Juniper SRX5600 Hardware Guide

SRX5600 Services Gateway Hardware

Published

2020-12-07

Guide

Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in
the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks
are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.

SRX5600 Services Gateway Hardware Guide

Copyright © 2020 Juniper Networks, Inc. All rights reserved.

The information in this document is current as of the date on the title page.

ii

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related
limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

END USER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with)
Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement
(“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you
agree to the terms and conditions of that EULA.

Table of Contents

1

About the Documentation | xv

Documentation and Release Notes | xv

Using the Examples in This Manual | xv

Merging a Full Example | xvi

Merging a Snippet | xvii

Documentation Conventions | xvii

Documentation Feedback | xx

Requesting Technical Support | xx

Self-Help Online Tools and Resources | xxi

Creating a Service Request with JTAC | xxi

iii

Overview

SRX5600 Services Gateway System Overview | 23

SRX5600 Services Gateway Description | 23

Benefits of the SRX5600 Services Gateway | 24

SRX5600 Services Gateway FRUs | 24

SRX5600 Services Gateway Component Redundancy | 25

SRX5600 Chassis | 26

SRX5600 Services Gateway Chassis | 27

SRX5600 Services Gateway Physical Specifications | 29

SRX5600 Services Gateway Midplane Description | 30

SRX5600 Services Gateway Cable Manager Description | 31

SRX5600 Services Gateway Craft Interface Overview | 32

SRX5600 Services Gateway Craft Interface Alarm LEDs and Alarm Cutoff/Lamp Test

Button | 33

SRX5600 Services Gateway Craft Interface Host Subsystem LEDs | 34

SRX5600 Services Gateway Craft Interface Power Supply LEDs | 35

SRX5600 Services Gateway Craft Interface Card OK/Fail LEDs | 35

SRX5600 Services Gateway Craft Interface Fan LEDs | 35

SRX5600 Services Gateway Craft Interface Online Buttons | 36

SRX5600 Services Gateway Craft Interface Alarm Relay Contacts | 39

SRX5600 Services Gateway Cooling System Description | 40

SRX3400 and SRX5600 Services Gateways Air Deflector Kits | 43

SRX5600 Power System | 45

SRX5600 Services Gateway Power System Overview | 45

SRX5600 Services Gateway AC Power Supply | 47

SRX5600 Services Gateway AC Power Supply Specifications | 49

SRX5600 Services Gateway AC Power Supply LEDs | 49

AC Power Cord Specifications for the SRX5600 Services Gateway | 50

AC Power Circuit Breaker Requirements for the SRX5600 Services Gateway | 53

SRX5600 Services Gateway DC Power Supply | 53

SRX5600 Services Gateway DC Power Supply Specifications | 54

SRX5600 Services Gateway DC Power Supply LEDs | 55

iv

DC Power Cable Specifications for the SRX5600 Services Gateway | 56

DC Power Cable Lug Specifications for the SRX5600 Services Gateway | 57

DC Power Circuit Breaker Requirements for the SRX5600 Services Gateway | 57

DC Power Source Cabling for the SRX5600 Services Gateway | 58

SRX5600 Services Gateway Chassis Grounding Point Specifications | 59

SRX5600 Services Gateway Grounding-Cable Lug Specification | 60

SRX5600 Host Subsystem | 61

SRX5600 Services Gateway Host Subsystem Description | 61

Switch Control Board SRX5K-SCB Overview | 62

Switch Control Board SRX5K-SCB Specifications | 63

Switch Control Board SRX5K-SCBE Overview | 66

Switch Control Board SRX5K-SCBE Specifications | 67

SRX5K-SCBE LEDs | 69

Switch Control Board SRX5K-SCB3 Overview | 70

Switch Control Board SRX5K-SCB3 Specifications | 71

SRX5K-SCB3 LEDs | 72

Switch Control Board SRX5K-SCB4 Overview | 73

Switch Control Board SRX5K-SCB4 Specifications | 74

SRX5K-SCB4 LEDs | 76

Routing Engine SRX5K-RE-1800X4 Overview | 77

SRX5K-RE-1800X4 Routing Engine Boot Sequence | 78

Routing Engine SRX5K-RE-1800X4 Specifications | 78

SRX5K-RE-1800X4 LEDs | 80

Routing Engine SRX5K-RE-13-20 Overview | 81

Routing Engine SRX5K-RE-13-20 Specifications | 82

Routing Engine SRX5K-RE3-128G Specifications | 85

SRX5K-RE3-128G Routing Engine Components | 87

SRX5K-RE3-128G Routing Engine LEDs | 88

SRX5K-RE3-128G Routing Engine Boot Sequence | 89

SRX5600 Line Cards and Modules | 89

SRX5400, SRX5600, and SRX5800 Services Gateway Card Overview | 90

SRX5600 Services Gateway Card Terminology | 91

v

Cards Supported on SRX5400, SRX5600, and SRX5800 Services Gateways | 92

SRX5600 Services Gateway Card Cage and Slots | 96

