Juniper MX Routers – all you ever wanted to know

During a recent ExpertExpress engagement I got an interesting question: “could we do per-customer policing and shaping on an MX-80 if we want to offer VPLS services and have Q-in-Q encapsulation on customer-facing links?” As I have preciously little Junos/MX knowledge, it was time for the classic “I’ll get back to you” reply and some heavy research.

You probably know how hard it is to find in-depth information on an unknown platform running unfamiliar software. Fortunately, Doug Hanks (@douglashanksjr) sent me a review copy of his new Juniper MX Series book a while ago. It was time for some serious reading.

Chapter 1 – Juniper MX Architecture. A deep-dive introduction into various MX models, the Trio chipset architecture and functionality and various linecards and their advantages and limitations. Got me to the point where I understood what the customer planned to order. Nice start.

Chapter 2 – Bridging, VLAN mapping, IRB. Exactly what I needed. Although VPLS is out of scope of the book, I got enough information to understand that you need to configure per-customer logical interfaces, that you could sort packets into interfaces by matching outer or inner VLAN tags, and that you could do all sorts of weird VLAN tag manipulation in transit.

Key takeaway: you can define per-customer logical interfaces, configure bridging or routing on them, and use full Q-in-Q tagging to select logical interfaces.

Chapter 3 – Stateless Filters, Hierarchical Policing and Tri-Color Marking. I started skimming the content at this point as I was really not interested in firewall filters, but got just enough information to understand you could do per-logical-interface policing and marking. Enough information to answer the customer query.

Chapter 5 – Trio Class of Service. Another beautiful in-depth description of Trio functionality that I mostly skipped because I really didn’t need all the details. However, I quickly got the answer I was looking for: you can do per-IFL (logical interface) shaping, but you need hierarchical QoS for that, and it’s available only on certain linecards, not on the built-in 10GE ports on MX-80.

Conclusion: If my customer wants per-VLAN egress shaping (not only ingress/egress policing), they have to install a MIC (or two) in their MX-80 (because MX-80 supports H-CoS only on MIC ports) and connect customer-facing links to the MIC ports.

Three hours later, I had all the answers I needed, courtesy of Doug Hanks, Harry Reynolds and O’Reilly. Thank you, you all did a great job! Now, if there would be a similar book on ASR-1K ...

But wait, there’s more

Obviously this excellent book covers more topics than the ones I was looking for. There’s a chapter on control plane protection and DDOS prevention, another one on virtual chassis, multi-chassis link aggregation (no surprise, Doug as a Data Center Architect), and high availability. Finally, the Trio Inline Services chapter describes NAT and tunnel services.

All these goodies will probably have to wait till my next consulting engagement; at the moment I’m too busy preparing for another trip to the Ivory Tower.

Full disclosure

Doug Hanks sent me a free review copy of the book, but that did not influence my opinion in any way – I would gladly pay the $69.99 price to have this tome of condensed in-depth information readily available.


  1. It's a good idea to write a book on asr1k architecture :) I wish I had the time.
  2. Why not just use decent carrier Ethernet kit?
    1. What exactly would you have in mind? They wanted around 10Gbps of L3 (with full BGP tables)+MPLS+VPLS.
    2. "We want to offer VPLS services and have Q-in-Q encapsulation on customer-facing links?"
Add comment