en

REFERENCE ARCHITECTURE
ENTERpRIsE WAN REFERENCE ARCHITECTURE
Copyright 2011, Juniper Networks, Inc.
REFERENCE ARCHITECTURE - Enterprise WAN Reference Architecture
Table of Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Target Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Industry Trends Influencing WAN Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 WAN Design Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Junipers Advanced Routing Technologysolution profile Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Junipers Advanced Routing TechnologyVirtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Junipers Advanced Routing TechnologyHigh Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Best practices and TipsHA: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Junipers Advanced Routing TechnologyQos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Best practices and TipsQos: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Junipers Advanced Routing Technologysecurity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Best practices and Tipssecurity: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Junipers Advanced Routing TechnologyMulticast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Best practices and TipsMulticast: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 AutomateEase of Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Use Case: Enterprise WANprivate MpLs Across a public service provider Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Use Case: Enterprise WANprivate MpLs Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 private MpLs Cloud: some Benefits of simplification (Before and After) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Use Case: Data Center to Data Center Interconnectivity with L2 stretch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17 VpLs over GRE: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Use Case: WAN Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Use Case: Internet Edge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Case 1: Corporate Internet Access Through Enterprise WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Case 2: Internet Edge Backup Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 References: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 About Juniper Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Table of Figures
Figure 1: summary of advanced routing technologies that simplify, share, secure, and automate the WAN . . . . . . . . . . . . . . . . . . 6 Figure 2: Complementary virtualization technologies from Juniper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Figure 3: Example of financial institution with different Qos policies by path and application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Figure 4: Example of a distributed enterprise with multiple layers of security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Figure 5: Ethernet Design, Network Activate, and Route Insight Junipers key management automation tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Figure 6: Ipsec encrypted MpLs traffic tunneled using GRE to a provider router for transport over service provider L3VpN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Figure 7: Before Case: Real example of legacy WAN using 30 dedicated links per application to interconnect data centers, with only 1% average utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Figure 8: After Case: Real deployment using Junipers simplified WAN design using network virtualization eliminates application dedicated links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Figure 9: Inter data center connectivity over MpLs core. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17 Figure 10: WAN aggregation of remote branch offices using WAN aggregation routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Figure 11: Internet edge access through headquarters Carried through the enterprise WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Figure 12: Internet edge providing backup connectivity to the enterprise WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2
Introduction
Juniper Networks approach to WAN design is based upon four fundamental design principles that will help customers design a simplified architecture: Simplify the network, by reducing the number of required network devices, links, and inherent complexity Share network resources through virtualization to improve asset utilization Secure the network comprehensively Automate to provision, monitor, and troubleshoot the network Many organizations have experienced rapid growth with business requirements, applications, distributed branch offices, and data centers; and these growth factors have led to increased network complexity, over time. The challenge is to transport the growing mission critical and delay sensitive traffic cost effectively while improving security and privacy over the WAN. Juniper approaches this challenge using the four design principles outlined above. This paper examines: Technology and services trends such as cloud computing that impact architectural decisions Design considerations, which provides a basic architectural framework Junipers advanced routing technology, which provides tools to address different business requirements Enterprise WAN use cases, which describe common deployment scenarios
Scope
This WAN reference architecture discusses WAN design concepts, and it also presents use cases and practical examples to help WAN architects and engineers address requirements for designing simplified WANs. The use cases outlined in this paper include: Enterprise WAN - private MpLs across a public service provider network - private MpLs cloud Data center to data center interconnectivity WAN aggregation Internet edge - Corporate Internet access through WAN backhaul - Internet edge backup connectivity
Target Audience
This paper describes Juniper Networks simplified WAN architecture. This architecture is particularly suitable for organizations that are: Improving their WAN infrastructure to enhance their competitive advantage Deploying bandwidth-hungry applications, such as video conferencing Consolidating links, data centers, or servers for cost savings Deploying a private, hybrid, or public cloud for improving productivity This document serves as a reference tool for the following network personnel: Network engineers Network architects security managers IT and network industry analysts Juniper partners Any person with an interest in WAN design.
Industry Trends Influencing WAN Design

WAN designs are not only impacted by business requirements, they are independently impacted by general industry trends as well. The two major trends, as shown in Table 1 below, are technology and services trends, and both have a material impact on WAN design.
Table 1: General Industry Trends Influencing WAN Design

GENErAl INDuSTry TrENDS BuSINESS ImpACT NETWork ImpACT
Technology
Decline in connectivity pricing Increase in availability of connectivity options
Increase in adoption of Gigabit Ethernet, L2VpN, and L3VpN Increase in adoption of many types of connectivity in the same WAN
Services
More availability of cloud services for applications, storage, and data
Adds pressure for WAN bandwidth Applications storage and data are accessed by distributed branch offices, remote data centers and remote workers that results in inter-communication and a mesh topology
Technology Trends Advancements in technology have led to an increase in WAN connectivity options and lower prices. This presents an opportunity for organizations to reevaluate their WAN designs, to improve performance, and to save costs. For example, a drop in the price of 10GbE has created an opportunity for enterprises to leapfrog in bandwidth speeds, allowing them to migrate from Ds3/OC3 to 10GbE and replace private leased lines with Ethernet services. Services Trends Enterprises have been adopting cloud services, such as private, hybrid, and public cloud, to increase productivity and reduce costs. Using cloud services may increase WAN bandwidth requirements, as applications and data are now pushed over the WAN. The growth of WAN traffic can also occur organically as businesses add remote locations to better serve their customers. The growth of distributed branch offices, remote data centers, and remote workers commonly add traffic over the WAN, and can also create more meshed topologies.
WAN Design Considerations

