Juniper SRX5400 Hardware Guide
SRX5400 Services Gateway Hardware
Guide
Published
2020-11-10
ii
Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA
408-745-2000 www.juniper.net
JuniperNetworks,theJuniperNetworkslogo,Juniper,andJunosareregisteredtrademarksofJuniperNetworks,Inc. in theUnitedStatesandothercountries. Allothertrademarks,servicemarks,registeredmarks,orregisteredservicemarks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
SRX5400ServicesGatewayHardwareGuide
Copyright © 2020 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR2000NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
ENDUSERLICENSEAGREEMENT
TheJuniperNetworksproductthatisthesubjectofthistechnicaldocumentationconsistsof(orisintendedforusewith) JuniperNetworkssoftware.UseofsuchsoftwareissubjecttothetermsandconditionsoftheEndUserLicenseAgreement (“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of that EULA.
iii
Table of Contents
AbouttheDocumentation | xv
Documentation and Release Notes | xv
Using the Examples in This Manual | xv
Merging a Full Example | xvi
Merging a Snippet | xvii
Documentation Conventions | xvii
Documentation Feedback | xx
Requesting Technical Support | xx
Self-Help Online Tools and Resources | xxi
Creating a Service Request with JTAC | xxi
1Overview
SRX5400ServicesGatewaySystemOverview | 23
SRX5400 Services Gateway Description | 23
Benefits of the SRX5400 Services Gateway | 24
SRX5400 Services Gateway FRUs | 25
SRX5400 Services Gateway Component Redundancy | 26
SRX5400Chassis | 27
SRX5400 Services Gateway Chassis | 27
SRX5400 Services Gateway Physical Specifications | 29
SRX5400 Services Gateway Midplane Description | 30
SRX5400 Services Gateway Craft Interface Overview | 31
SRX5400 Services Gateway Craft Interface Alarm LEDs and Alarm Cutoff/Lamp Test
Button | 32
SRX5400 Services Gateway Craft Interface Host Subsystem LEDs | 33
SRX5400 Services Gateway Craft Interface Power Supply LEDs | 33
SRX5400 Services Gateway Craft Interface Card OK/Fail LEDs | 34
SRX5400 Services Gateway Craft Interface Fan LEDs | 34
SRX5400 Services Gateway Craft Interface Online/Offline Buttons | 35
iv
SRX5400 Services Gateway Craft Interface Alarm Relay Contacts | 37
SRX5400CoolingSystem | 39
SRX5400PowerSystem | 41
SRX5400 Services Gateway Power System Overview | 42
SRX5400 Services Gateway AC Power Supply | 44
SRX5400 Services Gateway AC Power Supply Specifications | 44
SRX5400 Services Gateway AC Power Supply LEDs | 45
AC Power Cord Specifications for the SRX5400 Services Gateway | 46
AC Power Circuit Breaker Requirements for the SRX5400 Services Gateway | 49
SRX5400 Services Gateway DC Power Supply | 49
SRX5400 Services Gateway DC Power Supply Specifications | 50
SRX5400 Services Gateway DC Power Supply LEDs | 50
DC Power Cable Specifications for the SRX5400 Services Gateway | 51
DC Power Cable Lug Specifications for the SRX5400 Services Gateway | 52
DC Power Circuit Breaker Requirements for the SRX5400 Services Gateway | 53
DC Power Source Cabling for the SRX5400 Services Gateway | 53
SRX5400 Services Gateway Chassis Grounding Point Specifications | 54
SRX5400 Services Gateway Grounding-Cable Specification | 55
SRX5400 Services Gateway Grounding-Cable Lug Specification | 56
SRX5400HostSubsystem | 57
SRX5400 Services Gateway Host Subsystem Overview | 57
Switch Control Board SRX5K-SCB Overview | 58
Switch Control Board SRX5K-SCB Specifications | 59
Switch Control Board SRX5K-SCBE Overview | 62
Switch Control Board SRX5K-SCBE Specifications | 63
SRX5K-SCBE LEDs | 65
Switch Control Board SRX5K-SCB3 Overview | 66
Switch Control Board SRX5K-SCB3 Specifications | 67
SRX5K-SCB3 LEDs | 68
Routing Engine SRX5K-RE-13-20 Overview | 68
Routing Engine SRX5K-RE-13-20 Specifications | 69
Routing Engine SRX5K-RE-1800X4 Overview | 72
SRX5K-RE-1800X4 Routing Engine Boot Sequence | 73
v
Routing Engine SRX5K-RE-1800X4 Specifications | 73
SRX5K-RE-1800X4 LEDs | 75
Routing Engine SRX5K-RE3-128G Specifications | 76
SRX5K-RE3-128G Routing Engine Components | 78
SRX5K-RE3-128G Routing Engine LEDs | 79
SRX5K-RE3-128G Routing Engine Boot Sequence | 80
SRX5400LineCardsandModules | 81
SRX5400, SRX5600, and SRX5800 Services Gateway Card Overview | 82
Cards Supported on SRX5400, SRX5600, and SRX5800 Services Gateways | 83
SRX5400 Services Gateway Card Cage and Slots | 86
SRX5400 Services Gateway Services Processing Card Overview | 87
Services Processing Card SRX5K-SPC-2-10-40 Specifications | 88
Services Processing Card SRX5K-SPC-4-15-320 Specifications | 93
Services Processing Card SRX5K-SPC3 Specifications | 98
SRX5400 Services Gateway MPC and MIC Overview | 102
