Juniper SRX5600 Hardware Guide
SRX5600 Services Gateway Hardware
Guide
Published
2020-12-07
ii
Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA
408-745-2000 www.juniper.net
JuniperNetworks,theJuniperNetworkslogo,Juniper,andJunosareregisteredtrademarksofJuniperNetworks,Inc. in theUnitedStatesandothercountries. Allothertrademarks,servicemarks,registeredmarks,orregisteredservicemarks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
SRX5600ServicesGatewayHardwareGuide
Copyright © 2020 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR2000NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
ENDUSERLICENSEAGREEMENT
TheJuniperNetworksproductthatisthesubjectofthistechnicaldocumentationconsistsof(orisintendedforusewith) JuniperNetworkssoftware.UseofsuchsoftwareissubjecttothetermsandconditionsoftheEndUserLicenseAgreement (“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of that EULA.
iii
Table of Contents
AbouttheDocumentation | xv
Documentation and Release Notes | xv
Using the Examples in This Manual | xv
Merging a Full Example | xvi
Merging a Snippet | xvii
Documentation Conventions | xvii
Documentation Feedback | xx
Requesting Technical Support | xx
Self-Help Online Tools and Resources | xxi
Creating a Service Request with JTAC | xxi
1Overview
SRX5600ServicesGatewaySystemOverview | 23
SRX5600 Services Gateway Description | 23
Benefits of the SRX5600 Services Gateway | 24
SRX5600 Services Gateway FRUs | 24
SRX5600 Services Gateway Component Redundancy | 25
SRX5600Chassis | 26
SRX5600 Services Gateway Chassis | 27
SRX5600 Services Gateway Physical Specifications | 29
SRX5600 Services Gateway Midplane Description | 30
SRX5600 Services Gateway Cable Manager Description | 31
SRX5600 Services Gateway Craft Interface Overview | 32
SRX5600 Services Gateway Craft Interface Alarm LEDs and Alarm Cutoff/Lamp Test
Button | 33
SRX5600 Services Gateway Craft Interface Host Subsystem LEDs | 34
SRX5600 Services Gateway Craft Interface Power Supply LEDs | 35
SRX5600 Services Gateway Craft Interface Card OK/Fail LEDs | 35
SRX5600 Services Gateway Craft Interface Fan LEDs | 35
SRX5600 Services Gateway Craft Interface Online Buttons | 36
iv
SRX5600 Services Gateway Craft Interface Alarm Relay Contacts | 39
SRX5600ServicesGatewayCoolingSystemDescription | 40
SRX3400andSRX5600ServicesGatewaysAirDeflectorKits | 43
SRX5600PowerSystem | 45
SRX5600 Services Gateway Power System Overview | 45
SRX5600 Services Gateway AC Power Supply | 47
SRX5600 Services Gateway AC Power Supply Specifications | 49
SRX5600 Services Gateway AC Power Supply LEDs | 49
AC Power Cord Specifications for the SRX5600 Services Gateway | 50
AC Power Circuit Breaker Requirements for the SRX5600 Services Gateway | 53
SRX5600 Services Gateway DC Power Supply | 53
SRX5600 Services Gateway DC Power Supply Specifications | 54
SRX5600 Services Gateway DC Power Supply LEDs | 55
DC Power Cable Specifications for the SRX5600 Services Gateway | 56
DC Power Cable Lug Specifications for the SRX5600 Services Gateway | 57
DC Power Circuit Breaker Requirements for the SRX5600 Services Gateway | 57
DC Power Source Cabling for the SRX5600 Services Gateway | 58
SRX5600 Services Gateway Chassis Grounding Point Specifications | 59
SRX5600 Services Gateway Grounding-Cable Lug Specification | 60
SRX5600HostSubsystem | 61
SRX5600 Services Gateway Host Subsystem Description | 61
Switch Control Board SRX5K-SCB Overview | 62
Switch Control Board SRX5K-SCB Specifications | 63
Switch Control Board SRX5K-SCBE Overview | 66
Switch Control Board SRX5K-SCBE Specifications | 67
SRX5K-SCBE LEDs | 69
Switch Control Board SRX5K-SCB3 Overview | 70
Switch Control Board SRX5K-SCB3 Specifications | 71
SRX5K-SCB3 LEDs | 72
Switch Control Board SRX5K-SCB4 Overview | 73
Switch Control Board SRX5K-SCB4 Specifications | 74
SRX5K-SCB4 LEDs | 76
v
Routing Engine SRX5K-RE-1800X4 Overview | 77
SRX5K-RE-1800X4 Routing Engine Boot Sequence | 78
Routing Engine SRX5K-RE-1800X4 Specifications | 78
SRX5K-RE-1800X4 LEDs | 80
Routing Engine SRX5K-RE-13-20 Overview | 81
Routing Engine SRX5K-RE-13-20 Specifications | 82
Routing Engine SRX5K-RE3-128G Specifications | 85
SRX5K-RE3-128G Routing Engine Components | 87
SRX5K-RE3-128G Routing Engine LEDs | 88
SRX5K-RE3-128G Routing Engine Boot Sequence | 89
SRX5600LineCardsandModules | 89
SRX5400, SRX5600, and SRX5800 Services Gateway Card Overview | 90
SRX5600 Services Gateway Card Terminology | 91
Cards Supported on SRX5400, SRX5600, and SRX5800 Services Gateways | 92
SRX5600 Services Gateway Card Cage and Slots | 96
SRX5600 Services Gateway SPC Description | 96
Services Processing Card SRX5K-SPC-2-10-40 Specifications | 97
