8/3/2019 Data Center Lan Migration Guide
1/68
DATA CENTER LAN MIGRATION GUIDE
8/3/2019 Data Center Lan Migration Guide
2/68
2 Copyright 2010, Juniper Networks, Inc.
Data Center LAN Migration Guide
Table of Contents
Chapter 1: Why Migrate to Juniper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Introduction to the Migration Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Data Center Architecture and Guide Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Why Migrate? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Scaling Is Too Complex with Current Data Center Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
The Case for a High Performing, Simplified Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Why Juniper? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Other Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Chapter 2: Pre-Migration Information Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Pre-Migration Information Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Technical Knowledge and Education . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
C hapte r 3 : D ata Cen ter Mi grati on -Tr igger Even ts an d De ploy me nt Pro cesse s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
How Migrations Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Trigger Events for Change and Their Associated Insertion Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Considerat ions for Introducing an Alternat ive Network Infrastructure Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Trigger Events, Insertion Points, and Design Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
IOS to Junos OS Conversion Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Data Center Migration Insertion Points: Best Pract ices and Installat ion Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
N ew App li cati on /Tech no lo gy Refres h/Se rve r Vi rtu al izati on Tr igger Even ts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Design Options and Best Practices: New Application/Technology Refresh/Server Virtualization
Trigger Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Network Challenge and Solutions for Virtual Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Network Automation and Orchestration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Data Center Consolidation Trigger Event. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Best Practices: Designing the Upgraded Aggregation/Core Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Best Practices: Upgraded Security Services in the Core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Aggregation/Core Insertion Point Installation Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Consolidating and Virtualizing Security Services in the Data Center: Installation Tasks . . . . . . . . . . . . . . . . . . . . . . . . . 44
Business Continuity and Workload Mobility Trigger Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Best Practices Design for Business Continuity and HADR Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Best Practices Design to Support Workload Mobility Within and Between Data Centers . . . . . . . . . . . . . . . . . . . . . . . . 48
Best Practices for Incorporat ing MPLS/VPLS in the Data Center Network Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Six Process Steps for Migrating to MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Co mpleted Mi grati on to a Sim pl ifi ed , Hi gh -Pe rfor man ce, Two-T ie r Networ k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Juniper Professional Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
8/3/2019 Data Center Lan Migration Guide
3/68
Copyright 2010, Juniper Networks, Inc. 3
Data Center LAN Migration Guide
Chapter 4: Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Troubleshooting Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
OSI Layer 1: Physical Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
OSI Layer 2: Data Link Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Virtual Chassis Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
OSI Layer 3: Network Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
VPLS Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Quality of Service/Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
OSI Layer 4-7: Transport to Application Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Troubleshooting Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Chapter 5: S ummary and Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Data Center Design Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Training Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Juniper Networks Professional Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
About Juniper Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
8/3/2019 Data Center Lan Migration Guide
4/68
4 Copyright 2010, Juniper Networks, Inc.
Data Center LAN Migration Guide
Table of Figures
Figure 1: Multitier legacy data center LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Figure 2: Simpler two-tier data center LAN design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Figure 3: Data center traffic flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Figure 4: Collapsed network design delivers increased density, performance, and reliability . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Figure 5: Junos OS - The power of one . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Figure 6: The modular Junos OS architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Figure 7: J unos OS lowers operations costs across the data center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Figure 8: Troubleshooting with Service Now . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Figure 9: Converting IOS to Junos OS using I2J . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Figure 10: T he I2J input page for converting IOS to Junos OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Figure 11: Inverted U design using two physical servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Figure 12: Inverted U design with NIC teaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Figure 13: EX4200 top-of-rack access layer deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Figure 14: Aggregation/core layer insertion point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Figure 15: SRX Series platform for security consolidation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Figure 16: Workload mobility alternatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Figure 17: Switching across data centers using VPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
F igu re 18: Tran si ti on in g to a J un ipe r two -ti er h ig h-p er fo rman ce n etwo rk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
8/3/2019 Data Center Lan Migration Guide
5/68
Copyright 2010, Juniper Networks, Inc.
Chapter 1:Why Migrate to Juniper
8/3/2019 Data Center Lan Migration Guide
6/68
6 Copyright 2010, Juniper Networks, Inc.
Data Center LAN Migration Guide
Introduction to the Migration Guide
IT has become integral to business success in virtually all industries and markets. Todays data center is the centralized
repository of computing resources enabling enterprises to meet their business objectives. Todays data center traffic
flows and performance requirements have changed considerably from the past with the advent of cloud computing
and service-oriented architecture (SOA)-based applications. In addition, increased mobility, unified communications,
compliance requirements, virtualization, the sheer number of connecting devices, and changing network security
boundaries present new challenges to todays data center managers. Architecting data centers based on old traffic
patterns and outdated security models is inefficient and results in lower performance, unnecessary complexity,
difficulty in scaling, and higher cost.
A simplified, cloud-ready, two-tier data center design is needed to meet these new challengeswithout any
compromise in performance. Migrating to such a data center network can theoretically take place at any time.
Practically speaking, however, most enterprises will not disrupt a production data center except for a limited time
window to perform scheduled maintenance and business continuity testing. Luckily and within this context, migration
to a simpler two-tier design can begin at various insertion points and proceed in controlled ways in an existing legacy
data center architecture.
Junipers Data Center LAN Migration Guide identifies the most common trigger events at which migration to a
simplified design can take place together with design considerations at each network layer for a successful migration.
The guide is segmented into two parts. For the business decisio n maker, Chapter 1: Why Migrate to Juniper will be most
relevant. The technical decision maker will find Chapters 2 and 3 most relevant, particularly Chapter 3, which covers
the data center trigger events that can stimulate a transition and the corresponding insertion points, designs, and
best practices associated with pre-install, install, and post-install tasks.
Audience
While much of the high-level information presented in this document will be useful to anyone making strategic
decisions about a data center LAN, this guide is targeted primarily to:
Data center network and security architects evaluating the feasibility of new approaches in network design
Data center network planners, engineers, and operators designing and implementing new data center networks
Data center managers, IT managers, network and security managers planning and evaluating data center
infrastructure and security requirements
Data Center Architecture and Guide Overview
One of the primary ways to increase data center efficiency is to simplify the infrastructure. Most data center networks
in place today are based on a three-tier architecture. A simplified twotier design, made possible by the enhanced
performance and more efficient packaging of todays Ethernet switches, reduces cost and complexity, and increases
efficiency without compromising performance.
During the 1990s, Ethernet switches became the basic building block of enterprise campus network design. Networks
were typically built in a three-tier hierarchical tree structure to compensate for switch performance limitations. Each
tier performed a different function and exhibited different form factors, port densities, and throughputs to handle the
workload. The same topology was deployed when Ethernet moved into the data center displacing Systems Network
Architecture (SNA), DECnet, and token ring designs.
8/3/2019 Data Center Lan Migration Guide
7/68
Copyright 2010, Juniper Networks, Inc. 7
Data Center LAN Migration Guide
Figure 1: Multitier legacy data center LAN
This multitiered architecture, shown in Figure 1, worked well in a client/server world where the traffic was primarily nor th
and south, and oversubscription ratios at tiers of the network closest to the endpoints (including servers and storage)
could be high. However, traffic flows and performance requirements have changed considerably with the advent of
applications based on SOA, increased mobility, Web 2.0, unified communications, compliance requirements, and the
sheer number of devices connecting to the corporate infrastructure. Building networks today to accommodate 5 to 10
year old traffic patterns is not optimal, and results in lower performance, unnecessary complexity, and higher cost.
