By Chris Hall

     High performance networks are complex. That complexity creates problems. Juniper Networks prides itself on providing the solutions. That's the message that came across loud and clear when EUROTRADE spoke in Hong Kong with Adam Judd, SVP for Juniper Networks in the Asia Pacific.
     How Juniper achieves product differentiation in network switching; how Juniper achieves security across the network; Juniper's presence in the wireless world; the role of MPLS technology; the transition to IPv6 – these are some of the topics raised in this wide-ranging interview.

CH: Juniper offers certain "bread and butter" products for the networking industry, such as switches and routers, where it is up against formidable competition. To differentiate itself, Juniper is going to have to offer innovative products and solutions. Where and how are you doing this with these "standard" product offerings?

AJ: Juniper provides high performance networks, and we define a high performance network as one that is considered central to a business, whether it be a bank, stock exchange or service provider, or any other business that would find it difficult to operate without the network. That's where we have the best chance to insert a Juniper network.
     It's true that switching is a mature technology. However, at Juniper, we add high performance features to switching. Let's take the virtual chassis for example. Before the virtual chassis came on the scene, you would have either a series of standalone switches or a large chassis based switch. With the virtual chassis we take a very modular approach and put it in a very small form factor. On a large campus, for example, the virtual chassis can be distributed, not simply located on one base switch. And that gives you a savings in power consumption and also on your footprint.
     Another example of where Juniper is delivering not just switching but unique solutions is our Infranet Controller, or IC, product, which is part of our Unified Access Control (UAC) solution. The IC serves as the control point for access to every network resource in a LAN or campus network. Many people think of the network perimeter as the thing that needs defending, where attacks from the Internet can come in. But in today's networks, a laptop from a traveling employee or consultant can serve as a vector for attack or infection, and that's where UAC helps protect the network. The IC can direct the network elements ---- like switches and firewalls ---- to not allow access to servers and other sensitive resources until the user has been authenticated and the laptop proven safe and free of worms and viruses.

All platforms under JUNOS
     Another key differentiator for Juniper is that all of our platforms are running under one image of our network operating system, JUNOS. Our competitors, on the other hand, will be running many different versions of an OS across their platforms, and that presents a problem of interoperability across the network. From a management perspective, having only one image of JUNOS is of huge benefit. It's not only of benefit to the enterprise but also to service providers, which we see as a major channel and partner for managed services, and we see managed services as a huge trend across the world.
     As networks become more and more complex, companies are looking more and more at outsourcing aspects of their network to a service provider. Many things have been outsourced, and many more things will be in the future. That is so much easier when the service provider doesn't have to worry about which version of the operating system you're running, and so on. It completely reduces the cost of delivering managed services.

CH: The communications industry seems to be going through something of a wireless ferment, right now, but looking at the Juniper website, I can't see any reference or explanation as to where wireless technology fits in with Juniper's current offerings. Is Juniper in fact a participant in the development of wireless networking, or does Juniper's technology simply co-exist with wireless?

AJ: Juniper does not make air interfaces or radio transmitters. That could be seen as the demarcation point. However, we are interoperable with all wireless standards, and that means we are prevalent in some of the largest wireless networks around the world today, in different areas, but mainly behind the Access Point. From a high end perspective, we work with partnerships to supply wireless network solutions, when it comes from an interface and access perspective. To give you an example, one of the biggest trends, currently, is to mobile packet phone networks. Wireless operators are adding more and more IP cores to their RF network because increasingly what is going across the network is video, and there the transport of choice is IP.
     Many carriers and service providers, though, are both wireless and wireline. They own the whole gamut of delivery, and we see two things happening. We've seen the development of wireless cores inside wireless plays, and we've seen the convergence of wireless and wireline into a single backbone packet network. And that of course is using MPLS technology.

Backhauling to IP
     We are also responsible for many of the MPBNs (mobile packet backbone networks) across Asia ---- Vodafone Australia, China Mobile, SKT ---- we're behind all those networks. So regardless of the technology they're using from an RF perspective, to connect those wireless networks, that backhauls to an IP network, and that backhaul to an IP network is Juniper.
     We're also involved in many WiMAX trials and early deployments, and again when the WiMAX network hits the backbone, it's an IP network. So in Taiwan, for example, it's Juniper who's behind the many WiMAX trials there.
     We are also responsible for many WiFi and wireless mesh deployments. Telstra and PCCW are great examples of where you have wireless hotspots meshed around the city. Again, they're connecting back to an IP network, and again that's Juniper.
     And finally we've got lots of what we call policy and control capabilities. Those come directly from the wireless world through IMS and 3GPP, and all the trials that are going on there in terms of security and performance. We're a part of that.
     What we don't do is compete with companies such as Siemens or NEC. Rather, we provide the backhaul and the IP network in the back end.

CH: The WiMAX trials in Taiwan, are they Fixed WiMAX or Mobile WiMAX or both?

AJ: They're based on the mobile standard 802.16e, so they are able to address both fixed and mobile applications. WiMAX provides high bandwidth longhaul connectivity, and without that you either have to lay fiber or connect to the incumbent carrier, and that of course is not always the preferred option. Within the metro itself, we've seen a lot of investment in 3G, but that isn't going to solve the long-distance issue, and the same would apply to wireless mesh.
     You hear about technology such as Mobile IP, but you come up against problems such as the passing of IP addresses across mobile networks. How do you pass IP addresses when you're roaming from one mesh to another? These are the types of problems where Juniper is at its best, solving the problems in the IP network, the high performance network. We have the intellectual property to solve those problems.

CH: I understand that Juniper takes a layered approach to network security. What innovative technologies and products does Juniper offer that are central to this concept and this approach? Where does the NetScreen-Security Manager fit in, and in what ways is it an innovative addition to a network manager's security options?

AJ: The scenario I outlined earlier, of access to a network from an insecure environment, is a classic example of what we mean by layered security. As you can imagine, in any network there are multiple points where you need security, and there are multiple ways in which you can apply security. If for example, I'm connecting from a cafe, I'm probably connecting via an SSL VPN connection, and that will give me SSL encryption to a Juniper device that will verify who I am and what I'm trying to connect to on the network. However, it's different when I'm connecting from my home, where I have a little Juniper router connecting via my local ISP. In that case, I'm connecting via IPsec encryption, via an IP VPN. Again, when I bring my PC into work, as I did this morning, the first thing that will happen is that the intelligent network will apply UAC security because I'm already inside the network, and it's now looking at my PC and asking, "Where are you going on the network, and were you secure before you came in?" It will then check my PC for virus definitions, and so on, before it lets me be a permanent node on the network.