EX4600 Ethernet Switch
The EX4600 is a compact, scalable, 10GbE solution for enterprise campus distribution deployments and low-density data center top-of-rack environments. The 4600 is cloud-ready and ZTP-enabled, so you can onboard, configure, and manage it with Juniper Mist™ Wired Assurance for improved connected-device experiences. In addition, the Juniper Mist Cloud streamlines deploying and managing your campus fabric, while Mist AI simplifies operations and improves visibility into the performance of connected devices.
Features + Benefits
Juniper Mist Wired Assurance
Claim, configure, and troubleshoot switches with a few clicks. Wired Assurance delivers better experiences for connected devices through AI-powered automation and service-level expectations (SLEs) with Mist’s AI engine and microservices cloud.
The EX Switches provide rich streaming telemetry data to enable the insights for switch health metrics and anomaly detection. Streamline IT operations, reduce mean time to repair, and deliver optimized experiences across wired and wireless.
Virtual Chassis
With Virtual Chassis technology, up to ten interconnected EX4600 switches operate as a single logical device, reducing operational expenses and simplifying management.
MACsec Support
EX4600 switches support IEEE 802.1ae MACsec, providing support for link-layer data confidentiality, data integrity, and data origin authentication.
Secure Campus Fabric
Switches are connected as an IP fabric with EVPN-VXLAN overlay. The IP fabric can extend to connect multiple enterprise buildings, while VXLAN allows stretching Layer 2 (L2) across the network.
Product Description
Featuring up to 72 wire-speed 10GbE small form-factor pluggable and pluggable plus transceiver (SFP/SFP+) ports, and up to 12 wire-speed 40GbE quad SFP+ transceiver (QSFP+) ports in a compact one rack unit (1 U) platform, the Juniper Networks® EX4600 Ethernet Switch delivers 1.44 Tbps of Layer 2 and Layer 3 connectivity to networked devices such as secure routers, servers, and other switches. The EX4600 base switch provides 24 fixed 1GbE SFP/10GbE SFP+ ports1 and 4 fixed 40GbE QSFP+ ports, providing the flexibility to support mixed 1GbE, 10GbE and 40GbE environments. A total of four models are available: two featuring AC power supplies and front-to-back or back-to-front airflow; and two featuring DC power supplies and front-to-back or back-to-front airflow. Each model includes dual power supplies.
All versions feature two expansion slots that can accommodate optional expansion modules, providing tremendous configuration and deployment flexibility for enterprise distribution networks. Two expansion modules are available:
- 8xGBASE/10GBASE SFP/SFP+ fiber expansion module2
- 4x40GbE QSFP+ expansion module3
Hardware
- Switching capacity: 720 Gbps (unidirectional)/1.44 Tbps (bidirectional)
- Layer 2/Layer 3 throughput (maximum with 64 byte packets): 1,071 Mpps (wire speed)
- Weight: 21.7 lb (9.84 kg) with PSUs and fans installed
- Dimensions (HxWxD): 1.72 x17.36 x 20.48 in (4.37 x 44.09 x 52.02 cm)
- Switching mode: Cut-through and store-and-forward
- Front-to-back or back-to-front airflow (for hot aisle/cold aisle deployment)
- Management and rear console port connections
- Predicted mean time between failures (MTBF): 150,000 hours
- Predicted FIT rate: 4,987
Interface Options
- 1GbE SFP: 24(40) (with 10GbE expansion modules)
- 10GbE SFP+: 24(40/72) (with 10GbE expansion modules/with fixed 40GbE ports using breakout cables)
- 40GbE QSFP+: 4(12) (with expansion modules)
- Each fixed QSFP+ port can be configured as a 4x10GbE interface
- Each QSFP+ port can be configured as a 40 Gbps port
- USB port
- Console port
- 2 management ports: 1 RJ-45 and 1 SFP
- Supported transceiver and direct attach cable
- SFP+ 10GbE optical modules
- SFP+ DAC cables: 1/3/5 m direct-attached copper and
1/3/5/7/10 m active direct-attached copper - SFP GbE optical and copper module
- QSFP+ to SFP+ 10GbE direct attach break-out copper
(1/3 m direct-attached copper cable)
Rack Installation Kit
- Versatile four post mounting options for 19-in server rack or datacom rack
Airflow
- Front-to-back and back-to-front cooling
- Redundant variable-speed fans to reduce power draw
Power Supply and Fan Modules
- Dual redundant (1+1) and hot-pluggable power supplies
- 110-240 V single phase AC power
- -36 to -72 V DC power
- Redundant (N+1) and hot-pluggable fan modules for front-to-back and back-to-front airflow
Performance Scale (Unidimensional)
- MAC addresses per system: 288,000*
- VLAN IDs: 4,091
- Number of ports per LAG: 32
- FCoE scale:
- Number of FCoE VLANs/FC virtual fabrics: 4,095
- Firewall filters: 4,000
- IPv4 unicast routes: 128,000 prefixes; 208,000 host routes
- IPv4 multicast routes: 104,000
- IPv6 multicast routes: 52,000
- IPv6 unicast routes: 64,000 prefixes
- Address Resolution Protocol (ARP) entries: 48,000
- Jumbo frame: 9,216 bytes
* MAC address table uses a hash-based scheme to program entries; therefore, some entries may not be programmed due to hash index collision.