A new data center network design is needed to maximize IT investment and easily scale to support the new
applications and services a high-performance enterprise requires to stay competitive. According to Gartner,
Established LAN design practices were created for an environment of limited switch performance. Todays high-
capacity switches allow new design approaches, thus reducing cost and complexity in campus and data center LANs.
The three-tier concept can be discarded, because all switch ports can typically deliver rich functionality without
impacting performance.1
Data Center InterconnectWAN Edge
Aggregation Layer
Core
Access Layer
Ethernet
Servers NAS FC Storage
FC SAN
3-TIER LEGACY NETWORK
1Neil Rikard Minimize LAN Switch Tiers to Reduce Cost and Increase Efficiency, Gartner Research ID Number: G00172149 November 17, 2009
8/3/2019 Data Center Lan Migration Guide
8/68
8 Copyright 2010, Juniper Networks, Inc.
Data Center LAN Migration Guide
Figure 2: Simpler two-tier data center LAN design
Juniper Networks offers a next-generation data center solution, shown in Figure 2, which delivers:
Simplified design for high performance and ease of management
Scalable services and infrastructure to meet the needs of a high-performance enterprise
Virtualized resources to increase efficiency
This two-tier data center LAN architecture provides a more elastic and more efficient network that can also easily scale.
This guide covers the key considerations in migrating an existing three-tier data center network to a simplified, cloud-
ready, two-tier design. From a practical perspective, most enterprises wont initiate a complete data center redesign
for an existing, operational data center. However, there are several events, such as bringing a new application or
service online or a data center consolidation, which require an addition to the existing data center infrastructure. We
call these common events at which migration can begin trigger events. Trigger events generate changes in design at a
given network layer, which we call an insertion point. In Chapter 3 of this guide, we cover the best practices and steps
involved for migration at each of the insertion points presented by a specific trigger event. By following these steps and
practices, it is possible to extend migration to other legacy network tiers and continue towards a simplified two-tier
Juniper infrastructure over time.
In summary, this Data Center LAN Migration Guide describes:
Pre-migration information requirements
Migration process overview and design considerations
Logical migration steps and Juniper best practices for transitioning each network layer insertion point
Troubleshootin g steps
Additional resources
Virtual Chassis
SRX5800
MX Series
EX82XX
Aggregation/Core
Access Layer
EX82XX
EX4200 EX4500
WAN Edge
Servers NAS FC Storage
FC SAN
Data Center
Interconnect
8/3/2019 Data Center Lan Migration Guide
9/68
Copyright 2010, Juniper Networks, Inc. 9
Data Center LAN Migration Guide
Why Migrate?
IT continues to become more tightly integrated with business across all industries and markets. Technology is the
means by which enterprises can provide better access to information in near or real time to satisfy customer needs,
while simultaneously driving new efficiencies. However, todays enterprise network infrastructures face growing
scalability, agility, and security challenges. This is due to factors such as increased collaboration with business
partners, additional workforce mobility, and the sheer proliferation of users with smart mobile devices requiring
constant access to information and services. These infrastructure challenges are seriously compounded when growth
factors are combined with the trend towards data center consolidation. What is needed is a new network infrastructure
that is more elastic, more efficient, and can easily scale.
Scalability is a high priority, as it is safe to predict that much of the change facing businesses today is going to come as
a requirement for more storage, more processing power, and more flexibility.
Recent studies by companies such as IDC suggest that global enterprises will be focusing their investments and
resources in the next 5 to 10 years on lowering costs while continuing to look for new growth areas. Industry analysts
have identified several key data center business initiatives that align with these directions:
Data center consolidation: Enterprises combin e data centers as a result of merger or acquisition to reduce cost as
well as centralize and consolidate resources.
Virtualization: Server virtualization is used to increase utilization of CPU resources, provide flexibility, and deliver
on-demand services that easily scale (currently the most prevalent virtualization example).
Cloud computing: Pooling resources within a cloud provides a cost-efficient way to reconfigure, reclaim, and reuse
resources to deliver responsive services.
I/O convergence or consolidation: Ethernet and Fibre Channel are consolidated over a single wire on the server side
Virtual Desktop Infrastructure (VDI): Applications are run on centralized servers to reduce operational costs and
also provide greater flexibility.
These key initiatives all revolve around creating greater data center efficiencies. While meeting these business
requirements, it is vital that efficient solutions remain flexible and scalable systems are easy to manage to maximize
all aspects of potential cost savings.
In todays data center, applications are constantly being introduced, updated, and retired. Demand for services is
unpredictable and ever changing. Remaining responsive, and at the same time cost efficient, is a significant resource
management challenge, and adding resources needs to be a last resort since it increases the cost basis for serviceproduction and delivery. Having the ability to dynamically reconfigure, reclaim, and reuse resources positions the data
center to effectively address todays responsiveness and efficiency challenges.
Furthermore, existing three-tier architectures are built around a client/server model that is less relevant in todays
application environment. Clearly, a new data center LAN design is needed to adapt to changing network dynamics,
overcome the complexity of scaling with the current multitiered architecture, as well as capitalize on the benefits of
high-performance platforms and a simplified design.
8/3/2019 Data Center Lan Migration Guide
10/68
10 Copyright 2010, Juniper Networks, Inc.
Data Center LAN Migration Guide
Figure 3: Data center traffic flows
Applications built on SOA architecture and those delivered in the software as a service (SaaS) model require an
increasing number of interactions among servers in the data center. These technologies generate a significant amount of
server-to-server traffic; in fact, up to 70% of data center LAN traffic is between servers. Additional server traffic may also
be produced by the increased adoption of virtualization, where shared resources such as a server pool are used at greater
capacity to improve efficiency. Todays network topologies need to mirror the nature of the traffic being transported.
Existing three-tier architectures were not designed to handle server-to-server traffic without going up and back through
the many layers of tiers. This is inherently inefficient, adding latency at each hop, which in turn impacts performance,
particularly for real-time applications like unified communications, or in industries requiring high performance such as
financial trading.
Scaling Is Too Complex with Current Data Center Architectures
Simply deploying ever more servers, storage, and devices in a three-tier architecture to meet demand significantly
increases network complexity and cost. In many cases, it isnt possible to add more devices due to space, power,
cooling, or throughput constraints. And even when it is possible, it is often difficult and time-consuming to manage due
to the size and scope of the network. Or it is inherently inefficient, as its been estimated that as much as 50% of all
ports in a typical data center are used for connecting switches to each other as opposed to doing the more important
task of interconnecting storage to servers and applications to users. Additionally, large Layer 2 domains using Spanning
Tree Protocol (STP) are prone to failure and poor performance. Similarly, commonly deployed data center technologies
like multicast dont perform at scale across tiers and devices in a consistent fashion.
Legacy security services may not easily scale and are often not efficiently deployed in a data center LAN due to the
difficulty of incorporating security into a legacy,multitiered design. Security blades which are bolted into switches at the
aggregation layer consume excessive power and space, impact performance, and dont protect virtualized resources.
Another challenge of legacy security service appliances is the limited performance scalability, which may be far
below the throughput requirements of most high-performance enterprises consolidating applications or data centers.
The ability to cluster together firewalls as a single logical entity to increase scalability without added management
complexity is another important consideration.
