Juniper SRX5400 Hardware Guide

SRX5400 Services Gateway Hardware

Published

2020-11-10

Guide

Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in
the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks
are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.

SRX5400 Services Gateway Hardware Guide

Copyright © 2020 Juniper Networks, Inc. All rights reserved.

The information in this document is current as of the date on the title page.

ii

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related
limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

END USER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with)
Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement
(“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you
agree to the terms and conditions of that EULA.

Table of Contents

1

About the Documentation | xv

Documentation and Release Notes | xv

Using the Examples in This Manual | xv

Merging a Full Example | xvi

Merging a Snippet | xvii

Documentation Conventions | xvii

Documentation Feedback | xx

Requesting Technical Support | xx

Self-Help Online Tools and Resources | xxi

Creating a Service Request with JTAC | xxi

iii

Overview

SRX5400 Services Gateway System Overview | 23

SRX5400 Services Gateway Description | 23

Benefits of the SRX5400 Services Gateway | 24

SRX5400 Services Gateway FRUs | 25

SRX5400 Services Gateway Component Redundancy | 26

SRX5400 Chassis | 27

SRX5400 Services Gateway Chassis | 27

SRX5400 Services Gateway Physical Specifications | 29

SRX5400 Services Gateway Midplane Description | 30

SRX5400 Services Gateway Craft Interface Overview | 31

SRX5400 Services Gateway Craft Interface Alarm LEDs and Alarm Cutoff/Lamp Test

Button | 32

SRX5400 Services Gateway Craft Interface Host Subsystem LEDs | 33

SRX5400 Services Gateway Craft Interface Power Supply LEDs | 33

SRX5400 Services Gateway Craft Interface Card OK/Fail LEDs | 34

SRX5400 Services Gateway Craft Interface Fan LEDs | 34

SRX5400 Services Gateway Craft Interface Online/Offline Buttons | 35

SRX5400 Services Gateway Craft Interface Alarm Relay Contacts | 37

SRX5400 Cooling System | 39

SRX5400 Power System | 41

SRX5400 Services Gateway Power System Overview | 42

SRX5400 Services Gateway AC Power Supply | 44

SRX5400 Services Gateway AC Power Supply Specifications | 44

SRX5400 Services Gateway AC Power Supply LEDs | 45

AC Power Cord Specifications for the SRX5400 Services Gateway | 46

AC Power Circuit Breaker Requirements for the SRX5400 Services Gateway | 49

SRX5400 Services Gateway DC Power Supply | 49

SRX5400 Services Gateway DC Power Supply Specifications | 50

SRX5400 Services Gateway DC Power Supply LEDs | 50

DC Power Cable Specifications for the SRX5400 Services Gateway | 51

iv

DC Power Cable Lug Specifications for the SRX5400 Services Gateway | 52

DC Power Circuit Breaker Requirements for the SRX5400 Services Gateway | 53

DC Power Source Cabling for the SRX5400 Services Gateway | 53

SRX5400 Services Gateway Chassis Grounding Point Specifications | 54

SRX5400 Services Gateway Grounding-Cable Specification | 55

SRX5400 Services Gateway Grounding-Cable Lug Specification | 56

SRX5400 Host Subsystem | 57

SRX5400 Services Gateway Host Subsystem Overview | 57

Switch Control Board SRX5K-SCB Overview | 58

Switch Control Board SRX5K-SCB Specifications | 59

Switch Control Board SRX5K-SCBE Overview | 62

Switch Control Board SRX5K-SCBE Specifications | 63

SRX5K-SCBE LEDs | 65

Switch Control Board SRX5K-SCB3 Overview | 66

Switch Control Board SRX5K-SCB3 Specifications | 67

SRX5K-SCB3 LEDs | 68

Routing Engine SRX5K-RE-13-20 Overview | 68

Routing Engine SRX5K-RE-13-20 Specifications | 69

Routing Engine SRX5K-RE-1800X4 Overview | 72

SRX5K-RE-1800X4 Routing Engine Boot Sequence | 73

Routing Engine SRX5K-RE-1800X4 Specifications | 73

SRX5K-RE-1800X4 LEDs | 75

Routing Engine SRX5K-RE3-128G Specifications | 76

SRX5K-RE3-128G Routing Engine Components | 78

SRX5K-RE3-128G Routing Engine LEDs | 79

SRX5K-RE3-128G Routing Engine Boot Sequence | 80

SRX5400 Line Cards and Modules | 81

SRX5400, SRX5600, and SRX5800 Services Gateway Card Overview | 82

Cards Supported on SRX5400, SRX5600, and SRX5800 Services Gateways | 83

SRX5400 Services Gateway Card Cage and Slots | 86

SRX5400 Services Gateway Services Processing Card Overview | 87

Services Processing Card SRX5K-SPC-2-10-40 Specifications | 88

Services Processing Card SRX5K-SPC-4-15-320 Specifications | 93

v

