Juniper SRX5800 Hardware Guide
SRX5800 Services Gateway Hardware
Guide
Published
2020-12-07
ii
Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA
408-745-2000 www.juniper.net
JuniperNetworks,theJuniperNetworkslogo,Juniper,andJunosareregisteredtrademarksofJuniperNetworks,Inc. in theUnitedStatesandothercountries. Allothertrademarks,servicemarks,registeredmarks,orregisteredservicemarks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
SRX5800ServicesGatewayHardwareGuide
Copyright © 2020 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR2000NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
ENDUSERLICENSEAGREEMENT
TheJuniperNetworksproductthatisthesubjectofthistechnicaldocumentationconsistsof(orisintendedforusewith) JuniperNetworkssoftware.UseofsuchsoftwareissubjecttothetermsandconditionsoftheEndUserLicenseAgreement (“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of that EULA.
iii
Table of Contents
AbouttheDocumentation | xiv
Documentation and Release Notes | xiv
Using the Examples in This Manual | xiv
Merging a Full Example | xv
Merging a Snippet | xvi
Documentation Conventions | xvi
Documentation Feedback | xix
Requesting Technical Support | xix
Self-Help Online Tools and Resources | xx
Creating a Service Request with JTAC | xx
1Overview
SRX5800ServicesGatewaySystemOverview | 22
SRX5800 Services Gateway Description | 22
Benefits of the SRX5800 Services Gateway | 23
SRX5800 Services Gateway Field-Replaceable Units | 23
SRX5800 Services Gateway Component Redundancy | 24
SRX5800Chassis | 25
SRX5800 Services Gateway Chassis | 26
SRX5800 Services Gateway Physical Specifications | 29
SRX5800 Services Gateway Midplane Description | 31
SRX5800 Services Gateway Cable Manager Description | 32
SRX5800 Services Gateway Craft Interface Overview | 33
SRX5800 Services Gateway Craft Interface Alarm LEDs and Alarm Cutoff/Lamp Test
Button | 34
SRX5800 Services Gateway Craft Interface Host Subsystem LEDs | 34
SRX5800 Services Gateway Craft Interface Power Supply LEDs | 35
SRX5800 Services Gateway Craft Interface Card OK/Fail LEDs | 35
SRX5800 Services Gateway Craft Interface Fan LEDs | 36
SRX5800 Services Gateway Craft Interface Online Buttons | 36
iv
SRX5800 Services Gateway Craft Interface Alarm Relay Contacts | 39
SRX5800ServicesGatewayCoolingSystem | 41
SRX5800PowerSystem | 43
SRX5800 Services Gateway Power System Overview | 44
SRX5800 Services Gateway Standard-Capacity AC Power Supply | 47
SRX5800 Services Gateway Standard-Capacity AC Power Supply LEDs | 47
SRX5800 Services Gateway High-Capacity AC Power Supply | 48
SRX5800 Services Gateway High-Capacity AC Power Supply LEDs | 50
SRX5800 Services Gateway AC Power Supply Specifications | 51
AC Power Cord Specifications for the SRX5800 Services Gateway | 52
AC Power Circuit Breaker Requirements for the SRX5800 Services Gateway | 54
SRX5800 Services Gateway Standard-Capacity DC Power Supply | 54
SRX5800 Services Gateway Standard-Capacity DC Power Supply LEDs | 55
SRX5800 Services Gateway High-Capacity DC Power Supply | 56
SRX5800 Services Gateway High-Capacity DC Power Supply LEDs | 58
SRX5800 Services Gateway DC Power Supply Specifications | 59
DC Power Cable Specifications for the SRX5800 Services Gateway | 60
DC Power Cable Lug Specifications for the SRX5800 Services Gateway | 61
DC Power Circuit Breaker Requirements for the SRX5800 Services Gateway | 62
DC Power Source Cabling for the SRX5800 Services Gateway | 62
SRX5800 Services Gateway Chassis Grounding Point Specifications | 63
SRX5800 Services Gateway Grounding Cable Specifications | 64
SRX5800 Services Gateway Grounding-Cable Lug Specification | 65
SRX5800HostSubsystem | 66
SRX5800 Services Gateway Host Subsystem Description | 66
Switch Control Board SRX5K-SCB Overview | 67
Switch Control Board SRX5K-SCB Specifications | 69
Switch Control Board SRX5K-SCBE Overview | 72
Switch Control Board SRX5K-SCBE Specifications | 73
SRX5K-SCBE LEDs | 74
Switch Control Board SRX5K-SCB3 Overview | 75
Switch Control Board SRX5K-SCB3 Specifications | 76
SRX5K-SCB3 LEDs | 77
v
Switch Control Board SRX5K-SCB4 Overview | 78
Switch Control Board SRX5K-SCB4 Specifications | 79
SRX5K-SCB4 LEDs | 81
Routing Engine SRX5K-RE-13-20 Overview | 81
Routing Engine SRX5K-RE-13-20 Specifications | 82
Routing Engine SRX5K-RE-1800X4 Overview | 86
SRX5K-RE-1800X4 Routing Engine Boot Sequence | 87
Routing Engine SRX5K-RE-1800X4 Specifications | 87
SRX5K-RE-1800X4 LEDs | 89
Routing Engine SRX5K-RE3-128G Specifications | 90
SRX5K-RE3-128G Routing Engine Components | 92
SRX5K-RE3-128G Routing Engine LEDs | 93
SRX5K-RE3-128G Routing Engine Boot Sequence | 94
SRX5800LineCardsandModules | 94
SRX5400, SRX5600, and SRX5800 Services Gateway Card Overview | 95
Cards Supported on SRX5400, SRX5600, and SRX5800 Services Gateways | 96
SRX5800 Services Gateway Card Cage and Slots | 100
SRX5800 Services Gateway SPC Description | 102
