Security gets the 'virtualization' treatment as Juniper rolls the flexible SRX platform into the carrier security services sector

Craig Matsumoto, Editor-in-Chief, Light Reading

September 15, 2008

4 Min Read
Juniper Strikes at Security's Core

Taking a cue from the virtualization camp, Juniper Networks Inc. (NYSE: JNPR)is extending the security products and services developed from its 2004 NetScreen acquisition into a flexible high-end platform that, the company claims, could change the way carriers add services on the network. (See Juniper Buys NetScreen.)

The new SRX Dynamic Services Gateway line could also give NetScreen -- technically Juniper's Service Layer Technologies unit (SLT) -- a new presence in the network core, as the new line is far more high-end than anything currently in the SLT portfolio.

The SRX's trick is that its linecards are identical. Services such as firewalling, intrusion prevention, network address translation, and even plain old routing, get assigned via software, with each card able to handle different combinations of services for different customers.

In other words, the SRX is performing a kind of virtualization. Its linecards represent one big pool of resources -- built using elements such as processors and hardware-based encryption -- to be split up however needed.

"We’ve seen router and switches that can add route/switch capacity cards, but nothing this modular in the enterprise security domain," writes Forrester Research Inc. analyst Rob Whiteley in an email to Light Reading.

(The concept might sound familiar to many in the optical world, though. Consider the way Infinera Corp. (Nasdaq: INFN) refers to its DTN platform as providing a pool of bandwidth that's available on demand -- see Infinera Gets Virtual.)

So, what good is this setup? For one, it saves on the number of boxes being deployed. And it could help operators centralize certain services, serving them from the network core or metro core rather than at the customer premises.

"Companies can migrate the firewalling function away from the perimeter -- which is not protecting applications anyway -- and push it back into the datacenter where the applications and data reside," Whiteley writes. "It’s a slick solution for a de-perimeterized world."

It's also a change from the way other vendors -- Cisco Systems Inc. (Nasdaq: CSCO) in particular -- have handled services. The Cisco 7600 has become a chameleon of a system, with linecards that can make it a pure router or a pure services box. Its functions don't cross from one type of card to the next, though.

And because the SRX is a single box on a familiar operating system, it could be an easier alternative to the multiple-box expansion carriers tend to use.

"If they want to provide a policy to a user, they're knitting together different boxes," says Michael Frendo, Juniper's senior vice president of high-end security systems. "Those often have different operating systems and different management systems."

In addition to being flexible, the SRX line boasts big performance numbers -- firewalls and intrusion prevention that's six times faster than anything Juniper's offered before, for instance. A more important metric might be the session rate -- 350,000 session setups (or teardowns) per second.

"We're seeing these massive spikes in terms of sessions," says Brian Lazear, a Juniper director of product management. That's driven partly by the use of applications such as Google Maps, where the drawing of a map page consists of 20 to 30 services.

Juniper talks about the SRX line being able to fit 400 Gbit/s in Gigabit Ethernet and 10-Gbit/s Ethernet interfaces. But the chassis is built to handle up to 960 Gbit/s of traffic, Juniper claims, which would give the platform some room for growth.

Two variants are being launched. The SRX 5600 has six free slots for linecards and sells for $65,000, while the SRX 5800 includes 12 vacant linecard slots and sells for $68,000. Both require linecards (duh), which cost $100,000 apiece.

The SRX continues what's been a year of big launches and changes for Juniper. In January, the company got into Ethernet switching with the EX line, a move that analysts believed was long overdue. (See Juniper Storms Into Ethernet Switching.)

And Scott Kriens, while still chairman, is stepping aside in favor of new CEO Kevin Johnson, late of Microsoft Corp. (Nasdaq: MSFT). (See Kriens Steps Aside as Juniper CEO.)

No word yet on whether Kriens and Johnson plan to do any TV spots.

— Craig Matsumoto, West Coast Editor, Light Reading

About the Author(s)

Craig Matsumoto

Editor-in-Chief, Light Reading

Yes, THAT Craig Matsumoto – who used to be at Light Reading from 2002 until 2013 and then went away and did other stuff and now HE'S BACK! As Editor-in-Chief. Go Craig!!

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like