Juniper SRX5800 Hardware Guide

SRX5800 Services Gateway Hardware

Published

2020-12-07

Guide

Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in
the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks
are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.

SRX5800 Services Gateway Hardware Guide

Copyright © 2020 Juniper Networks, Inc. All rights reserved.

The information in this document is current as of the date on the title page.

ii

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related
limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

END USER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with)
Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement
(“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you
agree to the terms and conditions of that EULA.

Table of Contents

1

About the Documentation | xiv

Documentation and Release Notes | xiv

Using the Examples in This Manual | xiv

Merging a Full Example | xv

Merging a Snippet | xvi

Documentation Conventions | xvi

Documentation Feedback | xix

Requesting Technical Support | xix

Self-Help Online Tools and Resources | xx

Creating a Service Request with JTAC | xx

iii

Overview

SRX5800 Services Gateway System Overview | 22

SRX5800 Services Gateway Description | 22

Benefits of the SRX5800 Services Gateway | 23

SRX5800 Services Gateway Field-Replaceable Units | 23

SRX5800 Services Gateway Component Redundancy | 24

SRX5800 Chassis | 25

SRX5800 Services Gateway Chassis | 26

SRX5800 Services Gateway Physical Specifications | 29

SRX5800 Services Gateway Midplane Description | 31

SRX5800 Services Gateway Cable Manager Description | 32

SRX5800 Services Gateway Craft Interface Overview | 33

SRX5800 Services Gateway Craft Interface Alarm LEDs and Alarm Cutoff/Lamp Test

Button | 34

SRX5800 Services Gateway Craft Interface Host Subsystem LEDs | 34

SRX5800 Services Gateway Craft Interface Power Supply LEDs | 35

SRX5800 Services Gateway Craft Interface Card OK/Fail LEDs | 35

SRX5800 Services Gateway Craft Interface Fan LEDs | 36

SRX5800 Services Gateway Craft Interface Online Buttons | 36

SRX5800 Services Gateway Craft Interface Alarm Relay Contacts | 39

SRX5800 Services Gateway Cooling System | 41

SRX5800 Power System | 43

SRX5800 Services Gateway Power System Overview | 44

SRX5800 Services Gateway Standard-Capacity AC Power Supply | 47

SRX5800 Services Gateway Standard-Capacity AC Power Supply LEDs | 47

SRX5800 Services Gateway High-Capacity AC Power Supply | 48

SRX5800 Services Gateway High-Capacity AC Power Supply LEDs | 50

SRX5800 Services Gateway AC Power Supply Specifications | 51

AC Power Cord Specifications for the SRX5800 Services Gateway | 52

AC Power Circuit Breaker Requirements for the SRX5800 Services Gateway | 54

SRX5800 Services Gateway Standard-Capacity DC Power Supply | 54

SRX5800 Services Gateway Standard-Capacity DC Power Supply LEDs | 55

iv

SRX5800 Services Gateway High-Capacity DC Power Supply | 56

SRX5800 Services Gateway High-Capacity DC Power Supply LEDs | 58

SRX5800 Services Gateway DC Power Supply Specifications | 59

DC Power Cable Specifications for the SRX5800 Services Gateway | 60

DC Power Cable Lug Specifications for the SRX5800 Services Gateway | 61

DC Power Circuit Breaker Requirements for the SRX5800 Services Gateway | 62

DC Power Source Cabling for the SRX5800 Services Gateway | 62

SRX5800 Services Gateway Chassis Grounding Point Specifications | 63

SRX5800 Services Gateway Grounding Cable Specifications | 64

SRX5800 Services Gateway Grounding-Cable Lug Specification | 65

SRX5800 Host Subsystem | 66

SRX5800 Services Gateway Host Subsystem Description | 66

Switch Control Board SRX5K-SCB Overview | 67

Switch Control Board SRX5K-SCB Specifications | 69

Switch Control Board SRX5K-SCBE Overview | 72

Switch Control Board SRX5K-SCBE Specifications | 73

SRX5K-SCBE LEDs | 74

Switch Control Board SRX5K-SCB3 Overview | 75

Switch Control Board SRX5K-SCB3 Specifications | 76

SRX5K-SCB3 LEDs | 77

Switch Control Board SRX5K-SCB4 Overview | 78

Switch Control Board SRX5K-SCB4 Specifications | 79

SRX5K-SCB4 LEDs | 81

Routing Engine SRX5K-RE-13-20 Overview | 81

Routing Engine SRX5K-RE-13-20 Specifications | 82

Routing Engine SRX5K-RE-1800X4 Overview | 86

SRX5K-RE-1800X4 Routing Engine Boot Sequence | 87

Routing Engine SRX5K-RE-1800X4 Specifications | 87

SRX5K-RE-1800X4 LEDs | 89

Routing Engine SRX5K-RE3-128G Specifications | 90

SRX5K-RE3-128G Routing Engine Components | 92

SRX5K-RE3-128G Routing Engine LEDs | 93

SRX5K-RE3-128G Routing Engine Boot Sequence | 94