There are many WAN design considerations that can help organizations simplify, share, secure and automate their network. Below are some of these design considerations: Simplify: Reduce the number physical devices, links, and complexityOrganizations commonly reduce the number of physical storage devices and physical servers with virtualization. The same holds true for the network. The high-performance and advanced routing capabilities of Juniper Networks MX series 3D Universal Edge Routers now make device, link, and complexity reduction possible. The reduction of physical devices and links also has a positive impact on CapEx and OpEx, power use, space consumption, and manageability. Reduce the number of operating systemsChange management is especially acute as the number of network operating systems increases. Juniper runs one consistent operating system across its portfolio of routing, switching, and security products. A single operating system also reduces training requirements and improves operational efficiency. prepare for Future ExpansionFuture readiness and simplification are best engineered over a period of time so that a network has sufficient overhead to accommodate future growth easily. select an appropriate topologyThe topology of the network (such as mesh, hub and spoke) and the traffic pattern are important design considerations, because the choice impacts not only cost but also the responsiveness of the business. Share: share network resources through virtualization to dramatically improve asset utilization, privacy, and traffic segmentationJuniper offers a number of virtualization technologies that go all the way from link virtualization, to device virtualization, and to network virtualization. Increase resiliency and reliability across network resourcesNetwork resiliency and reliability are critical to maintaining business continuity and regulatory compliance, and organizations can not only improve network device resiliency and reliability, but also improve that of WAN connectivity. Add traffic engineering, where appropriate, to optimally share network resourcesTodays bandwidth-hungry applications are consuming ever increasing amounts of network bandwidth and are impeding the performance of mission critical data. Traffic engineering offers another valuable tool to optimize network resources. Secure: Improve security and complianceEnterprises are increasingly subject to regulatory compliance mandates that require critical data to be separated from other data in the enterprise network. Further, enterprises must ensure that their data is protected from an ever increasing range of attacks. Juniper offers many technologies to improve privacy, security, and compliance. Automate: Improve manageabilityAutomated provisioning, monitoring, and troubleshooting improve manageability, enhancing business agility and reducing OpEx.
Junipers Advanced routing TechnologySolution profile overview

Juniper provides organizations with a wide range of advanced routing technologies to meet design considerations such as high manageability, resiliency, application performance, security, and compliance: VirtualizationNetwork virtualization features make applications completely transparent to underlying network architecture. This allows changes to architecture without impact to applications, enabling greater flexibility. Virtualization also provides better utilization of resources for lowering costs and improving power utilization. Low latency multicastMulticast technologies provide timely delivery of services to a large number of users, and distribute that traffic efficiently. Carrier-class reliabilityJuniper provides hardware resiliency; and also network and software redundancy. Quality of service (Qos)sophisticated policies expedite delay sensitive content with predictable and measurable results. securitysecurity is enhanced using a combination of countermeasures such as separation of traffic for privacy, as well as techniques to provide network-layer and application-layer security. Consistent operating environmentJuniper Networks Junos operating system provides a common language across Junipers routing, switching, and security devices, and is also easily upgradable with unified in-service software upgrade (unified IssU) for full releases.
Virtualization GRE, MPLS, VPLS, Logical Systems, Virtual Router, Virtual Chassis Low-Latency Multicast ASIC based forwarding and replication, P2MPTE Carrier-Class Reliability Fully redundant hardware, ISSU, FRR, BFD QoS Hierarchical Queuing, commit scripts, statistical reporting Security IPsec, NAT, Stateful Firewall, Firewall Filters, DAA
Simplify Share Secure Automate
Advanced Routing Portfolio Junos OS Advanced Silicon and Hardware
Figure 1: Summary of advanced routing technologies that simplify, share, secure, and automate the WAN
Figure 1 shows Junipers advanced routing technologies layered on top of our innovative advanced silicon and hardware, such as our latest 3D Trio chipset. Junipers advanced hardware is supported by a single operating systemJunos Osand a single release train that works across routing, switching, and security platforms. The powerful Junos Os drives Junipers advanced routing portfolio. The following sections provide more details of the major components of advanced routing.
Junipers Advanced routing TechnologyVirtualization

Virtualization is one of the most important advanced routing technologies. Links, network devices, and the network itself can be virtualized to provide higher asset utilization and significant cost savings. Three major virtualization categories are complementary to one another: Device partitioning (1:N)Takes one physical device and partitions it into logical devices. Examples of device partitioning include VLANs, VpN routing and forwarding (VRF), integrated routing and bridging (IRB), virtual routers and bridges, and Juniper Networks JCs1200 Control system. Network communication (N:m)provides many-to-many communication. Includes MpLs, and consists of L3VpNs (MpLs, generic routing encapsulation, Ipsec), and L2VpNs (virtual private LAN service, pseudowires, 802.1Q). Device aggregation (N:1)Takes many physical devices and aggregates them into logical devices. Examples include Virtual Chassis, multichassis link aggregation group (LAG), Juniper Networks TX Matrix, and the JCs1200 Control system.
Virtualization Categories Junipers Key Virtualization Technologies Other Virtualization Technologies
Device Partitioning 1:N Logical Systems

VLAN
VLAN VRF IRB Virtual Routers Virtual Bridging Logical Systems JCS 1200
Network Communication N:M
VLAN
VLAN
L3 VPN (MPLS. GRE. IPsec) L2 VPN (VPLS, Pseudo-wires, 802.1q) Circuit to Packet (TDM, Serial, etc. to IP)
MPLS
Virtualization with MPLS
Device Aggregation N:1 Virtual Chassis
Virtual Chassis Multi-Chassis LAG TX Matrix JCS 1200
Figure 2: Complementary virtualization technologies from Juniper

For a more detailed discussion of virtualization in the enterprise, please see: Extending the Virtualization Advantage with Network Virtualization.
Network Virtualization with MPLS

Many customers have deployed private MpLs network virtualization because of the wealth of benefits that it provides. MpLs brings the
Network Segmentation Enhance User Experience Network Virtualization (with MPLS)
benefits of circuits to Ip, including: Privacy and Network Segmentation: Virtualization supports network segmentation and privacy. Organizations can obtain the benefits of segmentation of traffic without dedicated links. Enhanced User Experience: Enhances the end user application experience with traffic engineering, which enables fine-tuning of the network to deliver appropriate levels of Qos and service-level agreements (sLAs). Improved Network Resiliency: Improves network resiliency with features like MpLs fast reroute, enabling sub 50 millisecond reroute. Scale for Future Growth: Boosts network scalability and performance to provide head room for future growth.
Privacy
Scale for Future Growth
Improve Network Resiliency
Junipers Advanced routing TechnologyHigh Availability

