2


Juniper MX Series
SECOND EDITION

Douglas Richard Hanks, Jr., Harry Reynolds & David Roy

3


Juniper MX Series
by Douglas Richard Hanks, Harry Reynolds, and David Roy
Copyright © 2016 Douglas Hanks, Harry Reynolds, David Roy. All rights
reserved.
Printed in the United States of America.
Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol,
CA 95472.
O’Reilly books may be purchased for educational, business, or sales promotional
use. Online editions are also available for most titles
(). For more information, contact our
corporate/institutional sales department: 800-998-9938 or
Editors: Brian Anderson and Courtney Allen
Production Editor: Nicholas Adams
Copyeditor: Jasmine Kwityn
Proofreader: Charles Roumeliotis
Indexer: WordCo Indexing Services, Inc.
Interior Designer: David Futato
Cover Designer: Randy Comer
Illustrator: Rebecca Demarest

October 2012: First Edition
September 2016: Second Edition

4


Revision History for the Second Edition
2016-08-24: First Release
See for release
details.
The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Juniper MX
Series, the cover image, and related trade dress are trademarks of O’Reilly Media,
Inc.
While the publisher and the authors have used good faith efforts to ensure that the
information and instructions contained in this work are accurate, the publisher and
the authors disclaim all responsibility for errors or omissions, including without
limitation responsibility for damages resulting from the use of or reliance on this
work. Use of the information and instructions contained in this work is at your own
risk. If any code samples or other technology this work contains or describes is
subject to open source licenses or the intellectual property rights of others, it is
your responsibility to ensure that your use thereof complies with such licenses
and/or rights.
978-1-491-93272-8
[LSI]

5


Second Edition Dedication
I would like to dedicate this book to my wife, Magali, my two sons, Noan and

Timéo, and my parents Jacques and Micheline, for all their encouragement
and support during this big project. A very special thank you to Harry
Reynolds—I learned a lot from him, and I’m still so impressed by his technical
and writing skills. A great thank you to Doug Hanks, Paul Abbot, Ping Song,
and Antonio Sanchez-Monge from Juniper Networks for helping me during the
project. I also thank Patrick Ames, who helped me a lot and corrected the
English of a poor French guy. Thank you to Artur Makutunowicz and Matt
Dinham for their technical review. Finally, a great thank you to the folks at
Juniper, who gave me the opportunity to share my passion for the MX Series
through this second edition.
—David Roy

6


Preface
One of the most popular routers in the Enterprise and Service Provider market is
the Juniper MX Series. The industry is moving to high-speed, high port-density
Ethernet-based routers, and the Juniper MX was designed from the ground up to
solve these challenges.
This book is going to show you, step by step, how to build a better network using
the Juniper MX—it’s such a versatile platform that it can be placed in the core,
aggregation, or edge of any type of network and provide instant value. The Juniper
MX was designed to be a network virtualization beast. You can virtualize the
physical interfaces, logical interfaces, control plane, data plane, network services,
and even have virtualized services span several Juniper MX routers. What was
traditionally done with an entire army of routers can now be consolidated and
virtualized into a single Juniper MX router.

