Data Sheet
LN1000 Mobile
Secure Router
Product Overview
Product Description
Military organizations, first
The Juniper Networks® LN1000 Mobile Secure Router is an edge access router that delivers
responders, and transportation
a high-performance routing firewall and intrusion detection service (IDS). Packaged in
providers are not immune to
the standard 4 x 6 x .85 inches VPX form factor, it consumes 35 watts of power or less
the growing global demand for
and weighs less than 1.5 lbs. The Space, Weight, and Power (SWAP) characteristics of
secure and mobile access to
a high-performance network
that provides intelligent voice,
video, and data transport. This
the LN1000 make it ideal for customers who require a secure and rugged network access
router with a small footprint in a transportable package. The LN1000 provides the power of
Juniper’s hardware and Junos OS routing functionality across its 8 x 1GbE interfaces.
demand for high-performance,
The LN1000 addresses the growing demand for a network access presence in military,
secure networking also exists in
first responder and transportation vehicles, mining and exploration equipment, unmanned
networks that support unmanned
aircraft, and power grids. Until now, many of these networks were forced to leverage
surveillance aircraft, exploration
(oil, gas, and mining) equipment,
and energy utility networks for
power monitoring.
The Juniper Networks LN1000
is a secure, high-performance
traditional routing and security boxes that were designed for equipment rack installations
requiring forced air or fans for cooling. These designs did not consider the SWAP
requirements of mobile secure networks. These mobile, and in some instances remote
network endpoints, have a unique set of requirements that only the LN1000 can provide in
a VPX form factor.
router delivered in a small form
The high-performance routing capability of the LN1000 not only provides industry-leading
factor energy efficient package
routing and forwarding performance, but it also solves communications issues associated
that can be embedded in a
with mobile network access devices. A mesh network of LN1000s is able to determine the
customer chassis for portable
most efficient and effective path for network communications across radio networks. It
and transportable router markets,
constantly monitors bandwidth between network hops to ensure that traffic is managed
making it the perfect solution for
even the most demanding mobile
network applications.
appropriately and always gets through—even in networks where available bandwidth from
one point to another can be extremely dynamic due to radio signal interference.
As an edge access device, the LN1000 can be at risk of network attacks. Whether on the
battlefield, on a local public transit bus, or located at a local power substation, the threat
of unwanted network access, network sabotage, and denial-of-service (DoS) attacks
exists. With its integrated firewall and intrusion detection system, the LN1000 ensures
that the network is always up and securely running by denying malicious threats and
unauthorized access or control. The LN1000 VPX packaging provides a conduction cooling
system that allows it to run in harsh environmental conditions without the need for external
fans or forced air cooling systems.
Your ideas. Connected.™
LN1000 Mobile Secure Router
Architecture and Key Components
The key components of the LN1000 are high-performance
routing for mobile networks, security features that include
a firewall and IDS, a small footprint, a conduction cooled
packaging system, and the powerful Juniper Networks Junos®
operating system.
As a Juniper router, the LN1000 is deployed with Juniper routing
hardware, ensuring industry-leading forwarding and routing
Data Sheet
The memory sanitization capability within the LN1000 erases
all information stored in memory upon system reboot. This
capability ensures that all confidential communications traffic
is removed, and it can be used to ensure that hackers are not
able to store information in the memory banks of the LN1000
for future use, or even worse for an attempted attack at a future
point in time.
-- Network attack detection
support even under the harshest network traffic loads. Unlike
-- DoS and DDos protection
traditionally fixed-line or wireless backhaul networks, the
-- TCP reassembly for fragmented packet protection
communication path for mobile networks, whether terrestrial, air,
or sea, is through radio links. These communication links have
-- Brute force attack mitigation
limited bandwidth, are typically bursty in nature, and are subject
-- SYN cookie protection
to dynamic changes to available bandwidth due to Line of
-- Zone-based IP spoofing
Sight (LOS), weather or environmental interference that affects
transmission. The high-performance routing capabilities of the
LN1000 include radio router protocol support that enables the
-- Malformed packet protection
Intrusion Prevention System (IPS)
LN1000 to overcome these difficult mobile networking issues.
