SRX5400 Services Gateway Hardware
Published
2020-11-10
Guide
Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in
the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks
are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.
SRX5400 Services Gateway Hardware Guide
Copyright © 2020 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
ii
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related
limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with)
Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement
(“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you
agree to the terms and conditions of that EULA.
Table of Contents
1
About the Documentation | xv
Documentation and Release Notes | xv
Using the Examples in This Manual | xv
Merging a Full Example | xvi
Merging a Snippet | xvii
Documentation Conventions | xvii
Documentation Feedback | xx
Requesting Technical Support | xx
Self-Help Online Tools and Resources | xxi
Creating a Service Request with JTAC | xxi
iii
Overview
SRX5400 Services Gateway System Overview | 23
SRX5400 Services Gateway Description | 23
Benefits of the SRX5400 Services Gateway | 24
SRX5400 Services Gateway FRUs | 25
SRX5400 Services Gateway Component Redundancy | 26
SRX5400 Chassis | 27
SRX5400 Services Gateway Chassis | 27
SRX5400 Services Gateway Physical Specifications | 29
SRX5400 Services Gateway Midplane Description | 30
SRX5400 Services Gateway Craft Interface Overview | 31
SRX5400 Services Gateway Craft Interface Alarm LEDs and Alarm Cutoff/Lamp Test
Button | 32
SRX5400 Services Gateway Craft Interface Host Subsystem LEDs | 33
SRX5400 Services Gateway Craft Interface Power Supply LEDs | 33
SRX5400 Services Gateway Craft Interface Card OK/Fail LEDs | 34
SRX5400 Services Gateway Craft Interface Fan LEDs | 34
SRX5400 Services Gateway Craft Interface Online/Offline Buttons | 35
SRX5400 Services Gateway Craft Interface Alarm Relay Contacts | 37
SRX5400 Cooling System | 39
SRX5400 Power System | 41
SRX5400 Services Gateway Power System Overview | 42
SRX5400 Services Gateway AC Power Supply | 44
SRX5400 Services Gateway AC Power Supply Specifications | 44
SRX5400 Services Gateway AC Power Supply LEDs | 45
AC Power Cord Specifications for the SRX5400 Services Gateway | 46
AC Power Circuit Breaker Requirements for the SRX5400 Services Gateway | 49
SRX5400 Services Gateway DC Power Supply | 49
SRX5400 Services Gateway DC Power Supply Specifications | 50
SRX5400 Services Gateway DC Power Supply LEDs | 50
DC Power Cable Specifications for the SRX5400 Services Gateway | 51
iv
DC Power Cable Lug Specifications for the SRX5400 Services Gateway | 52
DC Power Circuit Breaker Requirements for the SRX5400 Services Gateway | 53
DC Power Source Cabling for the SRX5400 Services Gateway | 53
SRX5400 Services Gateway Chassis Grounding Point Specifications | 54
SRX5400 Services Gateway Grounding-Cable Specification | 55
SRX5400 Services Gateway Grounding-Cable Lug Specification | 56
SRX5400 Host Subsystem | 57
SRX5400 Services Gateway Host Subsystem Overview | 57
Switch Control Board SRX5K-SCB Overview | 58
Switch Control Board SRX5K-SCB Specifications | 59
Switch Control Board SRX5K-SCBE Overview | 62
Switch Control Board SRX5K-SCBE Specifications | 63
SRX5K-SCBE LEDs | 65
Switch Control Board SRX5K-SCB3 Overview | 66
Switch Control Board SRX5K-SCB3 Specifications | 67
SRX5K-SCB3 LEDs | 68
Routing Engine SRX5K-RE-13-20 Overview | 68
Routing Engine SRX5K-RE-13-20 Specifications | 69
Routing Engine SRX5K-RE-1800X4 Overview | 72
SRX5K-RE-1800X4 Routing Engine Boot Sequence | 73
Routing Engine SRX5K-RE-1800X4 Specifications | 73
SRX5K-RE-1800X4 LEDs | 75
Routing Engine SRX5K-RE3-128G Specifications | 76
SRX5K-RE3-128G Routing Engine Components | 78
SRX5K-RE3-128G Routing Engine LEDs | 79
SRX5K-RE3-128G Routing Engine Boot Sequence | 80
SRX5400 Line Cards and Modules | 81
SRX5400, SRX5600, and SRX5800 Services Gateway Card Overview | 82
Cards Supported on SRX5400, SRX5600, and SRX5800 Services Gateways | 83
SRX5400 Services Gateway Card Cage and Slots | 86
SRX5400 Services Gateway Services Processing Card Overview | 87
Services Processing Card SRX5K-SPC-2-10-40 Specifications | 88
Services Processing Card SRX5K-SPC-4-15-320 Specifications | 93
v
Services Processing Card SRX5K-SPC3 Specifications | 98
SRX5400 Services Gateway MPC and MIC Overview | 102
Modular Port Concentrator (SRX5K-MPC) Specifications | 103
SRX5K-MPC3-40G10G Specifications | 105
SRX5K-MPC3-100G10G Specifications | 108
MIC with 20x1GE SFP Interfaces (SRX-MIC-20GE-SFP) | 111
MIC with 10x10GE SFP+ Interfaces (SRX-MIC-10XG-SFPP) | 117
MIC with 1x100GE CFP Interface (SRX-MIC-1X100G-CFP) | 122
MIC with 2x40GE QSFP+ Interfaces (SRX-MIC-2X40G-QSFP) | 124
I/O Card SRX5K-40GE-SFP Specifications | 125
I/O Card SRX5K-4XGE-XFP Specifications | 127
SRX5K-IOC4-10G Specifications | 129
SRX5K-IOC4-MRAT Specifications | 132
Flex I/O Card (SRX5K-FPC-IOC) Specifications | 136
Flex I/O Card Port Module SRX-IOC-16GE-SFP Specifications | 137
Flex I/O Card Port Module SRX-IOC-16GE-TX Specifications | 139
Flex I/O Card Port Module SRX-IOC-4XGE-XFP Specifications | 141
Site Planning, Preparation, and Specifications
2
Site Preparation Checklist for the SRX5400 Services Gateway | 145
SRX5400 Site Guidelines and Requirements | 146
SRX5400 Services Gateway Environmental Specifications | 146
General Site Guidelines | 147
Site Electrical Wiring Guidelines | 148
Clearance Requirements for SRX5400 Services Gateway Airflow and Hardware
Maintenance | 149
SRX5400 Rack and Cabinet Requirements | 150
SRX5400 Services Gateway Rack Size and Strength Requirements | 150
Spacing of Rack Mounting Bracket Holes for the SRX5400 Services Gateway | 151
Connection to Building Structure for the SRX5400 Services Gateway Rack | 151
vi
SRX5400 Services Gateway Cabinet Size and Clearance Requirements | 151
SRX5400 Services Gateway Cabinet Airflow Requirements | 152
Calculating Power Requirements for the SRX5400 Services Gateway | 152
SRX5400 Network Cable and Transceiver Planning | 158
Routing Engine Interface Cable and Wire Specifications for the SRX5400 Services Gateway | 158
Signal Loss in Multimode and Single-Mode Fiber-Optic Cable for the SRX5400 Services
Gateway | 159
Attenuation and Dispersion in Fiber-Optic Cable for the SRX5400 Services Gateway | 159
Calculating Power Budget for Fiber-Optic Cable for the SRX5400 Services Gateway | 160
Calculating Power Margin for Fiber-Optic Cable for the SRX5400 Services Gateway | 161
SRX5400 Alarm and Management Cable Specifications and Pinouts | 163
Alarm Relay Contact Wire Specifications for the SRX5400 Services Gateway | 163
Console Port Cable and Wire Specifications for the SRX5400 Services Gateway | 163
RJ-45 Connector Pinouts for the SRX5400 Services Gateway Routing Engine Ethernet Port | 164
RJ-45 Connector Pinouts for the SRX5400 Services Gateway Routing Engine Auxiliary and
Console Ports | 164
Initial Installation and Configuration
3
SRX5400 Installation Overview | 167
Unpacking the SRX5400 | 168
Tools and Parts Required to Unpack the SRX5400 Services Gateway | 168
Unpacking the SRX5400 Services Gateway | 168
Verifying the SRX5400 Services Gateway Parts Received | 170
Installing the SRX5400 Mounting Hardware | 172
Tools and Parts Required to Install the SRX5400 Services Gateway Mounting Hardware for a
Rack or Cabinet | 173
Installing the SRX5400 Services Gateway Mounting Hardware for a Rack or Cabinet | 173
Moving the Mounting Brackets for Center-Mounting the SRX5400 Services Gateway | 175
Installing the SRX5400 Using a Mechanical Lift | 176
vii
Tools Required to Install the SRX5400 Services Gateway with a Mechanical Lift | 176
Installing the SRX5400 Services Gateway Using a Mechanical Lift | 177
Installing the SRX5400 Without a Mechanical Lift | 178
Overview of Installing the SRX5400 Services Gateway Without a Mechanical Lift | 179
Tools Required to Install the SRX5400 Services Gateway Without a Mechanical Lift | 179
Removing Components from the SRX5400 Chassis Before Installing It Without a Lift | 179
Removing the Power Supplies Before Installing the SRX5400 Services Gateway Without
a Lift | 180
Removing the Fan Tray Before Installing an SRX5400 Services Gateway Without a Lift | 181
Removing Cards Before Installing an SRX5400 Services Gateway Without a Lift | 181
Installing the SRX5400 Services Gateway Chassis in the Rack Manually | 184
Reinstalling Components in the SRX5400 Services Gateway Chassis After Installing It Without
a Lift | 186
Reinstalling Power Supplies After Installing the SRX5400 Services Gateway Without a
Lift | 186
Reinstalling the Fan Tray After Installing the SRX5400 Services Gateway Without a Lift | 187
Reinstalling Cards After Installing the SRX5400 Services Gateway Without a Lift | 188
Connecting the SRX5400 to External Devices | 189
4
Tools and Parts Required for SRX5400 Services Gateway Connections | 189
Connecting the SRX5400 Services Gateway to a Management Console or an Auxiliary
Device | 189
Connecting the SRX5400 Services Gateway to a Network for Out-of-Band Management | 191
Connecting an SRX5400 Services Gateway to an External Alarm-Reporting Device | 191
Connecting Network Cables to SRX5400 Services Gateway MICs | 193
Connecting the SRX5400 to Power | 194
Tools and Parts Required for SRX5400 Services Gateway Grounding and Power
Connections | 194
Grounding the SRX5400 Services Gateway | 195
Connecting Power to an AC-Powered SRX5400 Services Gateway | 196
Powering On an AC-Powered SRX5400 Services Gateway | 198
Connecting Power to a DC-Powered SRX5400 Services Gateway | 199
viii
Powering On a DC-Powered SRX5400 Services Gateway | 202
Powering Off the SRX5400 Services Gateway | 203
Performing the Initial Software Configuration for the SRX5400 | 204
SRX5400 Services Gateway Software Configuration Overview | 204
Initially Configuring the SRX5400 Services Gateway | 205
Performing Initial Software Configuration Using J-Web | 210
Configuring Root Authentication and the Management Interface from the CLI | 211
Configuring Interfaces, Zones, and Policies with J-Web | 212
Maintaining Components
Maintaining the SRX5400 Chassis | 217
Routine Maintenance Procedures for the SRX5400 Services Gateway | 217
Replacing the SRX5400 Services Gateway Craft Interface | 217
Disconnecting the Alarm Relay Wires from the SRX5400 Services Gateway Craft
Interface | 218
Removing the SRX5400 Services Gateway Craft Interface | 218
Installing the SRX5400 Services Gateway Craft Interface | 219
Connecting the Alarm Relay Wires to the SRX5400 Services Gateway Craft Interface | 220
Maintaining the SRX5400 Cooling System | 221
Maintaining the Fan Tray on the SRX5400 Services Gateway | 221
Replacing the SRX5400 Services Gateway Fan Tray | 221
Removing the SRX5400 Services Gateway Fan Tray | 222
Installing the SRX5400 Services Gateway Fan Tray | 223
Maintaining the Air Filter on the SRX5400 Services Gateway | 223
Replacing the SRX5400 Services Gateway Air Filter | 224
Removing the SRX5400 Services Gateway Air Filter | 224
Installing the SRX5400 Services Gateway Air Filter | 225
Maintaining the SRX5400 Power System | 226
Maintaining SRX5400 Services Gateway Power Supplies | 226
Replacing an SRX5400 Services Gateway AC Power Supply | 228
ix
Removing an SRX5400 Services Gateway AC Power Supply | 228
Installing an SRX5400 Services Gateway AC Power Supply | 229
Replacing an SRX5400 Services Gateway AC Power Supply Cord | 230
Disconnecting an SRX5400 Services Gateway AC Power Supply Cord | 230
Connecting an SRX5400 Services Gateway AC Power Supply Cord | 231
Replacing an SRX5400 Services Gateway DC Power Supply | 231
Removing an SRX5400 Services Gateway DC Power Supply | 231
Installing an SRX5400 Services Gateway DC Power Supply | 233
Replacing an SRX5400 Services Gateway DC Power Supply Cable | 236
Disconnecting an SRX5400 Services Gateway DC Power Supply Cable | 236
Connecting an SRX5400 Services Gateway DC Power Supply Cable | 237
Maintaining the SRX5400 Host Subsystem | 238
Maintaining the SRX5400 Services Gateway Host Subsystem | 239
Taking the SRX5400 Services Gateway Host Subsystem Offline | 241
Operating and Positioning the SRX5400 Services Gateway SCB Ejectors | 241
Replacing the SRX5400 Services Gateway SCB | 242
Removing the SRX5400 Services Gateway SCB | 242
Installing an SRX5400 Services Gateway SCB | 243
Replacing the SRX5400 Services Gateway Routing Engine | 245
Removing the SRX5400 Services Gateway Routing Engine | 246
Installing the SRX5400 Services Gateway Routing Engine | 247
Low Impact Hardware Upgrade for SCB3 and IOC3 | 249
In-Service Hardware Upgrade for SRX5K-RE-1800X4 and SRX5K-SCBE or SRX5K-RE-1800X4
and SRX5K-SCB3 in a Chassis Cluster | 267
Maintaining the SRX5400 Line Cards and Modules | 271
x
Holding an SRX5400 Services Gateway Card | 272
Storing an SRX5400 Services Gateway Card | 274
Replacing SRX5400 Services Gateway MPCs | 274
Removing an SRX5400 Services Gateway MPC | 275
Installing an SRX5400 Services Gateway MPC | 277
Replacing SRX5400 Services Gateway MICs | 280
Removing an SRX5400 Services Gateway MIC | 280
Installing an SRX5400 Services Gateway MIC | 282
Installing an MPC and MICs in an Operating SRX5400 Services Gateway Chassis Cluster | 284
Maintaining SPCs on the SRX5400 Services Gateway | 287
Replacing SRX5400 Services Gateway SPCs | 289
Removing an SRX5400 Services Gateway SPC | 289
Installing an SRX5400 Services Gateway SPC | 291
Replacing SPCs in an Operating SRX5400, SRX5600, or SRX5800 Services Gateways Chassis
Cluster | 294
In-Service Hardware Upgrade for SRX5K-SPC3 in a Chassis Cluster | 297
Maintaining the SRX5400 Cables and Connectors | 300
5
Maintaining SRX5400 Services Gateway Network Cables | 300
Replacing the Management Ethernet Cable on the SRX5400 Services Gateway | 302
Replacing the SRX5400 Services Gateway Console or Auxiliary Cable | 303
Replacing an SRX5400 Services Gateway Network Cable | 304
Removing an SRX5400 Services Gateway Network Cable | 304
Installing an SRX5400 Services Gateway Network Cable | 305
Replacing SRX5400 Services Gateway Transceivers | 306
Removing an SRX5400 Services Gateway Transceiver | 306
Installing an SRX5400 Services Gateway Transceiver | 308
Replacing a Routing Engine in an SRX Series High-End Chassis Cluster | 309
Replacing a Routing Engine: USB Flash-Drive Method | 309
Replacing a Routing Engine: External SCP Server Method | 316
xi
Replacing the Routing Engine: File Transfer Method | 323
Troubleshooting Hardware
Troubleshooting the SRX5400 | 330
Troubleshooting the SRX5400 Services Gateway with the Junos OS CLI | 330
Troubleshooting the SRX5400 Services Gateway with Chassis and Interface Alarm
Messages | 331
Chassis Component Alarm Conditions on SRX5400, SRX5600, and SRX5800 Services
Gateways | 331
Backup Routing Engine Alarms | 346
Troubleshooting the SRX5400 Services Gateway with Alarm Relay Contacts | 348
Troubleshooting the SRX5400 Services Gateway with the Craft Interface LEDs | 348
Troubleshooting the SRX5400 Services Gateway with the Component LEDs | 349
Troubleshooting the SRX5400 Services Gateway Cooling System | 350
Troubleshooting SRX5400 Services Gateway MPCs | 350
Troubleshooting SRX5400 Services MICs | 352
Troubleshooting SRX5400 Services Gateway SPCs | 353
Troubleshooting the SRX5400 Services Gateway Power System | 354
Behavior of the SRX5400, SRX5600, and SRX5800 Services Gateways When the SRX5K-SCBE
and SRX5K-RE-1800X4 in a Chassis Cluster Fail | 357
Contacting Customer Support and Returning the Chassis or Components
6
7
Returning the SRX5400 Chassis or Components | 360
Contacting Customer Support | 360
Return Procedure for the SRX5400 Services Gateway | 361
Listing the SRX5400 Services Gateway Component Serial Numbers with the CLI | 362
Locating the SRX5400 Services Gateway Chassis Serial Number Label | 362
Locating the SRX5400 Services Gateway Power Supply Serial Number Labels | 362
Locating the SRX5400 Services Gateway Craft Interface Serial Number Label | 363
Information You Might Need to Supply to JTAC | 364
Required Tools and Parts for Packing the SRX5400 Services Gateway | 364
Packing the SRX5400 Services Gateway for Shipment | 365
Packing SRX5400 Services Gateway Components for Shipment | 366
Safety and Compliance Information
xii
General Safety Guidelines and Warnings | 369
Definitions of Safety Warning Levels | 370
Restricted Access Area Warning | 374
Fire Safety Requirements | 376
Fire Suppression | 376
Fire Suppression Equipment | 377
Qualified Personnel Warning | 378
Warning Statement for Norway and Sweden | 378
Installation Instructions Warning | 379
Chassis and Component Lifting Guidelines | 379
Ramp Warning | 380
Rack-Mounting and Cabinet-Mounting Warnings | 380
Grounded Equipment Warning | 386
Laser and LED Safety Guidelines and Warnings | 387
General Laser Safety Guidelines | 387
Class 1 Laser Product Warning | 388
Class 1 LED Product Warning | 389
Laser Beam Warning | 390
Radiation from Open Port Apertures Warning | 391
Maintenance and Operational Safety Guidelines and Warnings | 392
Battery Handling Warning | 393
Jewelry Removal Warning | 394
Lightning Activity Warning | 396
Operating Temperature Warning | 397
xiii
Product Disposal Warning | 399
General Electrical Safety Guidelines and Warnings | 400
Prevention of Electrostatic Discharge Damage | 401
AC Power Electrical Safety Guidelines | 402
AC Power Disconnection Warning | 404
DC Power Electrical Safety Guidelines | 405
DC Power Electrical Safety Guidelines | 405
DC Power Disconnection Warning | 407
DC Power Grounding Requirements and Warning | 409
DC Power Wiring Sequence Warning | 411
DC Power Wiring Terminations Warning | 414
DC Power Disconnection Warning | 417
DC Power Grounding Requirements and Warning | 419
DC Power Wiring Sequence Warning | 421
DC Power Wiring Terminations Warning | 424
Multiple Power Supplies Disconnection Warning | 427
TN Power Warning | 428
Action to Take After an Electrical Accident | 428
SRX5400 Services Gateway Agency Approvals | 429
SRX5400 Services Gateway Compliance Statements for EMC Requirements | 430
Canada | 430
European Community | 430
Israel | 431
Japan | 431
United States | 431
Statements of Volatility for Juniper Network Devices | 432
xiv
About the Documentation
IN THIS SECTION
Documentation and Release Notes | xv
Using the Examples in This Manual | xv
Documentation Conventions | xvii
Documentation Feedback | xx
Requesting Technical Support | xx
Use this guide to install hardware and perform initial software configuration, routine maintenance, and
troubleshooting for the SRX5400 Services Gateway.