Services Processing Card SRX5K-SPC3 Specifications | 98

SRX5400 Services Gateway MPC and MIC Overview | 102

Modular Port Concentrator (SRX5K-MPC) Specifications | 103

SRX5K-MPC3-40G10G Specifications | 105

SRX5K-MPC3-100G10G Specifications | 108

MIC with 20x1GE SFP Interfaces (SRX-MIC-20GE-SFP) | 111

MIC with 10x10GE SFP+ Interfaces (SRX-MIC-10XG-SFPP) | 117

MIC with 1x100GE CFP Interface (SRX-MIC-1X100G-CFP) | 122

MIC with 2x40GE QSFP+ Interfaces (SRX-MIC-2X40G-QSFP) | 124

I/O Card SRX5K-40GE-SFP Specifications | 125

I/O Card SRX5K-4XGE-XFP Specifications | 127

SRX5K-IOC4-10G Specifications | 129

SRX5K-IOC4-MRAT Specifications | 132

Flex I/O Card (SRX5K-FPC-IOC) Specifications | 136

Flex I/O Card Port Module SRX-IOC-16GE-SFP Specifications | 137

Flex I/O Card Port Module SRX-IOC-16GE-TX Specifications | 139

Flex I/O Card Port Module SRX-IOC-4XGE-XFP Specifications | 141

Site Planning, Preparation, and Specifications

2

Site Preparation Checklist for the SRX5400 Services Gateway | 145

SRX5400 Site Guidelines and Requirements | 146

SRX5400 Services Gateway Environmental Specifications | 146

General Site Guidelines | 147

Site Electrical Wiring Guidelines | 148

Clearance Requirements for SRX5400 Services Gateway Airflow and Hardware

Maintenance | 149

SRX5400 Rack and Cabinet Requirements | 150

SRX5400 Services Gateway Rack Size and Strength Requirements | 150

Spacing of Rack Mounting Bracket Holes for the SRX5400 Services Gateway | 151

Connection to Building Structure for the SRX5400 Services Gateway Rack | 151

vi

SRX5400 Services Gateway Cabinet Size and Clearance Requirements | 151

SRX5400 Services Gateway Cabinet Airflow Requirements | 152

Calculating Power Requirements for the SRX5400 Services Gateway | 152

SRX5400 Network Cable and Transceiver Planning | 158

Routing Engine Interface Cable and Wire Specifications for the SRX5400 Services Gateway | 158

Signal Loss in Multimode and Single-Mode Fiber-Optic Cable for the SRX5400 Services

Gateway | 159

Attenuation and Dispersion in Fiber-Optic Cable for the SRX5400 Services Gateway | 159

Calculating Power Budget for Fiber-Optic Cable for the SRX5400 Services Gateway | 160

Calculating Power Margin for Fiber-Optic Cable for the SRX5400 Services Gateway | 161

SRX5400 Alarm and Management Cable Specifications and Pinouts | 163

Alarm Relay Contact Wire Specifications for the SRX5400 Services Gateway | 163

Console Port Cable and Wire Specifications for the SRX5400 Services Gateway | 163

RJ-45 Connector Pinouts for the SRX5400 Services Gateway Routing Engine Ethernet Port | 164

RJ-45 Connector Pinouts for the SRX5400 Services Gateway Routing Engine Auxiliary and

Console Ports | 164

Initial Installation and Configuration

3

SRX5400 Installation Overview | 167

Unpacking the SRX5400 | 168

Tools and Parts Required to Unpack the SRX5400 Services Gateway | 168

Unpacking the SRX5400 Services Gateway | 168

Verifying the SRX5400 Services Gateway Parts Received | 170

Installing the SRX5400 Mounting Hardware | 172

Tools and Parts Required to Install the SRX5400 Services Gateway Mounting Hardware for a

Rack or Cabinet | 173

Installing the SRX5400 Services Gateway Mounting Hardware for a Rack or Cabinet | 173

Moving the Mounting Brackets for Center-Mounting the SRX5400 Services Gateway | 175

Installing the SRX5400 Using a Mechanical Lift | 176

vii

Tools Required to Install the SRX5400 Services Gateway with a Mechanical Lift | 176

Installing the SRX5400 Services Gateway Using a Mechanical Lift | 177

Installing the SRX5400 Without a Mechanical Lift | 178

Overview of Installing the SRX5400 Services Gateway Without a Mechanical Lift | 179

Tools Required to Install the SRX5400 Services Gateway Without a Mechanical Lift | 179

Removing Components from the SRX5400 Chassis Before Installing It Without a Lift | 179

Removing the Power Supplies Before Installing the SRX5400 Services Gateway Without

a Lift | 180

Removing the Fan Tray Before Installing an SRX5400 Services Gateway Without a Lift | 181

Removing Cards Before Installing an SRX5400 Services Gateway Without a Lift | 181

Installing the SRX5400 Services Gateway Chassis in the Rack Manually | 184

Reinstalling Components in the SRX5400 Services Gateway Chassis After Installing It Without

a Lift | 186

Reinstalling Power Supplies After Installing the SRX5400 Services Gateway Without a

Lift | 186

Reinstalling the Fan Tray After Installing the SRX5400 Services Gateway Without a Lift | 187