• Protocol anomaly detection
The radio router protocols in the LN1000 enable it to establish a
• Stateful protocol signatures
mesh network configuration using extensions to OSPFv3 routing
protocol to include other mobile devices as well as land-based
• IPS attack pattern obfuscation
receivers. The radio router protocols provide real-time monitoring
• Customer signatures creation
of radio hop efficiency and effective available bandwidth. This
• Frequency of updates (daily and emergency)
information is then leveraged by the routing capabilities within
the LN1000 to appropriate direct traffic across the most effective
hop sequence, and when necessary to regulate traffic flow so
that traffic quality of service (QoS) can be maintained.
The LN1000 packaging complies with the VPX standard and
consists of a single 3 U card with a VITA 46 interface weighing
less than 1.5 lbs. The router is approximately the size of a 4 x 6
The LN1000 has hardware-based QoS support, which provides
in. index card. Populated with military grade components, having
consistent routing performance across all 8 x 1 Gbps network
a unique thermal conductive design, and shrunk by Juniper’s
interfaces. This hardware-based QoS will support a QoS
innovative package design, the LN1000 will operate in harsh
hierarchy that provides up to 8 queues of 4 precedence levels,
environments while consuming less that 35 watts of power. And
delivering classification for up to 32 unique DiffServ code point
it can achieve excellent routing performance capability because
(DSCP) values. QoS hierarchy support can be used in military and
of Juniper hardware assisted security and routing features.
first responder networks to establish a network communications
hierarchy as well as message importance and urgency preference.
Junos Operating System
QoS hierarchy in the LN1000 can also be used to provide
All of the routing, security, and control features leverage the
differentiated classifications of service based on network traffic
functionality and quality of Junos OS. In addition to Juniper’s
type in commercial applications.
superior routing software, the LN1000 also can support neighbor
The LN1000 provides a hardware assisted stateful firewall and
IDS solution that is based on the capabilities provided in the
discovery and PPPoE extensions to radio router protocol
to enable unicast and multicast IP broadcast in a mobile
industry-leading Juniper Networks SRX Series Services Gateways.
As a network edge device, the security capabilities within the
LN1000 provide network access protection—whether on the
battlefield, in a first responder network, in energy management
systems, or in remote sensor data networks. The firewall and
IDS systems in the LN1000 provide DoS attack and network
disruption protection in various environments.
LN1000 Mobile Secure Router
Data Sheet
Features and Benefits
VPX 3 U form factor
VITA 46 Interface
Small, single board size makes the LN1000 easily configurable in the customer chassis using an
industry-standard VITA 46 backplane.
Low power requirement
Running with full functionality at less than 35 W, the LN1000 is easily embedded in a moving vehicle,
whether terrestrial, airborne, or at sea, where power is often limited.
SWAP qualities
The exceptional Space, Weight, and Power (SWAP) characteristics (< 1.5 lb, < 35 W, 3 RU x 6.3
in deep) make the LN1000 a unique product for vehicular, airborne, or seaborne units where size,
weight, and power must be kept to a minimum. The clear advantage for the LN1000 is to be able to
deliver full routing functionality, 8 x 1GbE outputs, as well as firewall and IPS security functions in a
small package designed to be easily embedded in a customer chassis that conforms to the VITA 46
The LN1000 is designed with an Intelligent Platform Management Interface (IPMI) for external
commands such as reset, remote power on and off, onboard temperature and voltage sensing, and
status information. IPMI provides an external control capability for a router that is typically embedded
in a constrained space.
RS232 console port
One RS232 console at the front end of the card via RJ45 connector and also mirrored to the
backplane. The RS232 console port can be used to externally monitor operational status as well as to
run the Junos OS CLI while the router is in operation.
IPv4 and IPv6 support
Includes support for forwarding of IPv4/IPv6 packets, IPv4/IPv6 firewall, and intrusion prevention
system (IPS) to ensure scalability on the world’s largest networks.
Junos OS functionality
The LN1000 supports the rich routing and networking functionality of the Junos OS, enabling it to be
easily configured to WAN and LAN routers all running the same OS.
