Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

NFX250 NextGen Overview

 

The Juniper Networks NFX250 Network Services Platform is a secure, automated, software-driven customer premises equipment (CPE) platform that delivers virtualized network and security services on demand. The NFX250 is part of the Juniper Cloud CPE solution, which leverages Network Functions Virtualization (NFV). It enables service providers to deploy and chain multiple, secure, and high-performance virtualized network functions (VNFs) on a single device.

Figure 1 shows the NFX250 device.

Figure 1: NFX250 Device
NFX250 Device

The NFX250 is a complete SD-WAN CPE, which provides secure router functionality and Next-Generation Firewall (NGFW) solution.

NGFW includes security features such as

The NFX250 device is suitable for small to midsize businesses and large multinational or distributed enterprises.

Junos OS Release 19.1R1 introduces a reoptimized architecture for NFX250 devices. This architecture enables you to use JCP as the single point of management to manage all the NFX250 components.

Note

For documentation purposes, NFX250 devices that use this architecture are referred to as NFX250 NextGen devices.

Software Architecture

Figure 2 illustrates the software architecture of the NFX250 NextGen. The architecture is designed to provide a unified control plane that functions as a single management point. Key components in the NFX250 NextGen software include the JCP, JDM, Layer 2 data plane, Layer 3 data plane, and VNFs.

Figure 2: NFX250 NextGen Software Architecture
NFX250 NextGen
Software Architecture

Key components of the system software include:

  • Linux—The host OS, which functions as the hypervisor.

  • VNF—A VNF is a virtualized implementation of a network device and its functions. In the NFX250 NextGen architecture, Linux functions as the hypervisor, and it creates and runs the VNFs. The VNFs include functions such as firewalls, routers, and WAN accelerators.

    You can connect VNFs together as blocks in a chain to provide networking services.

  • JCP—Junos virtual machine (VM) running on the host OS, Linux. The JCP functions as the single point of management for all the components.

    The JCP supports:

    • Layer 2 to Layer 3 routing services

    • Layer 3 to Layer 4 security services

    • Layer 4 to Layer 7 advanced security services

    In addition, the JCP enables VNF lifecycle management.

  • JDM—An application container that manages VNFs and provides infrastructure services. The JDM functions in the background. Users cannot access the JDM directly.

  • L2 data plane—Manages Layer 2 traffic. The Layer 2 dataplane forwards the LAN traffic to the Open vSwitch (OVS) bridge, which acts as the NFV backplane. The Layer 2 dataplane is mapped to the virtual FPC0 on the JCP.

  • L3 data plane—Provides data path functions for the Layer 3 to Layer 7 services. The Layer 3 data plane is mapped to the virtual FPC1 on the JCP.

  • Open vSwitch (OVS) bridge—The OVS bridge is a VLAN-aware system bridge that acts as the NFV backplane to which the VNFs, FPC1, and FPC0 connect. Additionally, you can create custom OVS bridges to isolate connectivity between different VNFs.

For the list of supported features, see Feature Explorer.

NFX250 Models

Table 1 lists the NFX250 device models and its specifications. For more information, see the NFX250 Hardware Guide.

Table 1: NFX250 Models and Specifications

Components

NFX250-S1

NFX250-S2

NFX250-S1E

CPU

2.0 GHz 6-core Intel CPU

2.0 GHz 6-core Intel CPU

2.0 GHz 6-core Intel CPU

RAM

16 GB

32 GB

16 GB

Storage

100 GB SSD

400 GB SSD

200 GB SSD

Form Factor

Desktop

Desktop

Desktop

Ports

Eight 10/100/ 1000BASE-T RJ-45 access ports

Eight 10/100/ 1000BASE-T RJ-45 access ports

Eight 10/100/ 1000BASE-T RJ-45 access ports

Two 10/100/ 1000BASE-T RJ-45 ports which can be used as access ports or uplink ports

Two 10/100/ 1000BASE-T RJ-45 ports which can be used as access ports or uplink ports

Two 10/100/ 1000BASE-T RJ-45 ports which can be used as access ports or uplink ports