SRX5600 Services Gateway SPC Description | 96

Services Processing Card SRX5K-SPC-2-10-40 Specifications | 97

Services Processing Card SRX5K-SPC-4-15-320 Specifications | 102

Services Processing Card SRX5K-SPC3 Specifications | 107

SRX5600 Services Gateway Interface Card Description | 111

Modular Port Concentrator (SRX5K-MPC) Specifications | 113

SRX5K-MPC3-40G10G Specifications | 116

SRX5K-MPC3-100G10G Specifications | 119

MIC with 20x1GE SFP Interfaces (SRX-MIC-20GE-SFP) | 122

MIC with 10x10GE SFP+ Interfaces (SRX-MIC-10XG-SFPP) | 128

MIC with 1x100GE CFP Interface (SRX-MIC-1X100G-CFP) | 133

MIC with 2x40GE QSFP+ Interfaces (SRX-MIC-2X40G-QSFP) | 135

SRX5K-IOC4-10G Specifications | 136

SRX5K-IOC4-MRAT Specifications | 139

I/O Card SRX5K-40GE-SFP Specifications | 143

I/O Card SRX5K-4XGE-XFP Specifications | 145

Flex I/O Card (SRX5K-FPC-IOC) Specifications | 147

Flex I/O Card Port Module SRX-IOC-16GE-SFP Specifications | 149

Flex I/O Card Port Module SRX-IOC-16GE-TX Specifications | 151

Flex I/O Card Port Module SRX-IOC-4XGE-XFP Specifications | 152

2

Site Planning, Preparation, and Specifications

Site Preparation Checklist for the SRX5600 Services Gateway | 156

SRX5600 Site Guidelines and Requirements | 157

SRX5600 Services Gateway Environmental Specifications | 157

General Site Guidelines | 158

Site Electrical Wiring Guidelines | 159

Clearance Requirements for SRX5600 Services Gateway Airflow and Hardware

Maintenance | 160

SRX5600 Rack and Cabinet Requirements | 161

SRX5600 Services Gateway Rack Size and Strength Requirements | 161

Spacing of Rack Mounting Bracket Holes for the SRX5600 Services Gateway | 162

Connection to Building Structure for the SRX5600 Services Gateway Rack | 162

vi

SRX5600 Services Gateway Cabinet Size and Clearance Requirements | 162

SRX5600 Services Gateway Cabinet Airflow Requirements | 163

Calculating Power Requirements for the SRX5600 Services Gateway | 163

SRX5600 Network Cable and Transceiver Planning | 175

Routing Engine Interface Cable and Wire Specifications for the SRX5600 Services Gateway | 175

Signal Loss in Multimode and Single-Mode Fiber-Optic Cable for the SRX5600 Services

Gateway | 176

Attenuation and Dispersion in Fiber-Optic Cable for the SRX5600 Services Gateway | 176

Calculating Power Budget for Fiber-Optic Cable for the SRX5600 Services Gateway | 177

Calculating Power Margin for Fiber-Optic Cable for the SRX5600 Services Gateway | 178

SRX5600 Alarm and Management Cable Specifications and Pinouts | 179

Alarm Relay Contact Wire Specifications for the SRX5600 Services Gateway | 180

Console Port Cable and Wire Specifications for the SRX5600 Services Gateway | 180

RJ-45 Connector Pinouts for the SRX5600 Services Gateway Routing Engine Ethernet Port | 180

RJ-45 Connector Pinouts for the SRX5600 Services Gateway Routing Engine Auxiliary and

Console Ports | 181

Initial Installation and Configuration

3

Overview of Installing the SRX5600 Services Gateway | 184

Unpacking the SRX5600 | 185

Tools and Parts Required to Unpack the SRX5600 Services Gateway | 185

Unpacking the SRX5600 Services Gateway | 185

Verifying the SRX5600 Services Gateway Parts Received | 187

Installing the SRX5600 Mounting Hardware | 189

Installing the SRX5600 Services Gateway Mounting Hardware for a Rack or Cabinet | 189

Moving the Mounting Brackets for Center-Mounting the SRX5600 Services Gateway | 192

Installing the SRX5600 Using a Mechanical Lift | 193

Tools Required to Install the SRX5600 Services Gateway with a Mechanical Lift | 193

Installing the SRX5600 Services Gateway Using a Mechanical Lift | 194

vii

Installing the SRX5600 Without a Mechanical Lift | 196

Overview of Installing the SRX5600 Services Gateway Without a Mechanical Lift | 196

Tools Required to Install the SRX5600 Services Gateway Without a Mechanical Lift | 197

Removing Components from the SRX5600 Chassis Before Installing It Without a Lift | 197

Removing the Power Supplies Before Installing the SRX5600 Services Gateway Without

a Lift | 197

Removing the Fan Tray Before Installing an SRX5600 Services Gateway Without a Lift | 198

Removing Cards Before Installing an SRX5600 Services Gateway Without a Lift | 199

Installing the SRX5600 Services Gateway Chassis in the Rack Manually | 202

Reinstalling Components in the SRX5600 Services Gateway Chassis After Installing It Without

a Lift | 204

Reinstalling Power Supplies After Installing the SRX5600 Services Gateway Without a

Lift | 204

Reinstalling the Fan Tray After Installing the SRX5600 Services Gateway Without a Lift | 205