xv
After completing the installation and basic configuration procedures covered in this guide, refer to the
Junos OS documentation for information about further software configuration.
Documentation and Release Notes
To obtain the most current version of all Juniper Networks®technical documentation, see the product
documentation page on the Juniper Networks website at https://www.juniper.net/documentation/.
If the information in the latest release notes differs from the information in the documentation, follow the
product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts.
These books go beyond the technical documentation to explore the nuances of network architecture,
deployment, and administration. The current list can be viewed at https://www.juniper.net/books.
Using the Examples in This Manual
If you want to use the examples in this manual, you can use the load merge or the load merge relative
command. These commands cause the software to merge the incoming configuration into the current
candidate configuration. The example does not become active until you commit the candidate configuration.
If the example configuration contains the top level of the hierarchy (or multiple hierarchies), the example
is a full example. In this case, use the load merge command.
If the example configuration does not start at the top level of the hierarchy, the example is a snippet. In
this case, use the load merge relative command. These procedures are described in the following sections.
Merging a Full Example
To merge a full example, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration example into a text file, save the
file with a name, and copy the file to a directory on your routing platform.
For example, copy the following configuration to a file and name the file ex-script.conf. Copy the
ex-script.conf file to the /var/tmp directory on your routing platform.
system {
scripts {
commit {
file ex-script.xsl;
}
}
}
interfaces {
fxp0 {
disable;
unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
}
xvi
2. Merge the contents of the file into your routing platform configuration by issuing the load merge
configuration mode command:
[edit]
user@host# load merge /var/tmp/ex-script.conf
load complete
Merging a Snippet
To merge a snippet, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration snippet into a text file, save the
file with a name, and copy the file to a directory on your routing platform.
For example, copy the following snippet to a file and name the file ex-script-snippet.conf. Copy the
ex-script-snippet.conf file to the /var/tmp directory on your routing platform.
commit {
file ex-script-snippet.xsl; }
2. Move to the hierarchy level that is relevant for this snippet by issuing the following configuration mode
command:
[edit]
user@host# edit system scripts
[edit system scripts]
xvii
3. Merge the contents of the file into your routing platform configuration by issuing the load merge
relative configuration mode command:
[edit system scripts]
user@host# load merge relative /var/tmp/ex-script-snippet.conf
load complete
For more information about the load command, see CLI Explorer.
Documentation Conventions
Table 1 on page xviii defines notice icons used in this guide.
Table 1: Notice Icons
xviii
DescriptionMeaningIcon
Indicates important features or instructions.Informational note
Caution
Indicates a situation that might result in loss of data or hardware
damage.
Alerts you to the risk of personal injury or death.Warning
Alerts you to the risk of personal injury from a laser.Laser warning
Indicates helpful information.Tip
Alerts you to a recommended use or implementation.Best practice
Table 2 on page xviii defines the text and syntax conventions used in this guide.
Table 2: Text and Syntax Conventions
ExamplesDescriptionConvention
Fixed-width text like this
Italic text like this
Represents text that you type.Bold text like this
Represents output that appears on
the terminal screen.
Introduces or emphasizes important
•
new terms.
Identifies guide names.
•
Identifies RFC and Internet draft
•
titles.
To enter configuration mode, type
the configure command:
user@host> configure
user@host> show chassis alarms
No alarms currently active
A policy term is a named structure
•
that defines match conditions and
actions.
Junos OS CLI User Guide
•
RFC 1997, BGP Communities
•
Attribute
Table 2: Text and Syntax Conventions (continued)
xix
ExamplesDescriptionConvention
Italic text like this
Text like this
< > (angle brackets)
| (pipe symbol)
Represents variables (options for
which you substitute a value) in
commands or configuration
statements.
Represents names of configuration
statements, commands, files, and
directories; configuration hierarchy
levels; or labels on routing platform
components.
variables.
Indicates a choice between the
mutually exclusive keywords or
variables on either side of the symbol.
The set of choices is often enclosed
in parentheses for clarity.
Configure the machine’s domain
name:
[edit]
root@# set system domain-name
domain-name
To configure a stub area, include
•
the stub statement at the [edit
protocols ospf area area-id]
hierarchy level.
The console port is labeled
•
CONSOLE.
stub <default-metric metric>;Encloses optional keywords or
broadcast | multicast
(string1 | string2 | string3)
# (pound sign)
[ ] (square brackets)
Indention and braces ( { } )
; (semicolon)
GUI Conventions
Indicates a comment specified on the
same line as the configuration
statement to which it applies.
Encloses a variable for which you can
substitute one or more values.
Identifies a level in the configuration
hierarchy.
Identifies a leaf statement at a
configuration hierarchy level.
rsvp { # Required for dynamic MPLS
only
community name members [
community-ids ]
[edit]
routing-options {
static {
route default {
nexthop address;
retain;
}
}
}
Table 2: Text and Syntax Conventions (continued)
xx
ExamplesDescriptionConvention
Bold text like this
> (bold right angle bracket)
Represents graphical user interface
(GUI) items you click or select.
Separates levels in a hierarchy of
menu selections.
In the Logical Interfaces box, select
•
All Interfaces.
To cancel the configuration, click
•
Cancel.
In the configuration editor hierarchy,
select Protocols>Ospf.
Documentation Feedback
We encourage you to provide feedback so that we can improve our documentation. You can use either
of the following methods:
Online feedback system—Click TechLibrary Feedback, on the lower right of any page on the Juniper
•
Networks TechLibrary site, and do one of the following:
Click the thumbs-up icon if the information on the page was helpful to you.
•
Click the thumbs-down icon if the information on the page was not helpful to you or if you have
•
suggestions for improvement, and use the pop-up form to provide feedback.
E-mail—Send your comments to techpubs-comments@juniper.net. Include the document or topic name,
•
URL or page number, and software version (if applicable).
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC).
If you are a customer with an active Juniper Care or Partner Support Services support contract, or are
covered under warranty, and need post-sales technical support, you can access our tools and resources
online or open a case with JTAC.
JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User
•
Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
Product warranties—For product warranty information, visit https://www.juniper.net/support/warranty/.
•
JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week,
•
365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called
the Customer Support Center (CSC) that provides you with the following features:
Find CSC offerings: https://www.juniper.net/customers/support/
•
Search for known bugs: https://prsearch.juniper.net/
•
xxi
Find product documentation: https://www.juniper.net/documentation/
•
Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/
•
Download the latest versions of software and review release notes:
•
https://www.juniper.net/customers/csc/software/
Search technical bulletins for relevant hardware and software notifications:
•
https://kb.juniper.net/InfoCenter/
Join and participate in the Juniper Networks Community Forum:
•
https://www.juniper.net/company/communities/
Create a service request online: https://myjuniper.juniper.net
•
To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool:
https://entitlementsearch.juniper.net/entitlementsearch/
Creating a Service Request with JTAC
You can create a service request with JTAC on the Web or by telephone.
Visit https://myjuniper.juniper.net.
•
Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
•
For international or direct-dial options in countries without toll-free numbers, see
https://support.juniper.net/support/requesting-support/.
1
CHAPTER
Overview
SRX5400 Services Gateway System Overview | 23
SRX5400 Chassis | 27
SRX5400 Cooling System | 39
SRX5400 Power System | 41
SRX5400 Host Subsystem | 57
SRX5400 Line Cards and Modules | 81
SRX5400 Services Gateway System Overview
IN THIS SECTION
SRX5400 Services Gateway Description | 23
Benefits of the SRX5400 Services Gateway | 24
SRX5400 Services Gateway FRUs | 25
SRX5400 Services Gateway Component Redundancy | 26
SRX5400 Services Gateway Description
23
The SRX5400 Services Gateway is a high-performance, highly scalable, carrier-class security device with
multiprocessor architecture.
The SRX5400 Services Gateway is 5 rack units (U) tall. You can stack eight services gateways in a rack
that is at least 48 U (89.3 in. or 2.24 m) in height if it has a 1 in. cap between for increased port density
per unit of floor space.
The services gateway provides four slots that you can populate with one Switch Control Board (SCB) and
up to three additional cards of the following types:
Services Processing Cards (SPCs) provide the processing capacity to run integrated services such as
•
firewall, IPsec, and IDP.
NOTE: The SRX5400 Services Gateway supports only the SRX5K-SPC-4-15-320 (SPC2) and
does not support the SRX5K-SPC-2-10-40 (SPC1).
Modular Port Concentrators (MPCs) provide Ethernet interfaces that connect the services gateway to
•
your network.
NOTE: The SRX5400 Services Gateway only supports the SRX5K-MPC (MPC2), and does not
support older SRX5000 Series I/O cards (IOCs) or Flex IOCs cards such as:
SRX5K-40GE-SFP
•
SRX5K-4XGE-XFP
•
SRX5K-FPC-IOC
•
Devices configured with SRX5K-SCBE (SCB2) and SRX5K-RE-1800X4 (RE2) only support
SPC2.
Devices configured with SRX5K-SCB3 (SCB3) and RE2, or SRX5K-SCBE (SCB2) and RE2 also
support IOC3s (SRX5K-MPC3-100G10G and SRX5K-MPC3-40G10G).
NOTE: The SRX5400 Services Gateways configured with SRX5K-SCB (SCB1) and
SRX5K-RE-13-20 (RE1) only support Junos OS Release 12.1X46-D10 and later. Devices
configured with SCB2 and RE2 only support Junos OS Release 12.1X47-D15 and later, and
devices configured with SCB3 and RE2 only support Junos OS Release 15.1X49-D10 and later.
24
For detailed information about the cards supported by the services gateway, see the SRX5400, SRX5600,
and SRX5800 Services Gateway Card Reference at www.juniper.net/documentation/.
Benefits of the SRX5400 Services Gateway
The SRX5400 Services Gateway is a small footprint but high-performance gateway which supports 285
•
Gbps IMIX firewall throughput, 90 million concurrent sessions, and 230 Gbps IPS.
The ability to support unique security policies per zone with a compelling performance, makes the
SRX5400 an optimal solution for the edge or data center services in large enterprise, service provider,
or mobile operator environments.
IPS Capabilities - Juniper Networks IPS capabilities offer several unique features such as Protocol decodes,
•
Zero-day protection, Active/active traffic monitoring, and packet capture logging per rule assure the
highest level of network security.
Content Security UTM Capabilities - The UTM services offered on the SRX5000 line of Services Gateways
•
include industry-leading antivirus, antispam, content filtering, and additional content security services.
The UTM services provide sophisticated protection from:
Antivirus experts against malware attacks that can lead to data breaches and lost productivity.
•
Advanced persistent threats perpetrated through social networking attacks and the latest phishing
•
scams with sophisticated e-mail filtering and content blockers.
Lost productivity and the impact of malicious URLs and extraneous or malicious content on the network
•
to help maintain bandwidth.
Advanced Threat Prevention (ATP) - Juniper Sky ATP, a SaaS-based service, and the Juniper ATP
•
Appliance, an on-premises solution:
Protects enterprise users from a spectrum of advanced malware that exploits “zero-day” vulnerabilities.
•
Proactively blocks malware communication channels.
•
The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and
•
Google Mail, and detects threats in SMB traffic.
Single pane-of-glass management with Security Director and JSA Series integration.
