© 2019 Juniper Networks Juniper Business Use Only

Junos evolved.
Presenter: Aldrin Isaac, Product Management

© 2019 Juniper Networks Juniper Business Use Only

CONFIDENTIALITY AND LEGAL NOTICE

This material contains information that is confidential and proprietary to Juniper

Networks, Inc. Recipient may not distribute, copy, or repeat information in the
document without a signed non-disclosure agreement (NDA).

Any statements of product direction contained in this presentation sets forth Juniper
Networks’ current intention and is subject to change at any time without notice. No
purchases are contingent upon Juniper Networks delivering any feature or functionality
depicted in this presentation.

Copyright 2019 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper
Networks logo, Juniper, Junos, and NXTWORK are registered trademarks of Juniper Networks,
Inc. in the United States and other countries. All other trademarks, service marks, registered
marks, or registered service marks are the property of their respective owners. Juniper
Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks
reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

© 2019 Juniper Networks Juniper Business Use Only

Evolution of Junos
Evolving to meet customer needs
EVO Phase
A MGD PPMD HWD PFE Software
TVP Phase P
A Junos CP PFE I
Occam Phase 3rd Platform
P VM Software s RPD CoSD IFMAND
Party Software
Junos VM I (RPD, CoS, Platform
s DCD, ….) Software Distributed State Infrastructure
Junos
Linux Linux Linux
CPU CPU CPU CPU CPU CPU CPU CPU … CPU CPU CPU CPU CPU CPU CPU CPU CPU … CPU

• 32 bit FreeBSD • 64 bit FreeBSD • Separate control plane & • Linux native applications
• CLI/XML • Multi-core SMP platform software • Granular self-contained functions
• Combined capability • Rich and extensive APIs • Logically centralized app-agnostic state DB
control plane • Junos code in kernel • Streaming telemetry • High horizontal & vertical scale
and platform loadable modules • Application/process based HA
SW • Virtualized Junos • Fine-grained system telemetry
over Linux • Model driven API’s and functions
• Netconf/Yang API • Support of 3rd party software

90’s - 2012 2012 - 2016 2017+ 2018 and beyond

© 2019 Juniper Networks Juniper Business Use Only

 • Market leadership in Junos
Junos Evolved in a Nutshell • Enhanced in Junos Evolved

External Tooling (ZTP, Puppet…) and Controllers

Streaming Mgmt Plane API JET Control Consistent control, management and data plane
Forwarding Plane API
telemetry (SNMP, CLI, NETCONF, Plane API
(OpenFlow, P4, AFI) • RPD, MGD, L2 apps
OpenConfig)
• PFE 2.0 (AFT) for custom ASIC based HW

Openness
• Linux native platform and apps
Mgmt Routing
3rd • Support for 3rd party software and tools
Party
Modularity
Platform • Component level design with resiliency
Fwd • Support for hitless component upgrade
Sensors
Logically Centralized Database
State DB
• All state modelled and API Accessible
Linux • Pub-sub communication between components
• Strong fault isolation between components
Hardware • Improved diagnostics for rapid debugging

© 2019 Juniper Networks Juniper Business Use Only

 The Junos Evolved Difference
▪ Increased resilience through clean decoupling between components
Improve Availability
▪ Better debugging enabled by richer visibility in centralized state database
& Performance
▪ Accelerated development & deployment

Accelerate ▪ Component upgrade for deployment of new capabilities without downtime

▪ Better diagnostic tools to identify and fix bugs before software release
Development &
▪ Software modularity to enable continuous iterative improvements
Deployment
▪ Trusted Junos control plane software single sourced to Junos Evolved

▪ Open flavor to enable applications that do not come out-of-the-box

Drive Innovation ▪ New APIs for new capabilities to be built over Junos platform and apps
▪ Modularity and Linux centricity open door for new disaggregation paradigms

▪ Consistency with common APIs and CLI

Boost Operational
▪ Leverage familiar Linux tools across the infrastructure
Efficiency
▪ Empower more use cases on fewer unique platforms

© 2019 Juniper Networks Juniper Business Use Only 6

 Product Roadmap Summary

DC Overlay, DC Edge, Metro

Peering & L2

DC Underlay & WAN Core

Use Case Q1 2019 Q2 2019 Q3 2019 Q4 2019 1H 2020 2H 2020

TOR, QFX5200-32C: QFX5220-32CD: QFX5220-128C: QFX (TD4)

3.2T, 1RU (TH) 2.8T (TH3) 12.8T (TH3) 32x400G
Spine 48x100G+6x400G

Core, PTX 10003 PTX 10008 PTX 10008 PTX 10001 PTX 10003
8T / 16T, 3RU 14.4T LC (BT) 4.8T LC (BT) 9.6T, 1RU (BT) 28.8T, 3RU (BT)
Spine (ZX)_

ACX ACX
Metro 600G 1RU (Q-2A) 600G 1RU (Q-2A)
2.4T 3RU (J2-2C) 2.4T 3RU (J2-2C)
4.8T 5RU (J2) 4.8T 5RU (J2)

