Juniper Networks J2320 Services Router

J2320 Overview:

The Juniper Networks J2320 is a modular router for enterprises running desktops, servers, VoIP, CRM/ERP/SCM applications. It offers three PIM slots for additional LAN/WAN connectivity, Avaya VoIP Gateway, and WAN acceleration.

Key Hardware Features:

• Support for T1, E1, Synchronous Serial, ISDN Basic Rate Interface, ADSL2/ADSL2+, G.SHDSL, and Gigabit Ethernet interfaces
• Support for integrated IP telephony using the Avaya IG550 Integrated Gateway
• Support for application acceleration using the Juniper Networks ISM200 Integrated Services Module
• 4 fixed Gigabit Ethernet LAN ports, and 3 PIM slots
• 512 MB DRAM default, expandable to 1 GB DRAM
• 512 MB compact flash default, upgradeable to 1 GB
• Hardware encryption acceleration (optional)
• Full UTM; antivirus, antispam, Web filtering, intrusion prevention system (with high memory version)
• Unified Access Control (UAC) and content filtering

Juniper Networks J Series Services Routers extend enterprise applications and deliver reliable connectivity to remote offices with a powerful blend of high-performance network protection and advanced services. J Series Services Routers leverage the modular JUNOS Software and Juniper’s rich product and partner portfolio to consolidate market leading security, application optimization, and voice capabilities onto a single, easy to manage platform. Our innovative security approach inseparably integrates routing and firewalls for exceptional performance. Available options, including integrated Juniper Networks WX application acceleration and integrated voice gateway technology from Avaya, make the J Series the ideal choice for closing the distance between central resources and remote locations.

Enterprises are faced with a number of challenges and opportunities by converging voice, video and data to one network. This consolidation of network elements reduces cost by easing deployment of SIP enabled VoIP, real-time high-definition Telepresence and standardizing on a consistent infrastructure network operating system like Juniper Networks® Junos® operating system. These new technologies improve; customer relations, interactions with suppliers, and employee productivity. This mission-critical multi-media network must be always on and always available. To accomplish this, fully integrated stateful security is a key requirement, not merely forwarding packets without regard to the intended application or individual user session. Junos OS provides the high-performance networking infrastructure that helps enterprises implement key initiatives that:

• Integrates routing, firewalling and VPN into one best in class secure router. By securing an enterprise’s mission critical information and protecting the network from vulnerabilities and attack, the Juniper Networks J Series Services Router offers a combination of features that increases productivity and reduces costs. With Junos OS release 9.6, the J Series enhances these features with Unified Threat Management, consisting of antivirus, antispam, Web filtering and intrusion prevention system. These advanced security features can eliminate a standalone appliance and be applied with a software key.
  
  
• Minimizes the cost of installing and operating a network by deploying J Series. With the modular, protected mode design of Junos OS and the rigorous Junos OS development and testing process, there are fewer system process failures. The single code source of Junos OS makes the qualification of new releases across the network much simpler. In addition, superior configuration management reduces human errors that could lead to network downtime.

Whether you have an enterprise network or a service provider looking for customer premise equipment for an MPLS or IP network, the J Series offers a mix of features that excel at both. By leveraging Junos OS, the J Series can be deployed at medium to large sites and the wide range of interfaces scales the bandwidth as necessary for today’s real time communications.

Features & Benefits:

Secure Routing

Should you use a router and a firewall to secure your network? By building the branch J Series Services Routers with best-in-class routing and firewall capabilities in one product, enterprises don’t have to make that choice. Why forward traffic if it’s not legitimate?

J Series for the branch checks the traffic to see if it is legitimate, and only forwards it on when it is. This reduces the load on the network, allocates bandwidth for all other mission-critical applications, and secures the network from hacking.

The main purpose of a secure router is to provide firewall protection and apply policies. The firewall (zone) functionality inspects traffic flows and state to ensure that originating and returning information in a session is expected and permitted for a particular zone. The security policy determines if the session can originate in one zone and traverse to another zone. This architectural choice receives packets from a wide variety of clients and servers and keeps track of every session, of every application, and of every user. It allows the enterprise to make sure that only legitimate traffic is on its network and that traffic is flowing in the expected direction.

To ease the configuration of a firewall, J Series for the branch uses two features—“zones” and “policies.” While these can be user defined, the default shipping configuration contains, at a minimum, a trust and an untrust zone. The trust zone is used for configuration and attaching the LAN to the branch J Series routers. The untrust zone is used for the WAN or Internet interface. To simplify installation and make configuration easier, a default policy is in place that allows traffic originating from the trust zone to flow to the untrust zone. This policy blocks all traffic originating from the untrust zone to the trust zone. A traditional router forwards all traffic without regard to a firewall (session awareness) or policy (origination and destination of a session).

