Cloud Networking Transformation Ahead

Networking is undergoing a metamorphosis. Today’s operations are challenged to cope with the DevOps, NetOps, SecOps and CloudOps models that need consistent operations control. Why should enterprises care? How do you cope with decades of legacy and is change possible? Arista believes that the networking world is at the cusp of a transformation, significantly facilitated by the agile, dynamic and economic network models of the public cloud providers. They have proven the elegance of simple yet scalable designs that transform siloed networks for the data center, core, campus or branch PINs (Places in the Network) into east west PICs(Places in the Cloud). This new paradigm is a far cry from the traditional siloed network architectures that required applications to be assigned to specific servers or storage, causing fixed-function rigidity. Agility and high availability are pivotal foundations to building the new PICs.

As large data sets explode, the use of artificial intelligence applications, video and workflow traffic intermingled with breakthroughs in the mobile Internet from 5G to 400Gbps speeds, creates greater pressures on network portability. This has driven Arista to build a highly programmable state-driven software stack –Arista EOS^® (Extensible Operating System) and network wide CloudVision^®.

Campus is a Natural Extension
As data centers extend to the campus and branch, converting siloed PINs to PICs, applications require increased agility and elasticity, blending cloud native applications and enterprise networks via containers and APIs. The shift to IoT and microservices, be it physical, virtual or container-based with Arista CloudEOS and intelligent wired-WiFi edge connects a common spine with common protocols. This Universal Spine is enabled through CloudVision topology and inference management.

Changing Operation Models
Modern development tools today are closer to distributed systems architectures than before and need to understand failure patterns, network partitions/requirements and how their applications deploy and perform in far more dynamic environments. Traditional CLI based Network ops is lagging behind by decades and the model will only scale if declarative practices are adopted to augment mature DevOps. Ops teams are emerging ‘bottom-up’ as NetOps from IT infrastructure balance out this dynamic. The “operator” functions are rapidly becoming understood and accepted as critical roles within enterprise. CloudVision brings that network wide turnkey control.

Network wide Analytics
Migrating from old school appliances to next generation architectures requires network wide analytics. With switch-based DANZ (Data ANalyZer) and our recent acquisition of Big Switch DANZ Monitoring Fabric, (DMF) we can create overlays to CloudVision for network wide change control, automation and analytics. This is a primary driver of cost and efficiency on Day 2.

Arista Ahead
Until now the intersection of human, users, devices, machines and networking was somewhat loosely- coupled. Now one or many applications or scans can consume gigabytes of data, ingested from IoT devices such as video, storage, and real-time analytics with indexing and queuing views. Arista’s cognitive approach to high availability networking, built on cloud principles of availability, agility, and analytics, brings the combination of inference and real-time action. Troubleshooting shouldn’t be a finger pointing exercise, and live patching should be the norm instead of unplanned outages. The healthy flow of information to critical decision makers demands a cognitive network. Welcome to the new world of software defined cloud networking!

How machine learning and automation can modernize the network edge

If you want to know the future of networking, follow the money — right to the edge.
Applications are expected to move from data centers to edge facilities in record numbers, opening up a huge new market opportunity. The edge computing market is expected to grow at a compound annual growth rate of 36.3 percent between now and 2022, fueled by rapid adoption of the “internet of things,” autonomous vehicles, high-speed trading, content streaming and multiplayer games.
What these applications have in common is a need for near zero-latency data transfer, usually defined as less than five milliseconds, although even that figure is far too high for many emerging technologies.  
The specific factors driving the need for low latency vary. In IoT applications, sensors and other devices capture enormous quantities of data, the value of which degrades by the millisecond. Autonomous vehicles require information in real-time to navigate effectively and avoid collisions. The best way to support such latency-sensitive applications is to move applications and data as close as possible to the data ingestion point, therefore reducing the overall round-trip time. Financial transactions now occur at sub-millisecond cycle times, leading one brokerage firm to invest more than $100 million to overhaul its stock trading platform in a quest for faster and faster trades.

Operational challenges

As edge computing grows, so do the operational challenges for telecommunications service provider such as Verizon Communications Inc., AT&T Corp. and T-Mobile USA Inc. For one thing, moving to the edge essentially disaggregates the traditional data center. Instead of massive numbers of servers located in a few centralized data centers, the provider edge infrastructure consists of thousands of small sites, most with just a handful of servers. All of those sites require support to ensure peak performance, which strains the resources of the typical information technology group to the breaking point — and sometimes beyond. 
Another complicating factor is network functions moving toward cloud-native applications deployed on virtualized, shared and elastic infrastructure, a trend that has been accelerating in recent years. In a virtualized environment, each physical server hosts dozens of virtual machines and/or containers that are constantly being created and destroyed at rates far faster than humans can effectively manage. Orchestration tools automatically manage the dynamic virtual environment in normal operation, but when it comes to troubleshooting, humans are still in the driver’s seat. 
And it’s a hot seat to be in. Poor performance and service disruptions hurt the service provider’s business, so the organization puts enormous pressure on the IT staff to resolve problems quickly and effectively. The information needed to identify root causes is usually there. In fact, navigating the sheer volume of telemetry data from hardware and software components is one of the challenges facing network operators today. 

