Tag Archives: Juniper

Juniper-Ericsson partnership aimed at 5G market

Juniper Networks has partnered with Ericsson to offer carriers a collection of products for moving 4G and 5G traffic from a cell site to the network core. The deal marks an important win for Juniper, which is filling the void left by the nearly dead partnership between rival Cisco and Ericsson.

The Juniper-Ericsson alliance combines routers and software from both companies to build an optical transport for a mobile network that carriers can manage through a single software console, according to the vendors. The partners’ combined routers include Juniper’s MX and PTX series and Ericsson’s 6000 hardware.

Juniper and Ericsson have partnered on technology for almost 20 years. But the latest deal is a “significant win” for Juniper, because it improves the company’s chances of winning deals, as service providers build out their network infrastructure to deliver 5G wireless services to consumers and businesses, said Rajesh Ghai, an analyst at IDC.

For example, the partnership could provide Juniper with access to the many service providers that use Ericsson’s radio access technology to connect customers’ mobile devices to the carriers’ core networks, Ghai said. Ericsson has a 40% share of the radio access market.

Also, of the three top carrier suppliers, Ericsson is the only one without an extensive routing portfolio — a void Juniper can fill. The other two suppliers are Nokia and Huawei.

“It was critical that Juniper get aligned with Ericsson,” Ghai said. “It remains to be seen how exclusive Ericsson can keep the relationship.”

Meanwhile, Juniper’s biggest rival, Cisco, is more focused on selling its routers directly to service providers, rather than through Ericsson, Ghai said. Also, Cisco and Ericsson compete with products for the packet core, which has created “suspicion between the two partners.”

Cisco and Ericsson announced a wide-ranging partnership in 2015, but financial troubles pushed Ericsson into an extensive reorganization that prevented the company from following through on the deal. Nevertheless, Cisco has never declared the partnership dead, despite its failure to reach sales goals.

“Where we need to partner with Ericsson, we will continue to do that. And where we’re working directly with SPs [service providers], we’ll continue to do that,” said Sumeet Arora, general manager of service provider network systems at Cisco.

Juniper, Ericsson combined products for service providers

The Juniper-Ericsson partnership includes Juniper’s MX Series 5G Universal Routing Platform and its PTX Series Packet Transport Routers. The hardware supports mobile infrastructure for 10 Gb, 100 Gb and 400 Gb optical transport.

Juniper has aimed the MX at the service provider’s WAN edge, which could include routing traffic from a cell site onto the service provider’s core network. The PTX Series can handle traffic on the service provider’s backbone. Juniper has also designed the hardware to handle internet peering and data center interconnects.

Juniper’s MX and PTX routers are interoperable with Ericsson’s Router 6000 mobile backhaul and fronthaul portfolio. A wireless backhaul router connects mobile device traffic to a network node, such as the internet or a proprietary network. A fronthaul device sits at the access layer of the network and aggregates traffic from IoT devices.

Other hardware covered in the partnership includes Ericsson’s MINI-LINK microwave radio backhaul device. The partners are also offering software such as Juniper’s firewall, called the SRX Series Services Gateway, and Ericsson’s management and orchestration technology for controlling all the partners’ products.

In general, analysts do not expect service providers to take 5G infrastructure technology into production until next year, with businesses unlikely to buy 5G services until 2020 at the earliest. Industry observers expect IoT to be an initial driver of the 5G commercial market.

Juniper boosting performance of SRX5000 firewall for IoT, 5G

Juniper Networks has introduced a security acceleration card that boosts the performance of the company’s SRX5000 line of firewalls to future-proof the data centers of service providers, cloud providers and large enterprises.

Juniper designed the services processing card, SPC3, for organizations anticipating large data flows from upcoming multi-cloud, internet-of-things and 5G applications. Besides meeting future demand, the SPC3 can also accommodate current traffic increases due to video conferencing, media streaming and other data-intensive applications.

The SPC3 multiplies performance up to a factor of 11 across key metrics for the SRX5000 line, Juniper said. Organizations using the Juniper SPC2 can upgrade to the SPC3 without service interruptions.

What’s in the SRX5000 line?

