Hardware
-
New Routing Engine RE-S-X6-128G-K with TPM 2.0 (MX240, MX480, and MX960)—In Junos OS Release 22.2R1S2, we introduce the RE-S-X6-128G-K, a new Routing Engine integrated with Trusted Platform Module 2.0 (TPM 2.0). This new Routing Engine is an upgrade to the existing Routing Engine RE-S-X6-128G-S.
Note:The RE-S-X6-128G-K Routing Engine must be used with either SCBE2-MX or SCBE3-MX.
The key features of the RE-S-X6-128G-K include:
- Digital cryptographic identity (also called device ID or DevID) embedded in TP M2.0
- RFC 8572-based secure zero-touch provisioning (secure ZTP)
-
New MX304 Universal Routing Platform—Starting in Junos OS Release 22.2R1-S2, we introduce the MX304 router—a 2-U, compact modular system that can scale up to 4.8-Tbps capacity. This bandwidth gives hyperscalers, cloud providers, and service providers the performance and scalability needed as networks grow.The router supports 400GbE, 100GbE, 50GbE, 40GbE, 25GbE, and 10GbE interfaces. It has pluggable Routing Engines (it supports one or two Routing Engines), redundant power, and cooling capability. It accepts up to three line-card MICs (LMICs). Each LMIC has 1 YT chip and 1.6 Tbps of forwarding capacity. It supports 4x400-Gbps ports, 16x100-Gbps ports, or a combination.
Table 1: Features Supported on MX304 Feature
Description
Chassis -
Fabric management support includes fabric hardening, fabric board control, and fault handling. Fabric management includes support for built-in SFB and line-card MIC (LMIC model number JNP304-LMIC16-BASE). MX304 routers support three LMICs (additional LMIC model number MX304-LMIC16-BASE).
The SFB provides 18 fabric links to each PFE. There is no SFB fabric redundancy support.
[See Fabric Plane Management.]
-
Limited-encryption Junos OS image and boot restriction
[See Junos OS Editions.]
-
Support for platform resiliency
[See show system errors active.]
Class of service (CoS)
-
Forwarding CoS and hierarchical CoS (HCoS) support.
[See Understanding Class of Service and Hierarchical Class of Service for Subscriber Management Overview.]
Distributed denial-of service (DDoS)
-
DDoS protection is enabled by default.
[See Control Plane Distributed Denial-of-Service (DDoS) Protection Overview.]
Flow monitoring -
Support for Inline services—We support the following Inline services:
- Inline active flow monitoring
- Inline monitoring
- Video monitoring
- FlowTapLite
[See Monitoring, Sampling, and Collection Services Interfaces User Guide.]
-
Support for Routing-Engine-based traffic samplingYou can configure Routing-Engine-based traffic sampling. Traffic sampling enables you to copy traffic to a line card that performs flow accounting while the router forwards the packet to its original destination. You configure either an input or an output firewall filter with a matching term that contains the
then sample
statement. Routing-Engine-based traffic sampling supports only the version 5 and version 8 formats for exporting flow records.[See Configuring Traffic Sampling on MX, M and T Series Routers.]
Hardware -
The MX304 router contains pluggable Routing Engines and supports up to three LMICs. Each LMIC supports 4x400-Gbps ports, 16x100-Gbps ports, or a combination. The MX304 router has two dedicated AC, DC, or HVAC/HVDC power supply modules and front-to-back cooling.
-
Supported transceivers, optical interfaces, and DAC cables—Select your product in the Hardware Compatibility Tool to view supported transceivers, optical interfaces, and DAC cables for your platform or interface module. We update the HCT and provide the first supported release information when the optic becomes available.
High availability (HA) and resiliency
-
Support for BFD:
- Centralized, distributed, inline, single-hop, multihop, and micro-BFD.
- BFD over integrated routing and bridging (IRB) interfaces.
- BFD over pseudowire over logical tunnel and redundant logical tunnel interfaces.
- Virtual circuit connectivity verification (VCCV) BFD for Layer 2 VPNs, Layer 2 circuits, and virtual private LAN service (VPLS).
[See Understanding BFD for Static Routes for Faster Network Failure Detection, and Bidirectional Forwarding Detection (BFD).]
-
Resiliency support for Packet Forwarding Engine and the built-in Switch Fabric Board (SFB).
[See show system errors active.]
Interfaces
-
MX304 introduces a pluggable 4x400GbE and 16x100GbE Combo LMIC. MX304 can deliver a bandwidth of up to 4.8Tbps. Each MX304 LMIC hosts two Packet Forwarding Engines with overall bandwidth of 1.6 Tbps. Each PFE is capable of 800G and overall it becomes 1.6 Tbps.
Each port supports 10-Gbps, 25-Gbps, 40-Gbps, 50-Gbps, 100-Gbps, 200-Gbps, and 400-Gbps interface speeds using different optics.
You can channelize the interfaces as follows:
- Four 10 GbE interfaces
- Four 25 GbE interfaces
- One 100 GbE interfaces
- Two 100 GbE interfaces
- Four 100 GbE interfaces
Note that we support 40G channelization on all odd ports, but alternate ports should be empty.
You can configure the port speed at the
[edit chassis]
hierarchy level.[See Port Speed.]
-
Supports transceivers, optical interfaces, and direct attach copper (DAC) cables on MX304.
[See Hardware Compatibility Tool , and optics-options.]