Reinstalling SCBs After Installing the SRX5600 Services Gateway Without a Lift | 206

Reinstalling IOCs, Flex IOCs, and SPCs After Installing the SRX5600 Services Gateway

Without a Lift | 207

Connecting the SRX5600 to External Devices | 208

4

Tools and Parts Required for SRX5600 Services Gateway Connections | 208

Connecting the SRX5600 Services Gateway to a Management Console or an Auxiliary

Device | 209

Connecting the SRX5600 Services Gateway to a Network for Out-of-Band Management | 210

Connecting an SRX5600 Services Gateway to an External Alarm-Reporting Device | 211

Connecting Network Cables to SRX5600 Services Gateway IOCs and Port Modules | 212

Connecting the SRX5600 to Power | 214

Tools and Parts Required for SRX5600 Services Gateway Grounding and Power

Connections | 214

Grounding the SRX5600 Services Gateway | 215

Connecting Power to an AC-Powered SRX5600 Services Gateway | 216

Powering On an AC-Powered SRX5600 Services Gateway | 218

Connecting Power to a DC-Powered SRX5600 Services Gateway | 219

viii

Powering On a DC-Powered SRX5600 Services Gateway | 221

Powering Off the SRX5600 Services Gateway | 223

Performing the Initial Software Configuration for the SRX5600 | 224

SRX5600 Services Gateway Software Configuration Overview | 224

Initially Configuring the SRX5600 Services Gateway | 225

Performing Initial Software Configuration Using J-Web | 230

Configuring Root Authentication and the Management Interface from the CLI | 230

Configuring Interfaces, Zones, and Policies with J-Web | 232

Maintaining Components

Maintaining the SRX5600 Chassis | 237

Routine Maintenance Procedures for the SRX5600 Services Gateway | 237

Replacing the SRX5600 Services Gateway Craft Interface | 237

Disconnecting the Alarm Relay Wires from the SRX5600 Services Gateway Craft

Interface | 237

Removing the SRX5600 Services Gateway Craft Interface | 238

Installing the SRX5600 Services Gateway Craft Interface | 239

Connecting the Alarm Relay Wires to the SRX5600 Services Gateway Craft Interface | 240

Maintaining the SRX5600 Cooling System | 241

Maintaining the Fan Tray on the SRX5600 Services Gateway | 241

Replacing the SRX5600 Services Gateway Fan Tray | 242

Removing the SRX5600 Services Gateway Fan Tray | 242

Installing the SRX5600 Services Gateway Fan Tray | 243

Maintaining the Air Filter on the SRX5600 Services Gateway | 244

Replacing the SRX5600 Services Gateway Air Filter | 245

Removing the SRX5600 Services Gateway Air Filter | 245

Installing the SRX5600 Services Gateway Air Filter | 246

Maintaining the SRX5600 Power System | 247

Maintaining SRX5600 Services Gateway Power Supplies | 247

Replacing an SRX5600 Services Gateway AC Power Supply | 248

ix

Removing an SRX5600 Services Gateway AC Power Supply | 249

Installing an SRX5600 Services Gateway AC Power Supply | 250

Replacing an SRX5600 Services Gateway AC Power Supply Cord | 251

Disconnecting an SRX5600 Services Gateway AC Power Supply Cord | 252

Connecting an SRX5600 Services Gateway AC Power Supply Cord | 252

Replacing an SRX5600 Services Gateway DC Power Supply | 253

Removing an SRX5600 Services Gateway DC Power Supply | 253

Installing an SRX5600 Services Gateway DC Power Supply | 254

Replacing an SRX5600 Services Gateway DC Power Supply Cable | 257

Disconnecting an SRX5600 Services Gateway DC Power Supply Cable | 257

Connecting an SRX5600 Services Gateway DC Power Supply Cable | 258

Upgrading an SRX5600 Services Gateway from Standard-Capacity to High-Capacity Power

Supplies | 259

Maintaining the SRX5600 Host Subsystem | 263

Maintaining the SRX5600 Services Gateway Host Subsystem and SCBs | 263

Taking the SRX5600 Services Gateway Host Subsystem Offline | 265

Operating and Positioning the SRX5600 Services Gateway SCB Ejectors | 266

Replacing an SRX5600 Services Gateway SCB | 266

Removing an SRX5600 Services Gateway SCB | 267

Installing an SRX5600 Services Gateway SCB | 268

Replacing the SRX5600 Services Gateway Routing Engine | 270

Removing the SRX5600 Services Gateway Routing Engine | 270

Installing the SRX5600 Services Gateway Routing Engine | 271

Low Impact Hardware Upgrade for SCB3 and IOC3 | 274

In-Service Hardware Upgrade for SRX5K-RE-1800X4 and SRX5K-SCBE or SRX5K-RE-1800X4

and SRX5K-SCB3 in a Chassis Cluster | 292

Maintaining the SRX5600 Line Cards and Modules | 296

x

Maintaining Interface Cards and SPCs on the SRX5600 Services Gateway | 297

Holding an SRX5600 Services Gateway Card | 299

Storing an SRX5600 Services Gateway Card | 301

Replacing SRX5600 Services Gateway IOCs | 302

Removing an SRX5600 Services Gateway IOC | 302

Installing an SRX5600 Services Gateway IOC | 304

Replacing SRX5600 Services Gateway Flex IOCs | 307

Removing an SRX5600 Services Gateway Flex IOC | 307

Installing an SRX5600 Services Gateway Flex IOC | 310

Replacing SRX5600 Services Gateway SPCs | 312

Removing an SRX5600 Services Gateway SPC | 312

Installing an SRX5600 Services Gateway SPC | 314

Replacing SPCs in an Operating SRX5400, SRX5600, or SRX5800 Services Gateways Chassis

