Juniper Networks Glossary

Source (S) of the multicast packet and the destination multicast group address (G).

First phase of third-generation (3G) mobile wireless technology for CDMA2000 networks.

Evolutionary phase of third-generation (3G) CDMA2000 networks, divided into two phases: 1XEV-DO (data only) and 1XEV-DV (data and voice).

Juniper Networks designation for the three-dimensional axes of scaling benefits that the programmable Trio chipset brings to MX Series 3D Universal Edge routing: bandwidth scale, subscriber scale, and services scale.

Triple Data Encryption Standard. A 168-bit encryption algorithm that encrypts data blocks with three different keys in succession, achieving a higher level of encryption than standard DES. Data is encrypted with the first key, decrypted with the second key, and encrypted again with the third key. 3DES is often implemented with cipher block chaining (CBC). 3DES is one of the strongest encryption algorithms available for use in virtual private networks (VPNs). Also known as Triple DES.

Third generation of wireless developments, in particular mobile phone standards and technology.

Third-Generation Partnership Project. Created to expedite the development of open, globally accepted technical specifications for the Universal Mobile Telecommunications System (UMTS).

Architecture defined in RFC 6877, 464XLAT: Combination of Stateful and Stateless Translation, that provides limited IPv4 connectivity across an IPv6-only network by combining existing and well-known stateful protocol translation (as described in RFC 6146, Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers) in the core, and stateless protocol translation (as described in RFC 6145, IP/ICMP Translation Algorithm) at the edge. See also CLAT and PLAT.

IPv6 rapid deployment. Mechanism to transmit IPv6 packets to and from an IPv6 end user over an Internet service provider (ISP) IPv4 network that lies between the end user and an IPv6 network (generally the IPv6 Internet). There is no need to configure explicit tunnels.

IPv6 to IPv4. Internet transition mechanism for migrating from IPv4 to IPv6, a system that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 Internet) without the need to configure explicit tunnels.

IEEE specification for wireless LAN (WLAN) technology. The 802.11 standard specifies an over-the-air interface between the wireless clients, base stations, or both, typically in the 2.4 GHz and 5.0 GHz radio bands.

IEEE specification for “Q-in-Q” encapsulation and bridging of Ethernet frames.

IEEE specification for media access control (MAC) address tunneling encapsulation and bridging of Ethernet frames across a Provider Backbone Bridge (PBB).

IEEE specification for enabling Layer 2 switches to prioritize traffic and perform dynamic multicast filtering.

IEEE specification for adding virtual local area network (VLAN) tags to an Ethernet frame.

IEEE specification defining a mechanism that allows a supplicant (client) to connect to a wireless access point or wired switch (authenticator) so that the supplicant can provide authentication credentials that can be verified by an authentication server.

IEEE specification that enables grouping of Ethernet interfaces at the Physical Layer to form a single Link Layer interface, which is also known as a link aggregation group (LAG) or LAG bundle.

IEEE specification defining Ethernet between the subscriber and the immediate service provider. Also known as Ethernet in the first or last mile.

authentication, authorization, and accounting. Process framework used to standardize the control of access to computer resources, enforcement of policies, audit of usage, and ability to report. Authentication determines who the user is and whether to grant that user access to the network. Authorization determines what the user can do by giving you the ability to limit network services to different users. Accounting tracks the user’s activities and provides an audit trail that can be used for billing for connection time or resources used. See also redirected authentication.

Set of characteristics or commands that you can assign to domain names to control access for an incoming Point-to-Point Protocol (PPP) subscriber. You can create an AAA profile and map it between a PPP client’s domain name and certain AAA services on given interfaces and control such things as domain name access to AAA authentication, use of domain name aliases, and other features. If no AAA profile is used, AAA continues as normal. The user’s name and domain name are not changed as a result of an AAA profile mapping.

Asynchronous Transfer Mode (ATM) Adaptation Layer. A collection of protocols that defines the conversion of user information into cells by segmenting upper-layer information into cells at the transmitter and reassembling them at the receiver. These protocols enable various types of traffic, including voice, data, image, and video, to run over an ATM network.

ATM Adaptation Layer 5. One of four AALs recommended by the International Telecommunication Union—Telecommunication Standardization Sector (ITU-T), AAL5 is used predominantly for the transfer of classical IP over ATM, and is the least complex of the current AAL recommendations. It offers low bandwidth overhead and simpler processing requirements in exchange for reduced bandwidth capacity and error recovery capability. It is a Layer 2 circuit transport mode that allows you to send ATM cells between ATM2 IQ interfaces across a Layer 2 circuit-enabled network. You use Layer 2 circuit AAL5 transport mode to tunnel a stream of AAL5-encoded ATM segmentation and reassembly protocol data units (SAR-PDUs) over an MPLS or IP backbone. See also cell-relay mode, Layer 2 circuits, standard AAL5 mode, trunk mode.

• area border router. Router that belongs to more than one area, with interfaces in the OSPF boundary between two or more areas. Both sides of any link always belong to the same OSPF area. See also OSPF.

• available bit rate. Rate used in ATM for traffic sources that demand low loss ratios but can accept larger delays. ABR uses bandwidth not used by constant bit rate (CBR) and variable bit rate (VBR). ABR uses best effort to send the maximum number of cells but does not guarantee cell delivery. See also CBR, VBR.

URL that points to the exact location of a file or directory on the Internet, by name. See also base URL, relative URL.

af interface. Pseudointerface that behaves as a first-class Ethernet interface. An abstracted fabric interface facilitates routing control and management traffic between guest network functions (GNFs) through the switch fabric. Because the fabric is the communication medium between GNFs, abstracted fabric interfaces are considered to be the equivalent WAN interfaces.

access concentrator. Device that receives and forwards data for a network point of presence (POP). It often acts as a server that supports multiple T1 or E1 lines over one port, for example, a Juniper Networks E Series Broadband Services Router that acts as a server in a Point-to-Point Protocol over Ethernet (PPPoE) session.

Authentication method used to prove the identity of a user logging in to the network. When a user logs in, the network access server, wireless access point, or authentication server creates a "challenge," typically a random number sent to the client machine. The client software uses its password or a secret key to encrypt the challenge, using an encryption algorithm or a one-way hash function and sends the result back to the network (the "response"). The authentication system also performs the same cryptographic process on the challenge and compares its result to the response from the client. If they match, the authentication system has verified that the user has the correct password.

AC. Device that receives and forwards data for a network point of presence (POP). It often acts as a server that supports multiple T1 or E1 lines over one port, for example, a Juniper Networks E Series Broadband Services Router that acts as a server in a Point-to-Point Protocol over Ethernet (PPPoE) session.

Sequential collection of permit and deny conditions used to filter inbound or outbound routes. Files that provide filters that can be applied to route maps or distribution lists. They enable policies to be created, such as a policy to prevent forwarding of specified routes between the BGP-4 and IS-IS routing tables.

Authorization and authentication (AA) messages that identify subscribers before the RADIUS server grants or denies them access to the network or network services. When an application requests user authentication, the request must have certain authenticating attributes, such as a user’s name, password, and the particular type of service the user is requesting. This information is sent in the authentication request, using the RADIUS protocol, to the RADIUS server. In response, the RADIUS server grants or denies the request. See also accounting messages.

ANCP. Based on a subset of the General Switch Management Protocol (GSMP) in which IGMP is no longer terminated or proxied at the access node. Instead, IGMP passes through the access node transparently. Also known as Layer 2 control (L2C).

AP. Device that serves as a communication hub to connect 802.1X wireless clients to a wired network.

APN. An element in the header of a GPRS tunneling protocol (GTP) packet that provides information about how to reach a network. It is composed of two elements: a network ID and an operator ID. When Mobile Stations connect to IP networks over a wireless network, the GGSN uses the APN to distinguish among the connected IP networks (known as APN networks). In addition to identifying these connected networks, an APN is also a configured entity that hosts the wireless sessions, which are called Packet Data Protocol (PDP) contexts.

asynchronous control character map. A 32-bit mask that represents control characters with ASCII values 0 through 31. It is an option negotiated by the Link Control Protocol (LCP) and used on asynchronous links such as telephone lines to identify control characters that must be escaped (replaced by a specific two-character sequence) to avoid being interpreted by equipment used to establish the link. See also APN.

Messages that identify service provisions and use on a per-user basis. They keep track of when a particular service is initiated and terminated for a specific user. RADIUS attributes are used by each group of accounting messages. See also access messages.

In RADIUS, the process and method of tracking what the user did and when he did it. Accounting is used for collecting network data related to resource usage, as for an audit trail or for billing for connection time or resources used. See also broadcast accounting server, duplicate accounting server.

Address and Control Field Compression. Compression method that enables routers to transmit packets without the two 1-byte address and control fields (0xff and 0x03) normal for PPP-encapsulated packets, thus transmitting less data and conserving bandwidth. ACFC is defined in RFC 1661, The Point-to-Point Protocol (PPP). See also PFC.

In Junos App Balancer, an action is invoked when an event handler is triggered as the result of a particular event occurring. Possible actions include writing to log files, sending an e-mail message, sending a SYSLOG message or SNMP trap, or running a custom action program.

Feature in the Juniper Networks Network and Security Manager (NSM) user interface that guides you through activating a modeled device.

File maintained by Junos OS containing the configuration that is currently operational on the device. When the candidate configuration is successfully committed after a user issues the commit command, the file becomes the active configuration. See also candidate configuration.

Constituent that is monitored or controlled by the shared shaper mechanism. See also constituent, inactive constituent.

Flow monitoring carried out on the same router that forwards the packets being monitored. In contrast, a passive monitoring router does not forward the packets being monitored—it receives mirrored packets from a router that is performing the forwarding. See also flow monitoring.

Route chosen from all routes in the routing table to reach a destination. Active routes are installed into the forwarding table.

State of a switch route processor (SRP) module whereby data that was synchronized from the active SRP module to the standby SRP module during initialization remains synchronized through mirroring updates. See also SRP.

Set of services or applications that you can configure on an Adaptive Services PIC (AS PIC), including stateful firewall, Network Address Translation (NAT), intrusion detection service (IDS), Internet Protocol Security (IPsec), Layer 2 Tunneling Protocol (L2TP), and voice services. See also tunneling protocol.

ASM. On a Juniper Networks M7i Multiservice Edge Router, provides the same functionality as the AS PIC.

AS PIC. The physical card on which you can configure a set of adaptive services or applications, including stateful firewall, Network Address Translation (NAT), intrusion detection service (IDS), Internet Protocol Security (IPsec), Layer 2 Tunneling Protocol (L2TP), and voice services.

Feature in the NSM user interface that guides you through importing or modeling a new device.

ADM. SONET functionality that allows lower-level signals to be dropped from a high-speed optical connection.

ACFC. Compression method that enables routers to transmit packets without the two 1-byte address and control fields (0xff and 0x03) normal for PPP-encapsulated packets, thus transmitting less data and conserving bandwidth. ACFC is defined in RFC 1661, The Point-to-Point Protocol (PPP). See also PFC.

AFI. Number assigned by IANA used to identify the protocol associated with an address family. In an MP-BGP update message, AFI is used with SAFI to identify the Network Layer protocol associated with the network address of the next hop and the semantics of the NLRI that follows. See also SAFI.

Use of an IP address as a match criterion in a routing policy or a firewall filter.

Represents a component such as a workstation, router, switch, subnetwork, or any other object connected to the network. Use address book objects to specify the network components you want to protect.

In a NAT context, a group of IP addresses from which a NAT router obtains an address when dynamically creating a new translation.

ARP. Protocol for mapping IPv4 addresses to media access control (MAC) addresses; dynamically binds the IP address (the logical address) to the correct MAC address. See also NDP.

Value used in some unicast and multicast IPv6 addresses that identifies the application suitable for the address. See also scope.

Mechanism for creating a one-to-one mapping between any original address in one range of addresses and a specific translated address in a different range.

Technique for creating packets with a source IP address that is not the actual interface address. Attackers can use a spoofed IP address to perform DoS attacks while disguising their true address, or to take advantage of a trusted relationship between two hosts.

Relationship between a pair of selected neighboring routers for exchanging routing information. Not every pair of neighboring routers is adjacent. A given router can have multiple adjacencies, but each adjacency consists of only two routers connected by one media segment. Packets that go between them do not have to pass through any other network devices. See also neighbor.

Logical software table that contains BGP routing information bases received from a specific neighbor.

Logical software table that contains BGP routing information bases to be sent to a specific neighbor.

add/drop multiplexer. SONET functionality that allows lower-level signals to be dropped from a high-speed optical connection.

The administration interface to the Junos App Balancer, accessed through the Web-based user-interface.

Integer (in the range 0–255) that is associated with each route known to a router. The distance represents how reliable the source of the route is considered to be. A lower value is preferred over a higher value. An administrative distance of 255 indicates no confidence in the source; routes with this distance are not installed in the routing table. Also known as route preference.

Accounting mechanism that tracks resource information on a router-wide basis. Prevents requests from being accepted when sufficient resources are not available. Admission control determines whether a setup request can be honored for an MPLS LSP with traffic parameters.

asymmetrical digital subscriber line. Technology that allows data to be sent over existing copper telephone lines, using the public switched telephone network (PSTN). ADSL supports data rates from 1.5 to 9 Mbps when receiving data (downstream rate) and from 16 to 640 Kbps when sending data (upstream rate).

Juniper Networks Physical Interface Module (PIM) that supports Annex A, the portion of ITU-T Rec. G.992.1 that defines how ADSL works over twisted-pair copper (POTS) lines. See ITU-T Rec. G.992.1, ADSL interface.