v

SRX5800 Line Cards and Modules | 94

SRX5400, SRX5600, and SRX5800 Services Gateway Card Overview | 95

Cards Supported on SRX5400, SRX5600, and SRX5800 Services Gateways | 96

SRX5800 Services Gateway Card Cage and Slots | 100

SRX5800 Services Gateway SPC Description | 102

Services Processing Card SRX5K-SPC-2-10-40 Specifications | 102

Services Processing Card SRX5K-SPC-4-15-320 Specifications | 107

Services Processing Card SRX5K-SPC3 Specifications | 112

Modular Port Concentrator (SRX5K-MPC) Specifications | 116

MIC with 20x1GE SFP Interfaces (SRX-MIC-20GE-SFP) | 118

MIC with 10x10GE SFP+ Interfaces (SRX-MIC-10XG-SFPP) | 124

MIC with 1x100GE CFP Interface (SRX-MIC-1X100G-CFP) | 129

MIC with 2x40GE QSFP+ Interfaces (SRX-MIC-2X40G-QSFP) | 131

SRX5K-MPC3-40G10G Specifications | 132

SRX5K-MPC3-100G10G Specifications | 135

SRX5K-IOC4-10G Specifications | 138

SRX5K-IOC4-MRAT Specifications | 141

SRX5800 Services Gateway Interface Card Description | 145

I/O Card SRX5K-40GE-SFP Specifications | 147

I/O Card SRX5K-4XGE-XFP Specifications | 149

Flex I/O Card (SRX5K-FPC-IOC) Specifications | 151

Flex I/O Card Port Module SRX-IOC-16GE-SFP Specifications | 153

2

Flex I/O Card Port Module SRX-IOC-16GE-TX Specifications | 155

Flex I/O Card Port Module SRX-IOC-4XGE-XFP Specifications | 156

Site Planning, Preparation, and Specifications

Site Preparation Checklist for the SRX5800 Services Gateway | 160

SRX5800 Site Guidelines and Requirements | 161

SRX5800 Services Gateway Environmental Specifications | 161

General Site Guidelines | 162

Site Electrical Wiring Guidelines | 163

Clearance Requirements for SRX5800 Services Gateway Airflow and Hardware

Maintenance | 163

SRX5800 Rack and Cabinet Requirements | 165

SRX5800 Services Gateway Rack-Mounting Hardware | 165

vi

SRX5800 Services Gateway Rack Size and Strength Requirements | 165

Spacing of Rack-Mounting Bracket Holes for the SRX5800 Services Gateway | 166

Connection to Building Structure for the SRX5800 Services Gateway Rack | 166

SRX5800 Services Gateway Cabinet Size and Clearance Requirements | 167

SRX5800 Services Gateway Cabinet Airflow Requirements | 167

Calculating Power Requirements for the SRX5800 Services Gateway | 168

SRX5800 Network Cable and Transceiver Planning | 185

Routing Engine Interface Cable and Wire Specifications for the SRX5800 Services Gateway | 185

Signal Loss in Multimode and Single-Mode Fiber-Optic Cable for the SRX5800 Services

Gateway | 186

Attenuation and Dispersion in Fiber-Optic Cable for the SRX5800 Services Gateway | 186

Calculating Power Budget for Fiber-Optic Cable for the SRX5800 Services Gateway | 187

Calculating Power Margin for Fiber-Optic Cable for the SRX5800 Services Gateway | 188

SRX5800 Alarm and Management Cable Specifications and Pinouts | 189

Alarm Relay Contact Wire Specifications for the SRX5800 Services Gateway | 190

Console Port Cable and Wire Specifications for the SRX5800 Services Gateway | 190

RJ-45 Connector Pinouts for the SRX5800 Services Gateway Routing Engine Ethernet Port | 190

RJ-45 Connector Pinouts for the SRX5800 Services Gateway Routing Engine Auxiliary and

Console Ports | 191

Initial Installation and Configuration

3

Overview of Installing the SRX5800 Services Gateway | 194

Unpacking the SRX5800 | 195

Tools and Parts Required to Unpack the SRX5800 Services Gateway | 195

Unpacking the SRX5800 Services Gateway | 196

Verifying the SRX5800 Services Gateway Parts Received | 197

Installing the SRX5800 Mounting Hardware | 199

Tools Required to Install the SRX5800 Services Gateway | 200

Installing the SRX5800 Services Gateway Mounting Hardware for a Four-Post Rack or

Cabinet | 200

Installing the SRX5800 Services Gateway Mounting Hardware in an Open-Frame Rack | 202

Removing Components from the SRX5800 Chassis Before Installing It in the Rack | 204

vii

Removing the Power Supplies Before Installing the SRX5800 Services Gateway Chassis | 204

Removing the Cable Manager Before Installing the SRX5800 Services Gateway Chassis | 205

Removing Fan Trays Before Installing the SRX5800 Services Gateway Chassis | 206

Removing Cards Before Installing the SRX5800 Services Gateway Chassis | 208

Installing the SRX5800 Services Gateway Chassis in the Rack | 210

Reinstalling Components in the SRX5800 Services Gateway Chassis After Installing It in the

Rack | 212

Reinstalling Power Supplies After Installing the SRX5800 Services Gateway Chassis | 213

Reinstalling Fan Trays After Installing the SRX5800 Services Gateway Chassis | 214