By using the Web interface or CLI, enterprises can create a series of security policies that will control the traffic from within and in between zones by defining policies. At the broadest level, all types of traffic can be allowed from any source in security zones to any destination in all other zones without any scheduling restrictions. At the narrowest level, policies can be created that allow only one kind of traffic between a specified host in one zone and another specified host in another zone during a scheduled time period.

High Availability

System redundancy in an active-passive configuration maintains all session information on a standby J Series Services Router in the event of a box failure. Network capacity is always one half of the maximum.

System redundancy in an active-active configuration maintains all session information load balanced across two active J Series Services Routers. Since Network capacity is load balanced, using all availablt resources when active-active and half the capacity in the event of a failure.

High Availability

Junos OS Services Redundancy Protocol (JSRP) is a core feature of the J Series for the branch. JSRP enables a pair of security systems to be easily integrated into a high availability network architecture, with redundant physical connections between the systems and the adjacent network switches. With link redundancy, Juniper Networks can address many common causes of system failures, such as a physical port going bad or a cable getting disconnected, to ensure that a connection is available, without having to fail over the entire system. This is consistent with a typical active/standby nature of routing resiliency protocols.

When J Series routers for the branch are configured as an active/active pair, traffic and configuration will be mirrored automatically to provide active firewall and VPN session maintenance in case of a failure. The J Series will now synchronize both configuration and runtime information. As a result, during failover, synchronization of the following information is shared: connection/session state and flow information, IPsec security associations, Network Address Translation (NAT) traffic, address book information, configuration changes, and more. In contrast to the typical router active/standby resiliency protocols such as Virtual Router Redundancy Protocol (VRRP), all dynamic flow and session information is lost and must be reestablished in the event of a failover. Some or all applications sessions will have to restart depending on the convergence time of the links or nodes. By maintaining state, not only is the session preserved, but security is intact. In an unstable network, this active/active configuration also mitigates link flapping affecting session performance.

Session-Based Forwarding Without the Performance Hit

In order to optimize the throughput and latency of the combined router and firewall, Junos OS implements session-based forwarding, an innovation that combines the session state information of a traditional firewall and the next-hop forwarding of a classic router into a single operation. With Junos OS, a session that is permitted by the forwarding policy is added to the forwarding table along with a pointer to the next-hop route. Established sessions have a single table lookup to verify that the session has been permitted and to find the next hop. This efficient algorithm improves throughput and lowers latency for session traffic when compared with a classic router that performs multiple table lookups to verify session information and then to find a next-hop route.

Session-based forwarding algorithm shows the session-based forwarding algorithm. When a new session is established, the session-based architecture within Junos OS verifies that the session is allowed by the forwarding policies. If the session is allowed, Junos OS will look up the next-hop route in the routing table. It then inserts the session and the next-hop route into the session and forwarding table and forwards the packet. Subsequent packets for the established session require a single table lookup in the session and forwarding table, and are forwarded to the egress interface.

Session-based forwarding algorithm

Product Options:

Juniper Networks J2320, J2350, J4350, and J6350 Services Routers offer a number of options in terms of LAN and WAN ports, hardware encryption acceleration, power supplies, DRAM, compact flash, and feature licenses.

LAN Ports

All J2320, J2350, J4350, and J6350 Services Routers ship with four fixed 10/100/1000 Ethernet ports. You can add more modular LAN interfaces by ordering the appropriate PIMs, Enhanced PIMs (EPIMs), or Universal PIMs (UPIMs).

WAN Ports

All J2320, J2350, J4350, and J6350 Services Routers ship without fixed WAN ports. The customer can add modular WAN interfaces by ordering the appropriate PIMs.

Hardware Encryption Acceleration

The J2320, J2350, and J4350 are available with optional hardware encryption acceleration. All J6350 models include hardware encryption acceleration by default. If you purchase a J2320, J2350, or J4350 without hardware encryption, you can add it later by ordering the appropriate encryption card.

Power Supply

All J2350, J4350, and J6350 Services Routers ship with either a DC power supply or an AC power supply and include a region-specific power cord. (The J2320 is available with AC power only.) The J6350 supports a second redundant AC or DC power supply, which can be added by ordering SSG-PS-DC or SSG-PS-AC. The region-specific AC power cable for SSG-PS-AC must be ordered separately.

DRAM

The J2320 and J2350 are upgradeable to a maximum of 1 GB DRAM. The J2320 and J2350 models without hardware encryption acceleration (J2320-JB-SC and J2350-JB-SC) come with 512 MB DRAM. All other models come with 1 GB of DRAM.