Cluster | 317

In-Service Hardware Upgrade for SRX5K-SPC3 in a Chassis Cluster | 320

Maintaining MICs and Port Modules on the SRX5600 Services Gateway | 323

Replacing SRX5600 Services Gateway MICs | 324

Removing an SRX5600 Services Gateway MIC | 324

Installing an SRX5600 Services Gateway MIC | 326

Replacing SRX5600 Services Gateway Port Modules | 328

5

Removing an SRX5600 Services Gateway Port Module | 328

Installing an SRX5600 Services Gateway Port Module | 330

Replacing SRX5600 Services Gateway MPCs | 332

Removing an SRX5600 Services Gateway MPC | 333

Installing an SRX5600 Services Gateway MPC | 335

Maintaining the SRX5600 Cables and Connectors | 337

Maintaining SRX5600 Services Gateway Network Cables | 337

Replacing the Management Ethernet Cable on the SRX5600 Services Gateway | 339

Replacing the SRX5600 Services Gateway Console or Auxiliary Cable | 340

Replacing an SRX5600 Services Gateway Network Interface Cable | 341

Removing an SRX5600 Services Gateway Network Interface Cable | 341

Installing an SRX5600 Services Gateway Network Interface Cable | 343

xi

Replacing SRX5600 Services Gateway XFP and SFP Transceivers | 345

Removing an SRX5600 Services Gateway SFP or XFP Transceiver | 345

Installing an SRX5600 Services Gateway SFP or XFP Transceiver | 347

Replacing the SRX5600 Services Gateway Cable Manager | 348

Removing the SRX5600 Services Gateway Cable Manager | 348

Installing the SRX5600 Services Gateway Cable Manager | 349

Replacing a Routing Engine in an SRX Series High-End Chassis Cluster | 350

Replacing a Routing Engine: USB Flash-Drive Method | 350

Replacing a Routing Engine: External SCP Server Method | 357

Replacing the Routing Engine: File Transfer Method | 364

Troubleshooting Hardware

Troubleshooting the SRX5600 | 371

Troubleshooting the SRX5600 Services Gateway with the Junos OS CLI | 371

Troubleshooting the SRX5600 Services Gateway with Chassis and Interface Alarm

Messages | 372

Chassis Component Alarm Conditions on SRX5400, SRX5600, and SRX5800 Services

Gateways | 372

Backup Routing Engine Alarms | 387

Troubleshooting the SRX5600 Services Gateway with Alarm Relay Contacts | 389

Troubleshooting the SRX5600 Services Gateway with the Craft Interface LEDs | 389

Troubleshooting the SRX5600 Services Gateway with the Component LEDs | 390

6

7

Troubleshooting the SRX5600 Services Gateway Cooling System | 391

Troubleshooting SRX5600 Services Gateway Interface Cards | 391

Troubleshooting SRX5600 Services Gateway MICs and Port Modules | 393

Troubleshooting SRX5600 Services Gateway SPCs | 394

Troubleshooting the SRX5600 Services Gateway Power System | 395

Behavior of the SRX5400, SRX5600, and SRX5800 Services Gateways When the SRX5K-SCBE