Reinstalling Cards After Installing the SRX5800 Services Gateway Chassis | 216

Reinstalling the Cable Manager After Installing the SRX5800 Services Gateway Chassis | 218

Connecting the SRX5800 to External Devices | 219

Tools and Parts Required for SRX5800 Services Gateway Connections | 220

Connecting the SRX5800 Services Gateway to a Management Console or an Auxiliary

Device | 220

Connecting the SRX5800 Services Gateway to a Network for Out-of-Band Management | 221

Connecting an SRX5800 Services Gateway to an External Alarm-Reporting Device | 222

Connecting Network Cables to SRX5800 Services Gateway IOCs and Port Modules | 223

Connecting the SRX5800 to Power | 225

4

Tools and Parts Required for SRX5800 Services Gateway Grounding and Power

Connections | 226

Grounding the SRX5800 Services Gateway | 226

Connecting Power to an AC-Powered SRX5800 Services Gateway | 228

Powering On an AC-Powered SRX5800 Services Gateway | 230

Connecting Power to a DC-Powered SRX5800 Services Gateway | 232

Powering On a DC-Powered SRX5800 Services Gateway | 234

Powering Off the SRX5800 Services Gateway | 236

Performing the Initial Software Configuration for the SRX5800 | 236

SRX5800 Services Gateway Software Configuration Overview | 237

Initially Configuring the SRX5800 Services Gateway | 237

Performing Initial Software Configuration Using J-Web | 243

viii

Configuring Root Authentication and the Management Interface from the CLI | 243

Configuring Interfaces, Zones, and Policies with J-Web | 244

Maintaining Components

Maintaining the SRX5800 Chassis | 249

Routine Maintenance Procedures for the SRX5800 Services Gateway | 249

Replacing the SRX5800 Services Gateway Craft Interface | 249

Disconnecting the Alarm Relay Wires from the SRX5800 Services Gateway Craft

Interface | 249

Removing the SRX5800 Services Gateway Craft Interface | 250

Installing the SRX5800 Services Gateway Craft Interface | 251

Connecting the Alarm Relay Wires to the SRX5800 Services Gateway Craft Interface | 252

Maintaining the SRX5800 Cooling System | 253

Maintaining the Fan Trays on the SRX5800 Services Gateway | 254

Replacing an SRX5800 Services Gateway Fan Tray | 254

Removing an SRX5800 Services Gateway Fan Tray | 255

Installing an SRX5800 Services Gateway Fan Tray | 257

Maintaining the Air Filter on the SRX5800 Services Gateway | 259

Replacing the SRX5800 Services Gateway Air Filter | 260

Removing the SRX5800 Services Gateway Air Filter | 260

Installing the SRX5800 Services Gateway Air Filter | 261

Maintaining the SRX5800 Power System | 262

Maintaining SRX5800 Services Gateway Power Supplies | 263

Replacing an SRX5800 Services Gateway AC Power Supply | 264

Removing an SRX5800 Services Gateway AC Power Supply | 264

Installing an SRX5800 Services Gateway AC Power Supply | 267

Replacing an SRX5800 Services Gateway AC Power Supply Cord | 270

Disconnecting an SRX5800 Services Gateway AC Power Supply Cord | 270

Connecting an SRX5800 Services Gateway AC Power Supply Cord | 271

Replacing an SRX5800 Services Gateway DC Power Supply | 273

Removing an SRX5800 Services Gateway DC Power Supply | 273

Installing an SRX5800 Services Gateway DC Power Supply | 276

Replacing an SRX5800 Services Gateway DC Power Supply Cable | 282

Disconnecting an SRX5800 Services Gateway DC Power Supply Cable | 282

Connecting an SRX5800 Services Gateway DC Power Supply Cable | 283

ix

Upgrading an SRX5800 Services Gateway from Standard-Capacity to High-Capacity Power

Supplies | 286

Maintaining the SRX5800 Host Subsystem | 290

Maintaining the SRX5800 Services Gateway Host Subsystem and SCBs | 290

Taking the SRX5800 Services Gateway Host Subsystem Offline | 292

Operating and Positioning the SRX5800 Services Gateway SCB Ejectors | 292

Replacing an SRX5800 Services Gateway SCB | 293

Removing an SRX5800 Services Gateway SCB | 293

Installing an SRX5800 Services Gateway SCB | 295

Replacing the SRX5800 Services Gateway Routing Engine | 297

Removing the SRX5800 Services Gateway Routing Engine | 297

Installing the SRX5800 Services Gateway Routing Engine | 299

Low Impact Hardware Upgrade for SCB3 and IOC3 | 303

In-Service Hardware Upgrade for SRX5K-RE-1800X4 and SRX5K-SCBE or SRX5K-RE-1800X4

and SRX5K-SCB3 in a Chassis Cluster | 321

Maintaining the SRX5800 Line Cards and Modules | 325

Maintaining Interface Cards and SPCs on the SRX5800 Services Gateway | 326

Replacing SRX5800 Services Gateway IOCs | 328

Removing an SRX5800 Services Gateway IOC | 328

Installing an SRX5800 Services Gateway IOC | 331

Replacing SRX5800 Services Gateway Flex IOCs | 335

Removing an SRX5800 Services Gateway Flex IOC | 335

Installing an SRX5800 Services Gateway Flex IOC | 338

Replacing SRX5800 Services Gateway Port Modules | 341

Removing an SRX5800 Services Gateway Port Module | 341

Installing an SRX5800 Services Gateway Port Module | 343

Replacing SRX5800 Services Gateway SPCs | 346

Removing an SRX5800 Services Gateway SPC | 346

Installing an SRX5800 Services Gateway SPC | 349

x

Replacing SPCs in an Operating SRX5400, SRX5600, or SRX5800 Services Gateways Chassis

