Вы находитесь на странице: 1из 13

WHITE PAPER

Do You NeeD a BroaDBaND remote access server?


Functionality and Trade-Offs of Using Smart DSLAMs and MSANs

Copyright 2010, Juniper Networks, Inc.

WHIte PaPer - Do You Need a Broadband remote access server?

Table of Contents
executive summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 centralized control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 PPPoX termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 DHcP support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Quality of service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Dynamic Bandwidth management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Juniper support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 about Juniper Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Table of Figures
Figure 1: centralized and distributed intelligence broadband models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Figure 2: centralized Bsr supporting multiple access methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Figure 3: simple broadband connection using PPPoX (for Internet access) and IPoe (for IPtv) . . . . . . . . . . . . . . . . . . 4 Figure 4: msaN per-service queuing based on 802 .1p bits marked by Bsr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Figure 5: Per-subscriber Qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Figure 6: Hierarchical per-subscriber Qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Figure 7: mcac at Bsr, based on subscriber link utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Figure 8: asymmetric security in a broadband network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Figure 9: overview of Juniper Networks routers supporting wireline broadband networks . . . . . . . . . . . . . . . . . . . . . 9

ii

Copyright 2010, Juniper Networks, Inc.

WHIte PaPer - Do You Need a Broadband remote access server?

Executive Summary
There are many misconceptions about the role of the DSL Forums Broadband Network Gateway (BNG), better known as a Broadband Remote Access Server (BRAS) or Broadband Services Router (BSR). The BSR has evolved significantly from its original role of terminating PPPoX sessions. Proponents talk about enhanced subscriber management capabilities, while detractors claim that all needed functions can be done by a smart Digital Subscriber Line Access Multiplexer (DSLAM) or MSAN (Multiservice Access Node). These alternatives are shown in Figure 1.
Centralized Broadband Services Router (BSR)

MSAN

Switch

Apps

Diributed Smart MSAN

Switch

Figure 1: centralized and distributed intelligence broadband models

There are several functions that must be performed to successfully support broadband traffic. This paper describes the key functions that may need to be implemented by the smart edge device, either the MSAN or the BSR. It is not intended as a decision guide on whether to use PPPoX or IP over Ethernet (IPoE), nor to provide a tutorial on what enhancements are required to allow DHCP to be used on a broadband network. In addition, the intent is not to advocate that a BSR be used in the network, but rather to provide an understanding of the functions that it typically provides. This allows you to determine whether these functions are required in your network, and whether these functions are best provided by a centralized BSR or by distributed MSANs. Juniper Networks supports both network implementations.

What Is an MSAN?
MSAN is a generic term for a device that aggregates xDSL, passive optical network (PON), Ethernet, plain old telephone service (POTS) and T1 traffic from subscribers. Some operators terminate these functions in single service MSANs, including DSLAMs, OLTs and data link controls (DLCs), while others are terminating multiple services using a single MSAN chassis.

Copyright 2010, Juniper Networks, Inc.

WHIte PaPer - Do You Need a Broadband remote access server?

Introduction
The BSR has evolved over time to provide a myriad of capabilities targeted at improving the service providers ability to control what each subscriber is doing based upon the service they have signed up for, as well as simplifying overall network operations. Table 1 summarizes the key functions of the BSR.

FEATURE
centralized control

FEATURE DESCRIPTION
Single point of operational control Access agnostic architecture

BENEFIT
Avoids needing to touch each MSAN to make a network change Uses a common operational model to support all access devices, allowing you to select the lowest cost MSAN which meets your needs Allows operator to select lowest-cost MSAN which aggregates subscriber traffic Simplifies subscriber management Reduces network traffic Improves security by hiding address of real DHCP server; simplifies network operations by ensuring that subscriber keeps same IP address Allows single subscriber database for PPPoX and DHCP subscribers; allows use of RADIUS accounting Eliminates need for separate DHCP servers Provides basic application-level QoS without considering what different subscribers are doing Queues and schedules traffic separately for each subscriber Looks at various potential network bottlenecks to queue and schedule traffic independently for each subscriber Ensures video quality by allowing new multicast (IPTV) sessions only if bandwidth is available Ensures subscriber satisfaction by verifying network resource availability and dynamically marking packets Limits number of addresses which can be assigned to a subscriber, and drops traffic from other IP addresses Protects network from attack by checking traffic from subscribers

MSAN independence PPPoX termination DHcP support Establish connection-oriented sessions with keep-alives DHCP Relay converts broadcast to unicast DHCP Proxy tracks DHCP lease life and renews leases RADIUS Proxy communicates with RADIUS server DHCP Local Server Quality of service (Qos) Per-service marking and queuing Per-subscriber Hierarchical queuing

Multicast call admission control Dynamic bandwidth management

security

IP Address Tracking

Firewall

Copyright 2010, Juniper Networks, Inc.