Access Control Lists (ACLs)
- Port-based ACL (PACL): Ingress and egress
- VLAN-based ACL (VACL): Ingress and egress
- Router-based ACL (RACL): Ingress and egress
- ACL entries (ACE) in hardware per system:
- Ingress ACL: 1,536
- Egress ACL: 1,024
- ACL counter for denied packets
- ACL counter for permitted packets
- Ability to add/remove/change ACL entries in middle of list (ACL editing)
- L2-L4 ACL
- IPv6 ACL
- Firewall filter on loopback interface
- Firewall filter on management interface
Spanning Tree Protocol (STP)
- Multiple Spanning Tree Protocol (MSTP) instances: 64
- VLAN Spanning Tree Protocol (VSTP) instances: 253
Traffic Mirroring
- Mirroring destination ports per switch: 4
- Maximum number of mirroring sessions: 4
- Mirroring destination VLANs per switch: 4
Layer 2 Features
- STP—IEEE 802.1D (802.1D-2004)
- Rapid Spanning Tree Protocol (RSTP) (IEEE 802.1w); MSTP (IEEE 802.1s)
- Bridge protocol data unit (BPDU) protect
- Loop protect
- Root protect
- RSTP and VSTP running concurrently
- VLAN—IEEE 802.1Q VLAN trunking
- Routed VLAN interface (RVI)
- Port-based VLAN
- MAC address filtering
- GRE tunneling
- QinQ
- VLAN translation
- Static MAC address assignment for interface
- Per VLAN MAC learning (limit)
- MAC learning deactivate
- Link Aggregation and Link Aggregation Control Protocol (LACP) (IEEE 802.3ad)
- IEEE 802.1AB Link Layer Discovery Protocol (LLDP)
- MAC notification
- MAC address aging configuration
- MAC address filtering
- Persistent MAC (sticky MAC)
Link Aggregation
- Multichassis link aggregation (MC-LAG) – Layer 2, Layer 3, VRRP, STP
- Redundant trunk group (RTG)
- LAG load sharing algorithm—bridged or routed (unicast or multicast) traffic:
- IP: SIP, Dynamic Internet Protocol (DIP), TCP/UDP source port, TCP/UDP destination port
- Layer 2 and non-IP: MAC SA, MAC DA, Ethertype, VLAN ID, source port
- FCoE packet: Source ID (SID), destination ID (DID), originator exchange ID (OXID), source port
Layer 3 Features (IPv4)
- Static routing
- Routing policy
- Routing protocols (RIP, OSPF, IS-IS, BGP, MBGP)
- Virtual Router Redundancy Protocol (VRRP)
- Bidirectional Forwarding Detection (BFD) protocol
- Virtual router
- Dynamic Host Configuration Protocol (DHCP) relay
- Proxy Address Resolution Protocol (ARP)
- Multicast Features
- Internet Group Management Protocol (IGMP): v1, v2, v3
- IGMP snooping: v1, v2, v3
- IGMP filter
- PIM-SM
- Multicast Source Discovery Protocol (MSDP)
- Security and Filters
- Secure interface login and password
- RADIUS
- TACACS+
- Ingress and egress filters: Allow and deny, port filters, VLAN filters, and routed filters, including management port filters
- Filter actions: Logging, system logging, reject, mirror to an interface, counters, assign forwarding class, permit, drop, police, mark
- SSH v1, v2
- Static ARP support
- Storm control, port error deactivate, and autorecovery
- Control plane denial-of-service (DoS) protection
- Dynamic ARP inspection (DAI)
- Sticky MAC address
- DHCP snooping
- Filter based forwarding
- IP directed broadcast traffic forwarding
- IPv4 over GRE (encap and decap)
Layer 3 Features (IPv6)
- Static routing
- Routing protocols (RIPng, OSPF v3, IS-IS v6, BGP v6)
- Virtual Router Redundancy Protocol (VRRP v3)
- IPv6 CoS (BA, MF classification and rewrite, scheduling based on TC)
- IPv6 over MPLS LSPs (6PE)
- IPv6 ping
- IPv6 traceroute
- Neighbor discovery protocol
- Path MTU discovery
- SNMP, NTP, DNS, RADIUS, TACACS+, AAA
- Virtual router support for IPv6 unicast
Quality of Service (QoS)
- L2 and L3 QoS: Classification, rewrite, queuing
- Rate limiting:
- Ingress policing: 1 rate 2 color, 2 rate 3 color
- Egress policing: Policer, policer mark down action