Proprietary systems may also limit further expansion with vendor lock-in to low performance equipment. Different
operating systems at each layer may add to the complexity to operate and scale the network. This complexity is costly,
limits flexibility, increases the time it takes to provision new capacity or services, and restricts the dynamic allocation of
resources for services such as virtualization.
UP TO 70%
Network topologies should mirrorthe nature of the trac they transport
N
WS
E
8/3/2019 Data Center Lan Migration Guide
11/68
Copyright 2010, Juniper Networks, Inc. 1
Data Center LAN Migration Guide
The Case for a High Performing, Simplied Architecture
Enhanced, high-performance LAN switch technology can help meet these scaling challenges. According to Network World,
Over the next few years, the old switching equipment needs to be replaced with faster and more flexible switches. This
time, speed needs to be coupled with lower latency, abandoning spanning tree and support for the new storage protocols.
Networking in the data center must evolve to a unified switching fabric.2
New switching technology such as that found in Juniper Networks EX Series of Ethernet Switches has caught up to
meet or surpass the demands of even the most high-performance enterprise. Due to specially designed application-specific integrated circuits (ASICs) which perform in-device switching functions, enhanced switches now offer high
throughput capacity of more than one terabit per second (Tbps) with numerous GbE and 10GbE ports, vastly improving
performance and reducing the number of uplink connections. Some new switches also provide built-in virtualization
that reduces the number of devices that must be managed, yet can rapidly scale with growth. Providing much greater
performance, enhanced switches also enable the collapsing of unnecessary network tiersmoving towards a new,
simplified network design. Similarly, scalable enhanced security devices can be added to complement such a design,
providing security services throughout the data center LAN.
A simplified, two-tier data center LAN design can lower costs without compromising performance. Built on high-
performance platforms, a collapsed design requires fewer devices, thereby reducing capital outlay and the operational
costs to manage the data center LAN. Having fewer network tiers also decreases latency and increases performance,
enabling wider support of additional cost savings and high bandwidth applications such as unified communications.
Despite having fewer devices, a simplified design still offers high availability (HA) with key devices being deployed inredundant pairs and dual homed to upstream devices. Additional HA is offered with features like redundant switching
fabrics, dual power supplies, and the other resilient capabilities available in enhanced platforms.
Figure 4: Collapsed network design delivers increased density, performance, and reliability
2Robin Layland/Layland Consulting 10G Ethernet shakes Net Design to the Core/Shift from three- to two-tier architectures accelerating, Network WorldSeptember 14, 2009
Density
Performance
Reliability
MULTI-TIER LEGACY NETWORK 2-TIER DESIGN
8/3/2019 Data Center Lan Migration Guide
12/68
12 Copyright 2010, Juniper Networks, Inc.
Data Center LAN Migration Guide
Two-Tier Design Facilitates Cloud Computing
By simplifying the design, by sharing resources, and by allowing for integrated security, a two-tier design also enables
the enterprise to take advantage of the benefits of cloud computing. Cloud computing delivers on-demand services to
any point on the network without requiring the acquisition or provisioning of location-specific hardware and software.
These cloud services are delivered via a centrally managed and consolidated infrastructure that has been virtualized.
Standard data center elements such as servers, appliances, storage, and other networking devices can be arranged in
resource pools that are shared securely across multiple applications, users, departments, or any other way they should
be logically shared. The resources are dynamically allocated to accommodate the changing capacity requirements of
different applications and improve asset utilization levels. This type of on-demand service and infrastructure simplifies
management, reduces operating and ownership costs, and allows services to be provisioned with unprecedented
speed. Reduced application and service delivery times mean that the enterprise is able to capitalize on opportunities
as they occur.
Achieving Power Savings and Operating Eciencies
Fewer devices require less power, which in turn reduces cooling requirements, thus adding up to substantial
power savings. For example, a simplified design can offer more than a 39% power savings over a three-tier legacy
architecture. Ideally, a common operating system should be used on all data center LAN devices to reduce errors,
decrease training costs, ensure consistent features, and thus lower the cost of operating the network.
Consolidating Data Centers
Due to expanding services, enterprises often have more than one data center. Virtualization technologies like server
migration and application load balancing require multiple data centers to be virtually consolidated into a single, logical
data center. Locations need to be transparently interconnected with technologies such as virtual private LAN service
(VPLS) to interoperate and appear as one.
All this is possible with a new, simplified data center LAN design from Juniper Networks. However, as stated earlier,
Juniper recognizes that it is impractical to flash migrate from an existing, operational, three-tier production data center
LAN design to a simpler two-tier design, regardless of the substantial benefits. However, migration can begin as a result
of any of the following trigger events:
Addition of a new application or service
Refresh cycle
Server virtualizati on migration
Data center consolidation
Business continuity and workload mobility initiatives
Data center core network upgrade
Higher performance and scalability for security services
The design considerations and steps for initiating migration from any of these trigger events is covered in detail in
Chapter 3: Data Center MigrationTrigger Events and Deployment Processes.
8/3/2019 Data Center Lan Migration Guide
13/68
Copyright 2010, Juniper Networks, Inc. 13
Data Center LAN Migration Guide
Why Juniper?
Juniper delivers high-performance networks that are open to and embrace third-party partnerships to lower total cost
of ownership (TCO) as well as to create flexibility and choice. Juniper is able to provide this based on its extensive
investment in software, silicon, and systems.
Software: Junipers investment in software starts with Juniper Networks Junos operating system. Junos OS offers
the advantage of one operating system with one release train and one modular architecture across the enterprise
portfolio. This results in feature consistency and simplified management throughout all platforms in the network.
Silicon: Juniper is one of the few network vendors that invests in ASICs which are optimized for Junos OS to
maximize performance and resiliency.
Systems: The combination of the investment in ASICs and Junos OS produces high-performance systems that
simultaneously scale connectivity, capacity, and the control capability needed to deliver new applications and
business processes on a single infrastructure that also reduces application and service delivery time.
Juniper Networks has been delivering a steady stream of network innovations for more than a decade. Juniper
brings this innovation to a simplified data center LAN solution built on four core principles: simplify, share, secure,
and automate. Creating a simplified infrastructure with shared resources and secure services delivers significant
advantages over other designs. It helps lower costs, increase efficiency, and keep the data center agile enough to
accommodate any future business changes or technology infrastructure requirements.
Simplify the architecture: Consolidating legacy siloed systems and collapsing inefficient tiers results in fewerdevices, a smaller operational footprint, and simplified management from a single pane of glass.
Share the resources: Segmenting the network into simple, logical, and scalable partitions with privacy, flexibility,
high performance, and quality of service (QoS) enables network agility to rapidly adapt to an increasing number of
users, applications, and services.
Secure the data flows: Integrating scalable, virtualized security services into the network core provides benefits to all
users and applications. Comprehensive protection secures data flows into, within, and between data centers. It also
provides centralized management and the distributed dynamic enforcement of application and identity-aware policies
Automate network operations at each stepAn open, extensible software platform reduces operational costs
and complexity, enables rapid scaling, minimizes operator errors, and increases reliability through a single network
operating system. A powerful network application platform with innovative applications enables network operators
to leverage Juniper or third-party applications for simplifying operations and scaling application infrastructure to
improve operational efficiency.
Junipers data center LAN architecture embodies these principles and enables high-performance enterprises to build
next-generation, cloud-ready data centers. For information on Building the Cloud-Ready Data Center, please refer to:
www.juniper.net/us/en/solutions/enterprise/data-center.