Organizations that desire increased resiliency and reliability can benefit from Junipers high availability (HA) technology. Organizations can select an appropriate level of link and device redundancy that supports their HA requirements, per given location. link-level HA requires two links to operate in an active/backup setting so that if one link fails, the other takes over (or likely reinstates) the forwarding of traffic. Link-level resiliencies provide both fault detection and mitigation techniques that can be effectively combined to address failures. some examples include: Bidirectional Forwarding Detection (BFD) provides proactive link fault detection and mitigation by detecting faults and using MpLs fast reroute to switch to the alternate path within 50 ms. Link aggregation group (LAG), multichassis link aggregation (MC-LAG), and Ethernet ring protection provide additional link-level resiliencies at Layer 2. Device-level HA complements link-level HA and includes: Graceful restart, which provides nonstop forwarding through individual routing protocol restart and convergence. Unified IssU, which enables upgrading full software releases while the router is still operational, without requiring that the router be brought down during a scheduled maintenance window. Virtual Chassis, which combines multiple switches or routers into a virtual entity that can provide protection for node failures and failure of links connected to the Virtual Chassis. Virtual Chassis technology allows organizations to incrementally upgrade their switching or routing capacity by adding additional devices to the Virtual Chassis. For a detailed technical description of Junipers HA features, please refer to HA Technical Documentation.
Best practices and TipsHA:

Enterprises deploy collocation data centers to achieve greater resiliency. The traffic flow to and from any of these collocation centers into the WAN must be designed such that it is symmetric to prevent asymmetric routing issues. Grouping routers based on BGp community strings will also mitigate asymmetric routing issues. For instance, the branch office routers can advertise BGp community for each application based on the preferred data center. The use of monitoring applications and technologies can lead to higher network and application availability. With VoIp, for instance, a combination of using BFD to monitor link failures, MpLs fast reroute to mitigate faults, and a voice quality monitoring application can provide optimal results.
Junipers Advanced routing TechnologyQoS

Organizations that are looking for increased application performance and bandwidth optimization can benefit from Junipers quality-of-service solutions. Defining a Qos strategy requires two main elementsclassification and prioritization. Juniper provides two classification types: - Behavior aggregate (BA) classifiers, where the forwarding class is based upon the packets Ip precedence, MpLs EXp, etc. These are called behavior aggregates because they aggregate multiple classifications. BA classifiers are normally used in the core of the network. - Multifield classifiers (MF), where the forwarding class and loss priority of a packet are based on one or more field value, such as 5 tuples, in the packet. For instance, the source and destination Ip address, source and destination TCp ports, or protocol can be used for classification. MF classifiers are normally used in the network edge. prioritization involves prioritizing network and application traffic according to levels of sensitivity and criticality. Multiple forwarding classes (queues) can be used to prioritize application traffic based on sensitivity to latency, jitter, or packet loss. some sample settings are illustrated below:
Table 2: Sample of Four Classes or Queues, Along with Their Traffic Characteristics
ForWArDING ClASSES prIorITy lATENCy/pACkET DElAy SENSITIVITy JITTEr SENSITIVITy pACkET loSS SENSITIVITy SAmplE TrAFFIC
Network control Expedited forwarding Assured forwarding
High strict High* High
None Low Medium
None Low Medium
High Medium High
Routing protocols VoIp Business application virtual desktops Other data
Best effort
Low
None
None
None
*Queues with strict-high priority are serviced before high or low priority queues, as long as there are packets in the queue.
Network controlReferring to traffic such as a routing protocol, this class is given high priority due to its high packet loss sensitivity. Expedited forwarding (EF)provides low loss, latency, jitter, and assured bandwidth for end-to-end service. Assured forwarding (AF)provides a group of services (e.g., AF1 through AF4), each with low, medium, or high drop probability. Data in AF classes are more sensitive to packet loss than data in the EF class. Best effortDoes not give any preference to queuing and forwarding during periods of congestion. End-to-end QoS strategyTo enforce a successful Qos strategy, organizations must associate incoming traffic to forwarding classes based on priorities set on the packets by other parts of the network. For example, in the medium-to-large branch offices, the local switch performs the classification and the services gateway or secure router performs the enforcement. Branch office network devices should be able to carry Qos markings through the VpN tunnels and apply the policy across the entire deployment, thereby providing end-to-end Qos.
Best practices and TipsQoS:

TCP or UDPThe selection of forwarding classes and congestion control algorithms can be influenced by whether the traffic is TCp or UDp. TCp can be classified in the assured forwarding class, since TCp is more tolerant to packet loss due to TCps retransmission and dynamic window sizing capabilities, which UDp does not have. UDp applications, such as voice for example, can be classified in the expedited forwarding class. Application criticalityReview applications for criticality, even within a given forwarding class. For instance, secure file transfers do not necessarily need to receive the same treatment as sNMp, even though both are assigned to the assured forwarding class. Maximum allowed bandwidthselected traffic can be limited to a certain percentage of the bandwidth to ensure fairness among the classes. For example, email traffic can be limited to a certain amount of bandwidth once an estimated email traffic ceiling has been established.
Traffic burstsBandwidth allocation can factor in traffic bursts during specific time periods, such a quarterly close. Trust domainsDetermine whether an upstream switch or router will accept the priority settings from a downstream device. For instance, a downstream VoIp phone may set a high L2 priority that can either be ignored or accepted by an upstream switch before mapping the L2 priority to L3 priority. Interfacing with your service provider network - Identify the type of end-to-end Qos supported by your service provider. For example, support of short pipe tunneling will allow the transport of the customers original priority setting unaltered across the service provider network so that remote sites can make decisions based on priority settings. - In designing the forwarding classes, the number of queues supported in the service provider network should be considered. For example, if only three classes can be supported in the service provider network vs. six in the enterprise network, enterprises must assess the impact on end-to-end Qos by combining multiple classes in the enterprise network to a few in the carrier network. - shape multicast and unicast traffic to the bandwidth purchased from the carrier while ensuring that critical traffic isnt dropped.
HQ
RETAIL BANKING FINANCIAL SERVICES
INVESTMENT BANKING
DATA CENTER
Figure 3: Example of financial institution with different QoS policies by path and application
Figure 3 shows an example of multiple logical paths between a data center and the investment banking, retail banking, headquarters, and financial services of a large financial institution. Each of these paths, denoted by solid and dotted lines, can have different Qos requirements because they run different applications with various sLAs. To achieve the different Qos requirements, customers can configure forwarding class parameters as shown in the sample configuration below.
Table 3: Sample of Financial Institution Configuration for Four Forwarding Classes or Queues
ForWArDING ClASSES BuFFEr SIzE TrANSmIT rATE prIorITy
Network Control Expedite Forwarding Assured Forwarding Best Effort
6% 50ms 40% 40%
6% 20% 40% remainder
High strict-high High Low
It is important to note that queues with strict-high priority are serviced before high or low priority queues, as long as there are packets in the queue. To prevent other queues from getting starved, the strict-high queue can be policed. Network control classes have infrequent traffic and therefore a buffer size and transmit rate of 6% are sufficient. Express Forwarding classes have a very small queue size to avoid jitter and latency. The Express Forwarding queue is also serviced aggressively at 20% transmit rate. Assured forwarding classes contain business critical traffic and are given a large bandwidth and transmit rate with a high priority service rate. The best-effort classes have 40% of the buffer space and the rest of available bandwidth.
10
MX series routers provide the following Qos advantages: Line-rate performance with Qos and access control lists (ACLs) to guarantee application performance and security without degraded throughput Easy provisioning using configuration scripts for rapid rollout of Qos Built-in denial of service (Dos) protection for enhanced security Less than 20s high-performance queue latency provides low latency and jitter to applications Over 256,000 ACLs to provide granular control of traffic Over 128,000 hardware queues per chassis to provide ample room for controlling bandwidth
For further details, please refer to QoS on Juniper routers.
Junipers Advanced routing TechnologySecurity