Modular Port Concentrator (SRX5K-MPC) Specifications | 103
SRX5K-MPC3-40G10G Specifications | 105
SRX5K-MPC3-100G10G Specifications | 108
MIC with 20x1GE SFP Interfaces (SRX-MIC-20GE-SFP) | 111
MIC with 10x10GE SFP+ Interfaces (SRX-MIC-10XG-SFPP) | 117
MIC with 1x100GE CFP Interface (SRX-MIC-1X100G-CFP) | 122
MIC with 2x40GE QSFP+ Interfaces (SRX-MIC-2X40G-QSFP) | 124
I/O Card SRX5K-40GE-SFP Specifications | 125
I/O Card SRX5K-4XGE-XFP Specifications | 127
SRX5K-IOC4-10G Specifications | 129
SRX5K-IOC4-MRAT Specifications | 132
Flex I/O Card (SRX5K-FPC-IOC) Specifications | 136
Flex I/O Card Port Module SRX-IOC-16GE-SFP Specifications | 137
Flex I/O Card Port Module SRX-IOC-16GE-TX Specifications | 139
Flex I/O Card Port Module SRX-IOC-4XGE-XFP Specifications | 141
vi
2SitePlanning,Preparation,andSpecifications
SitePreparationChecklistfortheSRX5400ServicesGateway | 145
SRX5400SiteGuidelinesandRequirements | 146
SRX5400 Services Gateway Environmental Specifications | 146
General Site Guidelines | 147
Site Electrical Wiring Guidelines | 148
Clearance Requirements for SRX5400 Services Gateway Airflow and Hardware
Maintenance | 149
SRX5400RackandCabinetRequirements | 150
SRX5400 Services Gateway Rack Size and Strength Requirements | 150
Spacing of Rack Mounting Bracket Holes for the SRX5400 Services Gateway | 151
Connection to Building Structure for the SRX5400 Services Gateway Rack | 151
SRX5400 Services Gateway Cabinet Size and Clearance Requirements | 151
SRX5400 Services Gateway Cabinet Airflow Requirements | 152
CalculatingPowerRequirementsfortheSRX5400ServicesGateway | 152
SRX5400NetworkCableandTransceiverPlanning | 158
RoutingEngineInterfaceCableandWireSpecificationsfortheSRX5400ServicesGateway | 158
Signal Loss in Multimode and Single-Mode Fiber-Optic Cable for the SRX5400 Services
Gateway | 159
Attenuation and Dispersion in Fiber-Optic Cable for the SRX5400 Services Gateway | 159
Calculating Power Budget for Fiber-Optic Cable for the SRX5400 Services Gateway | 160
Calculating Power Margin for Fiber-Optic Cable for the SRX5400 Services Gateway | 161
SRX5400AlarmandManagementCableSpecificationsandPinouts | 163
Alarm Relay Contact Wire Specifications for the SRX5400 Services Gateway | 163
Console Port Cable and Wire Specifications for the SRX5400 Services Gateway | 163
RJ-45ConnectorPinoutsfortheSRX5400ServicesGatewayRoutingEngineEthernetPort | 164
RJ-45 Connector Pinouts for the SRX5400 Services Gateway Routing Engine Auxiliary and
Console Ports | 164
vii
3InitialInstallationandConfiguration
SRX5400InstallationOverview | 167
UnpackingtheSRX5400 | 168
Tools and Parts Required to Unpack the SRX5400 Services Gateway | 168
Unpacking the SRX5400 Services Gateway | 168
Verifying the SRX5400 Services Gateway Parts Received | 170
InstallingtheSRX5400MountingHardware | 172
ToolsandPartsRequiredtoInstalltheSRX5400ServicesGatewayMountingHardwarefora
Rack or Cabinet | 173
Installing the SRX5400 Services Gateway Mounting Hardware for a Rack or Cabinet | 173
Moving the Mounting Brackets for Center-Mounting the SRX5400 Services Gateway | 175
InstallingtheSRX5400UsingaMechanicalLift | 176
Tools Required to Install the SRX5400 Services Gateway with a Mechanical Lift | 176
Installing the SRX5400 Services Gateway Using a Mechanical Lift | 177
InstallingtheSRX5400WithoutaMechanicalLift | 178
Overview of Installing the SRX5400 Services Gateway Without a Mechanical Lift | 179
Tools Required to Install the SRX5400 Services Gateway Without a Mechanical Lift | 179
Removing Components from the SRX5400 Chassis Before Installing It Without a Lift | 179
Removing the Power Supplies Before Installing the SRX5400 Services Gateway Without a Lift | 180
RemovingtheFanTrayBeforeInstallinganSRX5400ServicesGatewayWithoutaLift | 181
Removing Cards Before Installing an SRX5400 Services Gateway Without a Lift | 181
Installing the SRX5400 Services Gateway Chassis in the Rack Manually | 184
ReinstallingComponentsintheSRX5400ServicesGatewayChassisAfterInstallingItWithout
a Lift | 186
Reinstalling Power Supplies After Installing the SRX5400 Services Gateway Without a
Lift | 186
ReinstallingtheFanTrayAfterInstallingtheSRX5400ServicesGatewayWithoutaLift | 187
Reinstalling Cards After Installing the SRX5400 Services Gateway Without a Lift | 188
viii
ConnectingtheSRX5400toExternalDevices | 189
Tools and Parts Required for SRX5400 Services Gateway Connections | 189
Connecting the SRX5400 Services Gateway to a Management Console or an Auxiliary
Device | 189
Connecting the SRX5400 Services Gateway to a Network for Out-of-Band Management | 191