Other Considerations
It is interesting to note that even as vendors introduce new product lines, the legacy three-tier architecture remains as
the reference architecture for Data Centers. This legacy three-tier architecture retains the same limitations in terms of
scalability and increased complexity.
8/3/2019 Data Center Lan Migration Guide
14/68
14 Copyright 2010, Juniper Networks, Inc.
Data Center LAN Migration Guide
Additionally, migrating to a new product line, even with an incumbent vendor, may require adopting a new OS,
modifying configurations, and replacing hardware. The potential operational impact of introducing new hardware
is a key consideration for insertion into an existing data center infrastructure, regardless of the platform provider.
Prior to specific implementation at any layer of the network, it is sound practice to test interoperability and feature
consistency in terms of availability and implementation. When considering an incumbent vendor with a new platform,
any Enterprise organization weighing migration to a new platform from their existing one, should also evaluate moving
towards a simpler high performing Juniper-based solution, which can deliver substantial incremental benefits. (See
Chapter 3: Data Center MigrationTrigger Events and Deployment Processes for more details about introducing a
second switching infrastructure vendor into an existing single vendor network.)
In summary, migrating to a simpler data center design enables an enterprise to improve the end user experience and
scale without complexity, while also driving down operational costs.
8/3/2019 Data Center Lan Migration Guide
15/68
Copyright 2010, Juniper Networks, Inc. 15
Data Center LAN Migration Guide
Chapter 2:Pre-Migration Information
Requirements
8/3/2019 Data Center Lan Migration Guide
16/68
16 Copyright 2010, Juniper Networks, Inc.
Data Center LAN Migration Guide
Pre-Migration Information Requirements
Migrating towards a simplified design is based on a certain level of familiarity with the following Juniper solutions:
Juniper Networks Junos operating system
Juniper Networks EX Series Ethernet Switches and MX Series 3D Universal Edge Routers
Juniper Networks SRX Series Services Gateways
Juniper Networks Network and Security Manager, STRM Series Security Threat Response Managers, and Junos Spacenetwork management solutions
Juniper Networks Cloud-Ready Data Center Reference Architecture communicates Junipers conceptual framework and
architectural philosophy in creating data center and cloud computing networks robust enough to serve the range of
customer environments that exist today. It can be downloaded from: www.juniper.net/us/en/solutions/enterprise/
data-center/simplify/#literature.
Technical Knowledge and Education
This Migration Guide assumes some experience with Junos OS and its rich tool set, which will not only help simplify
the data center LAN migration but also ongoing network operations. A brief overview of Junos OS is provided in the
following section. Juniper also offers a comprehensive series of Junos OS workshops. Standardization of networking
protocols should ease the introduction of Junos OS into the data center since the basic constructs are similar. Juniper
Networks offers a rich curriculum of introductory and advanced courses on all of its products and solutions.
Learn more about Junipers free and fee-based online and instructor-led hands-on training offerings at:
www.juniper.net/us/en/training/technical_education.
Additional education may be required for migrating security services such as firewall and intrusion prevention system (IPS).
If needed, Juniper Networks Professional Services can provide access to industry-leading IP experts to help with all
phases of the design, planning, testing, and migration process. These experts are also available as training resources,
to help with project management, risk assessment, and more. The full suite of Juniper Networks Professional Services
offerings can be found at: www.juniper.net/us/en/products-services/consulting-services.
Junos OS Overview
Enterprises deploying legacy-based solutions today are most likely familiar with the number of different operating
systems (OS versions) running on switching, security, and routing platforms. This can result in feature inconsistencies,software instability, time-consuming fixes and upgrades. Its not uncommon for a legacy data center to be running
many different versions of a switching OS, which may increase network downtime and require greater time, effort, and
cost to manage the network. From its beginning, Juniper set out to create an operating system that addressed these
common problems. The result is Junos OS, which offers one consistent operating system across all of Junipers routing,
switching, and security devices.
8/3/2019 Data Center Lan Migration Guide
17/68
Copyright 2010, Juniper Networks, Inc. 17
Data Center LAN Migration Guide
Figure 5: Junos OS - The power of one
Junos OS serves as the foundation of a highly reliable network infrastructure and has been at the core of the worlds
largest service provider networks for over 10 years. Junos OS offers identical carrier-class performance and reliability
to any sized enterprise data center LAN. Also through open, standards-based protocols and an API, Junos OS can be
customized to optimize any enterprise-specific requirement.
What sets Junos OS apart from other network operating systems is the way it is built: one operating system (OS)
delivered in one software release train, and with one modular architecture. Feature consistency across platforms and
one predictable release of new features ensure compatibility throughout the data center LAN. This reduces network
management complexity, increases network availability, and enables faster service deployment, lowering TCO and
providing greater flexibility to capitalize on new business opportunities.
Junos OS consistent user experience and automated tool sets make planning and training easier and day-to-day
operations more efficient, allowing for faster changes. Further, integrating new software functionality protects not just
hardware investments, but also an organizations investment in internal systems, practices, and knowledge.
Junos OS Architecture
The Junos OS architecture is a modular design conceived for flexible yet stable innovation across many networking
functions and platforms. The architectures modularity and well-defined interfaces streamline new development and
enable complete, holistic integration of services.
One Architecture
ModuleX
A
PI
One Release Track
Frequent Releases
10.210.110.0
T Series
Junos Space
Junos Pulse
EX8216
EX8208
NSMXpress
NSM
MX Series
M Series
J Series
SECURITY ROUTERS SWITCHES
EX3200 Line
EX2200 Line
EX4200 Line
EX4500 Line
SRX5000 Line
SRX3000 Line
SRX210
SRX240SRX650
SRX100 LN1000
One OS
CoreBranch
8/3/2019 Data Center Lan Migration Guide
18/68
18 Copyright 2010, Juniper Networks, Inc.
Data Center LAN Migration Guide
Figure 6: The modular Junos OS architecture
The advantages of modularity reach beyond the operating system softwares stable, evolutionary design. For example,
the Junos OS architectures process modules run independently in their own protected memory space, so one module
cannot disrupt another. The architecture also provides separation between control and forwarding functions to support
predictable high performance with powerful scalability. This separation also hardens Junos OS against distributed
denial-of-service (DDoS) attacks. Junos operating systems modularity is integral to the high reliability, performance,
and scalability delivered by its software design. It enables unified in-service software upgrade (ISSU), graceful Routing
Engine switchover (GRES), and nonstop routing.
Automated Scripting with Junoscript Automation
With Junoscript Automation, experienced engineers can create scripts that reflect their own organizations needs and
procedures. The scripts can be used to flag potential errors in basic configuration elements such as interfaces and
peering. The scripts can also automate network troubleshooting and quickly detect, diagnose, and fix problems as
they occur. In this way, new personnel running the scripts benefit from their predecessors long-term knowledge and
expertise. Networks using Junoscript Automation can increase productivity, reduce OpEx, and increase high availability
(HA), since the most common reason for a network outage is operator error.
For more detailed information on Junos Script Automation, please see: www.juniper.net/us/en/community/junos.
Service
App 1
Service
App 2
Service
App n
ServiceApp 3
Serv
ices
Interfaces
Kernel
Packet Forwarding
Physical Interfaces
SERVICESPLANE
CONTROLPLA
NE
DATAPLANE
OPEN MANAGEMENT INTERFACES
ToolkitJ-WebCLI
ScriptsNSM/
Junos Space
Managem
en
t
Rou
ting
Interfaces
Mo
dule
n
8/3/2019 Data Center Lan Migration Guide
19/68
Copyright 2010, Juniper Networks, Inc. 19
Data Center LAN Migration Guide
A key benefit of using Junos OS is lower TCO as a result of reduced operational challenges and improved operational
productivity at all levels in the network.
