This Chapter Discusses:
• The Junos operating system and its basic design architecture;
• Traffic processing for transit and exception traffic; and
• Junos devices
Robust, Modular, and Scalable
Junos OS functionality is compartmentalized into
multiple software processes. Each process handles a portion of the device’s
functionality. Each process runs in its own protected memory space, ensuring
that one process cannot directly interfere with another. When a single process
fails, the entire system does not necessarily fail. This modularity also
ensures that new features can be added with less likelihood of breaking current
functionality.
The Junos OS is the trusted, secure network operating system powering the high-performance network infrastructure offered by Juniper Networks. The Junos kernel is based on the FreeBSD UNIX operating system, which is an open-source software system.
Single Source Code Base
All platforms running the Junos
OS use the same software source code base within their platform specific
images. This design ensures that core features work in a consistent manner
across all platforms running the Junos OS. Because many features and services
are configured and managed the same way, the setup tasks and ongoing
maintenance and operation within your network are simplified.
Separate Control and Forwarding Planes
Another aspect of Junos modularity is the separation of the control plane and the forwarding or data plane. The processes that control routing and switching protocols are cleanly separated from the processes that forward frames, packets, or both through the device running the Junos OS. This design allows you to tune each process for maximum performance and reliability. The separation of the control and forwarding planes is one of the key reasons why the Junos OS can support many different platforms from a common code base.
The graphic illustrates a basic view of the Junos architecture and
highlights the control and forwarding planes. The control plane, shown above
the dashed line on the graphic, runs on the Routing Engine (RE). The RE is the
brain of the platform; it is responsible for performing protocol updates and
system management. The RE runs various protocol and management software processes
that reside inside a protected memory environment. The RE is based on an X86 or
PowerPC architecture, depending on the specific platform running the Junos OS.
The RE maintains the routing tables, bridging table, and primary forwarding
table and connects to the Packet Forwarding Engine (PFE) through an internal
link. Although all Junos devices share this common design goal, the actual
components that make up the control and forwarding planes vary between the
different Junos devices.
For additional details about a specific Junos device, see the
technical publications at http://www.juniper.net/techpubs
The PFE, shown below the dashed line on the graphic, usually runs on
separate hardware and is responsible for forwarding transit traffic through the
device. In many platforms running the Junos OS, the PFE uses
application-specific integrated circuits
(ASICs) for increased performance. Because this architecture separates
control operations—such as protocol updates and system management—from
forwarding operations, platforms running the Junos OS can deliver superior
performance and highly reliable deterministic operation.
The PFE receives the forwarding table (FT) from the RE by means of an
internal link. FT updates are a high priority for the Junos OS kernel and are
performed incrementally.
Because the RE provides the
intelligence side of the equation, the PFE can simply perform as it is instructed—that
is, it forwards frames, packets, or both with a high degree of stability and
deterministic performance. This architectural design also makes possible the
incorporation of high availability features like graceful Routing Engine
switchover (GRES), nonstop active routing (NSR), and unified in-service
software upgrades (ISSUs)
Maintains Routing Engine Intelligence
The RE handles all protocol
processes in addition to other software processes that control the device’s
interfaces, the chassis components, system management, and user access to the
device. These software processes run on top of the Junos kernel, which
interacts with the PFE. The software directs all protocol traffic from the
network to the RE for the required processing.
Controls and
Monitors Chassis
The RE
provides the CLI in addition to the J-Web GUI. These user interfaces run on top
of the Junos kernel and provide user access and control of the device. We
discuss user interfaces in a subsequent chapter in this course.
Manages
Packet Forwarding Engine
The RE
controls the PFE by providing accurate, up-to-date Layer 2 and Layer 3
forwarding tables and by downloading microcode and managing software processes
that reside in the PFE’s microcode. The RE receives hardware and environmental
status messages from the PFE and acts upon them as appropriate.