•
25
SRX5400 Services Gateway FRUs
Field-replaceable units (FRUs) are services gateway components that can be replaced at the customer site.
The services gateway uses the following types of FRUs:
Table 3 on page 25 lists the FRUs of the services gateway and the action to perform to install, remove, or
replace an FRU.
Table 3: Field-Replaceable Units
ActionField-Replaceable Units (FRUs)
Air filter
Fan tray
Craft interface
AC and DC power supplies (if redundant)
Interface transceivers
You need not power off the services gateway to install, remove, or
replace any of these FRUs.
Table 3: Field-Replaceable Units (continued)
26
ActionField-Replaceable Units (FRUs)
Routing Engine
SCBs
SPCs
MPCs
MICs
Power off the services gateway to install, remove, or replace any of
these FRUs.
SRX5400 Services Gateway Component Redundancy
The following major hardware components are redundant:
Power supplies—The services gateway is configurable with two or three AC power supplies at the rear
•
of the chassis in slots PEM0 through PEM3 (left to right)or two DC power supplies in slots PEM0 and
PEM2.
In the low-line (110VAC input) or the high-line (220VAC input) configurations, two power supplies
•
are required to support the services gateway electrical requirements. By default, the AC powered
services gateways are configured with three AC (2+1) power supplies, you can add a fourth power
supply for fault tolerance. The fourth power supply is used when one of the power supplies in the 2+1
configuration fails.
In the DC powered services gateways two DC (1+1) power supplies are required to support the services
•
gateway electrical requirements. The minimum power supplies requirement is one and the second
power supply provides redundancy. If one power supply fails the second power supply instantly assume
the entire electrical load without interruption. Two power supplies provide the maximum configuration
with full power for as long as the device is operational.
Redundant power supplies are hot-removable and hot-insertable. When you remove a power supply
from a services gateway that uses a nonredundant power supply configuration, the services gateway
might shut down depending on your configuration.
Cooling system—The cooling system has redundant components, which are controlled by the host
•
subsystem. If one of the fans fails, the host subsystem increases the speed of the remaining fans to
provide sufficient cooling for the services gateway indefinitely.
SRX5400 Chassis
IN THIS SECTION
SRX5400 Services Gateway Chassis | 27
SRX5400 Services Gateway Physical Specifications | 29
SRX5400 Services Gateway Midplane Description | 30
SRX5400 Services Gateway Craft Interface Overview | 31
SRX5400 Services Gateway Craft Interface Alarm LEDs and Alarm Cutoff/Lamp Test Button | 32
SRX5400 Services Gateway Craft Interface Host Subsystem LEDs | 33
SRX5400 Services Gateway Craft Interface Power Supply LEDs | 33
SRX5400 Services Gateway Craft Interface Card OK/Fail LEDs | 34
SRX5400 Services Gateway Craft Interface Fan LEDs | 34
27
SRX5400 Services Gateway Craft Interface Online/Offline Buttons | 35
SRX5400 Services Gateway Craft Interface Alarm Relay Contacts | 37
SRX5400 Services Gateway Chassis
The services gateway chassis is a rigid sheet metal structure that houses all the other components (see
Figure 1 on page 28, Figure 2 on page 28, and Figure 3 on page 29). The chassis measures 8.71 in. (22.1 cm)
high, 17.45 in. (44.3 cm) wide, and 24.5 in. (62.2 cm) deep (from the front to the rear of the chassis). The
chassis installs in standard 800-mm (or larger) enclosed cabinets, 19-in. equipment racks, or telco open-frame
racks. Up to five services gateways can be installed in one standard (48 U) rack if the rack can handle their
combined weight, which can be greater than 1100 lb (500 kg). See “SRX5400 Services Gateway Physical
Specifications” on page 29 for physical specifications for the SRX5400 Services Gateway.
CAUTION: Before removing or installing components of a services gateway, attach
an ESD strap to an ESD point and place the other end of the strap around your bare
wrist. Failure to use an ESD strap can result in damage to the services gateway.
WARNING: The services gateway must be connected to earth ground during normal
g030323
SPCs
RE
SCB
MPC
PEM 3
PEM 2
PEM 1
PEM 0
AIR
FILTER
FAN
TRAY
g004301
AC Power
supplies
Fan tray
Air filter
Power
supply
exhaust
Protective earthing
Air exhaustESD point
ESD
operation.
Figure 1: Front View of a Fully Configured Services Gateway Chassis
28
Figure 2: Rear View of an AC-Powered Services Gateway Chassis
Figure 3: Rear View of a Fully Configured DC-Powered Services Gateway Chassis
PEM 3
PEM 2
PEM 1
PEM 0
AIR
FI
L
TER
FAN
TRAY
g004351
DC Power
supplies
Fan tray
Air filter
Power
supply
exhaust
Protective earthing
Air exhaustESD point
ESD
INPUTOK
PWROK
BKRON
INPUTOK
PWROK
BKRON
INPUTOK
PWROK
BKRON
INPUTOK
29
SRX5400 Services Gateway Physical Specifications
Table 4 on page 29 summarizes the physical specifications for the services gateway chassis.
Table 4: Physical Specifications
ValueDescription
Chassis dimensions
Services gateway weight
Routing Engine weight
8.7 in. (22.1 cm) high
17.45 in. (44.3 cm) wide
24.5 in. (62.2 cm) deep (from front-mounting bracket to chassis rear)
Total depth (including cable management system): 27.75 in. (70.5 cm)
Chassis with midplane, fan tray, air filter, and cable management
system: 52 lb (23.6 kg)
Maximum configuration: 128 lb (58.1 kg)
SRX5K-RE-13-20: 2.4 lb (1.1 kg)
SRX5K-RE-1800X4: 2.4 lb (1.1 kg)
Table 4: Physical Specifications (continued)
30
ValueDescription
SCB weight
SRX5K-SCB: 9.6 lb (4.4 kg)
SRX5K-SCBE: 9.6 lb (4.4 kg)
SRX5K-SCB3: 10.14 lb (4.6 kg)
13.1 lb (5.9 kg)MPC weight (with two MICs)
1.1 lb (0.5 kg)Craft interface weight
4.2 lb (1.9 kg)Fan tray weight
1.0 lb (0.5 kg)Air filter weight
0.3 lb (0.14 kg)Cable management weight
6.2 lb (2.8 kg)High-capacity DC power supply weight
6.6 lb (3.0 kg)High-capacity AC power supply weight
SRX5400 Services Gateway Midplane Description
The midplane is located toward the rear of the chassis and forms the rear of the card cage. MPCs, SPCs,
and SCB install into the midplane from the front of the chassis, and the power supplies install into the
midplane from the rear of the chassis. The cooling system components also connect to the midplane.
The midplane performs the following major functions:
Data path—Data packets are transferred across the midplane between the MPCs and SPCs through the
•
fabric ASICs on the SCB.
Power distribution—The power supplies are connected to the midplane, which distributes power to all
•
the services gateway components.
Signal path—The midplane provides the signal path to the MPCs, SCB, SPCs, Routing Engine, and other
•
system components for monitoring and control of the system.
The enhanced midplane supports Junos OS Release 15.1X49-D10. It provides greater per-slot fabric
performance and signal integrity, along with error-free high speed data transfer, and it reduces cross-talk.
The midplane supports link speeds up to 10 Gbps and is not field replaceable.
SRX5400 Services Gateway Craft Interface Overview
The craft interface shows you status and troubleshooting information at a glance and lets you perform
many system control functions. It is hot-insertable and hot-removable. The craft interface is located on
the front of the services gateway above the upper fan tray.
Figure 4 on page 31 shows the front panel of the craft interface and Table 5 on page 31 describes the
components on the front panel.
Figure 4: Front Panel of the Craft Interface
31
Table 5: Front Panel of the Craft Interface
Routing Engine LEDs1
Fan LEDs2
PEM LEDs3
Minor alarm LED4
Major alarm LED5
Alarm cutoff button6
Alarm relay contacts7
ReferenceDescriptionComponent
See “SRX5400 Services Gateway Craft
Interface Host Subsystem LEDs” on
page 33
See “SRX5400 Services Gateway Craft
Interface Fan LEDs” on page 34
See “SRX5400 Services Gateway Craft
Interface Power Supply LEDs” on page 33
See “SRX5400 Services Gateway Craft
Interface Alarm LEDs and Alarm
Cutoff/Lamp Test Button” on page 32
See “SRX5400 Services Gateway Craft
Interface Alarm Relay Contacts” on
page 37
Table 5: Front Panel of the Craft Interface (continued)
32
ReferenceDescriptionComponent
8/9
SCB and MPC LEDs, and MPC
online/offline buttons
The card LEDs are located along the
bottom edge of the craft interface and are
labeled 0 for the bottom slot reserved for
the SCB and 0/1, 1, and 2 for the
remaining slots.
See “SRX5400 Services Gateway Craft
Interface Card OK/Fail LEDs” on page 34
See “SRX5400 Services Gateway Craft
Interface Online/Offline Buttons” on
page 35
NOTE: The SCB must be installed in the services gateway for the craft interface to obtain power.
SRX5400 Services Gateway Craft Interface Alarm LEDs and Alarm Cutoff/Lamp Test Button
Two large alarm LEDs are located at the upper right of the craft interface. The circular red LED lights to
indicate a major alarm condition that can result in a system shutdown. The triangular yellow LED lights to
indicate a less severe minor alarm condition that requires monitoring or maintenance. Both LEDs can be
lit simultaneously. A condition that causes an LED to light also activates the corresponding alarm relay
contact on the craft interface.
To deactivate the major and minor alarms, press the button labeled ACO/LT (for “alarm cutoff/lamp test”),
which is located to the right of the alarm LEDs. Deactivating an alarm turns off both LEDs and deactivates
the device attached to the corresponding alarm relay contact on the craft interface.
Table 6 on page 33 describes the alarm LEDs and alarm cutoff button in more detail.
Table 6: Alarm LEDs and Alarm Cutoff/Lamp Test Button
DescriptionStateColorLabelShape
33
On steadilyRedMajor Alarm
On steadilyYellowMinor Alarm
––ACO/LT
Critical alarm LED—Indicates a critical condition that can
cause the device to stop functioning. Possible causes include
component removal, failure, or overheating.
Warning alarm LED—Indicates a serious but nonfatal error
condition, such as a maintenance alert or a significant
increase in component temperature.
Alarm cutoff/lamp test button—Deactivates major and minor
alarms. Causes all LEDs on the craft interface to light (for
testing) when pressed and held.
SRX5400 Services Gateway Craft Interface Host Subsystem LEDs
The host subsystem has three LEDs, located on the upper left of the craft interface, that indicate its status.
The LEDs labeled RE0 show the status of the Routing Engine and SCB in slot 0 . The LEDs labeled RE1
are disabled and have no function. Table 7 on page 33 describes the functions of the host subsystem LEDs.
Table 7: Host Subsystem LEDs
DescriptionStateColorLabel
Host is functioning as the primary.On steadilyGreenMASTER
Host is online and is functioning normally.On steadilyGreenONLINE
Host is installed but the Routing Engine is offline.On steadilyRedOFFLINE
Host is not installed.Off
SRX5400 Services Gateway Craft Interface Power Supply LEDs
Each power supply has two LEDs on the craft interface that indicate its status. The LEDs, labeled 0 through
3, are located near the middle of the craft interface next to the PEM label. Table 8 on page 34 describes
the functions of the power supply LEDs on the craft interface.
Table 8: Power Supply LEDs on the Craft Interface
DescriptionStateColorLabel
Power supply is functioning normally.On steadilyGreenPEM
Power supply has failed or power input has failed.On steadilyRed
SRX5400 Services Gateway Craft Interface Card OK/Fail LEDs
Each slot in the card cage has a pair of LEDs on the craft interface that indicates the status of the card
installed in it. The card LEDs are located along the bottom edge of the craft interface and are labeled 0
for the bottom slot reserved for the SCB and 0/1, 1, and 2 for the remaining slots.Table 9 on page 34
describes the functions of the OK and Fail LEDs.
Table 9: Card OK/Fail LEDs
34
DescriptionStateColorLabel
The card is functioning normally.On steadilyGreenOK
The card is transitioning online or offline.Blinking
The card is not online.Off
The card has failed.On steadilyRedFAIL
SRX5400 Services Gateway Craft Interface Fan LEDs
The fan tray LED are located near the middle of the craft interface. Table 10 on page 34 describes the
functions of the fan tray LEDs.
Table 10: Fan LEDs
DescriptionStateColorLabel
Fan tray is functioning normally.On steadilyGreenOK
Fan tray has failed.On steadilyRedFAIL
SRX5400 Services Gateway Craft Interface Online/Offline Buttons
The craft interface has a row of Online/Offline buttons along its lower edge. Each button corresponds to
one slot in the card cage. The Online/Offline buttons are only supported for slots containing MPC interface
cards. You can install MPCs into slots:
SRX5400–Any slot except bottom slot 0
•
SRX5600–Any slot except bottom slots 0 or 1
•
SRX5800–Any slot except center slots 0 or 1
•
NOTE: The Online/Offline buttons are not supported for removal and replacement of SPCs or
SCB.
CAUTION: While traffic is passing through the Services Gateway, particularly if the
device is configured as part of a high availability (HA) cluster, we strongly recommend
that you do not push any of the Online/Offline buttons.
35
To take an MPC offline using the Online/Offline buttons:
1. Press and hold the corresponding card’s Online/Offline button on slot 1 on the craft interface. The
green OK/FAIL LED next to the button begins to blink. Hold until both the button’s LED and the MPC’s
LED are off.
2. Issue the CLI show chassis fpc command to check the status of installed MPCs. As shown in the sample
output, the value Offline in the column labeled State indicates that the MPC in slot 1 is now offline:
user@host> show chassis fpc
Slot State (C) Total Interrupt DRAM (MB) Heap Buffer
0 Online 35 4 0 1024 13 25
1 Online 47 3 0 1024 13 25
2 Online 37 8 0 2048 18 14
An MPC can also be taken offline via CLI command:
user@host> request chassis fpc slot 2 offline
node0:
-------------------------------------------------------------------------Offline initiated, use "show chassis fpc" to verify
{primary:node0}
user@host> show chassis fpc
node0:
------------------------------------------------------------------------- Temp CPU Utilization (%) Memory Utilization (%)
Slot State (C) Total Interrupt DRAM (MB) Heap Buffer
0 Online 35 7 0 1024 13 25
1 Online 46 4 0 1024 13 25
2 Offline ---Offlined by cli command---
After pushing MPC online button:
36
user@host> show chassis fpc
Temp CPU Utilization (%) Memory Utilization (%)
Slot State (C) Total Interrupt DRAM (MB) Heap Buffer
0 Online 34 5 0 1024 13 25
1 Online 46 3 0 1024 13 25
2 Offline ---Offlined by button press---
To bring an MPC back online using the Online/Offline buttons:
1. Press and hold the corresponding card’s Online/Offline button on slot 1 on the craft interface. The
green OK/FAIL LED next to the button and the MPC’s LED begins to blink. Hold until both the button’s
LED and the MPC’s LED are green and steady.
2. Issue the CLI show chassis fpc command to check the status of installed MPCs. As shown in the sample
output, the value Online in the column labeled State indicates that the MPC in slot 1 is functioning
normally:
Verify if the MPC is offline:
user@host> show chassis fpc
node0:
------------------------------------------------------------------------- Temp CPU Utilization (%) Memory Utilization (%)
Slot State (C) Total Interrupt DRAM (MB) Heap Buffer
0 Online 37 23 0 2048 19 14
1 Offline ---Offlined by cli command-- 2 Online 49 37 0 1024 14 25
The command output indicates the MPC is offline.