Two 100/1000BASE-X SFP ports which can be used as uplinks

Two 100/1000BASE-X SFP ports which can be used as uplinks

Two 100/1000BASE-X SFP ports which can be used as uplinks

Two 1-Gigabit or 10-Gigabit Ethernet SFP+ uplink ports

Two 1-Gigabit or 10-Gigabit Ethernet SFP+ uplink ports

Two 1-Gigabit or 10-Gigabit Ethernet SFP+ uplink ports

One 10/100/ 1000BASE-T RJ-45 management port

One 10/100/ 1000BASE-T RJ-45 management port

One 10/100/ 1000BASE-T RJ-45 management port

Console ports (RJ-45 and mini-USB)

Console ports (RJ-45 and mini-USB)

Console ports (RJ-45 and mini-USB)

One USB 2.0 port

One USB 2.0 port

One USB 2.0 port

Interfaces

The NFX250 NextGen device includes the following network interfaces:

  • Ten 1-Gigabit Ethernet RJ-45 ports and two 1-Gigabit Ethernet network ports that support small form-factor pluggable (SFP) transceivers. The ports follow the naming convention, ge-0/0/n, where n ranges from 0 to 11. These ports are used for LAN connectivity.

  • Two 1-Gigabit or 10-Gigabit uplink ports that support small form-factor pluggable plus (SFP+) transceivers. The ports follow the naming convention xe-0/0/n, where the value of n is either 12 or 13. These ports are used as WAN uplink ports.

  • A dedicated management port labeled MGMT (fxp0) functions as the out-of-band management interface. The fxp0 interface is assigned the IP address 192.168.1.1/24.

  • Two static interfaces, sxe-0/0/0 and sxe-0/0/1, which connect the Layer 2 data plane (FPC0) to the OVS backplane.

Note

By default, all the network ports connect to the Layer 2 data plane.

For the list of supported transceivers for your device, see https://apps.juniper.net/hct/product/#prd=NFX250.

Performance Modes

Starting in Junos OS Release 19.1R1, NFX250 (NextGen) devices provide the following operational modes:

  • Throughput mode—Provides maximum resources (CPU and memory) for Junos software and remaining resources, if any, for third-party VNFs. The default mode is throughput mode.

  • Hybrid mode—Provides a balanced distribution of resources between the Junos software and third-party VNFs.

  • Compute mode—Provides minimal resources for Junos software and maximum resources for third-party VNFs.

Benefits and Uses

The NFX250 NextGen provides the following benefits:

  • Highly scalable architecture that supports multiple Juniper VNFs and third-party VNFs on a single device. The modular software architecture provides high performance and scalability for routing, switching, and security enhanced by carrier-class reliability.

  • Integrated security, routing, and switching functionality in a single control plane simplifies management and deployment.

  • A variety of flexible deployments. A distributed services deployment model ensures high availability, performance, and compliance. The device provides an open framework that supports industry standards, protocols, and seamless API integration.

  • Secure boot feature safeguards device credentials, automatically authenticates system integrity, verifies system configuration, and enhances overall platform security.

  • Automated configuration eliminates complex device setup and delivers a plug-and-play experience.

Junos OS Releases Supported on NFX Series Hardware

The Table 2 provides details of Junos OS software releases supported on the NFX Series devices.

Note

Linux bridge mode is supported on NFX250 devices only up to Junos OS Release 18.4.

Table 2: Supported Junos OS Releases on NFX Series Devices

NFX Series Platform

Supported Junos OS Release

Software Package

Software Downloads Page

NFX150

18.1R1 or later

nfx-3

jinstall-host-nfx-3-x86-64-<release-number>- secure-signed.tgz

install-media-host-usb-nfx-3-x86-64-<release-number>- secure.img

NFX150 Software Download Page

NFX250

15.1X53-D45, 15.1X53-D47, 15.1X53-D470, and 15.1X53-D471

nfx-2

jinstall-host-nfx-2-flex-x86-64-<release-number >-secure-signed.tgz

install-media-host-usb-nfx-2-flex-x86-64-<release-number>- secure.img

NFX250 Software Download Page

17.2R1 through 19.1R1

19.1 R1 or later

nfx-3

jinstall-host-nfx-3-x86-64-<release-number>-secure-signed.tgz

install-media-host-usb-nfx-3-x86-64-<release-number>-secure.img

NFX250 Software Download Page