Connecting an SRX5400 Services Gateway to an External Alarm-Reporting Device | 191
Connecting Network Cables to SRX5400 Services Gateway MICs | 193
ConnectingtheSRX5400toPower | 194
Tools and Parts Required for SRX5400 Services Gateway Grounding and Power
Connections | 194
Grounding the SRX5400 Services Gateway | 195
Connecting Power to an AC-Powered SRX5400 Services Gateway | 196
Powering On an AC-Powered SRX5400 Services Gateway | 198
Connecting Power to a DC-Powered SRX5400 Services Gateway | 199
Powering On a DC-Powered SRX5400 Services Gateway | 202
Powering Off the SRX5400 Services Gateway | 203
PerformingtheInitialSoftwareConfigurationfortheSRX5400 | 204
SRX5400 Services Gateway Software Configuration Overview | 204
Initially Configuring the SRX5400 Services Gateway | 205
Performing Initial Software Configuration Using J-Web | 210
Configuring Root Authentication and the Management Interface from the CLI | 211
Configuring Interfaces, Zones, and Policies with J-Web | 212
4MaintainingComponents
MaintainingtheSRX5400Chassis | 217
Routine Maintenance Procedures for the SRX5400 Services Gateway | 217
Replacing the SRX5400 Services Gateway Craft Interface | 217
Disconnecting the Alarm Relay Wires from the SRX5400 Services Gateway Craft
Interface | 218
Removing the SRX5400 Services Gateway Craft Interface | 218
Installing the SRX5400 Services Gateway Craft Interface | 219
ix
Connecting the Alarm Relay Wires to the SRX5400 Services Gateway Craft Interface | 220
MaintainingtheSRX5400CoolingSystem | 221
Maintaining the Fan Tray on the SRX5400 Services Gateway | 221
Replacing the SRX5400 Services Gateway Fan Tray | 221
Removing the SRX5400 Services Gateway Fan Tray | 222
Installing the SRX5400 Services Gateway Fan Tray | 223
Maintaining the Air Filter on the SRX5400 Services Gateway | 223
Replacing the SRX5400 Services Gateway Air Filter | 224
Removing the SRX5400 Services Gateway Air Filter | 224
Installing the SRX5400 Services Gateway Air Filter | 225
MaintainingtheSRX5400PowerSystem | 226
Maintaining SRX5400 Services Gateway Power Supplies | 226
Replacing an SRX5400 Services Gateway AC Power Supply | 228
Removing an SRX5400 Services Gateway AC Power Supply | 228
Installing an SRX5400 Services Gateway AC Power Supply | 229
Replacing an SRX5400 Services Gateway AC Power Supply Cord | 230
Disconnecting an SRX5400 Services Gateway AC Power Supply Cord | 230
Connecting an SRX5400 Services Gateway AC Power Supply Cord | 231
Replacing an SRX5400 Services Gateway DC Power Supply | 231
Removing an SRX5400 Services Gateway DC Power Supply | 231
Installing an SRX5400 Services Gateway DC Power Supply | 233
Replacing an SRX5400 Services Gateway DC Power Supply Cable | 236
Disconnecting an SRX5400 Services Gateway DC Power Supply Cable | 236
Connecting an SRX5400 Services Gateway DC Power Supply Cable | 237
x
MaintainingtheSRX5400HostSubsystem | 238
Maintaining the SRX5400 Services Gateway Host Subsystem | 239
Taking the SRX5400 Services Gateway Host Subsystem Offline | 241
Operating and Positioning the SRX5400 Services Gateway SCB Ejectors | 241
Replacing the SRX5400 Services Gateway SCB | 242
Removing the SRX5400 Services Gateway SCB | 242
Installing an SRX5400 Services Gateway SCB | 243
Replacing the SRX5400 Services Gateway Routing Engine | 245
Removing the SRX5400 Services Gateway Routing Engine | 246
Installing the SRX5400 Services Gateway Routing Engine | 247
Low Impact Hardware Upgrade for SCB3 and IOC3 | 249
In-ServiceHardwareUpgradeforSRX5K-RE-1800X4andSRX5K-SCBEorSRX5K-RE-1800X4
and SRX5K-SCB3 in a Chassis Cluster | 267
MaintainingtheSRX5400LineCardsandModules | 271
Holding an SRX5400 Services Gateway Card | 272
Storing an SRX5400 Services Gateway Card | 274
Replacing SRX5400 Services Gateway MPCs | 274
Removing an SRX5400 Services Gateway MPC | 275
Installing an SRX5400 Services Gateway MPC | 277
Replacing SRX5400 Services Gateway MICs | 280
Removing an SRX5400 Services Gateway MIC | 280
Installing an SRX5400 Services Gateway MIC | 282
Installing an MPC and MICs in an Operating SRX5400 Services Gateway Chassis Cluster | 284
Maintaining SPCs on the SRX5400 Services Gateway | 287
Replacing SRX5400 Services Gateway SPCs | 289
Removing an SRX5400 Services Gateway SPC | 289
Installing an SRX5400 Services Gateway SPC | 291
ReplacingSPCsinanOperatingSRX5400,SRX5600,orSRX5800ServicesGatewaysChassis
Cluster | 294
In-Service Hardware Upgrade for SRX5K-SPC3 in a Chassis Cluster | 297
xi
MaintainingtheSRX5400CablesandConnectors | 300
Maintaining SRX5400 Services Gateway Network Cables | 300
Replacing the Management Ethernet Cable on the SRX5400 Services Gateway | 302