Cluster | 356

In-Service Hardware Upgrade for SRX5K-SPC3 in a Chassis Cluster | 359

Maintaining MICs and Port Modules on the SRX5800 Services Gateway | 362

Replacing SRX5800 Services Gateway MICs | 363

Removing an SRX5800 Services Gateway MIC | 363

Installing an SRX5800 Services Gateway MIC | 365

Replacing SRX5800 Services Gateway MPCs | 369

Removing an SRX5800 Services Gateway MPC | 369

Installing an SRX5800 Services Gateway MPC | 372

Maintaining the SRX5800 Cables and Connectors | 374

Maintaining SRX5800 Services Gateway Network Cables | 375

Replacing the Management Ethernet Cable on an SRX5800 Services Gateway | 377

Replacing the SRX5800 Services Gateway Console or Auxiliary Cable | 378

Replacing an SRX5800 Services Gateway Network Interface Cable | 379

Removing an SRX5800 Services Gateway Network Interface Cable | 379

Installing an SRX5800 Services Gateway Network Interface Cable | 380

Replacing SRX5800 Services Gateway XFP and SFP Transceivers | 382

Removing an SRX5800 Services Gateway SFP or XFP Transceiver | 382

Installing an SRX5800 Services Gateway SFP or XFP Transceiver | 384

Replacing the SRX5800 Services Gateway Cable Manager | 385

5

6

Removing the SRX5800 Services Gateway Cable Manager | 386

Installing the SRX5800 Services Gateway Cable Manager | 387

Replacing a Routing Engine in an SRX Series High-End Chassis Cluster | 388

Replacing a Routing Engine: USB Flash-Drive Method | 389

Replacing a Routing Engine: External SCP Server Method | 396

Replacing the Routing Engine: File Transfer Method | 403

Troubleshooting Hardware

Troubleshooting the SRX5800 | 410

Troubleshooting the SRX5800 Services Gateway with the Junos OS CLI | 410

Troubleshooting the SRX5800 Services Gateway with Chassis and Interface Alarm

Messages | 411

Chassis Component Alarm Conditions on SRX5400, SRX5600, and SRX5800 Services

Gateways | 411

xi

Backup Routing Engine Alarms | 426

Troubleshooting the SRX5800 Services Gateway with Alarm Relay Contacts | 428

Troubleshooting the SRX5800 Services Gateway with the Craft Interface LEDs | 428

Troubleshooting the SRX5800 Services Gateway with the Component LEDs | 429

Troubleshooting the SRX5800 Services Gateway Cooling System | 430

Troubleshooting SRX5800 Services Gateway Interface Cards | 430

Troubleshooting SRX5800 Services Gateway MICs and Port Modules | 432

Troubleshooting SRX5800 Services Gateway SPCs | 433

Troubleshooting the SRX5800 Services Gateway Power System | 434

Behavior of the SRX5400, SRX5600, and SRX5800 Services Gateways When the SRX5K-SCBE

and SRX5K-RE-1800X4 in a Chassis Cluster Fail | 440

Contacting Customer Support and Returning the Chassis or Components

Returning the SRX5800 Chassis or Components | 443

Contacting Customer Support | 443

Return Procedure for the SRX5800 Services Gateway | 444

Listing the SRX5800 Services Gateway Component Serial Numbers with the Command-Line