Bring the MPC online for the first time by using the following CLI command:
user@host> request chassis fpc slot 1 online
node0:
-------------------------------------------------------------------------Online initiated, use "show chassis fpc" to verify
Verify that the MPC is online:
37
user@host> request chassis fpc slot 1 online node 0
node0:
-------------------------------------------------------------------------FPC 1 already online
The command output indicates the MPC is online.
Confirm that the MPC in the chassis is online:
user@host> show chassis fpc
node0:
------------------------------------------------------------------------- Temp CPU Utilization (%) Memory Utilization (%)
Slot State (C) Total Interrupt DRAM (MB) Heap Buffer
0 Online 37 6 0 2048 19 14
1 Online 44 11 0 1024 23 29
2 Online 49 22 0 1024 14 25
SRX5400 Services Gateway Craft Interface Alarm Relay Contacts
The craft interface has two alarm relay contacts for connecting the device to external alarm devices (see
Figure 5 on page 38). Whenever a system condition triggers either the major or minor alarm on the craft
interface, the alarm relay contacts are also activated. The alarm relay contacts are located on the upper
right of the craft interface.
Figure 5: Alarm Relay Contacts
The alarm relay contacts consist of two sets of connectors, one set for each of the two alarms (major and
minor). For each alarm color there are three connectors. Table 11 on page 38 describes the functions of
the connectors.
Table 11: Alarm Relay Contact Functions
FunctionContact NameContact Label
38
Normally ClosedNC
Current InC
Normally OpenNO
Connects the alarm relay to an external alarm-reporting device that
activates when the circuit between C and NC is closed.
Connects the alarm relay to the current source for the external
alarm-reporting device.
Connects the alarm relay to an external alarm-reporting device that
activates when the circuit between C and NC is open.
Table 12 on page 38 shows the electrical specifications for the alarm relay contacts.
Table 12: Alarm Relay Contact Electrical Specifications
Current Type
DCAC
30250Maximum Voltage
8 AMaximum Current
Figure 6 on page 39 shows an example wiring diagram for a simple alarm reporting device. In this case the
device is a 12-volt light bulb that illuminates when the device encounters a condition that activates the
major alarm LED and relay contacts. The alarm relay contacts can also be used to activate other devices
such as bells or buzzers.
Figure 6: Example Alarm Reporting Device
g030297
RELATED DOCUMENTATION
General Electrical Safety Guidelines and Warnings
Preventing Electrostatic Discharge Damage to the SRX5400 Services Gateway
39
SRX5400 Cooling System
The cooling system consists of the following components:
Fan tray
•
Air filter
•
The cooling system components work together to keep all services gateway components within the
acceptable temperature range (see Figure 7 on page 40, Figure 8 on page 40, and Figure 9 on page 41 ).
The device has one fan tray and one air filter that install vertically in the rear of the device.
Two types of fan trays are available:
The standard capacity fan tray has three fans that operate at 216 cubic feet per minute (CFM) at full
•
speed and is adequate for services gateways in which standard-capacity power supplies are installed.
The high-capacity fan tray has three fans that operate at 289 cubic feet per minute (CFM) at full speed
•
and is required when high-capacity power supplies are installed.
The air intake to cool the chassis is located on the side of the chassis next to the air filter. Air is pulled
through the chassis toward the fan tray, where it is exhausted out the side of the system. The air intake
to cool the power supplies is located in the front of the device above the craft interface. The exhaust for
the power supplies is located on the rear bulkhead power supplies.
Each fan has an LED that displays its status. The fan LEDs are located on the top left of the craft interface.
Figure 7: Airflow Through the Chassis
The host subsystem monitors the temperature of the services gateway components. When the device is
operating normally, the fans function at lower than full speed. If a fan fails or the ambient temperature
rises above a threshold, the speed of the remaining fans is automatically adjusted to keep the temperature
within the acceptable range. If the ambient maximum temperature specification is exceeded and the system
cannot be adequately cooled, the Routing Engine shuts down the system by disabling output power from
each power supply.
40
Figure 8: Fan Tray
Figure 9: Air Filter
RELATED DOCUMENTATION
Maintaining the Fan Tray on the SRX5400 Services Gateway | 221
41
Maintaining the Air Filter on the SRX5400 Services Gateway | 223
Troubleshooting the SRX5400 Services Gateway Cooling System | 350
Replacing the SRX5400 Services Gateway Fan Tray | 221
Replacing the SRX5400 Services Gateway Air Filter | 224
SRX5400 Power System
IN THIS SECTION
SRX5400 Services Gateway Power System Overview | 42
SRX5400 Services Gateway AC Power Supply | 44
SRX5400 Services Gateway AC Power Supply Specifications | 44
SRX5400 Services Gateway AC Power Supply LEDs | 45
AC Power Cord Specifications for the SRX5400 Services Gateway | 46
AC Power Circuit Breaker Requirements for the SRX5400 Services Gateway | 49
SRX5400 Services Gateway DC Power Supply | 49
SRX5400 Services Gateway DC Power Supply Specifications | 50
SRX5400 Services Gateway DC Power Supply LEDs | 50
DC Power Cable Specifications for the SRX5400 Services Gateway | 51
DC Power Cable Lug Specifications for the SRX5400 Services Gateway | 52
DC Power Circuit Breaker Requirements for the SRX5400 Services Gateway | 53
DC Power Source Cabling for the SRX5400 Services Gateway | 53
SRX5400 Services Gateway Chassis Grounding Point Specifications | 54
SRX5400 Services Gateway Grounding-Cable Specification | 55
SRX5400 Services Gateway Grounding-Cable Lug Specification | 56
SRX5400 Services Gateway Power System Overview
The services gateway uses either AC or DC power supplies.
42
NOTE: The SRX5400 Services Gateway and SRX5600 Services Gateway use the same power
supply model.
The services gateway is configurable with two or three AC power supplies by default (optionally, a fourth
power supply can be added) or two DC power supplies. The AC power supplies are located horizontally
at the rear of the chassis in slots PEM0 through PEM3 (left to right) and the DC power supplies are located
in slots PEM0 and PEM2. The power supplies connect to the midplane, which distributes the different
output voltages produced by the power supplies to the services gateway components, depending on their
voltage requirements. Each power supply is cooled by its own internal cooling system.
CAUTION: The services gateway cannot be powered from AC and DC power supplies
simultaneously. The first type of power supply detected by the services gateway when
initially powered on determines the type of power supply allowed by the services
gateway. All installed power supplies of the other type are disabled by the services
gateway. If you install a power supply of the other type while the services gateway is
operating, the services gateway disables the power supply and generates an alarm.
Redundant power supplies are hot-removable and hot-insertable. When you remove a power supply from
a services gateway that uses a nonredundant power supply configuration, the services gateway might shut
down depending on your configuration.
Table 13 on page 43 summarizes the available power supply types, their output capacities, and their
redundancy and power distribution schemes. For detailed power supply specifications, see “SRX5400
Services Gateway AC Power Supply Specifications” on page 44 or “SRX5400 Services Gateway DC Power
Supply Specifications” on page 50.
Table 13: Power Supply Type Summary
Power Supply
Type
RedundancyMaximum OutputInput Condition (If Any)
2+11167 WLow-line (110 V Input)AC
2+12050 WHigh-line (220 V Input)
1+12240 WDIP=0 (60 A Input)DC
1+12440 WDIP=1 (80 A Input)
In all power supply configurations, the power distribution and total power is shared by all of the components
in the services gateway chassis. The power supplies are guaranteed to provide adequate power to the
system. In the low-line (110VAC input) and high-line (220VAC input) configurations, two power supplies
are required to support the services gateway electrical requirements. Although the services gateway is
configurable with three AC (2+1) power supplies, you can add a fourth power supply for fault tolerance.
The fourth power supply is used when one of the power supplies in the 2+1 configuration fails.
43
NOTE: There are no slot restrictions for AC power supplies. If you are using DC power supplies,
then use the slots as shown in Table 14 on page 43.
Table 14: PSU Slot Restrictions
Minimum PSU
RequirementPSU
PSU Redundancy
RequirementsPEM Slot
PEM Slot
Any3Any2110V AC PSU
Any3Any2220V AC PSU
PEM22PEM0 & PEM21DC PSU
SRX5400 Services Gateway AC Power Supply
AC OK
DC OK
PS
FAIL
Each AC power supply consists of one AC appliance inlet, an AC switch, a fan, and LEDs to monitor the
status of the power supply. Figure 10 on page 44 shows the power supply. Each inlet requires a dedicated
AC power feed and a dedicated 16 A @ 100 VAC or 16 A @ 200 VAC circuit breaker, or as required by
local code.
Figure 10: AC Power Supply
44
WARNING: The services gateway is pluggable type A equipment installed in a
restricted-access location. It has a separate protective earthing terminal (sized for UNC
1/4-20 ground lugs) provided on the chassis in addition to the grounding pin of the
power supply cord. This separate protective earthing terminal must be permanently
connected to earth.
NOTE: The SRX5400 Services Gateway and SRX5600 Services Gateway use the same power
supply model.
SRX5400 Services Gateway AC Power Supply Specifications
Table 15 on page 45 lists the AC power supply electrical specifications.
Table 16 on page 45 lists the AC power system electrical specifications.
Table 15: AC Power Supply Electrical Specifications
SpecificationItem
45
Maximum output power
AC input current rating
Table 16: AC Power System Specifications
1167 W (low line)
2050 W (high line)
16 A @ 110 VAC maximum
15.1 A @ 200 VAC maximum
Operating range: 100 - 240 VAC (nominal)AC input voltage
50 to 60 Hz (nominal)AC input line frequency
High-Line (220V)Low-Line (110V)Item
2+12+1Redundancy
2050 W1167 WOutput power (maximum) per power supply
4100 W3501 WOutput power (maximum) per system
SRX5400 Services Gateway AC Power Supply LEDs
Each AC power supply faceplate contains three LEDs that indicate the status of the power supply (see
Table 17 on page 46). The power supply status is also reflected in two LEDs on the craft interface. In
addition, a power supply failure triggers the major alarm LED on the craft interface.
Table 17: AC Power Supply LEDs
g100997
46
DescriptionStateColorLabel
AC power input voltage is below 78 VAC.OffAmberAC OK
AC power input voltage is within 78–264 VAC.OnGreen
OffGreenDC OK
On
On
DC power outputs generated by the power supply are not within the
normal operating ranges.
DC power outputs generated by the power supply are within the
normal operating ranges.
Power supply is functioning normally.OffRedPS FAIL
Power supply is not functioning normally and its output voltage is out
of regulation limits. Check AC OK and DC OK LEDs for more
information.
AC Power Cord Specifications for the SRX5400 Services Gateway
Each AC power supply has a single AC appliance inlet located on the power supply that requires a dedicated
AC power feed. Most sites distribute power through a main conduit that leads to frame-mounted power
distribution panels, one of which can be located at the top of the rack that houses the services gateway.
An AC power cord connects each power supply to the power distribution panel.
The services gateway is not shipped with AC power cords. You must order power cords separately using
the model number shown in Table 18 on page 47. The C19 appliance coupler end of the cord see
Figure 11 on page 46, inserts into the AC appliance inlet coupler, type C20 (right angle) as described by
International Electrotechnical Commission (IEC) standard 60320. The plug end of the power cord fits into
the power source receptacle that is standard for your geographical location.
Figure 11: C19 Appliance Coupler
Table 18 on page 47 provides specifications and depicts the plug on the AC power cord provided for each
country or region.
Table 18: AC Power Cord Specifications
Electrical
SpecificationModel NumberCountry
47
GraphicPlug Type
SAA/3/15240 VAC, 50 Hz ACCBL-M-PWR-RA-AUAustralia
CH2-16P220 VAC, 50 Hz ACCBL-M-PWR-RA-CHChina
(except
Denmark,
Italy,
Switzerland,
and United
Kingdom)
CBL-M-PWR-RA-EUEurope
CBL-PWR-RA-JP15Japan
CBL-M-PWR-RA-JP
50 Hz AC
Hz AC
220 VAC, 50 or 60
Hz AC
CEE 7/7220 or 230 VAC,
CEI 23-16/VII230VAC, 50 Hz ACCBL-M-PWR-RA-ITItaly
JIS 8303125 VAC, 50 or 60
NEMA
L6-20P
Table 18: AC Power Cord Specifications (continued)
g021288
g050751
Electrical
SpecificationModel NumberCountry
America
48
GraphicPlug Type
NEMA 5-15P125 VAC, 60 Hz ACCBL-PWR-RA-US15North
Kingdom
(except
Japan)
125 VAC, 60 Hz ACCBL-PWR-RA-TWLK-US15
250 VAC, 60 Hz ACCBL-M-PWR-RA-TWLK-US
240 VAC, 50 Hz ACCBL-EX-PWR-C19-C20Worldwide
NEMA
L5-15P
NEMA 6-20250 VAC, 60 Hz ACCBL-M-PWR-RA-US
NEMA
L6-20P
BS89/13240 VAC, 50 Hz ACCBL-M-PWR-RA-UKUnited
EN
60320-2-2/1
WARNING: The AC power cord for the services gateway is intended for use with the
services gateway only and not for any other use.
WARNING: To meet safety and electromagnetic interference (EMI) requirements and
to ensure proper operation, you must properly ground the services gateway chassis
before connecting power. See “Grounding the SRX5400 Services Gateway” on page 195
for instructions.
CAUTION: Power cords and cables must not block access to device components or
drape where people could trip on them.
NOTE: In North America, AC power cords must not exceed 4.5 m (approximately 14.75 ft) in
g004725
length, to comply with National Electrical Code (NEC) Sections 400-8 (NFPA 75, 5-2.2) and
210-52, and Canadian Electrical Code (CEC) Section 4-010(3). The cords listed in
Table 18 on page 47 are in compliance.
AC Power Circuit Breaker Requirements for the SRX5400 Services Gateway
Each AC power supply has a single AC appliance inlet located on the power supply that requires a dedicated
AC power feed. We recommend that you use a customer site circuit breaker rated for 15 A (250 VAC)
minimum for each AC power supply, or as required by local code. Doing so enables you to operate the
services gateway in any configuration without upgrading the power infrastructure.
49
SRX5400 Services Gateway DC Power Supply
Each DC power supply consists of one DC input (–48 VDC and return), one 40 A (–48 VDC) circuit breaker,
a fan, and LEDs to monitor the status of the power supply. Figure 12 on page 49 shows the power supply.
Each DC power supply has a single DC input (–48 VDC and return) that requires a dedicated facility circuit
breaker.
We recommend that you provision 60 A or 70 A per feed, depending on the selected DIP switch setting.
Figure 12: DC Power Supply Faceplate
NOTE: The SRX5400 Services Gateway and SRX5600 Services Gateway use the same power
supply model.
SRX5400 Services Gateway DC Power Supply Specifications
Table 19 on page 50 lists the DC power supply electrical specifications. Table 20 on page 50 lists the DC
power system specifications.
Table 19: DC Power Supply Electrical Specifications
Specification
Item DIP=1 (80 A Input)DIP=0 (60 A Input)
2600 W2400 WMaximum output power
50
DC input voltage
Minimum: –40.5 VDC
Nominal: –48 VDC
Operating range: –40.5 to –72 VDC
50 A @ –48 V nominal operating voltageDC input current rating
Table 20: DC Power System Specifications
Specification
Item DIP=1 (80 A Input)DIP=0 (60 A Input)
54.2 A @ –48 V nominal operating
voltage
NoneNoneInternal Supplementary Protector
1+11+1Redundancy
2600 W2400 WOutput power (maximum) per power supply
2600 W2400 WOutput power (maximum) per system
SRX5400 Services Gateway DC Power Supply LEDs
Each DC power supply faceplate contains three LEDs that indicate the status of the power supply (see
Table 21 on page 51). In addition, a power supply failure triggers the major alarm LED on the craft interface.
NOTE: The SCB must be present for the PWR OK LED to go on.