Machine learning and automation 

A data-rich, highly dynamic, dispersed infrastructure is the perfect environment for artificial intelligence, specifically machine learning. The great strength of machine learning is the ability to find meaningful patterns in massive amounts of data that far outstrip the capabilities of network operators. Machine learning-based tools can self-learn from experience, adapt to new information and perform humanlike analyses with superhuman speed and accuracy.  
To realize the full power of machine learning, insights must be translated into action — a significant challenge in the dynamic, disaggregated world of edge computing. That’s where automation comes in.
Using the information gained by machine learning and real-time monitoring, automated tools can provision, instantiate and configure physical and virtual network functions far faster and more accurately than a human operator. The combination of machine learning and automation saves considerable staff time, which can be redirected to more strategic initiatives that create additional operational efficiencies and speed release cycles, ultimately driving additional revenue. 

Scaling cloud-native applications

Until recently, the software development process for a typical telco consisted of a lengthy sequence of discrete stages that moved from department to department and took months or even years to complete. Cloud-native development has largely made obsolete this so-called “waterfall” methodology in favor of a high-velocity, integrated approach based on leading-edge technologies such as microservices, containers, agile development, continuous integration/continuous deployment and DevOps. As a result, telecom providers roll out services at unheard-of velocities, often multiple releases per week. 
The move to the edge poses challenges for scaling cloud-native applications. When the environment consists of a few centralized data centers, human operators can manually determine the optimum configuration needed to ensure the proper performance for the virtual network functions or VNFs that make up the application.
However, as the environment disaggregates into thousands of small sites, each with slightly different operational characteristics, machine learning is required. Unsupervised learning algorithms can run all the individual components through a pre-production cycle to evaluate how they will behave in a production site. Operations staff can use this approach to develop a high level of confidence that the VNF being tested is going to come up in the desired operational state at the edge. 

Troubleshooting at the speed of AI 

AI and automation can also add significant value in troubleshooting within cloud-native environments. Take the case of a service provider running 10 instances of a voice call processing application as a cloud-native application at an edge location. A remote operator notices that one VNF is performing significantly below the other nine.  
The first question is, “Do we really have a problem?” Some variation in performance between application instances is not unusual, so answering the question requires a determination of the normal range of VNF performance values in actual operation. A human operator could take readings of a large number of instances of the VNF over a specified time period and then calculate the acceptable key performance indicator values — a time-consuming and error-prone process that must repeated frequently to account for software upgrades, component replacements, traffic pattern variations and other parameters that affect performance.
In contrast, AI can determine KPIs in a fraction of the time and adjust the KPI values as needed when parameters change, all with no outside intervention. Once AI determines the KPI values, automation takes over. An automated tool can continuously monitor performance, compare the actual value to the AI-determined KPI and identify underperforming VNFs.
That information can then be forwarded to the orchestrator for remedial action such as spinning up a new VNF or moving the VNF to a new physical server. The combination of AI and automation helps ensure compliance with service-level agreements and removes the need for human intervention — a welcome change for operators weary of late-night troubleshooting sessions. 

Harnessing the competitive edge

As service providers accelerate their adoption of edge-oriented architectures, IT groups must find new ways to optimize network operations, troubleshoot underperforming VNFs and ensure SLA compliance at scale. Artificial intelligence technologies such as machine learning, combined with automation, can help them do that.
In particular, there have been a number of advancements over the last few years to enable this AI-driven future. They include systems and devices to provide high-fidelity, high-frequency telemetry that can be analyzed, highly scalable message buses such as Kafka and Redis that can capture and process that telemetry, and compute capacity and AI frameworks such as TensorFlow and PyTorch to create models from the raw telemetry streams. Taken together, they can determine in real time if operations of production systems are in conformance with standards and find problems when there are disruptions in operations.
All that has the potential to streamline operations and give service providers a competitive edge — at the edge.

Secure SD-WAN - Branch Platforms

The announcement of Juniper's newest hardware additions for the AI-driven enterprise makes our portfolio of CPE the most extensive for secure SD-WAN across all sizes of branch and campuses. There’s no denying the growing importance of SD-WAN for providing secure and efficient connectivity of remote sites to the cloud. Even more important is enterprises’ need to drive operational simplicity and uniformity across the branch and campus in today’s multicloud environment. For SD-WAN to be successful, the key is to satisfy the needs of today while preparing for the ones of tomorrow and beyond.

One of the core needs of increasing importance for SD-WAN is security. Traditional security solutions don’t cut in when it comes to performance, interconnectivity and flexibility, meanwhile, SD-WAN-centric solutions may offer elementary security features that will ultimately put the business at risk. The industry is at an intersection where SD-WAN features and advanced threat protection need to be designed hand-in-hand to safeguard users, applications and infrastructure. This has been our exact focus for our SD-WAN solution and, to that end, we’ve now expanded our range of CPE hardware in the WAN edge portfolio to include:

Wi-Fi Mini Physical Interface Module (mPIM): An enterprise-grade Wi-Fi card for compact locations with our SRX Series Services Gateways. It provides dual radio support of 2.4 and 5Ghz frequencies along with 802.11ac Wave 2 and 802.11ac with backward compatibility of 802.11n standards. The module is suited for remote offices, guest Wi-Fi, small office, IoT connectivity or kiosks. It is an ideal branch-in-a-box solution where one access point is sufficient.

