Text Size:        

• What's New
• Introducing the Juniper Networks E320 Platform

• Product Icons
• E-series Platform Visio Icons

• Additional Information
• Datasheets
• Juniper Networks E-series Portfolio of IP Edge and Broadband Service Routing Platforms
• E320 and E120 Broadband Services Routers
• 3-D Model
• 3D Model of ERX-310

• Testimonial
• "The new E320 Broadband Services Router will enable us to scale our network as required to support TELUS' Future Friendly Home suite of services and address our growing customer base, while also reducing over time our capital and operational expenditures."
  
  Ibrahim Gedeon,
  CTO
  TELUS

• More Customer Quotes
• E-series Customer Quotes

• Product Icons
• Juniper Networks Product Icons and Visio Stencils

IP Services - Security

The Juniper Networks ERX-705/1410/1440 is designed to support a complete security feature set to maintain network integrity without compromising performance. The E-series allows service providers to protect their number one resource, the network, and offer value-added security services to end-users without compromising performance.

Using a distributed hardware architecture, the E-series delivers wire-speed, deep-packet filtering to apply security policies that are global in nature to the E-series and/or unique to particular interfaces, networks, or individual users. Fine-grained policies filter IP addresses to protect network resources or subscriber connections.

Benefits

• Wire-Speed Classification and Forwarding: supports robust security features without compromising performance
• Flexibility: flexible filtering options allow service providers to implement a comprehensive security system at the network edge to meet existing and future security threats
• Ease of Use: both CLI and GUI configuration options are supported to easily define, create, and apply security policies to quickly and efficiently deploy security policies for a large-scale roll out
• Scalability: up to 200,000 policy filters are supported per ERX
• Zero-Touch Provisioning: security policies can be applied dynamically from an external RADIUS database or policy server to minimize configuration efforts and improve operational efficiency
• Revenue Source: value-added security services can be a lucrative revenue source for service providers

Technology

Security from an edge router perspective means interrogating each packet to discard the "bad" traffic while forwarding the "good." The key is to differentiate a security attack (i.e., Denial of Service) from a legitimate traffic stream without compromising the performance of the network or breaking contracted SLAs. To do this, all packets entering an ingress interface on the E-series are classified at wire speed by a hardware classifier. By providing wire-speed classification, the E-series is designed to eliminate the random dropping of packets that may occur under periods of congestion, thereby allowing service providers to guarantee level or quality of service for their customers.

Once classified, the E-series is designed to apply security policies to each packet that dictate the actions required to meet each customer's security profile or to guarantee the integrity of each packet as it enters the ERX. The list below provides examples of some of the security features supported by the ERX:

• Denial of Service (DoS) detection and prevention
• Anti-spoofing
• Ping of Death prevention
• TCP SYN-flood detection
• Event auditing, selectable packet logging, and notification
• Real time alerts/alarms

Flexible configuration options give service providers the ability to create discrete security policies based on fields or combination of fields in the IP header. Once defined, security policies are applied to each packet by dedicated hardware processors distributed to each line card. With support for up to 200,000 filters per system, the E-series provides a scalable security architecture capable of supporting the most challenging ISP environments.

Features

Juniper Networks E-series is a wire-speed IP router designed specifically to meet the performance demands of today's service provider networks. Unlike legacy routing platforms built around a centralized, software-based architecture, the E-series is designed upon a distributed architecture leveraging a combination of RISC processors, ASICs, and FPGAs to provide wire-speed performance and maximum flexibility. Optimized for the edge of the carrier network, the E-series provides the high touch IP services required by service providers to meet the challenging demands of their customers. As an IP-services platform, the E-series is designed to deliver advanced IP services while maintaining wire-speed throughput of all packets across all interfaces, including Virtual Private Networks (VPNs), IP Quality of Service (QoS), and advanced security. Software-based edge routers without hardware assistance quickly become congested, rendering the routers unable to deliver the most basic services.