Forwards Traffic
The PFE is the central processing component of the
forwarding plane. The PFE systematically forwards traffic based on its local copy
of the forwarding table. The PFE’s forwarding table is a synchronized copy of
the information created on and provided by the RE. Storing and using a local
copy of the forwarding table allows the PFE to forward traffic more efficiently
and eliminates the need to consult the RE each time a packet needs to be
processed. Using this local copy of the forwarding table also allows platforms
running the Junos OS to continue forwarding traffic during control plane
instabilities.
Implements Services
In addition to forwarding traffic, the PFE also implements a
number of advanced services. Some examples of advanced services implemented
through the PFE include policers that provide rate limiting, stateless firewall
filters, and class of service (CoS).
Other services are available through special interface cards
that you can add to the PFE complex. We cover interfaces in a subsequent
chapter.
Transit Traffic
Transit traffic consists of all traffic that enters an
ingress network port, is compared against the forwarding table entries, and is finally
forwarded out an egress network port toward its destination.
A forwarding table entry for a destination must exist for a
device running the Junos OS to successfully forward transit traffic to that
destination. Transit traffic passes through the forwarding plane only and is
never sent to or processed by the control plane.
By processing transit traffic through the forwarding plane
only, platforms running the Junos OS can achieve predictably high performance
rates.
Transit traffic can be both unicast and multicast traffic.
Unicast transit traffic enters one ingress port and is transmitted out exactly
one egress port toward its destination. Although multicast transit traffic also
enters the transit device through a single ingress port, it can be replicated
and sent out multiple egress ports depending on the number of multicast
receivers and the network environment.
Exception Traffic: Part 1
Unlike transit traffic, exception traffic does not pass
through the local device but rather requires some form of special handling.
Examples of exception traffic include the following:
• Packets addressed to the chassis, such as routing protocol
updates, Telnet sessions, pings, traceroutes, and replies to traffic sourced
from the RE;
• IP packets with the IP options field (options in the
packet’s IP header are rarely seen, but the PFE was purposely designed not to
handle IP options; packets with IP options must be sent to the RE for
processing); and
• Traffic that requires the generation of Internet Control
Message Protocol (ICMP) messages.
ICMP messages are sent to the packet’s source to report
various error conditions and to respond to ping requests. Examples of
ICMP errors include destination unreachable messages, which
are sent when no entry is present in the forwarding table for the packet’s
destination address, and time-to-live (TTL) expired messages, which are sent
when a packet’s TTL is decremented to zero. In most cases, the PFE process
handles the generation of ICMP messages.
Exception Traffic: Part 2
The Junos OS sends all exception traffic destined for the RE
over the internal link that connects the control and forwarding planes. The
Junos OS rate limits exception traffic traversing the internal link to protect
the RE from denial-of-service (DoS) attacks. During times of congestion, the
Junos OS gives preference to the local and control traffic destined for the RE.
The built-in rate limiter is not configurable.
Platforms running the Junos OS come in many shapes and sizes
and are targeted for a number of deployment scenarios. The platforms running
the Junos OS span switching, routing, and security and are well suited for a
variety of network environments.
Junos Routing Devices
The following are some of the routing devices that run the
Junos OS:
- The ACX Series products deliver simplified end-to-end provisioning and support Layer 2 and Layer 3 functionality with IP/MPLS traffic engineering. The fixed 1 U ACX Series models are environmentally hardened and support passive cooling (fan-less design) for outdoor deployments. For additional, in-depth details on the ACX Series, go to http://www.juniper.net/us/en/products-services/routing/acx-series
- The LN Series provides high-performance network routing, firewall, and intrusion detection service (IDS) for harsh environments, including terrestrial, air, and sea vehicles and remote data aggregation points. For additional, in-depth details on the LN Series, go to http://www.juniper.net/us/en/products-services/routing/ln-series
- The M Series multiservice routers provide up to 320 Gbps of aggregate half-duplex throughput. The M Series family can be deployed in both high-end enterprise and service-provider environments. Large enterprises deploy M Series routers in a number of different roles, including Internet gateway router, WAN connectivity router, campus core router, and regional backbone and data center routers. In service-provider environments, the M Series router operates predominantly as a multiservice edge router, but you can also deploy it in small and medium cores, and in peering, route reflector, multicast, mobile, and data-center applications. For additional, in-depth details on the M Series, go to http://www.juniper.net/us/en/products-services/routing/m-series .