Juniper Networks Physical Interface Module (PIM) that supports Annex B, the portion of ITU-T Rec. G.992.1 that defines how ADSL works over ISDN lines. See ITU-T Rec. G.992.1, ADSL interface.

asymmetrical digital subscriber line interface. Physical WAN interface that connects a router to a digital subscriber line access multiplexer (DSLAM). The ADSL interface allocates line bandwidth asymmetrically. Downstream (provider-to-customer) data rates can be up to 8 Mbps for ADSL, 12 Mbps for ADSL2, and 25 Mbps for ADSL2+. Upstream (customer-to-provider) rates can be up to 800 Kbps for ADSL and 1 Mbps for ADSL2 and ADSL2+, depending on the implementation.

ADSL interface that supports ITU-T Standard G.992.3 and ITU-T Standard G.992.4. The ADSL2 interface allocates downstream (provider-to-customer) data rates of up to 12 Mbps and upstream (customer-to-provider) rates of up to 1 Mbps.

ADSL interface that supports ITU-T Standard G.992.5 and allocates downstream (provider-to-customer) data rates of up to 25 Mbps and upstream (customer-to-provider) rates of up to 1 Mbps.

AES. Defined in Federal Information Processing Standards (FIPS) PUB 197, the AES algorithm uses keys of 128, 192, or 256 bits to encrypt and decrypt data in blocks of 128 bits. Use AES in your VPNs when you need greater interoperability with other network security devices.

Method used by a router to transmit basic information about itself, including IP address, network mask, and other data, to other devices on the network.

Advanced Encryption Standard. Defined in Federal Information Processing Standards (FIPS) PUB 197. The AES algorithm uses keys of 128, 192, or 256 bits to encrypt and decrypt data in blocks of 128 bits. Use AES in your VPNs when you need greater interoperability with other network security devices.

assured forwarding. A DiffServ component that determines the degree of reliability given a packet within the DiffServ domain. AF values are set as part of per-hop behavior (PHB) groups. See also PHB.

abstracted fabric interface. Pseudointerface that behaves as a first-class Ethernet interface. An abstracted fabric interface facilitates routing control and management traffic between guest network functions (GNFs) through the switch fabric. Because the fabric is the communication medium between GNFs, abstracted fabric interfaces are considered to be the equivalent WAN interfaces.

• address family identifier. Number assigned by IANA used to identify the protocol associated with an address family. In an MP-BGP update message, AFI is used with SAFI to identify the Network Layer protocol associated with the network address of the next hop and the semantics of the NLRI that follows. See also SAFI.

• authority and format identifier. Number that identifies the format and type of address being used.

assured flow rate. A Media Flow Controller option that, when enabled, ensures that video or other media content is delivered at a rate that is minimally needed for the media to play smoothly.

SNMP agent. A managed device, such as a router, that collects and stores management information. The SNMP agent (SNMPv3) recognizes up to 32 usernames that can have one of the following security levels: no authentication and no privacy, authentication only, authentication and privacy.

Single entry in a routing table that represents a combination of groups of routes that have common addresses.

State of a router when it is one of multiple virtual BGP routing instances bundled into one address.

Logical bundle of physical interfaces managed as a single interface with one IP address. Network traffic is dynamically distributed across ports, so administration of data flowing across a given port is done automatically within the aggregated link. Using multiple ports in parallel provides redundancy and increases the link speed beyond the limits of any single port.

Process of accumulating data or logical interfaces into a single, larger bundle (for example, higher-speed connections). The process of combining several different routes in such a way that only a single route advertises itself. This technique minimizes the size of the routing table for the router.

Device that runs Junos OS and manages the Junos fusion. The aggregation device has a connection to each satellite device in the Junos fusion and is responsible for all configuration tasks. See also Junos fusion, satellite device.

Object used to bundle multiple routes under one common route generalized according to the value of the network mask.

Mechanism to accelerate the timeout process when the number of sessions in the session table exceeds a specified high-watermark threshold. When the number of sessions in the table goes below a specified low-watermark threshold, the timeout process returns to normal.

Internet Key Exchange (IKE) phase 1 negotiation mode that is faster than main mode because fewer messages are exchanged between peers and it enables support for fully qualified domain names when the router uses preshared keys. However, aggressive mode is less secure than main mode because it exposes identities of the peers to eavesdropping. See also main mode.

authentication header. Component of the IPsec protocol used to verify that the data integrity of a packet has not changed, and to validate the identity of the sender. See also ESP.

alarm indication signal. Signal transmitted instead of the normal signal to maintain transmission continuity and to indicate to the receiving equipment that a transmission interruption (fault) has occurred either at the equipment originating the AIS signal or upstream of that equipment.

alarm indication signal cell. Type of ATM cell used to indicate a fault to the downstream endpoint.

Signal alerting you to conditions that might prevent normal operation. On the front of the chassis, the alarm signal is the yellow ALARM LED (when lit).

Failure event that triggers an alarm.

AIS. Signal transmitted instead of the normal signal to maintain transmission continuity and to indicate to the receiving equipment that a transmission interruption (fault) has occurred either at the equipment originating the AIS signal or upstream of that equipment.

Seriousness of an alarm. The level of severity of an alarm can be either major (red) or minor (yellow).

Application Layer Gateway, application-level gateway. Security component in a firewall or Network Address Translation (NAT) used to enable certain legitimate applications to pass through a firewall or between NAT realms without being stopped by security checks. It intercepts and analyzes the specified traffic, allocates resources, and defines dynamic policies to permit the traffic to pass securely through the security device.

ATM line interface. Interface between ATM and 3G systems. See also ATM.

List or register of entities that provide a particular privilege, service, mobility, access, or recognition. It includes a profile of checklist attributes that cause an authentication, authorization, and accounting (AAA) server to permit an authentication request. For example, an allowlist profile might allow the phone numbers or IP addresses of the calling stations to be authenticated by the AAA server.

automatic laser shutdown. Laser shutdown performed by an optical inline amplifier (optical ILA) when input power at an input port of the optical ILA falls below the low threshold. See also optical ILA.

APQ. Dequeuing method that has a special queue, similar to strict-priority queuing (SPQ), which is visited only 50 percent of the time. The packets in the special queue still have a predictable latency, although the upper limit of the delay is higher than that with SPQ. Because the other configured queues share the remaining 50 percent of the service time, queue starvation is usually avoided. See also SPQ.

ANSI. Private organization that coordinates the development and use of voluntary consensus standards in the United States and is the United States’ representative to the International Organization for Standardization (ISO). See also ISO.

ASCII. A code for representing English characters as numbers, with each letter assigned a number in the range 0–127.

Automatic Multicast Tunneling. Protocol that provides dynamic multicast connectivity between multicast-enabled networks across islands of unicast-only networks. AMT is described in detail in Internet draft draft-ietf-mboned-auto-multicast-10.txt, Automatic IP Multicast Without Explicit Tunnels (AMT).

Device that receives mirrored traffic from E Series routers during packet mirroring. Also known as mediation device.

IP interface in analyzer mode on E Series routers used to direct mirrored traffic to the analyzer device during packet mirroring.

Access Node Control Protocol. Based on a subset of the General Switch Management Protocol (GSMP) in which IGMP is no longer terminated or proxied at the access node. Instead, IGMP passes through the access node transparently. Also known as Layer 2 control (L2C).

TU-DMT-BIS Standard G.992.3 and ADSL2PLUS Standard G.992.5 that extends the capability of basic ADSL2 by doubling the number of upstream bits.

American National Standards Institute. Private organization that coordinates the development and use of voluntary consensus standards in the United States and is the United States’ representative to the International Organization for Standardization (ISO). See also ISO.

Any software, hardware, or process used to combat the proliferation of unsolicited bulk e-mail (spam) or to keep spam from entering a system.

Software used to detect, delete, or neutralize computer-based viruses or other malware.

Method for detecting and blocking viruses in File Transfer Protocol (FTP), Internet Message Access Protocol (IMAP), Simple Mail Transfer Protocol (SMTP), Hypertext Transfer Protocol (HTTP)—including HTTP webmail—and Post Office Protocol version 3 (POP3) traffic. Juniper Networks offers an internal antivirus scanning solution.

ASM. Method of allowing a multicast receiver to listen to all traffic sent to a multicast group, regardless of its source.

Type of address in IPv6 used to send a packet to one recipient out of a set of recipients or interfaces on different nodes. An anycast transmission sends packets to only one of the interfaces associated with the address, not to all of them; typically to the closest interface, as defined by the routing protocol.

access point. Device that serves as a communication hub to connect 802.1X wireless clients to a wired network.

application programming interface. A set of routines, protocols, and tools for building software applications.

access point name. An element in the header of a GPRS tunneling protocol (GTP) packet that provides information about how to reach a network. It is composed of two elements: a network ID and an operator ID. When Mobile Stations connect to IP networks over a wireless network, the GGSN uses the APN to distinguish among the connected IP networks (known as APN networks). In addition to identifying these connected networks, an APN is also a configured entity that hosts the wireless sessions, which are called Packet Data Protocol (PDP) contexts.

Set of related programs in a network security system that controls the access, input, and output from, to, or by an application. Any of the actions that do not comply with the configured policy of the application firewall are blocked. These firewalls are used to control network traffic and to help prevent distributed denial‐of‐service (DDoS) attacks and other malicious behavior. See also DDoS.

• Seventh and highest level in the seven-layer OSI Reference Model for network protocol design that manages communication between application processes. This layer is the main interface for users to interact with application programs such as electronic mail, database managers, and file-server software. See also OSI Model.

• Fifth and highest level in the five-layer TCP/IP stack. This layer is used by most programs for network communication. Data is passed from the program in an application-specific format, then encapsulated into a Transport Layer protocol.

ALG. Security component in a firewall or Network Address Translation (NAT) used to enable certain legitimate applications to pass through a firewall or between NAT realms without being stopped by security checks. It intercepts and analyzes the specified traffic, allocates resources, and defines dynamic policies to permit the traffic to pass securely through the security device.

API. A set of routines, protocols, and tools for building software applications.

Package that includes signature definitions of known application objects that can be used to identify applications for tracking, firewall policies, and quality-of-service (QoS) prioritization.

Group that contains one or more application signatures that can be used in firewall, NAT, and software-defined WAN (SD-WAN) policies.

ASIC. Specialized processor that performs specific functions on the router.

The scripting language used to write rules for the Junos App Balancer.

A suite of next-generation security capabilities for Juniper Networks SRX Series Services Gateways that utilize advanced application identification and classification to deliver greater visibility, enforcement, control, and protection over the network.

alternate priority queuing. Dequeuing method that has a special queue, similar to strict-priority queuing (SPQ), which is visited only 50 percent of the time. The packets in the special queue still have a predictable latency, although the upper limit of the delay is higher than that with SPQ. Since the other configured queues share the remaining 50 percent of the service time, queue starvation is usually avoided. See also SPQ.

automatic power reduction. Algorithm used by the optical inline amplifier (optical ILA) during recovery after an automatic laser shutdown (ALS) event. When the loss-of-signal (LOS) event is no longer present at the optical ILA input, before returning to the originally set power level, the optical ILA undergoes a transition to a safe, reduced output power level. See also ALS, optical ILA.

Automatic Protection Switching. Technology used by SONET ADMs to protect against circuit faults between the ADM and a router and to protect against failing routers. See also ADM.

assisted replication. Method to transport ingress broadcast, unknown unicast, and multicast (BUM) traffic in an efficient way. In assisted replication, you configure one or more supported devices (AR replicators) to replicate and forward BUM traffic on behalf of provider edge (PE) devices configured as AR leaf devices. See also AR leaf, AR replicator, PE device.

EVPN network device that supports assisted replication (AR) and sends broadcast, unknown unicast, and multicast (BUM) traffic to an available AR replicator device to handle the replication and forwarding of that traffic. Also known as AR client. See also assisted replication, AR replicator.

EVPN network device that replicates and forwards the ingress broadcast, unknown unicast, and multicast (BUM) traffic received from AR leaf devices through an AR overlay tunnel to other overlay tunnels and local attachment circuits. See also assisted replication, AR leaf, attachment circuit.

Routing subdomain that maintains detailed routing information about its own internal composition as well as routing information that allows it to reach other routing subdomains.

• An OSPF area divides the internetwork into smaller, more manageable constituent pieces, reducing the amount of information each router must store and maintain about all other routers. When a router in the area needs information about another device in or out of the area, it contacts a special router that stores this information, called the Area Border Router (ABR).

• In IS-IS, an area corresponds to a Level 1 subdomain.

• In IS-IS and OSPF, a set of contiguous networks and hosts within an autonomous system that have been administratively grouped together.

ABR. Router that belongs to more than one area, with interfaces in the OSPF boundary between two or more areas. Both sides of any link always belong to the same OSPF area. See also OSPF.

Sequence of IP addresses defined by a lower limit and an upper limit, indicating a series of addresses of devices existing within an area.

auto route insertion. Automatic insertion of a static route based on the remote IP address configured in a traffic selector (on SRX Series devices). Also known as reverse route insertion (RRI).

Address Resolution Protocol. Protocol for mapping IPv4 addresses to media access control (MAC) addresses; dynamically binds the IP address (the logical address) to the correct MAC address. See also NDP.

Type of attack in which the attacker gains unauthorized access to a trusted device on a LAN by sending spoofed Address Resolution Protocol (ARP) messages to associate the attacker’s MAC address with the IP address of the trusted device. Consequently, traffic is misdirected and the attacker begins to receive traffic that is intended for the trusted device. The attacker can use ARP spoofing to control network traffic and initiate attacks such as denial-of-service attacks and man-in-the-middle attacks. Also known as ARP poisoning or ARP cache poisoning.