© 2019 Juniper Networks Juniper Business Use Only

Evolution of Junos Disaggregation
Disaggregation
Linux Centricity
3rd PFE MGD
Programmability PFE Other MGD
Party
APIs
APIs
Automation PFE MGD
Platform ZTP L2 RPD Platform RPD
APIs RPD
MGD PFE
Platform Juniper or 3rd Party SW Infra
RPD Platform Junos VM Distributed SW Infrastructure

Junos FreeBSD Junos Linux Junos Linux 3rd Party Linux

Juniper HW Juniper HW Juniper HW Juniper or 3rd Party HW

• FreeBSD Unix • Openflow • All Linux native applications • Disaggregated RPD

• NETCONF • OpenConfig • Software modularity • SONiC on Juniper
• gRPC (gNMI, gNOI, gRIBI) • Support of 3rd party software • EVO on white box
• JET & JTI
• P4 (via AFT)

90’s - 2012 2014+ 2019+

© 2019 Juniper Networks Juniper Business Use Only

 Ready for Disruptive Trends in the Forecast
PB/month
450000
26% CAGR
400000

350000 Edge Cloud

300000

250000
Artificial AR/VR
200000 Intelligence

150000

100000

50000 1G/10G 10G/40G 100G/400G

0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022

15 years

11 years
Vendor-1 Vendor-2 EVO

© 2019 Juniper Networks Juniper Business Use Only

Architecture

© 2019 Juniper Networks Juniper Business Use Only 10

EVO Architecture
Key Constructs

Linux as base OS
• Leverage wide support and vast developer base.
…….
• Use open source tools wherever possible.
RPD MGD Platform Fabric PFE • Support standard Linux tools
• Native Linux applications
Pub-sub state system Remove state from kernel
• No kernel state repository and state propagation.
• Minimize changes to kernel.
Linux Kernel • Separate logic from state

Modularity
ASIC • Formalized interfaces between components.
• Pub-sub communication between components
• Clear separation / fault isolation between components.
• Lego blocks to support different use cases.
• Support component upgrade without system reboot.

© 2019 Juniper Networks Juniper Business Use Only

EVO Architecture
Distributed OS for Multi-Node Systems

………
Symmetric Infrastructure
Platform ……… MGD Fabric
RPD
• Applications can run anywhere and use the
pub-sub state Distributed Distributed pub-sub state same infrastructure.
transport M transport
• Auto node discovery and organization.
Linux Kernel E
S
Linux Kernel • Message bus for transport of distributed state
S • Utilize all compute resources
Routing engine A Routing engine • Add resources for scale and convergence
G • Support simple and complex topologies –
E single node, chassis, VC, VM cluster, etc.

PFE jFlow ……… B PFE jFlow ………

Remove state from kernel
U • Support scale out of nodes
Distributed Distributed
pub-sub state S pub-sub state
transport transport

Linux Kernel Linux Kernel

Line Card Line Card

© 2019 Juniper Networks Juniper Business Use Only

EVO Architecture
Improving Software Development

Rich Application Infrastructure

• Minimize boilerplate application code - Generate code.
• Common code for control and management plane
• Simplify application development.
• Support modern languages.
• API accessible ”centralized” database

Modernize development environment

• Adopt modern programming languages and paradigms.
• Robust Unit testing framework.
• Enable component checkout and speed up build.
• Pre-commit testing and Virtual EVO.

© 2019 Juniper Networks Juniper Business Use Only

Formal Modelling of State
● All State in DDS is modelled as objects

● Common format for all state defined in a

data modelling language (EVL)
● Field and Relationship – Links (related) and
Attachments (part of)

● Auto generation of binding APIs – simplify

application development

● Hierarchical schema for simplified query

● Python and C++ APIs to set/get any DDS

state

© 2019 Juniper Networks Juniper Business Use Only

Juniper Telemetry Interface in EVO
Key Telemetry Design Features CLI
SNMP JTI ……. jFlow
● Single data model for both DDS state (show)
(published) and Stats (unpublished)

● Telemetry on-change (event-based vs

Client Adapter layer
polled). (Client format translation)
● State compression EVO data access layer
(Access APIs)

Interface Control Platform Data Central

Plane plane Data
(RPD) (PFE) Store

© 2019 Juniper Networks Juniper Business Use Only 15

 EVO Software Upgrade
In-service module upgrade steps

1. Upgrade infra runs a diff to

determine component(s) with
changes

2. Re-starts only the changed

component(s).