Services Processing Card SRX5K-SPC-2-10-40 Specifications | 102
Services Processing Card SRX5K-SPC-4-15-320 Specifications | 107
Services Processing Card SRX5K-SPC3 Specifications | 112
Modular Port Concentrator (SRX5K-MPC) Specifications | 116
MIC with 20x1GE SFP Interfaces (SRX-MIC-20GE-SFP) | 118
MIC with 10x10GE SFP+ Interfaces (SRX-MIC-10XG-SFPP) | 124
MIC with 1x100GE CFP Interface (SRX-MIC-1X100G-CFP) | 129
MIC with 2x40GE QSFP+ Interfaces (SRX-MIC-2X40G-QSFP) | 131
SRX5K-MPC3-40G10G Specifications | 132
SRX5K-MPC3-100G10G Specifications | 135
SRX5K-IOC4-10G Specifications | 138
SRX5K-IOC4-MRAT Specifications | 141
SRX5800 Services Gateway Interface Card Description | 145
I/O Card SRX5K-40GE-SFP Specifications | 147
I/O Card SRX5K-4XGE-XFP Specifications | 149
Flex I/O Card (SRX5K-FPC-IOC) Specifications | 151
vi
Flex I/O Card Port Module SRX-IOC-16GE-SFP Specifications | 153
Flex I/O Card Port Module SRX-IOC-16GE-TX Specifications | 155
Flex I/O Card Port Module SRX-IOC-4XGE-XFP Specifications | 156
2SitePlanning,Preparation,andSpecifications
SitePreparationChecklistfortheSRX5800ServicesGateway | 160
SRX5800SiteGuidelinesandRequirements | 161
SRX5800 Services Gateway Environmental Specifications | 161
General Site Guidelines | 162
Site Electrical Wiring Guidelines | 163
Clearance Requirements for SRX5800 Services Gateway Airflow and Hardware
Maintenance | 163
SRX5800RackandCabinetRequirements | 165
SRX5800 Services Gateway Rack-Mounting Hardware | 165
SRX5800 Services Gateway Rack Size and Strength Requirements | 165
Spacing of Rack-Mounting Bracket Holes for the SRX5800 Services Gateway | 166
Connection to Building Structure for the SRX5800 Services Gateway Rack | 166
SRX5800 Services Gateway Cabinet Size and Clearance Requirements | 167
SRX5800 Services Gateway Cabinet Airflow Requirements | 167
CalculatingPowerRequirementsfortheSRX5800ServicesGateway | 168
SRX5800NetworkCableandTransceiverPlanning | 185
RoutingEngineInterfaceCableandWireSpecificationsfortheSRX5800ServicesGateway | 185
Signal Loss in Multimode and Single-Mode Fiber-Optic Cable for the SRX5800 Services
Gateway | 186
Attenuation and Dispersion in Fiber-Optic Cable for the SRX5800 Services Gateway | 186
Calculating Power Budget for Fiber-Optic Cable for the SRX5800 Services Gateway | 187
Calculating Power Margin for Fiber-Optic Cable for the SRX5800 Services Gateway | 188
SRX5800AlarmandManagementCableSpecificationsandPinouts | 189
Alarm Relay Contact Wire Specifications for the SRX5800 Services Gateway | 190
Console Port Cable and Wire Specifications for the SRX5800 Services Gateway | 190
RJ-45ConnectorPinoutsfortheSRX5800ServicesGatewayRoutingEngineEthernetPort | 190
RJ-45 Connector Pinouts for the SRX5800 Services Gateway Routing Engine Auxiliary and
Console Ports | 191
vii
3InitialInstallationandConfiguration
OverviewofInstallingtheSRX5800ServicesGateway | 194
UnpackingtheSRX5800 | 195
Tools and Parts Required to Unpack the SRX5800 Services Gateway | 195
Unpacking the SRX5800 Services Gateway | 196
Verifying the SRX5800 Services Gateway Parts Received | 197
InstallingtheSRX5800MountingHardware | 199
Tools Required to Install the SRX5800 Services Gateway | 200
Installing the SRX5800 Services Gateway Mounting Hardware for a Four-Post Rack or
Cabinet | 200
Installing the SRX5800 Services Gateway Mounting Hardware in an Open-Frame Rack | 202
Removing Components from the SRX5800 Chassis Before Installing It in the Rack | 204
RemovingthePowerSuppliesBeforeInstallingtheSRX5800ServicesGatewayChassis | 204
RemovingtheCableManagerBeforeInstallingtheSRX5800ServicesGatewayChassis | 205
Removing Fan Trays Before Installing the SRX5800 Services Gateway Chassis | 206
Removing Cards Before Installing the SRX5800 Services Gateway Chassis | 208
Installing the SRX5800 Services Gateway Chassis in the Rack | 210
Reinstalling Components in the SRX5800 Services Gateway Chassis After Installing It in the
Rack | 212
Reinstalling Power Supplies After Installing the SRX5800 Services Gateway Chassis | 213
Reinstalling Fan Trays After Installing the SRX5800 Services Gateway Chassis | 214
Reinstalling Cards After Installing the SRX5800 Services Gateway Chassis | 216
ReinstallingtheCableManagerAfterInstallingtheSRX5800ServicesGatewayChassis | 218
ConnectingtheSRX5800toExternalDevices | 219
Tools and Parts Required for SRX5800 Services Gateway Connections | 220
Connecting the SRX5800 Services Gateway to a Management Console or an Auxiliary
Device | 220
Connecting the SRX5800 Services Gateway to a Network for Out-of-Band Management | 221
Connecting an SRX5800 Services Gateway to an External Alarm-Reporting Device | 222
Connecting Network Cables to SRX5800 Services Gateway IOCs and Port Modules | 223
viii
ConnectingtheSRX5800toPower | 225
Tools and Parts Required for SRX5800 Services Gateway Grounding and Power
Connections | 226