Table 21: DC Power Supply LEDs
DescriptionStateColorLabel
51
OK
OffGreenPWR OK
OnAmber
OnGreen
OnAmber
Power supply is not functioning normally. Check the INPUT OK LED
for more information.
Power supply is functioning normally.On
The main output voltage is out of range (lower limit: 37.5 V to 39.5
V; upper limit: 72.5 V to 76 V).
DC power supply circuit breaker is turned off.OffGreenBRKRON
DC power input is present and the DC power supply circuit breaker
is turned on.
DC input to the PEM is not present.OffGreenINPUT
DC input is present and is connected in correct polarity.On
DC input is present, but not in valid operating range or connected in
reverse polarity.
DC Power Cable Specifications for the SRX5400 Services Gateway
Table 22 on page 51 summarizes the specifications for the power cables, which you must supply.
Table 22: DC Power Cable Specifications
SpecificationQuantityCable Type
Power
Four 6-AWG (13.3 mm2) cables for each
power supply
Minimum 60°C wire, or as required by the
local code
CAUTION: You must ensure that power connections maintain the proper polarity.
Crimp area
6 AWG conductor
All measurements in inches
0.28
diameter
each hole
2.25
0.25 0.370.625
g001188
0.55
End view
0.08
The power source cables might be labeled (+) and (–) to indicate their polarity. There
is no standard color coding for DC power cables. The color coding used by the external
DC power source at your site determines the color coding for the leads on the power
cables that attach to the terminal studs on each power supply.
DC Power Cable Lug Specifications for the SRX5400 Services Gateway
The accessory box shipped with the services gateway includes the cable lugs that attach to the terminal
studs of each power supply (see Figure 13 on page 52).
Figure 13: DC Power Cable Lug
52
CAUTION: Before services gateway installation begins, a licensed electrician must
attach a cable lug to the grounding and power cables that you supply. A cable with an
incorrectly attached lug can damage the services gateway.
WARNING: The services gateway is a pluggable type A equipment installed in restricted
access location. It has a separate protective earthing terminal [Metric -M6 and English
- ¼-20 screw) ground lugs] provided on the chassis. This separate protective earth
terminal must be permanently connected to earth.
DC Power Circuit Breaker Requirements for the SRX5400 Services Gateway
AC
g030346
Plant
controls
Rectifiers
Power plant and batteries
in same building
Batteries
Ground
window
Central office
ground
Central office
ground
DC power supply on SRX5400
Central office
secondary
DC power
distribution
Each DC power supply has a single DC input (–48 VDC and return) that requires a dedicated facility circuit
breaker. We recommend that you use a customer site circuit breaker rated for 40 A (–48 VDC) minimum
for each DC power supply, or as required by local code. Doing so enables you to operate the services
gateway in any configuration without upgrading the power infrastructure.
If you plan to operate a DC-powered services gateway at less than the maximum configuration and do
not provision a 40 A (–48 VDC) circuit breaker, we recommend that you provision a circuit breaker for
each DC power supply rated for at least 125% of the continuous current that the system draws at –48 VDC,
or as required by local code.
DC Power Source Cabling for the SRX5400 Services Gateway
Figure 14 on page 53 shows a typical DC source cabling arrangement.
53
Figure 14: Typical DC Source Cabling to the Services Gateway
The DC power supplies must be powered by dedicated power feeds.
CAUTION: You must ensure that power connections maintain the proper polarity.
The power source cables might be labeled (+) and (–) to indicate their polarity. There
is no standard color coding for DC power cables. The color coding used by the external
DC power source at your site determines the color coding for the leads on the power
cables that attach to the terminal studs on each power supply.
WARNING: For field-wiring connections, use copper conductors only.
CAUTION: Power cords and cables must not block access to device components or
drape where people could trip on them.
SRX5400 Services Gateway Chassis Grounding Point Specifications
WARNING: To meet safety and electromagnetic interference (EMI) requirements and
to ensure proper operation, you must properly ground the services gateway chassis
before connecting power. See “Grounding the SRX5400 Services Gateway” on page 195
for instructions.
54
CAUTION: Before services gateway installation begins, a licensed electrician must
attach cable lugs to the grounding and power cables that you supply. A cable with an
incorrectly attached lug can damage the services gateway.
The services gateway chassis has one grounding point at the upper right corner of the back panel. The
grounding point consists of two threaded holes spaced 0.625-in. (15.86-mm) apart (Figure 15 on page 55).
The grounding point holes fit UNC 1/4–20 screws. The accessory box shipped with the services gateway
includes the cable lug that attaches to the grounding cable and two UNC 1/4–20 screws used to secure
the grounding cable to the services gateway grounding point.
Figure 15: SRX5400 Services Gateway Grounding Point
PEM3
PEM2
PEM1
PEM0
AIR
FILTER
FAN
TRAY
g030326
ESD
To ground the services gateway, you must connect a grounding cable to earth ground and then attach it
to the chassis grounding point using the two screws provided.
55
NOTE: Additional grounding is provided to an AC-powered services gateway when you plug its
power supplies into grounded AC power receptacles.
SRX5400 Services Gateway Grounding-Cable Specification
The grounding cable that you provide must meet the specifications in Table 23 on page 55.
Table 23: Grounding Cable Specifications
Quantity and SpecificationCable Type
One 6-AWG (13.3 mm2), minimum 60°C wire, or as required by the local codeGrounding
WARNING: To meet safety and electromagnetic interference (EMI) requirements and
to ensure proper operation, you must properly ground the services gateway chassis
before connecting power. See “Grounding the SRX5400 Services Gateway” on page 195
for instructions.
SRX5400 Services Gateway Grounding-Cable Lug Specification
Crimp area
6 AWG conductor
All measurements in inches
0.28
diameter
each hole
2.25
0.25 0.370.625
g001188
0.55
End view
0.08
The accessory box shipped with the services gateway includes the cable lug that attaches to the grounding
cable (see Figure 16 on page 56) and two UNC 1/4–20 screws used to secure the grounding cable to the
grounding points.
Figure 16: Grounding Cable Lug
CAUTION: Before services gateway installation begins, a licensed electrician must
attach a cable lug to the grounding and power cables that you supply. A cable with an
incorrectly attached lug can damage the services gateway.
56
NOTE: The same cable lug is used for the DC power cables.
RELATED DOCUMENTATION
Calculating Power Requirements for the SRX5400 Services Gateway | 152
Removing an SRX5400 Services Gateway DC Power Supply | 231
Replacing an SRX5400 Services Gateway AC Power Supply | 228
Troubleshooting the SRX5400 Services Gateway Power System | 354
SRX5400 Host Subsystem
IN THIS SECTION
SRX5400 Services Gateway Host Subsystem Overview | 57
Switch Control Board SRX5K-SCB Overview | 58
Switch Control Board SRX5K-SCB Specifications | 59
Switch Control Board SRX5K-SCBE Overview | 62
Switch Control Board SRX5K-SCBE Specifications | 63
Switch Control Board SRX5K-SCB3 Overview | 66
Switch Control Board SRX5K-SCB3 Specifications | 67
Routing Engine SRX5K-RE-13-20 Overview | 68
Routing Engine SRX5K-RE-13-20 Specifications | 69
57
Routing Engine SRX5K-RE-1800X4 Overview | 72
Routing Engine SRX5K-RE-1800X4 Specifications | 73
Routing Engine SRX5K-RE3-128G Specifications | 76
SRX5400 Services Gateway Host Subsystem Overview
The host subsystem is composed of a Routing Engine installed in a Switch Control Board (SCB). The host
subsystem provides the routing and system management functions of the services gateway. You must
install one host subsystem on the device. The host subsystem components are as follows:
Switch Control Board
•
SRX5K-SCB–from Junos OS Release 9.2 to 12.3X48
•
SRX5K-SCBE–from Junos OS Release 12.1X47-D15 and later
•
SRX5K-SCB3–from Junos OS Release 15.1X49-D10 and later
•
SRX5K-SCB4–from Junos OS Release 19.3R1 and later
•
NOTE: SRX5K-SCB4 is not supported on SRX5400 Services Gateways.
Routing Engine
•
SRX5K-RE-13-20–from Junos OS Release 9.2 to 12.3X48
•
SRX5K-RE-1800X4–from Junos OS Release 12.1X47-D15 and later
•
SRX5K-RE3-128G–from Junos OS Release 19.3R1 and later
•
NOTE: You can only configure the following combination of Routing Engine and SCB within a
host subsystem:
SRX5K-RE-13-20 and SRX5K-SCB
•
SRX5K-RE-1800X4 and SRX5K-SCBE
•
SRX5K-RE-1800X4 and SRX5K-SCB3
•
SRX5K-RE-1800X4 and SRX5K-SCB4
•
SRX5K-RE3-128G and SRX5K-SCB3 or SRX5K-SCB4
•
The host subsystem has three LEDs that display its status. The host subsystem LEDs are located in the
middle of the craft interface.
58
Switch Control Board SRX5K-SCB Overview
The Switch Control Board (SCB) provides the following functions:
Powers on and powers off MPCs and SPC
•
Controls clocking, system resets, and booting
•
Monitors and controls system functions, including fan speed, board power status, PDM status and
•
control, and the system front panel
Provides interconnections to all the MPCs within the chassis through the switch fabrics integrated into
•
the SCB
When the SCB is part of a host subsystem, the Routing Engine installs directly into a slot on the SCB (see
Figure 17 on page 59).
Figure 17: SRX5K-SCB
59
You must install one SCB in the services gateway as part of a host subsystem.
The SCB installs horizontally into the slot at the bottom of the card cage labeled 0. If any slots are empty,
you must install a blank panel.
For detailed information about SCBs supported by the services gateway, see the SRX5400, SRX5600, and
SRX5800 Services Gateway Card Reference at www.juniper.net/documentation/.
Switch Control Board SRX5K-SCB Specifications
The SRX5K-SCB Switch Control Board (SCB) (Figure 18 on page 60) performs the following functions:
Powers on and powers off I/O cards (IOCs) and Services Processing Cards (SPCs)
•
Controls clocking, system resets, and booting
•
Monitors and controls system functions, including fan speed, board power status, PDM status and
•
control, and the system front panel
Provides interconnections to all the IOCs within the chassis through the switch fabrics integrated into
•
the SCB
SRX5400 and SRX5600 Services Gateways have one SCB each installed and you can install a second SCB
for redundancy. The SRX5800 Services Gateway has two SCBs installed and you can install a third SCB
for switch fabric redundancy.
The host subsystem is composed of a Routing Engine installed directly into a slot on the faceplate of the
SCB. When there is no Routing Engine is a SCB, its slot must be covered with a blank panel.
Figure 18: Switch Control Board SRX5K-SCB
60
Each SCB consists of the following components:
Chassis management Ethernet switch.
•
I2C bus logic, used for low-level communication with each component.
•
Component redundancy circuitry.
•
Gigabit Ethernet switch that is connected to the embedded CPU complex on all components.
•
Switch fabric—Provides the switching functions for the IOCs.
•
Control FPGA—Provides the Peripheral Component Interconnect (PCI) interface to the Routing Engine.
•
1000Base-T Ethernet controller—Provides a 1-Gbps Ethernet link between the Routing Engines.
•
Ethernet switch—Provides 1-Gbps link speeds between the Routing Engine and the IOCs.
•
Circuits for chassis management and control.
•
Power circuits for the Routing Engine and SCB.
•
Description
SCB with slot for Routing Engine
•
Maximum throughput: 75 Gbps per slot
•
Junos OS Release 9.2 and laterSoftware release
•
61
Slot for Routing EngineCables and connectors
NoneControls
Supported Slots
LEDs
SRX5400–Only bottom slots 0 and 1/0
•
SRX5600–Only bottom slots 0 and 1
•
SRX5800–Only center slots 0, 1, and 2/6
•
150 WPower Requirement
Approximately 10 lb (4.5 kg)Weight
OK/FAIL LED, one bicolor:
Green–The SCB is operating normally.
•
Red–The SCB has failed and is not operating normally.
•
Off–The SCB is powered down.
•
FABRIC ONLY LED:
Green–The SCB is operating in fabric-only mode.
•
Off–The SCB is operating in fabric/control board mode.
•
FABRIC ACTIVE LED:
Green–The fabric is in active mode.
•
g004068
Serial number
ID label
62
Serial Number Location
The serial number label is located as shown in Figure 19 on page 62.
Figure 19: SCB Serial Number Label
Switch Control Board SRX5K-SCBE Overview
The SRX5000 line enhanced Switch Control Board (SRX5K-SCBE) caters to high-end security markets
requiring support for higher capacity traffic. The SRX5K-SCBE provides greater interface density (slot and
capacity scale) and improved services.
Some key attributes of the SRX5K-SCBE are:
A bandwidth of 120 Gbps per slot with redundant fabric support and improved fabric performance by
•
using the next-generation fabric (XF) chip.
A centralized clocking architecture that supports clock cleanup and distribution. The Stratum 3 clock
•
module performs clock monitoring, filtering, and holdover in a centralized chassis location.
Full performance with fabric redundancy for higher capacity line cards such as the SRX5K-MPC.
•
The Routing Engine installs directly into a slot on the SRX5K-SCBE as shown in Figure 20 on page 63.
Figure 20: SRX5K-SCBE
63
Switch Control Board SRX5K-SCBE Specifications
Each SRX5K-SCBE consists of the following components:
I2C bus logic for low-level communication with each component
•
Component redundancy circuitry
•
Control Board/Routing Engine primary-role mechanism
•
Gigabit Ethernet switch that is connected to the embedded CPU complex on all components
•
Switch fabric to provide the switching functions for the MPCs
•
1000BASE-T Ethernet controller to provide a 1-Gbps Ethernet link between the Routing Engines
•
Power circuits for the Routing Engine and the SRX5K-SCBE
•
LEDs—Provides status of the SRX5K-SCBE and clocking interface
•
64
Description
Software release
Cables and connectors
Controls
Supported slots
Power requirement
Weight
SRX5K-SCBE with slot for Routing Engine
•
Maximum throughput: 120 Gbps per slot
•
Junos OS Release 12.1X47-D15 and later
Slot for Routing Engine
None
SRX5400–Only bottom slots 0 and 1/0
•
SRX5600–Only bottom slots 0 and 1
•
SRX5800–Only center slots 0, 1, and 2/6
•
160 W at 131º F (55º C)
•
130 W at 104º F (40º C)
•
120 W at 77º F (25º C)
•
9.6 lb (4.4 kg) with Routing Engine
g004068
Serial number
ID label
65
Serial number location
The serial number label is located as shown in Figure 21 on page 65.
Figure 21: SRX5K-SCBE Serial Number Label
SRX5K-SCBE LEDs
Table 24 on page 65 describes the SRX5K-SCBE LEDs and their states.
Table 24: SRX5K-SCBE LEDs
ACTIVE
On steadilyGreenFABRIC
ONLY
OffNone
DescriptionStateColorLabel
Fabric is in active mode.On steadilyGreenFABRIC
SRX5K-SCBE operates in
fabric-only mode.
SRX5K-SCBE operates in
fabric/control board mode.
Table 24: SRX5K-SCBE LEDs (continued)
DescriptionStateColorLabel
SRX5K-SCBE is online.On steadilyGreenOK/FAIL
SRX5K-SCBE has failed.On steadilyRed
SRX5K-SCBE is offline.OffNone
Switch Control Board SRX5K-SCB3 Overview
The SRX5K-SCB3 (SCB3) caters to high-end security markets requiring support for higher capacity traffic,
greater interface density (slot and capacity scale), and improved services. The SCB3 is supported on
SRX5400, SRX5600, and SRX5800 Services Gateways.
66
The SCB3 supports the standard midplane and the enhanced midplane.
Some key attributes of the SCB3 are:
With the existing midplane and fabric link speed of 8.36 Gbps, supports a bandwidth of 205 Gbps per
•
slot with redundant fabric support and 308 Gbps per slot without redundancy.