The SRX5000 line’s security services include a stateful firewall, an intrusion prevention system, unified threat management and a virtual private network. Network operators manage security policies for SRX5000 hardware through Juniper’s Junos Space Security Director.

With the addition of an SPC, the SRX5000 line can support up to 2 Tbps of firewall throughput. The line’s I/O cards offer a range of connectivity options, including 1 Gigabit Ethernet, 10 GbE, 40 GbE and 100 GbE interfaces.

Security is one area Juniper has reported quarterly revenue growth while overall sales have declined. For the quarter ended June 30, Juniper reported last month revenue from its security business increased to $79.5 million from $68.7 million a year ago.

However, overall revenue fell 8% to $1.2 billion, and the company said sales in the current quarter would also be down. Nevertheless, the company expects to return to quarterly revenue growth in the fourth quarter.

Juniper preps 400 GbE across PTX, MX and QFX hardware

Juniper plans to add 400 Gigabit Ethernet across its PTX and MX routers and QFX switches as internet companies and cloud providers gear up for the higher throughput needed to meet global demand from subscribers.

Juniper said this week it would roll out higher speed ports in the three product series over the next 12 months. The schedule is in line with analysts predictions that vendors would start shipping 400 GbE devices this year.

Juniper will market the devices for several uses, including a data center backbone, internet peering, data center interconnect, a metro core, telecommunication services and a hyperscale data center IP fabric.

The announcement follows by a month Juniper’s release of the 400 GbE-capable Penta, a 16 nanometer (nm) packet-forwarding chipset that consumes considerably less energy than Juniper’s other silicon. Juniper designed the Penta for carriers rearchitecting their data centers to deliver 5G services.

Penta is destined for some of the new hardware, which will help Juniper meet carrier demand for more speed, said Eric Hanselman, an analyst at New York-based 451 Research.

“Juniper has such a strong base with service providers and network operators and they’re already seeing strong pressure for higher capacity,” Hanselman said. “Getting the Penta silicon out into the field on new platforms could help to move Juniper forward [in the market].”

The upcoming hardware will also use a next-generation ExpressPlus chipset and Q5 application-specific integrated circuit. The Juniper silicon will provide better telemetry and support for VXLAN and EVPN, the company said.

Cloud developers use EVPN, VXLAN and the Border Gateway Protocol to set up a multi-tenancy network architecture that supports multiple customers. The design isolates customers so data and malware can’t travel between them.

For the IP transport layer, Juniper plans to introduce in the second half of the year the 3-RU PTX10003 Packet Transport Router for the backbone, internet peering and data center interconnect applications. The hardware supports 100 and 400 GbE and plugs into an existing multirate QSFP-DD fiber connector system for a more straightforward speed upgrade. The Juniper system provides MACSec support for 160 100 GbE interfaces and FlexE support for 32 400 GbE interfaces. The upcoming ExpressPlus silicon powers the device.

Also, in the second half of the year, Juniper plans to release for the data center the QFX10003 switch. The system packs 32 400 GbE interfaces in 3-RU hardware that can scale up to 160 100 GbE. The next-generation Q5 chip will power the system.

In the first half of next year, Juniper expects to release the QFX5220 switch, which will offer up to 32 400 GbE interfaces in a 1-RU system. The Q5-powered hardware also supports a mix of 50, 100 and 400 GbE for server and inter-fabric connectivity.

Finally, for wide-area network services, Juniper plans to release Penta-powered 400 GbE MPC10E line cards for the MX960, MX480 and MX240. The vendor plans to release the products on the first of next year.

Juniper is likely to face stiff competition in the 400 GbE market from Cisco and Arista. Initially, prices for the high-speed interfaces will be too high for many companies. However, Hanselman expects that to change over time.

“The biggest challenge with 400 GbE is getting interface prices to a point where they can open up new possibilities,” he said. “[But] healthy competition is bound to make this happen.”

Indeed, in 2017, competition for current hardware drove Ethernet bandwidth costs down to a six-year low, according to analyst firm Crehan Research Inc., based in San Francisco. By 2022, 400 GbE will account for the majority of Ethernet bandwidth from switches, Crehan predicts.

