Port Speed on SRX Series Firewalls
SUMMARY Learn about port speeds, support for multiple port speeds, and how to configure port speed on SRX Series Firewalls.
SRX4600 Port Speed Overview
Table 1 presents the details of SRX4600 port speeds.
For information about interface-naming formats for channelized and nonchannelized interfaces and how to configure SRX Series Firewalls at port level and PIC level, see Port Speed.
For information on how to configure the speed at the PIC level, see Table 2 of port speed. For information on how to configure the speed at the port level, see Table 3 of port speed.
For more information about SRX4600 devices, see SRX4600 Services Gateway Hardware Guide.
For information about platforms support, see hardware compatibility tool (HCT).
To view the port speeds on each PIC, execute the show chassis pic command.
|
Port Location |
Number and Type of Ports |
Supported Speeds |
|---|---|---|
|
FPC0, PIC0 (ports 0–3) |
4 chassis cluster ports:
|
|
|
FPC1, PIC0 (ports 0–3) |
4 100GbE QSFP28 ports or 40GbE QSFP+ ports |
At port or PIC level:
|
|
FPC1, PIC1 (ports 0–7) |
8 10GbE SFP+ ports |
|
Follow these guidelines when you configure the speed of a port:
-
You need to reboot the chassis cluster for configuration changes (from 10 Gbps to 1 Gbps) to take effect. For more details, see No link title.
-
To configure all 40GbE ports, use the
set chassis fpc 1 pic 0 pic-mode 40Gcommand. -
To set only the first two 40GbE ports, use the
set chassis fpc 1 pic 0 pic-mode 40G number-of-ports 2command. This configuration sets only the first two 40GbE ports and disables the last two ports. You need to reboot the device for the configuration to take effect. -
You can channelize each 40GbE port into four 10GbE interfaces by using QSFPP-4X10-GE optics, suitable breakout cables, and the speed configuration statement.
-
Use the speed (Gigabit Ethernet interface) configuration to set 1-Gbps speed on PIC 1 ports. 1-Gbps speed is supported only in non-autonegotiation mode. If autonegotiation mode is enabled by default at the remote end, then you must disable it.
-
You can configure the interface that is already operating in 10GbE mode to operate in 1GbE mode.
-
To prevent oversubscription, configure the number of active ports operating at the configured speed by using the number-of-ports statement. The SRX4600 supports a maximum speed of 400 Gbps; the speed cannot be oversubscribed.
-
To configure 4x100GbE, use the following commands:
set chassis fpc 1 pic 0 port 0 speed 100gset chassis fpc 1 pic 0 port 1 speed 100gset chassis fpc 1 pic 0 port 2 speed 100gset chassis fpc 1 pic 0 port 3 speed 100gset chassis fpc 1 pic 1 number-of-ports 0 or
set chassis fpc 1 pic 0 pic-mode 100Gset chassis fpc 1 pic 1 number-of-ports 0 -
If you try to commit an invalid configuration, the configuration gets committed, but the port is not activated. This is because Junos OS allows you to configure a port before a line card is inserted. You will get an error message in the output of the show chassis alarms command and also in the log messages. For example, if you configure four 100GbE interfaces with eight 10GbE interface, then the configuration is invalid.
-
SRX4600 supports HA cluster. You need to reboot the system after changing port speed from 40G to 100G. The reboot is to make sure that the system returns to a stable HA cluster after the port speed change.
-
The SRX4600 does not support copper SFP transceivers.
Interface Naming Conventions
Table 2 describes the interface naming convention for a 40GbE interface channelized as four 10GbE interfaces:
|
Interface Type |
Example |
|---|---|
|
4x10GbE |
When the 40GbE port et-1/0/0 is channelized into four 10GbE interfaces, the channelized interfaces are named as follows:: xe-1/0/0:0 xe-1/0/0:1 xe-1/0/0:2 xe-1/0/0:3 |
Supported Active Physical Ports on SRX4600 to Prevent Oversubscription
You can use the number-of-ports statement to configure a port as an active port.