Grounding the SRX5800 Services Gateway | 226
Connecting Power to an AC-Powered SRX5800 Services Gateway | 228
Powering On an AC-Powered SRX5800 Services Gateway | 230
Connecting Power to a DC-Powered SRX5800 Services Gateway | 232
Powering On a DC-Powered SRX5800 Services Gateway | 234
Powering Off the SRX5800 Services Gateway | 236
PerformingtheInitialSoftwareConfigurationfortheSRX5800 | 236
SRX5800 Services Gateway Software Configuration Overview | 237
Initially Configuring the SRX5800 Services Gateway | 237
Performing Initial Software Configuration Using J-Web | 243
Configuring Root Authentication and the Management Interface from the CLI | 243
Configuring Interfaces, Zones, and Policies with J-Web | 244
4MaintainingComponents
MaintainingtheSRX5800Chassis | 249
Routine Maintenance Procedures for the SRX5800 Services Gateway | 249
Replacing the SRX5800 Services Gateway Craft Interface | 249
Disconnecting the Alarm Relay Wires from the SRX5800 Services Gateway Craft
Interface | 249
Removing the SRX5800 Services Gateway Craft Interface | 250
Installing the SRX5800 Services Gateway Craft Interface | 251
Connecting the Alarm Relay Wires to the SRX5800 Services Gateway Craft Interface | 252
MaintainingtheSRX5800CoolingSystem | 253
Maintaining the Fan Trays on the SRX5800 Services Gateway | 254
Replacing an SRX5800 Services Gateway Fan Tray | 254
Removing an SRX5800 Services Gateway Fan Tray | 255
Installing an SRX5800 Services Gateway Fan Tray | 257
Maintaining the Air Filter on the SRX5800 Services Gateway | 259
Replacing the SRX5800 Services Gateway Air Filter | 260
Removing the SRX5800 Services Gateway Air Filter | 260
Installing the SRX5800 Services Gateway Air Filter | 261
ix
MaintainingtheSRX5800PowerSystem | 262
Maintaining SRX5800 Services Gateway Power Supplies | 263
Replacing an SRX5800 Services Gateway AC Power Supply | 264
Removing an SRX5800 Services Gateway AC Power Supply | 264
Installing an SRX5800 Services Gateway AC Power Supply | 267
Replacing an SRX5800 Services Gateway AC Power Supply Cord | 270
Disconnecting an SRX5800 Services Gateway AC Power Supply Cord | 270
Connecting an SRX5800 Services Gateway AC Power Supply Cord | 271
Replacing an SRX5800 Services Gateway DC Power Supply | 273
Removing an SRX5800 Services Gateway DC Power Supply | 273
Installing an SRX5800 Services Gateway DC Power Supply | 276
Replacing an SRX5800 Services Gateway DC Power Supply Cable | 282
Disconnecting an SRX5800 Services Gateway DC Power Supply Cable | 282
Connecting an SRX5800 Services Gateway DC Power Supply Cable | 283
Upgrading an SRX5800 Services Gateway from Standard-Capacity to High-Capacity Power Supplies | 286
MaintainingtheSRX5800HostSubsystem | 290
Maintaining the SRX5800 Services Gateway Host Subsystem and SCBs | 290
Taking the SRX5800 Services Gateway Host Subsystem Offline | 292
Operating and Positioning the SRX5800 Services Gateway SCB Ejectors | 292
Replacing an SRX5800 Services Gateway SCB | 293
Removing an SRX5800 Services Gateway SCB | 293
Installing an SRX5800 Services Gateway SCB | 295
Replacing the SRX5800 Services Gateway Routing Engine | 297
Removing the SRX5800 Services Gateway Routing Engine | 297
Installing the SRX5800 Services Gateway Routing Engine | 299
Low Impact Hardware Upgrade for SCB3 and IOC3 | 303
In-ServiceHardwareUpgradeforSRX5K-RE-1800X4andSRX5K-SCBEorSRX5K-RE-1800X4
and SRX5K-SCB3 in a Chassis Cluster | 321
x
MaintainingtheSRX5800LineCardsandModules | 325
Maintaining Interface Cards and SPCs on the SRX5800 Services Gateway | 326
Replacing SRX5800 Services Gateway IOCs | 328
Removing an SRX5800 Services Gateway IOC | 328
Installing an SRX5800 Services Gateway IOC | 331
Replacing SRX5800 Services Gateway Flex IOCs | 335
Removing an SRX5800 Services Gateway Flex IOC | 335
Installing an SRX5800 Services Gateway Flex IOC | 338
Replacing SRX5800 Services Gateway Port Modules | 341
Removing an SRX5800 Services Gateway Port Module | 341
Installing an SRX5800 Services Gateway Port Module | 343
Replacing SRX5800 Services Gateway SPCs | 346
Removing an SRX5800 Services Gateway SPC | 346
Installing an SRX5800 Services Gateway SPC | 349
ReplacingSPCsinanOperatingSRX5400,SRX5600,orSRX5800ServicesGatewaysChassis
Cluster | 356
In-Service Hardware Upgrade for SRX5K-SPC3 in a Chassis Cluster | 359
Maintaining MICs and Port Modules on the SRX5800 Services Gateway | 362
Replacing SRX5800 Services Gateway MICs | 363
Removing an SRX5800 Services Gateway MIC | 363
Installing an SRX5800 Services Gateway MIC | 365
Replacing SRX5800 Services Gateway MPCs | 369
Removing an SRX5800 Services Gateway MPC | 369
Installing an SRX5800 Services Gateway MPC | 372
MaintainingtheSRX5800CablesandConnectors | 374
Maintaining SRX5800 Services Gateway Network Cables | 375
Replacing the Management Ethernet Cable on an SRX5800 Services Gateway | 377
Replacing the SRX5800 Services Gateway Console or Auxiliary Cable | 378