Juniper adds core campus switch to EX series

Juniper Networks has added to its EX series a core aggregation switch aimed at enterprises with campus networks that are too small for the company’s EX9000 line.

Like the EX9000 series, the EX4650 — a compact 25/100 GbE switch — uses network protocols typically found in the data center. As a result, the same engineering team can manage the data center and the campus.

“If an enterprise has a consistent architecture and common protocols across networks, it should be well-placed to achieve operational efficiencies across the board,” said Brad Casemore, an analyst at IDC.

The network protocols used in the EX4650 and EX9000 are the Ethernet VPN (EVPN) and the Virtual Extensible LAN (VXLAN). EVPN secures multi-tenancy environments in a data center. Engineers typically use it with the Border Gateway Protocol and the VXLAN encapsulation protocol. The latter creates an overlay network on an existing Layer 3 infrastructure.

Offering a common set of protocols lets Juniper target its campus switches at data center customers, Casemore said. “That’s a less resistant path than trying to displace other vendors in both the data center and the campus.”

Juniper released the EX4650 four months after releasing two multigigabit campus switches, the EX2300 and EX4300. Juniper also released in February a cloud-based dashboard, called Sky Enterprise, for provisioning and configuring Juniper’s campus switches and firewalls.

Juniper rivals Arista and Cisco are also focused on the campus market. In May, Arista extended its data center switching portfolio to the campus LAN with the introduction of the 7300X3 and 7050X3 spline switches. Cisco, on the other hand, has been building out a software-controlled infrastructure for the campus network, centered around a management console called the Digital Network Architecture (DNA) Center.

EX4650 switch
Juniper Networks’ EX4650 core aggregation switch for the campus

SD-WAN upgrade

Along with introducing the EX4650, Juniper unveiled this week improvements within its software-defined WAN for the campus. Companies can use Juniper’s Contrail Service Orchestration technology to prioritize specific application traffic traveling through the SD-WAN. The capability supports more than 3,700 applications, including Microsoft’s Outlook, SharePoint and Skype for Business, Juniper said.

Juniper runs its SD-WAN as a feature within the company’s NFX Network Services Platform, which also includes the Contrail orchestration software and Juniper’s SRX Series Services Gateways. The latter contains the vSRX virtual firewall, IP VPN, content filtering and threat management.

Juniper has added to the NFX platform support for active-active clustering, which is the ability to spread a workload across NFX hardware. NFX runs its software on a Linux server.

The clustering feature will improve the reliability of the LTE, broadband and MPLS connections typically attached to an SD-WAN, Juniper said.

Juniper Contrail battles Cisco ACI, VMware NSX in the cloud

SAN FRANCISCO — Juniper Networks has extended its Contrail network virtualization platform to multicloud environments, competing with Cisco and VMware for the growing number of enterprises running applications across public and private clouds.

The Juniper Contrail Enterprise Multicloud, introduced this week at the company’s NXTWORK conference, is a single software console for orchestrating, managing and monitoring network services across applications running on cloud-computing environments. The new product, which won’t be available until early next year, would compete with the cloud versions of Cisco’s ACI and VMware’s NSX.

Also at the show, Juniper announced that it would contribute the codebase for OpenContrail, the open source version of the software-defined networking (SDN) overlay, to The Linux Foundation. The company said the foundation’s networking projects would help drive OpenContrail deeper into cloud ecosystems.

Contrail Enterprise Multicloud stems, in part, from the work Juniper has done over several years with telcos building private clouds, Juniper CEO Rami Rahim told analysts and reporters at the conference.

“It’s almost like a bad secret — how embedded we have been now with practically all — many — telcos around the world in helping them develop the telco cloud,” Rahim said. “We’ve learnt the hard way in some cases how this [cloud networking] needs to be done.”

Is Juniper’s technology enough to win?

Technologically, Juniper Contrail can compete with ACI and NSX, IDC analyst Brad Casemore said. “Juniper clearly has put considerable thought into the multicloud capabilities that Contrail needs to support, and, as you’d expect from Juniper, the features and functionality are strong.”