This mPIM is manageable by CLI, JWeb or Juniper Sky Enterprise. It also offers ZTP and management via the Contrail Service Orchestration interface, as part of Juniper’s cloud-managed or on-premises Contrail SD-WAN solution.



SRX380: For larger branches, the SRX380 is the fastest performing CPE platform of the branch SRX300 product line. Leading features include high port density with 10G options for high on-board connectivity, increased POE+ port density for IoT devices, AE256 MACsec encryption, dual power supplies and up to four MPIM card slots for wired or wireless connectivity.

The SRX380 can be adapted to be a secure SD-WAN and next-gen firewall device. Users can add advanced threat prevention services to expand on the native next-generation firewall and UTM capabilities, IPS and AppSecure application visibility and policies.


NFX350: The NFX350 is a high-end universal CPE platform in the NFX Series for large branch site deployments. Built on the next generation of Intel processors, Skylake, it offers up to 7.5 Gbps IPsec performance for higher SD-WAN scale and performance, while redundant power supplies provide greater platform resiliency. It includes 8x1Gbps and 8xSFP/SFP+ ports with AES256 MACsec support for high network connectivity and WAN interfaces for LTE, DSL and SFP. Support for multiple Juniper and third-party VNFs enables customers to accelerate application deployment in an automated and scalable fashion.

The NFX350 universal CPE platform fits the bill as a secure router, SD-WAN device or next-generation firewall. Consistent with the NFX Series, users reap the many benefits of SD-WAN, but most importantly, the simplicity of automation and consolidation with the reliability of smarter security and SDN.



These new products meet the needs of both the top and bottom ends of all branch and campus sizes – the SRX Wi-Fi mini card for compact spaces and the SRX380 and NFX350 as top line branch CPEs. Be sure to tune in or test drive Contrail SD-WAN for free.

Juniper Flex Program

Juniper Flex Program Overview

The Juniper Flex Program is a framework, set of policies, and tools that help unify and thereby simplify Juniper product-driven licensing and packaging.

The major components of the framework are:

• A focus on customer segments (enterprise, service provider, and cloud) and use cases for Juniper Networks hardware and software products.
• The introduction of subscription licenses and subscription portability for all Juniper Networks products including Junos OS, Contrail, and Juniper cloud-based services.
• The introduction of a common three-tiered model (standard, advanced, and premium) for all Juniper Networks software products.

Getting Started with the Juniper Flex Program

As a customer ordering a Juniper Networks product that includes hardware, you order:

• The hardware platform that includes the standard license.
• The customer support package that fits your needs.
• The advanced or premium subscription licenses, according to your use case. These subscription licenses include embedded customer support.

As a customer ordering a Juniper Networks software product, you order:

• The standard, advanced or premium subscription license, according to your use case. These subscription licenses include embedded customer support.

Understanding the Three-Tiered Model for the Juniper Flex Program

As new hardware platforms become available with the Juniper Flex Program, you can customize your purchase using one of the following three models:

• Standard License
  The standard license includes the hardware platform and a license to use the software with the standard feature set. Standard Return Material Authorization (RMA) policies apply with no changes in case of hardware failure. Customer support is ordered separately as you select your preferred hardware support policy and support for the standard software features. For more information about support policy, see Contact Support. The hardware platform does not require a separate license, and the software right-to-use (RTU) license is perpetual for the licensed features.
• Advanced License
  The advanced license includes the subscription-based license to use the advanced software features. The license term is 1 year, 3 years, or 5 years. Customer support for the software features is included. These features differ by use case and platform. For example, to view the list of features for the QFX5200 switch, see QFX5200 Switch SKUs.
• Premium License
  The premium license includes the subscription-based license to use the Junos OS software features. The license term is 1 year, 3 years, or 5 years. Customer support for the software features is included. These features differ by use case and platform. The premium license is a superset and includes all the features from the advanced license and additional features. For example, to view the list of features for the QFX5200 switch, see QFX5200 Switch SKUs.

Figure 1: Three-Tiered Model for the Juniper Flex Program

Understanding Subscription Licenses

All advanced and premium licenses are offered as subscriptions. Subscription licenses are available in 1 year, 3 years, or 5 years terms. After the order fulfilment, the subscription period begins after the completion of 30 days grace period.

Table 1 describes the subscription terms for purchase and number of months to use the license.

Table 1: Subscription Terms Details

Subscription Terms	Number of Months for the License
1 year	13 months
3 years	37 months
5 years	61 months

The subscription licenses include the following attributes:

• Specific products might offer a subset of these licenses. At the end of the term, you have three options:
  • You can renew the subscription, to continue to use the features and scale granted under the license.
  • You can order a replacement subscription. For example, when an advanced subscription term expires, you might have the requirement to upgrade to the premium subscription term.
    Upgrading and downgrading the subscription models is supported. In both cases, subscription models are processed as a new order, and you might use the features and scale granted under the new license. For example, you have a 5 years subscription and you want to downgrade to 3 years subscription and the other way around.
  • You might decline to renew or purchase a replacement subscription. In this case, you may no longer use the features and scale granted under the expired subscription. You can continue to use the hardware and any software features which are granted under a perpetual license.
• Subscription licenses include Juniper customer support for software features as part of the subscription license, unless customer support is provided by a Juniper partner directly. There is no need to order a separate customer support policy for the advanced and premium licenses.
• Premium license includes all the features in the premium and advanced licenses.
• Subscriptions may be ordered at any time.
• New software features may be available over time with new software versions.
• Subscription licenses are portable for similar devices.
• Subscriptions are cancelable at the end of the term.
• Renewals are not automatic.