WHIte PaPer - Do You Need a Broadband remote access server?

Centralized Control
Perhaps the most important motivator for deploying a BSR has nothing to do with technology, but rather with minimizing the total cost. Using a BSR provides three key benefits: Single point for change control: If a network change needs to occur, it is simpler to make the change at a single BSR than at dozens, hundreds or even thousands of devices. This is a critical reason why virtually every large broadband operator has BSRs in the network. For example, it is simpler to update a single, centrally located security appliance than it is to push security updates to each MSAN. In addition, having a centrally located backup security appliance allows this upgrade to occur without taking subscribers out of service. Common access-agnostic operational model: Each MSAN has its own configuration tools, language and capabilities, driving up costs as technicians need to learn different products. This also limits the ability to move to newer products from different vendors, including migrating to a higher speed solution such as PON. Implementing different features on different MSANs is also operationally expensive, as technicians must figure out how customers are connected before resolving problems.

Switch Dial Up Switch DSL Switch Cable Switch LMDS 802.11 Switch Satellite (DVB) Switch Ethernet VLAN Switch Leased Line IP or L2
Figure 2: centralized Bsr supporting multiple access methods

BSR

IP BACKBONE

MSAN independence: Finally, adding intelligence into the MSAN drives up the cost of every MSAN in the network. Paying a little bit more for each MSAN often ends up costing more in the long run than deploying a BSR. Allowing the MSAN to do what it does bestaggregating subscriber trafficoften leads to the lowest overall cost solution. This total cost of ownership (TCO) business case is most compelling for larger operators supporting thousands of MSANs. Smaller operators may be willing to focus on minimizing the cost benefits of deploying BSRs and deploy smarter, more expensive MSANs instead.

Copyright 2010, Juniper Networks, Inc.

WHIte PaPer - Do You Need a Broadband remote access server?

PPPoX Termination
Originally used for dial-in networks, Point-to-Point Protocol (PPP) was adopted by the DSL Forum because of its additional important functionality. As DHCP has been enhanced to provide many of these functions, it is becoming more common to build networks without PPP. One driving force behind this transition is the adoption of IPTV service across broadband networks, which does not work well with PPP. Since the BSR was initially designed to terminate PPP, the argument goes, it is no longer necessary to have one in the network1. Many new deploymentsnotably smaller operatorselect to implement a pure DHCP solution, so PPP termination is rarely the motivator to deploy a new BSR. However, PPP is still widely deployed, with many established broadband providers continuing to use PPP for new subscribers because of its benefits. Regardless of whether PPPoX is used for Internet traffic, IPTV traffic is transmitted across a separate (non-PPPoX) connection as illustrated in Figure 3.
VLAN for Internet Access PPP session carried within VLAN Internet Trafc DSL MSAN BSR

VLAN for IPTV

IPTV content

Figure 3: simple broadband connection using PPPoX (for Internet access) and IPoe (for IPtv)

DHCP Support
When using DHCP2, the network ideally provides several addressing capabilities: DHCP Relay: This capability minimizes network overhead and improves security by converting DHCP broadcasts to unicast. DHCP Proxy: This further improves security by hiding the address of the real DHCP server; and reduces network complexity by ensuring that each subscriber uses a single IP address. RADIUS Proxy: This allows the DHCP Relay Agent to receive information about the subscribers permissions from a RADIUS server, and to track subscriber usage via RADIUS accounting. DHCP Local Server: The DHCP Relay Agent can also serve as the DHCP server, assigning IP addresses to subscribers upon request. This eliminates the need to have a separate server farm supporting this function. All of these functions are supported by BSRs. It is becoming increasingly common for MSANs to implement DHCP Relay, although DHCP Proxy and RADIUS Proxy are less frequently implemented. Only BSRs implement the Local Server function.

Copyright 2010, Juniper Networks, Inc.

WHIte PaPer - Do You Need a Broadband remote access server?