Table 3 summarizes the SRX4600 active ports with number-of-ports and port speed configured at PIC level.
|
PIC |
Number of Active Ports |
Active Port Number at PIC Level |
||
|---|---|---|---|---|
|
10-Gigabit Ethernet |
40-Gigabit Ethernet |
100-Gigabit Ethernet |
||
|
PIC 0 |
0 |
- |
- |
- |
|
1 |
0 |
0 |
0 |
|
|
2 |
0, 1 |
0, 1 |
0, 1 |
|
|
3 |
0, 1, 2 |
0, 1, 2 |
0, 1, 2 |
|
|
4 |
0, 1, 2, 3 |
0, 1, 2, 3 |
0, 1, 2, 3 |
|
|
PIC 1 |
0 |
- |
- |
- |
|
1 |
0 |
- |
- |
|
|
2 |
0, 1 |
- |
- |
|
|
3 |
0, 1, 2 |
- |
- |
|
|
4 |
0, 1, 2, 3 |
- |
- |
|
|
5 |
0, 1, 2, 3, 4 |
- |
- |
|
|
6 |
0, 1, 2, 3, 4, 5 |
- |
- |
|
|
7 |
0, 1, 2, 3, 4, 5 ,6 |
- |
- |
|
|
8 |
0, 1, 2, 3, 4, 5, 6, 7 |
- |
- |
|
To prevent oversubscription, you can configure the maximum number of active ports that can operate at the configured speed. Table 4 summarizes the maximum number of Gigabit Ethernet ports at PIC and port levels:
|
Port Type |
Maximum Number of Ports at PIC Mode (on PIC0 and PIC1) |
Maximum Ports Configurable at Port Mode (on PIC0 and PIC1) |
|---|---|---|
|
10GbE |
24 16 ports from PIC 0 and 8 ports from PIC 1. |
20 Refers to 12 ports from PIC 0 and 8 ports from PIC 1. |
|
40GbE |
4 Only 4 ports from PIC 0. PIC 1 supports only 10-Gbps speed. |
4 |
|
100GbE |
4 Only 4 ports from PIC 0. PIC 1 supports only 10-Gbps speed. Note:
If you configure all four PIC 0 ports as 100GbE interfaces then, the PIC 1 ports are disabled. If you then try to configure any PIC 1 port and commit your configuration, the configuration will be invalid. |
4 |
|
Port Mode |
|||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
PIC0 |
PIC1 |
||||||||||
|
100 |
100 |
100 |
100 |
0 Configure the number of active ports as 0 |
|||||||
|
100 |
100 |
100 |
10/40 |
0 Configure the number of active ports as 0 |
|||||||
| 100 | 100 | 100 |
0 |
10 |
10 |
10 |
10 |
10 |
10 |
10 |
10 |
|
100 |
100 |
10/40 |
10/40 |
10 |
10 |
10 |
10 |
10 |
10 |
10 |
10 |
|
100 |
10/40 |
10/40 |
10/40 |
10 |
10 |
10 |
10 |
10 |
10 |
10 |
10 |
|
10/40 |
10/40 |
10/40 |
10/40 |
0 Configure the number of active ports as 0 |
|||||||
|
10/40 |
10/40 |
10/40 |
0 |
10 |
10 |
10 |
10 |
10 |
10 |
10 |
10 |
For information about oversubscription, see Port Speed.
See Also
SRX2300 Port Speed Overview
To view the supported transceivers, optical interfaces, and DAC cables on SRX2300, see Hardware Compatibility Tool.
SRX2300 includes four PICs with the following properties:
-
PIC 0 with default speed of 10 Gbps
-
PIC 1 with default speed of 10 Gbps
-
PIC 2 with default speed of 25 Gbps
-
PIC 3 with default speed of 100 Gbps
| Port Location | Number and Type of Ports | Supported Speeds | Default Speed |
|---|---|---|---|
|
PIC 0 (ports 0–7) |
8 RJ-45 ports |
1 Gbps, 2.5 Gbps, 5 Gbps, and 10 Gbps |
10 Gbps |
|
PIC 1 (ports 0–7) |
8 SFP+ ports |
1 Gbps, 10 Gbps |
10 Gbps |
|
PIC 2 (ports 0–3) |
4 SFP28 ports |
1 Gbps, 10 Gbps, and 25 Gbps |
25 Gbps |
|
PIC 3 (ports 0–1) |
2 QSFP28 ports |
40 Gbps, 100 Gbps |
100 Gbps |
|
PIC |
Interface Type |
Interfaces |
|---|---|---|
|
PIC 0 |
RJ-45 |
mge-0/0/0 – mge-0/0/7 |
|
PIC 1 |
SFP+ |
xe-0/1/0 – xe-0/1/7 |
|
PIC 2 |
SFP28 |
et-0/2/0 – et-0/2/3 |
|
PIC 3 |
QSFP28 |
et-0/3/0 – et-0/3/1 |
Follow these guidelines when you configure the port speed:
-
The Junos OS creates the copper interfaces of PIC 0 (mge interfaces) by default.