Licensing Support on the Juniper Flex Program

The Juniper Flex Program offers the following support:

• Portability for Subscription Licenses
  Subscription licenses are portable. This means that if you buy a new similar hardware platform, then you can port the subscription license. You can stop using the license on one hardware platform and move it to another hardware platform. This portability allows you to balance features across hardware platforms in the network without having to buy extra feature licenses.
• Perpetual Licenses
  The standard Junos OS software shipped on the hardware platform includes a perpetual license, and this license is valid for the life of the hardware platform. The advanced and premium licenses are made available through the subscription license.
• Feature-Based Licensing
  Some Juniper products offered add-on feature licenses. In the new licensing model, feature licenses are included in the standard, advanced, or premium licenses.
  For information about how to purchase a software license, contact your Juniper Networks sales representative at https://www.juniper.net/in/en/contact-us/.

Building Bridges in the Enterprise on the Journey Toward the Self-Driving Network™

Networks are meant to connect. Yet all too often network operations are disconnected, creating chasms instead of bridges for IT departments. 

This is especially true in the world of Software-Defined Networking (SDN). The goal of SDN is to bring more agility to network operations through the abstraction and automation of network control functions.  However, the industry has forced out disparate SDN solutions that tend to address specific use cases, instead of delivering a holistic solution for the entire enterprise. This has prevented most companies from realizing the full potential of SDN technology. It doesn’t have to be this way.

Juniper Networks has always offered a best-in-class SD-WAN solution with unprecedented scale, robust security and an unsurpassed array of performance options for campus, branch and public cloud WAN connections. In addition, we maximize flexibility with both on-premises and cloud-managed service options for SDN control. Today, we’ve expanded on these advantages even further with several enhancements to the company’s enterprise portfolio that bring even more flexibility, scale and cost savings to campus and branch environments and bring us one step closer to transforming enterprise IT with true AI-driven networks.

A Unified SD-Branch

We’re pleased to announce that Juniper’s SD-WAN solution has grown to also include software-defined LANs. From a common cloud-managed portal, our customers can now easily provision Juniper EX Series switches (e.g. the EX4650, EX4600, EX4300, EX3400 and EX2300 models), manage LAN fabrics and configure LAN virtualization and security policies in the same way they operate their SD-WAN environments. This automated functionality simplifies operations to reduce costs, streamline workflows and leverage the WAN and LAN network for connected security. In addition to the cloud-managed SD-WAN solution, these features will also be in the downloadable controller software for optional on-premises deployment.

Continuing on the theme of unified operations, we have also made it easier to operate Wi-Fi networks in conjunction with the SD-Branch. The same portal for SD-WAN and SD-LAN can be used to show Mist wireless access points and launch the Mist cloud for WLAN provisioning, troubleshooting, management and other day-to-day operations, including our unique wired/wireless assurance capabilities. 



Juniper has a unique and innovative vision of unifying wired/wireless LANs, SD-WAN and security under a common framework that delivers unparalleled automation, insight and actions to our enterprise customers.  These latest enhancements take us one step closer to that goal by expanding the breadth of our cloud offering and delivering even more deployment options for simple, seamless and secure campus and branch networks

Portfolio Breadth for Any Size Enterprise Site

While Juniper’s strength in operational simplicity is fueled by our software innovation (managed via the cloud), we also differentiate -- and excel -- with the quality and breadth of our hardware portfolio. To that end, we are pleased to announce several new additions to our CPE family.

For the more compact branch locations, Juniper is introducing a Wi-Fi card for our line of branch SRX (SRX 3xx and SRX550) next-generation firewalls and secure SD-WAN edge devices.


With the addition of the Wi-Fi card and its smart zero-touch configuration options, the branch SRX is now the perfect all-in-one device for a compact all-wireless branch, SOHO or kiosk, where only one access point is needed. Like the other SRX mini-cards, this new card is integrated into the Contrail SD-WAN solution via Junos. For users with modest network management needs, the SRX with Wi-Fi card is also supported in our cloud-based Juniper Sky Enterprise.

New to the top end in the branch SRX Series is the SRX380. It comes with several leading performance features: 1Gbps IPsec performance, four 10G ports, 16 PoE+ ports for greater wattage and density and AES256 MACsec encryption. Its four mini-card slots expand wired or wireless connectivity with, for example, the new Wi-Fi card, LAN port cards for PoE-powered IoT devices and dual-SIM LTE cards for reliable auto-failover wireless SD-WAN connectivity.

Advancing Juniper’s leadership position in universal CPE even further, new to the NFX Series, is the NFX350. The NFX350 will roll out with the latest in x86 horsepower, along with more storage and memory for secure SD-WAN supporting adjacent virtual network functions and other branch-local applications. All NFX350 devices come with eight 10G and eight 1G interfaces and, depending on the configuration, up to 2TB of storage, 128GB of RAM and 32 vCPUs. The fully loaded NFX350 will support up to 40Gbps of NG-firewalling and up to 8Gbps of IPSec.