Replacing the SRX5400 Services Gateway Console or Auxiliary Cable | 303
Replacing an SRX5400 Services Gateway Network Cable | 304
Removing an SRX5400 Services Gateway Network Cable | 304
Installing an SRX5400 Services Gateway Network Cable | 305
Replacing SRX5400 Services Gateway Transceivers | 306
Removing an SRX5400 Services Gateway Transceiver | 306
Installing an SRX5400 Services Gateway Transceiver | 308
ReplacingaRoutingEngineinanSRXSeriesHigh-EndChassisCluster | 309
Replacing a Routing Engine: USB Flash-Drive Method | 309
Replacing a Routing Engine: External SCP Server Method | 316
Replacing the Routing Engine: File Transfer Method | 323
5TroubleshootingHardware
TroubleshootingtheSRX5400 | 330
Troubleshooting the SRX5400 Services Gateway with the Junos OS CLI | 330
Troubleshooting the SRX5400 Services Gateway with Chassis and Interface Alarm
Messages | 331
Chassis Component Alarm Conditions on SRX5400, SRX5600, and SRX5800 Services
Gateways | 331
Backup Routing Engine Alarms | 346
Troubleshooting the SRX5400 Services Gateway with Alarm Relay Contacts | 348
Troubleshooting the SRX5400 Services Gateway with the Craft Interface LEDs | 348
Troubleshooting the SRX5400 Services Gateway with the Component LEDs | 349
Troubleshooting the SRX5400 Services Gateway Cooling System | 350
Troubleshooting SRX5400 Services Gateway MPCs | 350
Troubleshooting SRX5400 Services MICs | 352
Troubleshooting SRX5400 Services Gateway SPCs | 353
Troubleshooting the SRX5400 Services Gateway Power System | 354
BehavioroftheSRX5400,SRX5600,andSRX5800ServicesGatewaysWhentheSRX5K-SCBE
and SRX5K-RE-1800X4 in a Chassis Cluster Fail | 357
xii
6ContactingCustomerSupportandReturningtheChassisorComponents
ReturningtheSRX5400ChassisorComponents | 360
Contacting Customer Support | 360
Return Procedure for the SRX5400 Services Gateway | 361
Listing the SRX5400 Services Gateway Component Serial Numbers with the CLI | 362
Locating the SRX5400 Services Gateway Chassis Serial Number Label | 362
Locating the SRX5400 Services Gateway Power Supply Serial Number Labels | 362
Locating the SRX5400 Services Gateway Craft Interface Serial Number Label | 363
Information You Might Need to Supply to JTAC | 364
Required Tools and Parts for Packing the SRX5400 Services Gateway | 364
Packing the SRX5400 Services Gateway for Shipment | 365
Packing SRX5400 Services Gateway Components for Shipment | 366
7SafetyandComplianceInformation
GeneralSafetyGuidelinesandWarnings | 369
DefinitionsofSafetyWarningLevels | 370
RestrictedAccessAreaWarning | 374
FireSafetyRequirements | 376
Fire Suppression | 376
Fire Suppression Equipment | 377
QualifiedPersonnelWarning | 378
WarningStatementforNorwayandSweden | 378
InstallationInstructionsWarning | 379
ChassisandComponentLiftingGuidelines | 379
RampWarning | 380
Rack-MountingandCabinet-MountingWarnings | 380
xiii
GroundedEquipmentWarning | 386
LaserandLEDSafetyGuidelinesandWarnings | 387
General Laser Safety Guidelines | 387
Class 1 Laser Product Warning | 388
Class 1 LED Product Warning | 389
Laser Beam Warning | 390
RadiationfromOpenPortAperturesWarning | 391
MaintenanceandOperationalSafetyGuidelinesandWarnings | 392
Battery Handling Warning | 393
Jewelry Removal Warning | 394
Lightning Activity Warning | 396
Operating Temperature Warning | 397
Product Disposal Warning | 399
GeneralElectricalSafetyGuidelinesandWarnings | 400
PreventionofElectrostaticDischargeDamage | 401
ACPowerElectricalSafetyGuidelines | 402
ACPowerDisconnectionWarning | 404
DCPowerElectricalSafetyGuidelines | 405
DC Power Electrical Safety Guidelines | 405
DC Power Disconnection Warning | 407
DC Power Grounding Requirements and Warning | 409
DC Power Wiring Sequence Warning | 411
DC Power Wiring Terminations Warning | 414
DCPowerDisconnectionWarning | 417
DCPowerGroundingRequirementsandWarning | 419
DCPowerWiringSequenceWarning | 421
DCPowerWiringTerminationsWarning | 424
MultiplePowerSuppliesDisconnectionWarning | 427
TNPowerWarning | 428
xiv
ActiontoTakeAfteranElectricalAccident | 428
SRX5400ServicesGatewayAgencyApprovals | 429
SRX5400ServicesGatewayComplianceStatementsforEMCRequirements | 430
Canada | 430
European Community | 430
Israel | 431
Japan | 431
United States | 431
StatementsofVolatilityforJuniperNetworkDevices | 432
xv
AbouttheDocumentation
INTHISSECTION
Documentation and Release Notes | xv
Using the Examples in This Manual | xv
Documentation Conventions | xvii
Documentation Feedback | xx
Requesting Technical Support | xx
Use this guide to install hardware and perform initial software configuration, routine maintenance, and troubleshooting for the SRX5400 Services Gateway.