Reinstalling Cards After Installing the SRX5400 Services Gateway Without a Lift | 188

Connecting the SRX5400 to External Devices | 189

4

Tools and Parts Required for SRX5400 Services Gateway Connections | 189

Connecting the SRX5400 Services Gateway to a Management Console or an Auxiliary

Device | 189

Connecting the SRX5400 Services Gateway to a Network for Out-of-Band Management | 191

Connecting an SRX5400 Services Gateway to an External Alarm-Reporting Device | 191

Connecting Network Cables to SRX5400 Services Gateway MICs | 193

Connecting the SRX5400 to Power | 194

Tools and Parts Required for SRX5400 Services Gateway Grounding and Power

Connections | 194

Grounding the SRX5400 Services Gateway | 195

Connecting Power to an AC-Powered SRX5400 Services Gateway | 196

Powering On an AC-Powered SRX5400 Services Gateway | 198

Connecting Power to a DC-Powered SRX5400 Services Gateway | 199

viii

Powering On a DC-Powered SRX5400 Services Gateway | 202

Powering Off the SRX5400 Services Gateway | 203

Performing the Initial Software Configuration for the SRX5400 | 204

SRX5400 Services Gateway Software Configuration Overview | 204

Initially Configuring the SRX5400 Services Gateway | 205

Performing Initial Software Configuration Using J-Web | 210

Configuring Root Authentication and the Management Interface from the CLI | 211

Configuring Interfaces, Zones, and Policies with J-Web | 212

Maintaining Components

Maintaining the SRX5400 Chassis | 217

Routine Maintenance Procedures for the SRX5400 Services Gateway | 217

Replacing the SRX5400 Services Gateway Craft Interface | 217

Disconnecting the Alarm Relay Wires from the SRX5400 Services Gateway Craft

Interface | 218

Removing the SRX5400 Services Gateway Craft Interface | 218

Installing the SRX5400 Services Gateway Craft Interface | 219

Connecting the Alarm Relay Wires to the SRX5400 Services Gateway Craft Interface | 220

Maintaining the SRX5400 Cooling System | 221

Maintaining the Fan Tray on the SRX5400 Services Gateway | 221

Replacing the SRX5400 Services Gateway Fan Tray | 221

Removing the SRX5400 Services Gateway Fan Tray | 222

Installing the SRX5400 Services Gateway Fan Tray | 223

Maintaining the Air Filter on the SRX5400 Services Gateway | 223

Replacing the SRX5400 Services Gateway Air Filter | 224

Removing the SRX5400 Services Gateway Air Filter | 224

Installing the SRX5400 Services Gateway Air Filter | 225

Maintaining the SRX5400 Power System | 226

Maintaining SRX5400 Services Gateway Power Supplies | 226

Replacing an SRX5400 Services Gateway AC Power Supply | 228

ix

Removing an SRX5400 Services Gateway AC Power Supply | 228

Installing an SRX5400 Services Gateway AC Power Supply | 229

Replacing an SRX5400 Services Gateway AC Power Supply Cord | 230

Disconnecting an SRX5400 Services Gateway AC Power Supply Cord | 230

Connecting an SRX5400 Services Gateway AC Power Supply Cord | 231

Replacing an SRX5400 Services Gateway DC Power Supply | 231

Removing an SRX5400 Services Gateway DC Power Supply | 231

Installing an SRX5400 Services Gateway DC Power Supply | 233

Replacing an SRX5400 Services Gateway DC Power Supply Cable | 236

Disconnecting an SRX5400 Services Gateway DC Power Supply Cable | 236

Connecting an SRX5400 Services Gateway DC Power Supply Cable | 237

Maintaining the SRX5400 Host Subsystem | 238

Maintaining the SRX5400 Services Gateway Host Subsystem | 239

Taking the SRX5400 Services Gateway Host Subsystem Offline | 241

Operating and Positioning the SRX5400 Services Gateway SCB Ejectors | 241

Replacing the SRX5400 Services Gateway SCB | 242

Removing the SRX5400 Services Gateway SCB | 242

Installing an SRX5400 Services Gateway SCB | 243

Replacing the SRX5400 Services Gateway Routing Engine | 245

Removing the SRX5400 Services Gateway Routing Engine | 246

Installing the SRX5400 Services Gateway Routing Engine | 247

Low Impact Hardware Upgrade for SCB3 and IOC3 | 249

In-Service Hardware Upgrade for SRX5K-RE-1800X4 and SRX5K-SCBE or SRX5K-RE-1800X4

and SRX5K-SCB3 in a Chassis Cluster | 267

Maintaining the SRX5400 Line Cards and Modules | 271

x

Holding an SRX5400 Services Gateway Card | 272

Storing an SRX5400 Services Gateway Card | 274

Replacing SRX5400 Services Gateway MPCs | 274

Removing an SRX5400 Services Gateway MPC | 275

Installing an SRX5400 Services Gateway MPC | 277

Replacing SRX5400 Services Gateway MICs | 280

Removing an SRX5400 Services Gateway MIC | 280

Installing an SRX5400 Services Gateway MIC | 282

Installing an MPC and MICs in an Operating SRX5400 Services Gateway Chassis Cluster | 284

