Single Source Code Base

All platforms running the Junos  OS use the same software source code base within their platform-specific images. This design ensures that core features work in a consistent manner across all platforms running the Junos OS. Because many features and services are configured and manged the same way, the setup tasks and ongoing maintenance and operation within your network are simplified.

Separation of Control plane and Forwarding or data plane

This design allows you to tune each process for maximum performance and reliability. That is one of the key reason, why the Junos OS can support many different platforms from a common code base.

The control plane runs on the Routing Engine(RE). The RE is the brain of the platform, it is responsible for performing protocol updates and system management. The RE, which is based on an X86 or PowerPC architecture,maintains the routing tables, bridging table, and primary forwarding table and connects to the Packet Forwarding Engine(PFE) through an internal link.

The packet Forwarding Engine(PFE) usually runs on separate hardware and is responsible for forwarding transit traffic through the device. In many platforms running the Junos OS, the PFE uses application-specific integrated circuits(ASICs) for increased performance.

The PFE receives the forwarding table from the RE by means of an internal link. FT updates are a high priority for the Junos OS kernel and are performed incrementally. Because the RE provides the intelligence side of the equation, the PFE can simply perform in high degree of stability and deterministic performance. This architectural design also makes possible the incorporation of high availability features like Graceful Routing Engine Switchover(GRES), nonstop active routing(NSR), and unified in-service software upgrades(ISSUs).

 Maintains Routing engine intelligence

Routing Engine: The RE controls the PFE by providing accurate , up-to-date Layer 2 and Layer 3 forwarding tables and by downloading microcode and managing  software processes that reside in the PFE’s micronode. The RE receives haredware and environmental status messages from the PFE and acts upon them as appropriate.

Forwards Traffic: PFE is the central processing component of the forwarding plane. The PFE forwards traffic based on its local copy of the forwarding table.

Advantages:

1. Local forwarding table allows the PFE to forward traffic more efficiently and eliminates the need to consult the RE each time a packet needs to be processed.

2. Allows the system to continue forwarding traffic during control plane instabilities.

 

Implements services:

Rate limiting

Stateless firewall filters

Class of service(CoS)

Transit Trafic

Transit traffic consists of all traffic that enters an ingress network port, is compared against the forwarding table entries, and is finally forwarded out an egress network port toward its destination.

It passes through the forwarding plane only and is never sent to or processed by the control plane. This architecture achieve predictably high performance rates.

Transit traffic can be both unicast and multicast traffic. Unicast transit traffic enters one ingress port and is transmitted out exactly one egress port toward its destination. Multicast can be replicated and sent out multiple egress ports.

Exception Traffic:

It needs some form of special handling.examples:

Packets addressed to the chassis, such as routing protocol updates, Telnet sessions, traceroutes.

IP packets with the IP options field(PFE was purposely designed not to handle IP options, packets with IP options must be sent to the RE for processing)

Traffic that requires the generation of Internet Control Message Protocol message.

The exception traffic destined for the RE over the internal link that connects the control and forwarding planes. The Junos OS Rate limits exception traffic traversing the internal link to protect the RE from DoS attacks. The built-in rate limiter is not configurable.

Overview of Junos Devices

• Switching
  • The EX Series ethernet switches provides up to 6.2 Tbps of full duplex throughtput.Suited for low-density to high-density enterprise and data center environments.
  • The QFX series switches provide high-performance, ultra-low latency feature-rich L2/L3 with a wirespeed  of 10GbE throughtput and standards based fibre channel I/O convergence.

• Routing
  • The ACX series products deliver simplified end-to-end provisioning and support Layer 2 and Layer3 functionality with IP/MPLS traffic engineering. The fixed 1 U ACX series models are environmental hardened and support passive cooling for outdoor deployments.
  • The LN series provides high-performance network routing, firewall and intrusion detection service( IDS) for harsh environments, including terrestrial, air, and sea vehicles and remote data aggregation points.
  • The M series multiservice routers provide up to 320GBPS of aggregate half-duplex throughput. The M series family can be deployed in both high-end enterprise and service-provider environments. Large enterprises deploy M series router in a number of different roles, including Internet Gateway router, WAN connectivity router, campus core router, and regional backbone and data center routers.
  • The MX series ethernet services router provide up to 960GBPS of aggregate half-duplex throughput. The MX series family is targeted for dense dedicated access aggregation and provider edge services in medium and large point of presence(POPs).
  • The PTX series packet transport switches provide up to 16Tbps of throughput in a single chassis. The PTX series family is ideal for the service provider supercore and can readily adapt to today’s rapidly changing traffic patterns for video, mobility and cloud-based services.
  • The T series core routers provide up to 25.6 Tbps of throughput. the T series family is ideal for service provider environments and is deployed within the core of those networks.
• Security
  • The J series service router provide up to 2Gbps of throughput. The J series services router are deployed at a branch and remote locations in the network to provide al-in-one secure WAN connectivity. IP telephony, and connection to local PCs and servers through integrated Ethernet switching.
  • The SRX series services gateway provide up to 120 Gbps of full duplex throughput. The SRX series family is designed to meet the network and security requirement for consolidated data centers, managed services deployments, and aggregation of security services in both enterprise and service provider environments.