Figure 7: Junos OS lowers operations costs across the data center
An independent commissioned study conducted by Forrester Consulting3 (www.juniper.net/us/en/reports/junos_tei.pdf)
found that the use of Junos OS and Juniper platforms produced a 41% reduction in overall operations costs for network
operational tasks including planning and provisioning, deployment, and planned and unplanned network events.
Juniper Platform Overview
The ability to migrate from a three-tier network design to a simpler two-tier design with increased performance,
scalability, and simplicity is predicated on the availability of hardware-based services found in networking platformssuch as the EX Series Ethernet Switches, MX Series 3D Universal Edge Routers, and the SRX Series Services Gateways.
A consistent and unified view of the data center, campus, and branch office networks is provided by Junipers single
pane of glass management platforms, including the recently introduced Junos Space.
The following section provides a brief overview of the capabilities of Junipers platforms. All of the Junos OS-based
platforms highlighted provide feature consistency throughout the data center LAN and lower TCO.
EX4200 Switch with Virtual Chassis Technology
Typically deployed at the access layer in a data center, Juniper Networks EX4200 Ethernet Switch provides chassis-
class, high availability features, and high-performance throughput in a pay as you grow 1 rack unit (1 U) switch.
Depending on the size of the data center, the EX4200 may also be deployed at the aggregation layer. Offering flexible
cabling options, the EX4200 can be located at the top of a rack or end of a row. There are several different port
configurations available with each EX4200 switch, providing up to 48 wire-speed, non-blocking, 10/100/1000 ports
with full or partial Power over Ethernet (PoE). Despite its small size, this high-performance switch also offers multiple
GbE or 10Gbe uplinks to the core, eliminating the need for an aggregation layer. And because of its small size, it takes
less space, requires less power and cooling, and it costs less to deploy and maintain sparing.
Critical Categories of Enterprise Network Operational Costs
Multiple network operating systems diminish eciency3
Baseline for all network operating systems
27%*Lowerwith
Junos
(Based on reductionin frequency and
duration ofunplanned
network events)
(A plannedevents
category)
(The addinginfrastructure
task)
(The time needed toresolve unplanned
network events)
(The combined totalsavings associated
with planned,unplanned, planning
and provisioning,and adding
infrastructure tasks)
54%*
Lower
with
Junos
25%*
Lower
with
Junos
40%*
Lower
with
Junos
41%*
Lower
with
Junos
Switch
and Router
Downtime
Costs
Switch andRouter
Maintenance
and Support
Costs
Switch andRouter
Deployment
Time Costs
UnplannedSwitch and
Router
Events
ResolutionCosts
OverallSwitch
and Router
Network
OperationsCosts
3The Total Economic Impact of Junos Network Operating Systems, a commissioned study conducted by Forrester Consulting on behalf of Juniper Networks,February 2009
8/3/2019 Data Center Lan Migration Guide
20/68
20 Copyright 2010, Juniper Networks, Inc.
Data Center LAN Migration Guide
Up to 10 EX4200 line switches can be connected, configured, and managed as one single logical device through built-in
Virtual Chassis technology. The actual number deployed in a single Virtual Chassis instance depends upon the physical
layout of your data center and the nature of your traffic. Connected via a 128 Gbps backplane, a Virtual Chassis can be
comprised of EX4200 switches within a rack or row, or it can use a 10GbE connection anywhere within a data center or
across data centers up to 40 km apart.
Junipers Virtual Chassis technology enables virtualization at the access layer, offering three key benefits:
1. It reduces the number of managed devices by a factor of 10X.
2. The network topology now closely maps to the traffic flow. Rather than sending inter-server traffic up to an
aggregation layer and then back down in order to send it across the rack, its sent directly east-to-west, reducing
the latency for these transactions. This also more easily facilitates workload mobility when server virtualization is
deployed.
3. Since the network topology now maps to the traffic flows directly, the number of uplinks required can be reduced.
The Virtual Chassis also delivers best-in-class performance. According to testing done by Network World (see full
report at www.networkworld.com/slideshows/2008/071408-juniper-ex4200.html), the EX4200 offers the lowest
latency of any Ethernet switch they had tested, making the EX4200 an optimal solution for high-performance, low
latency, real-time applications. There has also been EX4200 performance testing done in May 2010 by Network Test
which demonstrates the low latency high performance and high availability capabilities of the EX 4200 series, viewable
at http://networktest.com/jnprvc.
When multiple EX4200 platforms are connected in a Virtual Chassis configuration, they offer the same software high
availability as traditional chassis-based platforms. Each Virtual Chassis has a master and backup Routing Engine pre-
elected with synchronized routing tables and routing protocol states for rapid failover should a master switch fail. The
EX4200 line also offers fully redundant power and cooling.
To further lower TCO, Juniper includes core routing features such as OSFP and RIPv2 in the base software license,
providing a no incremental cost option for deploying Layer 3 at the access layer.
In every deployment, the EX4200 reduces network configuration burdens and measurably improves performance for
server-to-server communications in SOA, Web services, and other distributed application designs.
For more information, refer to the EX4200 Ethernet Switch data sheet for a complete list of features, benefits, and
specifications at: www.juniper.net/us/en/products-services/switching/ex-series.
EX4500 10GbE Switch
The Juniper Networks EX4500 Ethernet Switch delivers a scalable, compact, high-performance platform for supporting
high-density 10 gigabit per second (10 Gbps) data center top-of-rack, as well as data center, campus, and service
provider aggregation deployments .The Junos OS-based EX4500 is a 48 port wire-speed switch whose ports can
be provisioned as either gigabit Ethernet (GbE) or 10GbE ports in a two rack unit (2 U) form factor. The 48 ports are
allocated with 40 1000BaseT ports in the base unit and 8 optional uplink module ports. The EX4500 delivers 960
Gbps throughput (full duplex) for both Layer 2 and Layer 3 protocols. For enterprises introducing 10GbE into their racks,
the EX4500 can be used to add 10GbE-attached servers, iSCSI, and network-attached storage (NAS) with minimal
impact to the current switching infrastructure. The EX4500 is also in Junipers roadmap to support Virtual Chassis
fabric technology.
For smaller data centers, the EX4500 can be deployed as the core layer switch, aggregating 10GbE uplinks from
EX4200 Virtual Chassis configurations in the access layer. Back-to-front and front-to-back cooling ensure consistency
with server designs for hot and cold aisle deployments.
Juniper plans to add support to the EX4500 for Converged Enhanced Ethernet (CEE) and Fibre Channel over Ethernet
(FCoE) in upcoming product releases.
Refer to the EX4500 Ethernet Switch data sheet for more information at: www.juniper.net/us/en/products-services/
switching/ex-series/ex4500/#literature.
http://www.juniper.net/us/en/products-services/switching/ex-series/ex4500/#literaturehttp://www.juniper.net/us/en/products-services/switching/ex-series/ex4500/#literaturehttp://www.juniper.net/us/en/products-services/switching/ex-series/ex4500/#literaturehttp://www.juniper.net/us/en/products-services/switching/ex-series/ex4500/#literature8/3/2019 Data Center Lan Migration Guide
21/68
Copyright 2010, Juniper Networks, Inc. 2
Data Center LAN Migration Guide
EX2500 10GbE Switch
The Juniper Networks EX2500 Ethernet Switch is designed for high-density 10GbE data center top-of-rack applications
where high performance and low latency are key requirements. The low latency offered by the EX2500approximately
700 nanosecondsmakes it ideal for delay sensitive applications such as high-performance server clusters and
financial applications, where this degree of low latency is required. Note that the EX2500 is not Junos OS-based.