Maintaining SPCs on the SRX5400 Services Gateway | 287

Replacing SRX5400 Services Gateway SPCs | 289

Removing an SRX5400 Services Gateway SPC | 289

Installing an SRX5400 Services Gateway SPC | 291

Replacing SPCs in an Operating SRX5400, SRX5600, or SRX5800 Services Gateways Chassis

Cluster | 294

In-Service Hardware Upgrade for SRX5K-SPC3 in a Chassis Cluster | 297

Maintaining the SRX5400 Cables and Connectors | 300

5

Maintaining SRX5400 Services Gateway Network Cables | 300

Replacing the Management Ethernet Cable on the SRX5400 Services Gateway | 302

Replacing the SRX5400 Services Gateway Console or Auxiliary Cable | 303

Replacing an SRX5400 Services Gateway Network Cable | 304

Removing an SRX5400 Services Gateway Network Cable | 304

Installing an SRX5400 Services Gateway Network Cable | 305

Replacing SRX5400 Services Gateway Transceivers | 306

Removing an SRX5400 Services Gateway Transceiver | 306

Installing an SRX5400 Services Gateway Transceiver | 308

Replacing a Routing Engine in an SRX Series High-End Chassis Cluster | 309

Replacing a Routing Engine: USB Flash-Drive Method | 309

Replacing a Routing Engine: External SCP Server Method | 316

xi

Replacing the Routing Engine: File Transfer Method | 323

Troubleshooting Hardware

Troubleshooting the SRX5400 | 330

Troubleshooting the SRX5400 Services Gateway with the Junos OS CLI | 330

Troubleshooting the SRX5400 Services Gateway with Chassis and Interface Alarm

Messages | 331

Chassis Component Alarm Conditions on SRX5400, SRX5600, and SRX5800 Services

Gateways | 331

Backup Routing Engine Alarms | 346

Troubleshooting the SRX5400 Services Gateway with Alarm Relay Contacts | 348

Troubleshooting the SRX5400 Services Gateway with the Craft Interface LEDs | 348

Troubleshooting the SRX5400 Services Gateway with the Component LEDs | 349

Troubleshooting the SRX5400 Services Gateway Cooling System | 350

Troubleshooting SRX5400 Services Gateway MPCs | 350

Troubleshooting SRX5400 Services MICs | 352

Troubleshooting SRX5400 Services Gateway SPCs | 353

Troubleshooting the SRX5400 Services Gateway Power System | 354

Behavior of the SRX5400, SRX5600, and SRX5800 Services Gateways When the SRX5K-SCBE