-
Support for flexible tunnel interfaces
Juniper telemetryinterface (JTI)
-
NPU and CPU memory utilization telemetry sensor support in JTI—You can use JTI to stream network processing unit (NPU) and CPU statistics to an outside collector from an MX304 router. Include the following sensors in a remote procedure calls (gRPC) or gRPC network management interface (gNMI) subscription:
- /junos/system/linecard/cpu/memory/
- /junos/system/linecard/npu/memory/
- /junos/system/linecard/npu/utilization/
[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]
-
Logical interface statistics for IPv4 and IPv6 family counters—You can stream per-family logical interface input and output counters for IPv4 and IPv6 traffic using JTI and gRPC to an outside collector.
Include the resource paths /junos/system/linecard/interface/logical/family/ipv4/usage/ and /junos/system/linecard/interface/logical/family/ipv6/usage/ in a gRPC subscription.
[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]
-
Transceiver diagnostics sensor support in JTI—JTI supports the OpenConfig transceiver model
openconfig-platform-transceiver.yang
0.5.0. You can deliver ON_CHANGE transceiver statistics to an outside collector using remote procedure calls (gRPC) or gRPC network management interface (gNMI) services.[See Telemetry Sensor Explorer.]
Layer 2 features
-
Support for Layer 2 features
[See Configuring Q-in-Q Tunneling and VLAN Q-in-Q Tunneling and VLAN Translation, Understanding Layer 2 Bridge Domains, Understanding Layer 2 Learning and Forwarding, and Introduction to OAM Connectivity Fault Management (CFM).]
-
Support for Layer2 Ethernet services over GRE tunnel interfaces
[See Configuring Layer 2 Ethernet Services over GRE Tunnel Interfaces.]
Layer 3 features
-
Support for Layer 3 features
[See MPLS Overview, Multicast Overview, Tunnel Services Overview, and Understanding Next-Generation MVPN Control Plane.]
-
Load balancing support:
- Enhanced hash key options.
- Consistent flow hashing, source IP-only hashing, and destination IP-only hashing.
- Symmetrical load balancing over 802.3 and LAGs.
Layer 3 VPN
-
Anti-spoofing protection for next-hop-based dynamic tunnelsWe've added antispoofing capabilities to IPv4 tunnels and IPv4 data traffic. Antispoofing for next-hop-based dynamic tunnels can detect and prevent a compromised virtual machine (inner source reverse path forwarding check) but does not apply to a compromised server that is label-spoofing. The antispoofing protection is effective when the VRF routing instance has label-switched interfaces (LSIs) using vrf-table-label or virtual tunnel (VT) interfaces. We do not support antispoofing protection for per-next-hop labels on VRF routing instances.
[See Anti-Spoofing Protection for Next-Hop-Based Dynamic Tunnels Overview and Example: Configuring Anti-Spoofing Protection for Next-Hop-Based Dynamic Tunnels.]
MACsec
-
Support for Media Access Control Security (MACsec), including AES-256 encryption, extended packet numbering, and fail-open mode
[See Configuring Media Access Control Security (MACsec) on Routers.]
-
MACsec bounded delay protection
[See bounded-delay.]
Multicast
-
Auto LSP Policer support:
- Multicast load balancing of point-to-multipoint (P2MP) label-switched-paths (LSPs) over aggregated Ethernet child links.
- Automatic policers for MPLS P2MP LSPs.
- Display of packet and byte statistics for sub-LSPs of a P2MP LSP.
- GRES and graceful restart for MPLS P2MP LSPs.
- Multicast virtual private network (MVPN) extranet or overlapping functionality.
[See Example: Configuring Multicast Load Balancing over Aggregated Ethernet Links, and Point-to-Multipoint LSP Configuration]
Network management and monitoring
-
Support for port mirroring
[See Configuring Port Mirroring on M, T MX, ACX, and PTX Series Routers.]
-
Support for configuring ITU-T Y.1731 standard-compliant Ethernet synthetic loss measurement (ETH-SLM) and Ethernet delay measurement (ETH- DM) capabilities
Routing policy and firewall filters
-
Support for forwarding firewalls
[See Understanding Firewall Filter Match Conditions, Overview of Policers, Fast Update Filters Overview, Service Filter Overview, and Understanding Firewall Filter Fast Lookup Filter.]
Services applications
-
Inline Services support:
- Inline NAT—NAT44 and NPTv6
- Inline softwires—Mapping of Address and Port with Encapsulation (MAP-E) and IPv6 rapid deployment (6rd)
- Inline J-Flow
- Inline monitoring
- Video monitoring
- FlowTapLite
[See Inline NAT, Configuring Mapping of Address and Port with Encapsulation (MAP-E), Configuring Inline 6rd, and Monitoring, Sampling, and Collection Services Interfaces User Guide.]
-
Support for RFC 2544-based benchmarking tests
[See Understanding RFC2544-Based Benchmarking Tests on MX Series Routers.]
-
Support for Two-Way Active Measurement Protocol (TWAMP) and Real-Time Performance Monitoring (RPM)
[See Understand Two-Way Active Measurement Protocol, and Real-Time Performance Monitoring.]
-
DHCP security—The MX304 router supports the following DHCP security features:
- DHCP snooping with Option 82.
- DHCPv6 snooping with Option 16, Option 18, Option 37, and Option 79.
- Lightweight DHCPv6 relay agent.
[See DHCP Snooping.]
Software installation and upgrade
-
Support for secure boot
[See Secure Boot.]
-
Support for zero-touch provisioning (ZTP) on the management interface. ZTP automates the provisioning of the device configuration and software upgrade over the management interface of the Routing Engine.
-