Services Processing Card SRX5K-SPC-4-15-320 Specifications | 102
Services Processing Card SRX5K-SPC3 Specifications | 107
SRX5600 Services Gateway Interface Card Description | 111
Modular Port Concentrator (SRX5K-MPC) Specifications | 113
SRX5K-MPC3-40G10G Specifications | 116
SRX5K-MPC3-100G10G Specifications | 119
MIC with 20x1GE SFP Interfaces (SRX-MIC-20GE-SFP) | 122
MIC with 10x10GE SFP+ Interfaces (SRX-MIC-10XG-SFPP) | 128
MIC with 1x100GE CFP Interface (SRX-MIC-1X100G-CFP) | 133
MIC with 2x40GE QSFP+ Interfaces (SRX-MIC-2X40G-QSFP) | 135
SRX5K-IOC4-10G Specifications | 136
SRX5K-IOC4-MRAT Specifications | 139
I/O Card SRX5K-40GE-SFP Specifications | 143
I/O Card SRX5K-4XGE-XFP Specifications | 145
Flex I/O Card (SRX5K-FPC-IOC) Specifications | 147
Flex I/O Card Port Module SRX-IOC-16GE-SFP Specifications | 149
Flex I/O Card Port Module SRX-IOC-16GE-TX Specifications | 151
vi
Flex I/O Card Port Module SRX-IOC-4XGE-XFP Specifications | 152
2SitePlanning,Preparation,andSpecifications
SitePreparationChecklistfortheSRX5600ServicesGateway | 156
SRX5600SiteGuidelinesandRequirements | 157
SRX5600 Services Gateway Environmental Specifications | 157
General Site Guidelines | 158
Site Electrical Wiring Guidelines | 159
Clearance Requirements for SRX5600 Services Gateway Airflow and Hardware
Maintenance | 160
SRX5600RackandCabinetRequirements | 161
SRX5600 Services Gateway Rack Size and Strength Requirements | 161
Spacing of Rack Mounting Bracket Holes for the SRX5600 Services Gateway | 162
Connection to Building Structure for the SRX5600 Services Gateway Rack | 162
SRX5600 Services Gateway Cabinet Size and Clearance Requirements | 162
SRX5600 Services Gateway Cabinet Airflow Requirements | 163
CalculatingPowerRequirementsfortheSRX5600ServicesGateway | 163
SRX5600NetworkCableandTransceiverPlanning | 175
RoutingEngineInterfaceCableandWireSpecificationsfortheSRX5600ServicesGateway | 175
Signal Loss in Multimode and Single-Mode Fiber-Optic Cable for the SRX5600 Services
Gateway | 176
Attenuation and Dispersion in Fiber-Optic Cable for the SRX5600 Services Gateway | 176
Calculating Power Budget for Fiber-Optic Cable for the SRX5600 Services Gateway | 177
Calculating Power Margin for Fiber-Optic Cable for the SRX5600 Services Gateway | 178
SRX5600AlarmandManagementCableSpecificationsandPinouts | 179
Alarm Relay Contact Wire Specifications for the SRX5600 Services Gateway | 180
Console Port Cable and Wire Specifications for the SRX5600 Services Gateway | 180
RJ-45ConnectorPinoutsfortheSRX5600ServicesGatewayRoutingEngineEthernetPort | 180
RJ-45 Connector Pinouts for the SRX5600 Services Gateway Routing Engine Auxiliary and
Console Ports | 181
vii
3InitialInstallationandConfiguration
OverviewofInstallingtheSRX5600ServicesGateway | 184
UnpackingtheSRX5600 | 185
Tools and Parts Required to Unpack the SRX5600 Services Gateway | 185
Unpacking the SRX5600 Services Gateway | 185
Verifying the SRX5600 Services Gateway Parts Received | 187
InstallingtheSRX5600MountingHardware | 189
Installing the SRX5600 Services Gateway Mounting Hardware for a Rack or Cabinet | 189
Moving the Mounting Brackets for Center-Mounting the SRX5600 Services Gateway | 192
InstallingtheSRX5600UsingaMechanicalLift | 193
Tools Required to Install the SRX5600 Services Gateway with a Mechanical Lift | 193
Installing the SRX5600 Services Gateway Using a Mechanical Lift | 194
InstallingtheSRX5600WithoutaMechanicalLift | 196
Overview of Installing the SRX5600 Services Gateway Without a Mechanical Lift | 196
Tools Required to Install the SRX5600 Services Gateway Without a Mechanical Lift | 197
Removing Components from the SRX5600 Chassis Before Installing It Without a Lift | 197
Removing the Power Supplies Before Installing the SRX5600 Services Gateway Without a Lift | 197
RemovingtheFanTrayBeforeInstallinganSRX5600ServicesGatewayWithoutaLift | 198
Removing Cards Before Installing an SRX5600 Services Gateway Without a Lift | 199
Installing the SRX5600 Services Gateway Chassis in the Rack Manually | 202
ReinstallingComponentsintheSRX5600ServicesGatewayChassisAfterInstallingItWithout
a Lift | 204
Reinstalling Power Supplies After Installing the SRX5600 Services Gateway Without a
Lift | 204
ReinstallingtheFanTrayAfterInstallingtheSRX5600ServicesGatewayWithoutaLift | 205
Reinstalling SCBs After Installing the SRX5600 Services Gateway Without a Lift | 206
Reinstalling IOCs, Flex IOCs, and SPCs After Installing the SRX5600 Services Gateway
Without a Lift | 207
viii
ConnectingtheSRX5600toExternalDevices | 208
Tools and Parts Required for SRX5600 Services Gateway Connections | 208
Connecting the SRX5600 Services Gateway to a Management Console or an Auxiliary