With the enhanced midplane and fabric link speed of 10.2 Gbps, supports a bandwidth of 249 Gbps per
•
slot with redundant fabric support and 374 Gbps per slot without redundancy with the enhanced midplane
Improved fabric performance with the next-generation fabric (XF2) chip.
•
Full performance with fabric redundancy for higher-capacity line cards.
•
Support for MPC line cards such as SRX5K-MPC (IOC2) and IOC3 (SRX5K-MPC3-40G10G or
•
SRX5K-MPC3-100G10G) only.
Two 10-Gigabit Ethernet SFP+ ports (These ports are disabled and reserved for future use).
•
The Routing Engine installs directly into a slot on the SCB3, as shown in Figure 22 on page 66.
Figure 22: SRX5K-SCB3
Switch Control Board SRX5K-SCB3 Specifications
Each SRX5K-SCB3 (SCB3) consists of the following components:
I2C bus logic for low-level communication with each component
•
Component redundancy circuitry
•
Control Board/Routing Engine primary-role mechanism
•
Gigabit Ethernet switch that is connected to the embedded CPU complex on all components
•
Switch fabric to provide the switching functions for the MPCs
•
Control field-programmable gate array (FPGA) to provide the Peripheral Component Interconnect (PCI)
•
interface to the Routing Engine
Circuits for chassis management and control
•
Power circuits for the Routing Engine and SCB3
•
LEDs to provides status of the SCB3
•
67
Description
Software release
Cables and connectors
Controls
Supported slots
Power requirement
Weight
SCB3 with slot for Routing Engine
Junos OS Release 15.1X49-D10 and later
Slot for Routing Engine
None
SRX5400–Only bottom slots 0 and 1/0
•
SRX5600–Only bottom slots 0 and 1
•
SRX5800–Only center slots 0, 1, and 2/6
•
300 W
9.6 lb (4.4 kg) with Routing Engine
XGE
LINK
LINK
EXT
CLK
BITS
GPS
UTI
68
Serial number location
The serial number label is located as shown in Figure 23 on page 68.
Figure 23: SRX5K-SCB3 Serial Number Label
SRX5K-SCB3 LEDs
Table 25 on page 68 describes the SCB3 LEDs and their states.
Table 25: SRX5K-SCB3 LEDs
DescriptionStateColorLabel
Fabric is in active mode.On steadilyGreenFABRIC ACTIVE
SCB3 is online.On steadilyGreenOK/FAIL
SCB3 has failed.On steadilyRed
SCB3 is offline.Off–
Port is enabled and link is established.On steadilyGreenLINK
Port is disabled or no link is established.Off–
Routing Engine SRX5K-RE-13-20 Overview
The Routing Engine is an Intel-based PC platform that runs Junos OS. Software processes that run on the
Routing Engine maintain the routing tables, manage the routing protocols used on the device, control the
device interfaces, control some chassis components, and provide the interface for system management
and user access to the device (see Figure 24 on page 69).
A USB port on the Routing Engine accepts a USB memory card that allows you to load Junos OS.
Figure 24: SRX5K-RE-13-20 Routing Engine
For detailed information about the Routing Engines supported by the services gateway, see the SRX5400,
SRX5600, and SRX5800 Services Gateway Card Reference at www.juniper.net/documentation/.
69
Routing Engine SRX5K-RE-13-20 Specifications
The SRX5K-RE-13-20 Routing Engine (Figure 25 on page 69) is an Intel-based PC platform that runs the
Junos operating system (Junos OS). Software processes that run on the Routing Engine maintain the routing
tables, manage the routing protocols used on the device, control the device interfaces, control some chassis
components, and provide the interface for system management and user access to the device.
Figure 25: Routing Engine
You must install at least one Routing Engine in the services gateway. You can install a second Routing
Engine if both Routing Engines are running Junos OS Release 10.0 or later. A second Routing Engine is
required if you are using the dual chassis cluster control link feature available in Junos OS Release 10.0
and later. The second Routing Engine does not perform all the functions of a Routing Engine and does not
improve resiliency or redundancy. The second Routing Engine and the Switch Control Board (SCB) in which
it is installed do not constitute a host subsystem. The only function of the second Routing Engine is to
enable the hardware infrastructure that enables the chassis cluster control 1 port on the Services Processing
Card (SPC) used for chassis cluster control links. If you install only one Routing Engine in the services
gateway, you must install it in the slot in the front panel of SCB0. If you install a second Routing Engine
to use the dual chassis cluster control link feature, you install it in the slot in the front panel of SCB1.
The Routing Engine consists of the following components:
CPU—Runs Junos OS to maintain the services gateway's routing tables and routing protocols. It has a
•
Pentium-class processor.
DRAM—Provides storage for the routing and forwarding tables and for other Routing Engine processes.
•
USB port—Provides a removable media interface through which you can install Junos OS manually. Junos
•
supports USB version 1.0.
Internal flash disk—Provides primary storage for software images, configuration files, and microcode.
•
The disk is a fixed compact flash and is inaccessible from outside the services gateway.
Hard disk—Provides secondary storage for log files, memory dumps, and rebooting the system if the
•
internal compact flash disk fails.
70
HDD LED—Indicates disk activity for the hard disk drive.
•
Management ports—Each Routing Engine has one 10/100-Mbps Ethernet port for connecting to a
•
management network, and two asynchronous serial ports—one for connecting to a console and one for
connecting to a modem or other auxiliary device. The interface ports are labeled AUX, CONSOLE, and
ETHERNET.
EEPROM—Stores the serial number of the Routing Engine.
•
Extractor clips—Used for inserting and extracting the Routing Engine.
•
Captive screws—Secures the Routing Engine in place.
•
The Routing Engine boots from the storage media in this order: the USB device (if present), then the internal
flash disk, then the hard disk, then the LAN.
NOTE: For specific information about Routing Engine components (for example, the amount of
DRAM), issue the show chassis routing-engine command.
Routing Engine for SRX5400, SRX5600, and SRX5800 Services GatewaysDescription
Software release
Junos OS Release 9.2 and later
•
Junos OS Release 10.0 and later required to install a second Routing Engine
•
71
Cables and connectors
Controls
Supported Slots
AUX—Connects the Routing Engine to a laptop, a modem, or another auxiliary device through
a cable with an RJ-45 connector.
CONSOLE—Connects the Routing Engine to a system console through a cable with an RJ-45
connector.
ETHERNET—Connects the Routing Engine through an Ethernet connection to a management
LAN (or any other device that plugs into an Ethernet connection) for out-of-band management.
RESET button—Reboots the Routing Engine when pressed
•
ONLINE/OFFLINE Button—Not supported in the current release
•
Front panel slot in an SCB installed in:
SRX5400: Bottom slot 0
•
SRX5600: Bottom slots 0 or 1
•
SRX5800: Center slots 0 or 1
•
NOTE: The services gateway host subsystem Routing Engine must be installed in the SCB
in slot 0. A Routing Engine installed in an SCB in slot 1 only enables dual control links in
chassis cluster configurations.
LEDs
90 WPower Requirement
Approximately 2.4 lb (1.1 kg)Weight
HDD LED:
Blinking green–The Routing Engine hard disk is functioning normally.
•
MASTER LED:
Blue–The Routing Engine is Primary.
•
NOTE: The SRX5400, SRX5600, and SRX5800 Services Gateways do not support a secondary
or backup Routing Engine, so the MASTER LED should always be lit.
OK/FAIL LED, one bicolor:
Off–The Routing Engine is operating normally.
•
Red–The Routing Engine has failed and is not operating normally.
•
ONLINE LED:
Blinking green–The Routing Engine is coming online.
•
Steady green–The Routing Engine is functioning normally.
•
g006040
USB
port
Reset
button
Extractor
clip
Extractor
clip
Console
port
Auxiliary
port
Ethernet
port
SSD
slot 2
SSD
slot 1
72
Serial Number
Location
The serial number label is located on the right side of the top of the Routing Engine as shown
in Figure 26 on page 72
Figure 26: SRX5K-RE-13-20 Serial Number Label
Routing Engine SRX5K-RE-1800X4 Overview
The enhanced Routing Engine is an Intel-based PC platform that runs Junos OS. Software processes that
run on the Routing Engine maintain the routing tables, manage the routing protocols used on the device,
control the device interfaces, control some chassis components, and provide the interface for system
management and user access to the device.The Routing Engine must be installed directly into the
SRX5K-SCBE. A USB port on the Routing Engine accepts a USB memory device that allows you to load
Junos OS. Figure 27 on page 72 shows the Routing Engine.
Figure 27: SRX5K-RE-1800X4 Routing Engine
Three ports located on the Routing Engine connect to one or more external devices on which system
administrators can issue Junos OS CLI commands to manage the services gateway.
The ports function as follows:
AUX–Connects the Routing Engine to a laptop, modem, or other auxiliary device through a serial cable
•
with an RJ-45 connector.
CONSOLE–Connects the Routing Engine to a system console through a serial cable with an RJ-45
•
connector.
ETHERNET–Connects the Routing Engine through an Ethernet connection to a management LAN (or
•
any other device that plugs into an Ethernet connection) for out-of-band management. The port uses
an autosensing RJ-45 connector to support 10/100/1000 Mbps connections. Two small LEDs on the
bottom of the port indicate the connection in use: the LED flashes yellow or green for a 10/100/1000
Mbps connection, and the LED is light green when traffic is passing through the port.
The solid-state drive (SSD) slots located on the Routing Engine provide secondary storage for log files, for
generating core files, and for rebooting the system if the CompactFlash card fails. Currently,
SRX5K-RE-1800X4 only supports one 128-GB SSD.
SRX5K-RE-1800X4 Routing Engine Boot Sequence
73
The services gateway is shipped with three copies of the Junos OS preinstalled on the Routing Engine in
the following locations:
On the CompactFlash card in the Routing Engine
•
On the SSD in the Routing Engine
•
On a USB flash drive that can be inserted into the slot on the Routing Engine faceplate
•
The Routing Engine boots from the storage media in this order: the USB device (if present), the CompactFlash
card, the solid-state drive (SSD), and then the LAN. Normally, the services gateway boots from the copy
of the software on the CompactFlash card.
Routing Engine SRX5K-RE-1800X4 Specifications
Each Routing Engine consists of the following components:
CPU—Runs Junos OS to maintain the routing tables and routing protocols.
•
DRAM—Provides storage for the routing and forwarding tables and for other Routing Engine processes.
•
USB port—Provides a removable media interface through which you can install the Junos OS manually.
•
Junos OS supports USB version 1.0 and 2.0.
CompactFlash card—Provides primary storage for software images, configuration files, and microcode.
•
The CompactFlash card is fixed and is inaccessible from outside the device.
Solid-state drive (SSD)—Provides secondary storage for log files, for generating core files, and for rebooting
•
the system if the CompactFlash card fails.
Interface ports—The AUX, CONSOLE, and ETHERNET ports provide access to management devices.
•
Each Routing Engine has one 10/100/1000-Mbps Ethernet port for connecting to a management
network, and two asynchronous serial ports—one for connecting to a console and one for connecting
to a modem or other auxiliary device.
EEPROM—Stores the serial number of the Routing Engine.
•
Reset button—Reboots the Routing Engine when pressed.
•
Online/Offline button—Takes the Routing Engine online or offline when pressed.
•
Extractor clips—Inserts and extracts the Routing Engine.
•
Captive screws—Secures the Routing Engine in place.
•
74
Description
Software release
Cables and connectors
Controls
Supported slots
Routing Engine for SRX5400, SRX5600, and SRX5800 Services Gateways
Junos OS Release 12.1X47-D15 and later
Slot for Routing Engine
AUX–Connects the Routing Engine to a laptop, a modem, or another auxiliary
•
device through a cable with an RJ-45 connector.
CONSOLE–Connects the Routing Engine to a system console through a cable with
•
an RJ-45 connector.
ETHERNET–Connects the Routing Engine through an Ethernet connection to a
•
management LAN (or any other device that plugs into an Ethernet connection) for
out-of-band management.
RESET button–Reboots the Routing Engine when pressed.
Front panel slot in an SCB installed in:
SRX5400: Bottom slot 0
•
SRX5600: Bottom slots 0 or 1
•
SRX5800: Center slots 0 or 1
•
Power requirement
Weight
NOTE: The services gateway host subsystem Routing Engine must be installed in the
SCB in slot 0. A Routing Engine installed in an SCB in slot 1 only enables dual control
links in chassis cluster configurations.
90 W
2.4 lb (1.1 kg)
75
Serial number location
The serial number label is located as shown in Figure 28 on page 75.
Figure 28: SRX5K-RE-1800X4 Serial Number Label
SRX5K-RE-1800X4 LEDs
Each Routing Engine has four LEDs that indicate its status. The LEDs, labeled MASTER, STORAGE, ONLINE,
and OK/FAIL, are located directly on the faceplate of the Routing Engine. Table 26 on page 75 describes
the Routing Engine LEDs and their states.
Table 26: SRX5K-RE-1800X4 LEDs
DescriptionStateColorLabel
Routing Engine is the primary.On steadilyBlueMASTER
BlinkingGreenSTORAGE
BlinkingGreenONLINE
On steadilyNone
Indicates activity on the SSD or
CompactFlash card.
Routing Engine is transitioning
online.
Routing Engine is functioning
normally.
Routing Engine has failed.On steadilyRedOK/FAIL
Routing Engine SRX5K-RE3-128G Specifications
g100572
21 3 4
5 8
6 7 9 10
IN THIS SECTION
SRX5K-RE3-128G Routing Engine Components | 78
SRX5K-RE3-128G Routing Engine LEDs | 79
SRX5K-RE3-128G Routing Engine Boot Sequence | 80
The Routing Engine maintains the routing tables, manages the routing protocols used on the device, controls
the device interfaces, controls some chassis components, and provides the interfaces for system
management and user access to the device.
Figure 29 on page 76 shows the SRX5K-RE3-128G Routing Engine.
76
Figure 29: SRX5K-RE3-128G Routing Engine Front View
6—1— ONLINE/OFFLINE buttonExtractor clips
7—2— SSD LEDs—DISK1 and DISK2Auxiliary port (AUX)
8—3— USB ports—USB1 and USB2Console port (CONSOLE)
9—4— RESET buttonManagement port (MGMT)
10—5— SSD card slot coverRouting Engine status LEDs—ONLINE, OK/FAIL, and
MASTER
Description
Routing Engine for SRX5400, SRX5600, and SRX5800 Services Gateways, based on Intel’s
Haswell-EP CPU with 6 cores, and 128GB of DDR4 memory. It provides increased control
plane performance and scalability along with virtualization features in the SRX Series
5000 line of chassis.
Software release
Junos OS Release 19.3R1 and later
77
Cables and connectors
Controls
Supported slots
Slot for Routing Engine
AUX–Connects the Routing Engine to a laptop, a modem, or another auxiliary device
•
through a cable with an RJ-45 connector.
CONSOLE–Connects the Routing Engine to a system console through a cable with an
•
RJ-45 connector.
MGMT–Connects the Routing Engine through an Ethernet connection to a management
•
LAN (or any other device that plugs into an Ethernet connection) for out-of-band
management.
RESET button–Reboots the Routing Engine when pressed.
Front panel slot in an SCB installed in:
SRX5400: Bottom slot 0
•
SRX5600: Bottom slots 0 or 1
•
SRX5800: Center slots 0 or 1
•
NOTE: The services gateway host subsystem Routing Engine must be installed in the
SCB in slot 0. A Routing Engine installed in an SCB in slot 1 only enables dual control links
in chassis cluster configurations.
Power requirement
Weight
NOTE: In the SRX5600 or SRX5800 Services Gateways chassis cluster configurations,
dual control links functionality is not supported if you mix SRX5K-RE-1800X4 and
SRX5K-RE3-128G Routing Engines. To support dual control links you have to install two
SRX5K-RE3-128Gs.