Refer to the EX2500 Ethernet Switch data sheet for more information at: www.juniper.net/us/en/products-services/
switching/ex-series/ex2500/#literature.
EX8200 Line of Ethernet Switches
The Juniper Networks EX8200 line of Ethernet switches is a high-performance chassis platform designed for the high
throughput that a collapsed core layer requires. This highly scalable platform supports up to 160,000 media access
control (MAC) addresses, 64,000 access control lists (ACLs), and wire-rate multicast replication. The EX8200 line
may also be deployed as an end-of-rack switch for those enterprises requiring a dedicated modular chassis platform.
The advanced architecture and capabilities of the EX8200 line, similar to the EX4200, accelerate migration towards a
simplified data center design.
The EX8200-40XS line card brings 10GbE to the access layer for end-of-row configurations. This line card will deliver
25 percent greater density per chassis and consume half the power of competing platforms, reducing rack space and
management costs. The EX8200 line is expected to add Virtual Chassis support later in 2010 with additional features
being added in early 2011. With the new 40-port line card, the EX8200 line with Virtual Chassis technology will enablea common fabric of more than 1200 10GbE ports.
The most fundamental challenge that data center managers face is the challenge of physical plant limitations. In this
environment, taking every step possible to minimize power draw for the required functionality becomes a critical goal.
For data center operators searching for the most capable equipment in terms of functionality for the minimum in rack
space, power, and cooling, the EX8200 line delivers higher performance and scalability in less rack space with lower
power consumption than competing platforms.
Designed for carrier-class HA, each EX8200 line model also features fully redundant power and cooling, fully
redundant Routing Engines, and N+1 redundant switch fabrics.
For more information, refer to the EX8200 line data sheets for a complete list of features and specifications at:
www.juniper.net/us/en/products-services/switching/ex-series.
MX Series 3D Universal Edge Routers
Its important to have a consistent set of powerful edge services routers to be able to interconnect the data center to
other data centers and out to di spersed users. The MX Series with the n ew Trio chipset delivers cost-effective, powerful
scaling that allows enterprises to support application-level replication for disaster recovery or virtual machine migration
between data centers by extending VLANs across data centers using mature, proven technologies such as VPLS.
It is interesting to note the following observation from the recent 2010 MPLS Ethernet World Conference from the Day 3
Data Center Interconnect session: VPLS is the most mature technology today to map DCI requirements.
Delivering carrier-class HA, each MX Series model features fully redundant power and cooling, fully redundant Routing
Engines, and N+1 redundant switch fabrics.
For more information, refer to the MX Series data sheet for a complete list of features, benefits, and specifications at:
www.juniper.net/us/en/products-services/routing/mx-series.
http://www.juniper.net/us/en/products-services/routing/mx-serieshttp://www.juniper.net/us/en/products-services/routing/mx-series8/3/2019 Data Center Lan Migration Guide
22/68
22 Copyright 2010, Juniper Networks, Inc.
Data Center LAN Migration Guide
Consolidated Security with SRX Series Services Gateways
The SRX Series Services Gateways replace numerous legacy security solutions by providing a suite of services in one
platform, including a firewall, IPS, and VPN services.
Supporting the concept of zones, the SRX Series can provide granular security throughout the data center LAN. The
SRX Series can be virtualized and consolidated into a single pool of security services via clustering. The SRX Series
can scale up to 10 million concurrent sessions allowing the SRX Series to massively and rapidly scale to handle any
throughput without additional devices, multiple cumbersome device configurations, or operating systems.
The highly scalable performance capabilities of the SRX Series platform, as with the EX Series switches, lays the
groundwork for a simplified data center infrastructure and enable enterprises to easily scale to meet future growth
requirements. This is in contrast to legacy integrated firewall modules and standalone appliances which have limited
performance scalability. Even when multiple firewall modules are used, the aggregate performance may still be far
below the throughput required for consolidating applications or data centers, where firewall aggregate throughput of
greater than 100 gigabits may be required. The lack of clustering capabilities in some legacy firewalls not only limits
performance scalability but also increases management and network complexity.
The SRX Series provides HA features such as redundant power supplies and cooling fans, as well as redundant switch
fabrics. This robust platform also delivers carrier-class throughput. The SRX5600 is the industrys fastest firewall and
IPS by a large margin, according to Network World.
For more information, refer to the SRX Series data sheet for a complete list of features, benefits, and specifications at:
www.juniper.net/us/en/products-services/security/srx-series.
Altor Networks Virtual Firewall (VF 4.0)
To address the unique security challenges of virtualized networks and data centers, Juniper has integrated Altors
virtual firewall and cloud protection software into its security portfolio to give network and application visibility and
granular control over virtual machines (VM). Combining a powerful stateful virtual firewall with virtual intrusion
detection (IDS), VM Introspection and automated compliance assessment, Altors comprehensive solution for
protecting virtualized workloads slipstreams easily into Juniper environments featuring any of the following:
SRX Series Services Gateways
STRM Series Security Threat Response Managers
IDP Series Intrusion Detection and Prevention Appliances
Altors integrations focus on preserving customers investment into Juniper security, and extending it to the virtualized
infrastructure with the similar feature, functionality, and enterprise-grade requirements like high-performance,
redundancy, and central management.
Juniper customers can deploy Altor on the virtualized server, and integrate security policies, logs, and related work
flow into existing SRX Series, STRM Series, and IDP Series infrastructure. Customers benefit from layered, granular
security without the management and OpEx overhead. Altor v4.0 will export firewall logs and inter-VM traffic flow
information to STRM Series to deliver single-pane of glass for threat management. Customers who have deployed
Juniper Networks IDP Series, and management processes around threat detection and mitigation can extend that to
the virtualized server infrastructure with no additional CapEx investment.
Altors upcoming enhancements with SRX Series and Junos Space continues on the vision to deliver gapless security
with a common management platform. Altor-SRX Series integration will ensure trust zone integrity is guaranteed to the
last mile - particularly relevant in cloud and shared-infrastructure deployments. Altors integration with Junos Space
will bridge the gap between management of physical resources and virtual resources to provide a comprehensive view
of the entire data center.
Refer to the Securing Virtual Server Environments with Juniper Networks and Altor Networks solutions brief for more:
www.juniper.net/us/en/local/pdf/solutionbriefs/3510354-en.pdf.
http://www.juniper.net/us/en/local/pdf/solutionbriefs/3510354-en.pdfhttp://www.juniper.net/us/en/local/pdf/solutionbriefs/3510354-en.pdf8/3/2019 Data Center Lan Migration Guide
23/68
Copyright 2010, Juniper Networks, Inc. 23
Data Center LAN Migration Guide
MPLS/VPLS for Data Center Interconnect
The consolidation of network services increases the need for Data Center Interconnect (DCI). Resources in one data
center are often accessed by one or more data centers. Different business units, for example, may share information
across multiple data centers via VPNs. Or compliance regulations may require that certain application traffic be kept
on separate networks throughout data centers. Or businesses may need a real-time synchronized standby system to
provide optimum HA in a service outage.