Device | 209
Connecting the SRX5600 Services Gateway to a Network for Out-of-Band Management | 210
Connecting an SRX5600 Services Gateway to an External Alarm-Reporting Device | 211
Connecting Network Cables to SRX5600 Services Gateway IOCs and Port Modules | 212
ConnectingtheSRX5600toPower | 214
Tools and Parts Required for SRX5600 Services Gateway Grounding and Power
Connections | 214
Grounding the SRX5600 Services Gateway | 215
Connecting Power to an AC-Powered SRX5600 Services Gateway | 216
Powering On an AC-Powered SRX5600 Services Gateway | 218
Connecting Power to a DC-Powered SRX5600 Services Gateway | 219
Powering On a DC-Powered SRX5600 Services Gateway | 221
Powering Off the SRX5600 Services Gateway | 223
PerformingtheInitialSoftwareConfigurationfortheSRX5600 | 224
SRX5600 Services Gateway Software Configuration Overview | 224
Initially Configuring the SRX5600 Services Gateway | 225
Performing Initial Software Configuration Using J-Web | 230
Configuring Root Authentication and the Management Interface from the CLI | 230
Configuring Interfaces, Zones, and Policies with J-Web | 232
4MaintainingComponents
MaintainingtheSRX5600Chassis | 237
Routine Maintenance Procedures for the SRX5600 Services Gateway | 237
Replacing the SRX5600 Services Gateway Craft Interface | 237
Disconnecting the Alarm Relay Wires from the SRX5600 Services Gateway Craft
Interface | 237
Removing the SRX5600 Services Gateway Craft Interface | 238
Installing the SRX5600 Services Gateway Craft Interface | 239
ix
Connecting the Alarm Relay Wires to the SRX5600 Services Gateway Craft Interface | 240
MaintainingtheSRX5600CoolingSystem | 241
Maintaining the Fan Tray on the SRX5600 Services Gateway | 241
Replacing the SRX5600 Services Gateway Fan Tray | 242
Removing the SRX5600 Services Gateway Fan Tray | 242
Installing the SRX5600 Services Gateway Fan Tray | 243
Maintaining the Air Filter on the SRX5600 Services Gateway | 244
Replacing the SRX5600 Services Gateway Air Filter | 245
Removing the SRX5600 Services Gateway Air Filter | 245
Installing the SRX5600 Services Gateway Air Filter | 246
MaintainingtheSRX5600PowerSystem | 247
Maintaining SRX5600 Services Gateway Power Supplies | 247
Replacing an SRX5600 Services Gateway AC Power Supply | 248
Removing an SRX5600 Services Gateway AC Power Supply | 249
Installing an SRX5600 Services Gateway AC Power Supply | 250
Replacing an SRX5600 Services Gateway AC Power Supply Cord | 251
Disconnecting an SRX5600 Services Gateway AC Power Supply Cord | 252
Connecting an SRX5600 Services Gateway AC Power Supply Cord | 252
Replacing an SRX5600 Services Gateway DC Power Supply | 253
Removing an SRX5600 Services Gateway DC Power Supply | 253
Installing an SRX5600 Services Gateway DC Power Supply | 254
Replacing an SRX5600 Services Gateway DC Power Supply Cable | 257
Disconnecting an SRX5600 Services Gateway DC Power Supply Cable | 257
Connecting an SRX5600 Services Gateway DC Power Supply Cable | 258
Upgrading an SRX5600 Services Gateway from Standard-Capacity to High-Capacity Power Supplies | 259
x
MaintainingtheSRX5600HostSubsystem | 263
Maintaining the SRX5600 Services Gateway Host Subsystem and SCBs | 263
Taking the SRX5600 Services Gateway Host Subsystem Offline | 265
Operating and Positioning the SRX5600 Services Gateway SCB Ejectors | 266
Replacing an SRX5600 Services Gateway SCB | 266
Removing an SRX5600 Services Gateway SCB | 267
Installing an SRX5600 Services Gateway SCB | 268
Replacing the SRX5600 Services Gateway Routing Engine | 270
Removing the SRX5600 Services Gateway Routing Engine | 270
Installing the SRX5600 Services Gateway Routing Engine | 271
Low Impact Hardware Upgrade for SCB3 and IOC3 | 274
In-ServiceHardwareUpgradeforSRX5K-RE-1800X4andSRX5K-SCBEorSRX5K-RE-1800X4
and SRX5K-SCB3 in a Chassis Cluster | 292
MaintainingtheSRX5600LineCardsandModules | 296
Maintaining Interface Cards and SPCs on the SRX5600 Services Gateway | 297
Holding an SRX5600 Services Gateway Card | 299
Storing an SRX5600 Services Gateway Card | 301
Replacing SRX5600 Services Gateway IOCs | 302
Removing an SRX5600 Services Gateway IOC | 302
Installing an SRX5600 Services Gateway IOC | 304
Replacing SRX5600 Services Gateway Flex IOCs | 307
Removing an SRX5600 Services Gateway Flex IOC | 307
Installing an SRX5600 Services Gateway Flex IOC | 310
Replacing SRX5600 Services Gateway SPCs | 312
Removing an SRX5600 Services Gateway SPC | 312
Installing an SRX5600 Services Gateway SPC | 314
ReplacingSPCsinanOperatingSRX5400,SRX5600,orSRX5800ServicesGatewaysChassis
Cluster | 317
In-Service Hardware Upgrade for SRX5K-SPC3 in a Chassis Cluster | 320
Maintaining MICs and Port Modules on the SRX5600 Services Gateway | 323