It’s Time for the AI-Driven Enterprise

Juniper believes that an AI-driven architecture is the ultimate end game for enterprise IT. It drives simplicity which saves time and money. It increases network predictability and reliability to deliver much needed assurance. And it lays the foundation for driving more value to the business. Fortunately, Juniper has all the right elements to make this happen -- a complete product portfolio, the world’s best AI engine, a modern cloud built for agility and scale and a relentless commitment to execution.  

Not long ago, Juniper announced the integration of wired and wireless access under a common cloud and AI-engine. By unifying our SD-Branch solution under a common cloud-managed portal and federating management between LAN, WLAN and WAN environments, Juniper has taken great strides toward delivering on the ultimate promise of the AI-driven enterprise.

If you’re joining us at NXTWORK EMEA in London this week, be sure to check out breakout sessions and demos on all of the above, and don’t miss our weekly webinars on SD-WAN and Mist wireless. When you’re ready to judge for yourself, watch the demo playlist for SD-WAN and SD-LAN and sign up for a free trial of Contrail SD-WAN, soon expanding to include a guided tour of our LAN fabric management too.

Juniper broadens SD-Branch management, switch options

Juniper has taken the wraps off new software and switches that are designed to broaden user options in deploying software-defined branch offices and enterprise networks.
The company bolstered its Contrail SD-WAN cloud package to include support for SD-LAN-specific operations, such as provisioning of new devices and managing branch office LANs.

"From one cloud portal, customers can now provision Juniper EX Series switches to manage LAN fabrics and configure LAN virtualization and security policies in the same way they operate their SD-WAN environments," wrote Manoj Leelanivas, chief product officer at Juniper, in a blog about the enhancements. "This automated functionality simplifies operations to reduce costs, streamline workflows and leverage the WAN and LAN network for connected security. In addition to the cloud-managed SD-WAN solution, these features will also be in the downloadable controller software for optional on-premises deployment."


The Contrail SD-WAN cloud offering, announced earlier this year, expanded on the company’s existing on-premise (SRX-based) and virtual (NFX-based) SD-WAN offerings to include greater expansion possibilities – up to 10,000 spoke-attached sites and support for more variants of passive redundant hybrid WAN links – and topologies such as hub and spoke, partial, and dynamic full mesh, Juniper stated.


The service brings with it Juniper’s Contrail Service Orchestration package, which secures, automates, and runs the service lifecycle across NFX Series Network Services Platforms, EX Series Ethernet Switches, SRX Series next-generation firewalls, and MX Series 5G Universal Routing Platforms. Ultimately it lets customers manage and set up SD-WANs, and now LANs, all from a single portal.


That same portal can be used to show Mist wireless access points and launch the Mist cloud for WLAN provisioning, troubleshooting, management and other day-to-day operations, including Juniper's wired/wireless assurance capabilities, Leelanivas stated. Juniper in April closed the agreement to buy wireless-gear-maker Mist for $405 million and has been incorporating the Mist technology with its own.

Mist is known for its cloud-managed, AI-based wireless service called WiFi Assurance, which measures performance and service-level metrics to make wireless networks more predictable and reliable, according to the company. Mist's cloud-based system features an AI-driven technology, called Marvis, that brings dynamic packet-capture and machine-learning technology to automatically identify, adapt and fix network issues.


Juniper recently announced Mist is expanding its cloud-based Assurance program to include wired platforms. Wired Assurance can tap into Juniper’s core network operating system, Junos, and gather telemetry data that will measure network performance for connected endpoints, including IoT devices, the company said. It also features anomaly detection to alert when there is a deviation in switch performance from baseline metrics before users know issues exist.
On the hardware side, Juniper expanded its branch switching options to include:

• NFX350: The NFX350 family features eight 10G and eight 1G interfaces and, depending on the configuration, up to 2TB of storage, 128GB of RAM and 32 vCPUs. The fully loaded NFX350 will support up to 40Gbps of NG-firewalling and up to 8Gbps of IPSec.
• SRX380: The SRX380 comes with several key performance features, including 1Gbps IPsec performance, four 10G ports, 16 PoE+ ports for greater wattage and density, AES256 MACsec encryption and four mini-card slots for expanded connectivity.
• A new Wi-Fi card for branch SRX boxes that lets customers deploy Wi-Fi with zero-touch configuration alongside LTE, Ethernet and other traditional network transport options.

This story, "Juniper broadens SD-Branch management, switch options" was originally published by Network World.

JTAC Recommended Junos Software Versions

Summary:

JTAC recommended versions of Junos software are listed to assist with determining which version of software to download and install.
This article applies to the following devices:

• EX Series
  
• M, T, and MX Series
• ACX Series
  
• QFX Series
  
• SRX Series
  
  

For other Junos devices, refer to the Release Notes and the Alerts column on the Download Software pages.
Note: To be automatically notified of updates to this document, use the Subscribe link in the toolbox on the right of the page. If you do not see the Subscribe link, log in with your user account.
Important Software Upgrade Notification
Before loading a software release, Juniper recommends that you read the associated Release Notes to understand how features, functionality, fixes and any known outstanding issues will apply to your specific network and applications. A second sensible recommendation is for you to test the release in your lab whereby you emulate your topology and traffic flows where possible to further understand how your network will perform with the new release in your unique environment.
 Juniper offers optional services to aide customers in selecting and testing software releases. If interested in more information, please contact your Juniper Sales Representative to discuss offerings and pricing.