Replacing an SRX5800 Services Gateway Network Interface Cable | 379
Removing an SRX5800 Services Gateway Network Interface Cable | 379
Installing an SRX5800 Services Gateway Network Interface Cable | 380
Replacing SRX5800 Services Gateway XFP and SFP Transceivers | 382
Removing an SRX5800 Services Gateway SFP or XFP Transceiver | 382
Installing an SRX5800 Services Gateway SFP or XFP Transceiver | 384
xi
Replacing the SRX5800 Services Gateway Cable Manager | 385
Removing the SRX5800 Services Gateway Cable Manager | 386
Installing the SRX5800 Services Gateway Cable Manager | 387
ReplacingaRoutingEngineinanSRXSeriesHigh-EndChassisCluster | 388
Replacing a Routing Engine: USB Flash-Drive Method | 389
Replacing a Routing Engine: External SCP Server Method | 396
Replacing the Routing Engine: File Transfer Method | 403
5TroubleshootingHardware
TroubleshootingtheSRX5800 | 410
Troubleshooting the SRX5800 Services Gateway with the Junos OS CLI | 410
Troubleshooting the SRX5800 Services Gateway with Chassis and Interface Alarm
Messages | 411
Chassis Component Alarm Conditions on SRX5400, SRX5600, and SRX5800 Services
Gateways | 411
Backup Routing Engine Alarms | 426
Troubleshooting the SRX5800 Services Gateway with Alarm Relay Contacts | 428
Troubleshooting the SRX5800 Services Gateway with the Craft Interface LEDs | 428
Troubleshooting the SRX5800 Services Gateway with the Component LEDs | 429
Troubleshooting the SRX5800 Services Gateway Cooling System | 430
Troubleshooting SRX5800 Services Gateway Interface Cards | 430
Troubleshooting SRX5800 Services Gateway MICs and Port Modules | 432
Troubleshooting SRX5800 Services Gateway SPCs | 433
Troubleshooting the SRX5800 Services Gateway Power System | 434
BehavioroftheSRX5400,SRX5600,andSRX5800ServicesGatewaysWhentheSRX5K-SCBE
and SRX5K-RE-1800X4 in a Chassis Cluster Fail | 440
6ContactingCustomerSupportandReturningtheChassisorComponents
ReturningtheSRX5800ChassisorComponents | 443
Contacting Customer Support | 443
Return Procedure for the SRX5800 Services Gateway | 444
Listing the SRX5800 Services Gateway Component Serial Numbers with the Command-Line
Interface | 445
Locating the SRX5800 Services Gateway Chassis Serial Number Label | 446
Locating the SRX5800 Services Gateway Power Supply Serial Number Label | 447
xii
Locating the SRX5800 Services Gateway Craft Interface Serial Number Label | 450
Information You Might Need to Supply to JTAC | 451
Required Tools and Parts for Packing the SRX5800 Services Gateway | 451
Packing the SRX5800 Services Gateway for Shipment | 452
Packing SRX5800 Services Gateway Components for Shipment | 453
7SafetyandComplianceInformation
GeneralSafetyGuidelinesandWarnings | 456
DefinitionsofSafetyWarningLevels | 457
RestrictedAccessAreaWarning | 461
FireSafetyRequirements | 463
Fire Suppression | 463
Fire Suppression Equipment | 464
QualifiedPersonnelWarning | 465
WarningStatementforNorwayandSweden | 465
InstallationInstructionsWarning | 466
ChassisandComponentLiftingGuidelines | 466
RampWarning | 467
Rack-MountingandCabinet-MountingWarnings | 467
GroundedEquipmentWarning | 473
LaserandLEDSafetyGuidelinesandWarnings | 474
General Laser Safety Guidelines | 474
Class 1 Laser Product Warning | 475
Class 1 LED Product Warning | 476
Laser Beam Warning | 477
RadiationfromOpenPortAperturesWarning | 478
MaintenanceandOperationalSafetyGuidelinesandWarnings | 479
Battery Handling Warning | 480
Jewelry Removal Warning | 481
xiii
Lightning Activity Warning | 483
Operating Temperature Warning | 484
Product Disposal Warning | 486
GeneralElectricalSafetyGuidelinesandWarnings | 487
PreventionofElectrostaticDischargeDamage | 488
ACPowerElectricalSafetyGuidelines | 489
ACPowerDisconnectionWarning | 491
DCPowerElectricalSafetyGuidelines | 492
DC Power Electrical Safety Guidelines | 492
DC Power Disconnection Warning | 494
DC Power Grounding Requirements and Warning | 496
DC Power Wiring Sequence Warning | 498
DC Power Wiring Terminations Warning | 501
DCPowerDisconnectionWarning | 504
DCPowerGroundingRequirementsandWarning | 506
DCPowerWiringSequenceWarning | 508
DCPowerWiringTerminationsWarning | 511
MultiplePowerSuppliesDisconnectionWarning | 514
TNPowerWarning | 515
ActiontoTakeAfteranElectricalAccident | 515
SRX5800ServicesGatewayAgencyApprovals | 516
SRX5800ServicesGatewayComplianceStatementsforEMCRequirements | 517
Canada | 517
European Community | 517
Israel | 518
Japan | 518
United States | 518
StatementsofVolatilityforJuniperNetworkDevices | 519
xiv
AbouttheDocumentation
INTHISSECTION
Documentation and Release Notes | xiv
Using the Examples in This Manual | xiv
Documentation Conventions | xvi
Documentation Feedback | xix
Requesting Technical Support | xix
Use this guide to install hardware and perform initial software configuration, routine maintenance, and troubleshooting for the SRX5800 Services Gateway.