Replacing SRX5600 Services Gateway MICs | 324
Removing an SRX5600 Services Gateway MIC | 324
Installing an SRX5600 Services Gateway MIC | 326
xi
Replacing SRX5600 Services Gateway Port Modules | 328
Removing an SRX5600 Services Gateway Port Module | 328
Installing an SRX5600 Services Gateway Port Module | 330
Replacing SRX5600 Services Gateway MPCs | 332
Removing an SRX5600 Services Gateway MPC | 333
Installing an SRX5600 Services Gateway MPC | 335
MaintainingtheSRX5600CablesandConnectors | 337
Maintaining SRX5600 Services Gateway Network Cables | 337
Replacing the Management Ethernet Cable on the SRX5600 Services Gateway | 339
Replacing the SRX5600 Services Gateway Console or Auxiliary Cable | 340
Replacing an SRX5600 Services Gateway Network Interface Cable | 341
Removing an SRX5600 Services Gateway Network Interface Cable | 341
Installing an SRX5600 Services Gateway Network Interface Cable | 343
Replacing SRX5600 Services Gateway XFP and SFP Transceivers | 345
Removing an SRX5600 Services Gateway SFP or XFP Transceiver | 345
Installing an SRX5600 Services Gateway SFP or XFP Transceiver | 347
Replacing the SRX5600 Services Gateway Cable Manager | 348
Removing the SRX5600 Services Gateway Cable Manager | 348
Installing the SRX5600 Services Gateway Cable Manager | 349
ReplacingaRoutingEngineinanSRXSeriesHigh-EndChassisCluster | 350
Replacing a Routing Engine: USB Flash-Drive Method | 350
Replacing a Routing Engine: External SCP Server Method | 357
Replacing the Routing Engine: File Transfer Method | 364
5TroubleshootingHardware
TroubleshootingtheSRX5600 | 371
Troubleshooting the SRX5600 Services Gateway with the Junos OS CLI | 371
Troubleshooting the SRX5600 Services Gateway with Chassis and Interface Alarm
Messages | 372
Chassis Component Alarm Conditions on SRX5400, SRX5600, and SRX5800 Services
Gateways | 372
Backup Routing Engine Alarms | 387
Troubleshooting the SRX5600 Services Gateway with Alarm Relay Contacts | 389
Troubleshooting the SRX5600 Services Gateway with the Craft Interface LEDs | 389
xii
Troubleshooting the SRX5600 Services Gateway with the Component LEDs | 390
Troubleshooting the SRX5600 Services Gateway Cooling System | 391
Troubleshooting SRX5600 Services Gateway Interface Cards | 391
Troubleshooting SRX5600 Services Gateway MICs and Port Modules | 393
Troubleshooting SRX5600 Services Gateway SPCs | 394
Troubleshooting the SRX5600 Services Gateway Power System | 395
BehavioroftheSRX5400,SRX5600,andSRX5800ServicesGatewaysWhentheSRX5K-SCBE
and SRX5K-RE-1800X4 in a Chassis Cluster Fail | 401
6ContactingCustomerSupportandReturningtheChassisorComponents
ReturningtheSRX5600ChassisorComponents | 404
Contacting Customer Support | 404
Return Procedure for the SRX5600 Services Gateway | 405
Listing the SRX5600 Services Gateway Component Serial Numbers with the CLI | 406
Locating the SRX5600 Services Gateway Chassis Serial Number Label | 407
Locating the SRX5600 Services Gateway Power Supply Serial Number Labels | 407
Locating the SRX5600 Services Gateway Craft Interface Serial Number Label | 408
Information You Might Need to Supply to JTAC | 409
Required Tools and Parts for Packing the SRX5600 Services Gateway | 409
Packing the SRX5600 Services Gateway for Shipment | 410
Packing SRX5600 Services Gateway Components for Shipment | 411
7SafetyandComplianceInformation
GeneralSafetyGuidelinesandWarnings | 414
DefinitionsofSafetyWarningLevels | 415
RestrictedAccessAreaWarning | 419
FireSafetyRequirements | 421
Fire Suppression | 421
Fire Suppression Equipment | 422
QualifiedPersonnelWarning | 423
WarningStatementforNorwayandSweden | 423
InstallationInstructionsWarning | 424
xiii
ChassisandComponentLiftingGuidelines | 424
RampWarning | 425
Rack-MountingandCabinet-MountingWarnings | 425
GroundedEquipmentWarning | 431
LaserandLEDSafetyGuidelinesandWarnings | 432
General Laser Safety Guidelines | 432
Class 1 Laser Product Warning | 433
Class 1 LED Product Warning | 434
Laser Beam Warning | 435
RadiationfromOpenPortAperturesWarning | 436
MaintenanceandOperationalSafetyGuidelinesandWarnings | 437
Battery Handling Warning | 438
Jewelry Removal Warning | 439
Lightning Activity Warning | 441
Operating Temperature Warning | 442
Product Disposal Warning | 444
GeneralElectricalSafetyGuidelinesandWarnings | 445
PreventionofElectrostaticDischargeDamage | 446
ACPowerElectricalSafetyGuidelines | 447
ACPowerDisconnectionWarning | 449
DCPowerElectricalSafetyGuidelines | 450
DC Power Electrical Safety Guidelines | 450
DC Power Disconnection Warning | 452
DC Power Grounding Requirements and Warning | 454
DC Power Wiring Sequence Warning | 456