MPLS is a suite of protocols developed to add transport and virtualization capabilities to large data center networks.MPLS enables enterprises to scale their topologies and services. An MPLS network is managed using familiar protocols
such as OSPF or Integrated IS-IS and BGP.
MPLS provides complementary capabilities to standard IP routing. Moving to an MPLS network provides business
benefits like improved network availability, performance, and policy enforcement. MPLS networks can be employed for
a variety of reasons:
Inter Data Center Transport: To connect consolidated data centers to support mission cri tical applications. For
example, real-time mainframe replication or disk, database, or transaction mirroring.
Virtualizing the Network Core: For logically separating network services. For example, providing different levels of
QoS for certain applications or separate application traffic due to compliance requirements.
Extending L2VPNs for Data Center Interconnect: To extend L2 domains across data centers using VPLS. For example
to support application mobility with virtualization technologies like VMware VMotion, or to provide resilient businesscontinuity for HA by copying transaction information in real time to another set of servers in another data center.
The MX Series provides high capacity MPLS and VPLS technologies. MPLS networks can also facilitate migration
towards a simpler, highly scalable and flexible data center infrastructure.
Junipers Unied Management Solution
Juniper provides three powerful management solutions for the data center LAN via its NSM and STRM Series platforms
as well as Junos Space.
For more information on MPLS/VPLS, please refer to the Implementing VPLS for Data Center Interconnectivity
Implementation Guide at: www.juniper.net/us/en/solutions/enterprise/data-center/simplify/#literature.
Network and Security Manager
NSM offers a single pane of glass to manage and maintain Juniper platforms as the network grows. It also helps
maintain and configure consistent routing and security policies across the entire network. And NSM helps delegate
roles and permissions as well.
Delivered as a software application or a network appliance, NSM provides many benefits:
Centralized activation of routers, switches, and security devices
Granular role-based access and policies
Global policies and objects
Monitoring and investigative tools
Scalable and deployable solutions
Reliability and redundancy
Lower TCO
8/3/2019 Data Center Lan Migration Guide
24/68
24 Copyright 2010, Juniper Networks, Inc.
Data Center LAN Migration Guide
The comprehensive NSM solution provides full life cycle management for all platforms in the data center LAN.
Deployment: Provides a number of options for adding device configurations into the database, such as importing a
list of devices, or discovering and importing deployed network devices, or manually adding a device and configuration
in NSM, or having the device contact NSM to add its configuration to the database.
Configuration: Offers central configuration to view and edit all managed devices. Provides offline editing/modeling
of device configuration. Facilitates the sharing of common configurations across devices via templates and policies.
Provides configuration file management for backup, versioning, configuration comparisons, and more.
Monitoring: Provides centralized event log management with predefined and user-customizable reports. Provides
tools for auditing log trends and finding anomalies. Provides automatic network topology creation using standards-
based discovery of Juniper and non-Juniper devices based on configured subnets. Offers inventory management
for device management interface (DMI)-enabled devices, and Job Manager to view device operations performed by
other team members.
Maintenance: Delivers centralized Software Manager to version track software images for network devices. Other
tools also transform/validate between user inputs and device-specific data formats via DMI schemas.
Using open standards like SNMP and system logging, NSM has support for third-party network management solutions
from IBM, Computer Associates, InfoVista, HP, EMC, and others.
Refer to the Network and Security Manager data sheet for a complete list of features, benefits, and specifications:
www.juniper.net/us/en/products-services/security/nsmcm.
STRM Series Security Threat Response Managers
Complementing Junipers portfolio, the STRM Series offers a single pane of glass to manage security threats. It
provides threat detection, event log management, compliance, and efficient IT access to the following:
Log Management: Provides long-term collection, archival, search, and reporting of event logs, flow logs, and
application data.
Security Information and Event Management (SIEM): Centralizes heterogeneous event monitoring, correlation, and
management. Unrivaled data management greatly improves ITs ability to meet security control objectives.
Network Behavior Anomaly Detection (NBAD): Discovers aberrant network activities using network and application
flow data to detect new threats that others miss.
Refer to the STRM Series data sheet for a complete list of features, benefits, and specifications: www.juniper.net/us/en/products-services/security/strm-series.
Junos Space
Another of ITs challenges has been adding new services and applications to meet the ever growing demand. Historically,
this has not been easy, requiring months of planning and only makin g changes in strict maintenance windows.
Junos Space is a new, open network application platform designed for building applications that simplify network
operations, automate support, and scale services. Organizations can take control of their own networks through self-
written programs or third-party applications from the developer community. Embodied in a number of appliances
across Junipers routing, switching, and security portfolio, an enterprise can seamlessly add new applications, devices,
and device updates as they become available from Juniper and the developer community, without ever restarting the
system for full plug and play.
8/3/2019 Data Center Lan Migration Guide
25/68
Copyright 2010, Juniper Networks, Inc. 25
Data Center LAN Migration Guide
Several applications will be available on Junos Space throughout 2010. Junos Space applications introduced as of the
first half of 2010 include:
Junos Space Virtual Control (expected availability in Q3 2010) allows users to monitor, manage, and control the
virtual network environments that support virtualized servers deployed in the data center. Virtual Control provides a
consolidated solution for network administrators to gain end-to-end visibility into, and control over, both virtual and
physical networks from a single management screen. By enabling network-wide topology, configuration, and policy
management, Virtual Control minimizes errors and dramatically simplifies data center network orchestration, while
at the same time lowering total cost of ownership by providing operational consistency across the entire data center
network. Virtual Control also greatly improves business agility by accelerating server virtualization deployment.
Juniper has also formed a new collaboration with VMware that takes advantage of its open APIs to achieve seamless
orchestration across both physical and vi rtual network elements by leveraging Virtual Control. The combination of
Junos Space Virtual Control and VMware vSphere provides automated orchestration between the physical and virtual
networks, wherein a change in the virtual network is seamlessly carried over the physical network and vice versa.
Junos Space Ethernet Design (available now) is a Junos Space software application that enables end-to-end
campus and data center network automation. Ethernet Design provides full automation including configuration,
provisioning, monitoring, and administration of large switch and router networks. Designed to enable rapid endpoint
connectivity and operationalization of the data center, Ethernet Design uses a best practice configuration and
scalable workflows to scale data center operations with minimal operational overhead. It is a single pane of
glass platform for end-to-end network automation that improves productivity via a simplified, create one, useextensively configuration and provisioning model.
Junos Space Security Design (available now) enables fast, easy, and accurate enforcement of security state across
the enterprise network. Security Design enables quick conversion of business intent to device-specific configuration,
and it enables auto-configuration and provisioning through workflows and best practices to reduce the cost and
complexity of security operations.
Service Now and Junos Space Service Insight (available now) consists of Junos Space applications that enable fast
and proactive detection, diagnosis, and resolution of network issues. (See Automated Support with Service Now for
more details.)
Junos Space Network Activate (expected availability Q4 2010) facilitates fast and easy setup of VPLS services, and
allows for full lifecycle management of MPLS services
In addition, the Junos Space Software Development Kit (SDK) will be released to enable development of a wide rangeof third-party applications covering all aspects of network management. Junos Space is designed to be open and
provides northbound, standards-based APIs for integration to third-party data center and service provider solutions.
Junos Space also includes DMI based on NetConf, an IETF standard, which can enable management of DMI-compliant
third-party devices.