Cisco and VMware have marketed their multicloud offerings aggressively. As such, Juniper will have to raise and sustain the marketing profile of Contrail Enterprise Multicloud.
Brad Casemoreanalyst, IDC

However, Juniper will need more than good technology when competing for customers. A lot more enterprises use Cisco and VMware products in data centers than Juniper gear. Also, Cisco has partnered with Google to build strong technological ties with the Google Cloud Platform, and VMware has a similar deal with Amazon.

“Cisco and VMware have marketed their multicloud offerings aggressively,” Casemore said. “As such, Juniper will have to raise and sustain the marketing profile of Contrail Enterprise Multicloud.”

Networking with Juniper Contrail Enterprise Multicloud

Contrail Enterprise Multicloud comprises networking, security and network management. Companies can buy the three pieces separately, but the new product lets engineers manage the trio through the software console that sits on top of the centralized Contrail controller.

For networking in a private cloud, the console relies on a virtual network overlay built on top of abstracted hardware switches, which can be from Juniper or a third party. The system also includes a virtual router that provides links to the physical underlay and Layer 4-7 network services, such as load balancers and firewalls. Through the console, engineers can create and distribute policies that tailor the network services and underlying switches to the needs of applications.

Contrail Enterprise Multicloud capabilities within public clouds, including Amazon Web Services, Google Cloud Platform and Microsoft Azure, are different because the provider controls the infrastructure. Network operators use the console to program and control overlay services for workloads through the APIs made available by cloud providers. The Juniper software also uses native cloud APIs to collect analytics information. 

Other Juniper Contrail Enterprise Multicloud capabilities

Network managers can use the console to configure and control the gateway leading to the public cloud and to define and distribute policies for cloud-based virtual firewalls.

Also accessible through the console is Juniper’s AppFormix management software for cloud environments. AppFormix provides policy monitoring and application and software-based infrastructure analytics. Engineers can configure the product to handle routine networking tasks.

The cloud-related work of Juniper, Cisco and VMware is a recognition that the boundaries of the enterprise data center are being redrawn. “Data center networking vendors are having to redefine their value propositions in a multicloud world,” Casemore said.

Indeed, an increasing number of companies are reducing the amount of hardware and software running in private data centers by moving workloads to public clouds. Revenue from cloud services rose almost 29% year over year in the first half of 2017 to more than $63 billion, according to IDC.

Juniper Junos Space Security Director gets automation boost

SAN FRANCISCO — Juniper Networks has made its security products more responsive to threats, thereby reducing the amount of manual labor required to fend off attacks.

On Tuesday at the Juniper NXTWORK conference, the company introduced “dynamic policy management” in the Junos Space Security Director. The central software console for Juniper network security manages the vendor’s firewalls and enforces security policies on Juniper’s EX and QFX switches.

The latest improvement to Junos Space Security Director lets security pros define variables that will trigger specific rules in Juniper SRX Series next-generation firewalls. For example, if a company is under a ransomware attack that has planted malware in employees’ PCs, then Director could activate rules restricting access to critical applications that handle sensitive data. The rules could also tell firewalls to cut off internet access for those applications.

The new Junos Space Security Director features can lower the response time to security threats from hours to minutes, said Mihir Maniar, vice president of security product management at Juniper, based in Sunnyvale, Calif. “It’s completely dynamic, completely user-intent-driven.”

Vendors trending toward automated security threat response

Automating the response to security threats is a trend among vendors, including Juniper rival Cisco. Companies can configure products to take specific actions against threats, which removes the time security pros would have to spend deploying new firewall rules manually.

Automation means 10 different things to 10 different people.
Dan Condeanalyst at Enterprise Strategy Group

“You have to mitigate very quickly and not just inform somebody and hope for the best,” said Dan Conde, an analyst at Enterprise Strategy Group, based in Milford, Mass. “Manual procedures do not work very quickly.”

But the ultimate goal, which eludes vendors today, is to have products that detect and mitigate threats on their own and then continue to monitor the network to ensure the steps taken were successful.

Vendor marketing tends to play down the fact that the level of automation is rudimentary, which has led to confusion over the definition of automation across different products. “Automation means 10 different things to 10 different people,” Conde said.

Juniper network security stronger with new SRX4600 firewall

Juniper has integrated a new firewall with the latest iteration of Junos Space Security Director. The SRX4600 is designed to protect data flowing in multi-cloud environments found in an increasing number of companies. The SRX4600 is a 1RU appliance with a throughput of 80 Gbps.