DC Power Wiring Terminations Warning | 459
DCPowerDisconnectionWarning | 462
DCPowerGroundingRequirementsandWarning | 464
DCPowerWiringSequenceWarning | 466
xiv
DCPowerWiringTerminationsWarning | 469
MultiplePowerSuppliesDisconnectionWarning | 472
TNPowerWarning | 473
ActiontoTakeAfteranElectricalAccident | 473
SRX5600ServicesGatewayAgencyApprovals | 474
SRX5600ServicesGatewayComplianceStatementsforEMCRequirements | 475
Canada | 475
European Community | 475
Israel | 476
Japan | 476
United States | 476
StatementsofVolatilityforJuniperNetworkDevices | 477
xv
AbouttheDocumentation
INTHISSECTION
Documentation and Release Notes | xv
Using the Examples in This Manual | xv
Documentation Conventions | xvii
Documentation Feedback | xx
Requesting Technical Support | xx
Use this guide to install hardware and perform initial software configuration, routine maintenance, and troubleshooting for the SRX5600 Services Gateway.
After completing the installation and basic configuration procedures covered in this guide, refer to the Junos OS documentation for information about further software configuration.
DocumentationandReleaseNotes
To obtain the most current version of all Juniper Networks® technical documentation, see the product documentation page on the Juniper Networks website at https://www.juniper.net/documentation/.
Iftheinformationinthelatestreleasenotesdiffersfromtheinformationinthedocumentation,followthe product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts. These books go beyond the technical documentation to explore the nuances of network architecture, deployment, and administration. The current list can be viewed at https://www.juniper.net/books.
UsingtheExamplesinThisManual
If you want to use the examples in this manual, you can use the loadmerge or the loadmergerelative command. These commands cause the software to merge the incoming configuration into the current candidateconfiguration.Theexampledoesnotbecomeactiveuntilyoucommitthecandidateconfiguration.
xvi
If the example configuration contains the top level of the hierarchy (or multiple hierarchies), the example is a fullexample. In this case, use the loadmerge command.
If the example configuration does not start at the top level of the hierarchy, the example is a snippet. In thiscase,usetheloadmergerelative command.Theseproceduresaredescribedinthefollowingsections.
MergingaFullExample
To merge a full example, follow these steps:
1.From the HTML or PDF version of the manual, copy a configuration example into a text file, save the file with a name, and copy the file to a directory on your routing platform.
For example, copy the following configuration to a file and name the file ex-script.conf. Copy the ex-script.conf file to the /var/tmp directory on your routing platform.
system { scripts {
commit {
file ex-script.xsl;
}
}
}
interfaces { fxp0 {
disable; unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
}
2.Merge the contents of the file into your routing platform configuration by issuing the loadmerge configuration mode command:
[edit]
user@host# loadmerge/var/tmp/ex-script.conf load complete
xvii
MergingaSnippet
To merge a snippet, follow these steps:
1.From the HTML or PDF version of the manual, copy a configuration snippet into a text file, save the file with a name, and copy the file to a directory on your routing platform.
For example, copy the following snippet to a file and name the file ex-script-snippet.conf. Copy the ex-script-snippet.conf file to the /var/tmp directory on your routing platform.
commit {
file ex-script-snippet.xsl; }
2.Movetothehierarchylevelthatisrelevantforthissnippetbyissuingthefollowingconfigurationmode command:
[edit]
user@host# editsystemscripts
[edit system scripts]
3.Merge the contents of the file into your routing platform configuration by issuing the loadmerge relative configuration mode command:
[edit system scripts]
user@host# loadmergerelative/var/tmp/ex-script-snippet.conf load complete
For more information about the load command, see CLI Explorer.
DocumentationConventions
Table 1 on page xviii defines notice icons used in this guide.
xviii
Table1:NoticeIcons |
|
|
Icon |
Meaning |
Description |
|
Informational note |
Indicates important features or instructions. |
|
Caution |
Indicates a situation that might result in loss of data or hardware |
|
|
damage. |
|
Warning |
Alerts you to the risk of personal injury or death. |
|
Laser warning |
Alerts you to the risk of personal injury from a laser. |
|
Tip |
Indicates helpful information. |
|
Best practice |
Alerts you to a recommended use or implementation. |
Table 2 on page xviii defines the text and syntax conventions used in this guide.