AWG. Device used as an optical multiplexer and demultiplexer in wavelength-division multiplexing (WDM) systems. AWGs in an integrated photonic line card (IPLC) multiplex a large number of wavelengths into a single optical fiber, thereby significantly improving the transmission capacity of the network. See also IPLC.

autonomous system. Set of routers that use the same routing policy while running under a single technical administration (a routing domain). An AS runs interior gateway protocols (IGPs) such as RIP, OSPF, and IS-IS within its boundaries. ASs use exterior gateway protocols (EGPs) to exchange routing information with other ASs. Assigned a globally unique autonomous system number. See also AS number.

OSPF link-state advertisement sent by AS boundary routers to describe external routes that they have detected. These link-state advertisements are flooded throughout the AS (except for stub areas).

autonomous system number. A globally unique number assigned by the IANA that is used to identify an autonomous system (AS). The AS number enables an AS to exchange exterior routing information with neighboring ASs.

autonomous system path. In BGP, the route to a destination. It consists of the AS numbers of all routers that a packet must go through to reach a destination.

Access list used by a BGP routing instance to permit or deny packets sent by neighbor routing instances to the current virtual routing instance.

One of four classes of BGP path attributes: Well-Known Mandatory, Well-Known Discretionary, Optional Transitive, and Optional Non-Transitive.

An identifier for an AS path, it is configured alongside an AS path access list ID.

Adaptive Services Physical Interface Card. The physical card on which you can configure a set of adaptive services or applications, including stateful firewall, Network Address Translation (NAT), intrusion detection service (IDS), Internet Protocol Security (IPsec), Layer 2 Tunneling Protocol (L2TP), and voice services.

autonomous system boundary router. In OSPF, a router that exchanges routing information with routers in other ASs. The ASBR redistributes routing information received from other ASs throughout its own AS.

OSPF link-state advertisement (LSA) sent by an area border router (ABR) to advertise the router ID of an autonomous system boundary router (ASBR) across an area boundary. See also ASBR.

American Standard Code for Information Interchange. A code for representing English characters as numbers, with each letter assigned a number in the range 0–127.

application-specific integrated circuit. Specialized processor that performs specific functions on the router.

• Adaptive Services Module. On a Juniper Networks M7i Multiservice Edge Router, provides the same functionality as the AS PIC.

• any-source multicast. Method of allowing a multicast receiver to listen to all traffic sent to a multicast group, regardless of its source.

AR. Method to transport ingress broadcast, unknown unicast, and multicast (BUM) traffic in an efficient way. In assisted replication, you configure one or more supported devices (AR replicators) to replicate and forward BUM traffic on behalf of provider edge (PE) devices configured as AR leaf devices. Also known as assisted ingress replication. See also AR leaf, AR replicator, PE device.

AFR. A Media Flow Controller option that, when enabled, ensures that video or other media content is delivered at a rate that is minimally needed for the media to play smoothly.

AF. A DiffServ component that determines the degree of reliability given a packet within the DiffServ domain. AF values are set as part of per-hop behavior (PHB) groups. See also PHB.

Quality of Service rate at which bandwidth is guaranteed until oversubscribed.

ADSL. Technology that allows data to be sent over existing copper telephone lines, using the public switched telephone network (PSTN). ADSL supports data rates from 1.5 to 9 Mbps when receiving data (downstream rate) and from 16 to 640 Kbps when sending data (upstream rate).

ACCM. A 32-bit mask that represents control characters with ASCII values 0 through 31. It is an option negotiated by the Link Control Protocol (LCP) and used on asynchronous links such as telephone lines to identify control characters that must be escaped (replaced by a specific two-character sequence) to avoid being interpreted by equipment used to establish the link. See also APN.

ATM. A high-speed multiplexing and switching method utilizing fixed-length cells of 53 octets to support multiple types of traffic.

AAL. A collection of protocols that defines the conversion of user information into cells by segmenting upper-layer information into cells at the transmitter and reassembling them at the receiver. These protocols enable various types of traffic, including voice, data, image, and video, to run over an ATM network.

Instructions for controlling modems, originally developed by Hayes, Inc. for their modems and sometimes called Hayes commands. Each command line begins with AT (an abbreviation of ATtention), signaling that it is a modem command. This command structure is a de facto industry standard for modems, with specific commands varying by manufacturer.

Asynchronous Transfer Mode. A high-speed multiplexing and switching method utilizing fixed-length cells of 53 octets to support multiple types of traffic.

Asynchronous Transfer Mode (ATM) Adaptation Layer, AAL. A collection of protocols that defines the conversion of user information into cells by segmenting upper-layer information into cells at the transmitter and reassembling them at the receiver. These protocols enable various types of traffic, including voice, data, image, and video, to run over an ATM network.

AAL5 mode. One of four AALs recommended by the International Telecommunication Union—Telecommunication Standardization Sector (ITU—T), AAL5 is used predominantly for the transfer of classical IP over ATM, and is the least complex of the current AAL recommendations. It offers low bandwidth overhead and simpler processing requirements in exchange for reduced bandwidth capacity and error recovery capability. It is a Layer 2 circuit transport mode that allows you to send ATM cells between ATM2 IQ interfaces across a Layer 2 circuit-enabled network. You use Layer 2 circuit AAL5 transport mode to tunnel a stream of AAL5-encoded ATM segmentation and reassembly protocol data units (SAR-PDUs) over an MPLS or IP backbone. See also cell-relay mode, Layer 2 circuits, standard AAL5 mode, trunk mode.

Package of information that is always 53 octets long, unlike a frame or packet, which has a variable length.

ALI. Interface between ATM and 3G systems. See also ATM.

Mechanism that enables a single physical ATM interface to support multiple logical interfaces.

Asynchronous Transfer Mode (ATM) interface used to send network traffic through a point-to-point connection to a DSL access multiplexer (DSLAM). ATM-over-ADSL interfaces are intended for asymmetrical digital subscriber line (ADSL) connections only, not for direct ATM connections.

Smallest possible operation; an atomic operation is performed either entirely or not at all. For example, if machine failure prevents a transaction from finishing, the system is rolled back to the start of the transaction, with no changes taking place.

Object used by a BGP router to inform other BGP routers that the local system selected a generalized route.

Fail-safe feature for devices running Juniper Networks ScreenOS Software. If the configuration deployment fails for any reason, the device automatically uses the last installed stable configuration. If the configuration deployment succeeds, but the device loses connectivity to the management system, the device rolls back to the last installed configuration. This minimizes downtime and ensures that NSM always maintains a stable connection to the managed device.

Physical or logical circuit between a provider edge (PE) device and a customer edge (CE) device in an MPLS Layer 2 VPN. See also CE device, PE device.

An attempt to exploit vulnerabilities in computer hardware and software. Depending on the severity, the attack might completely disable your system, allow access to confidential information, or use your network to attack other networks. See also severity.

Object that contains patterns of known attacks that can be used to compromise a network. Use attack objects in your firewall rules to enable security devices to detect known attacks and prevent malicious traffic from entering your network.

Decrease in signal magnitude between two points, which can be along a radio path or a transmission line or between two devices.

AVP. A RADIUS attribute value carried in a RADIUS protocol message. The pair is a combination of a unique attribute—represented by an integer—and a value containing the actual value identified by the attribute.

authentication center. Part of the home location register (HLR) in third-generation (3G) systems; performs computations to verify and authenticate a mobile phone user.

Security device to which an audit log entry sent a directive.

Module of the NSM user interface that displays records of administrative actions. Each audit log includes the date and time the administrative action occurred, the NSM administrator who performed the action, and the domain (global or a subdomain) in which the action occurred.

• In RADIUS, the process of determining who the user is, then determining whether to grant that user access to the network. The primary purpose is to bar intruders from networks. RADIUS authentication uses a database of users and passwords.

• Process that verifies that data is not altered during transmission and ensures that users are communicating with the individual or organization that they believe they are communicating with. See also IPsec.

• Simple Network Management Protocol version 3 (SNMPv3) term related to the user-based security model (USM). Authentication provides the following benefits:

  • Only authorized parties can communicate with each other. Consequently, a management station can interact with a device only if the administrator configured the device to allow the interaction.

  • Messages are received promptly; users cannot save messages and replay them to alter content. This prevents users from sabotaging SNMP configurations and operations. For example, users can change configurations of network devices only if authorized to do so.

AUC. Part of the home location register (HLR) in third-generation (3G) systems; performs computations to verify and authenticate a mobile phone user.

AH. Component of the IPsec protocol used to verify that the data integrity of a packet has not changed, and to validate the identity of the sender. See also ESP.

Feature of SSH that limits the number of times a user can try to correct incorrect information—such as a bad password—in a given connection attempt.

A server that is populated with usernames and passwords to allow individuals to authenticate to the IC Series device and to access protected resources.

Used to set a default authentication server for the global domain and each subdomain, or access an external RADIUS or SecurID system to provide authentication for NSM administrators and remote access server (RAS) users on your network.

AAA. Process framework used to standardize the control of access to computer resources, enforcement of policies, audit of usage, and ability to report. Authentication determines who the user is and whether to grant that user access to the network. Authorization determines what the user can do by giving you the ability to limit network services to different users. Accounting tracks the user’s activities and provides an audit trail that can be used for billing for connection time or resources used. See also redirected authentication.

AFI. Number that identifies the format and type of address being used.

In RADIUS, the process of determining what the user can do by giving a network administrator the ability to limit network services to different users.

ARI. Automatic insertion of a static route based on the remote IP address configured in a traffic selector (on SRX Series devices). Also known as reverse route insertion (RRI).

The vGW Virtual Gateway feature that allows security policies to be attached to virtual machines automatically. Auto-securing VMs streamlines policy application and efficiently ensures security throughout the protected virtual infrastructure. The auto-secure feature allows a user to specify that no VMs are secured, VMs in a specific group are secured, VMs with a policy or ones that are in a policy group are secured, or all VMs are secured.

Method of electing and announcing the rendezvous point-to-group address mapping in a multicast network. Junos OS supports this vendor-proprietary specification. See also RP.

Process that determines the layers of each dynamic interface. Occurs when the router conditionally constructs interface layers based on the encapsulation type of the incoming packet. Also known as autosensing.

Automatic configuration of a device over the network from a preexisting configuration file created and stored on a configuration server—typically a Trivial File Transfer Protocol (TFTP) server. Autoinstallation occurs on a device that is powered on without a valid configuration (boot) file or that is configured specifically for autoinstallation. Autoinstallation is useful for deploying multiple devices on a network.

Feature of Juniper Networks JunosE Software in which the system automatically saves any change to the system configuration to nonvolatile storage (NVS), without affecting the command-line interface (CLI) prompt.

ALS. Laser shutdown performed by an optical inline amplifier (optical ILA) when input power at an input port of the optical ILA falls below the low threshold. See also optical ILA.

AMT. Protocol that provides dynamic multicast connectivity between multicast-enabled networks across islands of unicast-only networks. AMT is described in detail in Internet draft draft-ietf-mboned-auto-multicast-10.txt, Automatic IP Multicast Without Explicit Tunnels (AMT).

Policer that allows you to provide strict service guarantees for network traffic. Such guarantees are especially useful in the context of differentiated services for traffic engineered LSPs, providing better emulation for ATM wires over an MPLS network.

APR. Algorithm used by the optical inline amplifier (optical ILA) during recovery after an automatic laser shutdown (ALS) event. When the loss-of-signal (LOS) event is no longer present at the optical ILA input, before returning to the originally set power level, the optical ILA undergoes a transition to a safe, reduced output power level. See also ALS, optical ILA.

APS. Technology used by SONET ADMs to protect against circuit faults between the ADM and a router and to protect against failing routers. See also ADM.

Broad term that encompasses many levels of automating network functions. Automation can refer to managing virtual resources, physical resources, or both. Network automation capabilities can include configuring and provisioning network devices, spinning up and spinning down network services, managing network devices and services, and enforcing service-level agreements (SLAs). Automation reduces the operational overhead of network configuration, provisioning, and management.

Used by Ethernet devices to configure interfaces automatically. If interfaces support different speeds or different link modes (half duplex or full duplex), the devices attempt to settle on the lowest common denominator.

AS. Set of routers that use the same routing policy while running under a single technical administration (a routing domain). An AS runs interior gateway protocols (IGPs) such as RIP, OSPF, and IS-IS within its boundaries. ASs use exterior gateway protocols (EGPs) to exchange routing information with other ASs. Assigned a globally unique autonomous system number. See also AS number.

ASBR. In OSPF, a router that exchanges routing information with routers in other ASs. The ASBR redistributes routing information received from other ASs throughout its own AS.

OSPF link-state advertisement sent by autonomous system boundary routers to describe external routes that they have detected. These link-state advertisements are flooded throughout the autonomous system (except for stub areas).

AS number. A globally unique number assigned by the IANA that is used to identify an autonomous system (AS). The AS number enables an AS to exchange exterior routing information with neighboring ASs.

In BGP, the route to a destination. The path consists of the autonomous system numbers of all the routers a packet must pass through to reach a destination.

Process that determines the layers of each dynamic interface. Occurs when the router conditionally constructs interface layers based on the encapsulation type of the incoming packet. Also known as autodetection.