and SRX5K-RE-1800X4 in a Chassis Cluster Fail | 357

Contacting Customer Support and Returning the Chassis or Components

6

7

Returning the SRX5400 Chassis or Components | 360

Contacting Customer Support | 360

Return Procedure for the SRX5400 Services Gateway | 361

Listing the SRX5400 Services Gateway Component Serial Numbers with the CLI | 362

Locating the SRX5400 Services Gateway Chassis Serial Number Label | 362

Locating the SRX5400 Services Gateway Power Supply Serial Number Labels | 362

Locating the SRX5400 Services Gateway Craft Interface Serial Number Label | 363

Information You Might Need to Supply to JTAC | 364

Required Tools and Parts for Packing the SRX5400 Services Gateway | 364

Packing the SRX5400 Services Gateway for Shipment | 365

Packing SRX5400 Services Gateway Components for Shipment | 366

Safety and Compliance Information

xii

General Safety Guidelines and Warnings | 369

Definitions of Safety Warning Levels | 370

Restricted Access Area Warning | 374

Fire Safety Requirements | 376

Fire Suppression | 376

Fire Suppression Equipment | 377

Qualified Personnel Warning | 378

Warning Statement for Norway and Sweden | 378

Installation Instructions Warning | 379

Chassis and Component Lifting Guidelines | 379

Ramp Warning | 380

Rack-Mounting and Cabinet-Mounting Warnings | 380

Grounded Equipment Warning | 386

Laser and LED Safety Guidelines and Warnings | 387

General Laser Safety Guidelines | 387

Class 1 Laser Product Warning | 388

Class 1 LED Product Warning | 389

Laser Beam Warning | 390

Radiation from Open Port Apertures Warning | 391

Maintenance and Operational Safety Guidelines and Warnings | 392

Battery Handling Warning | 393

Jewelry Removal Warning | 394

Lightning Activity Warning | 396

Operating Temperature Warning | 397

xiii

Product Disposal Warning | 399

General Electrical Safety Guidelines and Warnings | 400

Prevention of Electrostatic Discharge Damage | 401

AC Power Electrical Safety Guidelines | 402

AC Power Disconnection Warning | 404

DC Power Electrical Safety Guidelines | 405

DC Power Electrical Safety Guidelines | 405

DC Power Disconnection Warning | 407

DC Power Grounding Requirements and Warning | 409

DC Power Wiring Sequence Warning | 411

DC Power Wiring Terminations Warning | 414

DC Power Disconnection Warning | 417

DC Power Grounding Requirements and Warning | 419

DC Power Wiring Sequence Warning | 421

DC Power Wiring Terminations Warning | 424

Multiple Power Supplies Disconnection Warning | 427

TN Power Warning | 428

Action to Take After an Electrical Accident | 428

SRX5400 Services Gateway Agency Approvals | 429

SRX5400 Services Gateway Compliance Statements for EMC Requirements | 430

Canada | 430

European Community | 430

Israel | 431

Japan | 431

United States | 431

Statements of Volatility for Juniper Network Devices | 432

xiv

About the Documentation

IN THIS SECTION

Documentation and Release Notes | xv

Using the Examples in This Manual | xv

Documentation Conventions | xvii

Documentation Feedback | xx

Requesting Technical Support | xx

Use this guide to install hardware and perform initial software configuration, routine maintenance, and
troubleshooting for the SRX5400 Services Gateway.

xv

After completing the installation and basic configuration procedures covered in this guide, refer to the
Junos OS documentation for information about further software configuration.

Documentation and Release Notes

To obtain the most current version of all Juniper Networks®technical documentation, see the product
documentation page on the Juniper Networks website at https://www.juniper.net/documentation/.

If the information in the latest release notes differs from the information in the documentation, follow the
product Release Notes.

Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts.
These books go beyond the technical documentation to explore the nuances of network architecture,
deployment, and administration. The current list can be viewed at https://www.juniper.net/books.

Using the Examples in This Manual

If you want to use the examples in this manual, you can use the load merge or the load merge relative
command. These commands cause the software to merge the incoming configuration into the current
candidate configuration. The example does not become active until you commit the candidate configuration.

If the example configuration contains the top level of the hierarchy (or multiple hierarchies), the example
is a full example. In this case, use the load merge command.

If the example configuration does not start at the top level of the hierarchy, the example is a snippet. In
this case, use the load merge relative command. These procedures are described in the following sections.

Merging a Full Example

To merge a full example, follow these steps:

1. From the HTML or PDF version of the manual, copy a configuration example into a text file, save the
file with a name, and copy the file to a directory on your routing platform.

For example, copy the following configuration to a file and name the file ex-script.conf. Copy the
ex-script.conf file to the /var/tmp directory on your routing platform.

system {

scripts {

commit {

file ex-script.xsl;

}

}
}
interfaces {

fxp0 {

disable;
unit 0 {

family inet {

address 10.0.0.1/24;

}

}

}
}

xvi

2. Merge the contents of the file into your routing platform configuration by issuing the load merge
configuration mode command:

[edit]
user@host# load merge /var/tmp/ex-script.conf
load complete

Merging a Snippet

To merge a snippet, follow these steps:

1. From the HTML or PDF version of the manual, copy a configuration snippet into a text file, save the
file with a name, and copy the file to a directory on your routing platform.

For example, copy the following snippet to a file and name the file ex-script-snippet.conf. Copy the
ex-script-snippet.conf file to the /var/tmp directory on your routing platform.

commit {

file ex-script-snippet.xsl; }

2. Move to the hierarchy level that is relevant for this snippet by issuing the following configuration mode
command:

[edit]
user@host# edit system scripts
[edit system scripts]

xvii

3. Merge the contents of the file into your routing platform configuration by issuing the load merge
relative configuration mode command:

[edit system scripts]
user@host# load merge relative /var/tmp/ex-script-snippet.conf
load complete

For more information about the load command, see CLI Explorer.

Documentation Conventions

Table 1 on page xviii defines notice icons used in this guide.

Table 1: Notice Icons

xviii

DescriptionMeaningIcon

Indicates important features or instructions.Informational note

Caution

Indicates a situation that might result in loss of data or hardware
damage.

Alerts you to the risk of personal injury or death.Warning

Alerts you to the risk of personal injury from a laser.Laser warning

Indicates helpful information.Tip

Alerts you to a recommended use or implementation.Best practice

Table 2 on page xviii defines the text and syntax conventions used in this guide.

Table 2: Text and Syntax Conventions

ExamplesDescriptionConvention

Fixed-width text like this

Italic text like this

Represents text that you type.Bold text like this

Represents output that appears on
the terminal screen.

Introduces or emphasizes important

•

new terms.

Identifies guide names.

•

Identifies RFC and Internet draft

•

titles.

To enter configuration mode, type
the configure command:

user@host> configure

user@host> show chassis alarms

No alarms currently active

A policy term is a named structure

•

that defines match conditions and
actions.

Junos OS CLI User Guide

•

RFC 1997, BGP Communities

•

Attribute

Table 2: Text and Syntax Conventions (continued)

xix

ExamplesDescriptionConvention

Italic text like this

Text like this

< > (angle brackets)

| (pipe symbol)

Represents variables (options for
which you substitute a value) in
commands or configuration
statements.