7



Second Edition Notes
This Second Edition of Juniper MX Series maintains the existing chapters from the
First Edition, but is updated with recent technical information based on Junos
release 14.2. Moreover, two new chapters have been added. The first of these,
Chapter 7, covers the large topic of load balancing—it explains how Junos
implements the load balancing features on the Trio chipset for the different types of
traffic (IP, MPLS, bridged, etc.). The chapter then details some advanced
technologies such as symmetric load balancing, consistent hashing, and the adaptive
load balancing features set. The second new chapter, Chapter 11, focuses on the
virtual instance of the MX: the vMX. It first introduces the benefits of using vMX
and typical use cases of the virtual carrier grade router. It also presents the
technical architecture of the vMX and gives an overview of some virtualization
techniques that gravitate around vMX, such as paravirtualization, PCI-Passthrough,
and SR-IOV. It finally provides some detailed information about how vMX is
currently implemented and discusses the current vMX QoS model.
In addition to these brand new chapters, the following updates have been made:
For Chapter 1, we present the new Junos release model and give you an
overview of the Junos modernization by covering the topics of RPD multithreading and JAM model. We also detail how the key process of ppmd works.
We present the hardware of the MPC1e up to MPC9e line cards and also how
the fabric planes have been upgraded to support new, high-density line cards.
We finally provide technical details regarding the hypermode feature.
For Chapter 2, we added some content related to VLAN normalization. To
prevent Layer 2 loops, we present the new MAC move feature. We finally
provide technical details regarding VXLAN support on MX with a case study:
MX as a VTEP.
For Chapter 3, several new features are introduced or technically detailed. This
includes the new filter modes supported by Junos 14.2 but also some advanced
filtering features, such as shared bandwidth policing, flexible match firewall

filters, and the Fast Lookup Filter feature supported on the new generation of
Trio ASICs.
For Chapter 4, we provided more technical details about how the DDOS
protection feature has been improved. Moreover, relying on a case study, the
chapter presents the DDOS Suspicious Control Flow Detection feature.
Chapter 5, which covers class of service, has been enriched with some new
8


features such as the support of ingress queuing on the Trio line card. The chapter
also details the feature that allows enabling limited per-VLAN queuing on a
nonqueueing MPC. Finally, it explains in detail how the new policy-map feature
allows flexible packet CoS remarking.
For Chapter 6, which covers the MX multi-chassis feature, the “Locality Bias”
feature, which allows a better usage of the VCP bandwidth are presented.
Chapter 8, dedicated to Trio inline services, has received several updates. The
inline sampling feature (IPFIX) has been updated with recent enhancements. The
tunnel service features has been enriched with a technical deep dive. We
provided a configuration example in order to ensure redundancy for logical
tunnels. New features, including inline GRE with filter-based tunnel, are
detailed and illustrated with a real-world case study. Finally, the port mirroring
part has also been updated and enriched with a presentation of the new Layer
Analyzer feature.
Chapter 9 and Chapter 10, which covers MC-LAG and high-availability
features, respectively, has been refreshed with the latest information. The new
NSR-supported features are also included in Chapter 10.

9



No Apologies
We’re avid readers of technology books, and we always get a bit giddy when a new
book is released, because we can’t wait to read it and learn more about a specific
technology. However, one trend we have noticed is that every networking book
tends to regurgitate the basics over and over. There are only so many times you can
force yourself to read about spanning tree, the split horizon rule, or OSPF LSA
types. One of the goals of this book is to introduce new and fresh content that hasn’t
been published before.
There was a conscious decision made between the authors to keep the technical
quality of this book very high; this created a constant debate whether or not to
include primer or introductory material in the book to help refresh a reader’s
memory with certain technologies and networking features. In short, here’s what we
decided:
Spanning Tree
There’s a large chapter on bridging, VLAN mapping, IRB, and virtual switches.
A logical choice would be to include the spanning tree protocol in this chapter.
However, spanning tree has been around forever and quite frankly there’s
nothing special or interesting about it. Spanning tree is covered in great detail
in every JNCIA and CCNA book on the market. If you want to learn more about
spanning tree, check out Junos Enterprise Switching by O’Reilly or CCNA
ICND2 Official Exam and Certification Guide, Second Edition, by Cisco
Press.
Basic Firewall Filters
We decided to skip the basic firewall filter introduction and jump right into the
advanced filtering and policing that’s available on the Juniper MX.
Hierarchical policers, two-rate three-color policers, and cascading firewall
filters are much more interesting.
Class of Service
This was a difficult decision because Chapter 5 is over 170 pages of advanced
hierarchal class of service. Adding another 50 pages of class of service basics

would have exceeded page count constraints and provided no additional value.
If you would like to learn more about basic class of service, check out QoSEnabled Networks by Wiley, Junos Enterprise Routing, Second Edition by
O’Reilly, or Juniper Networks Certified Internet Expert Study Guide by
Juniper Networks.
10