Protocol (4938bis)
Allows the LN1000 to communicate to a radio card for uplink using a PPPoE extension (RFC
4938bis). Support for the protocol enables the LN1000 to monitor available bandwidth on a per-hop
basis, and adjust routing tables and message queues to ensure that traffic is transported effectively
and efficiently.
The LN1000 will support 8 queues per virtual, logical, or physical interface. Each queue can have four
random early detection (RED) classes applied to it. The hardware-based QoS capability ensures
consistent routing performance across all 8 x 1 Gbps Ethernet ports whether QoS is enabled or not.
Hot swap
Supports VITA 46.13 Hot Remove/Insert Specification. The LN1000 can be removed from or inserted
into the backplane while power is applied without damage to either the backplane or to the LN1000.
• 500,000 packets/sec at 64 byte packet size without services enabled
• 200,000 packets/sec at 64 byte packet size with all services enabled (multicast, QoS, firewall,
LN1000 Mobile Secure Router
Data Sheet
Product Capabilities
The Junos OS provides:
Additional security capabilities for the LN1000 include:
• Firewall, zones, screens, policies
• IPv4 and IPv6 support
• Stateful firewall, access control list (ACL) filters
• Static routes
• DoS and distributed denial-of-service (DDoS) protection
• RIPv2
• Replay attack; anti-replay protection
• OSPFv3 address family support
• Content filtering
• OSPFv2/v3
• Tunnels
-- Generic Routing Encapsulation (GRE)
-- IP-in-IP
-- IPsec
• Data Encryption Standard (DES) (56-bit), triple Data
Encryption Standard (3DES) (168-bit), and Advanced
Encryption Standard (AES) (256-bit)
• Message Digest 5 (MD5) and Secure Hash Algorithm 1
(SHA1) authentication
• IPsec Network Address Translation (NAT) traversal
User Authentication and Access Control
• Third-party user authentication (RADIUS)
• RADIUS accounting
• XAUTH VPN, web-based, 802.X authentication
• PKI certificate requests (PKCS 12)
• Certificate authorities supported: VeriSign, Entrust, Microsoft,
RSA Keon, iPlanet, (Netscape), Baltimore, DoD PKI
Address Translation
• Source NAT with Port Address Translation (PAT)
• Static NAT
• Destination NAT with PAT
IP Address Assignment
• Static
• Dynamic Host Configuration Protocol (DHCP), Point-to-Point
over Ethernet (PPPoE) client
• Internal DHCP server
• DHCP relay
Traffic Management Quality of Service (QoS)
• Source-based routing
• Policy-based routing
• Equal-cost multipath (ECMP)
• Reverse path forwarding (RPF)
• Layer 2 VPN (VPLS)
• Layer 3 VPN
• Circuit cross-connect (CCC)
• Translational cross-connect (TCC)
• Internet Group Management Protocol (IGMP v1, v2, and v3)
• IGMP Multicast Listener Discovery (MLD) proxy
• Protocol Independent Multicast (PIM) sparse mode (SM)
• PIM dense mode (DM)
• PIM source-specific multicast (SSM)
• Distance Vector Multicast Routing Protocol (DVMRP)
• Source specific
• Multicast inside IPsec tunnel
• Generic routing encapsulation (GRE)
• Point-to-Point Protocol (PPP)
• Ethernet (media access control and tagged)
Quality of Service
• Packet classification based on IP precedence, DSCP, 802.1p
• 8 queues per logical entity
• 4 drop profiles per queue using Tail RED
• 32 queues per interface
• Guaranteed bandwidth
• Weighted round-robin (WRR) scheduling
• Maximum bandwidth
• 4 priority levels with strict order
• Ingress traffic policing
• Packet marking by precedence, DSCP
• Priority bandwidth utilization
• DiffServ code point marking
High Availability
• Virtual Router Redundancy Protocol (VRRP)
Radio Router Protocols
• RFC 4938
• RFC 4938 – BIS (using rate information to control flows)
• UDP-based radio router protocol (ground to satellite