After completing the installation and basic configuration procedures covered in this guide, refer to the Junos OS documentation for information about further software configuration.
DocumentationandReleaseNotes
To obtain the most current version of all Juniper Networks® technical documentation, see the product documentation page on the Juniper Networks website at https://www.juniper.net/documentation/.
Iftheinformationinthelatestreleasenotesdiffersfromtheinformationinthedocumentation,followthe product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts. These books go beyond the technical documentation to explore the nuances of network architecture, deployment, and administration. The current list can be viewed at https://www.juniper.net/books.
UsingtheExamplesinThisManual
If you want to use the examples in this manual, you can use the loadmerge or the loadmergerelative command. These commands cause the software to merge the incoming configuration into the current candidateconfiguration.Theexampledoesnotbecomeactiveuntilyoucommitthecandidateconfiguration.
xvi
If the example configuration contains the top level of the hierarchy (or multiple hierarchies), the example is a fullexample. In this case, use the loadmerge command.
If the example configuration does not start at the top level of the hierarchy, the example is a snippet. In thiscase,usetheloadmergerelative command.Theseproceduresaredescribedinthefollowingsections.
MergingaFullExample
To merge a full example, follow these steps:
1.From the HTML or PDF version of the manual, copy a configuration example into a text file, save the file with a name, and copy the file to a directory on your routing platform.
For example, copy the following configuration to a file and name the file ex-script.conf. Copy the ex-script.conf file to the /var/tmp directory on your routing platform.
system { scripts {
commit {
file ex-script.xsl;
}
}
}
interfaces { fxp0 {
disable; unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
}
2.Merge the contents of the file into your routing platform configuration by issuing the loadmerge configuration mode command:
[edit]
user@host# loadmerge/var/tmp/ex-script.conf load complete
xvii
MergingaSnippet
To merge a snippet, follow these steps:
1.From the HTML or PDF version of the manual, copy a configuration snippet into a text file, save the file with a name, and copy the file to a directory on your routing platform.
For example, copy the following snippet to a file and name the file ex-script-snippet.conf. Copy the ex-script-snippet.conf file to the /var/tmp directory on your routing platform.
commit {
file ex-script-snippet.xsl; }
2.Movetothehierarchylevelthatisrelevantforthissnippetbyissuingthefollowingconfigurationmode command:
[edit]
user@host# editsystemscripts
[edit system scripts]
3.Merge the contents of the file into your routing platform configuration by issuing the loadmerge relative configuration mode command:
[edit system scripts]
user@host# loadmergerelative/var/tmp/ex-script-snippet.conf load complete
For more information about the load command, see CLI Explorer.
DocumentationConventions
Table 1 on page xviii defines notice icons used in this guide.
xviii
Table1:NoticeIcons |
|
|
Icon |
Meaning |
Description |
|
Informational note |
Indicates important features or instructions. |
|
Caution |
Indicates a situation that might result in loss of data or hardware |
|
|
damage. |
|
Warning |
Alerts you to the risk of personal injury or death. |
|
Laser warning |
Alerts you to the risk of personal injury from a laser. |
|
Tip |
Indicates helpful information. |
|
Best practice |
Alerts you to a recommended use or implementation. |
Table 2 on page xviii defines the text and syntax conventions used in this guide.
Table2:TextandSyntaxConventions
Convention |
Description |
Examples |
Boldtextlikethis |
Represents text that you type. |
To enter configuration mode, type |
|
|
the configure command: |
|
|
user@host> configure |
Fixed-width text like this
Italictextlikethis
Represents output that appears on the terminal screen.
•Introducesoremphasizesimportant new terms.
•Identifies guide names.
•Identifies RFC and Internet draft titles.
user@host> showchassisalarms
No alarms currently active
•A policy term is a named structure that defines match conditions and actions.
•JunosOSCLIUserGuide
•RFC 1997, BGPCommunities Attribute
xix
Table2:TextandSyntaxConventions (continued)
Convention |
Description |
Italictextlikethis |
Represents variables (options for |
|
which you substitute a value) in |
|
commands or configuration |
|
statements. |
Examples
Configure the machine’s domain name:
[edit]
root@# setsystemdomain-name domain-name
Textlikethis |
Represents names of configuration |
|
statements, commands, files, and |
|
directories; configuration hierarchy |
|
levels; or labels on routing platform |
|
components. |
•To configure a stub area, include the stub statement at the [edit protocolsospfareaarea-id] hierarchy level.
•The console port is labeled
CONSOLE.
