egress, in order to conserve VCP bandwidth
Inline MLPPP
Enabling Multilink PPP using Inline Trio.
This enables customers to use MLPPP on line card and avoid additional investment of Service Card to just turn on LSQ interfaces.
Key Platform Improvements in 14.1
Load-balancing Enhancement
FAT PW Create a flow label based on indivisible packet flows entering a pseudowire. Use flow label for load balancing in LSR routers, which provides a better traffic distribution
across ECMP paths or link-bundled paths in the core.
Entropy Label (Trio/ICHIP) Add entropy label support in chassis which has Trio as Core facing and I-chip as CE facing.
Bottom 3 labeling hash Current implementation is with top-of-stack labels (max 3) + payload, which has some
inherent shortcomings with todays deployment of customers like customers going beyond 3 label stack and sometimes confuses with mac starting 0x4 or 0x6 even if it is top 3 labels.
This new implementations resolves it with new knob by enabling using bottom-of-stack label (max 3) + payload.
Key Platform Improvements in 14.1
Link Aggregation EnhancementAE Mix with 10G,40G & 100G Mixed Mode Lag interface support with 100G, 40G and 10G speeds Upgrade path as user moves from a LAG with 10G links to bundle with 40G and/or
100G links and also protect the investment in 10G links.
Modify the Link protection behavior in Static LAG Currently in static link protection for AE, only traffic egressing out of the standby link
is dropped but all ingress traffic is accepted. Modify this behavior to drop the ingress traffic as well for Standby links.
Use case: Emulating an STP port in discarding mode without the overhead of STP or ERP
Key IP/MPLS features in 14.1
Multicast Enhancements
Multicast only Fast Re-Route Fast Re-Route technology in Mulitcast Routing. Based on draft-karan-mofrr-02. Multicast only Fast Reroute functionality allows fast reroute of multicast video streaming
traffic, ensuring video quality does not suffer in event of network failures, congestion etc on one path.
Group VPN Member support in MX
Group Member support for any-to-any secure connectivity based on RFC 3547.
Supported feature in SRX and extending in MX as a supported Group Member.
Interoperability with Cisco GET VPN as a member for multi-vendor deployment.
CoS (forwarding class) Based Accounting
Enable Forwarding Class with counters while they already have classification available.
Provide packet/bytes statistics counter per protocol family (inet/inet6) for input & output direction on IFL and IFD level.
EVPN Active/Active Multihoming
Interconnecting data centers across a wide area through Active-Active forwarding.
Provides load balancing of unicast traffic on both Active links to load balance traffic and better utilize their networks.
VXLAN Gateway (VTEP) Trio Support
Providing an overlay of L2 network over L3 network by encapsulating L2 frames in L3 (IP/UDP) packets.
VXLAN - EVPN A/S stitching
Ability to stitch and interoperate between EVPN Active-standby and VXLAN, while the former is providing inter-DC connectivity and the latter is providing intra-DC connectivity
Key Data center and Ethernet features in 14.1
Key Data center and Ethernet features in 14.1
OVSDB Support in MX
OVSDB support on MX-series to interoperate with VMware's NSX.
SDN Controller for provisioning VXLAN and exchange MAC to VTEP binding between different VTEPs
MAC pinning & MAC move-VPLS
MAC pinning is a feature where dynamically learned MAC over 'MAC Pinning Enabled interfaces’ is not allowed to be re-learned on any other interface till MAC address timeout (or Aging) in the same bridge domain or VPLS.
Provides protection in L2 network to avoid MAC move in hardware and loop in L2 bridges.
Key Services Features in 14.1
Traffic Detection Function (14.X55)
Enable policy and control for a standalone Traffic Detection Function (TDF) on the SDG using the Gx interface. Policy enforcement is for L3 to L7 policies (i.e. DPI).
Usecase: Subscriber monetization in wireless and wireline networks.
Increase ALG Support for CGN
Further enhancement of ALG (Application Layer Gateway) supported list in CGN.
Improve further transparency and avoid breaking application in CGN deployment by increasing ALG supported list.
Key Platform Improvements in 14.2
Inline GRE Defragmentation
Implementation of inline GRE reassembly
Allows customers to use Trio based MPCs for GRE tunnels
CNH optimization and VRF LOCALIZATION
Improve Chain Composite NH (CNH) memory footprint to increase overall scale
optimize certain data structures to improve scale
Selectively download a VPN FIB to only those PFEs where the customer connection is terminating
Allow PFEs to scale independently; increase the overall L3VPN FIB scale of MX
Interface DAMPENING
Instantaneous Multiple Flaps with very short UP/DOWN duration (in milliseconds)
Periodic Flaps with long UP/DOWN duration (in seconds)
Key Platform Improvements in 14.2
Logical Systems support on MX-VC
Enhanced Link Aggregation (LAG)
Removes next hop dependency in LAG environments
FIB scale, and FIB convergence time improves when this feature is utilized
Fast Interface Shutdown (3sec) after Final RE Failure
The goal is to shutdown/power off line card ports within 3 sec when “Final RE” is lost.
