Blogs

New Content, New Horizons

By lydia right posted 4 days ago
We’re pleased to share that we will be introducing brand-new content spanning all HPE networking technology areas. We’re kicking things off with an  Networking Days Roadshow  event series that brings the combined expertise of HPE Aruba Networking and Juniper closer to you.   As we align the strengths of the HPE Networking community environments, including Airheads and Elevate, we will be introducing crossover content to both communities as our product lines evolve toward a unified, self-driving future. New content will include webinars, blogs, podcasts, and articles across campus and branch networking, security, data center, and WAN. We invite you to ...

SRX Secure Fabric Entry Point

By Karel Hendrych posted 4 days ago
This Tech Post aims to address multi-tenant secure Remote Access of the HPE Juniper Networking SRX firewall. A demo setup that allows for direct breakout into an EVPN/VXLAN fabric VRF, where the SRX serves as a secure, user identity-aware fabric entry point is shown. This functionality is achieved through the integration of the Juniper Identity Management Service (JIMS) with the Juniper Secure Connect (JSC) Remote Access VPN starting Junos 24.4. The article also provides examples of the long-awaited VRF-to-zone mapping feature that emerged in Junos 25.4, changing the approach to SRX zone firewalls with EVPN and MPLS VRFs. Introduction The Juniper ...

Juniper PTX Routers in Front-End Network

By Kashif Nawaz posted 6 days ago
Juniper PTX Routers as Front-End Network Tunnel Aggregation and DCI Edge Router (Part 2 of "Overlay Networking in AI Era" series) Introduction In the previous article , we reviewed the evolution of overlay networks in the AI era, assessing how DPU-based architectures are reinventing the network infrastructure for AI cluster frontend traffic. We covered the journey from kernel networking to DPU/ SmartNIC-based overlay tunnels between host and gateway node. This publication looks at the implementation of an Overlay Tunnel Gateway Solution based on Juniper PTX Series routers. Although various overlay tunnelling technologies are available e.g. ...

Managing Junos Devices with Context-File and JMCP Server

By christian graf posted 10 days ago
An Introduction to LLM-Driven Network Automation Overview Using LLMs with MCP is a next-generation approach to network automation which is available today. Today's market-leading LLM's have a great understanding on Junos and a prompt like check all interface statistics for only ISIS enabled interfaces on routers R11 and R12 would indeed execute a show isis interface to get hold of the ISIS enabled interfaces and then in a second step show interface or even show interface extensive for identified interfaces. Furthermore, the LLM would indicate by itself if anything suspicious is seen in the output of those commands. The data-source is flexible ...

Introducing PTX12000 Chassis

By Nicolas Fevrier posted 11 days ago
All you need to know to get started. Let’s explore the latest addition to the PTX family, the 8 and 12-slot PTX12000 chassis. Introduction It’s not every day you unveil a brand-new series product line, so it’s with a lot of excitement we launched the PTX12000 modular chassis in February 2026. The PTX12000 chassis sets new standards in terms of port density (800GbE today, 1.6TE will come next), cooling capacity and power efficiency. The new chassis completes the PTX10000 family by adding a different form factor and a fully redesigned architecture. Both the latest line cards and fabric cards for PTX10000 and PTX12000 use the same internal ...

Overlay Networking in AI Era

By Kashif Nawaz posted 15 days ago
From Kernel Networking to DPU: Evolution of Data Processing and Gateway Tunneling Cloud providers run huge numbers of concurrent AI workloads across shared infrastructure without them stepping on each other. How? Network overlay tunnels create isolated virtual networks, and DPUs handle all that tunnel processing so your host CPU can focus on actual workloads. The industry evolved through four generations to get here: kernel networking (slow, ate 20-30% of CPU), DPDK (faster user space processing), SmartNICs (hardware offload), and now DPUs (dedicated processors). Here's why each transition happened and what it means for AI infrastructure The Evolution ...