ABR. Rate used in ATM for traffic sources that demand low loss ratios but can accept larger delays. ABR uses bandwidth not used by constant bit rate (CBR) and variable bit rate (VBR). ABR uses best effort to send the maximum number of cells but does not guarantee cell delivery. See also CBR, VBR.

attribute-value pair. A RADIUS attribute value carried in a RADIUS protocol message. The pair is a combination of a unique attribute—represented by an integer—and a value containing the actual value identified by the attribute.

arrayed waveguide grating. Device used as an optical multiplexer and demultiplexer in wavelength-division multiplexing (WDM) systems. AWGs in an integrated photonic line card (IPLC) multiplex a large number of wavelengths into a single optical fiber, thereby significantly improving the transmission capacity of the network. See also IPLC.

bearer channel. A 64-Kbps channel used for voice or data transfer on an ISDN interface. See also D-channel.

Backbone source and destination MAC address fields found in the IEEE 802.1ah provider MAC encapsulation header.

broadband remote access server. Application responsible for aggregating the output from digital subscriber line access multiplexers (DSLAMs), providing user PPP sessions and PPP session termination, enforcing QoS policies, and routing traffic into an ISP’s backbone network.

Field defined in the IEEE 802.1ah provider MAC encapsulation header that carries the backbone VLAN identifier information. The format of the B-TAG field is the same as that of the IEEE 802.1ad S-TAG field. See also S-TAG.

Specific VLAN identifier carried in a B-TAG.

behavior aggregate classifier. Method of classification that operates on a packet as it enters the router. The packet header contents are examined, and this single field determines the class-of-service (CoS) settings applied to the packet. See also multifield classifier.

Physical or virtual location that a vendor uses for activities that are not directly related to customers, such as processing orders. See also front office, OSS.

The IP address that a Junos App Balancer machine uses to communicate with a back-end server, or the IP address of a back-end server.

A machine that runs a service, such as a Web or mail server. A back-end server is typically within your local network, and requests handled by the Junos App Balancer are passed on to it. A back-end server together with a specified port forms a node in the Junos App Balancer.

In OSPF, an area that consists of all networks in area ID 0.0.0.0, their attached routers, and all area border routers.

Central network; a network that connects other networks together.

OSPF router with all operational interfaces within area 0.0.0.0.

A mechanism installed on a host computer that facilitates unauthorized access to the system. Attackers who have already compromised a system can install a backdoor to make future attacks easier.

Private link between two routers. OSPF backdoor links typically serve as backup paths, providing a way for traffic to flow from one VPN site to the other only if the path over the backbone is broken. However, when the OSPF backdoor link connects two sites that are in the same OSPF area, the undesired result is that the path over the OSPF backdoor link is always preferred over the path over the backbone.

Hardware component that physically separates front and rear cavities inside the chassis, distributes power from the power supplies, and transfers packets and signals between router components that plug into it. See also redundancy midplane.

OSPF router on a broadcast segment that monitors the operation of the designated router (DR) and takes over its functions if the designated router fails.

Virtual Router Redundancy Protocol (VRRP) router available to take forwarding responsibility if the current primary router fails. See also primary router.

BECN. In a Frame Relay network, a header bit transmitted by the destination device requesting that the source device send data more slowly. BECN minimizes the possibility that packets will be discarded when more packets arrive than can be handled. See also FECN.

Individual dividers and partitions inside a chassis that force cooling air to flow through the device in the optimal manner. A baffle is designed to direct cooling air to where it is needed most.

Range of transmission frequencies a network can use, expressed as the difference between the highest and lowest frequencies of a transmission channel. In computer networks, greater bandwidth indicates a faster data transfer rate capacity.

Policy management that rate-limits a classified packet flow at ingress to enforce ingress data rates below the physical line rate of a port. When the user configures a rate-limit profile, packets are tagged with a drop preference.

In Differentiated Services-aware traffic engineering, determines the value of the available bandwidth advertised by the interior gateway protocols (IGPs).

• Technique to temporarily provide additional capacity on a link to handle bursts in data, videoconferencing, or other variable bit rate applications. Also known as flexible bandwidth allocation.

• On a Services Router, an ISDN cost-control feature defining the bandwidth threshold that must be reached on links before a Services Router initiates additional ISDN data connections to provide more bandwidth.

Feature of JunosE Software that enables line modules to operate at a rate dependent on the resources available rather than having all line modules operate at full line rate performance. Oversubscription enables a much more extensive combination of line modules in the router. See also oversubscription.

BSC. Key network node in third-generation (3G) systems that supervises the functioning and control of multiple base transceiver stations.

BSS. Composed of the base transceiver station (BTS) and base station controller (BSC).

BSSGP. Processes routing and quality-of-service (QoS) information for the base station subsystem (BSS).

BSYS. The physical router used in a Junos node slicing setup. The BSYS owns all the physical components of the router, including the line cards and the switching fabric. The BSYS assigns line cards to guest network functions (GNFs). See also Junos node slicing.

BTS. Mobile telephony equipment housed in cabinets and colocated with antennas. Also known as radio base station.

The leading portion of a URL, omitting the name of the resource requested. As an example, the base URL of //a/b/c/index.html is //a/b/c/. See also absolute URL, relative URL.

Method used to encode digital certificate requests and certificates before they are sent to or from the certificate authority (CA).

Starting point for statistics collection after resetting protocol or application statistics and counters to zero.

Least secure type of traditional Network Address Translation (NAT). Provides translation for IP addresses only and places the mapping into a NAT table. See also NAT.

BRI. ISDN service intended for home and small enterprise applications. ISDN BRI consists of two 64-Kbps B-channels to carry voice or data, and one 16-Kbps D-channel for control and signaling.

BSSID. Identifier that distinguishes each access point within a basic service set. By convention, the MAC address of an access point is used as its BSSID. When multiple access points exist within each WLAN, the BSSID ensures correct identification of each access point and its associated clients. See also SSID and ESSID.

Special purpose computer on a network specifically set up to withstand attacks, generally a hardened system configured with minimal software to support a single network service.

blade bay data. 60-byte text string stored in the JCS1200 management module nonvolatile random access memory (NVRAM) that conveys configuration information to the Routing Engines (blades) in the JCS1200 chassis.

bearer bandwidth limit. Maximum bandwidth available for voice traffic on an interface when dynamic call admission control is configured on the interface. See also dynamic CAC.

BBL. Maximum bandwidth available for voice traffic on an interface when dynamic call admission control is configured on the interface. See also dynamic CAC.

B-channel. A 64-Kbps channel used for voice or data transfer on an ISDN interface. See also D-channel.

Browser Exploit Against SSL/TLS. Leverages weaknesses in cipher block chaining (CBC) to exploit the Secure Sockets Layer (SSL) protocol.

backward explicit congestion notification. In a Frame Relay network, a header bit transmitted by the destination device requesting that the source device send data more slowly. BECN minimizes the possibility that packets will be discarded when more packets arrive than can be handled. See also FECN.

BA classifier. Method of classification that operates on a packet as it enters the router. The packet header contents are examined, and this single field determines the class-of-service (CoS) settings applied to the packet. See also multifield classifier.

Bell Communications Research. Research and development organization created after the divestiture of the Bell System. It is supported by the regional Bell holding companies (RBHCs), which own the regional Bell operating companies (RBOCs).

Algorithm used in distance-vector routing protocols to determine the best path to all routes in the network.

bit error rate. Percentage of received bits in error compared to the total number of bits received.

BIND. Open-source software that implements Domain Name System (DNS) protocols for the Internet. See also DNS.

bit error rate test. Test that can be run on the following interfaces to determine whether they are operating properly: E1, E3, T1, T3, and channelized (DS3, OC3, OC12, and STM1) interfaces.

Traffic class in which the network forwards as many packets as possible in as reasonable a time as possible. By default, packets that are not assigned to a specific traffic class are assigned to the best-effort traffic class.

When multiple routes to a given destination exist, BGP must determine which of these routes is the best. BGP puts the best path in its routing table and advertises that path to its BGP neighbors. If only one route exists to a particular destination, BGP installs that route. If multiple routes exist for a destination, BGP uses tie-breaking rules to decide which one of the routes to install in the BGP routing table.

Scheduler node associated with a logical interface and traffic class group pair, and where the traffic class group contains the best-effort traffic class. Also known as best-effort scheduler node.

Queue associated with the best-effort traffic class for a logical interface.

Scheduler node associated with a logical interface and traffic class group pair, and where the traffic class group contains the best-effort traffic class. Also known as best-effort node.

Bidirectional Forwarding Detection. Protocol that uses control packets and shorter detection time limits to more rapidly detect failures in a network.

Border Gateway Protocol. Exterior gateway protocol (EGP) used to exchange routing information among routers in different autonomous systems. Can act as a label distribution protocol for MPLS.

Routing information that BGP speakers exchange with each other over a BGP session. BGP uses five message types:

• Open BGP messages—Used to establish and negotiate certain parameters for the BGP session after the underlying TCP session has been established.

• Update messages—Used to announce routes to prefixes that the speaker can reach and to withdraw routes to prefixes that it can no longer reach. The most important message in the BGP protocol.

• Keepalive messages—Periodic messages to determine whether the underlying TCP connection is still up.

• Notification messages—Sent to a BGP peer to terminate a BGP session (either because the speaker has been configured to do so or because it has detected some error condition).

• Route-refresh messages—Sent to BGP peers that advertise their route-refresh capability, enabling the BGP speaker to apply modified or new policies to the refreshed routes.

Another device on the network that is running BGP. There are two types of BGP neighbors:

• Internal neighbors—in the same autonomous system

• External neighbors—in different autonomous systems

A reliable connection is required between neighbors and is achieved by creating a TCP connection between the two. The handshake that occurs between the two prospect neighbors evolves through a series of phases or states before a true connection can be made.

BGP neighbor that has been explicitly configured for a BGP speaker. BGP peers do not have to be directly connected to each other to share a BGP session.

Two or more BGP peers that share a common set of update policies. They are grouped together to reduce configuration overhead and to conserve system resources when updates are generated.

Prefix and a set of path attributes. Sometimes referred to as a path, although that term technically refers to one of the path attributes of that route.

TCP connection over which routing information is exchanged according to the rules of the BGP protocol. When two BGP speakers are in the same autonomous system, the BGP session is an internal BGP session, or IBGP session. When two BGP speakers are in different autonomous systems, the BGP session is an external BGP session, or EBGP session. BGP uses the same types of message on IBGP and EBGP sessions, but the rules for when to send and how to interpret each message differ slightly. See also IBGP session, EBGP session.

Router configured to run the BGP routing protocol. Unlike some other routing protocols, BGP speakers do not automatically discover each other and begin exchanging information. Instead, each BGP speaker must be explicitly configured with a set of BGP peers with which it exchanges routing information.

BFD. Protocol that uses control packets and shorter detection time limits to more rapidly detect failures in a network.

Type of NAT that adds support for DNS to basic NAT, allowing public hosts to initiate sessions into the private network, usually to reach servers intended for public access.

Berkeley Internet Name Domain. Open-source software that implements Domain Name System (DNS) protocols for the Internet. See also DNS.

Collection of configuration parameters, including at least an IP address, assigned by a DHCP server to a DHCP client. A binding can be dynamic (temporary) or static (permanent). Bindings are stored in the DHCP server's binding database.

BER. Percentage of received bits in error compared to the total number of bits received.

BERT. Test that can be run on the following interfaces to determine whether they are operating properly: E1, E3, T1, T3, and channelized (DS3, OC3, OC12, and STM1) interfaces.

Use of fields in the header of an IP packet as match criteria in a firewall filter.

A data rate expressed as the number of bits transmitted per second: Kbps (kilobits per second). One bit is 1,024 bytes, so bit rate can also be expressed as KB/s (kilobytes per second).

The bit rate encoding that allows optimal downloads to different bandwidths.

Building Integrated Timing Source (or Supply, or System). Dedicated timing source that synchronizes all equipment in a particular building; a method for distributing precise timing synchronization among telecommunications equipment.

See blocklist.

Routing Engine in the Juniper Networks JCS1200 Control System chassis that runs Junos OS. The JCS1200 chassis holds up to 12 single Routing Engines (or 6 redundant Routing Engine pairs).

BBD. 60-byte text string stored in the JCS1200 management module nonvolatile random access memory (NVRAM) that conveys configuration information to the Routing Engines (blades) in the JCS1200 chassis.

Thin server in a rack, generally dedicated to a single application.

busy lamp field. Light on an IP phone that indicates when other extensions connected to the same private branch exchange (PBX) are busy. When the BLF is configured, the phone subscribes to a resource list, available on the IP PBX, to receive notifications about the status of other extensions. BLF works through the Session Initiation Protocol (SIP) and uses the SUBSCRIBE and NOTIFY messages. In a typical scenario, the IP phone is the subscriber and the IP PBX is the notifier.

Action that blocks certain types of traffic when spam or unsolicited bulk e-mail is detected by the device.

Profile of checklist attributes that cause an AAA server to reject an authentication request. For example, a blocklist profile might cause the rejection of calling station phone numbers or IP addresses that are blocked by the AAA server.

Unpatented, symmetric cryptographic method developed by Bruce Schneier and used in many commercial and freeware software applications. Blowfish uses variable-length keys of up to 448 bits.

broadcast multiaccess. Network on which broadcast or multicast packets can be sent, enabling each device on a network segment to communicate directly with every other device on that segment. See also NBMA.

bootstrap protocol. UDP/IP-based protocol that allows a booting host to configure itself dynamically and without user supervision. BOOTP provides a means to notify a host of its assigned IP address, the IP address of a boot server host, and the name of a file to be loaded into memory and executed. Other configuration information, such as the local subnet mask, the local time offset, the addresses of default routers, and the addresses of various Internet servers, can also be communicated to a host using BOOTP.

Bootstrap protocol (BOOTP) message sent from a BOOTP server to a BOOTP client, providing configuration information. See also BOOTP.