After completing the installation and basic configuration procedures covered in this guide, refer to the Junos OS documentation for information about further software configuration.
DocumentationandReleaseNotes
To obtain the most current version of all Juniper Networks® technical documentation, see the product documentation page on the Juniper Networks website at https://www.juniper.net/documentation/.
Iftheinformationinthelatestreleasenotesdiffersfromtheinformationinthedocumentation,followthe product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts. These books go beyond the technical documentation to explore the nuances of network architecture, deployment, and administration. The current list can be viewed at https://www.juniper.net/books.
UsingtheExamplesinThisManual
If you want to use the examples in this manual, you can use the loadmerge or the loadmergerelative command. These commands cause the software to merge the incoming configuration into the current candidateconfiguration.Theexampledoesnotbecomeactiveuntilyoucommitthecandidateconfiguration.
xv
If the example configuration contains the top level of the hierarchy (or multiple hierarchies), the example is a fullexample. In this case, use the loadmerge command.
If the example configuration does not start at the top level of the hierarchy, the example is a snippet. In thiscase,usetheloadmergerelative command.Theseproceduresaredescribedinthefollowingsections.
MergingaFullExample
To merge a full example, follow these steps:
1.From the HTML or PDF version of the manual, copy a configuration example into a text file, save the file with a name, and copy the file to a directory on your routing platform.
For example, copy the following configuration to a file and name the file ex-script.conf. Copy the ex-script.conf file to the /var/tmp directory on your routing platform.
system { scripts {
commit {
file ex-script.xsl;
}
}
}
interfaces { fxp0 {
disable; unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
}
2.Merge the contents of the file into your routing platform configuration by issuing the loadmerge configuration mode command:
[edit]
user@host# loadmerge/var/tmp/ex-script.conf load complete
xvi
MergingaSnippet
To merge a snippet, follow these steps:
1.From the HTML or PDF version of the manual, copy a configuration snippet into a text file, save the file with a name, and copy the file to a directory on your routing platform.
For example, copy the following snippet to a file and name the file ex-script-snippet.conf. Copy the ex-script-snippet.conf file to the /var/tmp directory on your routing platform.
commit {
file ex-script-snippet.xsl; }
2.Movetothehierarchylevelthatisrelevantforthissnippetbyissuingthefollowingconfigurationmode command:
[edit]
user@host# editsystemscripts
[edit system scripts]
3.Merge the contents of the file into your routing platform configuration by issuing the loadmerge relative configuration mode command:
[edit system scripts]
user@host# loadmergerelative/var/tmp/ex-script-snippet.conf load complete
For more information about the load command, see CLI Explorer.
DocumentationConventions
Table 1 on page xvii defines notice icons used in this guide.
xvii
Table1:NoticeIcons |
|
|
Icon |
Meaning |
Description |
|
Informational note |
Indicates important features or instructions. |
|
Caution |
Indicates a situation that might result in loss of data or hardware |
|
|
damage. |
|
Warning |
Alerts you to the risk of personal injury or death. |
|
Laser warning |
Alerts you to the risk of personal injury from a laser. |
|
Tip |
Indicates helpful information. |
|
Best practice |
Alerts you to a recommended use or implementation. |
Table 2 on page xvii defines the text and syntax conventions used in this guide.
Table2:TextandSyntaxConventions
Convention |
Description |
Examples |
Boldtextlikethis |
Represents text that you type. |
To enter configuration mode, type |
|
|
the configure command: |
|
|
user@host> configure |
Fixed-width text like this
Italictextlikethis
Represents output that appears on the terminal screen.
•Introducesoremphasizesimportant new terms.
•Identifies guide names.
•Identifies RFC and Internet draft titles.
user@host> showchassisalarms
No alarms currently active
•A policy term is a named structure that defines match conditions and actions.