Interface | 445

Locating the SRX5800 Services Gateway Chassis Serial Number Label | 446

Locating the SRX5800 Services Gateway Power Supply Serial Number Label | 447

Locating the SRX5800 Services Gateway Craft Interface Serial Number Label | 450

7

Information You Might Need to Supply to JTAC | 451

Required Tools and Parts for Packing the SRX5800 Services Gateway | 451

Packing the SRX5800 Services Gateway for Shipment | 452

Packing SRX5800 Services Gateway Components for Shipment | 453

Safety and Compliance Information

General Safety Guidelines and Warnings | 456

Definitions of Safety Warning Levels | 457

Restricted Access Area Warning | 461

Fire Safety Requirements | 463

Fire Suppression | 463

Fire Suppression Equipment | 464

xii

Qualified Personnel Warning | 465

Warning Statement for Norway and Sweden | 465

Installation Instructions Warning | 466

Chassis and Component Lifting Guidelines | 466

Ramp Warning | 467

Rack-Mounting and Cabinet-Mounting Warnings | 467

Grounded Equipment Warning | 473

Laser and LED Safety Guidelines and Warnings | 474

General Laser Safety Guidelines | 474

Class 1 Laser Product Warning | 475

Class 1 LED Product Warning | 476

Laser Beam Warning | 477

Radiation from Open Port Apertures Warning | 478

Maintenance and Operational Safety Guidelines and Warnings | 479

Battery Handling Warning | 480

Jewelry Removal Warning | 481

Lightning Activity Warning | 483

Operating Temperature Warning | 484

Product Disposal Warning | 486

General Electrical Safety Guidelines and Warnings | 487

Prevention of Electrostatic Discharge Damage | 488

AC Power Electrical Safety Guidelines | 489

AC Power Disconnection Warning | 491

DC Power Electrical Safety Guidelines | 492

DC Power Electrical Safety Guidelines | 492

DC Power Disconnection Warning | 494

DC Power Grounding Requirements and Warning | 496

DC Power Wiring Sequence Warning | 498

xiii

DC Power Wiring Terminations Warning | 501

DC Power Disconnection Warning | 504

DC Power Grounding Requirements and Warning | 506

DC Power Wiring Sequence Warning | 508

DC Power Wiring Terminations Warning | 511

Multiple Power Supplies Disconnection Warning | 514

TN Power Warning | 515

Action to Take After an Electrical Accident | 515

SRX5800 Services Gateway Agency Approvals | 516

SRX5800 Services Gateway Compliance Statements for EMC Requirements | 517

Canada | 517

European Community | 517

Israel | 518

Japan | 518

United States | 518

Statements of Volatility for Juniper Network Devices | 519

About the Documentation

IN THIS SECTION

Documentation and Release Notes | xiv

Using the Examples in This Manual | xiv

Documentation Conventions | xvi

Documentation Feedback | xix

Requesting Technical Support | xix

Use this guide to install hardware and perform initial software configuration, routine maintenance, and
troubleshooting for the SRX5800 Services Gateway.

xiv

After completing the installation and basic configuration procedures covered in this guide, refer to the
Junos OS documentation for information about further software configuration.

Documentation and Release Notes

To obtain the most current version of all Juniper Networks®technical documentation, see the product
documentation page on the Juniper Networks website at https://www.juniper.net/documentation/.

If the information in the latest release notes differs from the information in the documentation, follow the
product Release Notes.

Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts.
These books go beyond the technical documentation to explore the nuances of network architecture,
deployment, and administration. The current list can be viewed at https://www.juniper.net/books.

Using the Examples in This Manual

If you want to use the examples in this manual, you can use the load merge or the load merge relative
command. These commands cause the software to merge the incoming configuration into the current
candidate configuration. The example does not become active until you commit the candidate configuration.

If the example configuration contains the top level of the hierarchy (or multiple hierarchies), the example
is a full example. In this case, use the load merge command.

If the example configuration does not start at the top level of the hierarchy, the example is a snippet. In
this case, use the load merge relative command. These procedures are described in the following sections.

Merging a Full Example

To merge a full example, follow these steps:

1. From the HTML or PDF version of the manual, copy a configuration example into a text file, save the
file with a name, and copy the file to a directory on your routing platform.

For example, copy the following configuration to a file and name the file ex-script.conf. Copy the
ex-script.conf file to the /var/tmp directory on your routing platform.

system {

scripts {

commit {

file ex-script.xsl;

}

}
}
interfaces {

fxp0 {

disable;
unit 0 {

family inet {

address 10.0.0.1/24;

}

}

}
}

xv

2. Merge the contents of the file into your routing platform configuration by issuing the load merge
configuration mode command:

[edit]
user@host# load merge /var/tmp/ex-script.conf
load complete

Merging a Snippet

To merge a snippet, follow these steps:

1. From the HTML or PDF version of the manual, copy a configuration snippet into a text file, save the
file with a name, and copy the file to a directory on your routing platform.

For example, copy the following snippet to a file and name the file ex-script-snippet.conf. Copy the
ex-script-snippet.conf file to the /var/tmp directory on your routing platform.

commit {

file ex-script-snippet.xsl; }

2. Move to the hierarchy level that is relevant for this snippet by issuing the following configuration mode
command:

[edit]
user@host# edit system scripts
[edit system scripts]

xvi

3. Merge the contents of the file into your routing platform configuration by issuing the load merge
relative configuration mode command:

[edit system scripts]
user@host# load merge relative /var/tmp/ex-script-snippet.conf
load complete

For more information about the load command, see CLI Explorer.

Documentation Conventions

Table 1 on page xvii defines notice icons used in this guide.

Table 1: Notice Icons

xvii

DescriptionMeaningIcon

Indicates important features or instructions.Informational note

Caution

Indicates a situation that might result in loss of data or hardware
damage.

Alerts you to the risk of personal injury or death.Warning

Alerts you to the risk of personal injury from a laser.Laser warning

Indicates helpful information.Tip

Alerts you to a recommended use or implementation.Best practice

Table 2 on page xvii defines the text and syntax conventions used in this guide.

Table 2: Text and Syntax Conventions

ExamplesDescriptionConvention

Fixed-width text like this

Italic text like this

Represents text that you type.Bold text like this

Represents output that appears on
the terminal screen.

Introduces or emphasizes important

•

new terms.

Identifies guide names.