Symptoms:

For customers planning an upgrade or initial installation, JTAC recommends the Junos software versions in this article. These versions are selected using input from Juniper Engineering, customers, and analysis of field usage data.
Exceptions to this include:

• JTAC has specifically recommended that customers use a version of Junos software that is different from what is listed.
  
• You require specific features (Feature Explorer) that are available only in another version of Junos software. In this case, be sure to download the latest maintenance release.
  
• Your currently installed version of Junos is working well.
  
• If you use NSM, refer to the NSM & Junos Compatibility Matrix to make sure the recommended Junos software version can be managed by NSM.
   

To see the list​ of End of Engineering (EOE) and EOS (End of Support) dates for specific Junos versions, please go to the Junos Dates & Milestones page: https://support.juniper.net/support/eol/software/junos/
To see features supported per specific Junos versions, please go the Juniper Pathfinder page and navigate to "Feature Explorer": https://apps.juniper.net/home/

Solution:

To download Junos Software, go to the Software Download site and find your product.
The JTAC Recommended Junos Releases are in the tables below.

NOTE: To locate a Junos release containing an 'S' (i.e. Junos 17.3R3-S3), on the Software Download product page change the OS drop-down from Junos to Junos SR

 

Select to jump to a platform series:

EX Series	M, T, PTX, MX Series	ACX Series
QFX Series	SRX Series

 

EX Series Ethernet Switches

Platform	JTAC Recommended Junos Software by Platform	Last Updated
EX2200 (See Note 3)	Junos 12.3R12-S12	12 Feb 2019
EX2200-C ( See Note 3)	Junos 12.3R12-S12	12 Feb 2019
EX2300	Junos 15.1X53-D591 / 18.2R3-S1	24 Sep 2019
EX2300-C	Junos 15.1X53-D591 / 18.2R3-S1	24 Sep 2019
EX3200	Junos 12.3R12-S12 / 14.1X53-D40	12 Feb 2019
EX3300 ( See Note 4)	Junos 12.3R12-S12	12 Feb 2019
EX3400	Junos 15.1X53-D591 / 18.2R3-S1	24 Sep 2019
EX4200	Junos 12.3R12-S12 / 15.1R7	12 Feb 2019
EX4300	Junos 18.1R3-S6	26 Jul 2019
EX4300-MP	Junos 18.4R1-S3	26 Jul 2019
EX4500	Junos 12.3R12-S12 / 15.1R7	12 Feb 2019
EX4550	Junos 12.3R12-S12 / 15.1R7	12 Feb 2019
EX4600	Junos 18.1R3-S6	26 Jul 2019
EX4650	Junos 18.4R1-S3	26 Jul 2019
EX6200	Junos 12.3R12-S12 / 15.1R7	12 Feb 2019
EX8200 (See Note 2)	Junos 12.3R12-S12 / 15.1R7	12 Feb 2019
EX8200-VC (XRE200) (See Note 2 )	Junos 12.3R12-S12 / 15.1R7	12 Feb 2019
EX9200	Junos 17.3R3-S5	26 Jul 2019
EX9251	Junos 18.4R1-S3	26 Jul 2019
EX9253	Junos 18.4R1-S3	26 Jul 2019
Junos Fusion Enterprise (JFE)	Junos 17.4R2-S6	26 Jul 2019

Notes:

1. It is highly recommended to refer to the Release Notes, Technical Documentation, and KB articles for any outstanding and resolved issues before making the upgrade decision. Contact JTAC if there are any queries.
2. Please refer to TSB16758 for minimum software requirements for newer revision EX8200 linecards.
3. Please refer TSB17138  for more details.
4. Please refer TSB17329 .

(back to the top)

ACX Series Service Routers

Platform	JTAC Recommended Junos Software by Platform	Release Type	Last Updated
ACX500	Junos 17.4R2-Sx (where x=latest on download page)	Standard	9 April 2019
ACX1000	Junos 17.4R2-Sx (where x=latest on download page)	Standard	9 April 2019
ACX1100	Junos 17.4R2-Sx (where x=latest on download page)	Standard	9 April 2019
ACX2000	Junos 17.4R2-Sx (where x=latest on download page)	Standard	9 April 2019
ACX2100	Junos 17.4R2-Sx (where x=latest on download page)	Standard	9 April 2019
ACX2200	Junos 17.4R2-Sx (where x=latest on download page)	Standard	9 April 2019
ACX4000	Junos 17.4R2-Sx (where x=latest on download page)	Standard	9 April 2019
ACX5448	Junos 18.3R1-Sx (where x=latest on download page)	Standard	9 April 2019
ACX5048 / ACX5096	Junos 17.4R2-Sx (where x=latest on download page)	Standard	9 April 2019

(back to the top)