110 W
2.69 lb (1.22 kg)
g100576
Serial number
ID label
78
Serial number location
The serial number label is located as shown in Figure 30 on page 78.
Figure 30: SRX5K-RE3-128G Serial Number Label
SRX5K-RE3-128G Routing Engine Components
Each Routing Engine consists of the following components:
CPU—Runs Junos OS to maintain the routing tables and routing protocols.
•
EEPROM—Stores the serial number of the Routing Engine.
•
DRAM—Provides storage for the routing and forwarding tables and for other Routing Engine processes.
•
One 10-Gigabit Ethernet interface between the Routing Engine and Switch Control Board.
•
Extractor clips—Control the locking system that secures the Routing Engine.
•
Interface ports—The AUX, CONSOLE, and MGMT ports provide access to management devices. Each
•
Routing Engine has one 10/100/1000-Mbps Ethernet port for connecting to a management network,
and two asynchronous serial ports—one for connecting to a console and one for connecting to a modem
or other auxiliary device.
NOTE:
The control interface names differ based on the routing engine:
For RE2, the control interfaces are displayed as em0 and em1.
•
For RE3, the control interfaces are displayed as ixlv0 and igb0.
•
For more information, see show chassis cluster interfaces.
Status LEDs—Table 27 on page 79 describes the functions of the ONLINE, OK/FAIL, MASTER, DISK1,
•
and DISK2 LEDs.
ONLINE/OFFLINE button—Takes the Routing Engine online or offline when pressed.
•
NOTE: The ONLINE/OFFLINE button must be pressed for a minimum of 4 seconds.
79
USB1 and USB2 ports—Provide a removable media interface through which you can install Junos OS
•
manually. Junos OS supports USB versions 3.0, 2.0, and 1.1.
RESET button—Reboots the Routing Engine when pressed.
•
SSD1 (primary) and SSD2 (secondary) Solid-state drives (SSD)—Two 200-GB each slim solid-state drives
•
that provide storage for software images, configuration files, microcode, log files, and memory dumps.
The Routing Engine reboots from SSD2 when boot from primary SSD1 fails.
Captive screws—Secures the Routing Engine.
•
SRX5K-RE3-128G Routing Engine LEDs
Each Routing Engine has four LEDs that indicate its status. The LEDs, labeled ONLINE, OK/FAIL, MASTER,
DISK1, and DISK2, are located directly on the faceplate of the Routing Engine. Table 27 on page 79
describes the Routing Engine LEDs and their states.
Table 27: SRX5K-RE3-128G Routing Engine LEDs
DescriptionStateColorLabel
Blinking slowlyGreenONLINE
Routing Engine is in the process of booting BIOS and the
host OS.
Routing Engine is in the process of booting Junos OS.Blinking rapidly
Routing Engine is not online or not functioning normally.Off-
Table 27: SRX5K-RE3-128G Routing Engine LEDs (continued)
DescriptionStateColorLabel
Routing Engine is powering up.On steadilyGreenOK/FAIL
80
On steadilyYellow
Routing Engine is not powering up, which indicates
failure.
This Routing Engine is the primary Routing Engine.On steadilyBlueMASTER
Indicates presence of disk activity.BlinkingGreenDISK1
There is no disk activity.Off-
Indicates presence of disk activity.BlinkingGreenDISK2
There is no disk activity.Off-
SRX5K-RE3-128G Routing Engine Boot Sequence
Booting in a SRX5K-RE3-128G Routing Engine follows this sequence—the USB device, SSD1, SSD2, and
LAN. SSD1 is the primary boot device. The boot sequence is tried twice for SSD1 and SSD2.
RELATED DOCUMENTATION
Replacing the SRX5400 Services Gateway SCB | 242
Maintaining the SRX5400 Services Gateway Host Subsystem | 239
Replacing the SRX5400 Services Gateway Routing Engine | 245
Replacing a CompactFlash Card in an SRX5K-RE-1800X4 Routing Engine
Replacing a Solid-State Drive in an SRX5K-RE-1800X4 Routing Engine
SRX5400 Line Cards and Modules
IN THIS SECTION
SRX5400, SRX5600, and SRX5800 Services Gateway Card Overview | 82
Cards Supported on SRX5400, SRX5600, and SRX5800 Services Gateways | 83
SRX5400 Services Gateway Card Cage and Slots | 86
SRX5400 Services Gateway Services Processing Card Overview | 87
Services Processing Card SRX5K-SPC-2-10-40 Specifications | 88
Services Processing Card SRX5K-SPC-4-15-320 Specifications | 93
Services Processing Card SRX5K-SPC3 Specifications | 98
SRX5400 Services Gateway MPC and MIC Overview | 102
Modular Port Concentrator (SRX5K-MPC) Specifications | 103
81
SRX5K-MPC3-40G10G Specifications | 105
SRX5K-MPC3-100G10G Specifications | 108
MIC with 20x1GE SFP Interfaces (SRX-MIC-20GE-SFP) | 111
MIC with 10x10GE SFP+ Interfaces (SRX-MIC-10XG-SFPP) | 117
MIC with 1x100GE CFP Interface (SRX-MIC-1X100G-CFP) | 122
MIC with 2x40GE QSFP+ Interfaces (SRX-MIC-2X40G-QSFP) | 124
I/O Card SRX5K-40GE-SFP Specifications | 125
I/O Card SRX5K-4XGE-XFP Specifications | 127
SRX5K-IOC4-10G Specifications | 129
SRX5K-IOC4-MRAT Specifications | 132
Flex I/O Card (SRX5K-FPC-IOC) Specifications | 136
Flex I/O Card Port Module SRX-IOC-16GE-SFP Specifications | 137
Flex I/O Card Port Module SRX-IOC-16GE-TX Specifications | 139
Flex I/O Card Port Module SRX-IOC-4XGE-XFP Specifications | 141
SRX5400, SRX5600, and SRX5800 Services Gateway Card Overview
The cards described in this guide let you upgrade and customize your SRX5400, SRX5600, or SRX5800
Services Gateway to suit the needs of your network. The following types of cards are available for the
SRX5400, SRX5600, and SRX5800 Services Gateways:
I/O cards (IOCs) provide additional physical network connections to the services gateway. Their primary
•
function is to deliver data packets arriving on the physical ports to the Services Processing Cards (SPCs)
and to forward data packets out the physical ports after services processing.
Flex IOCs have two slots for port modules that add additional physical network connections to the
•
services gateway. Like IOCs, their primary function is to deliver data packets arriving on the physical
ports to the SPCs and to forward data packets out the physical ports after services processing.
Modular Port Concentrators (MPCs) have slots on the front panel that accept smaller cards called Modular
•
Interface Cards (MICs). Each MIC has one or more physical interfaces on it. An MPC with MICs installed
functions in the same way as a regular I/O card (IOC), but allows greater flexibility in adding different
types of Ethernet ports to your services gateway. MPCs and MICs are similar in form and function to
Flex IOCs and port modules. However, the two use different form-factors, so you cannot install port
modules in an MPC, nor can you install MICs in a Flex IOC.
82
Services Processing Cards (SPCs) provide the processing power to run integrated services such as firewall,
•
IPsec and IDP. All traffic traversing the services gateway is passed to an SPC to have services processing
applied to it.
Switch Control Boards (SCBs) power on and power off IOCs and SPCs; control clocking and system
•
resets; and control booting, monitor, and system functions. Each SCB has a slot in the front panel for a
Routing Engine.
Although the following modules are not cards in the sense of having a form-factor that fits the card cage
of the SRX5400, SRX5600, and SRX5800 Services Gateway, this guide also addresses the following modules
that fit into certain SRX5400, SRX5600, and SRX5800 Services Gateway cards:
Routing Engines fit into slots in SCBs and maintain the routing tables, manage the routing protocols used
•
on the device, control the device interfaces and some chassis components, and provide the interface
for system management and user access to the device.
Port modules fit into slots in Flex IOCs and add additional physical network interface ports to the services
•
gateway.
Modular Interface Cards (MICs) fit into slots in MPCs and add additional physical network interface ports
•
to the services gateway. MPCs and MICs are similar in form and function to Flex IOCs and port modules.
However, the two use different form-factors, so you cannot install port modules in an MPC, nor can you
install MICs in a Flex IOC.
Cards Supported on SRX5400, SRX5600, and SRX5800 Services Gateways
Table 28 on page 83 describes the cards and other modules supported on the SRX5400, SRX5600, and
SRX5800 Services Gateways.
Table 28: Supported Cards for SRX5400, SRX5600, and SRX5800 Services Gateways
Last Supported Junos
Earliest Supported Junos OS Release
OS Release
83
Card Name and Model
Number
SPCs
SRX5K-SPC-2-10-40
Specifications
SRX5K-SPC-4-15-320
Specifications
SRX5K-SPC3 Specifications
Interface Cards
Specifications
SRX5400, SRX5600,
and SRX5800SRX5600 and SRX5800SRX5400
15.1X499.2Not supportedServices Processing Card
12.1X44-D1012.1X46-D10Services Processing Card
18.2R1-S118.2R1-S1Services Processing Card
15.1X499.2Not supportedI/O Card SRX5K-40GE-SFP
Specifications
Specifications
(SRX5K-MPC) Specifications
Specifications
Specifications
15.1X499.2Not supportedI/O Card SRX5K-4XGE-XFP
15.1X4910.2Not supportedFlex I/O Card (SRX5K-FPC-IOC)
12.1X46-D1012.1X46-D10Modular Port Concentrator
15.1X49-D1015.1X49-D10SRX5K-MPC3-40G10G
15.1X49-D1015.1X49-D10SRX5K-MPC3-100G10G
Table 28: Supported Cards for SRX5400, SRX5600, and SRX5800 Services Gateways (continued)
Last Supported Junos
Earliest Supported Junos OS Release
OS Release
84
Card Name and Model
Number
Specifications
SCBs
SRX5K-SCB Specifications
SRX5K-SCBE Specifications
SRX5K-SCB3 Specifications
SRX5K-SCB4 Specifications
SRX5400, SRX5600,
and SRX5800SRX5600 and SRX5800SRX5400
19.3R119.3R1SRX5K-IOC4-10G Specifications
19.3R119.3R1SRX5K-IOC4-MRAT
15.1X499.212.1X46-D10Switch Control Board
12.1X47-D1512.1X47-D15Switch Control Board
15.1X49-D1015.1X49-D10Switch Control Board
19.3R1Not supportedSwitch Control Board
Other modules
SRX-IOC-16GE-SFP
Specifications
SRX-IOC-16GE-TX
Specifications
SRX-IOC-4XGE-XFP
Specifications
Interface
(SRX-MIC-1X100G-CFP)
10.2Not supportedFlex I/O Card Port Module
10.2Not supportedFlex I/O Card Port Module
10.2Not supportedFlex I/O Card Port Module
12.1X46-D1012.1X46-D10MIC with 1x100GE CFP
Table 28: Supported Cards for SRX5400, SRX5600, and SRX5800 Services Gateways (continued)
Last Supported Junos
Earliest Supported Junos OS Release
OS Release
85
Card Name and Model
Number
Interfaces
(SRX-MIC-2X40G-QSFP)
Interfaces
(SRX-MIC-10XG-SFPP)
(SRX-MIC-20GE-SFP)
SRX5K-RE-13-20 Specifications
SRX5K-RE-1800X4
Specifications
SRX5400, SRX5600,
and SRX5800SRX5600 and SRX5800SRX5400
12.1X46-D1012.1X46-D10MIC with 2x40GE QSFP+
12.1X46-D1012.1X46-D10MIC with 10x10GE SFP+
12.1X47-D1012.1X47-D10MIC with 20x1GE SFP Interfaces
12.3X489.212.1X46-D10Routing Engine
12.1X47-D1512.1X47-D15Routing Engine
19.3R119.3R1Routing Engine
SRX5K-RE3-128G Specifications
Figure 31 on page 86 is an interoperability matrix that describes the compatibility between various interface
cards for the SRX5400, SRX5600, and SRX5800 Services Gateways.
Figure 31: Interoperability Matrix for SRX5400, SRX5600, and SRX5800 Services Gateways
g004198
SRX5400
SRX5K-SCB
SRX5K-RE-13-20
SRX5K-SPC-2-10-40
SRX5K-SPC-4-15-320
SRX5K-SPC3
SRX5K-IOC4-10G
SRX5K-IOC4-MRAT
SRX5K-SCB3
SRX5K-RE3-128G
SRX5600/SRX5800
SRX5K-SCB4
SRX5K-RE3-128G
SRX5600/SRX5800
SRX5K-SCB4
SRX5K-RE-1800X4
SRX5K-4XGE-XFP
SRX5K-40GE-SFP
SRX5K-FPC-IOC
SRX5K-MPC3-40G10G
SRX5K-MPC3-100G10G
SRX5K-SCB3
SRX5K-RE-1800X4
SRX5K-SCBE
SRX5K-RE-1800X4
SRX5600/SRX5800
SRX5K-SCB
SRX5K-RE-13-20
Model Numbers
SRX5K-RE-1800X4
SRX5K-SCBE
SRX5600/SRX5800
SRX5K-SCB
SRX5K-RE-13-20
SRX5400
SRX5K-SCB
SRX5K-RE-13-20
SRX5K-SCB3
SRX5K-RE-1800X4
SRX5K-SPC-2-10-40
SRX5K-SPC-4-15-320
SRX5K-SPC3
SRX5K-MPC3-40G10G
SRX5K-MPC3-100G10G
SRX5K-IOC4-10G
SRX5K-IOC4-MRAT
SRX5K-SCB3
SRX5K-RE3-128G
SRX5600/SRX5800
SRX5K-SCB4
SRX5K-RE3-128G
SRX5600/SRX5800
SRX5K-SCB4
SRX5K-RE-1800X4
SRX5K-4XGE-XFP
SRX5K-40GE-SFP
SRX5K-FPC-IOC
SRX5K-MPC
(SRX-MIC-20GE-SFP)
(SRX-MIC-10XG-SFPP)
(SRX-MIC-1X100G-CFP)
(SRX-MIC-2X40G-QSFP)
SRX5K-MPC
( SRX-MIC-20GE-SFP), (SRX-MIC-10XG-SFPP)
(SRX-MIC-1X100G-CFP), (SRX-MIC-2X40G-QSFP)
86
SRX5400 Services Gateway Card Cage and Slots
The card cage is the set of four horizontal slots in the front of the chassis where you install cards. The slots
are numbered from bottom to top. Table 29 on page 86 describes the types of cards that you can install
into each slot.
Table 29: SRX5400 Services Gateway Card Cage Slots
Eligible Cards
Card Cage Slot SCBMPC & IOCSPC
XX2
Table 29: SRX5400 Services Gateway Card Cage Slots (continued)
Eligible Cards
Card Cage Slot SCBMPC & IOCSPC
XX1
SEE ALSO
SRX5400 Services Gateway Midplane Description | 30
SRX5400 Services Gateway Chassis | 27
87
XXX1/0
X0
SRX5400 Services Gateway Services Processing Card Overview
The Services Processing Card (SPC) has Services Processing Units (SPUs), which provide the processing
power to run integrated services such as firewall, IPsec, and IDP (see Figure 32 on page 88). All traffic
traversing the services gateway is passed to an SPU to have services processing applied to it. Traffic is
intelligently distributed by interface cards to SPUs for services processing.
The services gateway must have one SPC installed.
You can install an SPC in any of the slots that are not reserved for Switch Control Board (SCB). If a slot is
not occupied by a card, you must install a blank panel to shield the empty slot and to allow cooling air to
circulate properly through the device.
Figure 32 on page 88 shows a typical SPC supported on the services gateway.
Figure 32: Typical SPC
g030302
88
For detailed information about SPCs supported by the services gateway, see the SRX5400, SRX5600, and
SRX5800 Services Gateway Card Reference at www.juniper.net/documentation/.