< > (angle brackets) |
Encloses optional keywords or |
|
variables. |
| (pipe symbol) |
Indicates a choice between the |
|
mutually exclusive keywords or |
|
variablesoneithersideofthesymbol. |
|
The set of choices is often enclosed |
|
in parentheses for clarity. |
stub<default-metric metric>;
broadcast|multicast
(string1 | string2 | string3)
# (pound sign)
[ ] (square brackets)
Indention and braces ( { } )
; (semicolon)
Indicatesacommentspecifiedonthe |
rsvp{#RequiredfordynamicMPLS |
same line as the configuration |
only |
statement to which it applies. |
|
Enclosesavariableforwhichyoucan |
communitynamemembers[ |
substitute one or more values. |
community-ids ] |
Identifies a level in the configuration |
[edit] |
hierarchy. |
routing-options { |
|
static { |
Identifies a leaf statement at a |
route default { |
configuration hierarchy level. |
nexthop address; |
|
retain; |
|
} |
|
} |
|
} |
GUIConventions
xx
Table2:TextandSyntaxConventions (continued) |
|
|
Convention |
Description |
Examples |
Boldtextlikethis |
Represents graphical user interface |
• IntheLogicalInterfacesbox,select |
|
(GUI) items you click or select. |
AllInterfaces. |
|
|
• To cancel the configuration, click |
|
|
Cancel. |
> (bold right angle bracket) |
Separates levels in a hierarchy of |
Intheconfigurationeditorhierarchy, |
|
menu selections. |
select Protocols>Ospf. |
DocumentationFeedback
We encourage you to provide feedback so that we can improve our documentation. You can use either of the following methods:
•Online feedback system—Click TechLibrary Feedback, on the lower right of any page on the Juniper Networks TechLibrary site, and do one of the following:
•Click the thumbs-up icon if the information on the page was helpful to you.
•Click the thumbs-down icon if the information on the page was not helpful to you or if you have suggestions for improvement, and use the pop-up form to provide feedback.
•E-mail—Sendyourcommentstotechpubs-comments@juniper.net.Includethedocumentortopicname, URL or page number, and software version (if applicable).
RequestingTechnicalSupport
TechnicalproductsupportisavailablethroughtheJuniperNetworksTechnicalAssistanceCenter(JTAC). If you are a customer with an active Juniper Care or Partner Support Services support contract, or are
xxi
covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC.
•JTACpolicies—ForacompleteunderstandingofourJTACproceduresandpolicies,reviewtheJTACUser Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
•Productwarranties—Forproductwarrantyinformation,visithttps://www.juniper.net/support/warranty/.
•JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year.
Self-HelpOnlineToolsandResources
Forquickandeasyproblemresolution,JuniperNetworkshasdesignedanonlineself-serviceportalcalled the Customer Support Center (CSC) that provides you with the following features:
•Find CSC offerings: https://www.juniper.net/customers/support/
•Search for known bugs: https://prsearch.juniper.net/
•Find product documentation: https://www.juniper.net/documentation/
•Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/
•Download the latest versions of software and review release notes: https://www.juniper.net/customers/csc/software/
•Search technical bulletins for relevant hardware and software notifications: https://kb.juniper.net/InfoCenter/
•Join and participate in the Juniper Networks Community Forum: https://www.juniper.net/company/communities/
•Create a service request online: https://myjuniper.juniper.net
To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/
CreatingaServiceRequestwithJTAC
You can create a service request with JTAC on the Web or by telephone.
•Visit https://myjuniper.juniper.net.
•Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see https://support.juniper.net/support/requesting-support/.
1
CHAPTER
Overview
SRX5400 Services Gateway System Overview | 23
SRX5400 Chassis | 27
SRX5400 Cooling System | 39
SRX5400 Power System | 41
SRX5400 Host Subsystem | 57
SRX5400 Line Cards and Modules | 81
23
SRX5400ServicesGatewaySystemOverview
INTHISSECTION
SRX5400 Services Gateway Description | 23
Benefits of the SRX5400 Services Gateway | 24
SRX5400 Services Gateway FRUs | 25
SRX5400 Services Gateway Component Redundancy | 26
SRX5400ServicesGatewayDescription
The SRX5400 Services Gateway is a high-performance, highly scalable, carrier-class security device with multiprocessor architecture.
The SRX5400 Services Gateway is 5 rack units (U) tall. You can stack eight services gateways in a rack that is at least 48 U (89.3 in. or 2.24 m) in height if it has a 1 in. cap between for increased port density per unit of floor space.
TheservicesgatewayprovidesfourslotsthatyoucanpopulatewithoneSwitchControlBoard(SCB)and up to three additional cards of the following types:
•Services Processing Cards (SPCs) provide the processing capacity to run integrated services such as firewall, IPsec, and IDP.
NOTE: The SRX5400 Services Gateway supports only the SRX5K-SPC-4-15-320 (SPC2) and does not support the SRX5K-SPC-2-10-40 (SPC1).
•Modular Port Concentrators (MPCs) provide Ethernet interfaces that connect the services gateway to your network.
24
NOTE: TheSRX5400ServicesGatewayonlysupportstheSRX5K-MPC(MPC2),anddoesnot support older SRX5000 Series I/O cards (IOCs) or Flex IOCs cards such as:
•SRX5K-40GE-SFP
•SRX5K-4XGE-XFP
•SRX5K-FPC-IOC
Devices configured with SRX5K-SCBE (SCB2) and SRX5K-RE-1800X4 (RE2) only support SPC2.