M, T, PTX, and MX Series Routers

Platform	JTAC Recommended Junos Software by Platform	Release Type	Last Updated
M Series	Junos 15.1R7/16.1R7	Standard	19 Mar 2019
T Series (all including TX, TXP, TXP-3D)	Junos 15.1R7/16.1R7	Standard	19 Mar 2019
PTX Series (except PTX10002, and 10016)	Junos 17.3R3-S1/17.4R2	Service/Standard	18 Oct 2018
PTX10002	Junos 18.2R1	Standard	18 Oct 2018
PTX10016	Junos 17.4R2	Standard	18 Oct 2018
MX Series	Junos 15.1F6-S10/15.1R7 Junos 17.3R3-S2	Standard/Service	29 Nov 2018
MX 2010/2020 with MPC6/7/8/9	Junos 15.1F6-S10 Junos 17.3R3-S2	Service/Standard	29 Nov 2018
MX 2008 Series	Junos 15.1F7 Junos 17.3R3-S2	Service/Standard	29 Nov 2018
MX5, MX10, MX40, MX80, MX104 Series	Junos 15.1R7 Junos 17.3R3-S2		29 Nov 2018
MX150, MX204, MX10003 Series	Junos 17.4R2	Standard	18 Oct 2018
MX10008 Series	Junos 18.2R1	Standard	18 Oct 2018
MX Subscriber Management(*3)	Junos 18.2R3 Junos 18.4R2	Standard	23 July 2019
MX Services on MS-DPC	Junos 17.3R3-S5	Standard	23 July  2019
MX Services on MS-MPC/MIC(*4)	Junos 17.3R3-S5	Standard	23 July 2019
MX Virtual Chassis	Junos 17.3R3-S5	Standard	23 July 2019
Virtual Route Reflector	Junos 17.3R3-S5	Standard	23 July 2019
vMX / vBNG(*2)	Junos 17.3R3-S5	Standard	23 July 2018

  Notes:

1. Junos 12.3R3 and 12.3R4 are not recommended for deployment on MX5, MX10, MX40, MX80, and all MX-3D FPC. See PR896592 or contact JTAC for additional information.
2. To obtain the specified Service Release, please contact JTAC.
3. This includes subscriber management deployments that incorporate services such as CGNAT, etc.
4. This release is also recommended for deployments that include both MS-MPC/MIC and MS-DPC modules within the same chassis.
5. See KB33938 for detail information and directly downloadable links to software for M/MX/PTX/T-Series JUNOS Software

  (back to the top)

QFX Series

Platform	JTAC Recommended Junos Software by Platform	Last Updated
QFX3500 / QFX3600	Junos 14.1X53-D47	26 Jul 2019
QFX5100	Junos 18.1R3-S6	26 Jul 2019
QFX5200	Junos 18.1R3-S6	26 Jul 2019
QFX5110	Junos 18.1R3-S6	26 Jul 2019
QFX5120-48Y	Junos 18.4R1-S3	26 Jul 2019
QFX5210	Junos 18.1R3-S6	26 Jul 2019
QFX10002 / QFX10008 / QFX10016	Junos 17.3R3-S5	26 Jul 2019
QFX10002-60C	Junos 18.1R3-S6	26 Jul 2019
EVPN-VXLAN Fabric CRB (Centrally Routed Bridging)	Junos 17.3R3-S5	26 Jul 2019
EVPN-VXLAN Fabric ERB ( Edge Routed Bridging)	Junos 18.1R3-S6	26 Jul 2019
Junos Fusion Datacenter (JFD) - MC-LAG	Junos 17.3R3-S3	12 Feb 2019
Junos Fusion Datacenter(JFD) - EVPN	Junos 18.1R2-S2	28 Feb 2019
Qfabric (See Note 1)	Junos 14.1X53-D130	30 Jul 2019

Note:

1. Qfabric NSSU upgrade from Junos 12.2X50 to later releases is NOT recommended. Please see TSB16842 for more details.

(back to the top)

SRX Series Services Gateways

Platform	JTAC Recommended Junos Software by Platform	Release Type	Last Updated
vSRX	Junos 15.1X49-D170(*5)	Standard	16 Apr 2019
vSRX 3.0	Junos 18.4R2	Standard	30 Sep 2019
SRX100B/H	Junos 12.1X46-D86	Standard	30 Sep 2019
SRX100H2	Junos 12.3X48-D85	Standard	30 Sep 2019
SRX110H	Junos 12.1X46-D86	Standard	30 Sep 2019
SRX110H2	Junos 12.3X48-D85	Standard	30 Sep 2019
SRX210BE/HE	Junos 12.1X46-D86	Standard	30 Sep 2019
SRX210HE2	Junos 12.3X48-D85	Standard	30 Sep 2019
SRX220H	Junos 12.1X46-D86	Standard	30 Sep 2019
SRX220H2	Junos 12.3X48-D85	Standard	30 Sep 2019
SRX240B/H/B2	Junos 12.1X46-D86	Standard	30 Sep 2019
SRX240H2	Junos 12.3X48-D85	Standard	30 Sep 2019
SRX300 / SRX320 / SRX340 / SRX345	Junos 18.2R3-S1(*5)	Service	30 Sep 2019
SRX550	Junos 12.3X48-D85	Standard	30 Sep 2018
SRX550HM	Junos 18.2R3-S1(*5)	Service	30 Sep 2019
SRX650	Junos 12.3X48-D85	Standard	30 Sep 2019
SRX1400 (*3)	Junos 12.3X48-D85	Standard	30 Sep 2019
SRX1500	Junos 15.1X49-D170(*5)	Standard	16 Apr 2019
SRX3400 / SRX3600 (*3)	Junos 12.3X48-D85	Standard	30 Sep 2019
SRX4100 / SRX4200	Junos 15.1X49-D170(*5)	Standard	16 Apr 2019
SRX4600	Junos 18.2R3-S1(*5)	Service	30 Sep 2019
SRX5400 / SRX5600 / SRX5800 with SRX5K-RE3-128G, SRX5K-SCB4, SRX5K-IOC4-10G or SRX5K-IOC4-MRAT (*2)	Junos 19.3R1	Standard	30 Sep 2019
SRX5400 / SRX5600 / SRX5800 with RE-1800X4 and SRX5K-SPC3 (*2)	Junos 18.2R3-S1(*5)	Service	30 Sep 2019
SRX5400 / SRX5600 / SRX5800 with RE-1800X4 (*2)	Junos 15.1X49-D170(*5)	Standard	16 Apr 2019
SRX5400 / SRX5600 / SRX5800 with SRX5K-RE-13-20 (*2)(*3)	Junos 12.3X48-D75 (*1)(*4)	Standard	26 Sep 2018