and SRX5K-RE-1800X4 in a Chassis Cluster Fail | 401

Contacting Customer Support and Returning the Chassis or Components

Returning the SRX5600 Chassis or Components | 404

Contacting Customer Support | 404

Return Procedure for the SRX5600 Services Gateway | 405

Listing the SRX5600 Services Gateway Component Serial Numbers with the CLI | 406

xii

Locating the SRX5600 Services Gateway Chassis Serial Number Label | 407

Locating the SRX5600 Services Gateway Power Supply Serial Number Labels | 407

Locating the SRX5600 Services Gateway Craft Interface Serial Number Label | 408

Information You Might Need to Supply to JTAC | 409

Required Tools and Parts for Packing the SRX5600 Services Gateway | 409

Packing the SRX5600 Services Gateway for Shipment | 410

Packing SRX5600 Services Gateway Components for Shipment | 411

Safety and Compliance Information

General Safety Guidelines and Warnings | 414

Definitions of Safety Warning Levels | 415

Restricted Access Area Warning | 419

Fire Safety Requirements | 421

Fire Suppression | 421

Fire Suppression Equipment | 422

Qualified Personnel Warning | 423

Warning Statement for Norway and Sweden | 423

Installation Instructions Warning | 424

Chassis and Component Lifting Guidelines | 424

Ramp Warning | 425

Rack-Mounting and Cabinet-Mounting Warnings | 425

Grounded Equipment Warning | 431

Laser and LED Safety Guidelines and Warnings | 432

General Laser Safety Guidelines | 432

Class 1 Laser Product Warning | 433

Class 1 LED Product Warning | 434

Laser Beam Warning | 435

Radiation from Open Port Apertures Warning | 436

Maintenance and Operational Safety Guidelines and Warnings | 437

xiii

Battery Handling Warning | 438

Jewelry Removal Warning | 439

Lightning Activity Warning | 441

Operating Temperature Warning | 442

Product Disposal Warning | 444

General Electrical Safety Guidelines and Warnings | 445

Prevention of Electrostatic Discharge Damage | 446

AC Power Electrical Safety Guidelines | 447

AC Power Disconnection Warning | 449

DC Power Electrical Safety Guidelines | 450

DC Power Electrical Safety Guidelines | 450

DC Power Disconnection Warning | 452

DC Power Grounding Requirements and Warning | 454

DC Power Wiring Sequence Warning | 456

DC Power Wiring Terminations Warning | 459

DC Power Disconnection Warning | 462

DC Power Grounding Requirements and Warning | 464

DC Power Wiring Sequence Warning | 466

DC Power Wiring Terminations Warning | 469

Multiple Power Supplies Disconnection Warning | 472

TN Power Warning | 473

Action to Take After an Electrical Accident | 473

SRX5600 Services Gateway Agency Approvals | 474

SRX5600 Services Gateway Compliance Statements for EMC Requirements | 475

Canada | 475

European Community | 475

Israel | 476

Japan | 476

United States | 476

xiv

Statements of Volatility for Juniper Network Devices | 477

About the Documentation

IN THIS SECTION

Documentation and Release Notes | xv

Using the Examples in This Manual | xv

Documentation Conventions | xvii

Documentation Feedback | xx

Requesting Technical Support | xx

Use this guide to install hardware and perform initial software configuration, routine maintenance, and
troubleshooting for the SRX5600 Services Gateway.

xv

After completing the installation and basic configuration procedures covered in this guide, refer to the
Junos OS documentation for information about further software configuration.

Documentation and Release Notes

To obtain the most current version of all Juniper Networks®technical documentation, see the product
documentation page on the Juniper Networks website at https://www.juniper.net/documentation/.

If the information in the latest release notes differs from the information in the documentation, follow the
product Release Notes.

Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts.
These books go beyond the technical documentation to explore the nuances of network architecture,
deployment, and administration. The current list can be viewed at https://www.juniper.net/books.

Using the Examples in This Manual

If you want to use the examples in this manual, you can use the load merge or the load merge relative
command. These commands cause the software to merge the incoming configuration into the current
candidate configuration. The example does not become active until you commit the candidate configuration.

If the example configuration contains the top level of the hierarchy (or multiple hierarchies), the example
is a full example. In this case, use the load merge command.

If the example configuration does not start at the top level of the hierarchy, the example is a snippet. In
this case, use the load merge relative command. These procedures are described in the following sections.

Merging a Full Example

To merge a full example, follow these steps:

1. From the HTML or PDF version of the manual, copy a configuration example into a text file, save the
file with a name, and copy the file to a directory on your routing platform.

For example, copy the following configuration to a file and name the file ex-script.conf. Copy the
ex-script.conf file to the /var/tmp directory on your routing platform.

system {

scripts {

commit {

file ex-script.xsl;

}

}
}
interfaces {

fxp0 {

disable;
unit 0 {

family inet {

address 10.0.0.1/24;

}

}

}
}

xvi

2. Merge the contents of the file into your routing platform configuration by issuing the load merge
configuration mode command:

[edit]
user@host# load merge /var/tmp/ex-script.conf
load complete

Merging a Snippet

To merge a snippet, follow these steps:

1. From the HTML or PDF version of the manual, copy a configuration snippet into a text file, save the
file with a name, and copy the file to a directory on your routing platform.

For example, copy the following snippet to a file and name the file ex-script-snippet.conf. Copy the
ex-script-snippet.conf file to the /var/tmp directory on your routing platform.

commit {

file ex-script-snippet.xsl; }

2. Move to the hierarchy level that is relevant for this snippet by issuing the following configuration mode
command:

[edit]
user@host# edit system scripts
[edit system scripts]

xvii

3. Merge the contents of the file into your routing platform configuration by issuing the load merge
relative configuration mode command:

[edit system scripts]
user@host# load merge relative /var/tmp/ex-script-snippet.conf
load complete

For more information about the load command, see CLI Explorer.

Documentation Conventions

Table 1 on page xviii defines notice icons used in this guide.

Table 1: Notice Icons

xviii

DescriptionMeaningIcon

Indicates important features or instructions.Informational note

Caution

Indicates a situation that might result in loss of data or hardware
damage.

Alerts you to the risk of personal injury or death.Warning

Alerts you to the risk of personal injury from a laser.Laser warning

Indicates helpful information.Tip

Alerts you to a recommended use or implementation.Best practice

Table 2 on page xviii defines the text and syntax conventions used in this guide.