Command-Line Interface
• Junos OS CLI
LN1000 Mobile Secure Router
Data Sheet
Maximum Performance and Capacity
• Firewall + routing pps (64 byte): 200 Kpps
• AES256+SHA-1/3DES+SHA-1 VPN performance: 250 Mbps
• < 35 W
IInput Voltage
• IPsec VPN tunnels: 1,000
• +3.3 V
• IPS (intrusion prevention system): 250 Mbps
• +5 V
• Connections per second: 9,000
• +3 V Aux
• Maximum concurrent sessions: 128,000
• Maximum security policies: 4,096
• Maximum users supported: Unrestricted
Network Connectivity
• Fixed I/O: 8 x 1 Gbps
• BGP instances: 20
• BGP peers: 32
• BGP routes: 64K
• OSPF instances: 20
• OSPF routes: 64K
• RIP v1 / v2 instances: 20
• VITA ECC4: -40° to 185° F (-40° C to 85° C)
• LN1000-V: Vita ECC3; -58° to 212° F (-50° to +100° C)
• LN1000-CC: Vita ECC2; -40° to 185° F (-40° C to +85° C)
Shock and Vibration
• VITA 47 OS2; 40 g, 11 ms
• VITA 47 V3:
• RIP v2 routes: 64K
-- 5 Hz to 100 Hz PSD increasing 3dB/octave
• Static routes: 64K
-- 100 Hz to 1000 Hz PSD = 0.1g2/Hz
-- 1000 Hz to 2000 Hz PSD decreasing at 6dB/octave
• Concurrent VPN tunnels: 1,000
• Tunnel interfaces: 128
• Maximum number of security zones: 32
• Maximum number of VLANs: 512
Physical and Mechanical
Dimensions (W x H x D)
• Conforms to VITA 48.2 3 U Conduction Cooled Format
(0.85 x 3.94 x 6.3 in; 21.6 x 100 x 160 mm)
• VITA 47: up to 95% RH non-condensing
• VITA 47; ASTM G85, Annex A4 (Salt, SO2 spray)
• VITA 47: 1,500 ft below sea level to 60,000 ft above sea level
• VITA 47: EN61000-4-2; up to 15 KV
• MIL-STD-810F for air, sea, road, and rail
• VITA 46.0 specified connections:
• P0-56 pin Utility Connector; P1, P2 -112 pin signaling
• RJ45 RS232 front console connector
LN1000 Mobile Secure Router
Data Sheet
Juniper Networks Services and Support
About Juniper Networks
Juniper Networks is the leader in performance-enabling services
Juniper Networks is in the business of network innovation. From
that are designed to accelerate, extend, and optimize your
devices to data centers, from consumers to cloud providers,
high-performance network. Our services allow you to maximize
Juniper Networks delivers the software, silicon and systems that
operational efficiency while reducing costs and minimizing
transform the experience and economics of networking. The
risk, achieving a faster time to value for your network. Juniper
company serves customers and partners worldwide. Additional
Networks ensures operational excellence by optimizing the
information can be found at
network to maintain required levels of performance, reliability,
and availability. For more details, please visit
Product Options
The Juniper Networks LN1000-V and LN1000-CC Mobile Secure
Routers are currently available with the VITA 46 interface option.
Ordering Information
The LN1000-V and LN1000-CC can only be ordered through
Juniper’s J-Partner Program. Please contact your local account
representative to order this product.
Corporate and Sales Headquarters
APAC and EMEA Headquarters
Juniper Networks, Inc.
Juniper Networks International B.V.
1133 Innovation Way
Boeing Avenue 240
Sunnyvale, CA 94089 USA
1119 PZ Schiphol-Rijk
Phone: 888.JUNIPER (888.586.4737)
Amsterdam, The Netherlands
or +1.408.745.2000
Phone: +
Fax: +1.408.745.2100
Fax: +
Copyright 2015 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos
and QFabric are registered trademarks of Juniper Networks, Inc. in the United States and other countries.
All other trademarks, service marks, registered marks, or registered service marks are the property of their
respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper
Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
1000285-005-EN Mar 2015
Download PDF
Similar pages