Notes:

1. KB29651 - Unable to upgrade from Junos OS 12.1X46 to subsequent releases of Junos OS on SRX5400/5600/5800 platforms due to "The /cf filesystem is low on free disk space" on SRX5k RE-13-20.
   
2. KB30446 - SRX Junos SRX5K Hardware / Software compatibility matrix.
   
3. TSB16905 - On SRX High-End platforms, when NAT is configured, ISSU upgrade from 12.1X46-D40 to any higher releases results in loss of security policies.
   
4. PR1458501 - On SRX5000 series with SRX5k RE-13-20 a software upgrade to Junos 12.3X48-D80 and higher releases may fail the pre-check due to insufficient space available on the compact flash. Workaround is to use the USB install-media or first downgrade to 12.3X48-D10 and then upgrade to the target release.
   
5. Notes for upgrading from Junos 15.1X49 releases to 18.2R3 or 18.2R3 based Service Releases:
   
   • Junos OS upgrade from 15.1X49 directly to 18.2R3 or 18.2R3 based Service Releases is supported for all SRX platforms, except vSRX. To upgrade vSRX from 15.1X49 to higher versions, deploy a new vSRX VM.
     
   • ISSU is not supported when upgrading from Junos 15.1X49 to higher versions.
     
   • KB34945 - When Junos Space Security Director is used for managing the SRX configuration and the AppFW, IDP or UTM features are used, then when upgrading to Junos 18.2R1 or higher, the SRX configuration needs to be migrated to the new Unified Policies style and Security Director version 19.3 or higher is required.
     
   • When upgrading from Junos 15.1X49-D170 to Junos 18.2 releases, the following features will not be available after the upgrade:
     
     • GTP Inspection - GTP tunnel enhancements (SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, SRX5800, and vSRX instances). This feature was introduced in 15.1X49-D140 and 18.3R1 and higher releases.
     • The following CSO / SD-WAN related features:
       • Application-based multipath support (SRX Series and vSRX)
       • Application quality of experience scaling support (SRX4100, SRX4200)
       • AppQoE support in high availability mode (SRX4100, SRX4200)
       • Application path selection based on link preference and priority (SRX300, SRX320, SRX340, SRX345, SRX550M, SRX1500, SRX4100 SRX4200, and vSRX)
       • Virtual routing and forwarding instances security features support (SRX300, SRX320, SRX340, SRX345, SRX550M, SRX1500, SRX4100, SRX4200, and vSRX)
       • VRF group in L3VPN traffic (SRX Series and vSRX)
   
   

(back to the top)

 

Modification History:

2019-09-30: Updated SRX4600, SRX5k-SPC3, SRX200, 300, 550(M), 650 series and SRX1k/3k, added new entries for the vSRX 3.0 and SRX5k RE3/IOC4/SCB4
2019-07-25: Updated MX Subscriber and MX Services information
2019-07-21: Adding "Important Software Upgrade Notification" in the beginning
2019-06-25: Add a link to KB33938 for details of M-Series, MX-Series, PTX-Series, and T-Series
2019-04-25: Corrected SRX download links
2019-04-16: Updated SRX releases
2019-04-10: Fixed QFabric and EX6200 links.
2019-03-19: Removing EOL released from M-series, and T-series
2019-03-01: Added note on how to locate Junos release versions containing an 's'
2019-02-28: Updated for several SRX platforms; added link to Feature Explorer.
2019-01-30: Fixed broken links for MX and vMX.
2018-12-19: Updated JRR for SRX5k with SPC3
2018-10-15: Updated SRX JRR versions and removed SRX210B and SRX210H platforms due to EOS reached.
2018-10-05: SRX: Move direct link to JRR version to the middle column that references JRR version
2018-10-03: SRX: Added direct link to JRR version per platform
2018-09-26: Removed J-Series platforms, due to EOS reached.
2018-06-25: Updated releases for ACX, MX and vMX platforms.
2018-05-17: Corrected link to SRX4600's software download page.
2018-05-15: Updated the recommended release for ACX5048 / ACX5096
2017-11-16: Updated VRR to 16.2
2017-04-18: Added jump links for quick access to platform series sections