- Egress shaping: Per queue, per port
- 12 hardware queues per port (8 unicast and 4 multicast)
- Strict priority queuing (LLQ), smoothed deficit weighted round-robin (SDWRR), weighted random early detection (WRED), weighted tail drop
- 1p remarking
- L2 classification criteria: Interface, MAC address, Ethertype, 802.1p, VLAN
- Congestion avoidance capabilities: WRED
- Trust IEEE 802.1p (ingress)
- Remarking of bridged packets
- Priority-based flow control (PFC)—IEEE 802.1Qbb
- Data Center Bridging Exchange Protocol (DCBX), DCBx FCoE, and iSCSI type, length, and value (TLVs)
- Fibre Channel over Ethernet (FCoE)
- FCoE transit switch (FIP snooping ACL installation)
- Virtual fiber channel gateway
- FCoE session path learning
- FCoE session health monitoring
- Graceful restart for FIP snooping
- FC-BB-6 VN2VN snooping
Virtual Chassis
- 40GbE and 10GbE as Virtual Chassis port
- Virtual Chassis Routing Engine (RE) election
- Virtual Chassis pre-provisioning (plug and play)
- Auto-LAG formation of Virtual Chassis ports
- Mixed Virtual Chassis support between EX4300-EX4600 (in data center only)
- FCoE transit across Virtual Chassis members
- QoS on Virtual Chassis ports
- Local designated forwarding
- Graceful RE switchover (GRES)
- Nonstop routing (NSR)
- Nonstop bridging (NSB)
- Monitor distributed aggregate interface
- Control plane protection for virtual RE
High Availability
- ISSU (in standalone and MC-LAG configuration)
- Bidirectional Forwarding Detection (BFD)
- Uplink failure detection (UFD)
- Graceful Routing Engine switchover (GRES) in Virtual Chassis configuration
- Non-stop bridging (NSB) in Virtual Chassis configuration
- Non-stop routing (NSR) in Virtual Chassis configuration
- Non-stop software upgrade (NSSU) in Virtual Chassis configuration
MPLS
- VRF-Lite
- 2-label stack
- Static label-switched paths (LSPs)
- RSVP-based signaling of LSPs
- LDP-based signaling of LSPs
- LDP tunneling (LDP over RSVP)
- MPLS class of service (CoS)
- MPLS access control list (ACL)/policers
- MPLS LSR support
- Push, swap, pop, IP lookup
- IPv6 tunneling (6PE) (via IPv4 MPLS backbone)
- MPLS Operation, Administration, and Maintenance (OAM)
- LSP ping
- IPv4 L3VPN (RFC 2547, 4364)
- Ethernet-over-MPLS (L2 circuit)
- Layer 3 VPN (L3VPN)
- Layer 2 VPN (L2VPN)
- Link protection
- MPLS fast reroute (FRR)- 1:1 Protection
- Node-link protection
Management and Analytics Platforms
- Juniper Mist Wired Assurance for Campus
- Junos Space Network Director for Campus
- Junos Space®Management
Device Management and Operations
- Junos Web Software (J-Web)
- Role-based CLI management and access
- CLI via console, telnet, or SSH
- Extended ping and traceroute
- Junos OS configuration rescue and rollback
- Image rollback
- SNMP v1/v2/v3
- Junos XML management protocol
- sFlow v5
- DHCP server
- DHCP relay on L2 VLAN & L3 interfaces (with option 82)
- DHCP local server support
- High frequency statistics collection
- Beacon LED for port and system
- Automation and orchestration
- Zero touch provisioning (ZTP)
- OpenStack Neutron Plug-in
- Puppet
- Chef
- Junos OS event, commit, and operations scripts
- Ability to execute scripts written in Python/TCL/Perl
Traffic Mirroring
- Port-based
- LAG port
- VLAN-based
- Filter-based
- Mirror to local
- Local/L2 remote analyzer (SPAN, RSPAN for IPv4 and IPv6 frames)
- Mirror to remote destinations (L2 over VLAN)
- Insight Technology (microburst monitoring and statistics reporting)
Standards Compliance
IEEE Standards
- IEEE 802.1D
- IEEE 802.1w
- IEEE 802.1
- IEEE 802.1Q
- IEEE 802.1p
- IEEE 802.1ad
- IEEE 802.3ad
- IEEE 802.1AB
- IEEE 802.3x
- IEEE 802.1Qbb
- IEEE 802.1Qaz
Supported RFCs
- RFC 768 UDP
- RFC 783 Trivial File Transfer Protocol (TFTP)