Routing Protocols
There are various routing protocols such as OSPF and IS-IS used throughout
this book in case studies. No introduction chapters are included for IS-IS or
OSPF, and it’s assumed that you are already familiar with these routing
protocols. If you want to learn more about OSPF or IS-IS, check out the Junos
Enterprise Routing, Second Edition, by O’Reilly or Juniper Networks
Certified Internet Expert Study Guide by Juniper Networks.
Virtual Chassis
This was an interesting problem to solve. On one hand, virtual chassis was
covered in depth in the book Junos Enterprise Switching by O’Reilly, but on
the other hand there are many caveats and features that are only available on the
Juniper MX. It was decided to provide enough content in the introduction that a
new user could grasp the concepts, but someone already familiar with virtual
chassis wouldn’t become frustrated. Chapter 6 specifically focuses on the
technical prowess of virtual chassis and the Juniper MX implementation of
virtual chassis.
After many hours of debate over Skype, it was decided that we should defer to
other books when it comes to introductory material and keep the content of this
book at an expert level. We expect that most of our readers already have their
JNCIE or CCIE (or are well on their way) and will enjoy the technical quality of
this book. For beginning readers, we want to share an existing list of books that are
widely respected within the networking community:
Junos Enterprise Routing, Second Edition, O’Reilly

Junos Enterprise Switching, O’Reilly
Junos Cookbook, O’Reilly
Junos Security, O’Reilly
Junos High Availability, O’Reilly
QoS-Enabled Networks, Wiley & Sons
MPLS-Enabled Applications, Third Edition, Wiley & Sons
Network Mergers and Migrations, Wiley
Juniper Networks Certified Internet Expert, Juniper Networks
Juniper Networks Certified Internet Professional, Juniper Networks
11


Juniper Networks Certified Internet Specialist, Juniper Networks
Juniper Networks Certified Internet Associate, Juniper Networks
CCIE Routing and Switching, Fourth Edition, Cisco Press
Routing TCP/IP, Volumes I and II, Cisco Press
OSPF and IS-IS, Addison-Wesley
OSPF: Anatomy of an Internet Routing Protocol, Addison-Wesley
The Art of Computer Programming, Addison-Wesley
TCP/IP Illustrated, Volumes 1, 2, and 3, Addison-Wesley
UNIX Network Programming, Volumes 1 and 2, Prentice Hall PTR
Network Algorithmics: An Interdisciplinary Approach to Designing Fast
Networked Devices, Morgan Kaufmann

12


Book Topology
Using the same methodology found in the JNCIP-M and JNCIE-M Study Guides,
this book will use a master topology and each chapter will use a subset of the

devices that are needed to illustrate features and case studies. The master topology
is quite extensive and includes four Juniper MX240s, two EX4500s, two EX4200s,
and various port testers which can generate traffic and emulate peering and transit
links. The topology is broken into three major pieces:
Data Center 1
The left side of the topology represents Data Center 1. The devices include W1,
W2, S1, S2, R1, R2, P1, and T2. The address space can be summarized as
10.0.0.0/14.
Data Center 2
The right side of the topology represents Data Center 2. It’s common for
networks to have more than one data center, so it made sense to create a master
topology that closely resembles a real production network. The devices include
W3, W4, S3, S4, R3, R4, P2, and T2.
The Core
The core is really just a subset of the two data centers combined. Typically
when interconnecting data centers a full mesh of WAN links aren’t cost
effective, so we decided to only use a pair of links between Data Center 1 and
Data Center 2.
For the sake of clarity and readability, the master topology has been broken into
five figures, Figures P-1 through P-5: Interface Names, Aggregate Ethernet
Assignments, Layer 2, IPv4 Addressing, and IPv6 Addressing. The breakdown and
configuration of the equipment is as follows:
W1: Web Server 1. This is a tester port that’s able to generate traffic.
W2: Web Server 2. This is a tester port that’s able to generate traffic.
S1: Access Switch 1. This is a Juniper EX4500 providing both Layer 2 and
Layer 3 access.
S2: Access Switch 2. This is a Juniper EX4500 providing both Layer 2 and
Layer 3 access.
R1: Core Router/WAN Router 1. Juniper MX240 with an MPC2 Enhanced
Queuing line card.