Bootstrap protocol (BOOTP) message sent from a BOOTP client to a BOOTP server, requesting configuration information. See also BOOTP.

Program that loads the operating system for a device at startup.

BOOTP. UDP/IP-based protocol that allows a booting host to configure itself dynamically and without user supervision. BOOTP provides a means to notify a host of its assigned IP address, the IP address of a boot server host, and the name of a file to be loaded into memory and executed. Other configuration information, such as the local subnet mask, the local time offset, the addresses of default routers, and the addresses of various Internet servers, can also be communicated to a host using BOOTP.

Single router in a multicast network responsible for distributing candidate rendezvous point information to all PIM-enabled routers.

BGP. Exterior gateway protocol (EGP) used to exchange routing information among routers in different autonomous systems. Can act as a label distribution protocol for MPLS.

Computer (robot) connected to a network (net) that communicates with other similar machines to complete repetitive tasks and objectives. These objectives are often malicious in nature, compromising the computer network. A botnet might, for example, automatically transfer malware or spam, or launch distributed denial-of-service attacks, without your knowledge. See also distributed denial-of-service attack.

Real-time clock that operates as a combination of the primary and client clocks in a PTP operation. The boundary clock endpoint acts as a client clock for the primary clock, and also acts as the primary clock for all the client clocks reporting to the boundary endpoint.

bridge protocol data unit. Spanning Tree Protocol hello packet that is sent out at intervals to exchange information across bridges and detect loops in a network topology.

Navigation aid in user interfaces that provides a trail for users to navigate back to the parent webpages. Breadcrumbs are typically displayed near the top of the page, either left-to-right or right-to-left. Breadcrumbs take the form starting page > subcategories or selections the user has made to get to the current page > name of the current page. Also known as cookie crumbs or locator links.

Basic Rate Interface. ISDN service intended for home and small enterprise applications. ISDN BRI consists of two 64-Kbps B-channels to carry voice or data, and one 16-Kbps D-channel for control and signaling.

• Network component defined by the IEEE that forwards frames from one LAN segment or VLAN to another. The bridging function can be contained in a router, a LAN switch, or another specialized device. A bridge operates at Layer 2 of the OSI Reference Model. See also switch.

• Device that uses the same communications protocol to connect and pass packets between two network segments.

Set of logical ports that share the same flooding or broadcast characteristics. As in a virtual LAN, a bridge domain spans one or more ports of multiple devices. By default, each bridge domain maintains its own forwarding database of MAC addresses learned from packets received on ports belonging to that bridge domain. See also broadcast domain, VLAN.

The vGW Virtual Gateway mode in which the installation runs as a virtual machine and bridges two virtual switches, for secure connections. It is the only installation option for environments running versions of ESX prior to vSphere 4.0. This deployment produces a vGW Security VM that is referred to as the bridge firewall VM.

Collection of bridge interfaces stacked on Ethernet Layer 2 network interfaces (ports) to form a broadcast domain. Each bridge group has its own set of forwarding tables and filters and functions as a logical transparent bridging device.

Association of one or more network interfaces with a bridge group. Also known as bridge interface.

BPDU. Spanning Tree Protocol hello packet that is sent out at intervals to exchange information across bridges and detect loops in a network topology.

Link Layer protocol that allows multiple upper-layer interface types (IP, PPPoE, and CBF) to be simultaneously multiplexed over the same interface.

Link Layer protocol used to manage IP packets that are encapsulated inside an Ethernet frame running over a permanent virtual circuit (PVC).

BYOD. Practice of having employees use their own computing devices—such as smartphones, laptops, and tablets—in the workplace for connectivity to and use on the secure corporate network.

B-RAS. Application responsible for aggregating the output from digital subscriber line access multiplexers (DSLAMs), providing user PPP sessions and PPP session termination, enforcing QoS policies, and routing traffic into an ISP’s backbone network.

BSR. A router used for subscriber management and edge routing.

Operation of sending network traffic from one network node to all other network nodes.

In RADIUS, server that sends the accounting information to a group of virtual routers. An accounting virtual router group can contain up to four virtual routers, and the E Series router supports a maximum of 100 virtual router groups. The accounting information continues to be sent to the duplicate accounting virtual router, if one is configured. You might use broadcast accounting to send accounting information to a group of your private accounting servers. See also duplicate accounting server.

IPv4 type of address that enables a device to send a packet to all hosts on a subnetwork.

Circuits that use designated routers and are represented as virtual nodes in the network topology. They require periodic database synchronization. By default, IS-IS treats the broadcast link as LAN media and tries to bring up the LAN adjacency even when the interface is configured as unnumbered or only a single neighbor exists on that link. See also point-to-point circuits.

Logical division of a computer network, in which all nodes can reach each other by broadcast at the Data Link Layer.

BMA. Network on which broadcast or multicast packets can be sent, enabling each device on a network segment to communicate directly with every other device on that segment. See also NBMA.

Network of many routers that can send, or broadcast, a single physical message to all the attached routers. Pairs of routers on a broadcast network are assumed to be able to communicate with each other. On broadcast networks, the OSPF router dynamically detects its neighbor routers by sending hello packets to the multicast address 224.0.0.5. The hello protocol elects a designated router and a backup designated router for the network. Ethernet is an example of a broadcast network.

BUM. A type of Layer 2 traffic.

BEAST. Leverages weaknesses in cipher block chaining (CBC) to exploit the Secure Sockets Layer (SSL) protocol.

base station controller. Key network node in third-generation (3G) systems that supervises the functioning and control of multiple base transceiver stations.

broadband services router. A router used for subscriber management and edge routing.

• base station subsystem. Composed of the base transceiver station (BTS) and base station controller (BSC).

• business support systems. In telecommunications, software applications that service providers use for front-office activities, such as billing and call-center automation. See also front office, OSS.

Base Station System GPRS Protocol. Processes routing and quality-of-service (QoS) information for the BSS.

basic service set identifier. Identifier that distinguishes each access point within a basic service set. By convention, the MAC address of an access point is used as its BSSID. When multiple access points exist within each WLAN, the BSSID ensures correct identification of each access point and its associated clients. See also SSID and ESSID.

base system. The physical router used in a Junos node slicing setup. The BSYS owns all the physical components of the router, including the line cards and the switching fabric. The BSYS assigns line cards to guest network functions (GNFs). See also Junos node slicing.

base transceiver station. Mobile telephony equipment housed in cabinets and colocated with antennas. Also known as radio base station.

Memory space for handling data in transit. Buffers compensate for differences in processing speed between network devices by temporarily handling bursts of data until they can be processed by slower devices.

Event that occurs when a program or process attempts to store more data in a buffer than the buffer was intended to hold. Buffers provide temporary data storage and are designed to contain a finite amount of data; any additional data can overflow the buffer zone and attempt to enter nearby buffers, corrupting or overwriting that buffer’s existing data.

BITS. Dedicated timing source that synchronizes all equipment in a particular building; a method for distributing precise timing synchronization among telecommunications equipment.

broadcast, unknown unicast, and multicast. A type of Layer 2 traffic.

• Multiple physical links of the same type, such as multiple asynchronous lines, or physical links of different types, such as leased synchronous lines and dial-up asynchronous lines.

• Collection of software that makes up a Junos OS release.

BSS. In telecommunications, software applications that service providers use for front-office activities, such as billing and call-center automation. See also front office, OSS.

BLF. Light on an IP phone that indicates when other extensions connected to the same private branch exchange (PBX) are busy. When the BLF is configured, the phone subscribes to a resource list, available on the IP PBX, to receive notifications about the status of other extensions. BLF works through the Session Initiation Protocol (SIP) and uses the SUBSCRIBE and NOTIFY messages. In a typical scenario, the IP phone is the subscriber and the IP PBX is the notifier.

bring your own device. Practice of having employees use their own computing devices—such as smartphones, laptops, and tablets—in the workplace for connectivity to and use on the secure corporate network.

Carries traffic for an LSP whose link-protected interface has failed. A bypass LSP uses a different interface and path to reach the same destination.

Single label-switched path (LSP) used to back up a set of LSPs by bypassing specific links in the LSP. In the event of a failure in any link of the protected RSVP-TE LSP (the primary LSP), MPLS redirects traffic to the associated bypass tunnel in tens of milliseconds.

CFP transceiver. 100-Gbps form-factor pluggable transceiver that provides support for fiber-optic cables with built-in clock recovery circuits. (The C stands for centum, or 100.)

Command-and-Control server. Centralized computer that issues commands to botnets (compromised networks of computers) and receives reports back from them. Botnets can be used to gather sensitive information, such as account numbers or credit card information, or to participate in a distributed denial-of-service (DDoS) attack.

customer VLAN. A stacked VLAN, defined by IEEE 802.1ad, that contains an outer tag corresponding to the S-VLAN and an inner tag corresponding to the C-VLAN. A C-VLAN often corresponds to customer premises equipment (CPE). Scheduling and shaping is often used on a C-VLAN to establish minimum and maximum bandwidth limits for a customer. See also S-VLAN.

certificate authority. A trusted third-party organization that creates, enrolls, validates, and revokes digital certificates. The CA guarantees a user’s identity and issues public and private keys for message encryption and decryption (coding and decoding).

• call admission control (MPLS). Bandwidth and bandwidth-related resource monitoring and accounting facility that determines whether a setup request can be honored for an MPLS LSP with traffic parameters.

• connection admission control (ATM). Set of actions that the network takes during connection setup or renegotiation. ATM networks use CAC to determine whether to accept a connection request, based on whether allocating the connection’s requested bandwidth would cause the network to violate the traffic contracts of existing connections.

A server that participates in the resource public key infrastructure. It downloads and validates route authorization origins using protocols It exports route validation records to the router over TCP, using the protocol defined in the Internet draft draft-ietf-sidr-rpki-rtr-24, The RPKI/Router Protocol. See also ROA and RPKI.

Cooperative Association for Internet Data Analysis. Association that provides tools and analyses promoting the engineering and maintenance of a robust, scalable Internet infrastructure. One tool, cflowd, allows you to collect an aggregate of sampled flows and send the aggregate to a specified host that runs the cflowd application available from CAIDA.

CAC. Bandwidth and bandwidth-related resource monitoring and accounting facility that determines whether a setup request can be honored for an MPLS LSP with traffic parameters.

CDR. Contains data unique to a specific call, such as origination, termination, length, and time of day.

Alternative feature to dial-in that enables a device to call back the caller from the remote end of a backup ISDN connection. Instead of accepting a call from the remote end of the connection, the router rejects the call, waits a configured period of time, and calls a number configured on the router’s dialer interface. See also dial-in.

Telephone number of the caller on the remote end of a backup ISDN connection, used to dial in and also to identify the caller. During dial-in, the router matches the caller ID of the incoming call against all caller IDs configured on its dialer interfaces, and accepts only those calls whose caller IDs are configured.

content-addressable memory. Memory chip in which content is compared in each bit cell, allowing for very fast table lookups.

centralized automatic message accounting. Recording of toll calls at a central point.

Customized Applications of Mobile Enhanced Logic. An ETSI standard for GSM networks that enhances the provision of Intelligent Network services.

File maintained by Junos OS containing changes to the device’s active configuration. This file becomes the active configuration when a user issues the commit command. See also active configuration.

Information sent by routers in a multicast network when they are configured as a local rendezvous point (RP). This information is unicast to the bootstrap router for the multicast domain.

Enables devices to communicate without having prior knowledge of the capabilities of the remote entity. This method is used by BGP peers to determine whether they share the same capabilities, and whether the session will be maintained or terminated, given the respective capabilities of the peers. BGP speakers advertise their capabilities in BGP open messages.

Virtual private network (VPN) service provided to a network service provider that supplies Internet or VPN service to an end customer, establishing a two-tiered relationship between a provider carrier and a customer carrier. The provider carrier provides a VPN backbone network for the customer carrier (Tier 1). The customer carrier, in turn, provides Layer 3 VPN or Internet services to its end customers (Tier 2). For a carrier-of-carriers VPN, the customer’s sites are configured within the same autonomous system (AS).

In a Junos fusion, the port on the aggregation device that connects the aggregation device to the satellite device. See also aggregation device, extended ports, Junos fusion, satellite device.

A central repository for objects that you can apply to your services. There are catalogs for rules, monitors, service protection classes, and various SSL items.

Control Board. On a Juniper Networks T640 Core Router routing node, part of the host subsystem that provides control and monitoring functions for router components.

cipher block chaining. A mode of encryption using 64 or 128 bits of fixed-length blocks in which each block of plain text is XORed with the previous cipher text block before being encrypted. See also XOR.

connection-based forwarding. A method of forwarding frames in which forwarding decisions are made using only the identity of the ingress interface. No part of a packet’s contents is used to determine how a packet should be forwarded.

constant bit rate. An ATM service category that supports a constant and guaranteed rate to transport services such as video or voice, as well as circuit emulation, requiring rigorous timing control and performance parameters. For ATM1 and ATM2 IQ interfaces, data is serviced at a constant, repetitive rate. CBR is used for traffic that does not need to periodically burst to a higher rate, such as nonpacketized voice and audio.

continuity check cells. Cells that provide continual monitoring of a connection on a segment or from end to end.

circuit cross-connect. Junos OS feature that allows you to configure transparent connections between two circuits. A circuit can be a Frame Relay DLCI, an ATM virtual channel (VC), a PPP interface, a Cisco HDLC interface, or an MPLS label-switched path (LSP).