Table2:TextandSyntaxConventions
Convention |
Description |
Examples |
Boldtextlikethis |
Represents text that you type. |
To enter configuration mode, type |
|
|
the configure command: |
|
|
user@host> configure |
Fixed-width text like this
Italictextlikethis
Represents output that appears on the terminal screen.
•Introducesoremphasizesimportant new terms.
•Identifies guide names.
•Identifies RFC and Internet draft titles.
user@host> showchassisalarms
No alarms currently active
•A policy term is a named structure that defines match conditions and actions.
•JunosOSCLIUserGuide
•RFC 1997, BGPCommunities Attribute
xix
Table2:TextandSyntaxConventions (continued)
Convention |
Description |
Italictextlikethis |
Represents variables (options for |
|
which you substitute a value) in |
|
commands or configuration |
|
statements. |
Examples
Configure the machine’s domain name:
[edit]
root@# setsystemdomain-name domain-name
Textlikethis |
Represents names of configuration |
|
statements, commands, files, and |
|
directories; configuration hierarchy |
|
levels; or labels on routing platform |
|
components. |
•To configure a stub area, include the stub statement at the [edit protocolsospfareaarea-id] hierarchy level.
•The console port is labeled
CONSOLE.
< > (angle brackets) |
Encloses optional keywords or |
|
variables. |
| (pipe symbol) |
Indicates a choice between the |
|
mutually exclusive keywords or |
|
variablesoneithersideofthesymbol. |
|
The set of choices is often enclosed |
|
in parentheses for clarity. |
stub<default-metric metric>;
broadcast|multicast
(string1 | string2 | string3)
# (pound sign)
[ ] (square brackets)
Indention and braces ( { } )
; (semicolon)
Indicatesacommentspecifiedonthe |
rsvp{#RequiredfordynamicMPLS |
same line as the configuration |
only |
statement to which it applies. |
|
Enclosesavariableforwhichyoucan |
communitynamemembers[ |
substitute one or more values. |
community-ids ] |
Identifies a level in the configuration |
[edit] |
hierarchy. |
routing-options { |
|
static { |
Identifies a leaf statement at a |
route default { |
configuration hierarchy level. |
nexthop address; |
|
retain; |
|
} |
|
} |
|
} |
GUIConventions
xx
Table2:TextandSyntaxConventions (continued) |
|
|
Convention |
Description |
Examples |
Boldtextlikethis |
Represents graphical user interface |
• IntheLogicalInterfacesbox,select |
|
(GUI) items you click or select. |
AllInterfaces. |
|
|
• To cancel the configuration, click |
|
|
Cancel. |
> (bold right angle bracket) |
Separates levels in a hierarchy of |
Intheconfigurationeditorhierarchy, |
|
menu selections. |
select Protocols>Ospf. |
DocumentationFeedback
We encourage you to provide feedback so that we can improve our documentation. You can use either of the following methods:
•Online feedback system—Click TechLibrary Feedback, on the lower right of any page on the Juniper Networks TechLibrary site, and do one of the following:
•Click the thumbs-up icon if the information on the page was helpful to you.
•Click the thumbs-down icon if the information on the page was not helpful to you or if you have suggestions for improvement, and use the pop-up form to provide feedback.
•E-mail—Sendyourcommentstotechpubs-comments@juniper.net.Includethedocumentortopicname, URL or page number, and software version (if applicable).
RequestingTechnicalSupport
TechnicalproductsupportisavailablethroughtheJuniperNetworksTechnicalAssistanceCenter(JTAC). If you are a customer with an active Juniper Care or Partner Support Services support contract, or are
xxi
covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC.
•JTACpolicies—ForacompleteunderstandingofourJTACproceduresandpolicies,reviewtheJTACUser Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
•Productwarranties—Forproductwarrantyinformation,visithttps://www.juniper.net/support/warranty/.
•JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year.
Self-HelpOnlineToolsandResources
Forquickandeasyproblemresolution,JuniperNetworkshasdesignedanonlineself-serviceportalcalled the Customer Support Center (CSC) that provides you with the following features:
•Find CSC offerings: https://www.juniper.net/customers/support/
•Search for known bugs: https://prsearch.juniper.net/
•Find product documentation: https://www.juniper.net/documentation/
•Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/
•Download the latest versions of software and review release notes: https://www.juniper.net/customers/csc/software/
•Search technical bulletins for relevant hardware and software notifications: https://kb.juniper.net/InfoCenter/
•Join and participate in the Juniper Networks Community Forum: https://www.juniper.net/company/communities/
•Create a service request online: https://myjuniper.juniper.net
To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/
CreatingaServiceRequestwithJTAC
You can create a service request with JTAC on the Web or by telephone.
•Visit https://myjuniper.juniper.net.
•Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see https://support.juniper.net/support/requesting-support/.
1
CHAPTER
Overview
SRX5600 Services Gateway System Overview | 23
SRX5600 Chassis | 26
SRX5600 Services Gateway Cooling System Description | 40
SRX3400 and SRX5600 Services Gateways Air Deflector Kits | 43
SRX5600 Power System | 45
SRX5600 Host Subsystem | 61
SRX5600 Line Cards and Modules | 89
23
SRX5600ServicesGatewaySystemOverview
INTHISSECTION
SRX5600 Services Gateway Description | 23
Benefits of the SRX5600 Services Gateway | 24
SRX5600 Services Gateway FRUs | 24
SRX5600 Services Gateway Component Redundancy | 25
SRX5600ServicesGatewayDescription
The SRX5600 Services Gateway is a high-performance, highly scalable, carrier-class security device with multi-processor architecture.