Represents names of configuration
statements, commands, files, and
directories; configuration hierarchy
levels; or labels on routing platform
components.

variables.

Indicates a choice between the
mutually exclusive keywords or
variables on either side of the symbol.
The set of choices is often enclosed
in parentheses for clarity.

Configure the machine’s domain
name:

[edit]
root@# set system domain-name

domain-name

To configure a stub area, include

•

the stub statement at the [edit
protocols ospf area area-id]

hierarchy level.

The console port is labeled

•

CONSOLE.

stub <default-metric metric>;Encloses optional keywords or

broadcast | multicast

(string1 | string2 | string3)

# (pound sign)

[ ] (square brackets)

Indention and braces ( { } )

; (semicolon)

GUI Conventions

Indicates a comment specified on the
same line as the configuration
statement to which it applies.

Encloses a variable for which you can
substitute one or more values.

Identifies a level in the configuration
hierarchy.

Identifies a leaf statement at a
configuration hierarchy level.

rsvp { # Required for dynamic MPLS
only

community name members [
community-ids ]

[edit]
routing-options {

static {

route default {

nexthop address;
retain;

}

}

}

Table 2: Text and Syntax Conventions (continued)

xx

ExamplesDescriptionConvention

Bold text like this

> (bold right angle bracket)

Represents graphical user interface
(GUI) items you click or select.

Separates levels in a hierarchy of
menu selections.

In the Logical Interfaces box, select

•

All Interfaces.

To cancel the configuration, click

•

Cancel.

In the configuration editor hierarchy,
select Protocols>Ospf.

Documentation Feedback

We encourage you to provide feedback so that we can improve our documentation. You can use either
of the following methods:

Online feedback system—Click TechLibrary Feedback, on the lower right of any page on the Juniper

•

Networks TechLibrary site, and do one of the following:

Click the thumbs-up icon if the information on the page was helpful to you.

•

Click the thumbs-down icon if the information on the page was not helpful to you or if you have

•

suggestions for improvement, and use the pop-up form to provide feedback.

E-mail—Send your comments to techpubs-comments@juniper.net. Include the document or topic name,

•

URL or page number, and software version (if applicable).

Requesting Technical Support

Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC).
If you are a customer with an active Juniper Care or Partner Support Services support contract, or are

covered under warranty, and need post-sales technical support, you can access our tools and resources
online or open a case with JTAC.

JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User

•

Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.

Product warranties—For product warranty information, visit https://www.juniper.net/support/warranty/.

•

JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week,

•

365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called
the Customer Support Center (CSC) that provides you with the following features:

Find CSC offerings: https://www.juniper.net/customers/support/

•

Search for known bugs: https://prsearch.juniper.net/

•

xxi

Find product documentation: https://www.juniper.net/documentation/

•

Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/

•

Download the latest versions of software and review release notes:

•

https://www.juniper.net/customers/csc/software/

Search technical bulletins for relevant hardware and software notifications:

•

https://kb.juniper.net/InfoCenter/

Join and participate in the Juniper Networks Community Forum:

•

https://www.juniper.net/company/communities/

Create a service request online: https://myjuniper.juniper.net

•

To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool:

https://entitlementsearch.juniper.net/entitlementsearch/

Creating a Service Request with JTAC

You can create a service request with JTAC on the Web or by telephone.

Visit https://myjuniper.juniper.net.

•

Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

•

For international or direct-dial options in countries without toll-free numbers, see

https://support.juniper.net/support/requesting-support/.

1

CHAPTER

Overview

SRX5400 Services Gateway System Overview | 23

SRX5400 Chassis | 27

SRX5400 Cooling System | 39

SRX5400 Power System | 41

SRX5400 Host Subsystem | 57

SRX5400 Line Cards and Modules | 81

SRX5400 Services Gateway System Overview

IN THIS SECTION

SRX5400 Services Gateway Description | 23

Benefits of the SRX5400 Services Gateway | 24

SRX5400 Services Gateway FRUs | 25

SRX5400 Services Gateway Component Redundancy | 26

SRX5400 Services Gateway Description

23

The SRX5400 Services Gateway is a high-performance, highly scalable, carrier-class security device with
multiprocessor architecture.

The SRX5400 Services Gateway is 5 rack units (U) tall. You can stack eight services gateways in a rack
that is at least 48 U (89.3 in. or 2.24 m) in height if it has a 1 in. cap between for increased port density
per unit of floor space.

The services gateway provides four slots that you can populate with one Switch Control Board (SCB) and
up to three additional cards of the following types:

Services Processing Cards (SPCs) provide the processing capacity to run integrated services such as

•

firewall, IPsec, and IDP.

NOTE: The SRX5400 Services Gateway supports only the SRX5K-SPC-4-15-320 (SPC2) and

does not support the SRX5K-SPC-2-10-40 (SPC1).

Modular Port Concentrators (MPCs) provide Ethernet interfaces that connect the services gateway to

•

your network.