International Telegraph and Telephone Consultative Committee. Now known as ITU-T (Telecommunication Standardization Sector), organization that coordinates standards for telecommunication on behalf of the ITU (International Telecommunication Union). The ITU is a United Nations specialized agency. ITU-T is a subcommittee of ITU. See also ITU-T.

code division multiple access. Digital cellular technology that uses spread-spectrum techniques for digital transmission of radio signals, for example, between a mobile telephone and a base transceiver station (BTS). Unlike competing systems that use TDMA (time division multiple access), such as GSM (Global System for Mobile Communications), CDMA does not assign a specific frequency to each user. Instead, every channel uses the full available spectrum. Individual conversations are encoded with a pseudo-random digital sequence. CDMA consistently provides better capacity for voice and data communications than other commercial mobile technologies, allowing more subscribers to connect at any given time.

Radio transmission and backbone technology standards for the evolution to third-generation (3G) mobile networks.

content delivery network, content distribution network. A system of computers networked together across the Internet that cooperate transparently to deliver content to end users, most often for the purpose of improving performance, scalability, and cost efficiency.

Call Detail Record. Contains data unique to a specific call, such as origination, termination, length, and time of day.

cell delay variation. Difference between a cell’s expected and actual transfer delay. CDV determines the amount of jitter. Also known as cell jitter. (JunosE QoS term)

cell delay variation tolerance. Acceptable tolerance of CDV (jitter). (JunosE QoS term)

customer edge. Customer router connected to the service provider network.

customer edge device. Router or switch in the customer’s network that is connected to a service provider’s provider edge (PE) router and participates in a Layer 3 VPN.

CDV. Difference between a cell’s expected and actual transfer delay. CDV determines the amount of jitter. Also known as cell jitter. (JunosE QoS term)

CDVT. Acceptable tolerance of CDV (jitter). (JunosE QoS term)

CLP. ATM cell bit that communicates the loss priority of the payload. A value of zero (0) specifies that the cell not be discarded if it encounters congestion as it moves through the network. A value of one (1) specifies that the network can drop the cell when congestion is encountered.

Data transmission technology based on the use of small, fixed-size packets (cells) that can be processed and switched in hardware at high speeds. Cell relay is the basis for many high-speed network protocols, including ATM and IEEE 802.6.

Physical transmission capacity used by header information when sending data packets in an ATM network. Each ATM cell uses a 5-byte header.

Layer 2 circuit transport mode that sends ATM cells between ATM2 intelligent queuing (IQ) interfaces over an MPLS core network. You use Layer 2 circuit cell-relay transport mode to tunnel a stream of ATM cells over an MPLS or IP backbone. See also AAL5 mode, Layer 2 circuits, standard AAL5 mode, trunk mode.

Community Enterprise Operating System. Free Linux distribution built from the open-source code of Red Hat Enterprise Linux (RHEL).

CMC. A feature of the Juniper Networks Media Flow Controller management interface that allows you to push configurations to a number of Media Flow Controllers from a central interface.

CO. Local telephone company building that houses circuit switching equipment used for subscriber lines in a given area.

CPU. Hardware component in a computer that executes instructions from memory, performing arithmetic and logical operations as required.

CAMA. Recording of toll calls at a central point.

Electronic document that binds a person or entity to a public key using a digital signature.

CA. A trusted third-party organization that creates, enrolls, validates, and revokes digital certificates. The CA guarantees a user’s identity and issues public and private keys for message encryption and decryption (coding and decoding).

CRL. List of digital certificates that have been invalidated, including the reasons for revocation and the names of the entities that issued them. A CRL prevents use of digital certificates and signatures that have been compromised.

CSR. A request created from a self-signed certificate. You can submit the CSR to a certificate authority for them to sign.

Compact Forwarding Engine Board. In Juniper Networks M7i and M10i Multiservice Edge Routers, CFEB provides route lookup, filtering, and switching to the destination port.

Application available from CAIDA that collects an aggregate of sampled flows and sends the aggregate to a specified host running the cflowd application.

connectivity fault management. End-to-end per-service-instance Ethernet layer operation, administration, and management (OAM) protocol. CFM includes proactive connectivity monitoring, fault verification, and fault isolation for large Ethernet metropolitan-area networks.

C form-factor pluggable transceiver. 100-Gbps form-factor pluggable transceiver that provides support for fiber-optic cables with built-in clock recovery circuits. (The C stands for centum, or 100.)

CHAP. Server-driven, three-step authentication of remote users that depends on a shared secret password that resides on both the server and the client. See also PAP.

CoA. RADIUS messages that dynamically modify session authorization attributes, such as data filters.

Communication circuit linking two or more devices, providing an input/output interface between a processor and a peripheral device or between two systems. A single physical circuit can consist of one or many channels, or two systems carried on a physical wire or wireless medium. For example, the dedicated channel between a telephone and the central office (CO) is a twisted-pair copper wire. See also frequency-division multiplexed channel, time-division multiplexed channel.

Combination of DS0 interfaces partitioned from a channelized interface into a single logical bundle.

CSU/DSU. A channel service unit connects a digital phone line to a multiplexer or other digital signal device. A data service unit connects data terminal equipment (DTE) to a digital phone line.

A 2.048 Mbps interface that can be configured as a single clear channel E1 interface or channelized into as many as 31 discrete DS0 interfaces. On most channelized E1 interfaces, time slots are numbered from 1 through 32, and time slot 1 is reserved for framing. On some legacy channelized E1 interfaces, time slots are numbered from 0 through 31, with time slot 0 reserved for framing.

Wideband interface divided into many smaller channels to carry different streams of data. It is a subdivision of a larger interface, minimizing the number of PICs or Physical Interface Modules (PIMs) that an installation requires. On a channelized PIC or PIM, each port can be configured as a single clear channel or partitioned into multiple discrete T3, T1, E1, and DS0 interfaces, depending on the size of the channelized PIC or PIM.

A 1.544 Mbps interface that can be configured as a single clear channel T1 interface or channelized into as many as 24 discrete DS0 interfaces. Time slots are numbered from 1 through 24.

Challenge Handshake Authentication Protocol. Server-driven, three-step authentication of remote users that depends on a shared secret password that resides on both the server and the client. See also PAP.

Predefined alarm triggered by a physical condition on the device such as a power supply failure, excessive component temperature, or media failure.

Physically connected and configured devices that provide redundancy and ensure service continuity in the event of partial or complete device failure. Chassis clusters provide a resilient system architecture, synchronizing session and kernel states across control and data planes to prevent a single point of failure from disabling the network.

chassisd. Junos OS process responsible for managing the interaction of the router’s physical components.

chassis daemon. Junos OS process responsible for managing the interaction of the router’s physical components.

computed historical datapoints. Traffic samples that have been computed in some manner, such as summation and averaging.

Open-source automation software used by IT teams to manage large-scale deployments of complex compute resources (servers).

Classless Interdomain Routing, classless routing. Addressing method that interprets an IP address in two parts: a prefix that identifies the network, followed by notation that indicates the host address and mask; for example, 10.12.8.3/16. CIDR replaces the traditional class structure of IP addresses, in which address allocations were based on octet (8-bit) boundary segments of the 32-bit IP address. In CIDR, the boundary between the network and host portions of an IP address can be on any bit boundary and they have no class restrictions, enabling more efficient use of the IP address space.

Connector Interface Panel. Panel that contains connectors for the Routing Engines, BITS interfaces, and alarm relay contacts on some M Series and T Series routers.

CBC. A mode of encryption using 64 or 128 bits of fixed-length blocks in which each block of plain text is XORed with the previous cipher text block before being encrypted. See also XOR.

committed information rate. Specifies the average rate at which packets are admitted to the network. Each packet is counted as it enters the network. Packets that do not exceed the CIR are marked green, which corresponds to low loss priority. Packets that exceed the CIR but are below the peak information rate (PIR) are marked yellow, which corresponds to medium loss priority. See also trTCM, PIR.

CCC. Junos OS feature that allows you to configure transparent connections between two circuits. A circuit can be a Frame Relay DLCI, an ATM virtual channel (VC), a PPP interface, a Cisco HDLC interface, or an MPLS label-switched path (LSP).

Generic proxy (intermediary cache or relay between a Web client and a webserver) that is not associated with a specific application; instead, a circuit-level proxy can support multiple applications.

Cisco High-Level Data Link Control. Bit-oriented synchronous Data Link Layer protocol that governs information transfer. Developed by ISO, it specifies a data encapsulation method on synchronous serial links using frame characters and checksums. It is a protocol that has been implemented by many different network equipment vendors. See also SLARP.

Cisco HDLC. Bit-oriented synchronous Data Link Layer protocol that governs information transfer. Developed by ISO, it specifies a data encapsulation method on synchronous serial links using frame characters and checksums. It is a protocol that has been implemented by many different network equipment vendors. See also SLARP.

Message advertised into a multicast network by a router configured as a local rendezvous point (RP) in an auto-RP network. A Cisco-RP-Announce message is advertised in dense-mode PIM to the 224.0.1.39 multicast group address.

Message advertised by the mapping agent in an auto-RP network. A Cisco-RP-Discovery message contains the rendezvous point (RP) to multicast group address assignments for the domain. It is advertised in dense-mode PM to the 224.0.1.40 multicast group address.

International Special Committee on Radio Interference. An International Electrotechnical Commission (IEC) committee whose principal task is to prepare standards that offer protection of radio reception from interference sources at the higher end of the frequency range (from 9 kHz and above), such as electrical appliances of all types; the electricity supply system; industrial, scientific, and electromedical RF; broadcasting receivers (sound and TV); and IT equipment (ITE).

common and internal spanning tree. Single spanning tree calculated by the Spanning Tree Protocol (STP) and the Rapid Spanning Tree Protocol (RSTP) and the logical continuation of that connectivity through multiple spanning-tree (MST) bridges and regions, calculated to ensure that all LANs in the bridged LAN are simply and fully connected. See also MSTI.

classifier control list. Specifies the criteria by which the router defines a packet flow.

CoS. Method of classifying traffic on a packet-by-packet basis using information in the type-of-service (ToS) byte to provide different service levels to different traffic. See also QoS.

CSCP. Eight Differentiated Services code point (DSCP) values of the form xxx000 (where x can be 0 or 1). Defined in RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers.

In Differentiated Services-aware traffic engineering, a collection of traffic flows that are treated equivalently in a Differentiated Services domain. A class type maps to a queue and is much like a class-of-service (CoS) forwarding class in concept.

CoS bits. Experimental bits, located in each MPLS label and used to encode the CoS value of a packet as it traverses an LSP. Also known as EXP bits.

cosd. Process that enables the routing platform to provide different levels of service to applications based on packet classifications.

Process of taking in a single data stream and sorting it into multiple output substreams. In class of service (CoS), the examination of an incoming packet that associates the packet with a particular CoS servicing level. There are two kinds of classifiers, behavior aggregate and multifield. Also known as packet classification. See also BA classifier, multifield classifier.

Method of reading a sequence of bits in a packet header or label and determining how the packet should be forwarded internally and scheduled (queued) for output.

CLACL. Specifies the criteria by which the router defines a packet flow.

Policy rules that make up a policy list.

CIDR. Addressing method that interprets an IP address in two parts: a prefix that identifies the network, followed by notation that indicates the host address and mask; for example, 10.12.8.3/16. CIDR replaces the traditional class structure of IP addresses, in which address allocations were based on octet (8-bit) boundary segments of the 32-bit IP address. In CIDR, the boundary between the network and host portions of an IP address can be on any bit boundary and they have no class restrictions, enabling more efficient use of the IP address space.

Customer-side translator (XLAT), defined in RFC 6877, 464XLAT: Combination of Stateful and Stateless Translation, that complies with RFC 6145, IP/ICMP Translation Algorithm. CLAT algorithmically translates 1:1 private IPv4 addresses to global IPv6 addresses, and vice versa. The CLAT function is applicable to a router or an end node such as a mobile phone. See also 464XLAT and PLAT.

Interface configured on a channelized PIC or PIM that operates as a single channel, does not carry signaling, and uses the entire port bandwidth.

CTS. Signaling message transmitted in response to an RTS (request to send) message that enables the sender of the RTS message to begin data transfer

Unencrypted form of encrypted text. Also known as plaintext.

competitive local exchange carrier. Company that competes with an already-established local telecommunications business by providing its own network and switching.

Common Language Equipment Identifier. Inventory code used to identify and track telecommunications equipment.

command-line interface. Interface provided for entering commands for configuring and monitoring the routing protocol software.

Security level that grants access to specific CLI commands, such as for packet mirroring.

Configuration template converted into a CLI configuration string that you can use to easily apply a configuration from Junos Space Network Management Platform to a device. A CLI Configlet contains the Junos OS configuration as formatted ASCII text.

Type of packet mirroring in which an authorized user uses the router CLI commands to configure and manage packet mirroring.

Node or software program (front-end device) that requests services from a server. See also SNMP client.

An SSL certificate held by a client, granting the client access to a restricted site.

Real-time clock located in a router acting as a Precision Time Protocol (PTP) client (which is also known as the client node, destination node, or boundary node). The client clock performs clock and time recovery operations on the basis of the received and requested timestamps from the primary clock. Also known as member clock. See also primary clock.

In a BGP route reflection, a member of a cluster that is not the route reflector. See also nonclient peer.

Connectionless Network Protocol. ISO-developed protocol for OSI connectionless network service. A Network Layer protocol used by CLNS to handle data at the Transport Layer. CLNP is the OSI equivalent of IP.

Connectionless Network Service. OSI Network Layer service that enables data transmission without establishing a circuit and that routes messages independently of any other messages. A Layer 3 protocol, similar to Internet Protocol version 4 (IPv4), CLNS uses network service access points (NSAP) instead of the prefix addresses found in IPv4 to specify end systems and intermediate systems.