•JunosOSCLIUserGuide
•RFC 1997, BGPCommunities Attribute
xviii
Table2:TextandSyntaxConventions (continued)
Convention |
Description |
Italictextlikethis |
Represents variables (options for |
|
which you substitute a value) in |
|
commands or configuration |
|
statements. |
Examples
Configure the machine’s domain name:
[edit]
root@# setsystemdomain-name domain-name
Textlikethis |
Represents names of configuration |
|
statements, commands, files, and |
|
directories; configuration hierarchy |
|
levels; or labels on routing platform |
|
components. |
•To configure a stub area, include the stub statement at the [edit protocolsospfareaarea-id] hierarchy level.
•The console port is labeled
CONSOLE.
< > (angle brackets) |
Encloses optional keywords or |
|
variables. |
| (pipe symbol) |
Indicates a choice between the |
|
mutually exclusive keywords or |
|
variablesoneithersideofthesymbol. |
|
The set of choices is often enclosed |
|
in parentheses for clarity. |
stub<default-metric metric>;
broadcast|multicast
(string1 | string2 | string3)
# (pound sign)
[ ] (square brackets)
Indention and braces ( { } )
; (semicolon)
Indicatesacommentspecifiedonthe |
rsvp{#RequiredfordynamicMPLS |
same line as the configuration |
only |
statement to which it applies. |
|
Enclosesavariableforwhichyoucan |
communitynamemembers[ |
substitute one or more values. |
community-ids ] |
Identifies a level in the configuration |
[edit] |
hierarchy. |
routing-options { |
|
static { |
Identifies a leaf statement at a |
route default { |
configuration hierarchy level. |
nexthop address; |
|
retain; |
|
} |
|
} |
|
} |
GUIConventions
xix
Table2:TextandSyntaxConventions (continued) |
|
|
Convention |
Description |
Examples |
Boldtextlikethis |
Represents graphical user interface |
• IntheLogicalInterfacesbox,select |
|
(GUI) items you click or select. |
AllInterfaces. |
|
|
• To cancel the configuration, click |
|
|
Cancel. |
> (bold right angle bracket) |
Separates levels in a hierarchy of |
Intheconfigurationeditorhierarchy, |
|
menu selections. |
select Protocols>Ospf. |
DocumentationFeedback
We encourage you to provide feedback so that we can improve our documentation. You can use either of the following methods:
•Online feedback system—Click TechLibrary Feedback, on the lower right of any page on the Juniper Networks TechLibrary site, and do one of the following:
•Click the thumbs-up icon if the information on the page was helpful to you.
•Click the thumbs-down icon if the information on the page was not helpful to you or if you have suggestions for improvement, and use the pop-up form to provide feedback.
•E-mail—Sendyourcommentstotechpubs-comments@juniper.net.Includethedocumentortopicname, URL or page number, and software version (if applicable).
RequestingTechnicalSupport
TechnicalproductsupportisavailablethroughtheJuniperNetworksTechnicalAssistanceCenter(JTAC). If you are a customer with an active Juniper Care or Partner Support Services support contract, or are
xx
covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC.
•JTACpolicies—ForacompleteunderstandingofourJTACproceduresandpolicies,reviewtheJTACUser Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
•Productwarranties—Forproductwarrantyinformation,visithttps://www.juniper.net/support/warranty/.
•JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year.
Self-HelpOnlineToolsandResources
Forquickandeasyproblemresolution,JuniperNetworkshasdesignedanonlineself-serviceportalcalled the Customer Support Center (CSC) that provides you with the following features:
•Find CSC offerings: https://www.juniper.net/customers/support/
•Search for known bugs: https://prsearch.juniper.net/
•Find product documentation: https://www.juniper.net/documentation/
•Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/
•Download the latest versions of software and review release notes: https://www.juniper.net/customers/csc/software/
•Search technical bulletins for relevant hardware and software notifications: https://kb.juniper.net/InfoCenter/
•Join and participate in the Juniper Networks Community Forum: https://www.juniper.net/company/communities/
•Create a service request online: https://myjuniper.juniper.net
To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/
CreatingaServiceRequestwithJTAC
You can create a service request with JTAC on the Web or by telephone.
•Visit https://myjuniper.juniper.net.
•Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see https://support.juniper.net/support/requesting-support/.
1
CHAPTER
Overview
SRX5800 Services Gateway System Overview | 22
SRX5800 Chassis | 25
SRX5800 Services Gateway Cooling System | 41
SRX5800 Power System | 43
SRX5800 Host Subsystem | 66
SRX5800 Line Cards and Modules | 94
22
SRX5800ServicesGatewaySystemOverview
INTHISSECTION
SRX5800 Services Gateway Description | 22
Benefits of the SRX5800 Services Gateway | 23
SRX5800 Services Gateway Field-Replaceable Units | 23
SRX5800 Services Gateway Component Redundancy | 24
SRX5800ServicesGatewayDescription
The SRX5800 Services Gateway is a high-performance, highly scalable, carrier-class security device with multi-processor architecture.
The services gateway provides 12 slots that you can populate with 2 or 3 Switch Control Boards (SCBs) and up to 12 additional cards of the following types:
•Services Processing Cards (SPCs) provide the processing capacity to run integrated services such as firewall, IPsec, and IDP.
•Modular PIC Concentrators (MPCs) provide Ethernet interfaces that connect the services gateway to your network.
•I/O cards (IOCs) provide Ethernet interfaces that connect the services gateway to your network.
•FlexIOCsaresimilartoIOCs,buthaveslotsforportmodulesthatallowyougreaterflexibilityinadding different types of Ethernet ports to your services gateway.
For detailed information about the cards supported by the services gateway, see the SRX5400,SRX5600, andSRX5800ServicesGatewayCardReference at www.juniper.net/documentation/.