Table 2: Text and Syntax Conventions

ExamplesDescriptionConvention

Fixed-width text like this

Italic text like this

Represents text that you type.Bold text like this

Represents output that appears on
the terminal screen.

Introduces or emphasizes important

•

new terms.

Identifies guide names.

•

Identifies RFC and Internet draft

•

titles.

To enter configuration mode, type
the configure command:

user@host> configure

user@host> show chassis alarms

No alarms currently active

A policy term is a named structure

•

that defines match conditions and
actions.

Junos OS CLI User Guide

•

RFC 1997, BGP Communities

•

Attribute

Table 2: Text and Syntax Conventions (continued)

xix

ExamplesDescriptionConvention

Italic text like this

Text like this

< > (angle brackets)

| (pipe symbol)

Represents variables (options for
which you substitute a value) in
commands or configuration
statements.

Represents names of configuration
statements, commands, files, and
directories; configuration hierarchy
levels; or labels on routing platform
components.

variables.

Indicates a choice between the
mutually exclusive keywords or
variables on either side of the symbol.
The set of choices is often enclosed
in parentheses for clarity.

Configure the machine’s domain
name:

[edit]
root@# set system domain-name

domain-name

To configure a stub area, include

•

the stub statement at the [edit
protocols ospf area area-id]

hierarchy level.

The console port is labeled

•

CONSOLE.

stub <default-metric metric>;Encloses optional keywords or

broadcast | multicast

(string1 | string2 | string3)

# (pound sign)

[ ] (square brackets)

Indention and braces ( { } )

; (semicolon)

GUI Conventions

Indicates a comment specified on the
same line as the configuration
statement to which it applies.

Encloses a variable for which you can
substitute one or more values.

Identifies a level in the configuration
hierarchy.

Identifies a leaf statement at a
configuration hierarchy level.

rsvp { # Required for dynamic MPLS
only

community name members [
community-ids ]

[edit]
routing-options {

static {

route default {

nexthop address;
retain;

}

}

}

Table 2: Text and Syntax Conventions (continued)

xx

ExamplesDescriptionConvention

Bold text like this

> (bold right angle bracket)

Represents graphical user interface
(GUI) items you click or select.

Separates levels in a hierarchy of
menu selections.

In the Logical Interfaces box, select

•

All Interfaces.

To cancel the configuration, click

•

Cancel.

In the configuration editor hierarchy,
select Protocols>Ospf.

Documentation Feedback

We encourage you to provide feedback so that we can improve our documentation. You can use either
of the following methods:

Online feedback system—Click TechLibrary Feedback, on the lower right of any page on the Juniper

•

Networks TechLibrary site, and do one of the following:

Click the thumbs-up icon if the information on the page was helpful to you.

•

Click the thumbs-down icon if the information on the page was not helpful to you or if you have

•

suggestions for improvement, and use the pop-up form to provide feedback.

E-mail—Send your comments to techpubs-comments@juniper.net. Include the document or topic name,

•

URL or page number, and software version (if applicable).

Requesting Technical Support

Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC).
If you are a customer with an active Juniper Care or Partner Support Services support contract, or are

covered under warranty, and need post-sales technical support, you can access our tools and resources
online or open a case with JTAC.

JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User

•

Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.

Product warranties—For product warranty information, visit https://www.juniper.net/support/warranty/.

•

JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week,

•

365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called
the Customer Support Center (CSC) that provides you with the following features:

Find CSC offerings: https://www.juniper.net/customers/support/

•

Search for known bugs: https://prsearch.juniper.net/

•

xxi

Find product documentation: https://www.juniper.net/documentation/

•

Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/

•

Download the latest versions of software and review release notes:

•

https://www.juniper.net/customers/csc/software/

Search technical bulletins for relevant hardware and software notifications:

•

https://kb.juniper.net/InfoCenter/

Join and participate in the Juniper Networks Community Forum:

•

https://www.juniper.net/company/communities/

Create a service request online: https://myjuniper.juniper.net

•

To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool:

https://entitlementsearch.juniper.net/entitlementsearch/

Creating a Service Request with JTAC

You can create a service request with JTAC on the Web or by telephone.

Visit https://myjuniper.juniper.net.

•

Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

•

For international or direct-dial options in countries without toll-free numbers, see

https://support.juniper.net/support/requesting-support/.

1

CHAPTER

Overview

SRX5600 Services Gateway System Overview | 23

SRX5600 Chassis | 26

SRX5600 Services Gateway Cooling System Description | 40

SRX3400 and SRX5600 Services Gateways Air Deflector Kits | 43

SRX5600 Power System | 45

SRX5600 Host Subsystem | 61

SRX5600 Line Cards and Modules | 89

SRX5600 Services Gateway System Overview

IN THIS SECTION

SRX5600 Services Gateway Description | 23

Benefits of the SRX5600 Services Gateway | 24

SRX5600 Services Gateway FRUs | 24

SRX5600 Services Gateway Component Redundancy | 25

SRX5600 Services Gateway Description

23

The SRX5600 Services Gateway is a high-performance, highly scalable, carrier-class security device with
multi-processor architecture.