Copy of a managed or modeled device in the Junos Space Network Management Platform database. Junos Space Network Management Platform manages active cloned devices only. See also modeled device.

Multistage switching network in which switch elements in the middle stages are connected to all switch elements in the ingress and egress stages. Clos networks are well-known for their nonblocking properties—a connection can be made from any idle input port to any idle output port, regardless of the traffic load in the rest of the system.

Internet‐based environment of virtualized computing resources, including servers, software, and applications that can be accessed by individuals or businesses with Internet connectivity. Cloud types include public, private, and hybrid.

Cloud computing represents a paradigm shift in the way companies allocate IT resources. Fundamentally, a cloud is an Internet-based environment of computing resources comprised of servers, software, and applications that can be accessed by any individual or business with Internet connectivity. Customers, referred to as tenants, can access resources that they need to run their business. Clouds offer customers a pay-as-you-go, lease-style investment with little to no upfront costs, versus buying all of the required hardware and software separately. Clouds allow businesses to scale easily and tier more services and functionality on an as-needed basis. Cloud computing is the basis for Infrastructure as a Service (IaaS) and Software as a Service (SaaS). See also Infrastructure as a Service, Software as a Service.

Automation endpoint that is part of a data center or point of presence (POP) acting as a hub point for overlay connections from many spoke devices. Cloud hubs are usually logical entities in a multitenant device (cloud hub device). See also cloud spoke, cloud site.

Site where customers access network services and all virtualized network functions (VNFs) from a service provider’s cloud in a network point of presence (POP). See also cloud hub, cloud spoke.

Automation endpoint that is part of a customer virtual private cloud (VPC) on cloud platforms such as Amazon Web Services (AWS). Typically, these points are connected using overlay connections to hub sites. See also cloud hub, cloud site.

Cloud computing software for creating, managing, and deploying infrastructure cloud services.

cell loss priority. ATM cell bit that communicates the loss priority of the payload. A value of zero (0) specifies that the cell not be discarded if it encounters congestion as it moves through the network. A value of one (1) specifies that the network can drop the cell when congestion is encountered.

• Route reflector and its clients (BGP) that have been grouped together. Consists of one system that acts as a route reflector, along with any number of client peers. Clients peer only with a route reflector and do not peer outside their cluster. Route reflectors peer with clients and other route reflectors within a cluster; outside a cluster they peer with other reflectors and other routers that are neither clients nor reflectors. The client peers receive their route information only from the route reflector system. Routers in a cluster do not need to be fully meshed. See also route reflector, route reflector client.

• (of Linux servers) Two or more computers (called nodes or members) that work together to perform a task.

List of paths recorded as a packet travels through a BGP route reflector cluster.

Central Management Console. A feature of the Juniper Networks Media Flow Controller management interface that allows you to push configurations to a number of Media Flow Controllers from a central interface.

converged network adapter. Physical adapter that combines the functions of a Fibre Channel host bus adapter (HBA) to process Fibre Channel over Ethernet (FCoE) frames and a lossless Ethernet network interface card (NIC) to process non-FCoE Ethernet frames. CNAs have one or more Ethernet ports. CNAs encapsulate Fibre Channel frames in Ethernet for FCoE transport and de-encapsulate Fibre Channel frames from FCoE to native Fibre Channel.

Control and Status messages. 3G modem messages used to configure, set parameters, query status, receive event notification, and control traffic of event notifications for the 3G modem device.

central office. Local telephone company building that houses circuit switching equipment used for subscriber lines in a given area.

change of authorization. RADIUS messages that dynamically modify session authorization attributes, such as data filters.

Linux application that enables rapid setup of a networking environment on multiple servers from a central host, using services such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS). See also DHCP, DNS.

CDMA. Digital cellular technology that uses spread-spectrum techniques for digital transmission of radio signals, for example, between a mobile telephone and a base transceiver station (BTS). Unlike competing systems that use TDMA (time division multiple access), such as GSM (Global System for Mobile Communications), CDMA does not assign a specific frequency to each user. Instead, every channel uses the full available spectrum. Individual conversations are encoded with a pseudo-random digital sequence. CDMA consistently provides better capacity for voice and data communications than other commercial mobile technologies, allowing more subscribers to connect at any given time.

Name assigned to a pattern of code-point bits. This name is used, instead of the bit pattern, in the configuration of other class-of-service (CoS) components, such as classifiers, drop-profile maps, and rewrite rules.

Result of a standby SRP module becoming active without high availability (HA) being configured (no switchover from active SRP). Similar to a cold start, except:

• The standby SRP becomes active much more quickly because the configuration is already loaded in the standby SRP memory and the device is running.

• Line module software is reloaded, so it takes additional time for the newly active SRP to become fully operational.

See also graceful restart, warm restart.

Type of rate limit that can change the algorithm used, depending on the color of the incoming packet.

Process that assigns precedence to packets in JunosE QoS. Packets within the router are tagged with a drop precedence: committed—green; conformed—yellow; exceeded—red. When the queue fills above the exceeded threshold, the router drops red packets, but still queues yellow and green packets. When the queue fills above the conformed drop threshold, the router queues only green packets.

Type of rate limit that runs the same algorithm for all packets, regardless of their color. See also rate-limit hierarchy.

Devices used by malicious users to orchestrate attacks such as DDoS attacks against websites, networks, or specific network devices. These devices can be purpose-built to control compromised devices across a network (including the Internet), or they themselves can be compromised devices to which an attacker has access.

Function of a router’s command-line interface (CLI) that allows a user to enter only the first few characters in any command. Users access this function through the spacebar or Tab key.

Feature of the CLI in E Series routers. Command privileges fall within one of the following levels:

• 0—Allows you to execute the help, enable, disable, and exit commands.

• 1—Allows you to execute commands in User Exec mode plus commands at level 0.

• 5—Allows you to execute Privileged Exec show commands plus the commands at levels 1 and 0.

• 10—Allows you to execute all commands except support commands (provided by Juniper Networks Customer Service), or the privilege command to assign privileges to commands.

• 15—Allows you to execute support commands and assign privileges to commands.

C&C server. Centralized computer that issues commands to botnets (compromised networks of computers) and receives reports back from them. Botnets can be used to gather sensitive information, such as account numbers or credit card information, or to participate in a distributed denial-of-service (DDoS) attack.

CLI. Interface provided for entering commands for configuring and monitoring the routing protocol software.

Junos OS CLI configuration mode command that saves changes made to a router configuration, verifies the syntax, applies the changes to the configuration currently running on the router, and identifies the resulting file as the current operational configuration.

Enforces custom configuration rules. A script runs each time a new candidate configuration is committed and inspects the configuration. If a configuration breaks your custom rules, the script can generate actions for Junos OS.

Sequence of commands that allow you to create custom configuration syntax to simplify the task of configuring a routing platform. By itself, your custom syntax has no operational impact on the routing platform. A corresponding commit script macro uses your custom syntax as input data for generating standard Junos OS configuration statements that execute your intended operation.

In a rate-limit profile, action that drops, transmits, marks (IP and IPv6), or marks-exp (MPLS) when traffic flow does not exceed the rate. The mark value is not supported for hierarchical rate limits, and the transmit values—conditional, unconditional, and final—are supported only on hierarchical rate limits.

CIR. Specifies the average rate at which packets are admitted to the network. Each packet is counted as it enters the network. Packets that do not exceed the CIR are marked green, which corresponds to low loss priority. Packets that exceed the CIR but are below the peak information rate (PIR) are marked yellow, which corresponds to medium loss priority. See also trTCM, PIR.

CIST. Single spanning tree calculated by the Spanning Tree Protocol (STP) and the Rapid Spanning Tree Protocol (RSTP) and the logical continuation of that connectivity through multiple spanning-tree (MST) bridges and regions, calculated to ensure that all LANs in the bridged LAN are simply and fully connected. See also MSTI.

International standard (ISO/IEC 15408) for computer security. See also EAL3.

EAL3. Compliance requirement defined by Common Criteria. Higher levels have more stringent requirements. See also Common Criteria.

CLEI. Inventory code used to identify and track telecommunications equipment.

COPS. A query-and-response protocol used to exchange policy information between a policy server and its clients.

COPS-PR. An IETF standard where the policy enforcement point (PEP) requests policy provisioning when the operational state of the interface and DHCP addresses change.

CVE. Dictionary of publicly known information security vulnerabilities and exposures that is international in scope and free for public use.

• In BGP, a logical group of prefixes or destinations that share a common attribute; used to simplify a routing policy. Community members can be on different networks and in different autonomous systems. BGP allows you to define the community to which a prefix belongs. A prefix can belong to more than one community. The community attribute lists the communities to which a prefix belongs. Community information is included as one of the path attributes in BGP update messages.

• In SNMP, an authentication scheme that authorizes SNMP clients based on the source IP address of incoming SNMP packets, defines which MIB objects are available, and specifies the operations (read-only or read-write) allowed on those objects.

CentOS. Free Linux distribution built from the open-source code of Red Hat Enterprise Linux (RHEL).

Sequential collection of permit and deny conditions. Each condition describes the community number to be matched. The router tests the community attribute of a route against the conditions in a community list one by one. The first match determines whether the router accepts (the route is permitted) or rejects (the route is denied) a route having the specified community. Because the router stops testing conditions after the first match, the order of the conditions is critical. If no conditions match, the router rejects the route.

CFEB. In Juniper Networks M7i and M10i Multiservice Edge Routers, CFEB provides route lookup, filtering, and switching to the destination port.

Nonvolatile memory card in Juniper Networks M Series, MX Series, T Series, and J Series platforms used for storing a copy of Junos OS and the current and most recent router configurations. It also typically acts as the primary boot device.

CLEC (pronounced “see-lek”). Company that competes with an already-established local telecommunications business by providing its own network and switching.

CSNP. Packet that contains a complete list of all the LSPs in the IS-IS database.

One of four types of shared shapers, in which the software selects constituents based on the shared priority and shared weight configured using a JunosE command. If no attributes are specified, the software supplies a shared priority consistent with the legacy scheduler configuration. See also compound implicit shared shaper, simple explicit shared shaper, simple implicit shared shaper, CSNP.

One of four types of shared shapers, in which the software selects constituents automatically. If a node exists in a given traffic-class group, the node is active and the queues stacked above it are inactive constituents. See also compound explicit shared shaper, simple explicit shared shaper, simple implicit shared shaper, CSNP.

Hardware-assisted mechanism that controls bandwidth for all scheduler objects associated with the subscriber logical interface. See also shared shaping, simple shared shaping.

CRTP. Decreases the size of the IP, UDP, and RTP headers and works with reliable and fast point-to-point links for voice over IP (VoIP) traffic. CRTP is defined in RFC 2508, Compressing IP/UDP/RTP Headers for Low-Speed Serial Links.

CHD. Traffic samples that have been computed in some manner, such as summation and averaging.

CRB. Mechanism whereby an E Series router can route a protocol among a group of interfaces in one bridge group and concurrently bridge the same protocol among a separate group of interfaces in a different bridge group on the router.

CVS. Widely used version control system for software development or data archives.

In BGP, group of systems that appears to external autonomous systems as a single autonomous system. A set of sub-ASs is established within an AS to reduce mesh overhead. BGP peers within each sub-AS are fully meshed, but the sub-ASs do not have to be fully meshed within the AS. See also route reflection.

Feature that contains the initial configuration required to connect a modeled or cloned device to Junos Space Network Management Platform. Using a USB storage device, you can copy and download the configlet in XML, CLI, or curly-braces format to a device.

Mechanism that prevents the system from being partially configured with changes in the event of a reset. When a script or macro begins execution, the resulting configuration changes are automatically cached in system RAM rather than being committed to nonvolatile storage (NVS). When the script or macro completes execution, the cache is flushed as a background operation, saving the configuration changes to NVS.

Collection of configuration statements whose inheritance can be directed in the rest of the device configuration. The same group can be applied to different sections of the configuration, and different sections of one group’s configuration statements can be inherited in different places in the configuration.

Remote server used to configure Juniper Networks routers when using the NETCONF XML Management Protocol or the Junos XML Management Protocol.

Junos OS mode that allows a user to alter the router’s current configuration.

Type of command that you use to configure a device running Junos OS. A configuration is stored as a hierarchy of statements. In configuration mode, you enter these statements to define all properties of Junos OS, including interfaces, general routing information, routing protocols, user access, and several system and hardware properties. Also known as configuration command.

The script that must be run after installing and before starting the Junos App Balancer. It deals with fundamental settings such as passwords and specifying whether the Junos App Balancer should stand alone or join an existing cluster.

Problem that occurs when an address within the IP address pool is being used by a host that does not have an associated binding in the DHCP server's database. Addresses with conflicts are removed from the pool and logged in a conflicts list until you clear the list.

In a rate-limit profile, an action that drops, transmits, marks (IP and IPv6), or marks-exp (MPLS) when traffic flow exceeds the rate but not the excess burst. The mark value is not supported for hierarchical rate limits, and the transmit values—conditional, unconditional, and final—are supported only on hierarchical rate limits.

BGP neighbor state in which the local router has initiated the TCP session and is waiting for the remote peer to complete the TCP connection.

CAC. Set of actions that the network takes during connection setup or renegotiation. ATM networks use CAC to determine whether to accept a connection request, based on whether allocating the connection’s requested bandwidth would cause the network to violate the traffic contracts of existing connections.

Settings for managing the connection between a remote client and a virtual server, or between a pool and its nodes.

CBF. A method of forwarding frames in which forwarding decisions are made using only the identity of the ingress interface. No part of a packet’s contents is used to determine how a packet should be forwarded.