Todays security requirements have grown as an organizations interconnected network must support an increasing number of remote users that include suppliers, partners, customers, and employees at remote locations. Attacks have also grown in sophistication and frequency. Juniper offers several comprehensive security solutions that protect the WAN: Comprehensive SecurityA comprehensive set of security features that include Web filtering, deep inspection, and intrusion detection and prevention (IDp). Juniper Networks Adaptive Threat Management Solutionsprovides solutions that constitute high-performance security platforms adaptable to ever changing security threats. Business benefits include proactive data protection, business continuity, and reduced TCO resulting from fewer network disruptions. VPNsIpsec VpN and MpLs VpN that provide a logical separation of data and improve the privacy of data. These also offer a cost-effective alternative to expensive dedicated links to provide traffic separation.
10GbE SRX3600 QFX3500

QFX3500
GbE 5xGbE
MX Series Midrange
INTERNET
QFX3500 MX960 SRX3600 MX960
MX80
MX80 QFX3500 MX960 MX960 QFX3500 SRX3600
MX480
MX Series midrange consists of the MX5, MX10, MX40, and MX80
INTERNET
EX4200/ EX4500 SRX3600 SRX3600 MX Series Midrange
INTERNET
MX960 MX960 MX960 MX960
QFX3500
SRX3600
M120
M120
M120
M120
EX4200/ EX4500 M120 M120
EX4200/ EX4500
EX4200/ EX4500
Figure 4: Example of a distributed enterprise with multiple layers of security

11
Figure 4 depicts an enterprise network with many branch offices and data centers interconnected to the enterprise WAN. The branch offices are using Juniper Networks MX series midrange routersMX5, MX10, MX40, and MX80 3D Universal Edge Routers to provide WAN and Internet connectivity, and the Juniper Networks sRX3600 services Gateway to support virtual firewall functionality. The MX series midrange routers provide high performance routing in a compact form factor and improve investment protection by enabling a seamless upgrade between models using software licensing. The enterprise branch has consolidated many disparate security devices into the sRX3600, using a L3VpN and virtual firewalls. Additionally, the MX series offers Juniper Networks Multiservices DpC (Ms-DpC) full slot modules to support firewall capability that is integrated into the router. The branch offices are connected using dual homed links to the enterprise WAN core. The data center consists of a pair of Juniper Networks M120 Multiservice Edge Router devices designed for resiliency to provide WAN connectivity, along with Juniper Networks EX4500/EX4200 Ethernet switches providing 10GbE access for servers, which acts as an access-layer switch connecting to the servers and network attached storage (NAs) in the data center. The diagram also shows Juniper Networks MX80 3D Universal Routers connected to the QFX3500 Ethernet switches providing 10GbE access for servers. The QFX3500 provides high density ultra low latency 10GbE access for storage Area Networks (sANs), Fiber Channel (FC), Fiber Channel over Ethernet (FCoE) and High speed Computing (HpC). The core of the network consists of four pairs of the MX960 3D Universal Edge Router, which (like the M120) have been designed for resiliency.
Best practices and TipsSecurity:

Ensure that untrusted VpNs pass through a firewall. Where possible, consolidate firewalls into a common path where traffic from multiple VpNs can be funneled. For MpLs VpN, associate VpNs to specific WAN networks to ensure that VpNs which must exist in multiple WANs can use efficient interconnections. For further details on Juniper security, please refer to Security literature.
Junipers Advanced routing Technologymulticast

Organizations are deploying many services like video on demand that add a large amount of traffic onto the WAN. Using multicast services can dramatically improve the efficiency of that traffic distribution. Juniper offers a range of multicast services that are suitable for MpLs or non-MpLs networks. For MpLs-based WANs, organizations can use MpLs-based point-to-multipoint (p2Mp) services that optimize nextgeneration MVpNs (NG MVpNs). NG MVpNs improve scalability by intelligently leveraging adjacencies that exist in the MpLs network, and this eliminates the need for every router to maintain separate adjacency information with every other router that participates in the MVpN. NGMVpN benefits enterprises by eliminating the need to run multicast routing protocol over service provider network. The benefits of NGMVpN are: Bandwidth reservationguarantees sufficient bandwidth for mission critical applications MPLS fast rerouteallows quick detection of path failure and rapid reroute to alternate paths, in less than 50 ms Deterministic routingpermits the ability to precisely control paths the data will follow, in order to create redundant paths from source to destination and thereby ensure resiliency in case of failure or performance degradation
Best practices and Tipsmulticast:

It is recommended that enterprise network architects consider the following in running a multicast network: The number of multicast groups that can be supported per VpN is usually limited, when using carrier networks. Thus to reduce costs, VpNs that require large number of multicast groups can be designed to run on private MpLs cloud rather than on a service provider network. The number of Rendezvous points (Rp) is limited per VpN and geographical location; therefore care must be taken in designing the optimal location for Rp and the multicast sources that are handled by the Rp. Juniper offers many multicast signalling protocols such as protocol Independent Multicast-sparse Mode (pIM-sM), protocol Independent Multicast-Dense Mode (pIM-DM), protocol Independent Multicast-source specific Mode (pIM-ssM), and Bidirectional pIM. For further information, please refer to multicast Best practices.
12
AutomateEase of management
To simplify network provisioning, monitoring, and maintenance, several management tools are recommended to reduce network downtime, minimize human error, and accelerate service deployment: Juniper Networks Junos space Ethernet Designprovides best practice service definition such as port security, Qos, spanning tree, etc., to plan, simulate, model, and diagnose issues in the network. Juniper Networks Junos space Network Activate: provides best practice service definition for ELINE, ELAN and ETREE services to quickly, accurately, and easily provision VpNs. Juniper Networks Junos space Route Insight provides a tool to easily plan, simulate, model, and diagnose issues in the MpLs network.
Ethernet Design
Network Activate
Route Insight
Junos Space Tool
Benet
Speed up Operations Rapidly provision large collection of switches Simplify conguration
Scale Service Deployment Rapidly provision VPNs Automates Network Resource Management
Simplify Operations Rapidly diagnose MPLS network problems Simulate Network Changes
Function
Figure 5: Ethernet Design, Network Activate, and route Insight Junipers key management automation tools
In addition to network management tools, network architects can also benefit from using powerful Junos Os scripts that can help network engineers simplify and automate tasks. The following are available script types: Configuration scriptsUse of configuration scripts are ideal for organizations that frequently change Qos policies that need to be propagated to many routers. These scripts also ensure adherence to corporate network guidelines. Operation scriptsOrganizations that want to simplify a series of iterative commands can benefit from creating a custom command using an operations script. Enterprises can also create commands customized for specific solutions. These scripts reduce the risk of misconfiguration and improve productivity. Event scriptsOrganizations can automate configuration changes to specific events with event scripts. For example, security can be enhanced by controlling the access to user accounts based on the employees shift time using event scripts.
13
use Cases
The following sections highlight WAN use cases: Enterprise WAN - private MpLs across a public service provider network - private MpLs cloud - public network Data center to data center interconnectivity, with Layer 2 stretch WAN aggregation Internet edge The MX series uniquely addresses enterprise network needs in a single platform based on simplicity: Massive upgradeability from 20 Gbps to 2.6 Tbps for a variety of application needs Range of interface speeds 10/100/1000M, 10GbE, OC3, OC12, OC48, Ds3 for a different WAN interconnects Massive scalability in Layer2 and Layer3 and advanced virtualization. Traffic Engineering and MpLs based resiliency for superior application performance Dynamic GRE that simplifies provisioning of GRE tunnels Carrier Class reliability Uncompromised performance for Qos and services pay-as-you-grow and dynamic scale elasticity(MX5->MX10->MX40->MX80) to adapt network as business needs change: Capacity: 20 Gbps -> 40 Gbps -> 60 Gbps -> 80 Gbps, with optional software license Ethernet: 10/100 -> 1GbE -> 10GbE Non-Ethernet: OC3 -> OC12 -> OC48
use Case: Enterprise WANprivate mplS Across a public Service provider Network
Service Provider MPLS Overlay/Transparent
Ent-MPLS
Ent-MPLS IP Hando in GRE to SP CPE
Carrier Router 1 Carrier Router 3
Ent-MPLS Inside IPsec Inside GRE CPE
Ent-MPLS
SITE A
CPE
Carrier Router 2
SITE C
SITE B ENTERPRISE
Ent-MPLS Inside IPsec Inside GRE
ENTERPRISE
Figure 6: Ipsec encrypted mplS traffic tunneled using GrE to a provider router for transport over service provider l3VpN
Figure 6 depicts an enterprise running MpLs across a service provider L3VpN network. In this scenario, the enterprise has two locations (A and B) that are sending traffic to each other. site B is also sending traffic to site C. The MpLs traffic from site A is sent via generic routing encapulation (GRE) tunnels to site C and tunneled using the service providers MpLs network. Likewise, the MpLs traffic from site B to site C is encrypted using Ipsec and tunneled using GRE to site C through the service provider MpLs transport. The traffic at the Carrier Router3 for site C is then handed off using GRE tunnels to the customer premises equipment (CpE), where it is decrypted and sent over the organizations MpLs network.
14
Enterprises choose VpN services offered by service providers for a variety of reasons. some of the most common reasons are cost and simplicity. Additionally, enterprises can choose between managed services and unmanaged services. Many enterprises choose a managed CpE to reduce the cost of managing equipment. Unmanaged CpE is popular with enterprises that have the necessary resources and the desire to have control over the network on their premises.
Customer Example: A Centralized Manufacturer

The manufacturer performs most of the computations in its data center and is looking for a basic method for transporting data on the WAN. WAN design requirements: Low cost transportation of noncritical MpLs data between offices Resiliency needed to protect VoIp traffic Minimal enterprise resources for management of the network proposed WAN solution: The manufacturer chooses a service providers L3VpN service (unmanaged) for its WAN connectivity. The unmanaged service has a CpE device that either runs BGp to the carrier router to advertise routes, or it has static routes configured to send all traffic to the provider router. The enterprise can also encrypt all traffic leaving the CpE and tunnel these transmissions using GRE to the provider router. To connect the enterprise to the provider router, the enterprise may choose inexpensive cable or DsL connectivity instead of expensive fiber. The enterprise needs to guarantee resiliency, and ensure that the VoIp traffic is protected in case of failures in WAN connectivity. It may also decide to have a backup connection to the Internet. use Case: Enterprise WANprivate mplS Cloud
Many enterprises use a private cloud of Ethernet links that run private MpLs to achieve maximum control over performance and latency. The resulting cloud is called the super core. The super core gives the enterprise greater control over critical metrics such as latency and resiliency. Benefits: Greater control over network latency by controlling sLA and directing low priority traffic over suboptimal paths. MpLs fast reroute provides improved resiliency. Logical separation, instead of physical separation, of data provides improved cost savings.
15
private mplS Cloud: Some Benefits of Simplification (Before and After)