Devices configured with SRX5K-SCB3 (SCB3) and RE2, or SRX5K-SCBE (SCB2) and RE2 also support IOC3s (SRX5K-MPC3-100G10G and SRX5K-MPC3-40G10G).
NOTE: The SRX5400 Services Gateways configured with SRX5K-SCB (SCB1) and SRX5K-RE-13-20 (RE1) only support Junos OS Release 12.1X46-D10 and later. Devices configured with SCB2 and RE2 only support Junos OS Release 12.1X47-D15 and later, and devices configured with SCB3 and RE2 only support Junos OS Release 15.1X49-D10 and later.
For detailed information about the cards supported by the services gateway, see the SRX5400,SRX5600, andSRX5800ServicesGatewayCardReference at www.juniper.net/documentation/.
BenefitsoftheSRX5400ServicesGateway
•TheSRX5400ServicesGatewayisasmallfootprintbuthigh-performancegatewaywhichsupports285 Gbps IMIX firewall throughput, 90 million concurrent sessions, and 230 Gbps IPS.
The ability to support unique security policies per zone with a compelling performance, makes the SRX5400 an optimal solution for the edge or data center services in large enterprise, service provider, or mobile operator environments.
•IPSCapabilities-JuniperNetworksIPScapabilitiesofferseveraluniquefeaturessuchasProtocoldecodes, Zero-day protection, Active/active traffic monitoring, and packet capture logging per rule assure the highest level of network security.
•ContentSecurityUTMCapabilities-TheUTMservicesofferedontheSRX5000lineofServicesGateways include industry-leading antivirus, antispam, content filtering, and additional content security services.
The UTM services provide sophisticated protection from:
• Antivirus experts against malware attacks that can lead to data breaches and lost productivity.
25
•Advanced persistent threats perpetrated through social networking attacks and the latest phishing scams with sophisticated e-mail filtering and content blockers.
•LostproductivityandtheimpactofmaliciousURLsandextraneousormaliciouscontentonthenetwork to help maintain bandwidth.
•Advanced Threat Prevention (ATP) - Juniper Sky ATP, a SaaS-based service, and the Juniper ATP Appliance, an on-premises solution:
•Protectsenterpriseusersfromaspectrumofadvancedmalwarethatexploits“zero-day”vulnerabilities.
•Proactively blocks malware communication channels.
•The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and Google Mail, and detects threats in SMB traffic.
•Single pane-of-glass management with Security Director and JSA Series integration.
SRX5400ServicesGatewayFRUs
Field-replaceableunits(FRUs)areservicesgatewaycomponentsthatcanbereplacedatthecustomersite. The services gateway uses the following types of FRUs:
Table3onpage25 liststheFRUsoftheservicesgatewayandtheactiontoperformtoinstall,remove,or replace an FRU.
Table3:Field-ReplaceableUnits |
|
Field-Replaceable Units (FRUs) |
Action |
Air filter |
You need not power off the services gateway to install, remove, or |
|
replace any of these FRUs. |
Fan tray |
|
Craft interface |
|
AC and DC power supplies (if redundant) |
|
Interface transceivers |
|
26
Table3:Field-ReplaceableUnits (continued)
Field-Replaceable Units (FRUs) |
Action |
Routing Engine |
Powerofftheservicesgatewaytoinstall,remove,orreplaceanyof |
|
these FRUs. |
SCBs |
|
SPCs |
|
MPCs |
|
MICs |
|
SRX5400ServicesGatewayComponentRedundancy
The following major hardware components are redundant:
•Power supplies—The services gateway is configurable with two or three AC power supplies at the rear of the chassis in slots PEM0 through PEM3 (left to right)or two DC power supplies in slots PEM0 and
PEM2.
•In the low-line (110VAC input) or the high-line (220VAC input) configurations, two power supplies are required to support the services gateway electrical requirements. By default, the AC powered services gateways are configured with three AC (2+1) power supplies, you can add a fourth power supplyforfaulttolerance.Thefourthpowersupplyisusedwhenoneofthepowersuppliesinthe2+1 configuration fails.
•IntheDCpoweredservicesgatewaystwoDC(1+1)powersuppliesarerequiredtosupporttheservices gateway electrical requirements. The minimum power supplies requirement is one and the second powersupplyprovidesredundancy.Ifonepowersupplyfailsthesecondpowersupplyinstantlyassume theentireelectricalloadwithoutinterruption.Twopowersuppliesprovidethemaximumconfiguration with full power for as long as the device is operational.
Redundant power supplies are hot-removable and hot-insertable. When you remove a power supply from a services gateway that uses a nonredundant power supply configuration, the services gateway might shut down depending on your configuration.
•Cooling system—The cooling system has redundant components, which are controlled by the host subsystem. If one of the fans fails, the host subsystem increases the speed of the remaining fans to provide sufficient cooling for the services gateway indefinitely.