NOTE: The SRX5400 Services Gateway only supports the SRX5K-MPC (MPC2), and does not

support older SRX5000 Series I/O cards (IOCs) or Flex IOCs cards such as:

SRX5K-40GE-SFP

•

SRX5K-4XGE-XFP

•

SRX5K-FPC-IOC

•

Devices configured with SRX5K-SCBE (SCB2) and SRX5K-RE-1800X4 (RE2) only support
SPC2.

Devices configured with SRX5K-SCB3 (SCB3) and RE2, or SRX5K-SCBE (SCB2) and RE2 also
support IOC3s (SRX5K-MPC3-100G10G and SRX5K-MPC3-40G10G).

NOTE: The SRX5400 Services Gateways configured with SRX5K-SCB (SCB1) and

SRX5K-RE-13-20 (RE1) only support Junos OS Release 12.1X46-D10 and later. Devices
configured with SCB2 and RE2 only support Junos OS Release 12.1X47-D15 and later, and
devices configured with SCB3 and RE2 only support Junos OS Release 15.1X49-D10 and later.

24

For detailed information about the cards supported by the services gateway, see the SRX5400, SRX5600,

and SRX5800 Services Gateway Card Reference at www.juniper.net/documentation/.

Benefits of the SRX5400 Services Gateway

The SRX5400 Services Gateway is a small footprint but high-performance gateway which supports 285

•

Gbps IMIX firewall throughput, 90 million concurrent sessions, and 230 Gbps IPS.
The ability to support unique security policies per zone with a compelling performance, makes the
SRX5400 an optimal solution for the edge or data center services in large enterprise, service provider,
or mobile operator environments.

IPS Capabilities - Juniper Networks IPS capabilities offer several unique features such as Protocol decodes,

•

Zero-day protection, Active/active traffic monitoring, and packet capture logging per rule assure the
highest level of network security.

Content Security UTM Capabilities - The UTM services offered on the SRX5000 line of Services Gateways

•

include industry-leading antivirus, antispam, content filtering, and additional content security services.

The UTM services provide sophisticated protection from:

Antivirus experts against malware attacks that can lead to data breaches and lost productivity.

•

Advanced persistent threats perpetrated through social networking attacks and the latest phishing

•

scams with sophisticated e-mail filtering and content blockers.

Lost productivity and the impact of malicious URLs and extraneous or malicious content on the network

•

to help maintain bandwidth.

Advanced Threat Prevention (ATP) - Juniper Sky ATP, a SaaS-based service, and the Juniper ATP

•

Appliance, an on-premises solution:

Protects enterprise users from a spectrum of advanced malware that exploits “zero-day” vulnerabilities.

•

Proactively blocks malware communication channels.

•

The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and

•

Google Mail, and detects threats in SMB traffic.

Single pane-of-glass management with Security Director and JSA Series integration.

•

25

SRX5400 Services Gateway FRUs

Field-replaceable units (FRUs) are services gateway components that can be replaced at the customer site.
The services gateway uses the following types of FRUs:

Table 3 on page 25 lists the FRUs of the services gateway and the action to perform to install, remove, or

replace an FRU.

Table 3: Field-Replaceable Units

ActionField-Replaceable Units (FRUs)

Air filter

Fan tray

Craft interface

AC and DC power supplies (if redundant)

Interface transceivers

You need not power off the services gateway to install, remove, or
replace any of these FRUs.

Table 3: Field-Replaceable Units (continued)

26

ActionField-Replaceable Units (FRUs)

Routing Engine

SCBs

SPCs

MPCs

MICs

Power off the services gateway to install, remove, or replace any of
these FRUs.

SRX5400 Services Gateway Component Redundancy

The following major hardware components are redundant:

Power supplies—The services gateway is configurable with two or three AC power supplies at the rear

•

of the chassis in slots PEM0 through PEM3 (left to right)or two DC power supplies in slots PEM0 and
PEM2.

In the low-line (110VAC input) or the high-line (220VAC input) configurations, two power supplies

•

are required to support the services gateway electrical requirements. By default, the AC powered
services gateways are configured with three AC (2+1) power supplies, you can add a fourth power
supply for fault tolerance. The fourth power supply is used when one of the power supplies in the 2+1
configuration fails.

In the DC powered services gateways two DC (1+1) power supplies are required to support the services

•

gateway electrical requirements. The minimum power supplies requirement is one and the second
power supply provides redundancy. If one power supply fails the second power supply instantly assume
the entire electrical load without interruption. Two power supplies provide the maximum configuration
with full power for as long as the device is operational.

Redundant power supplies are hot-removable and hot-insertable. When you remove a power supply
from a services gateway that uses a nonredundant power supply configuration, the services gateway
might shut down depending on your configuration.

Cooling system—The cooling system has redundant components, which are controlled by the host

•

subsystem. If one of the fans fails, the host subsystem increases the speed of the remaining fans to
provide sufficient cooling for the services gateway indefinitely.