The SRX5600 Services Gateway is 8 rack units (U) tall. Three of these devices can be stacked in a single floor-to-ceiling rack, for increased port density per unit of floor space.
The services gateway provides eight slots that you can populate with two Switch Control Boards (SCBs) and six other cards of the following types:
•Services Processing Cards (SPCs) provide the processing capacity to run integrated services such as firewall, IPsec, and IDP.
•Modular PIC Concentrators (MPCs) provide Ethernet interfaces that connect the services gateway to your network.
•I/O cards (IOCs) provide Ethernet interfaces that connect the services gateway to your network.
•FlexIOCsaresimilartoIOCs,buthaveslotsforportmodulesthatallowyougreaterflexibilityinadding different types of Ethernet ports to your services gateway.
For detailed information about the cards supported by the services gateway, see the SRX5400,SRX5600, andSRX5800ServicesGatewayCardReference at www.juniper.net/documentation/.
24
BenefitsoftheSRX5600ServicesGateway
•The next generation SPCs and IOCs on the SRX5600 Services Gateway support up to 570 IMIX Gbps firewall throughput, 180 million concurrent sessions, and 460 Gbps IPS. Theabilitytosupportuniquesecuritypoliciesperzoneandabilitytoscalewiththegrowthofthenetwork infrastructure,makestheSRX5600anidealdeploymentforconsolidationofservicesinlargeenterprise, service provider, or mobile operator environments.
•IPSCapabilities-JuniperNetworksIPScapabilitiesofferseveraluniquefeaturessuchasProtocoldecodes, Zero-day protection, Active/active traffic monitoring, and packet capture logging per rule assure the highest level of network security.
•ContentSecurityUTMCapabilities-TheUTMservicesofferedontheSRX5000lineofServicesGateways include industry-leading antivirus, antispam, content filtering, and additional content security services.
The UTM services provide sophisticated protection from:
•Antivirus experts against malware attacks that can lead to data breaches and lost productivity.
•Advanced persistent threats perpetrated through social networking attacks and the latest phishing scams with sophisticated e-mail filtering and content blockers.
•LostproductivityandtheimpactofmaliciousURLsandextraneousormaliciouscontentonthenetwork to help maintain bandwidth.
•Advanced Threat Prevention (ATP) - Juniper Sky ATP, a SaaS-based service, and the Juniper ATP Appliance, an on-premises solution:
•Protectsenterpriseusersfromaspectrumofadvancedmalwarethatexploits“zero-day”vulnerabilities.
•Proactively blocks malware communication channels.
•The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and Google Mail, and detects threats in SMB traffic.
•Single pane-of-glass management with Security Director and JSA Series integration.
SRX5600ServicesGatewayFRUs
Field-replaceableunits(FRUs)areservicesgatewaycomponentsthatcanbereplacedatthecustomersite. The services gateway uses the following types of FRUs:
Table3onpage25 liststheFRUsoftheservicesgatewayandtheactiontoperformtoinstall,remove,or replace an FRU.
Table3:Field-ReplaceableUnits
Field-Replaceable Units (FRUs)
Air filter
Fan tray
Craft interface
AC and DC power supplies (if redundant)
SFP and XFP transceivers
IOCs
Flex IOCs
Port modules of the Flex IOCs
Routing Engine
SCBs
SPCs
MPCs
MICs
25
Action
You need not power off the services gateway to install, remove, or replace any of these FRUs.
Powerofftheservicesgatewaytoinstall,remove,orreplaceanyof these FRUs.
SRX5600ServicesGatewayComponentRedundancy
The following major hardware components are redundant:
•SCBs—The host subsystem consists of a Routing Engine installed in an SCB. The device must have one host subsystem installed. You can install a second SCB for redundancy. If a second SCB is installed, the host subsystem SCB functions as the primary and the other functions as the backup. If the SCB of the host subsystem fails, the other SCB takes over as the primary.
•Power supplies—In the low-line (110 V) AC power configuration, the device contains three or four AC powersupplies,locatedhorizontallyattherearofthechassisinslotsPEM0throughPEM3(lefttoright). EachACpowersupplyprovidespowertoallcomponentsinthedevice. Whenthreepowersuppliesare present, they share power almost equally within a fully populated system. Four AC power supplies
26
provide full power redundancy. If one power supply fails or is removed, the remaining power supplies instantly assume the entire electrical load without interruption. Three power supplies provide the maximum configuration with full power for as long as the device is operational.
In the high-line (220 V) AC power configuration, the device contains two or four AC power supplies locatedhorizontallyattherearofthechassisinslotsPEM0throughPEM3(lefttoright).EachACpower supplyprovidespowertoallcomponentsinthedevice. Whentwoormorepowersuppliesarepresent, they share power almost equally within a fully populated system. Four AC power supplies provide full power redundancy. If one power supply fails or is removed, the remaining power supplies instantly assume the entire electrical load without interruption. Two power supplies provide the maximum configuration with full power for as long as the device is operational.