- The MX Series Ethernet services routers provide up to 960 Gbps of aggregate half-duplex throughput. The MX Series family is targeted for dense dedicated access aggregation and provider edge services in medium and large point of presence (POPs). Large enterprise environments and service providers can leverage MX Series Ethernet services routers for a variety of network functions including Ethernet transport and aggregation, and can use them to offer new Ethernet-based services. For additional, in-depth details on the MX Series Ethernet, go to http://www.juniper.net/us/en/products-services/routing/mx-series
- The PTX Series packet transport switches provide up to 16 Tbps of throughput in a single chassis. The PTX Series family is ideal for the service provider supercore and can readily adapt to today’s rapidly changing traffic patterns for video, mobility and cloud-based services. For additional, in-depth details on the PTX Series, go to http://www.juniper.net/us/en/products-services/packet-transport/ptx-series .
- The T Series core routers provide up to 25.6 Tbps of throughput. The T Series family is ideal for service provider environments and is deployed within the core of those networks. For additional, in-depth details on the T Series, go to http://www.juniper.net/us/en/products-services/routing/t-tx-series
Junos Switching Devices
The following are some of the switching devices that run the
Junos OS:
- The EX Series Ethernet switches provide up to 6.2 Tbps of full duplex throughput. The EX Series switches are designed for access, aggregation, and core deployments and are well suited for low-density to high-density enterprise and data center environments. For additional, in-depth details on the EX Series Ethernet switches, go to
- The QFX Series switches provide a high-performance, ultra-low latency, feature-rich L2/L3 device with a wire-speed 10 GbE throughput and standards-based Fibre Channel I/O convergence. For use in data center environments, it provides a ready solution for Juniper's QFabric system. For additional, in-depth details on the EX Series Ethernet switches, go to http://www.juniper.net/us/en/products-services/switching/qfx-series
For more
information on all of Juniper’s switching devices, go to http://www.juniper.net/us/en/products-services/switching
Junos Security Devices
The
following is one of the security devices that run the Junos OS:
- • The J Series services routers provide up to 2 Gbps of throughput. The J Series services routers are deployed at branch and remote locations in the network to provide all-in-one secure WAN connectivity, IP telephony, and connection to local PCs and servers through integrated Ethernet switching. For additional, in-depth details on the J Series, go to http://www.juniper.net/us/en/products-services/routing/j-series
- • The SRX Series services gateways provide up to 120 Gbps of full duplex throughput. The SRX Series family is designed to meet the network and security requirements for consolidated data centers, managed services deployments, and aggregation of security services in both enterprise and service provider environments. For additional, in-depth details on the SRX Series, go to http://www.juniper.net/us/en/products-services/security/srx-series/.
For more information on all of Juniper’s
security devices, go to
http://www.juniper.net/us/e/products services/security/.
Review Questions
Answers
1. The Junos OS is compartmentalized into multiple software processes. Each process runs in its own protected memory space, ensuring that one process cannot directly interfere with another. This modularity also ensures that new features can be added with less likelihood of breaking current functionality.
2. The primary functions of the control plane are to maintain routing intelligence, control and monitor the chassis, and manage the PFE. The
primary functions of the forwarding plane are to forward packets and to implement advanced services.
3. Transit traffic is forwarded through the PFE on platforms running the Junos OS, based on the forwarding table installed on the PFE. Exception traffic is processed locally by the platform running the Junos OS by either the PFE or the RE depending on the type of traffic. Host-bound packets, such as protocol and management traffic, are passed directly to the RE for processing, while traffic requiring ICMP error message responses is typically handled by the PFE.
4. Platform families that run the Junos OS include ACX Series, LN Series, J Series, M Series, MX Series, PTX Series, T Series, EX Series,
QFX Series, and SRX Series.