SRX5400 Chassis

IN THIS SECTION

SRX5400 Services Gateway Chassis | 27

SRX5400 Services Gateway Physical Specifications | 29

SRX5400 Services Gateway Midplane Description | 30

SRX5400 Services Gateway Craft Interface Overview | 31

SRX5400 Services Gateway Craft Interface Alarm LEDs and Alarm Cutoff/Lamp Test Button | 32

SRX5400 Services Gateway Craft Interface Host Subsystem LEDs | 33

SRX5400 Services Gateway Craft Interface Power Supply LEDs | 33

SRX5400 Services Gateway Craft Interface Card OK/Fail LEDs | 34

SRX5400 Services Gateway Craft Interface Fan LEDs | 34

27

SRX5400 Services Gateway Craft Interface Online/Offline Buttons | 35

SRX5400 Services Gateway Craft Interface Alarm Relay Contacts | 37

SRX5400 Services Gateway Chassis

The services gateway chassis is a rigid sheet metal structure that houses all the other components (see

Figure 1 on page 28, Figure 2 on page 28, and Figure 3 on page 29). The chassis measures 8.71 in. (22.1 cm)

high, 17.45 in. (44.3 cm) wide, and 24.5 in. (62.2 cm) deep (from the front to the rear of the chassis). The
chassis installs in standard 800-mm (or larger) enclosed cabinets, 19-in. equipment racks, or telco open-frame
racks. Up to five services gateways can be installed in one standard (48 U) rack if the rack can handle their
combined weight, which can be greater than 1100 lb (500 kg). See “SRX5400 Services Gateway Physical

Specifications” on page 29 for physical specifications for the SRX5400 Services Gateway.

CAUTION: Before removing or installing components of a services gateway, attach

an ESD strap to an ESD point and place the other end of the strap around your bare
wrist. Failure to use an ESD strap can result in damage to the services gateway.

WARNING: The services gateway must be connected to earth ground during normal

g030323

SPCs

RE

SCB

MPC

PEM 3

PEM 2

PEM 1

PEM 0

AIR
FILTER

FAN

TRAY

g004301

AC Power
supplies

Fan tray

Air filter

Power
supply
exhaust

Protective earthing

Air exhaustESD point

ESD

operation.

Figure 1: Front View of a Fully Configured Services Gateway Chassis

28

Figure 2: Rear View of an AC-Powered Services Gateway Chassis

Figure 3: Rear View of a Fully Configured DC-Powered Services Gateway Chassis

PEM 3

PEM 2

PEM 1

PEM 0

AIR
FI

L

TER

FAN

TRAY

g004351

DC Power
supplies

Fan tray

Air filter

Power
supply
exhaust

Protective earthing

Air exhaustESD point

ESD

INPUTOK

PWROK

BKRON

INPUTOK

PWROK

BKRON

INPUTOK

PWROK

BKRON

INPUTOK

29

SRX5400 Services Gateway Physical Specifications

Table 4 on page 29 summarizes the physical specifications for the services gateway chassis.

Table 4: Physical Specifications

ValueDescription

Chassis dimensions

Services gateway weight

Routing Engine weight

8.7 in. (22.1 cm) high

17.45 in. (44.3 cm) wide

24.5 in. (62.2 cm) deep (from front-mounting bracket to chassis rear)

Total depth (including cable management system): 27.75 in. (70.5 cm)

Chassis with midplane, fan tray, air filter, and cable management
system: 52 lb (23.6 kg)

Maximum configuration: 128 lb (58.1 kg)

SRX5K-RE-13-20: 2.4 lb (1.1 kg)

SRX5K-RE-1800X4: 2.4 lb (1.1 kg)

Table 4: Physical Specifications (continued)

30

ValueDescription

SCB weight

SRX5K-SCB: 9.6 lb (4.4 kg)

SRX5K-SCBE: 9.6 lb (4.4 kg)

SRX5K-SCB3: 10.14 lb (4.6 kg)

13.1 lb (5.9 kg)MPC weight (with two MICs)

1.1 lb (0.5 kg)Craft interface weight

4.2 lb (1.9 kg)Fan tray weight

1.0 lb (0.5 kg)Air filter weight

0.3 lb (0.14 kg)Cable management weight

6.2 lb (2.8 kg)High-capacity DC power supply weight

6.6 lb (3.0 kg)High-capacity AC power supply weight

SRX5400 Services Gateway Midplane Description

The midplane is located toward the rear of the chassis and forms the rear of the card cage. MPCs, SPCs,
and SCB install into the midplane from the front of the chassis, and the power supplies install into the
midplane from the rear of the chassis. The cooling system components also connect to the midplane.

The midplane performs the following major functions:

Data path—Data packets are transferred across the midplane between the MPCs and SPCs through the

•

fabric ASICs on the SCB.

Power distribution—The power supplies are connected to the midplane, which distributes power to all

•

the services gateway components.

Signal path—The midplane provides the signal path to the MPCs, SCB, SPCs, Routing Engine, and other

•

system components for monitoring and control of the system.

The enhanced midplane supports Junos OS Release 15.1X49-D10. It provides greater per-slot fabric
performance and signal integrity, along with error-free high speed data transfer, and it reduces cross-talk.
The midplane supports link speeds up to 10 Gbps and is not field replaceable.