Micro and Small branch considerations are far and wide between depending on what is the requirements are. From experiences I have found this to be a nightmare with some vendors. A set solution may not exist or the solutions that do are very expensive and over specced. This post sets out to look at requirements and thoughts of the Branch; emphasis on micro and small.
In the lab I have a EX2200 12 port compact switch with POE and a SRX110 High Memory ADSL2+ firewall. These devices funnily enough are utilised in Juniper’s design solution and considerations document. I am going to take the interesting parts from the book and discuss them here.
First of all we need to define our branch size. Size, in the sense of port density and number of uses, guides us to what branch design we select. Options do change based on branch size including physical, logical, and software considerations.
Note the clear delineation between each sized branch. You can clearly see the port capacity and thought of product placement shines through between Micro and Small. With micro’s port capacity sitting around 5-8, a single SRX110 with ADSL connection would fit the bill. Something a bit larger such as a Small would encompass an SRX firewall and EX series switch.
An SRX in either one of these deployments allows WAN termination, security services (UTM), VPN connectivity, and firewall zoning.
Topologies in the branch
The New Network – Global reach
SRX WAN termination options are sky high
Two devices – a lot of potential
The small considerations
In a micro branch deployment choices need to be made regarding features and what is deployed. From an end-user perspective a micro branch should be like working at headquarters. It should be made clear that branch connectivity for end users provides an end point at a remote location at the expense of some HA/FT and redundancy technologies. From an administration point of view points such as secure connectivity, simplicity are paramount in a micro branch where HA technologies are deployed where possible.
Small branches generally contain a few more end users and considerations change slightly. An end-user will still expect the same things though with a few more people in this branch productivity loss would have a larger impact. Outage avoidance some into consideration for administration. Still, for administrators, important areas such as secure connectivity and simplicity are required. Technical staff will still be remote with local hands providing physical assistance. Design and scoping for High Availability, POE for some end devices, and considerations for High scalability must be thought about. Some small branch could have local server infrastructure which can alter logical network topologies.
Bandwidth and speed requirements
It does help these days that 1000 BASE-T to the desktop is cheaper than ever. Although 90 percent of end points do not require this to the desktop, let alone use it, uplink and total bandwidth needs to be considered.
In a micro and small branch you are limited by the speed of your WAN connection. This generally can vary from 10Mbps to 100Mbps. Both speeds are slower than the devices slowest interface. In a Micro branch end users would have minimal north south and minor east west. A small branch would need to consider north south between the two devices. Aggregation can assist here. If a local server is deployed, then correct placement must be adhered too lest bottlenecks decrease performance.
- Micro – 100/1000 BASE-T connection, aggregation if used; LAG
- Small – 100/1000 BASE-T connection, aggregation used; LAG
Due the collapsed notion of micro and small branches there are additional benefits that may not come to the forefront immediately. In a traditional three-tier access, aggregation, and core design, cons such as complexity, management difficulty, and maintenance increase. Due to the number of devices, it easily can become an issue to maintain budgets to ensure latest and supported hardware. Legacy devices and more management nodes increase capital and operational expenditure.
Build it and they will come
Access layer connectivity services should be considered against features offered by the platform. JUNOS offers a vast array of access-layer technologies that are standard in our industry. Underpinning all these are security and business policies.
I would recommended determining the services running then consider the following.
- Ensure scalability and plan for growth.
- Consider logical separation through VLANs and Zones
- Consider POE and usage budgets where applicable
- High Availability depends on requirements of branch/applications running
- Consider physical HA such as devices and power.
- Link HA including redundant links and aggregation.
- Network HA that utilises software features to provide failover.
Good old spanning-tree less important due to device topology. This is due to the single or dual device topology. If redundant devices are used or HA is required, then design considerations must be made. Larger devices (EX2200-48 or EX3200) can use Virtual Chassis which eliminates the need for STP.
Due to the FIB requirements of the small and micro branch designs, the EX2200 and SRX can easily handle any routing scenarios. The SRX can terminate VPNs and interact with BGP, ISIS, OSPF, and RIP neighbours to form peers. WAN options are extremely flexible including the ability to use VRFs for logical routing security.
High level device placement
Micro branch (SRX)
- SRX acts as collapsed core/aggregation/access
- VPN termination to head office
- WAN termination
- Strong security feature-set
- Moderate L2 switching feature-set
Small branch (SRX+EX2200)
- Higher Availability
- Faster access
- Local server infrastructure (throughput)
- Strong L2/L3 switching feature set
There are some great avenues of thought on branch scenarios and many of which aren’t covered here. It does all depend on your requirements of the site. For an office branch or retail branch the information above can provide insights that may be overlooked. I suggest reading this in its entirety. Juniper’s offering of a micro or small branch is extremely cost-effective. Current prices (no one pays list) put the devices around 700 dollars each which can drop considerably without POE on the EX. You could source both for under 800 depending on contacts. Another benefit of the compact branch design is the silent and fan less operation. In a small or micro branch there isn’t always a dedicated room for networking equipment. In a lockable cabinet the device may reside but a wall or cube might become the MDF. Fan less is definitely a benefit in this case. The rescue configuration button allows the defining of a last known working config. This is great if a central administrator makes a mistake and the local hands to fix.
Considering other offerings on the market that supposedly are affordable and scalable, Juniper offers a game-winning solution for a price that is worth considering. That being said there are a few caveats such as IPv6 ISP DHCP client and the compact model can cause heat concerns in a poor ventilated environment. I did find my SRX with the EX (both compact) stacked on top were quite warm though they ran inside Juniper’s safe operating temperate ranges.
I am lucky enough to run these at home and will eventually show my workings of my home SRX and EX environment. This reflects a small branch though my SLA’s may be different. Those with wives and girlfriends can appreciate the different SLA’s for internet we adhere too!
Additional Reading - Branch LAN Connectivity Design Guide (8020006)
My Disclaimer is here regarding this device. Although my studies and recent works have leant towards a vendor, I am an independent blog who maintains a “right tool for the job” view. I do declare here and with other posts that this Juniper Networks EX2200-12P switch was provided to me by Francois Prowse, on behalf of Juniper Networks. I was not asked for positive, marketed, vendor drivel. I will blog honestly about the platform and my experiences and share what I find, good or bad.