In the DC configuration, two power supplies are required to supply power to a fully configured device. One power supply supports approximately half of the components in the device, and the other power supply supports the remaining components. The addition of two power supplies provides full power redundancy. Ifonepowersupplyfailsorisremoved,theremainingpowersuppliesinstantlyassumethe entireelectricalloadwithoutinterruption.Twopowersuppliesprovidethemaximumconfigurationwith full power for as long as the device is operational.
•Cooling system—The cooling system has redundant components, which are controlled by the host subsystem. If one of the fans fails, the host subsystem increases the speed of the remaining fans to provide sufficient cooling for the services gateway indefinitely.
SRX5600Chassis
INTHISSECTION
SRX5600 Services Gateway Chassis | 27
SRX5600 Services Gateway Physical Specifications | 29
SRX5600 Services Gateway Midplane Description | 30
SRX5600 Services Gateway Cable Manager Description | 31
SRX5600 Services Gateway Craft Interface Overview | 32
SRX5600 Services Gateway Craft Interface Alarm LEDs and Alarm Cutoff/Lamp Test Button | 33
SRX5600 Services Gateway Craft Interface Host Subsystem LEDs | 34
SRX5600 Services Gateway Craft Interface Power Supply LEDs | 35
SRX5600 Services Gateway Craft Interface Card OK/Fail LEDs | 35
SRX5600 Services Gateway Craft Interface Fan LEDs | 35
27
SRX5600 Services Gateway Craft Interface Online Buttons | 36
SRX5600 Services Gateway Craft Interface Alarm Relay Contacts | 39
SRX5600ServicesGatewayChassis
The services gateway chassis is a rigid sheet metal structure that houses all the other components (see Figure1onpage28,Figure2onpage28,andFigure3onpage29).Thechassismeasures14.0in.(35.6cm) high, 17.45 in. (44.3 cm) wide, and 24.5 in. (62.2 cm) deep (from the front to the rear of the chassis). The chassisinstallsinstandard800-mm(orlarger)enclosedcabinets,19-in.equipmentracks,ortelcoopen-frame racks. Uptofiveservicesgatewayscanbeinstalledinonestandard(48U)rackiftherackcanhandletheir combined weight, which can be greater than 1100 lb (500 kg). See “SRX5600 Services Gateway Physical Specifications” on page 29 for physical specifications for the SRX5600 Services Gateway.
CAUTION: Before removing or installing components of a services gateway, attach an ESD strap to an ESD point and place the other end of the strap around your bare wrist. Failure to use an ESD strap can result in damage to the services gateway.
WARNING: The services gateway must be connected to earth ground during normal operation.
28
Figure1:FrontViewofaFullyConfiguredServicesGatewayChassis
SPCs
IOCs
<![if ! IE]><![endif]>g030218
Figure2:RearViewofaFullyConfiguredAC-PoweredServicesGatewayChassis
29
Figure3:RearViewofaFullyConfiguredDC-PoweredServicesGatewayChassis
SRX5600ServicesGatewayPhysicalSpecifications
Table 4 on page 29 summarizes the physical specifications for the services gateway chassis.
Table4:PhysicalSpecifications |
|
Description |
Value |
Chassis dimensions |
14.0 in. (35.6 cm) high |
|
17.45 in. (44.3 cm) wide |
|
24.5 in. (62.2 cm) deep (from front-mounting bracket to |
|
chassis rear) |
|
Total depth (including cable management system): |
|
27.75 in. (70.5 cm) |
Services Gateway weight |
Chassis with midplane, fan tray, air filter, and cable |
|
management system: 65.5 lb (29.7 kg) |
|
Maximum configuration: 220 lb (100 kg) |
Routing Engine weight |
SRX5K-RE-13-20: 2.4 lb (1.1 kg) |
|
SRX5K-RE-1800X4: 2.4 lb (1.1 kg) |
30
Table4:PhysicalSpecifications (continued) |
|
Description |
Value |
SCB weight |
SRX5K-SCB: 9.6 lb (4.4 kg) |
|
SRX5K-SCBE: 9.6 lb (4.4 kg) |
|
SRX5K-SCB3: 10.14 lb (4.6 kg) |
MPC weight (with two MICs) |
13.1 lb (5.9 kg) |
IOC weight |
13.1 lb (5.9 kg) |
Craft interface weight |
1.1 lb (0.5 kg) |
Fan tray weight |
4.2 lb (1.9 kg) |
Air filter weight |
1.0 lb (0.5 kg) |
Cable management weight |
0.3 lb (0.14 kg) |
Standard-capacity DC power supply weight (only |
3.8 lb (1.7 kg) |
supported on devices with SRX5K-SCB and |
|
SRX5K-RE-13-20) |
|
High-capacity DC power supply weight |
6.2 lb (2.8 kg) |
Standard-capacity AC power supply weight (only |
5.0 lb (2.3 kg) |
supported on devices with SRX5K-SCB and |
|
SRX5K-RE-13-20) |
|
High-capacity AC power supply weight |
6.6 lb (3.0 kg) |
SRX5600ServicesGatewayMidplaneDescription
The midplane is located toward the rear of the chassis and forms the rear of the card cage (see Figure 4 on page 31). IOCs, Flex IOCs, SPCs, and SCBs install into the midplane from the front of the
chassis, and the power supplies install into the midplane from the rear of the chassis. The cooling system components also connect to the midplane.
Loading...