Refer to the following URL for more information on Junos Space applications: www.juniper.net/us/en/products-
services/software/junos-platform/junos-space/applications.
http://www.juniper.net/us/en/products-services/software/junos-platform/junos-space/applicationshttp://www.juniper.net/us/en/products-services/software/junos-platform/junos-space/applicationshttp://www.juniper.net/us/en/products-services/software/junos-platform/junos-space/applicationshttp://www.juniper.net/us/en/products-services/software/junos-platform/junos-space/applications8/3/2019 Data Center Lan Migration Guide
26/68
26 Copyright 2010, Juniper Networks, Inc.
Data Center LAN Migration Guide
Automated Support with Service Now
Built on the Junos Space platform, Service Now delivers on Junipers promise of network efficiency, agility, and
simplicity by delivering service automation that leverages Junos OS embedded technology.
For devices running Junos OS 9.x and later releases, Service Now aids in troubleshooting for Junipers J-Care Technical
Services. Junos OS contains the scripts which provide device and incident information that is relayed to the Service
Now application where it is logged, stored, and with the customers permission, forwarded to Juniper Networks
Technical Services for immediate action by the Juniper Networks Technical Assistance Center (JTAC).
Not only does Service Now provide automated incident management, it offers automated inventory management for
all Junos OS devices running release 9.x and later. These two elements provide substantial time savings in the form
of more network uptime and less time spent on administrative tasks like inventory data collection. This results in a
reduction of operational expenses and streamlined operations, allowing key personnel to focus on the goals of the
network rather than its maintenanceall of which enhance Junipers ability to simplify the data center.
Figure 8: Troubleshooting with Service Now
The Service Insight application, available in Fall 2010 on the Junos Space platform, takes service automation to the
next level by delivering proactive, customized support for networks running Juniper devices. While Service Now enables
automation for reactive support components such as incident and inventory management for efficient network
management and maintenance, Service Insight brings a level of proactive, actionable network insight that helps
manage risk, lower TCO, and improve application reliability.
The first release of Service Insight will consist of the following features:
Targeted product bug notification: Proactive notification to the end user of any new bug notification that couldimpact network performance and availability with analysis of which devices could be vulnerable to the defect. This
capability can avoid network incidents due to known product issues, as well as save numerous hours of manual
impact analysis for system-wide impact of a packet-switched network (PSN).
EOL/EOS reports: On-demand view of the end of life (EOL), end of service (EOS), and end of engineering (EOE)
status of devices and field-replaceable units (FRUs) in the network. This capability brings efficiency to network
management operations and mitigates the risk of running obsolete network devices and/or software/firmware.
With this capability, the task of taking network inventory and assessing the impact of EOL/EOS announcements is
reduced to the touch of a button instead of a time-consuming analysis of equipment and software revision levels
and compatibility matrices.
JuniperSupport System
ServiceInsight
Gateway
JUNIPER
AI ScriptsInstalled
CUSTOMER
NETWORK
CUSTOMER OR
PARTNER NOC
Service Now
INTERNET
JMBHardwareSoware
ResourcesCalibration
8/3/2019 Data Center Lan Migration Guide
27/68
Copyright 2010, Juniper Networks, Inc. 27
Data Center LAN Migration Guide
Chapter 3: Data CenterMigration -Trigger Events and
Deployment Processes
8/3/2019 Data Center Lan Migration Guide
28/68
28 Copyright 2010, Juniper Networks, Inc.
Data Center LAN Migration Guide
How Migrations Begin
Many enterprises have taken on server, application, and data center consolidations to reduce costs and to increase the
return on their IT investments. To continue their streamlining efforts, many organizations are also considering the use of
cloud computing in their pooled, consolidated infrastructures. While migrating to a next-generation cloud-ready data
center design can theoretically take place at any time, most organizations will not disrupt a production facility except
for a limited time-window to perform scheduled maintenance and continuity testing, or for a suitably compelling
reason whose return is worth the investment and the work.
In Chapter 3 of this guide, we identify a series of such reasonstypically stimulated by trigger eventsand the way
these events turn into transitions at various insertion points in the data center network. We also cover the best
practices and steps involved in migration at each of the insertion points presented by a specific trigger event. By
following these steps and practices, it is possible to extend migration to legacy network tiers and move safely towards
a simplified data center infrastructure.
Trigger Events for Change and Their Associated Insertion Points
Change in the data center network is typically determined by the type of event triggering the organization to make
that change. What follows is a short description of trigger events which can stimulate an organization to make the
investments related to these events:
Provisioning a new area of infrastructure area or Point of Delivery (POD) in an existing data center due to
additional capacity required for new applications and services. The new applications may also have higherperformance requirements that cannot be delivered by the existing infrastructure.
Technology refresh due to either EOL on a given product line or an upgrade to the latest switching and/or server
technology. A refresh can also be driven by the end of an equipment depreciation cycle, company policy regarding
available headroom capacity, or for adding capacity to meet planned future expansion.
Infrastructure redesign due to increased use of server virtualization.
Data center consolidation due to merger or acquisition, cost saving initiatives, or moving from an existing co-
location facility. Due to the increased scalability, performance, and high availability requirements, data center
consolidation may also require a technology refresh.
Business continuity and workload mobility initiatives. Delivering HA and VM/application mobility typically involves
VLAN stretching within or between data centers.
Upgrade to the core data center network for higher bandwidth and capacity to support new capabilities such as
server virtualization/workload mobility or higher application performance. This may also be due to a technology
refresh as a result of the retirement of legacy equipment which is at end of life (EOL).
Need for higher performance and scale in security. Existing security gateways, whether integrated in a chassis
or running as standalone appliances, may not be able to deliver the higher performance required to support the
increased traffic from data center consolidation, growth in connected devices, increased extranet collaboration,
and internal/external compliance and auditing requirements. Server, desktop, and application virtualization may
also drive changes in the security model, to increase the strength of security in the new environments and ease
complexity in management. Enhancements can be made to the core, edge, or virtual server areas of the data center
network to deal with these requirements.
Addressing any or all of these trigger events results in deployment of new technology into the access, aggregation,
core, or services tiers of an existing data center network.
8/3/2019 Data Center Lan Migration Guide
29/68
Copyright 2010, Juniper Networks, Inc. 29
Data Center LAN Migration Guide
Considerations for Introducing an Alternative Network Infrastructure Provider
In some installations, a key consideration when evolving an existing infrastructure is the impact of introducing another
vendor. Organizations can minimize any impact by using the same best practices they employ in a single vendor
network. For example, it is sound practice to test interoperability and feature consistency before an implementation at
any network layer. Many enterprises do this today, since there are often multiple inconsistent versions of an operating
system within a single vendors portfolio, or even completely different operating systems within that portfolio. For
example, the firewall or intrusion detection and prevention (IDP) platforms may have a different OS and interface from
the switching products. Even within a switching portfolio, there may be different operating systems, each supporting
different feature implementations.
It is also sound practice to limit fault domains and contain risks when introducing an additional vendor. This can be
accomplished with a building block design for the target insertion point, when deploying into an existing LAN. This
approach allows for definition of the new insertion as a functional module, testing of the module in proof-of-concept
(PoC) environments before deployment, and clean insertion of the new module into production after testing. As
mentioned earlier, PoC testing is often done as a best practice in a single vendor network as well.
Other steps that can ensure successful insertion of Juniper Networks technology into an existing data center LAN include:
Training
Multivendor automation and management tools
Training
The simplicity of Junipers im