Quality of Service
Another important requirement of the broadband network is its ability to effectively manage traffic in the access network. One approach, per-service QoS, prioritizes traffic based strictly on the priority bit settings within the packet. In the extreme case, a few subscribers running all high-priority applications could prevent low-priority traffic from reaching other subscribers. More realistically, the high-priority subscribers will receive more than their fair share of the bandwidth, at the expense of other subscribers. The second approach, per-subscriber QoS, manages traffic based on both priority bit settings and destination. This ensures that each subscriber gets a fair share of the bandwidth. With this in mind, there are several capabilities that can be provided by the broadband network: Per-service marking and queuing: Subscriber-bound traffic must be marked to conform to service provider standards. For example, VoIP traffic may be marked differently than Web traffic. Individual packets may be prioritized based on Layer 3 IP DiffServ markings or based on Layer 2 Ethernet 802.1p markings. Application servers and gateways typically mark IP DiffServ bits, and IP routers can use these bits to prioritize traffic. However, Layer 2 equipment such as lower-cost MSANs can only look at the Ethernet markings. Therefore, the choices are to purchase MSANs that have the processing and memory to examine DiffServ bits, or else have something in the network (typically a BSR) that sets the 802.1p bits based on the DiffServ settings. This is depicted in Figure 4.
BSR MSAN

802.1p = 7, 6

802.1p = 5, 4 802.1p = 3, 2 802.1p = 1, 0

VoIP Frame DiffServ = AF41 802.1p = 45

802.1p = 7 802.1p = 6 802.1p = 5 802.1p = 4 802.1p = 3 802.1p = 2 802.1p = 1 802.1p = 0

Scheduler

Set 802.1p

VoIP Frame DiffServ = AF41 802.1p = (Not set)

Figure 4: msaN per-service queuing based on 802 .1p bits marked by Bsr

Per-subscriber QoS: Ensuring that each subscriber gets his/her fair share of bandwidth requires persubscriber QoS where there is a separate set of priority queues for every subscriber. This also allows the network to deliver different types of traffic to different subscribers at the same time. Figure 5 provides a simple example of per-subscriber queuing. Due to the large number of queues and associated memory, per-subscriber queuing is typically provided only by custom application-specific integrated circuits (ASICs) in BSRs.
BSR Subscriber #1

MSAN

Sub. 1 Control IPTV VoD VoIP VPN Gaming Web

Sub. 2 Control IPTV VoD VoIP VPN Gaming Web

Sub. N Control IPTV VoD VoIP VPN Gaming Web

Subscriber #2

Sorted packets: Packets to each subscriber in priority order Each subscriber gets their fair share

Unsorted packets Destined for two subscribers

Sorting based on: Application requirements Destination


Figure 5: Per-subscriber Qos
Copyright 2010, Juniper Networks, Inc.

WHIte PaPer - Do You Need a Broadband remote access server?

Hierarchical queuing: A related capability is hierarchical queuing, which looks at different potential bottlenecks before determining how to schedule traffic. For example, the MSAN or BSR can look at bandwidth utilization on a shared PON link to ensure that this link is not oversubscribed, and to ensure that each subscriber gets their fair share of the shared fiber connection. In addition, the BSR can verify that bandwidth to the MSAN is available. Internet-based video, video on demand (VoD) and HDTV are driving up bandwidth requirements to the MSAN, making this link a potential bottleneck. By controlling traffic being sent to the MSAN, the BSR further ensures that each subscriber gets a fair share of bandwidth. This function, depicted in Figure 6, is provided by custom ASICs in a BSR.
Home 1 Queues Home 2 Queues Business 1 Queues Multicast Trafc (unique VLAN) VoIP Internet Access VPN Service Broadcast TV

IP Queue
Service Queues (per subscriber)

IP/VLAN Node
(per household)

VLAN
Per MSAN Scheduler (if required)

DSLAM x

DSLAM y

DSLAM 1

BSR GigE To DSLAM or Switch


Figure 6: Hierarchical per-subscriber Qos

QoS continues to be an important differentiator for BSRs. Commercial chipsets used in MSANs cannot support separate queues for each subscriber, and only the BSR can dynamically control bandwidth to each MSAN.

Dynamic Bandwidth Management


Closely related to QoS is dynamic bandwidth managementensuring that the bandwidth is available to support a new application, making network changes to support requests, and preventing new services that can affect existing sessions. This last capability is call admission control and is similar to what is done in traditional voice networks. Multicast Call Admission Control (MCAC): This capability prevents the network (MSAN or BSR) from honoring channel change requests that would oversubscribe bandwidth to the subscriber. For example, a subscriber may have enough bandwidth to support one SDTV and one HDTV connection. If one TV is already viewing HDTV content, then the other TVs must be prevented from attempting to view a different HD channel. Most often, operators avoid this situation by only limiting the number and type (SD/HD) of set-top box receivers each subscriber can have. This is becoming a serious concern for both subscribers and operators, who often would like to support more TVs that use the same bandwidth or choose which TV on which to view the HD content. For these situations, MCAC is the preferred solution. An additional complication arises as video traffic moves to a unicast model. In this case, it is more likely that the connection to the MSAN, rather than the link to the subscriber, can be the bandwidth bottleneck. Therefore, it is necessary to look at available bandwidth to both the MSAN and the subscriber to determine whether the request can be honored.