Juniper also unveiled at NXTWORK an on-premises malware detection appliance that uses analytics and remediation technology built by Cyphort, which Juniper acquired this year. Cyphort has developed security analytics that spots malware based on its abnormal activity in the network.

The new Advanced Threat Prevention Appliance in Juniper’s network security portfolio is designed for companies with “strict data sovereignty requirements,” the company said. The on-premises hardware has been certified by ISCA Labs, which is an independent division of Verizon that conducts testing and certification of security and health IT products.

Juniper adding microsegmentation to Contrail cloud

Juniper Networks Inc. has added tools for network microsegmentation in Contrail — an important feature for users of the software-defined networking controller, but a capability that’s unlikely to reverse Juniper’s decline in security revenues.

Juniper introduced the capability this week, along with other security features the company labeled as Juniper Contrail Security. In general, Juniper is focusing its latest stab at strengthening its security portfolio on companies with multiple data center environments in a Contrail cloud.

Microsegmentation tools, which have become a popular way to contain malware in the data center, allow corporate IT staff to build a zero-trust security zone around a set of resources, such as network segments and workloads. In network virtualization within SDN, microsegmentation adds firewall capabilities to east-west traffic.

VMware and Cisco have had microsegmentation capabilities in their SDN products, NSX and Application Centric Infrastructure (ACI), respectively, for several years. NSX has outpaced ACI deployments in the data center, primarily because microsegmentation has become its leading use case for protecting applications that run on top of VMware’s ubiquitous server virtualization products.

Contrail cloud use case

Companies use Juniper Contrail and vRouter — the vendor’s virtualized router software — to create a network overlay that extends across cloud-based environments in multiple data centers. The core users of Contrail and Juniper switches include cloud companies that provide infrastructure, platform or software as a service. Others include large financial institutions.

With the latest release, companies can use the Contrail cloud console to carve up their data center LAN and intradata-center WAN, and then create and distribute policies that establish restrictions on communications between network microsegments. Also, Juniper is providing tools that give companies the option of using third-party firewalls for policy enforcement.

The capability is available for cloud environments using bare-metal servers, Linux containers built and managed through the Kubernetes system, and OpenStack — the modular architecture for creating and managing large groups of virtual private servers. Kubernetes and OpenStack are open source technologies.

 Juniper has contributed Contrail’s source code to the open source community through an initiative called OpenContrail. Contrail is a Juniper-supported binary version of OpenContrail, which is available under the Apache 2.0 license.

Juniper has contributed the source code of its latest security features to the OpenContrail community, said Pratik Roychowdhury, the product manager for Contrail. The site GitHub is the online repository for OpenContrail.

“Everything that I’m talking about in Contrail Security is out there [on GitHub],” Roychowdhury said. “Anyone can essentially go and take a look at the source code.”

Other Contrail cloud security features

Besides microsegmentation, Juniper has added other features to the Contrail console. They include a visual depiction of interactions between applications in hybrid cloud environments and analytics that detect anomalies and suggest corrective actions.

The latest features are useful to companies using Juniper switches or its SRX firewalls running alongside other vendors’ switches, said Lee Doyle, an analyst at Doyle Research and a TechTarget contributor. Either scenario would be helpful to Contrail adoption.

“Contrail is one of many SDN controllers that has struggled to break through [a competitive market],” Doyle said. “It’s not contributing a huge amount of revenue.”

What is contributing a growing share of Juniper’s revenue is switching. In the quarter ended June 30, revenue grew nearly 32% year over year to $276 million. However, the company’s overall market share is small at 3.4%, according to stock research firm Trefis.

Security, on the other hand, remains a weak spot in Juniper’s portfolio. Revenue has fallen from $670 million in 2012 to $318 million last year, according to Trefis. In the June quarter, revenue fell 12% to $68.7 million.

“Quite frankly, the focus right now on security has been on achieving stability and returning to growth,” Juniper CEO Rami Rahim said in an online transcript of the July earnings call with financial analysts. The transcript is available on the financial site Seeking Alpha.