3. Restarted components
reconcile state from DDS and
continue with the functionality.

EVO modules with SW version 1 EVO modules with SW version 2

© 2019 Juniper Networks Juniper Business Use Only 16

 EVO Incremental Updates

hotfix JAM SW JAM

Upgrade only the affected Upgrade to new hardware Introduce new features by
applications while retaining Junos release upgrade the related
applications only

© 2019 Juniper Networks Juniper Business Use Only

 3rd Party Software Support On EVO
JET APIs ● 3rd party applications can be run on host or
in docker or LXC container. (Requires
Container

App App
Linux API RPD Junos toolchain to build custom application
Linux API
intercept
intercept on host)

● Containers can be a different Linux distro

/proc netdevice ioctl netlink
with it’s own package manager
Intercept Library
● Support for agent-based DevOps tools to
manage the device (ex: Chef, Puppet)
/proc Netdevice ioctl netlink

Linux ● Support for Linux Network APIs through

intercept library (using LD_PRELOAD)
Packet I/O

Physical device ports

© 2019 Juniper Networks Juniper Business Use Only

3rd Party Software Support On EVO (cont’d)

Facility Notes container native

Packet IO and Ability to send and receive packets over mgmt and/or data interfaces. ✅ ✅
Linux socket APIs Standard libc – send, receive, listen, etc.
rtnetlink Ability to use rtnetlink to query networking state like interfaces, ✅ ✅
routes, etc.
netdevice Ability to read network devices ✅ ✅
proc Ability to query kernel data structures using standard interfaces ✅ ✅
provided by Linux kernel
Junos APIS Ability to access Juniper North Bound APIs - NetConf/JET/Telemetry ✅ ✅
Linux package Ability to use standard Linux package management ✅ ❌
manager

© 2019 Juniper Networks Juniper Business Use Only

 Current Status of EVO Security

✓ Secure Boot
o Guarantee the integrity up to Kernel in the boot chain

✓ Kernel Module Signing

o Module signing increases security by making it harder to load a malicious kernel
module into the kernel .

✓ Integrity of read-only file system

o Files shipped by Juniper are not modified in the field.

© 2019 Juniper Networks Juniper Business Use Only

 EVO Security -- Distribution Types
Juniper needs to cover the spectrum customers:

• Skillful developer customers

• Facebook, Google etc, who needs flexibility to customize the box

• Security Paranoid customers.

• DoD or SWIFT who wants complete locked down box

• Security-non-experts in the middle.

• Like telecom operators who would use what we provide, that is reasonably secure.

© 2019 Juniper Networks Juniper Business Use Only

 EVO Security -- Distribution Types (ROADMAP)
Ship
• This will become the default shipping image when it becomes available
Level 3: Juniper
Software Only

• Customers will import their keys into EVO, sign their application with their keys &
Level 2: Signed run them on the device
Customer Software • An add-on package installed on top of the “Level 3” will enable this functionality

Ship
• An open customer development system.
• Linux kernel and Juniper software is protected from inadvertent overwrite
Level 1: Unsigned • Ideal for closed labs, to develop and test custom applications.
Customer Software • Not ideal for exposed production systems.
• Juniper is not responsible for the security posture of these devices
(Current Status)

© 2019 Juniper Networks Juniper Business Use Only 22

 Visible differences between Evo and Junos

• Tool arguments and output differences – (ex: top, ps, netstat, ifconfig)
• Tool usage differences (ex: “chvrf; ping <ip>” in Linux versus custom “ping –I <intf> -U <vrf>” in
Junos FreeBSD)
Linux OS vs FreeBSD • Linux tools in EVO are unmodified vs Junos (ex: Linux ping vs Juniper ping)
• System states (ex: processes, files, devices, networking stack)
• Linux FS directory layout vs FreeBSD. However config and log files are in same location

• Component software upgrade

Software infrastructure • Multi-node system (ex: reboot, application)
• OFP/DDS vs ksyncd

• DCD => IFMAND, CHASSISD => HWDD, etc

Software • Image naming slightly different

• Mgmt interface names: re0:mgmt-0 on EVO vs em0/fxp0 on Junos,

Mgmt interface • DNS/NTP config for Mgmt VRF

© 2019 Juniper Networks Juniper Business Use Only 23

 Visible differences between Evo and Junos

• Some trace-options differences

• AFT vs uKern debugging (cli-pfe vs vty)
Troubleshooting • EVO objmon debug vs rtsock debugging, etc
• Coredump generation

• LD_PRELOAD of intercept library for PFE state, stats and packet IO

3rd party app support • No veriexec in current distribution

• https://www.juniper.net/documentation/en_US/junos/topics/reference/general/evo-how-it-
CLI differences currently at differs-from-junos.html

© 2019 Juniper Networks Juniper Business Use Only 24

RECAP
Strategic Importance Product Highlights

▪ Support of new cloud-driven operational models. • Native Linux infra and applications
▪ New infra required for improved quality and faster time to market • Exposes all state via central state DB
▪ Ability to pivot to new consumption models such as white-box and • Facilitates feature velocity improvements
disaggregation of key software components such as routing • Allows easy 3rd party apps/customization
applications • Supports DC scale and modularity requirements
• Supports hitless patching and upgrades
• Key components single sourced with Junos
• Facilitates lean packaging

Target Customer & GTM

▪ Eventual replacement of current Junos

▪ Targeting new platforms for EVO only delivery
▪ Initial roadmap use cases – public cloud and cloud core
▪ Subsequent roadmap use cases – peering, DC edge, private cloud
▪ Future – subscriber edge, security, campus, branch
▪ Parity with Junos driven via new HW introduction

© 2019 Juniper Networks Juniper Business Use Only

THANK YOU!

© 2019 Juniper Networks Juniper Business Use Only 26