“Final RE” is the sole RE on a single RE chassis and it is the Master RE when the other RE is not ready for GRES in a dual RE chassis router
Adaptive load balancing for ECMP next hops
Addresses traffic load imbalance issue caused by hashing algorithm
Link utilization based flow rebalance
Per-packet based random spray
Key Platform Improvements in 14.2
8K SCALE for VRRP
Improve the scalability and convergence of VRRP, when running over AE and IRB interfaces
MS-MPC & MS-MIC support on MX-VC
The infrastructure for this feature provides support for all hardware based ejunos services
NAT with Port bucket allocation (PBA)
Reduce the number of logs created while using CGNAT and deliver a cost effective solution
Key IP/MPLS features in 14.2
MPLS On-demand Loss & Delay measurement
Introduces LSP SLA measurement as define in RFC 6374 for the following KPIs
Loss Measurement (packet and octet)
Throughput Measurement (packet and octet)
Two-way channel delay (CD)
Round-trip delay (RTT)
Inter-Packet Delay Variation (IPDV)
MVPN MIB
Provides the following read-only capability into MVPN state. Aids in troubleshooting
Multicast VRF
Tunnel information
State information
Key IP/MPLS features in 14.2
Link state distribution via BGP
Uses BGP as the distribution mechanism for traffic engineering data between routers in different IGP areas and/or Autonomous Systems
The mechanism can also be used to exchange topology and TE data between the network and external network-aware applications
Dynamic ingress LSP splitting
Elastic sizing of LSPs and creation/removal of LSPs based on actual traffic patterns
Overcome current limitations of Auto-Bandwidth
Solve bin packing without the need for additional provisioning efforts
Remote LFA in IS-IS
Enable next-next hop neighbors a.k.a PQ node to the destination as a valid conduit to route MPLS traffic from primary to secondary in case of a link or node failure condition
Key MANAGEABILITY Features in 14.2
IPv6: RFC3162 Radius over IPv6 for system AAA
With this feature, JUNOS users should be able to login to the router authenticated through RADIUS over an IPv6 network
UI: Locks for Protected Data
This feature implements "apply-lock" statement that controls who can "unprotect“ protected configuration data.
UI: Commit time Improvement: Export functionality optimization and Persist groups optimization
The commit time is improved by adding a new daemon to handle export functionality
The second feature is to optimize the Persist groups feature to make it proportional to size of change to help improve overall commit time.
Junos Modernization
BSD 10 Upgrade
Junos Kernel modernization
• New development tools
• Faster BSD security updates
• Clean separation of Junos and Free BSD
SMP Infrastructure
• New RPD modularity
• New SMP capabilities
• S&P increase foundation
Modular Control Plane
Data Plane
Phased Delivery
• MX introduction 1H2015
• EX, QFX, PTX, introduction 2H2015
• TBD for high end SRX
Customer Experience
• Smarter platform packaging
• Improved modularity
• Boot resiliency media usage change
• Faster future Free BSD Upgrades
Junos Kernel Modernization
• Performance improvement
– Boot time/Commit time improvement
– Control Plane performance improvement
• Remove “Giant lock” - Path to user space multithreading support (Run any Junos daemon with multi
core/multi thread)
• Increased BSD Reliability
– BSD community is active on 10.x
– Numerous security updates
• FIPS crypto compliance (FIPS and Common Criteria certification at FRS)
– File system improvements for stability
• Improved supportability/stability
– Resilient Boot
– File system/driver improvements, supportability enhancement, etc
– Faster snapshot capability / Multiple system snapshots
SMP BenefitsPreliminary results*
• ~2x faster in subscriber scaling
• ~2x faster in 128K IFL creation time using multi-core
• ~2x increase in BGP Receive path performance with logical
router configurations
• ~80% increase in the rate of creating 256K IFLs
• ~30% increase in the rate of installing 400K BGP routes in
the FIB
– * Note: Final characterization on production releases/configs
coming soon
Routing Engine Processor Memory Connection to PFEs Disk Media
First Junos OS
Support
RE-S-1300-2048 1.3-GHz Pentium 2048 MB Gigabit Ethernet 40 GB Hard disk 1 GB CompactFlash
card
8.2
RE-S-2000-4096 2.0-GHz Pentium 4096 MB Gigabit Ethernet 40 GB Hard disk 1 GB CompactFlash
card
8.2
RE-S-1800x2 1800-MHz 8 GB or 16 GB Gigabit Ethernet 32 GB SSD 4 GB CompactFlash
card
10.4
RE-S-1800x4 1800-MHz 8GB or 16 GB Gigabit Ethernet 32 GB SSD 4 GB CompactFlash
card
10.4
RE-MX2000-1800x4 1800-GHz 16 GB Gigabit Ethernet – 4 GB Fixed Internal
CompactFlash card
12.3R2
MX High End Platform Migration Plan at 15.1• 15.1 Supports MX240, MX480, MX960, MX2010/2020 with following REs
All MX SCBs will be supported. No PFE changesLinecards and MICs remains unaffected.