•

Identifies RFC and Internet draft

•

titles.

To enter configuration mode, type
the configure command:

user@host> configure

user@host> show chassis alarms

No alarms currently active

A policy term is a named structure

•

that defines match conditions and
actions.

Junos OS CLI User Guide

•

RFC 1997, BGP Communities

•

Attribute

Table 2: Text and Syntax Conventions (continued)

xviii

ExamplesDescriptionConvention

Italic text like this

Text like this

< > (angle brackets)

| (pipe symbol)

Represents variables (options for
which you substitute a value) in
commands or configuration
statements.

Represents names of configuration
statements, commands, files, and
directories; configuration hierarchy
levels; or labels on routing platform
components.

variables.

Indicates a choice between the
mutually exclusive keywords or
variables on either side of the symbol.
The set of choices is often enclosed
in parentheses for clarity.

Configure the machine’s domain
name:

[edit]
root@# set system domain-name

domain-name

To configure a stub area, include

•

the stub statement at the [edit
protocols ospf area area-id]

hierarchy level.

The console port is labeled

•

CONSOLE.

stub <default-metric metric>;Encloses optional keywords or

broadcast | multicast

(string1 | string2 | string3)

# (pound sign)

[ ] (square brackets)

Indention and braces ( { } )

; (semicolon)

GUI Conventions

Indicates a comment specified on the
same line as the configuration
statement to which it applies.

Encloses a variable for which you can
substitute one or more values.

Identifies a level in the configuration
hierarchy.

Identifies a leaf statement at a
configuration hierarchy level.

rsvp { # Required for dynamic MPLS
only

community name members [
community-ids ]

[edit]
routing-options {

static {

route default {

nexthop address;
retain;

}

}

}

Table 2: Text and Syntax Conventions (continued)

xix

ExamplesDescriptionConvention

Bold text like this

> (bold right angle bracket)

Represents graphical user interface
(GUI) items you click or select.

Separates levels in a hierarchy of
menu selections.

In the Logical Interfaces box, select

•

All Interfaces.

To cancel the configuration, click

•

Cancel.

In the configuration editor hierarchy,
select Protocols>Ospf.

Documentation Feedback

We encourage you to provide feedback so that we can improve our documentation. You can use either
of the following methods:

Online feedback system—Click TechLibrary Feedback, on the lower right of any page on the Juniper

•

Networks TechLibrary site, and do one of the following:

Click the thumbs-up icon if the information on the page was helpful to you.

•

Click the thumbs-down icon if the information on the page was not helpful to you or if you have

•

suggestions for improvement, and use the pop-up form to provide feedback.

E-mail—Send your comments to techpubs-comments@juniper.net. Include the document or topic name,

•

URL or page number, and software version (if applicable).

Requesting Technical Support

Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC).
If you are a customer with an active Juniper Care or Partner Support Services support contract, or are

covered under warranty, and need post-sales technical support, you can access our tools and resources
online or open a case with JTAC.

JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User

•

Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.

Product warranties—For product warranty information, visit https://www.juniper.net/support/warranty/.

•

JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week,

•

365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called
the Customer Support Center (CSC) that provides you with the following features:

Find CSC offerings: https://www.juniper.net/customers/support/

•

Search for known bugs: https://prsearch.juniper.net/

•

xx

Find product documentation: https://www.juniper.net/documentation/

•

Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/

•

Download the latest versions of software and review release notes:

•

https://www.juniper.net/customers/csc/software/

Search technical bulletins for relevant hardware and software notifications:

•

https://kb.juniper.net/InfoCenter/

Join and participate in the Juniper Networks Community Forum:

•

https://www.juniper.net/company/communities/

Create a service request online: https://myjuniper.juniper.net

•

To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool:

https://entitlementsearch.juniper.net/entitlementsearch/

Creating a Service Request with JTAC

You can create a service request with JTAC on the Web or by telephone.

Visit https://myjuniper.juniper.net.

•

Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

•

For international or direct-dial options in countries without toll-free numbers, see

https://support.juniper.net/support/requesting-support/.

1

CHAPTER

Overview

SRX5800 Services Gateway System Overview | 22

SRX5800 Chassis | 25

SRX5800 Services Gateway Cooling System | 41

SRX5800 Power System | 43

SRX5800 Host Subsystem | 66

SRX5800 Line Cards and Modules | 94

SRX5800 Services Gateway System Overview

IN THIS SECTION

SRX5800 Services Gateway Description | 22

Benefits of the SRX5800 Services Gateway | 23

SRX5800 Services Gateway Field-Replaceable Units | 23

SRX5800 Services Gateway Component Redundancy | 24

SRX5800 Services Gateway Description

22

The SRX5800 Services Gateway is a high-performance, highly scalable, carrier-class security device with
multi-processor architecture.

The services gateway provides 12 slots that you can populate with 2 or 3 Switch Control Boards (SCBs)
and up to 12 additional cards of the following types:

Services Processing Cards (SPCs) provide the processing capacity to run integrated services such as

•

firewall, IPsec, and IDP.

Modular PIC Concentrators (MPCs) provide Ethernet interfaces that connect the services gateway to

•

your network.