The SRX5600 Services Gateway is 8 rack units (U) tall. Three of these devices can be stacked in a single
floor-to-ceiling rack, for increased port density per unit of floor space.

The services gateway provides eight slots that you can populate with two Switch Control Boards (SCBs)
and six other cards of the following types:

Services Processing Cards (SPCs) provide the processing capacity to run integrated services such as

•

firewall, IPsec, and IDP.

Modular PIC Concentrators (MPCs) provide Ethernet interfaces that connect the services gateway to

•

your network.

I/O cards (IOCs) provide Ethernet interfaces that connect the services gateway to your network.

•

Flex IOCs are similar to IOCs, but have slots for port modules that allow you greater flexibility in adding

•

different types of Ethernet ports to your services gateway.

For detailed information about the cards supported by the services gateway, see the SRX5400, SRX5600,

and SRX5800 Services Gateway Card Reference at www.juniper.net/documentation/.

Benefits of the SRX5600 Services Gateway

The next generation SPCs and IOCs on the SRX5600 Services Gateway support up to 570 IMIX Gbps

•

firewall throughput, 180 million concurrent sessions, and 460 Gbps IPS.
The ability to support unique security policies per zone and ability to scale with the growth of the network
infrastructure, makes the SRX5600 an ideal deployment for consolidation of services in large enterprise,
service provider, or mobile operator environments.

IPS Capabilities - Juniper Networks IPS capabilities offer several unique features such as Protocol decodes,

•

Zero-day protection, Active/active traffic monitoring, and packet capture logging per rule assure the
highest level of network security.

Content Security UTM Capabilities - The UTM services offered on the SRX5000 line of Services Gateways

•

include industry-leading antivirus, antispam, content filtering, and additional content security services.

The UTM services provide sophisticated protection from:

Antivirus experts against malware attacks that can lead to data breaches and lost productivity.

•

Advanced persistent threats perpetrated through social networking attacks and the latest phishing

•

scams with sophisticated e-mail filtering and content blockers.

24

Lost productivity and the impact of malicious URLs and extraneous or malicious content on the network

•

to help maintain bandwidth.

Advanced Threat Prevention (ATP) - Juniper Sky ATP, a SaaS-based service, and the Juniper ATP

•

Appliance, an on-premises solution:

Protects enterprise users from a spectrum of advanced malware that exploits “zero-day” vulnerabilities.

•

Proactively blocks malware communication channels.

•

The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and

•

Google Mail, and detects threats in SMB traffic.

Single pane-of-glass management with Security Director and JSA Series integration.

•

SRX5600 Services Gateway FRUs

Field-replaceable units (FRUs) are services gateway components that can be replaced at the customer site.
The services gateway uses the following types of FRUs:

Table 3 on page 25 lists the FRUs of the services gateway and the action to perform to install, remove, or

replace an FRU.

Table 3: Field-Replaceable Units

25

ActionField-Replaceable Units (FRUs)

Air filter

Fan tray

Craft interface

AC and DC power supplies (if redundant)

SFP and XFP transceivers

IOCs

Flex IOCs

Port modules of the Flex IOCs

Routing Engine

SCBs

SPCs

You need not power off the services gateway to install, remove, or
replace any of these FRUs.

Power off the services gateway to install, remove, or replace any of
these FRUs.

MPCs

MICs

SRX5600 Services Gateway Component Redundancy

The following major hardware components are redundant:

SCBs—The host subsystem consists of a Routing Engine installed in an SCB. The device must have one

•

host subsystem installed. You can install a second SCB for redundancy. If a second SCB is installed, the
host subsystem SCB functions as the primary and the other functions as the backup. If the SCB of the
host subsystem fails, the other SCB takes over as the primary.

Power supplies—In the low-line (110 V) AC power configuration, the device contains three or four AC

•

power supplies, located horizontally at the rear of the chassis in slots PEM0 through PEM3 (left to right).
Each AC power supply provides power to all components in the device. When three power supplies are
present, they share power almost equally within a fully populated system. Four AC power supplies

provide full power redundancy. If one power supply fails or is removed, the remaining power supplies
instantly assume the entire electrical load without interruption. Three power supplies provide the
maximum configuration with full power for as long as the device is operational.

In the high-line (220 V) AC power configuration, the device contains two or four AC power supplies
located horizontally at the rear of the chassis in slots PEM0 through PEM3 (left to right). Each AC power
supply provides power to all components in the device. When two or more power supplies are present,
they share power almost equally within a fully populated system. Four AC power supplies provide full
power redundancy. If one power supply fails or is removed, the remaining power supplies instantly
assume the entire electrical load without interruption. Two power supplies provide the maximum
configuration with full power for as long as the device is operational.

In the DC configuration, two power supplies are required to supply power to a fully configured device.
One power supply supports approximately half of the components in the device, and the other power
supply supports the remaining components. The addition of two power supplies provides full power
redundancy. If one power supply fails or is removed, the remaining power supplies instantly assume the
entire electrical load without interruption. Two power supplies provide the maximum configuration with
full power for as long as the device is operational.