SMP capable RE
Junos 2015 Release Model
Junos release model evolution
Focus on turning
around quality
Support the growth of the business
Required Maturity / Quality / Efficiency- More products- More complexity- More engineers- Higher Customer Expectations- More SW focus in Networks- More responsive to Customer needs
2010 2012 2015
InnovationRelease
Major Release
Junos 2015 Model (Starting with 15.1)
DESIGNREQUIREMENT
ANALYSISCODE REVIEWCODING & TESTING
Feature Development
Top Of Tree (TOT)
Single Integration Branch
Scale + Performance + Multi Dimensional + Sanity
PDT + User Case + Regression
Regression
IB FRS
MR+SR Testing
Feature Automation + Static Analysis + Code Coverage
R1 R2 R3
F1 F2
2015 New Release Model
• Two Major releases a year
– Focused on Quality and Schedule
– Regular cadence of maintenance and service releases
– 3 Years of Engineering Support + 6 months of Service Support
• Four Innovation Releases a Year:
– Added new release vehicle for faster Innovation and agility
– Innovation Releases four times a year; two Innovation Releases
between each Major release with on demand service releases for
critical fixes
– 6 months of Engineering Support + 6 months of Service Support
New Release Model: Customer View
CUSTOMER BENEFITS: CURRENT RELEASE
MODELNEW RELEASE MODEL
Major Releases 3 times/year 2 times/year
Number of EEOL
Major Release1 2
Minor / Innovation
ReleasesNone 4 times/year
Maintenance
Releases
Bug fixes
& New featuresBug fixes only
Engineering
Support
Two releases
24 months;
One release
36 months
Major (EEOL)
36 months;
Minor (Innovation)
6 months
• Choice: Conservative Major Release or Aggressive Innovation Release
• Faster time to mature for Major Releases
• Rapid and agile time to market for new features in Innovation Releases
• 2 EEOL releases per year, total of 6 formally supported releases per year
Junos Programmability
Definition
• Automation
– “Automatically controlled operation of an apparatus,
process, or system by mechanical or electronic devices
that take the place of human labor” http://www.merriam-webster.com/dictionary/automation
• Programmability:
– “Having the ability to accept a sequence of coded
instruction in order to achieve a specific result”
Frameworks
• Puppet*
– EX, MX and QFX standalone
– Phys Int, L2 ports, VLANs, LAG
– ERB templates on Roadmap
• Chef*
– EX and QFX standalone
– Phys Int, L2 ports, VLANs, LAG
– ERB templates on Roadmap
*Requires agent on device
• Ansible
– Uses PyEZ modules (Python and YAML based)
– Greenfield and Bench Testing
– RPCs on roadmap
Building Blocks
• SLAX
– On and Off Box automation scripting
– Syntax overlay for XSLT
• PyEZ
– Python framework for any device 11.4
and later
– Device mgmt. and “fact gathering”
– Op and config data
– Utils for software upgrade, file-system
and SCP
• Python on-box
- Enabling Python on the box
- “Everything” that is possible with SLAX can be
done with Python
- API is Python/PyEZ
- Part of core Junos image
- Will be supported on major platforms supporting
Junos release 15.2 or later
DIY NETCONF LIBRARIES*
Language of API Mode of Distribution
Maturity Support URL Additional Notes
Ruby Open Source Most popular. 3200+ downloads.
Open Source Click Wins big on ease of installation, features, limited dependencies and active support.
Java via Juniper website. Will be shortly available on github.
Already being used by enterprise customers.
JTAC Click Very simple to get started. Easy on installation. Single .jar file to use/zero dependencies.
Python Open Source Based on an already popular open source client.
Open Source. Click Favorite language of scripters.
Perl via Juniper website. Most ancient of all API’s. Needs work to ease installation
JTAC Click Installation of the API is not entirely smooth and needs further work to simplify the process.
PHP Open Source Not in a ready to use state yet.
Open Source Click Still in development stage.
Thank you!