From the very beginning, our destiny at Juniper Networks has been tied to our expertise with silicon. While the storied history and evolution of our application-specific integrated-circuits (ASICs) are quite well known throughout the industry, very few people outside of Juniper are aware of the critical role that ASICs have also played within our security products.
Take any of the SRX Series firewalls, for example. From the smallest desktop-form-factor to the largest chassis-based solutions, there’s a good chance that there’s an ASIC inside, accelerating security workloads and ensuring low-latency, predictable packet-forwarding behavior.
Trio – A Brief History
Historically, when one thinks of Juniper ASICs, one thinks of Trio and, by extension, the famed MX Series Routers. However, when one thinks of the SRX-Series, do they also think of Trio? They should.
Since 2014, we’ve included various generations of Trio in SRX Series devices and have attained many “industry firsts” as a result, some of which — like support for 100Gbps elephant flows, circa 2015 — our competitors are only starting to support now, six years later.
However, despite being among one of the most powerful and flexible network processing ASIC in the industry, most Trio chipsets deployed in SRX Series firewalls have been woefully underutilized. While we’ve supported various hardware-acceleration and offload functions for over a decade, none of these were enabled by default, leaving most customers to learn about these critically important features through documentation and/or release-note updates. Until now.
Introducing Automated Express Path+
With the release of Junos 21.2R1, we are absolutely thrilled to announce the general availability of a feature we’re calling Automated Express Path+. This capability allows an SRX Series firewall to automatically offload all eligible flows to its data-plane ASICs for line-rate forwarding without any additional configuration required by the administrator. This feature expands on Trio’s recently introduced Layer 7 inspection and acceleration capabilities, ensuring that no flow, regardless of size, goes uninspected across the network.
What does this mean for our customers? By simply upgrading to Junos 21.2R1 or later on SRX 4600 and SRX 5000 Series appliances, customers can unlock free, unparalleled next-generation firewall performance, without any additional configuration or hardware investment.
For context, this means that for a device like the 1RU SRX 4600, which has a single fourth generation Trio ASIC (Eagle, or “EA”), the device is now capable of accelerating up to 400Gbps of traffic out of the box, making it the fastest, most compact and energy-efficient next-generation firewall in the world. For those keeping score at home, even though our EA chip is not the latest generation of Trio that Juniper has developed, it’s more than twice as powerful as the latest-generation ASIC from any of our next generation firewall competitors.
For customers looking to understand if their current SRX Series device can benefit from Automated Express Path+, below is the rather extensive list of supported features. Any combination of these features will result in Trio being able to accelerate the flow at line-rate:
- Stateful Firewall
- Network Address Translation (NAT)
- Unified-Policies (with Dynamic-Applications and URL-Categories)
- Security Intelligence
- Intrusion Detection and Prevention (IDP)
- Enhanced Web-Filtering
- Screens (Anti-DDoS) and more
In the age of hyperscale data centers, internal segmentation and 5G convergence, we’re excited to see how our customers will take advantage of this game changing technology to unlock and accelerate their own business objectives.