23
BenefitsoftheSRX5800ServicesGateway
•TheSRX5800ServicesGatewayisthemarket-leadingsecuritysolutionsupportingupto1.2Tbpsfirewall throughputandlatencyaslowas32microsecondsforstatefulfirewall,395millionconcurrentsessions, and 1 Tbps IPS.
Equippedwiththefullrangeofadvancedsecurityservices,massiveperformance,scalability,andflexibility
maketheSRX5800idealforsecuringlargeenterprise,hosted,orcolocateddatacenters,mobileoperator environments, densely consolidated processing environments, cloud and managed service providers.
•IPSCapabilities-JuniperNetworksIPScapabilitiesofferseveraluniquefeaturessuchasProtocoldecodes, Zero-day protection, Active/active traffic monitoring, and packet capture logging per rule assure the highest level of network security.
•ContentSecurityUTMCapabilities-TheUTMservicesofferedontheSRX5000lineofServicesGateways include industry-leading antivirus, antispam, content filtering, and additional content security services.
The UTM services provide sophisticated protection from:
•Antivirus experts against malware attacks that can lead to data breaches and lost productivity.
•Advanced persistent threats perpetrated through social networking attacks and the latest phishing scams with sophisticated e-mail filtering and content blockers.
•LostproductivityandtheimpactofmaliciousURLsandextraneousormaliciouscontentonthenetwork to help maintain bandwidth.
•Advanced Threat Prevention (ATP) - Juniper Sky ATP, a SaaS-based service, and the Juniper ATP Appliance, an on-premises solution:
•Protectsenterpriseusersfromaspectrumofadvancedmalwarethatexploits“zero-day”vulnerabilities.
•Proactively blocks malware communication channels.
•The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and Google Mail, and detects threats in SMB traffic.
•Single pane-of-glass management with Security Director and JSA Series integration.
SRX5800ServicesGatewayField-ReplaceableUnits
Field-replaceableunits(FRUs)areservicesgatewaycomponentsthatcanbereplacedatthecustomersite. The services gateway uses the following types of FRUs:
Table3onpage24 liststheFRUsoftheservicesgatewayandtheactiontoperformtoinstall,remove,or replace an FRU.
Table3:Field-ReplaceableUnits
Field-Replaceable Units (FRUs)
Air filter
Fan tray
Craft interface
AC and DC power supplies (if redundant)
SFP and XFP transceivers
IOCs
Flex IOCs
Port modules of the Flex IOCs
Routing Engine
SCBs
SPCs
MPCs
MICs
24
Action
You need not power off the services gateway to install, remove, or replace any of these FRUs.
Powerofftheservicesgatewaytoinstall,remove,orreplaceanyof these FRUs.
SRX5800ServicesGatewayComponentRedundancy
The following major hardware components are redundant:
•Switch Control Boards (SCBs)—The SRX5800 Services Gateway has two SCBs installed and you can installathirdSCBforswitchfabricredundancy.TheSCBofthehostsubsystemfunctionsastheprimary and the others function as backup. If the SCB of the host subsystem fails, one of the other SCBs takes over as the primary.
25
NOTE: The SRX5800 Services Gateway supports a redundant SCB, provided the SCB is a SRX5K-SCBE (SCB2) running Junos OS Release 12.1X47-D15 and later, or a SRX5K-SCB3 (SCB3) running Junos OS Release 15.1X49-D10 and later.
The SRX5800 Services Gateway does not support a redundant SCB (third SCB) card if SRX5K-SPC-4-15-320(SPC2)isinstalledwithSCB1(SRX5K-SCB).IfyouhaveinstalledaSPC2 on a SRX5800 Services Gateway with a redundant SCB1 card, make sure to remove the redundant SCB1 card.
•Power supplies—When powered by standard-capacity AC power supplies, a minimum of three power supplies are required to supply power to a fully configured services gateway. All AC power supplies share the load evenly. The addition of a fourth power supply provides full power redundancy. If one powersupplyfailsinaredundantconfiguration,thethreeremainingpowersuppliesprovidefullpower.
When powered by DC power supplies or high-capacity AC power supplies, two power supplies are requiredtosupplypowertoafullyconfiguredservicesgateway.Onepowersupplysupportsapproximately half of the components in the services gateway, and the other power supply supports the remaining components. The installation of two additional power supplies provides full power redundancy. If one ortwopowersuppliesfail,theremainingpowersuppliescanprovidefullpowertotheservicesgateway.
•Cooling system—The cooling system has redundant components, which are controlled by the host subsystem. If one of the fans fails, the host subsystem increases the speed of the remaining fans to provide sufficient cooling for the services gateway indefinitely.
SRX5800Chassis
INTHISSECTION
SRX5800 Services Gateway Chassis | 26
SRX5800 Services Gateway Physical Specifications | 29
SRX5800 Services Gateway Midplane Description | 31
SRX5800 Services Gateway Cable Manager Description | 32
SRX5800 Services Gateway Craft Interface Overview | 33
SRX5800 Services Gateway Craft Interface Alarm LEDs and Alarm Cutoff/Lamp Test Button | 34
SRX5800 Services Gateway Craft Interface Host Subsystem LEDs | 34
SRX5800 Services Gateway Craft Interface Power Supply LEDs | 35
SRX5800 Services Gateway Craft Interface Card OK/Fail LEDs | 35
26
SRX5800 Services Gateway Craft Interface Fan LEDs | 36
SRX5800 Services Gateway Craft Interface Online Buttons | 36
SRX5800 Services Gateway Craft Interface Alarm Relay Contacts | 39
SRX5800ServicesGatewayChassis
The services gateway chassis is a rigid sheet metal structure that houses all the other services gateway components(seeFigure1onpage27,Figure2onpage28,andFigure3onpage29).Thechassismeasures 27.75in.(70.49cm)high,17.37in.(44.11cm)wide,and23.0in.(58.42cm)deep(fromthefront-mounting flangestotherearofthechassis).Thechassisinstallsin19-in.equipmentracksortelcoopen-frameracks.