-
PIC 0 supports the following speeds:
-
1 Gbps
-
2.5 Gbps
-
5 Gbps
-
10 Gbps
Use the following command to configure the speed:
set interfaces <mge-x/y/z> speed -
-
PIC 1 supports mixed speed: 1 Gbps and 10 Gbps. The interface is created based on the plugged-in transceiver. You need not configure the speed.
root@srx2300# set chassis fpc 0 pic 1 pic-mode ? No valid completions
PIC 2 supports 3 different speeds: 1 Gbps, 10 Gbps, and 25 Gbps. The interface is created based on the plugged-in transceiver. If the transceiver and the configured speed mode do not match, the interface is not created.
Use the following command to configure the port speed:
set chassis fpc 0 pic 2 pic-modeSee Port Speed Overview to configure speed step-by-step.
-
PIC 3 supports mixed speed, 40 Gbps or 100 Gbps. The interface is created based on the plugged-in transceiver. You need not configure the speed.
root@srx2300# set chassis fpc 0 pic 3 pic-mode ? No valid completions
-
Use the
show interface diagnostics optics <interface-name>command to display diagnostic data and alarms.
Channelization
You can channelize QSFP28 ports into:
-
4x25 Gbps with 100GbE SFP
-
4x10 Gbps with 40GbE SFP
set chassis fpc <fpc slot> pic <pic slot> port <port
number> channel-speed <10G | 25G>
Example:
set chassis fpc 0 pic 3 port 4 channel-speed 25G
set chassis fpc 0 pic 3 port 4 channel-speed 10G
SRX1600 Port Speed Overview
To view the supported transceivers, optical interfaces, and DAC cables on SRX1600, see Hardware Compatibility Tool (HCT).
SRX1600 includes three PICs with different supported speeds:
-
PIC 0 with 1GbE default speed
-
PIC 1 with 25GbE default speed
-
PIC 2 with 10GbE default speed
See Table 8 for details.
| PIC | Port | Port Speed Supported | Default Speed |
|---|---|---|---|
|
PIC 0 |
0-15 |
16x1-10 Mbps interface 16x1-100 Mbps interface 16x1-GbE interface |
1Gbps |
|
PIC 1 |
0-1 |
2x1-GbE Interface 2x10-GbE Interface 2x25-GbE Interface |
25Gbps |
|
PIC 2 |
0-3 |
4x1-GbE Interface 4x10-GbE Interface |
10Gbps |
Interface Naming Conventions
Table 9 lists the interface naming conventions for the SRX1600 devices.
| PIC | Interface Type | Interfaces |
|---|---|---|
|
PIC 0 |
1-Gigabit Ethernet interface (16 RJ-45 ports) |
ge-0/0/0 – ge-0/0/15 |
|
PIC 1 |
1G/10GbE/25GbE (2 SFP28 ports) |
et-0/1/0 – et-0/1/1 |
|
PIC 2 |
1G/10GbE (4 SFP+ ports) |
xe-0/2/0 – xe-0/2/3 |
Follow these guidelines when you configure the speed of the port:
-
To view the port speeds on each PIC, execute the
show chassis piccommand. -
The Junos OS creates PIC 0 interfaces by default, and PIC1 and PIC2 interfaces only if you plug in XCVR.
-
PIC 1 supports 3 different speed modes: 1G, 10GbE, and 25GbE
Use the following command to configure the port speed:
set chassis fpc 0 pic 1 pic-mode -
PIC 2 supports mixed speed, 1GbE or 10GbE. The interface is created based on the XCVR plug-in.
See Port Speed Overview to configure speed step-by-step.
-
Use the show interface diagnostics optics <interface-name> command to display diagnostic data and alarms.
SRX380 Port Speed Overview
Table 10 presents the details of SRX380 speeds.
| Port Location | Number and Type of Ports | Supported Speeds |
|---|---|---|
| FPC0, PIC0 | 16 RJ-45 ports | 1 Gbs |
| FPC0, PIC0 | 4 SFP ports | 10 Gbs |
Follow the guideline given below when you configure the speed of a port:
-
Use the speed (Chassis Cluster) configuration to set 1-Gbps speed on PIC 1 ports. 1-Gbps speed is supported only in non-autonegotiation mode. If autonegotiation mode is enabled by default at the remote end, then you must disable it.
Port Speed on SRX5K-IOC4-MRATE
Each of the twelve ports of PIC 0 and PIC 1 of an SRX5K-IOC4-MRATE supports port speeds of 10 Gbps and 40 Gbps. However, only ports 2 and 5 of both the PICs support port speed of 100 Gbps. You can choose to configure all supported ports of the SRX5K-IOC4-MRATE to operate at the same supported speed or configure all the ports at different supported speeds.