- RFC 791 IP
- RFC 792 ICMP
- RFC 793 TCP
- RFC 826 ARP
- RFC 854 Telnet client and server
- RFC 894 IP over Ethernet
- RFC 903 RARP
- RFC 906 TFTP Bootstrap
- RFC 951 1542 BootP
- RFC 1058 Routing Information Protocol
- RFC 1112 IGMP v1
- RFC 1122 Host requirements
- RFC 1142 OSI IS-IS Intra-domain Routing Protocol
- RFC 1256 IPv4 ICMP Router Discovery (IRDP)
- RFC 1492 TACACS+
- RFC 1519 Classless Interdomain Routing (CIDR)
- RFC 1587 OSPF not-so-stubby area (NSSA) Option
- RFC 1591 Domain Name System (DNS)
- RFC 1745 BGP4/IDRP for IP—OSPF Interaction
- RFC 1772 Application of the Border Gateway Protocol in the Internet
- RFC 1812 Requirements for IP Version 4 routers
- RFC 1997 BGP Communities Attribute
- RFC 2030 SNTP, Simple Network Time Protocol
- RFC 2068 HTTP server
- RFC 2131 BOOTP/DHCP relay agent and Dynamic Host
- RFC 2138 RADIUS Authentication
- RFC 2139 RADIUS Accounting
- RFC 2154 OSPF w/Digital Signatures (Password, MD-5)
- RFC 2236 IGMP v2
- RFC 2267 Network ingress filtering
- RFC 2328 OSPF v2 (edge mode)
- RFC 2338 VRRP
- RFC 2362 PIM-SM (edge mode)
- RFC 2370 OSPF Opaque link-state advertisement (LSA) Option
- RFC 2385 Protection of BGP Sessions via the TCP Message Digest 5 (MD5) Signature Option
- RFC 2439 BGP Route Flap Damping
- RFC 2453 RIP v2
- RFC 2474 Definition of the Differentiated Services Field in the IPv4 and IPv6 Headers
- RFC 2597 Assured Forwarding PHB (per-hop behavior) Group
- RFC 2598 An Expedited Forwarding PHB
- RFC 2697 A Single Rate Three Color Marker
- RFC 2698 A Two Rate Three Color Marker
- RFC 2796 BGP Route Reflection—An Alternative to Full Mesh IBGP
- RFC 2918 Route Refresh Capability for BGP-4
- RFC 3065 Autonomous System Confederations for BGP
- RFC 3376 IGMP v3 (source-specific multicast include mode only)
- RFC 3392 Capabilities Advertisement with BGP-4
- RFC 3446 Anycast RP
- RFC 3569 SSM
- RFC 3618 MSDP
- RFC 3623 Graceful OSPF Restart
- RFC 4271 Border Gateway Protocol 4 (BGP-4)
- RFC 4360 BGP Extended Communities Attribute
- RFC 4456 BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP)
- RFC 4486 Subcodes for BGP Cease Notification Message
- RFC 4724 Graceful Restart Mechanism for BGP
- RFC 4812 OSPF Restart Signaling
- RFC 4893 BGP Support for Four-octet AS Number Space
- RFC 5176 Dynamic Authorization Extensions to RADIUS
- RFC 5396 Textual Representation of Autonomous System (AS) Numbers
- RFC 5668 4-Octet AS Specific BGP Extended Community
- RFC 5880 Bidirectional Forwarding Detection (BFD)
- Dynamic Host Configuration Protocol (DHCP) server
24 SFP+/SFP ports, 4 QSFP+ ports, 2 expansion slots, redundant fans, 2 AC power supplies, 2 power cords, 4-post rack mount kit, and front to back airflow
24 SFP+/SFP ports, 4 QSFP+ ports, 2 expansion slots, redundant fans, 2 AC power supplies, 2 power cords, 4-post rack mount kit, and back to front airflow
24 SFP+/SFP ports, 4 QSFP+ ports, 2 expansion slots, redundant fans, 2 DC power supplies, 2 power cords, 4-post rack mount kit, and front to back airflow
24 SFP+/SFP ports, 4 QSFP+ ports, 2 expansion slots, redundant fans, 2 DC power supplies, 2 power cords, 4-post rack mount kit, and back to front airflow
4-port QSFP+ expansion module for EX4600
8-port SPF+/SFP expansion module for EX4600
AC 650 W PSU, front-to-back airflow for EX4600-48S
AC 650 W PSU, back-to-front airflow for EX4600-48S
DC 650 W PSU, front-to-back airflow for EX4600-48S
DC 650 W PSU, back-to-front airflow for EX4600-48S
Back-to-front airflow fan module for EX4600
Front-to-back airflow fan module for EX4600
Blank module for EX4600
1 RU
24 x 1/10GbE and 4 QSFP+ 40GbE plus expansion slots
400 Gbps of near-line encryption
720 Gbps
Virtual Chassis, MC-LAG