The chassis can be installed in standard 800-mm (or deeper) enclosed cabinets when powered by standard-capacity power supplies, or in 1000-mm (or deeper) enclosed cabinets when powered by high-capacity power supplies.
Up to three services gateways can be installed in one standard (48 U) rack if the rack can handle their combined weight, which can be greater than 1,134 lb (515 kg). See “SRX5800 Services Gateway Physical Specifications” on page 29 for physical specifications for the SRX5800 Services Gateway.
Mountinghardwareincludesfront-mountingflangesonthefrontofthechassis,andtwocenter-mounting brackets attached to the center of the chassis.
WARNING: Tomeetsafetyandelectromagneticinterference(EMI)requirementsand to ensure proper operation, you must properly ground the services gateway chassis beforeconnectingpower.See“GroundingtheSRX5800ServicesGateway”onpage226 for instructions.
CAUTION: Before removing or installing components of a services gateway, attach an ESD strap to an ESD point and place the other end of the strap around your bare wrist. Failure to use an ESD strap can result in damage to the services gateway.
27
Figure1:FrontViewofaFullyConfiguredServicesGatewayChassis
Craft interface |
ESD point |
Front-mounting Center-mounting |
|
|
flange bracket |
Upper fan tray
Card slots 0-5
SCB0
SCB1
SCB2
or Card slot 6
Routing engine
SPCs
IOCs
Card slots 7-11
Air
filter tray
Lower fan tray
Air intake
|
|
|
|
|
|
|
0 |
|
|
|
PEM 0 |
1 |
2 |
3 |
1 |
|
|
|
FAN |
||||
OK FAIL |
OK FAIL |
OK FAIL |
OK FAIL |
|
|
|
|
|
|
|
OK FAIL |
OK FAIL |
|||
0 |
|
|
|
|
|||
1 |
2 |
3 |
|
|
|
|
|
ONLINE |
ONLINE |
|
4 |
|
5 |
||
ONLINE |
ONLINE |
|
|
||||
|
|
|
ONLINE |
ONLINE |
|||
|
|
|
|
|
|||
|
|
MASTER |
|
|
|
ONLINE |
|
RE0 |
OFFLINE |
||
RE1 |
|||
OK |
FAIL |
||
|
OK FAIL |
||
0 |
1 |
ONLINE |
ONLINE |
|
|
|
YELLOW ALARM RED ALARM |
|
|
||
|
|
ACO/LT |
|
|
|
|
|
|
|
|
NC C NO |
NC C NO |
|
|
|
OK FAIL |
OK |
OK FAIL |
|
|
|
||
|
|
FAIL |
OK FAIL |
|
|
||
|
|
|
|
OK |
OK FAIL |
||
2 |
6 |
7 |
|
|
FAIL |
||
8 |
9 |
|
|
||||
ONLINE |
ONLINE |
10 |
11 |
||||
ONLINE |
ONLINE |
||||||
|
|
|
|
|
ONLINE |
ONLINE |
|
<![endif]>g030200
28
Figure2:RearViewofaFullyConfiguredAC-PoweredServicesGatewayChassis
29
Figure3:RearViewofaFullyConfiguredDC-PoweredServicesGatewayChassis
SRX5800ServicesGatewayPhysicalSpecifications
Table 4 on page 30 summarizes the physical specifications for the services gateway chassis.
Table4:PhysicalSpecifications
Description
Chassis dimensions |
Height |
|
Width |
|
Depth, with standard-capacity |
|
power supplies |
Depth, with high-capacity AC power supplies
Depth, with high-capacity DC power supplies
Services gateway weight
Routing Engine weight
SCB weight
MPC weight (with two MICs)
IOC weight
Craft interface weight
Fan tray weight
30
Value
27.75 in. (70.5 cm) high
17.37 in. (44.1 cm) wide
23.0in.(58.4cm)deepfromfront-mountingbracket to chassis rear
27.8 in. (70.6 cm) total depth including cable management system
25.5in.(64.8cm)deepfromfront-mountingbracket to chassis rear
30.3 in. (77.0 cm) total depth including cable management system
27.8in.(70.6cm)deepfromfront-mountingbracket to chassis rear
32.6 in. (82.8 cm) total depth including cable management system
Chassis with midplane, fan tray, air filter, and cable manager: 150 lb (60.4 kg)
Maximum configuration: 400 lb (182 kg)
SRX5K-RE-13-20: 2.4 lb (1.1 kg)
SRX5K-RE-1800X4: 2.4 lb (1.1 kg)
SRX5K-SCB: 9.6 lb (4.4 kg)
SRX5K-SCBE: 9.6 lb (4.4 kg)
SRK5K-SCB3: 10.14 lb (4.6 kg)
13.1 lb (5.9 kg)
13.1 lb (5.9 kg)
1.1 lb (0.5 kg)
4.2 lb (1.9 kg)
Loading...