You can configure port speed at the PIC level, to operate all the ports of the SRX5K-IOC4-MRATE at the same speed. That is, you can choose to configure the PIC to operate at a supported speed, and then all the supported ports of the PIC to operate at the configured speed. For example, if you choose to configure PIC 0 at 100-Gbps speed, only ports 2 and 5 of PIC 0 operate at 100-Gbps speed, while the other ports of the PIC are disabled. Similarly, if you choose to configure PIC 0 at 10-Gbps or 40-Gbps speed, all the ports of the PIC are enabled to operate at those speeds. Additionally, you can prevent oversubscription by specifying the number of active physical ports that operate at 10-Gbps, 40-Gbps, and 100-Gbps speeds.
You cannot configure 1-Gbps speed at PIC level and port level. You can configure the port configured at 10-Gbps speed to operate at 1-Gbps speed by using the speed statement. After you commit the configuration, the operating speed of the 10-Gbps port changes to 1-Gbps speed, but the show interface command displays the speed configuration (operating port speed) as 1GE. If the interface is configured with 1-Gbps speed, then the Speed Configuration field displays 1G; if the interface is configured with 10-Gbps speed, Speed Configuration displays AUTO.
You can configure port speed at the port level, to operate different ports of the SRX5K-IOC4-MRATE at different supported speeds. That is, you configure each port to operate at a supported speed.
The SRX5K-IOC4-MRATE supports an aggregate bandwidth of 480 Gbps, and each of the two PICs supports a bandwidth limit of 240 Gbps. If the aggregate port capacity configured exceeds 240 Gbps per PIC, the configuration is not supported.
Configuring Port Speed at PIC Level
To configure port speed at the PIC level:
If the number-of-ports statement is not configured,
all the ports that support the speed configured in Step 2 are enabled. That
is, depending on that selection, ports 0 through 5 are enabled for speeds of
10-gigabit or 40-gigabit, while ports 2 and 5 are enabled for 100-gigabit.
You can also use the number-of-ports statement to disable
certain ports. Table 1 below, lists the physical ports that are enabled when
the number-of-ports statement is configured.
|
Ports Configured ( |
Active Physical Ports for Different Configured Speeds |
||
|---|---|---|---|
|
10-Gigabit |
40-Gigabit |
100-Gigabit |
|
|
1 |
0 |
0 |
2 |
|
2 |
0, 1 |
0, 1 |
2, 5 |
|
3 |
0, 1, 2 |
0, 1, 2 |
2, 5 |
|
4 |
0, 1, 2, 3 |
0, 1, 2, 3 |
2, 5 |
|
5 |
0, 1, 2, 3, 4 |
0, 1, 2, 3, 4 |
2, 5 |
|
6 |
0, 1, 2, 3, 4, 5 |
0, 1, 2, 3, 4, 5 |
2, 5 |
Configuring Port Speed at Port Level
To configure port speed at the port level:
Note the following when configuring port speed on an SRX5K-IOC4-MRATE:
-
If port speed is not configured, all ports of the SRX5K-IOC4-MRATE operate as four 10-Gigabit Ethernet interfaces by default. Therefore, when booting the MPC:
-
If port speed is not configured or if invalid port speeds are configured, each port operates as four 10-Gigabit Ethernet interfaces. An alarm is generated to indicate that the ports of the SRX5K-IOC4-MRATE are operating as four 10-Gigabit Ethernet interfaces.
-
If valid port speeds are configured, the MPC PICs operate at the configured speed.
-
-
• When you change an existing port speed configuration at the port level, you must reset the SRX5K-IOC4-MRATE PIC for the configuration to take effect. An alarm is generated indicating the change in port speed configuration.
-
• When you change an existing port speed configuration with an invalid port speed configuration, an alarm is generated indicating that the port speed configuration is invalid. The MPC continues to operate using the previously configured valid port speed configuration. However, if the MPC or PIC is restarted with the committed invalid port configuration, all ports of the MPC operate as four 10-Gigabit Ethernet interfaces by default.
-
• You cannot configure port speed at the PIC level and the port level simultaneously. Error messages are displayed when you try to commit such configurations.
-
• When you configure port speed at the port level, only the configured ports are enabled. Other ports are disabled.
-
Logical interfaces can be created only on ports that are enabled.
-
You must restart the chassis when you change the port profile configuration.