SRX clustering: from Chassis Cluster to MultiNode High Availability

By LaurentP posted 21 days ago
A simple guide for understanding the differences between Chassis Cluster (original CC) and MultiNode High Availability (MNHA) used on Juniper SRX. Existing Techpost articles cover the method to understand MNHA: Multi-Node High Availability Basics (techpost from Steven Jacques) Hybrid MNHA with eBGP (techpost from James Rathburn) Introduction Historically in Junos, SRX have supported Chassis Cluster since day one (i.e. when this feature was introduced around 2008). This Chassis Cluster technology was inherited from other Junos platform that had the same need to see a pair of devices acting as a single one. This evolved ...

State, Signaling, and the Cost of Simplified Narratives

By cbarth posted 24 days ago
This article is not a comparison of protocols, nor an argument for or against any specific traffic engineering architecture. Instead, it is an examination of how architectural narratives form, how they simplify complex histories, and how those simplifications can quietly shape design assumptions long after the original context has faded. Introduction One of the most persistent narratives in the rise of Segment Routing (SR) is that it succeeded by eliminating per‑path signaling state, particularly the state associated with RSVP‑TE. In this telling, RSVP is cast as an inherently complex, fragile protocol whose hop‑by‑hop signaling model made large‑scale ...

Enhancing Route Manipulation

By Moshiko Nayman posted 02-05-2026
Advanced Junos OS route control techniques, such as rib-groups, vpn-global-import, and rib-export, enable selective sharing, controlled leaking, and cloning of routes across different RIBs while maintaining loop prevention for complex service-provider routing scenarios. Introduction Junos OS 25.2 and 25.4 introduces a powerful vrset of new features that enhance the already extensive route manipulation toolkit available to service providers. Building on decades of proven routing capabilities (including rib-groups, auto-export, and advanced policy controls), We will explore two enhancements, rib-export (Junos 25.2) for controlled secondary route ...

Welcome to the Next Chapter of The Elevate Community

By Elevate posted 01-21-2026
Welcome to the Next Chapter of The Elevate Community We’re excited to welcome you to the latest update the Elevate Community . This update was built with our members in mind—making it easier to find answers, share expertise, and connect with others who understand the challenges you face every day. Whether you’re troubleshooting an issue, sharing a best practice, or learning something new, the new Elevate helps you do it faster and more effectively. A User-Friendly Experience Built for Efficiency The community now offers an intuitive, social-media-style interface ...

L3VPN over SRv6 with JCNR

By Lavanya Kumar Ambatipudi posted 01-11-2026
Do you need secure, isolated multi-tenant connectivity across Kubernetes and cloud infrastructures. JCNR supports SRv6 L3VPN with micro-Segment Identifiers (uSIDs) in various SRv6 endpoint behaviors (End.DT4, End.DT6, End.DT46). Overview Juniper Cloud-Native Router (JCNR) is a containerized, cloud-native routing solution that brings enterprise-grade networking capabilities to cloud and containerized environments. Built on Juniper's proven routing technologies, JCNR delivers the same robust features and characteristics as traditional Juniper routers while being optimized for modern cloud-native infrastructures. Segment Routing over IPv6 (SRv6) ...

MX301 A Powerful Filtering Gateway

By David Roy posted 01-07-2026
Let's use the Juniper filtering tools in a more comprehensive and realistic use case in which MX301 will serve as a filtering routing gateway to protect peering points, critical cloud platforms, or any network infrastructure that requires large-scale security. Introduction This is the second article on the MX301 platform's filtering topic. The first article [1] in this series was about the FlowSpec FLT Acceleration feature recently introduced in Junos 24.4. As already presented, the Juniper Networks MX301 is the newest member of the MX family. We detailed this new platform in a previous DeepDive Techpost [2] . MX301 as a Filtering Gateway In ...

MX301 High-Performance FlowSpec Without Compromise

By David Roy posted 01-07-2026
Explore how Juniper’s MX301 router, using Junos 24.4 and its Trio 6 ASIC’s specialized Fast Lookup Table (FLT), accelerates BGP FlowSpec rule processing so that even large and complex FlowSpec filters can be applied without degrading throughput by offloading 5-tuple matches to hardware. Introduction The Juniper Networks MX301 is the newest member of the MX family. We presented this new platform in the previous Techpost [1]. Figure 1: MX301 front view In this article, we will use MX301 platform to highlight a relatively recent MX/Trio feature introduced in Junos 24.4: FlowSpec Hardware Acceleration . As you may know, the Trio ASIC leverages ...