Copyright 2010, Juniper Networks, Inc.

WHIte PaPer - Do You Need a Broadband remote access server?

Figure 7 shows a sample calculation to decide whether a channel change request can be honored. In this example, this function is performed by the BSR, based solely upon bandwidth to the subscriber. An analogous calculation can check bandwidth available to the MSAN as well. Some MSANs also support multicast CAC, although only BSRs can consider bandwidth to the MSAN when determining whether to honor the request.
Bandwidth per channel Group 224.1.1.2 224.1.12.101 Subscriber DSLAM Port 224.1.12.102 BSR Bandwidth 2 (SD) 6 (HD) 6 (HD)

MSAN

Switch

10 Mbps

1 Gbps IGMP (join 224.1.1.2) Channel 2 IGMP (join 224.1.12.101) Channel 318 IGMP (join 224.1.12.102) Denial Message

1 Gbps Bandwidth (per subscriber) Sub 10.10.1.3 Total 10 Commit Request Total 0 2 2

Approved: Total bandwidth is < 10 Mbps Sub 10.10.1.3 Total 10 Commit Request Total 2 6 8

Approved: Total bandwidth is < 10 Mbps Sub 10.10.1.3 Total 10 Commit Request Total 8 6 14

Denied: Total bandwidth exceeds 10 Mbps Figure 7: mcac at Bsr, based on subscriber link utilization

Unicast bandwidth management: Incoming requests to establish new sessions can be checked against criteria such as available bandwidth to determine whether the connection can be permitted. For instance, a session border controller that cannot accept any more calls must inform the MSAN or BSR that the call cannot be completed. Unlike multicast IPTV, these applications each have their own control protocols. Therefore, the application server must ask the network whether resources are available, after determining the required resources. For example, when a subscriber requests to view VoD content, the VoD system first determines that the requested content is 3.75 Mbps (SDTV), and then asks whether this much bandwidth is available from server to subscriber. To accomplish this, there must be a single device that holds a complete picture of the network, including existing bandwidth commitments. This device, architecturally called a Policy Decision Point (PDP), makes the decision about whether new requests can be honored. In addition to informing the application, it may also need to tell certain network elements, called Policy enforcement Points (PePs), how to treat this traffic. For example, once it is determined that a VoIP session can be supported, this traffic can be marked as high priority if (and only if) the subscriber has signed up for VoIP service. Otherwise, a different policy is applied to mark it as best efforts traffic. Dynamic bandwidth management is recognized as an important mechanism for protecting the network and improving revenues by controlling network access. Current MSANs do not work with PDPs (that is, do not function as a PEP), while many BSRs do support this. An important requirement is that the PDP use standard Web services such as Simple Object Access Protocol (SOAP) to communicate with application servers, making it as easy as possible to support a wide range of applications.

Copyright 2010, Juniper Networks, Inc.

WHIte PaPer - Do You Need a Broadband remote access server?

Security
Protecting the application servers from attack is another fundamental network requirement. IP Address Tracking: The network should ensure that only authorized subscribers can access the network by dropping traffic from IP addresses that have not been assigned to this subscriber. This information can be learned from DHCP flows. As a related capability, the network should limit the number of IP addresses that can be assigned to a subscriber. Firewall: Incoming traffic from subscribers can be redirected to a security appliance to protect against network attacks. If an attack is noted, the policy enforcement node can be instructed to drop incoming packets from a given subscriber. Generally, all traffic from all subscribers is validated, while traffic to subscribers (which originates at trusted servers within the network) bypasses the security check. This prevents the security appliance from being overwhelmed by IP video traffic. Figure 8 depicts a network supporting asymmetric security. On the left, traffic from the subscriber is checked and allowed to pass to the application server, which responds by forwarding application traffic. On the right, an attack is detected, so the security device notifies the network to drop all traffic from this subscriber. In addition, information about the attack will be displayed on an operator console. The application server does not see the attack. Providing this function requires deploying a security appliance alongside the redirection engine, as well as support for this asymmetric model. It is not cost effective to do the former, and most MSANs do not support the latter. The most common solution is to have the MSAN itself provide some level of checking to protect against common attacks such as Distributed Denial of Service (DDoS). The MSAN vendor provides periodic updates that the operator must apply to each MSAN.
Policy Enforcement Point MSAN BSR ISG Series Security Appliance
Figure 8: asymmetric security in a broadband network

CORE
MSAN

Policy Enforcement Point BSR ISG Series Security Appliance

CORE
SRC Policy Engine

Copyright 2010, Juniper Networks, Inc.