I/O cards (IOCs) provide Ethernet interfaces that connect the services gateway to your network.

•

Flex IOCs are similar to IOCs, but have slots for port modules that allow you greater flexibility in adding

•

different types of Ethernet ports to your services gateway.

For detailed information about the cards supported by the services gateway, see the SRX5400, SRX5600,

and SRX5800 Services Gateway Card Reference at www.juniper.net/documentation/.

Benefits of the SRX5800 Services Gateway

The SRX5800 Services Gateway is the market-leading security solution supporting up to 1.2 Tbps firewall

•

throughput and latency as low as 32 microseconds for stateful firewall, 395 million concurrent sessions,
and 1 Tbps IPS.
Equipped with the full range of advanced security services, massive performance, scalability, and flexibility
make the SRX5800 ideal for securing large enterprise, hosted, or colocated data centers, mobile operator
environments, densely consolidated processing environments, cloud and managed service providers.

IPS Capabilities - Juniper Networks IPS capabilities offer several unique features such as Protocol decodes,

•

Zero-day protection, Active/active traffic monitoring, and packet capture logging per rule assure the
highest level of network security.

Content Security UTM Capabilities - The UTM services offered on the SRX5000 line of Services Gateways

•

include industry-leading antivirus, antispam, content filtering, and additional content security services.

The UTM services provide sophisticated protection from:

Antivirus experts against malware attacks that can lead to data breaches and lost productivity.

•

23

Advanced persistent threats perpetrated through social networking attacks and the latest phishing

•

scams with sophisticated e-mail filtering and content blockers.

Lost productivity and the impact of malicious URLs and extraneous or malicious content on the network

•

to help maintain bandwidth.

Advanced Threat Prevention (ATP) - Juniper Sky ATP, a SaaS-based service, and the Juniper ATP

•

Appliance, an on-premises solution:

Protects enterprise users from a spectrum of advanced malware that exploits “zero-day” vulnerabilities.

•

Proactively blocks malware communication channels.

•

The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and

•

Google Mail, and detects threats in SMB traffic.

Single pane-of-glass management with Security Director and JSA Series integration.

•

SRX5800 Services Gateway Field-Replaceable Units

Field-replaceable units (FRUs) are services gateway components that can be replaced at the customer site.
The services gateway uses the following types of FRUs:

Table 3 on page 24 lists the FRUs of the services gateway and the action to perform to install, remove, or

replace an FRU.

Table 3: Field-Replaceable Units

24

ActionField-Replaceable Units (FRUs)

Air filter

Fan tray

Craft interface

AC and DC power supplies (if redundant)

SFP and XFP transceivers

IOCs

Flex IOCs

Port modules of the Flex IOCs

Routing Engine

SCBs

SPCs

You need not power off the services gateway to install, remove, or
replace any of these FRUs.

Power off the services gateway to install, remove, or replace any of
these FRUs.

MPCs

MICs

SRX5800 Services Gateway Component Redundancy

The following major hardware components are redundant:

Switch Control Boards (SCBs)—The SRX5800 Services Gateway has two SCBs installed and you can

•

install a third SCB for switch fabric redundancy. The SCB of the host subsystem functions as the primary
and the others function as backup. If the SCB of the host subsystem fails, one of the other SCBs takes
over as the primary.

NOTE: The SRX5800 Services Gateway supports a redundant SCB, provided the SCB is a

SRX5K-SCBE (SCB2) running Junos OS Release 12.1X47-D15 and later, or a SRX5K-SCB3
(SCB3) running Junos OS Release 15.1X49-D10 and later.
The SRX5800 Services Gateway does not support a redundant SCB (third SCB) card if
SRX5K-SPC-4-15-320 (SPC2) is installed with SCB1 (SRX5K-SCB). If you have installed a SPC2
on a SRX5800 Services Gateway with a redundant SCB1 card, make sure to remove the
redundant SCB1 card.

Power supplies—When powered by standard-capacity AC power supplies, a minimum of three power

•

supplies are required to supply power to a fully configured services gateway. All AC power supplies
share the load evenly. The addition of a fourth power supply provides full power redundancy. If one
power supply fails in a redundant configuration, the three remaining power supplies provide full power.

When powered by DC power supplies or high-capacity AC power supplies, two power supplies are
required to supply power to a fully configured services gateway. One power supply supports approximately
half of the components in the services gateway, and the other power supply supports the remaining
components. The installation of two additional power supplies provides full power redundancy. If one
or two power supplies fail, the remaining power supplies can provide full power to the services gateway.

25

Cooling system—The cooling system has redundant components, which are controlled by the host

•

subsystem. If one of the fans fails, the host subsystem increases the speed of the remaining fans to
provide sufficient cooling for the services gateway indefinitely.