All J4350 models are upgradeable to a maximum of 2 GB DRAM. The J4350 model that ships without hardware encryption acceleration (J-4350-JB-SC) ships with 512 MB of DRAM. All other J4350 models ship with 1 GB of DRAM.

All J6350 Services Routers ship with 1 GB of DRAM and are upgradeable to 2 GB of DRAM. Order and install two additional JXX50-MEM-512M-S DIMMs.

Note that when upgrading DRAM, DIMMs should always be installed in pairs; for example, to upgrade to 1 GB DRAM, order two JXX50-MEM-512M-S DIMMs. To upgrade to 2 GB DRAM, order four JXX50-MEM-512M-S DIMMs.

With JUNOS Release 9.1 and later, all J Series Services Routers (J2320, J2350, J4350, J6350) must run at least 512 MB of DRAM.

Compact Flash

All J2320, J2350, J4350, and J6350 Services Routers ship with 512 MB of primary compact flash. You can replace that with a larger compact flash by ordering one either JX-CF-512M-S (for 512 MB) or JX-CF-1G-S (for 1 GB).

Network Deployments:

The J Series Services Routers are deployed at branch and remote locations in the network to provide all-in-one secure WAN connectivity, IP telephony, and connection to local PCs and servers via integrated Ethernet switching.

A typical network scenario is depicted for a distributed or branch enterprise. By using IPsec VPNs over the Internet, remote sites, branch offices, small datacenters and the headquarters are all connected as if they were in the same location variety of WAN connections are depicted.

The Distributed Enterprise Deployment

Technical Specifications:

Front View

Rear View

Additional Specification Features:

Protocols IPv4, IPv6, ISO Connectionless Network Service (CLNS) Routing and Multicast Static routes RIPv2 OSPF BGP BGP Router Reflector1 IS-IS Multicast ((Internet Group Management Protocol (IGMPv3), PIM, Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), source-specific)) MPLS IP Address Management Static Dynamic Host Configuration Protocol (DHCP) (client and server) DHCP relay Encapsulations Ethernet (MAC and tagged) Point-to-Point Protocol (PPP) (synchronous) Multilink Point-to-Point Protocol (MLPPP) Frame Relay Multilink Frame Relay (MLFR) (FRF.15, FRF.16) High-Level Data Link Control (HDLC) Serial (RS-232, RS-449, X.21, V.35, EIA-530) 802.1q VLAN support Point-to-Point Protocol over Ethernet (PPPoE) Traffic Management Marking, policing, and shaping Class-based queuing with prioritization Weighted random early detection (WRED) Queuing based on VLAN, data-link connection identifier (DLCI), interface, bundles, or filters Security Firewall, zones, screens, policies Stateful firewall, ACL filters Denial of service (DoS) and distributed denial of service (DDoS) protections (anomaly-based) Prevent replay attack; Anti-Replay Unified Access Control Dynamic Remote Unified Threat Management - Licensed on high memory products only2 Antivirus, antispam, Web filtering, IPS Voice Transport FRF.12 Link fragmentation and interleaving (LFI) Compressed Real-Time Transport Protocol (CRTP)

High Availability VRRP Stateful failover and dual box clustering via JSRP Redundant power (optional) IPv6 OSPFv3 IPv6 Multicast Listener Discovery (MLD) BGP Quality of service (QoS) SLA and Measurement Real-time performance monitoring (RPM) Sessions, packets, bandwidth usage J-Flow flow monitoring and accounting services Logging and Monitoring Syslog Traceroute Administration Juniper Networks Network and Security Manager support Juniper Networks STRM Series Security Threat Response Managers support Juniper Networks Advanced Insight Solutions support External administrator database (RADIUS, LDAP, SecureID) Auto configuration Configuration rollback Rescue configuration with button Commit confirm for changes Auto record for diagnostics Software upgrades J-Web Operating System All J Series Services Routers ship with the worldwide version of Junos OS, which has standard encryption, as opposed to the US and Canada version, which has strong encryption. You can download the strong encryption version at no charge so long as you can certify eligibility. The download is available from Juniper’s Customer Support Center Web site: www.juniper.net/customers/csc/software/. Feature Licenses Licenses are required for advanced functionality on the J Series Services Routers. To run the Advanced BGP features, order Advanced BGP (JX-BGP-ADV-LTU). Each license is good for one chassis. On the high memory versions of the J Series, you can run Unified Threat Management consisting of antivirus, antispam, Web filtering and IPS. These licenses are good for one chassis and available as single features, bundles, single year and multi year ordering options.

Additional Features and Comparison:

Documentation:

Download the Juniper Networks J Series Services Routers Datasheet (PDF).