Junos Architecture (Planes)
Quiz: https://networkdirection.net/labsandquizzes/quizzes/juniper-jncia/architecture-planes
Lab: https://networkdirection.net/labsandquizzes/labs/jncia-labs/junos-architecture-planes
Notes
Network devices logically split their services into two planes; The control plane and the data plane.
Traffic going to the device (called exception traffic) is handled by the control plane. This includes routing protocol updates and management traffic.
On a Juniper device, the RE (Routing Engine) uses the CPU to process exception traffic. The RE represents the control plane. The RE may also be known as the ‘supervisor’ by some other vendors.
Some people talk about the management plane. This is a subset of the control plane.
Traffic being forwarded through a device is called transit traffic. On a Juniper device, this is handled by the PFE (Packet Forwarding Engine). PFE’s may also be known as line cards.
The PFE uses special hardware, including ASIC chips, to efficiently forward traffic. PFE’s do not use the CPU.
In the vast majority of cases, the PFE can handle transit traffic without needing to involve the RE. This emphasizes the split between the control and data planes. If one plane is overwhelmed, the other plane can continue.
Modern PFE’s can also handle advanced features like CoS, firewall filters, and ICMP time-exceeded responses, without involving the RE.
The RE builds the routing table, and from that it builds the forwarding table.
The RE manages the PFEs. They push microcode and forwarding tables to the PFEs when necessary.
The RE will also monitor chassis health (for example, temperature, fan speed, etc).
Inside the device, there is an internal bridge (or link) between the PFE’s and the RE’s. This is represented by an interface (such as fxp1, em1, or similar).
The bigger devices will have two of these interfaces as a backup.
Any exception traffic that the PFE’s can’t handle is forwarded over this link to the RE.
The internal bridge has a built-in rate limiter, which is not configurable. We can add our own policies if we want to change some aspects of the PFE/RE behaviour.
If you have a device with multiple RE’s, you can use ISSU (In-Service Software Upgrade). This is a way of updating Junos with no downtime.
With ISSU, one RE is active, while the other is being updated. You can check if you have multiple RE’s with show chassis hardware.
To use ISSU, you need to have enabled:
- GRES (Graceful Routing Engine Switchover)
- NSR (Non-Stop Routing)
- Commit Synchronization
Additional References
An Informal Guide to the Engines of Packet Forwarding
https://forums.juniper.net/t5/Routing/An-Informal-Guide-to-the-Engines-of-Packet-Forwarding/ta-p/401192
Permanent Interfaces
https://www.oreilly.com/library/view/junos-enterprise-routing/9781449309633/ch04s01.html
Junos Operating System Fundamentals(Part – 2)
http://juniper-basic.blogspot.com/2017/02
Router Interfaces Overview
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/router-interfaces-overview.html#id-understanding-internal-ethernet-interfaces
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/router-interfaces-overview.html#id-understanding-internal-ethernet-interfaces
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/router-interfaces-overview.html#id-understanding-internal-ethernet-interfaces
https://www.juniper.net/documentation/en_US/release-independent/junos/topics/reference/general/routing-engine-m-mx-t-series-support-by-chassis.html