13


R2: Core Router/WAN Router 2. Juniper MX240 with an MPC2 Enhanced
Queuing line card.
R3: Core Router/WAN Router 3. Juniper MX240 with an MPC2 line card.
R4: Core Router/WAN Router 4. Juniper MX240 with an MPC2 Queuing line
card.
S3: Access Switch 3. Juniper EX4200 providing both Layer 2 and Layer 3
access.
S4: Access Switch 4. Juniper EX4200 providing both Layer 2 and Layer 3
access.
W3: Web Server 3. This is a tester port that’s able to generate traffic.
W4: Web Server 4. This is a tester port that’s able to generate traffic.
P1: Peering Router 1. This is a tester port that’s able to generate traffic.
P2: Peering Router 2. This is a tester port that’s able to generate traffic.
T1: Transit Router 1. This is a tester port that’s able to generate traffic.
T2: Transit Router 2. This is a tester port that’s able to generate traffic.

14


Interface Names

15


Figure P-1. Master topology: Interface names

16



Aggregate Ethernet Assignments

17


Figure P-2. Master topology: Aggregate Ethernet assignments

18


Layer 2

19


Figure P-3. Master topology: Layer 2

20


IPv4 Addressing

21


Figure P-4. Master topology: IPv4 addressing

22



IPv6 Addressing

23


Figure P-5. Master topology: IPv6 addressing

24


What’s in This Book?
This book was written for network engineers by network engineers. The ultimate
goal of this book is to share with the reader the logical underpinnings of the Juniper
MX. Each chapter represents a specific vertical within the Juniper MX and will
offer enough depth and knowledge to provide the reader with the confidence
necessary to implement and design new architectures for their network using the
Juniper MX.
Here’s a short summary of the chapters and what you’ll find inside:
Chapter 1
Learn a little bit about the history and pedigree of the Juniper MX and what
factors prompted its creation. Junos is the “secret sauce” that’s common
throughout all of the hardware; this chapter will take a deep dive into the
control plane and explain some of the recent important changes to the release
cycle and support structure of Junos. The star of the chapter is, of course, the
Juniper MX; the chapter will thoroughly explain all of the components, such as
line cards, switch fabric, and routing engines. It also covers the hypermode
feature and introduces the Junos modularity model based on JAM.
Chapter 2

It always seems to surprise people that the Juniper MX is capable of switching;
not only can it switch, it has some of the best bridging features and scalability
on the market. The VLAN mapping is capable of popping, swapping, and
pushing new IEEE 802.1Q headers with ease. When it comes to scale, it can
support over 8,000 virtual switches. MX supports also the VXLAN overlay. A
typical case study—MX as VTEP—will illustrate this new supported feature.
Chapter 3
Discover the world of advanced policing where the norm is creating two-rate
three-color markers, hierarchical policers, cascading firewall filters, and
logical bandwidth policers. You think you already know about Junos policing
and firewall filters? You’re wrong; this is a must-read chapter.
Chapter 4
Everyone has been through the process of creating a 200-line firewall filter and
applying it to the loopback interface to protect the routing engine. This chapter
presents an alternative method of creating a firewall filter framework and only
applies the filters that are specific to your network via firewall filter chains.

25