Services Processing Card SRX5K-SPC-2-10-40 Specifications
The SRX5K-SPC-2-10-40 Services Processing Card (SPC) contains two Services Processing Units (SPUs),
which provide the processing power to run integrated services such as firewall, IPsec, and IDP (see
Figure 33 on page 89). All traffic traversing the services gateway is passed to an SPU to have services
processing applied to it. Traffic is intelligently distributed by I/O cards (IOCs) to SPUs for services processing.
The services gateway must have at least one SPC installed. You can install additional SPCs to increase
services processing capacity.
You can install SPCs in any of the slots that are not reserved for Switch Control Boards (SCBs). If a slot is
not occupied by a card, you must install a blank panel to shield the empty slot and to allow cooling air to
circulate properly through the device.
Figure 33 on page 89 shows a typical SPC supported on the services gateway.
Figure 33: Services Processing Card SRX5K-SPC-2-10-40
89
Each SPC consists of the following components:
SPC cover, which functions as a ground plane and a stiffener.
•
Two small form-factor pluggable (SFP) chassis cluster control ports for connecting multiple devices into
•
a redundant chassis cluster. See Chassis Cluster User Guide for SRX Series Devices for more information
about connecting and configuring redundant chassis clusters.
CAUTION: If you face a problem running a Juniper Networks device that uses a
third-party optic or cable, the Juniper Networks Technical Assistance Center (JTAC)
can help you diagnose the source of the problem. Your JTAC engineer might
recommend that you check the third-party optic or cable and potentially replace it
with an equivalent Juniper Networks optic or cable that is qualified for the device.
Fabric interfaces.
•
Two Gigabit Ethernet interfaces that allow control information, route information, and statistics to be
•
sent between the Routing Engine and the CPU on the SPCs.
Two interfaces from the SCBs that enable the boards to be powered on and controlled.
•
Physical SPC connectors.
•
Midplane connectors and power circuitry.
•
Processor subsystem, which includes a 1.2-GHz CPU, system controller, and 1 GB of SDRAM.
•
LEDs on the faceplate that indicate the SPC and SPU status.
•
SPC with two SPUsDescription
Junos OS Release 9.2 and laterSoftware release
•
90
Cables and
connectors
Supported Slots
Requirement
CHASSIS CLUSTER CONTROL 0 and CHASSIS CLUSTER CONTROL 1–SFP ports for control
links in chassis cluster configurations.
Supported SFP transceivers:
1000BASE-LH (model numbers SRX-SFP-1GE-LH, SRX-SFP-1GE-LH-ET)
1000BASE-LX (model numbers SRX-SFP-1GE-LX, SRX-SFP-1GE-LX-ET)
1000BASE-SX (model numbers SRX-SFP-1GE-SX, SRX-SFP-1GE-SX-ET)
NoneControls
SRX5600–Any slot, except the bottom slots 0 or 1 which are reserved for SCB/RE.
•
SRX5800–Any slot, except the slots 0 or 1 which are reserved for SCB/RE.
•
Maximum 351 WPower
Approximately 13 lb (5.9 kg)Weight
LEDs
91
OK/FAIL LED, one bicolor:
Steady green–The SPC is operating normally.
•
Red–The SPC has failed and is not operating normally.
•
Off–The SPC is powered down.
•
STATUS LED, one tricolor for each of the two SPUs SPU 0 and SPU 1:
Green–The SPU is operating normally.
•
Amber–The SPU is initializing.
•
Red–The SPU has encountered an error or a failure.
•
Off–The SPU is offline. If all four SPUs are offline, it is safe to remove the SPC from the chassis.
•
SERVICE LED, one bicolor for each of the two SPUs, SPU 0 and SPU 1:
Green–Service is running on the SPU under acceptable load.
•
Amber–Service on the SPU is overloaded.
•
Off–Service is not running on the SPU.
•
HA LED, one tricolor:
92
NOTE: The HA LED is lit only if the SPC has a control link, otherwise it is off.
Sometimes even after the control link is removed from the SPC, the HA LED would lit. Power
cycle both the nodes to turn off the LED,
Green (bold)–Clustering is operating normally. All cluster members and monitored links are
•
available, and no error conditions are detected.
Green (blinking)–Data transfer between the nodes.
•
Red–A critical alarm is present on clustering. A cluster member is missing or unreachable, or
•
the other node is no longer part of a cluster because it has been disabled by the dual membership
and detection recovery process in reaction to a control link or fabric link failure.
Amber–All cluster members are present, but an error condition has compromised the
•
performance and resiliency of the cluster. The reduced bandwidth could cause packets to be
dropped or could result in reduced resiliency because a single point of failure might exist. The
error condition might be caused by:
The loss of chassis cluster links which causes an interface monitoring failure.
•
An error in an SPU or NPU.
•
Failure of the spu-monitoring or cold-sync-monitoring processes.
•
A chassis cluster IP monitoring failure.
•
LINK/ACT LED, one for each of the two ports CHASSIS CLUSTER CONTROL 0 and CHASSIS
CLUSTER CONTROL 1:
Green (flickering)–Chassis cluster control port link is active.
•
Off–No link.
•
ENABLE LED, one for each of the two ports CHASSIS CLUSTER CONTROL 0 and CHASSIS
CLUSTER CONTROL 1:
OK/
F
AIL
TUNNEL
LINK
1/0
TUNNEL
LINK
0/0
TUNNEL
LINK
2/0
TUNNEL
LINK
3/0
g004067
AA567 8
Serial number
ID label
Green–The chassis cluster control port is enabled.
•
Off–The chassis cluster control port is disabled.
•
93
Serial Number
Location
The serial number label is located as shown in Figure 34 on page 93.
Figure 34: Serial Number Label (IOC Shown, Other Cards Similar)
Services Processing Card SRX5K-SPC-4-15-320 Specifications
The SRX5K-SPC-4-15-320 Services Processing Card (SPC) contains four Services Processing Units (SPUs),
which provide the processing power to run integrated services such as firewall, IPsec, and IDP (see
Figure 35 on page 94). All traffic traversing the services gateway is passed to an SPU to have services
processing applied to it. Traffic is intelligently distributed by I/O cards (IOCs) to SPUs for services processing.
The services gateway must have at least one SPC installed. You can install additional SPCs to increase
services processing capacity.
You can install SPCs in any of the slots that are not reserved for Switch Control Boards (SCBs). If a slot is
not occupied by a card, you must install a blank panel to shield the empty slot and to allow cooling air to
circulate properly through the device.
If your services gateway contains a mix of SRX5K-SPC-4-15-320 SPCs and earlier SRX5K-SPC-2-10-40
SPCs, an SRX5K-SPC-4-15-320 SPC must occupy the lowest-numbered slot of any SPC in the chassis.
This configuration ensures that the center point (CP) function is performed by the faster and
g030302
higher-performance SPC type.
Figure 35: Services Processing Card SRX5K-SPC-4-15-320
94
Each SPC consists of the following components:
SPC cover, which functions as a ground plane and a stiffener.
•
Two small form-factor pluggable (SFP) chassis cluster control ports for connecting multiple devices into
•
a redundant chassis cluster. See Chassis Cluster User Guide for SRX Series Devices for more information
about connecting and configuring redundant chassis clusters.
CAUTION: If you face a problem running a Juniper Networks device that uses a
third-party optic or cable, the Juniper Networks Technical Assistance Center (JTAC)
can help you diagnose the source of the problem. Your JTAC engineer might
recommend that you check the third-party optic or cable and potentially replace it
with an equivalent Juniper Networks optic or cable that is qualified for the device.
Fabric interfaces.
•
Two Gigabit Ethernet interfaces that allow control information, route information, and statistics to be
•
sent between the Routing Engine and the CPU on the SPCs.
Two interfaces from the SCBs that enable the boards to be powered on and controlled.
•
Physical SPC connectors.
•
Midplane connectors and power circuitry.
•
Processor subsystem, which includes a 1.2-GHz CPU, system controller, and 1 GB of SDRAM.
•
LEDs on the faceplate that indicate the SPC and SPU status.
•
SPC with four SPUsDescription
Junos OS Release 12.1X44-D10 and laterSoftware
•
release
95
Cables and
connectors
Supported Slots
Power
Requirement
CHASSIS CLUSTER CONTROL 0 and CHASSIS CLUSTER CONTROL 1–SFP ports for control links
in chassis cluster configurations.
Supported SFP transceivers:
1000BASE-LH (model numbers SRX-SFP-1GE-LH, SRX-SFP-1GE-LH-ET)
1000BASE-LX (model numbers SRX-SFP-1GE-LX, SRX-SFP-1GE-LX-ET)
1000BASE-SX (model numbers SRX-SFP-1GE-SX, SRX-SFP-1GE-SX-ET)
NoneControls
SRX5400–Any slot, except the bottom slot 0 which is reserved for SCB/RE.
•
SRX5600–Any slot, except the bottom slots 0 or 1 which are reserved for SCB/RE.
•
SRX5800–Any slot, except the slots 0 or 1 which are reserved for SCB/RE.
•
475 W typical, 585 W maximum
NOTE:
In the SRX5600 and SRX5800 Services Gateways, you must have high-capacity power supplies
•
(either AC or DC) and high-capacity fan trays installed in the services gateway in order to install
and use SRX5K-SPC-4-15-320 SPCs. If you do not have high-capacity power supplies and fan
trays installed, the services gateway will log an alarm condition when it recognizes the
SRX5K-SPC-4-15-320 SPCs.
On SRX5600 Services Gateways with AC power supplies, we recommend that you use high-line
•
(220v) input power to ensure the device has adequate power to support SRX5K-SPC-4-15-320
SPCs.
Approximately 18 lb (8.3 kg)Weight
LEDs
96
OK/FAIL LED, one bicolor:
Steady green–The SPC is operating normally.
•
Red–The SPC has failed and is not operating normally.
•
Off–The SPC is powered down.
•
STATUS LED, one tricolor for each of the four SPUs SPU 0 through SPU 3:
Green–The SPU is operating normally.
•
Amber–The SPU is initializing.
•
Red–The SPU has encountered an error or a failure.
•
Off–The SPU is offline. If all four SPUs are offline, it is safe to remove the SPC from the chassis.
•
SERVICE LED, one bicolor for each of the four SPUs SPU 0 through SPU 3:
Green–Service is running on the SPU under acceptable load.
•
Amber–Service on the SPU is overloaded.
•
Off–Service is not running on the SPU.
•
HA LED, one tricolor:
97
Green–Clustering is operating normally. All cluster members and monitored links are available,
•
and no error conditions are detected.
Red–A critical alarm is present on clustering. A cluster member is missing or unreachable, or the
•
other node is no longer part of a cluster because it has been disabled by the dual membership
and detection recovery process in reaction to a control-link or fabric-link failure.
Amber–All cluster members are present, but an error condition has compromised the performance
•
and resiliency of the cluster. The reduced bandwidth could cause packets to be dropped or could
result in reduced resiliency because a single point of failure might exist. The error condition might
be caused by:
The loss of chassis cluster links which causes an interface monitoring failure.
•
An error in an SPU or NPU.
•
Failure of the spu-monitoring or cold-sync-monitoring processes.
•
A chassis cluster IP monitoring failure.
•
Off–The node is not configured for clustering or it has been disabled by the dual membership
•
and detection recovery process in reaction to a control link or fabric link failure.
LINK/ACT LED, one for each of the two ports CHASSIS CLUSTER CONTROL 0 and CHASSIS
CLUSTER CONTROL 1:
Green–Chassis cluster control port link is active.
•
Off–No link.
•
ENABLE LED, one for each of the two ports CHASSIS CLUSTER CONTROL 0 and CHASSIS
CLUSTER CONTROL 1:
Green–The chassis cluster control port is enabled.
•
Off–The chassis cluster control port is disabled.
OK/
F
AIL
TUNNEL
LINK
1/0
TUNNEL
LINK
0/0
TUNNEL
LINK
2/0
TUNNEL
LINK
3/0
g004067
AA567 8
Serial number
ID label
•
98
Serial Number
Location
The serial number label is located as shown in Figure 36 on page 98.
Figure 36: Serial Number Label (IOC Shown, Other Cards Similar)
Services Processing Card SRX5K-SPC3 Specifications
The SRX5K-SPC3 Services Processing Card (SPC) contains two Services Processing Units (SPUs) with
128GB of memory per SPU, that provide the processing power to run integrated services such as firewall,
IPsec, and IDP (see Figure 37 on page 99). All traffic traversing the services gateway is passed to an SPU
to have services processing applied to it. Traffic is intelligently distributed by I/O cards (IOCs) to SPUs for
services processing.
The services gateway must have at least one SPC installed. You can install additional SPCs to increase
services processing capacity.
SPCs cannot be installed in slots that are reserved for Switch Control Boards (SCBs) or in slot 11 on the
SRX5800. If a slot is not occupied by a card, you must install a blank panel to shield the empty slot and to
allow cooling air to circulate properly through the device.
NOTE: Your services gateway cannot have a mix of SRX5K-SPC-2-10-40 SPCs and SRX5K-SPC3
g100229
JNP-SPC3
SPCs. Starting with Junos OS release 18.2R2 and then 18.4R1 but not 18.3R1, you can have a
mix of SRX5K-SPC-4-15-320 SPCs and SRX5K-SPC3 SPCs.
Figure 37: Services Processing Card SRX5K-SPC3
Each SPC consists of the following components:
SPC cover, which functions as a ground plane and a stiffener.
•
Two 10–Gigabit Ethernet small form-factor pluggable plus (SFP+) chassis cluster control ports for
•
connecting multiple devices into a redundant chassis cluster. See the Chassis Cluster User Guide for SRX
Series Devices for more information about connecting and configuring redundant chassis clusters.
99
CAUTION: If you face a problem running a Juniper Networks device that uses a
third-party optic or cable, the Juniper Networks Technical Assistance Center (JTAC)
can help you diagnose the source of the problem. Your JTAC engineer might
recommend that you check the third-party optic or cable and potentially replace it
with an equivalent Juniper Networks optic or cable that is qualified for the device.
Fabric interfaces
•
One Gigabit Ethernet switch that provides control connectivity to the Routing Engine.
•
Two interfaces from the SCBs that enable the boards to be powered on and controlled.
•
Physical SPC connectors
•
Midplane connectors and power circuitry.
•
Processor subsystem, which includes a 2.3-GHz CPU, system controller, and two 128 GB solid state-drives
•
(SSDs).
LEDs on the faceplate that indicate the SPC and SPU status.
•
SPC with two SPUs of 256 GB memory.Description
release
100
Junos OS Release 18.2R1-S1Software
•
Cables and
connectors
Supported Slots
Power
Requirement
HA0 and HA1 SFP+ ports for control links in chassis cluster configurations.
Supported transceivers:
10GBASE–LR: transceiver model number SRX-SFP-10GE-LR
•
10GBASE–SR: transceiver model number SRX-SFP-10GE-SR
•
NoneControls
SRX5400–Any slot, except the bottom slot 0 which is reserved for SCB/RE.
•
SRX5600–Any slot, except the bottom slots 0 or 1 which are reserved for SCB/RE.
•
SRX5800–Any slot, except slot 11, and the slots 0 or 1 which are reserved for SCB/RE.
•
650 W maximum
NOTE:
In the SRX5600 and SRX5800 Services Gateways, you must have high-capacity power supplies
•
(either AC or DC) and high-capacity fan trays installed in the services gateway in order to install
and use SRX5K-SPC3 SPCs. If you do not have high-capacity power supplies and fan trays installed,
the services gateway will log an alarm condition when it recognizes the SRX5K-SPC3 SPCs.
On SRX5600 Services Gateways with AC power supplies, we recommend that you use high-line
•
(220v) input power to ensure the device has adequate power to support SRX5K-SPC3 SPCs.
Approximately 18 lb (8.3 kg)Weight
Loading...