26

Cooling system—The cooling system has redundant components, which are controlled by the host

•

subsystem. If one of the fans fails, the host subsystem increases the speed of the remaining fans to
provide sufficient cooling for the services gateway indefinitely.

SRX5600 Chassis

IN THIS SECTION

SRX5600 Services Gateway Chassis | 27

SRX5600 Services Gateway Physical Specifications | 29

SRX5600 Services Gateway Midplane Description | 30

SRX5600 Services Gateway Cable Manager Description | 31

SRX5600 Services Gateway Craft Interface Overview | 32

SRX5600 Services Gateway Craft Interface Alarm LEDs and Alarm Cutoff/Lamp Test Button | 33

SRX5600 Services Gateway Craft Interface Host Subsystem LEDs | 34

SRX5600 Services Gateway Craft Interface Power Supply LEDs | 35

SRX5600 Services Gateway Craft Interface Card OK/Fail LEDs | 35

SRX5600 Services Gateway Craft Interface Fan LEDs | 35

SRX5600 Services Gateway Craft Interface Online Buttons | 36

SRX5600 Services Gateway Craft Interface Alarm Relay Contacts | 39

SRX5600 Services Gateway Chassis

The services gateway chassis is a rigid sheet metal structure that houses all the other components (see

Figure 1 on page 28, Figure 2 on page 28, and Figure 3 on page 29). The chassis measures 14.0 in. (35.6 cm)

high, 17.45 in. (44.3 cm) wide, and 24.5 in. (62.2 cm) deep (from the front to the rear of the chassis). The
chassis installs in standard 800-mm (or larger) enclosed cabinets, 19-in. equipment racks, or telco open-frame
racks. Up to five services gateways can be installed in one standard (48 U) rack if the rack can handle their
combined weight, which can be greater than 1100 lb (500 kg). See “SRX5600 Services Gateway Physical

Specifications” on page 29 for physical specifications for the SRX5600 Services Gateway.

27

CAUTION: Before removing or installing components of a services gateway, attach

an ESD strap to an ESD point and place the other end of the strap around your bare
wrist. Failure to use an ESD strap can result in damage to the services gateway.

WARNING: The services gateway must be connected to earth ground during normal

operation.

Figure 1: Front View of a Fully Configured Services Gateway Chassis

STATUS

SPU0

SERVICE

STATUS

SPU1

SERVICE

HA

OK/FAIL

CHASSISCLUSTER
CONTROL0

ENABLE

LINK/ACT

CHASSISCLUSTER
CONTROL1

ENABLE

LINK/ACT

STATUS

SPU0

SERVICE

STATUS

SPU1

SERVICE

HA

OK/FAIL

CHASSISCLUSTER
CONTROL0

ENABLE

LINK/ACT

CHASSISCLUSTER
CONTROL1

ENABLE

LINK/ACT

SPCs

g030218

IOCs

28

Figure 2: Rear View of a Fully Configured AC-Powered Services Gateway Chassis

Figure 3: Rear View of a Fully Configured DC-Powered Services Gateway Chassis

29

SRX5600 Services Gateway Physical Specifications

Table 4 on page 29 summarizes the physical specifications for the services gateway chassis.

Table 4: Physical Specifications

ValueDescription

Chassis dimensions

Services Gateway weight

14.0 in. (35.6 cm) high

17.45 in. (44.3 cm) wide

24.5 in. (62.2 cm) deep (from front-mounting bracket to
chassis rear)

Total depth (including cable management system):

27.75 in. (70.5 cm)

Chassis with midplane, fan tray, air filter, and cable
management system: 65.5 lb (29.7 kg)

Maximum configuration: 220 lb (100 kg)

Routing Engine weight

SRX5K-RE-13-20: 2.4 lb (1.1 kg)

SRX5K-RE-1800X4: 2.4 lb (1.1 kg)

Table 4: Physical Specifications (continued)

30

ValueDescription

SCB weight

supported on devices with SRX5K-SCB and
SRX5K-RE-13-20)

SRX5K-SCB: 9.6 lb (4.4 kg)

SRX5K-SCBE: 9.6 lb (4.4 kg)

SRX5K-SCB3: 10.14 lb (4.6 kg)

13.1 lb (5.9 kg)MPC weight (with two MICs)

13.1 lb (5.9 kg)IOC weight

1.1 lb (0.5 kg)Craft interface weight

4.2 lb (1.9 kg)Fan tray weight

1.0 lb (0.5 kg)Air filter weight

0.3 lb (0.14 kg)Cable management weight

3.8 lb (1.7 kg)Standard-capacity DC power supply weight (only

6.2 lb (2.8 kg)High-capacity DC power supply weight

5.0 lb (2.3 kg)Standard-capacity AC power supply weight (only
supported on devices with SRX5K-SCB and
SRX5K-RE-13-20)

6.6 lb (3.0 kg)High-capacity AC power supply weight

SRX5600 Services Gateway Midplane Description

The midplane is located toward the rear of the chassis and forms the rear of the card cage (see

Figure 4 on page 31). IOCs, Flex IOCs, SPCs, and SCBs install into the midplane from the front of the

chassis, and the power supplies install into the midplane from the rear of the chassis. The cooling system
components also connect to the midplane.