WHIte PaPer - Do You Need a Broadband remote access server?

Juniper Support
As shown in Figure 9, Juniper supports a wide range of connectivity for access networks. MSANs and aggregation switches can connect upstream to any of three Juniper Networks routers: Ethernet aggregation switches (Juniper Networks MX Series 3D Universal Edge Routers) IP routers with high Ethernet density (Juniper Networks M Series Multiservice Edge Routers) Broadband Services Routers (Juniper Networks E Series Broadband Services Routers)
BSR

Head-End MSAN E Series MX Series

T Series MSAN MX Series M Series

Apps

Figure 9: overview of Juniper Networks routers supporting wireline broadband networks

For networks that require a BSR, Juniper Networks E Series portfolio of IP edge routing platforms is a critical element in the control, delivery and accounting of services at the network edge. The E Series routers support DHCP and PPPoX operational models including PPPoX termination and DHC Proxy Relay. In addition, they shape traffic to individual subscribers, to MSANs, and to aggregation switches. Policy enforcement is provided in conjunction with the Juniper Networks SRC Series Session and Resource Control Modules, which provides the policy decision point function. For networks using smart MSANs, the Juniper Networks M Series Multiservice Edge Routing portfolio and MX Series 3D Universal Edge Routers combine best-in-class capabilities with unmatched reliability, stability, security and service richness. These products allow providers to consolidate multiple networks into a single infrastructure while simultaneously generating new revenues with leading-edge services. M Series Multiservice Edge Routers support both Ethernet-based and ATM-based MSANs, while the MX Series 3D Universal Edge Routers establish a new industry standard for Carrier Ethernet capacity, density and performance. The Juniper Neworks MX960 Ethernet Services Router is the industrys largest-capacity Carrier Ethernet platform, with up to 960 gigabits per second of switching and routing capacity, while the Juniper Networks MX480 and Juniper Networks MX240 Ethernet Services Routers provide smaller capacity routers for those locations and subscriber densities where fewer ports are required. In addition, the MX Series can serve as a smart Ethernet switch that aggregates MSAN traffic while supporting required broadband functions such as Internet Group Management Protocol (IGMP) snooping.

Copyright 2010, Juniper Networks, Inc.

WHIte PaPer - Do You Need a Broadband remote access server?

Conclusion
Each of the the functions described in this paper may be provided by MSANs that use commercially available chipsets, by MSANs that use custom ASICs or by BSRs. Its not surprising that MSANs with custom ASICs cost more than those using commercially available chipsets but provide more functionality. Similarly, BSRs generally provide more functionality than MSANs. Table 2 summarizes which type of platform supports each function.

FEATURE DESCRIPTION

COMMERCIAL MSANS

ADVANCED MSANS

JUNIPER NETWORKS E SERIES BSR

Centralized Control single point of control, access agnostic, msaN independence DHCP Support DHcP relay DHcP Proxy, DHcP raDIus Proxy DHcP Local server PPPoX PPPoX termination QoS Qos per service Qos per subscriber, hierarchical Qos Dynamic Bandwidth Management mcac unicast bandwidth management, policy enforcement point Security IP address tracking centralized Firewall

3 3

3 3 3

3 3 3

3 3 3

3 3

3 3

BSRs have evolved from their initial role for terminating PPPoX traffic. Most importantly, they increase Average Revenue per User (ARPU) potential by controlling network access and using bandwidth more efficiently, while reducing operational costs. However, the initial cost of implementing a BSR may outweigh the benefits, notably for smaller service providers with relatively few MSANs.

10

Copyright 2010, Juniper Networks, Inc.

WHIte PaPer - Do You Need a Broadband remote access server?

About Juniper Networks


Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at www .juniper .net .

Corporate and Sales Headquarters Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or 408.745.2000 Fax: 408.745.2100 www.juniper.net

APAC Headquarters Juniper Networks (Hong Kong) 26/F, Cityplaza One 1111 Kings Road Taikoo Shing, Hong Kong Phone: 852.2332.3636 Fax: 852.2574.7803

EMEA Headquarters Juniper Networks Ireland Airside Business Park Swords, County Dublin, Ireland Phone: 35.31.8903.600 EMEA Sales: 00800.4586.4737 Fax: 35.31.8903.601

To purchase Juniper Networks solutions, please contact your Juniper Networks representative at 1-866-298-6428 or authorized reseller.

Copyright 2010 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 2000259-002-EN Oct 2010 Printed on recycled paper