27
SRX5400Chassis
INTHISSECTION
SRX5400 Services Gateway Chassis | 27
SRX5400 Services Gateway Physical Specifications | 29
SRX5400 Services Gateway Midplane Description | 30
SRX5400 Services Gateway Craft Interface Overview | 31
SRX5400 Services Gateway Craft Interface Alarm LEDs and Alarm Cutoff/Lamp Test Button | 32
SRX5400 Services Gateway Craft Interface Host Subsystem LEDs | 33
SRX5400 Services Gateway Craft Interface Power Supply LEDs | 33
SRX5400 Services Gateway Craft Interface Card OK/Fail LEDs | 34
SRX5400 Services Gateway Craft Interface Fan LEDs | 34
SRX5400 Services Gateway Craft Interface Online/Offline Buttons | 35
SRX5400 Services Gateway Craft Interface Alarm Relay Contacts | 37
SRX5400ServicesGatewayChassis
The services gateway chassis is a rigid sheet metal structure that houses all the other components (see Figure1onpage28,Figure2onpage28,andFigure3onpage29).Thechassismeasures8.71in.(22.1cm) high, 17.45 in. (44.3 cm) wide, and 24.5 in. (62.2 cm) deep (from the front to the rear of the chassis). The chassisinstallsinstandard800-mm(orlarger)enclosedcabinets,19-in.equipmentracks,ortelcoopen-frame racks. Uptofiveservicesgatewayscanbeinstalledinonestandard(48U)rackiftherackcanhandletheir combined weight, which can be greater than 1100 lb (500 kg). See “SRX5400 Services Gateway Physical Specifications” on page 29 for physical specifications for the SRX5400 Services Gateway.
CAUTION: Before removing or installing components of a services gateway, attach an ESD strap to an ESD point and place the other end of the strap around your bare wrist. Failure to use an ESD strap can result in damage to the services gateway.
28
WARNING: The services gateway must be connected to earth ground during normal operation.
Figure1:FrontViewofaFullyConfiguredServicesGatewayChassis
MPC
SPCs
SCB
<![if ! IE]><![endif]>g030323
RE
Figure2:RearViewofanAC-PoweredServicesGatewayChassis
AC Power supplies
Power 
supply 
exhaust 
PEM 0
PEM 1
AIR
FILTER
PEM 2
PEM 3
FAN
TRAY
ESD
Protective earthing
<![if ! IE]><![endif]>g004301
Air filter
ESD point |
Fan tray |
Air exhaust |
29
Figure3:RearViewofaFullyConfiguredDC-PoweredServicesGatewayChassis
DC Power supplies
Power 
supply 
exhaust 
PEM 0
AIR
FILTER
PWR |
|
OKBKR ONINPU |
|
PWR |
OKBKR ON |
|
|
|
PWR OKBKR |
|
ONINPUTOK |
PEM 1 |
|
PEM 2 |
|
|
PEM 3 |
|
FAN |
|
TRAY |
|
ESD |
Protective earthing
<![if ! IE]><![endif]>g004351
Air filter
ESD point Fan tray |
Air exhaust |
SRX5400ServicesGatewayPhysicalSpecifications
Table 4 on page 29 summarizes the physical specifications for the services gateway chassis.
Table4:PhysicalSpecifications |
|
Description |
Value |
Chassis dimensions |
8.7 in. (22.1 cm) high |
|
17.45 in. (44.3 cm) wide |
|
24.5in.(62.2cm)deep(fromfront-mountingbrackettochassisrear) |
|
Totaldepth(includingcablemanagementsystem):27.75in.(70.5cm) |
Services gateway weight |
Chassis with midplane, fan tray, air filter, and cable management |
|
system: 52 lb (23.6 kg) |
|
Maximum configuration: 128 lb (58.1 kg) |
Routing Engine weight |
SRX5K-RE-13-20: 2.4 lb (1.1 kg) |
|
SRX5K-RE-1800X4: 2.4 lb (1.1 kg) |
30
Table4:PhysicalSpecifications (continued) |
|
Description |
Value |
SCB weight |
SRX5K-SCB: 9.6 lb (4.4 kg) |
|
SRX5K-SCBE: 9.6 lb (4.4 kg) |
|
SRX5K-SCB3: 10.14 lb (4.6 kg) |
MPC weight (with two MICs) |
13.1 lb (5.9 kg) |
Craft interface weight |
1.1 lb (0.5 kg) |
Fan tray weight |
4.2 lb (1.9 kg) |
Air filter weight |
1.0 lb (0.5 kg) |
Cable management weight |
0.3 lb (0.14 kg) |
High-capacity DC power supply weight |
6.2 lb (2.8 kg) |
High-capacity AC power supply weight |
6.6 lb (3.0 kg) |
SRX5400ServicesGatewayMidplaneDescription
The midplane is located toward the rear of the chassis and forms the rear of the card cage. MPCs, SPCs, and SCB install into the midplane from the front of the chassis, and the power supplies install into the midplane from the rear of the chassis. The cooling system components also connect to the midplane.
The midplane performs the following major functions:
•Datapath—DatapacketsaretransferredacrossthemidplanebetweentheMPCsandSPCsthroughthe fabric ASICs on the SCB.
•Power distribution—The power supplies are connected to the midplane, which distributes power to all the services gateway components.
•Signal path—The midplane provides the signal path to the MPCs, SCB, SPCs, Routing Engine, and other system components for monitoring and control of the system.
The enhanced midplane supports Junos OS Release 15.1X49-D10. It provides greater per-slot fabric performanceandsignalintegrity,alongwitherror-freehighspeeddatatransfer,anditreducescross-talk. The midplane supports link speeds up to 10 Gbps and is not field replaceable.
Loading...