Figures 7 and 8 illustrate before (an example of a real customer impacted by rapid organic business growth), and after (the benefits of WAN simplification). This customer previously used application dedicated L2 and L3 inter data center links. Over time, this practice resulted in over 30 dedicated 10GbE links, with only 1% utilization per link.
Dedicated Link Utilization 1% Point-to-Point WDM
Data Center 1
Data Center 2
WAN
Corporate Campus
L3 L2
Figure 7: Before Case: real example of legacy WAN using 30 dedicated links per application to interconnect data centers, with only 1% average utilization
In contrast, deploying Juniper Networks devices, Junos Os, and network virtualization provides simplicity and improved network utilization with the flexibility needed to expand the network easily for future growth. With Junipers enterprise WAN solution (as shown in Figure 8), the private MpLs cloud replaces dedicated link interconnectivity between the different entities using label-switched paths (Lsps) that can be set up on demand. Business continuity is maintained using MpLs fast reroute, while custom application bandwidth is maintained using traffic engineering. significant CapEx and OpEx savings are achieved, while improving privacy and security using logical MpLs separation.
No Dedicated Links; 100% Improvement in Utilization Applications Engineered into LSPs across MPLS Core
Data Center 1
Data Center 2
PRIVATE MPLS CLOUD
Corporate Campus
WAN
Critcal applications protected by Fast Reroute Detour paths and secondary LSPs
Figure 8: After Case: real deployment using Junipers simplified WAN design using network virtualization eliminates application dedicated links
16
In this example, the key principles of Junipers simplified WAN design were based on: simplicityeliminating application dedicated links sharingapplications shared yet maintaining logical separation securityseparating resources and easily directing traffic to centralized and virtualized firewalls Manageability through automationtools in the form of scripts that help in self monitoring, self diagnosing, and self healing capabilities, along with several network management tools that help with easy provisioning, monitoring, and troubleshooting the network
Customer Example: A Utility Enterprise

A large utility needs to interconnect multiple data centers, and it owns the right of way in many locations between the data centers. WAN design requirements: Transport critical delay sensitive data between data centers provide high resiliency for business critical data Maintain traffic separation between critical data and noncritical data for regulatory compliance prevent noncritical data from overwhelming mission critical data proposed WAN solution: The utility deploys an MpLs super core that interconnects the data centers and can choose between a managed or an unmanaged service. use Case: Data Center to Data Center Interconnectivity with l2 Stretch
Enterprises frequently deploy collocated data centers for reasons like disaster recovery. These data centers run many applications such as virtual machines that require Layer 2 stretch.
Layer 2 Stretch VPLS over MPLS Core

MX Series MX Series
MX Series
MX Series Service Edge Boundary
MPLS VLAN
EX Series DB1 VLAN VM1 VLAN DB1 VPLS VM1 VPLS
EX Series
VM1
VM2
DB1
DB1
VM1
VM2
DATA CENTER 1
DATA CENTER 2
Figure 9: Inter data center connectivity over mplS core

Figure 9 depicts two data centers (Data Center 1 and Data Center 2) connected over an MpLs core. The data centers house virtual machines (VM1 and VM2) and a database (DB1). The data centers have Juniper Networks EX series Ethernet switches in the access layer and MX series routers in the core and WAN edge layers. The Layer 3 boundary is at the core layer and is indicated by the service edge boundary. This implies that VLANs from the access-layer switches are mapped into corresponding VRFs. Thus, specific VLANs can be mapped into corresponding virtual private LAN service (VpLs) paths.
17
Addressing Suboptimal Routing Resulting From vMotion

1. Egress routing: When a VM moves from Data Center1 to Data Center2 it refers to Data Center1 gateway, therefore egress traffic from the VM will traverse the inter-data center link, from Data Center2 to Data Center1, before egressing to the WAN from Data Center1 resulting in sub-optimal egress routing. Proposed Solution: To ensure that the traffic from the VM is optimally routed in the egress direction, configure a VRRp group , with the same VID, that spans the two data center gateways and setup a firewall filter for the VRRp hello packets between the routers in the VRRp group. Each router in the VRRp group will behave as active because the other router will be considered in-active. The VM traffic will therefore be routed from Data Center2 gateway instead of being forwarded to the gateway in Data Center1, thereby ensuring optimal egress routing. Note that, if the two gateways are in different VRRp groups (i.e. different Virtual MAC) then the VM will timeout its ARp entry and relearn the new gateway MAC addresses, which is undesirable. 2. Ingress routing: The traffic destined for the VM, from the WAN, will also arrive at Data Center1 and traverse the inter-data center link before reaching the VM that has just moved to Data Center2. Proposed solution: The /32 address of the VM can be advertised to the external world thereby ensuring that all ingress traffic will arrive directly at the new location of the VM i.e. Data Center2 instead of traversing the inter-data center link. One caveat for enterprises advertising the ip addresses on carrier networks is that, carriers often limit the subnet mask to /24 and may not allow a /32 to be advertised. If a stateful firewall exists in Data Center1, then the only way to the address suboptimal routing is to terminate the client sessions (TCp sessions) and re-establish it with Data Center2. This is because the firewall states, pertaining to the VM, maintained in the Data Center1 are not migrated to Data Center2.
Customer Example: Enterprise Private Cloud

A bank has deployed a private cloud of virtual desktop machines to improve the productivity of its financial advisors. To ensure that the virtual desktops are available 24x7, the bank has created a collocated data center and requires data to be mirrored between the two data centers. WAN requirements: Cost effectively migrate data between the two data centers provide L2 connectivity, on demand, for some of the data migration provide resiliency for data traffic between the data centers proposed solutions: VpLs paths are set up between the two MX series devices in the collocated data centers. The VpLs can be set up so that it only transports traffic on specific VLANs. Thus, only specific hypervisors need to be migrated and need to be part of the VpLs domain, and all other traffic remains unaffected. VpLs not only emulates a L2 switch in the WAN but also runs on a private MpLs core. private MpLs lets the bank to take advantage of advanced routing features such as traffic engineering. Traffic engineering allows the bank to optimally allocate bandwidth for the different departments without the need for dedicated L2 links. Benefits: Improved cost savings by using an MpLs cloud to interconnect data centers Rapid provisioning of MpLs paths between the data centers, on demand Cost-effective resiliency by using MpLs paths rather than physically separated interconnections
18
VplS over GrE:

Enterprises that have only an Ip core ,and no MpLs core, to transport VpLs traffic can use VpLs traffic over GRE tunnels. Fragmentation of GrE frames: When GRE is used to transport MpLs packets over an Ethernet-based transport network, the transport network often supports a maximum transmission unit (MTU) of 1,500 bytes. Because of the overhead required to encapsulate MpLs packets in GRE, it is possible for the encapsulated packet size to exceed the minimum MTU of the network. The solution is to either fragment the packets before encapsulating in GRE frames or to fragment after addition of the GRE headers. since L2 data cannot be fragmented before encapsulating in MpLs/GRE header, the packet must be fragmented after encapsulating in GRE frames. GRE tunnels are supported on Juniper Networks M series Multiservice Edge Routers with the Asp tunnel module. It is recommended that the path MTU discovery be enabled in Juniper routers to identify the minimum MTU along the entire path. such a setting will avoid needless fragmentation of packets. The maximum size, of Ethernet frame, beyond which fragmentation is necessary for transport on Ethernet network is 1448 bytes.
use Case: WAN Aggregation

WAN aggregation consolidates multiple networks such as campus, branch, data center, etc., onto the enterprise WAN network. The WAN aggregation devices must be scalable, support a range of interfaces (such as T1, T3, sONET that may carry ATM, Frame Relay), as well as a variety of services (such as MpLs, Ip routing, etc.).
Public/Private WAN
AS1 AS2 WAN aggregation Router M Series/ MX Series Static routes/ EBGP SRX Series Branch Router M Series/ MX Series
Figure 10: WAN aggregation of remote branch offices using WAN aggregation routers
Figure 10 depicts two branch offices that are connected to the public WAN (carrier provided) or the private WAN (enterprise owned). The branch offices have branch routers that are dual homed, for resiliency, to two aggregation routers. The WAN aggregation devices include two MX series or M series routers. The two WAN aggregation devices will be in separate autonomous systems (As eg. As1 and As2) so as to keep the routing separate. The branch routers are mapped to the aggregation routers either using static routes or using EBGp. Enterprises that require enhanced resiliency use two providers for the WAN aggregation, i.e., As1 will belong to provider 1 and As2 will belong to provider 2. The redundancy will ensure that the enterprise WAN is not affected by any one provider failure. Note that larger branches use dual (redundant) branch routers for greater reliability, as shown in the following example.
19
use Case: Internet Edge

The Internet edge acts as a gateway to the Internet for the enterprise. The Internet edge provides connectivity to the Internet for branch offices and connects remote workers and partners to enterprise resources. It can also be used to provide backup connectivity to the WAN for branch offices, in case the primary connectivity to the enterprise WAN fails.
Case 1: Corporate Internet Access Through Enterprise WAN
MX Series midrange consists of the MX5, MX10, MX40, and MX80
Static Routes/EBGP
MX Series Midrange
MX80
WAN
MX Series Midrange/ M Series MX Series Midrange/ M Series DMZ-SRX EBGP Static Routes/EBGP
HQ
M Series/MX Series
INTERNET
EBGP
Small Branch
SRX Series Branch Router
SRX Series Branch Router EX Series
IBGP OSPF
Medium Branch
Virtual Chassis
BRANCH 1
BRANCH 2
Figure 11: Internet edge access through headquarters carried through the enterprise WAN
Figure 11 above depicts two branch offices (Branch1 and Branch2) that are connected to the headquarters (HQ) in a hub and spoke topology through the enterprise WAN network. Branch1, a small branch, has an sRX series branch router that connects it to the WAN. Branch2, a medium sized branch, has two dual-homed sRX series branch routers providing WAN connectivity and EX series access switches connecting the servers and phones to the sRX series branch routers. The branch routers run IBGp and OspF. The EX series switches are combined in a virtual chassis. All internet traffic is carried through the enterprise WAN to headquarters. All Internet traffic passes through firewalls in the DMZ that perform deep packet inspection to identify malicious content and to monitor and regulate bandwidth consumption by applications in the branch offices. The MX series midrange routers (MX5/MX10/40/MX80) are ideal for the Internet edge, as they provide seamless upgradeability on a single platform using software licensing. Enterprises that do not require Internet traffic to be carried to headquarters through the WAN allow for split tunneling of the traffic at the branch. split tunneling ensures that Internet traffic can be accessed directly from the branch. However, to meet security and regulatory compliance requirements such as payment Card Industry Data security standard (pCI Dss), these enterprises deploy security devices at the branch that perform deep packet inspection of Internet traffic. Juniper Networks sRX series services Gateways provide a range of security features that are ideal for branch security.
20
Case 2: Internet Edge Backup Connectivity
Static Routes/EBGP
IPsec MX Series Midrange/M Series MX5/MX10/ MX40/MX80
BRANCH 2
Carrier WAN
Public Internet
WAN agg Router
M/MX MX Series Midrange/M Series
MX5/MX10/ MX40/MX80
Static Routes/EBGP
IPsec MX Series midrange consists of the MX5, MX10, MX40, and MX80
BRANCH 1
Figure 12: Internet edge providing backup connectivity to the enterprise WAN
Figure 12 depicts two branch offices (Branch1 and Branch2) connected to the enterprise WAN and the Internet edge. The branch routers are connected to the WAN aggregation routers. Traffic is routed between the branch routers and the WAN aggregation routers using either static routes or EBGp. If the primary connectivity between the branch and the WAN fails, the branch router establishes an Ipsec tunnel, over the internet to Branch2. The MX series midrange routers provide Internet connectivity and are ideal for the Internet edge as they support uncompromising feature set and flexibility to upgrade using a single platform through software license. Enterprises that implement this form of resiliency must ensure that the bandwidth of the connections to the WAN and Internet are comparable. Further, these enterprises can expect application performance to be degraded when using the Internet as a backup and therefore may decide to route only some critical applications over the Internet during failover. One of the primary benefits of this use case is the low cost and the ease of deployment.
Conclusion
Enterprises have been responding to new business demands and increased competitive pressures by adopting new applications that transport mission critical data, and adding distributed branch offices and data centers. These changes have increased the complexity of maintaining and upgrading the network infrastructure, and they have made the network increasingly inflexible to meet growing business needs. Organizations can employ Junipers WAN design principles to address these challenges: simplifythe network infrastructure by reducing the number of devices, links, and operating systems sharethe network infrastructure through virtualization to improve performance and asset utilization securethe network comprehensively Automatethe network provisioning, monitoring, and troubleshooting. These design principles can effectively help organizations improve the end user experience, increase the velocity of application deployment, improve security and privacy, while at the same time delivering cost savings and operational efficiencies.
21
references:
1. The Essential Guide to Deploying MpLs for Enterprise Networks www.juniper.net/solutions/literature/white_papers/200183.pdf 2. VpLs in Data Center www.juniper.net/us/en/local/pdf/implementation-guides/ 8010050-en.pdf 3. Extending the Virtualization Advantage with Network Virtualization www.juniper.net/us/en/local/pdf/whitepapers/2000342-en.pdf 4. Branch sRX series and J series selective packet services www.juniper.net/us/en/local/pdf/app-notes/3500192-en.pdf 5. JUNOS Enterprise Routing, by Doug Marschke; Harry Reynolds. O Reilly. 6. Optimizing Media-Rich Content Delivery with point-to-Multipoint www.juniper.net/us/en/local/pdf/whitepapers/2000274-en.pdf 7. Configuring MpLs over GRE www.juniper.net/techpubs/software/junos/junos91/ swconfig-mpls-apps/configuring-mpls-over-gre-tunnels.html
About Juniper Networks

Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers, Juniper Networks delivers the software, silicon and systems that transform the experience and economics of networking. The company serves customers and partners worldwide. Additional information can be found at www.juniper.net.
Corporate and Sales Headquarters Juniper Networks, Inc. 1194 North Mathilda Avenue sunnyvale, CA 94089 UsA phone: 888.JUNIpER (888.586.4737) or 408.745.2000 Fax: 408.745.2100 www.juniper.net
ApAC Headquarters Juniper Networks (Hong Kong) 26/F, Cityplaza One 1111 Kings Road Taikoo shing, Hong Kong phone: 852.2332.3636 Fax: 852.2574.7803
EmEA Headquarters Juniper Networks Ireland Airside Business park swords, County Dublin, Ireland phone: 35.31.8903.600 EMEA sales: 00800.4586.4737 Fax: 35.31.8903.601
To purchase Juniper Networks solutions, please contact your Juniper Networks representative at 1-866-298-6428 or authorized reseller.
Copyright 2011 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, Netscreen, and screenOs are registered trademarks of Juniper Networks, Inc. in the United states and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
8030009-003-EN
Apr 2011
printed on recycled paper
22

en

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

en

Încărcat de

Drepturi de autor:

Formate disponibile

REFERENCE ARCHITECTURE

ENTERpRIsE WAN REFERENCE ARCHITECTURE

Copyright 2011, Juniper Networks, Inc.

REFERENCE ARCHITECTURE - Enterprise WAN Reference Architecture

Copyright 2011, Juniper Networks, Inc.

REFERENCE ARCHITECTURE - Enterprise WAN Reference Architecture

Copyright 2011, Juniper Networks, Inc.

REFERENCE ARCHITECTURE - Enterprise WAN Reference Architecture

Industry Trends Influencing WAN Design

Table 1: General Industry Trends Influencing WAN Design

Decline in connectivity pricing Increase in availability of connectivity options

More availability of cloud services for applications, storage, and data

Copyright 2011, Juniper Networks, Inc.

REFERENCE ARCHITECTURE - Enterprise WAN Reference Architecture

WAN Design Considerations

Copyright 2011, Juniper Networks, Inc.

REFERENCE ARCHITECTURE - Enterprise WAN Reference Architecture

Junipers Advanced routing TechnologySolution profile overview

Simplify Share Secure Automate

Advanced Routing Portfolio Junos OS Advanced Silicon and Hardware

Copyright 2011, Juniper Networks, Inc.

REFERENCE ARCHITECTURE - Enterprise WAN Reference Architecture

Junipers Advanced routing TechnologyVirtualization

Device Partitioning 1:N Logical Systems

Network Communication N:M

Virtualization with MPLS

Device Aggregation N:1 Virtual Chassis

Virtual Chassis Multi-Chassis LAG TX Matrix JCS 1200

Figure 2: Complementary virtualization technologies from Juniper

Copyright 2011, Juniper Networks, Inc.

REFERENCE ARCHITECTURE - Enterprise WAN Reference Architecture

Network Virtualization with MPLS

Scale for Future Growth

Improve Network Resiliency

Junipers Advanced routing TechnologyHigh Availability

Best practices and TipsHA:

Copyright 2011, Juniper Networks, Inc.

REFERENCE ARCHITECTURE - Enterprise WAN Reference Architecture

Junipers Advanced routing TechnologyQoS

Network control Expedited forwarding Assured forwarding

High strict High* High

None Low Medium

None Low Medium

High Medium High

Routing protocols VoIp Business application virtual desktops Other data

Best practices and TipsQoS:

Copyright 2011, Juniper Networks, Inc.

REFERENCE ARCHITECTURE - Enterprise WAN Reference Architecture

RETAIL BANKING FINANCIAL SERVICES

Network Control Expedite Forwarding Assured Forwarding Best Effort

6% 50ms 40% 40%

6% 20% 40% remainder

High strict-high High Low

Copyright 2011, Juniper Networks, Inc.

REFERENCE ARCHITECTURE - Enterprise WAN Reference Architecture

Junipers Advanced routing TechnologySecurity

10GbE SRX3600 QFX3500

MX80 QFX3500 MX960 MX960 QFX3500 SRX3600

MX Series midrange consists of the MX5, MX10, MX40, and MX80

EX4200/ EX4500 M120 M120

Figure 4: Example of a distributed enterprise with multiple layers of security

REFERENCE ARCHITECTURE - Enterprise WAN Reference Architecture