Inline IPSec on MX Series

By Suneesh Babu posted 12-03-2025
Juniper adds support for inline IPsec on MX-series routers, meaning that IPsec encryption/decryption is done directly by the router’s Packet Forwarding Engine (PFE) ASIC instead of by a separate service card, resulting in much higher VPN throughput and lower latency. This Techpost details how inline IPsec works on Trio 6-based MX routers and describes the configuration steps needed to activate it. Co-written by Poorna Pushkala Balasubramanian and Suneesh Babu Introduction Internet Protocol security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. ...

SRX Dynamic IP Objects aka Feed-server

By Karel Hendrych posted 11-30-2025
For a long time, the SRX has been able to periodically download IPv4 and IPv6 prefixes from external sources and map them to objects used in firewall policies. Essentially, this is the easiest way to automate the firewall rule base when rules act as templates, and IP sources or destinations are dynamic objects influenced by external automation. This Tech Post aims to provide a quick-start guide. Introduction In environments with frequent changes to firewall rule base objects, where a static address book would be excessively large and where DNS objects do not apply, a viable option is the use of dynamic IP objects fetched by the SRX from an HTTPS server. ...

MX301 Deepdive

By David Roy posted 11-24-2025
Let's explore the capabilities of the Juniper Networks MX301 Universal Routing Platform, a 1RU edge router built on Trio 6 silicon that delivers up to 1.6 Tbps full-duplex throughput, supports a broad range of interface speeds from 1GE to 400GE, and integrates features like hardware-accelerated MACsec/IPsec. The article details system architecture, chassis design, port mapping, and targeted use-cases—highlighting how the MX301 extends the MX10K family into more compact deployments for both enterprise and service-provider environments. Introduction The Juniper Networks MX301 Universal Routing Platform is a compact, high-performance 1RU edge router designed ...

200 Articles on TechPost

By Nicolas Fevrier posted 11-20-2025
After three years of activity, we passed the 200 articles mark last month. Writers have been extremely prolific, let's try to build a page with links to all these posts with a short abstract. Introduction Juniper Networks, now HPE Juniper Networking, is, at its very foundation, a technological company. When we opened the TechPost platform with the motto " Byte-Sized Articles on Juniper Solutions by Network Engineers, for Network Engineers", we wanted to create a place where Juniper engineers could share their knowledge and experience on technologies, products and protocols with no marketing fluff. Three years later, I'm proud ...

Lossless Ethernet Fabrics with PFC for AI/ML Workloads

By Parthipan TS posted 11-17-2025
Priority Flow Control (PFC) can be used in Ethernet fabrics to achieve lossless traffic—particularly important in AI/ML workloads and HPC—by pausing specific priority queues when congestion arises, avoiding costly retransmissions. The article details best practices for configuring PFC on Juniper QFX5K switches, handling buffer headroom, DSCP-based PFC, and mechanisms to detect and recover from PFC deadlocks. Introduction Ethernet is becoming the de facto standard for network infrastructure on AI/ML and HPC deployments. In AI/ML scenarios, where massive amounts of data are being transferred, retransmissions due to packet loss can significantly slow down ...

JCNR and Topology-Independent Loop-Free Alternates (TI-LFA)

By Lavanya Kumar Ambatipudi posted 11-15-2025
The Juniper Cloud‑Native Router (JCNR) integrates modern forwarding and resilience mechanisms, specifically Segment Routing with MPLS (SR‑MPLS) and Topology‑Independent Loop‑Free Alternate (TI‑LFA), to deliver sub-50 ms failover and full coverage in cloud-scale IP/MPLS networks. It presents two deployment use-cases (transit node and edge node) demonstrating how JCNR implements TI-LFA within SR-MPLS environments to achieve high availability and operational efficiency. Introduction The Juniper Cloud-Native Router (JCNR) represents a transformative approach to modern networking, designed to meet the demands of cloud-scale environments with agility, scalability, ...