Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Solution Benefits

The Juniper Scale-Out Security Services solution is a common security services complex featuring a Stateful Firewall (SFW) and Carrier Grade Network Address Translation (CGNAT) for use in a fixed and wireless Multiservice Edge (MSE) and Broadband Edge (BBE) deployments for Service Providers and MSO’s. The security complex leverages the scale-out network architecture and automation with a tight integration between routing and security services elements represented by MX universal routers and SRX Series Firewalls. This provides the best routing and security stacks for optimal performance and total cost of ownership. The scale-out approach offers advantages over scale-up and integrates security engines directly into the routing nodes, including:

  • Highly scalable CGNAT/SFW systems with respect to number of traffic flows and IPv4/IPv6 prefixes
  • Pay-as-you-grow approach
  • Flexibility to handle unpredictable traffic growth
  • High availability with sub-second restoration for stateful traffic flows
  • Optimal operational preferences for a choice of physical or virtual nodes
  • Improved time to market security services on new platforms
  • Flexible placement of security services in the network
Figure 1: Juniper Scale-Out General Architecture Juniper Scale-Out General Architecture

This solution is equally applicable for the green-field deployments or as a nested solution on top of the existing MX-series routers in the centralized or distributed multiservice edge segment of SP networks allowing flexibility in placement of the services across SP WAN infrastructure.

The Scale-Out Security Services solution provides a scale-out model for enabling high capacity CGNAT and SFW services combining Juniper MX Series modular and compact routers with Juniper vSRX and SRX4600 security products (Virtual Network Functions or Appliances). In general, a solution includes three layers: forwarding layer, security services layer, and management and control layer. These layers enable consistent traffic flows through the service complex in both directions, addressing high availability requirements and simplified operations and management of multiple systems constitute the solution.

This JVD focuses on the first two layers only, which include the following functional elements and solution building blocks:

  • Security Services Layer:
    • CGNAT
    • Stateful Firewall
    • High availability function
  • Forwarding Layer:
    • PE forwarding plane with virtual routing instance (“external” and “internal”)
    • Load balancing between multiple nodes of the service layer
    • High availability function
    • May include a distribution-forwarding layer optionally