SRX5800 Chassis

IN THIS SECTION

SRX5800 Services Gateway Chassis | 26

SRX5800 Services Gateway Physical Specifications | 29

SRX5800 Services Gateway Midplane Description | 31

SRX5800 Services Gateway Cable Manager Description | 32

SRX5800 Services Gateway Craft Interface Overview | 33

SRX5800 Services Gateway Craft Interface Alarm LEDs and Alarm Cutoff/Lamp Test Button | 34

SRX5800 Services Gateway Craft Interface Host Subsystem LEDs | 34

SRX5800 Services Gateway Craft Interface Power Supply LEDs | 35

SRX5800 Services Gateway Craft Interface Card OK/Fail LEDs | 35

SRX5800 Services Gateway Craft Interface Fan LEDs | 36

SRX5800 Services Gateway Craft Interface Online Buttons | 36

SRX5800 Services Gateway Craft Interface Alarm Relay Contacts | 39

SRX5800 Services Gateway Chassis

The services gateway chassis is a rigid sheet metal structure that houses all the other services gateway
components (see Figure 1 on page 27, Figure 2 on page 28, and Figure 3 on page 29). The chassis measures

27.75 in. (70.49 cm) high, 17.37 in. (44.11 cm) wide, and 23.0 in. (58.42 cm) deep (from the front-mounting

flanges to the rear of the chassis). The chassis installs in 19-in. equipment racks or telco open-frame racks.

The chassis can be installed in standard 800-mm (or deeper) enclosed cabinets when powered by
standard-capacity power supplies, or in 1000-mm (or deeper) enclosed cabinets when powered by
high-capacity power supplies.

26

Up to three services gateways can be installed in one standard (48 U) rack if the rack can handle their
combined weight, which can be greater than 1,134 lb (515 kg). See “SRX5800 Services Gateway Physical

Specifications” on page 29 for physical specifications for the SRX5800 Services Gateway.

Mounting hardware includes front-mounting flanges on the front of the chassis, and two center-mounting
brackets attached to the center of the chassis.

WARNING: To meet safety and electromagnetic interference (EMI) requirements and

to ensure proper operation, you must properly ground the services gateway chassis
before connecting power. See “Grounding the SRX5800 Services Gateway” on page 226
for instructions.

CAUTION: Before removing or installing components of a services gateway, attach

an ESD strap to an ESD point and place the other end of the strap around your bare
wrist. Failure to use an ESD strap can result in damage to the services gateway.

Figure 1: Front View of a Fully Configured Services Gateway Chassis

OK

0

FAIL

ONLINE

OK

1

FAIL

ONLINE

OK

2

FAIL

ONLINE

OK

3

FAIL

ONLINE

OK

4

FAIL

ONLINE

OK

5

FAIL

ONLINE

OK

0

FAIL

ONLINE

MASTER

ONLINE

OFFLINE

RE0

FAN

PEM

1

0

0

1

2

3

RE1

OK

1

FAIL

ONLINE

OK

7

FAIL

ONLINE

OK

8

FAIL

ONLINE

OK

9

FAIL

ONLINE

OK

10

FAIL

ONLINE

OK

11

FAIL

ONLINE

OK

2

6

FAIL

ONLINE

ACO/LT

YELLOWALARM

REDALARM

NC

NO

C

NC

NO

C

Craft interface

Front-mounting

flange

Center-mounting
bracket

Air intake

Lower
fan tray

Upper
fan tray

Air
filter tray

SCB0

Card
slots 0-5

IOCs

Card
slots 7-11

Routing
engine

SCB1

SCB2
or Card slot 6

g030200

ESD point

CHASSISCLUSTERCONTROL0

CHASSISCLUSTERCONTROL1

CHASSISCLUSTERCONTROL0

CHASSISCLUSTERCONTROL1

SPCs

27

Figure 2: Rear View of a Fully Configured AC-Powered Services Gateway Chassis

28

Figure 3: Rear View of a Fully Configured DC-Powered Services Gateway Chassis

29

SRX5800 Services Gateway Physical Specifications

Table 4 on page 30 summarizes the physical specifications for the services gateway chassis.

Table 4: Physical Specifications

30

ValueDescription

27.75 in. (70.5 cm) highHeightChassis dimensions

17.37 in. (44.1 cm) wideWidth

Services gateway weight

Depth, with standard-capacity
power supplies

Depth, with high-capacity AC
power supplies

Depth, with high-capacity DC
power supplies

23.0 in. (58.4 cm) deep from front-mounting bracket
to chassis rear

27.8 in. (70.6 cm) total depth including cable
management system

25.5 in. (64.8 cm) deep from front-mounting bracket
to chassis rear

30.3 in. (77.0 cm) total depth including cable
management system

27.8 in. (70.6 cm) deep from front-mounting bracket
to chassis rear

32.6 in. (82.8 cm) total depth including cable
management system

Chassis with midplane, fan tray, air filter, and cable
manager: 150 lb (60.4 kg)

Maximum configuration: 400 lb (182 kg)

Routing Engine weight

SCB weight

SRX5K-RE-13-20: 2.4 lb (1.1 kg)

SRX5K-RE-1800X4: 2.4 lb (1.1 kg)

SRX5K-SCB: 9.6 lb (4.4 kg)

SRX5K-SCBE: 9.6 lb (4.4 kg)

SRK5K-SCB3: 10.14 lb (4.6 kg)

13.1 lb (5.9 kg)MPC weight (with two MICs)

13.1 lb (5.9 kg)IOC weight

1.1 lb (0.5 kg)Craft interface weight

4.2 lb (1.9 kg)Fan tray weight