Protocol that exchanges control information with a remote computer to verify that the remote computer is ready to receive data before the originating computer sends the data.

CLNP. ISO-developed protocol for OSI connectionless network service. A Network Layer protocol used by CLNS to handle data at the Transport Layer. CLNP is the OSI equivalent of IP.

CLNS. OSI Network Layer service that enables data transmission without establishing a circuit and that routes messages independently of any other messages. A Layer 3 protocol, similar to Internet Protocol version 4 (IPv4), CLNS uses network service access points (NSAP) instead of the prefix addresses found in IPv4 to specify end systems and intermediate systems.

Protocol, such as IP, that does not exchange control information to establish an end-to-end connection before transmitting data.

CFM. End-to-end per-service-instance Ethernet layer operation, administration, and management (OAM) protocol. CFM includes proactive connectivity monitoring, fault verification, and fault isolation for large Ethernet metropolitan-area networks.

CIP. Panel that contains connectors for the Routing Engines, BITS interfaces, and alarm relay contacts on some M Series and T Series routers.

CBR. An ATM service category that supports a constant and guaranteed rate to transport services such as video or voice, as well as circuit emulation, requiring rigorous timing control and performance parameters. For ATM1 and ATM2 IQ interfaces, data is serviced at a constant, repetitive rate. CBR is used for traffic that does not need to periodically burst to a higher rate, such as nonpacketized voice and audio.

Scheduler node or queue associated with a logical interface. A shared shaper is configured for a logical interface; all queues and scheduler nodes associated with that logical interface are constituents of the shared shaper. See also active constituent; inactive constituent.

In traffic engineering, a path determined by using the CSPF algorithm. The Explicit Route Object (ERO) carried in the RSVP packets contains the constrained path information. See also ERO.

CSPF. MPLS algorithm modified to take into account specific restrictions when calculating the shortest path across the network.

CR-LDP. Traffic engineering signaling protocol for MPLS IP networks. CR-LDP provides mechanisms for establishing explicitly routed label switched paths (LSPs).

CR-LSP. Explicitly routed label switched path (LSP) established by means of CR-LDP

Mechanism to establish paths based on certain criteria (explicit route, QoS parameters). The standard routing protocols can be enhanced to carry additional information to be used when running the route calculation.

CAM. Memory chip in which content is compared in each bit cell, allowing for very fast table lookups.

CDN. A system of computers networked together across the Internet that cooperate transparently to deliver content to end users, most often for the purpose of improving performance, scalability, and cost efficiency. Also known as content distribution network.

CDN. A system of computers networked together across the Internet that cooperate transparently to deliver content to end users, most often for the purpose of improving performance, scalability, and cost efficiency. Also known as content delivery network.

Node that the Extensible Stylesheet Language for Transformations (XSLT) processor is currently examining. XSLT changes the context as it traverses the XML document’s hierarchy. See also XSLT.

Function of the router’s command-line interface (CLI) that allows a user to request information about the Junos OS hierarchy. You can access context-sensitive help in both operational and configuration mode.

CC cells. Cells that provide continual monitoring of a connection on a segment or from end to end.

Open, standards-based software solution that delivers network virtualization and service automation for federated cloud networks.

CSO. Comprehensive management and orchestration platform that delivers virtualized, managed software-defined WAN (SD-WAN), VPN, and security network services and orchestrates the entire service life cycle, from creation to delivery, in a modular, open framework.

Active IP routes in the routing table that share the same most-significant bits and are more specific than an aggregated or generated route.

CnS, CNS. 3G modem messages used to configure, set parameters, query status, receive event notification, and control traffic of event notifications for the 3G modem device.

CB. On a Juniper Networks router, part of the host subsystem that provides control and monitoring functions for router components.

Virtual network path used to set up, maintain, and terminate data plane connections. See also data plane.

On-premise component that serves as an intermediary between SRX Series devices and various sources of security intelligence. Controllers run as virtual machines (VMs) inside the Junos Space Fabric. Security Director manages the SRX Series devices and the security intelligence connectors. Also known as connector.

CNA. Physical adapter that combines the functions of a Fibre Channel host bus adapter (HBA) to process Fibre Channel over Ethernet (FCoE) frames and a lossless Ethernet network interface card (NIC) to process non-FCoE Ethernet frames. CNAs have one or more Ethernet ports. CNAs encapsulate Fibre Channel frames in Ethernet for FCoE transport and de-encapsulate Fibre Channel frames from FCoE to native Fibre Channel.

State in which a set of devices in a network share the same topology information. The routers in the network collect the topology information from one another through the routing protocol. The routers achieve a state of convergence when they share routing information so that the routing tables in all devices map to the same network topology and the devices know the best route to a destination. In a converged network, all devices are aware of the network topology and the optimal route to send a packet. Any change—for example, the failure of a device—in the network affects convergence until information about the change is propagated to all devices and convergence is achieved again. See also convergence time.

Time taken by the devices in a network to reach convergence after a change in topology. See also convergence.

A small item of data given to a client by a server that is stored either on the client's file system or in the browser client session. The client stores the data and provides it to the server on subsequent requests. Cookies are used to track client data such as session persistence maps.

CAIDA. Association that provides tools and analyses promoting the engineering and maintenance of a robust, scalable Internet infrastructure. One tool, cflowd, allows you to collect an aggregate of sampled flows and send the aggregate to a specified host that runs the cflowd application available from CAIDA.

Enables a BGP speaker to send an inbound route filter to a peer and have the peer install it as an outbound filter on the remote end of the session. Also known as outbound route filtering (ORF).

UTC. Historically referred to as Greenwich mean time (GMT), a high-precision atomic time standard that tracks Universal Time (UT) and is the basis for legal civil time all over the Earth. Time zones around the world are expressed as positive and negative offsets from UTC.

Common Open Policy Service (Protocol). A query-and-response protocol used to exchange policy information between a policy server and its clients.

COPS usage for policy provisioning. An IETF standard where the policy enforcement point (PEP) requests policy provisioning when the operational state of the interface and DHCP addresses change.

Central backbone of the network.

In E Series routers, file that indicates which module has failed by referencing that module’s hardware slot number (the slot number designation on the system backplane). This slot number is different from the chassis slot number that appears on the front of the chassis and in screen displays.

class of service. Method of classifying traffic on a packet-by-packet basis using information in the type-of-service (ToS) byte to provide different service levels to different traffic. See also QoS.

class-of-service bits. Experimental bits, located in each MPLS label and used to encode the CoS value of a packet as it traverses an LSP. Also known as EXP bits.

Class-of-service process that enables the routing platform to provide different levels of service to applications based on packet classifications.

Unitless number assigned to a path between neighbors, based on throughput, round-trip time, and reliability. The sum of path costs between source and destination hosts determines the overall path cost. OSPF uses the lowest cost to determine the best path.

customer premises equipment. Telephone, modem, router, or other service provider equipment located at a customer site.

central processing unit. Hardware component in a computer that executes instructions from memory, performing arithmetic and logical operations as required.

Constraint-Based Routed Label Distribution Protocol. Traffic engineering signaling protocol for MPLS IP networks. CR-LDP provides mechanisms for establishing explicitly routed label-switched paths (LSPs).

constraint-based routed label-switched path. Explicitly routed label-switched path (LSP) established by means of CR-LDP.

Mechanisms used by a Communication Workers of America craftsperson to operate, administer, and maintain equipment or provision data communications. On a Juniper Networks router, the craft interface allows you to view status and troubleshooting information and perform system control functions.

concurrent routing and bridging. Mechanism whereby an E Series router can route a protocol among a group of interfaces in one bridge group and concurrently bridge the same protocol among a separate group of interfaces in a different bridge group on the router.

cyclic redundancy check. Error-checking technique that uses a calculated numeric value to detect errors in transmitted data.

Indicates the number of packets generating a cyclic redundancy code error processed through the security device over the selected interface.

CSP. On routers running Junos-FIPS software, a collection of cryptographic keys and passwords that must be protected at all times.

certificate revocation list. List of digital certificates that have been invalidated, including the reasons for revocation and the names of the entities that issued them. A CRL prevents use of digital certificates and signatures that have been compromised.

Compressed Real-Time Transport Protocol. Decreases the size of the IP, UDP, and RTP headers and works with reliable and fast point-to-point links for voice over IP (VoIP) traffic. CRTP is defined in RFC 2508, Compressing IP/UDP/RTP Headers for Low-Speed Serial Links.

Processor card that speeds up certain cryptographic IP Security (IPsec) services on some Juniper Networks devices. For supported cryptographic algorithms, refer to the product documentation for the devices that support the Crypto Accelerator Module.

Superuser responsible for the proper operation of a router running Junos-FIPS software.

Class Selector code point. Eight Differentiated Services code point (DSCP) values of the form xxx000 (where x can be 0 or 1). Defined in RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers.

complete sequence number PDU. Packet that contains a complete list of all the LSPs in the IS-IS database.

Contrail Service Orchestration. Comprehensive management and orchestration platform that delivers virtualized, managed software-defined WAN (SD-WAN), VPN, and security network services and orchestrates the entire service life cycle, from creation to delivery, in a modular, open framework.

Critical Security Parameter. On routers running Junos-FIPS software, a collection of cryptographic keys and passwords that must be protected at all times.

Constrained Shortest Path First. MPLS algorithm modified to take into account specific restrictions when calculating the shortest path across the network.

certificate signing request. A request created from a self-signed certificate. You can submit the CSR to a certificate authority for them to sign.

channel service unit/data service unit. A channel service unit connects a digital phone line to a multiplexer or other digital signal device. A data service unit connects data terminal equipment (DTE) to a digital phone line.

clear to send (signal). Signaling message transmitted in response to an RTS (request to send) message that enables the sender of the RTS message to begin data transfer.

Feed template where settings and requirements are specified by the user. Using a custom feed, you can modify or customize the name and parameters of any field and change the order of any field.

CE. Customer router connected to the service provider network.

CE device. Router or switch in the customer’s network that is connected to a service provider’s provider edge (PE) router and participates in a Layer 3 VPN.

CPE. Telephone, modem, router, or other service provider equipment located at a customer site.

C-VLAN. A stacked VLAN, defined by IEEE 802.1ad, that contains an outer tag corresponding to the S-VLAN and an inner tag corresponding to the C-VLAN. A C-VLAN often corresponds to customer premises equipment (CPE). Scheduling and shaping is often used on a C-VLAN to establish minimum and maximum bandwidth limits for a customer. See also S-VLAN.

CLAT. Defined in RFC 6877, 464XLAT: Combination of Stateful and Stateless Translation, that complies with RFC 6145, IP/ICMP Translation Algorithm. CLAT algorithmically translates 1:1 private IPv4 addresses to global IPv6 addresses, and vice versa. The CLAT function is applicable to a router or an end node such as a mobile phone. See also 464XLAT and PLAT.

CAMEL. An ETSI standard for GSM networks that enhances the provision of Intelligent Network services.

Common Vulnerabilities and Exposures. Dictionary of publicly known information security vulnerabilities and exposures that is international in scope and free for public use.

Concurrent Versions System. Widely used version control system for software development or data archives.

100/120-Gbps extended form-factor pluggable transceiver that provides support for fiber-optic cables without built-in clock recovery circuits. (The C stands for centum, or 100, but do not use centum in the expansion.)

CRC. Error-checking technique that uses a calculated numeric value to detect errors in transmitted data.

delta channel. Circuit-switched channel that carries signaling and control for B-channels. In Basic Rate Interface (BRI) applications, it can also support customer packet data traffic at speeds up to 9.6 Kbps. See also B-channel, BRI.

Background process that performs operations for the system software and hardware. Daemons normally start when the system software is booted, and run as long as the software is running. In Junos OS, daemons are also referred to as processes.

Method of reducing the number of update messages sent between BGP peers, thereby reducing the load on those peers without adversely affecting the route convergence time for stable routes. Also known as flap damping.

DCD. Hardware signal defined by the RS-232C standard that indicates that the device, usually a modem, is online and ready for transmission.

Centralized physical or virtual facility in which all data for a specific purpose is stored, managed, and communicated.

DCB. Set of IEEE specifications that enhances the Ethernet standard to allow it to support converged Ethernet (LAN) and Fibre Channel (SAN) traffic on one Ethernet network. DCB features include priority-based flow control (PFC), enhanced transmission selection (ETS), Data Center Bridging Capability Exchange protocol (DCBX), quantized congestion notification (QCN), and full-duplex 10-Gigabit Ethernet ports.

DCBX. Discovery and exchange protocol for conveying configuration and capabilities among neighbors to ensure consistent configuration across the network. It is an extension of the Link Layer Data Protocol (LLDP, described in IEEE 802.1ab, Station and Media Access Control Connectivity Discovery).

DCE. Device, such as a modem, that provides the interface between a circuit and data terminal equipment (DTE). Also known as data communications equipment.

DCE. Device, such as a modem, that provides the interface between a circuit and data terminal equipment (DTE). Also known as data circuit-terminating equipment.

DES. Method for encrypting information using a 56-bit key. Considered to be a legacy method and insecure for many applications. See also 3DES.

DES-CBC. Method for encrypting single DES keys.

DXI. Specification developed by the switched megabit data services (SMDS) interest group to define the interaction between internetworking devices and CSUs/DSUs that are transmitting over an SMDS access line.

Second level in the seven-layer OSI Reference Model for network protocol design and in the five-layer TCP/IP stack model. This layer provides the functional and procedural means to transfer data between network entities by splitting data into frames to send on the Physical Layer and receiving acknowledgment frames. It performs error checking and retransmits frames not received correctly. In general, it controls the flow of information across the link, providing an error-free virtual channel to the Network Layer. Also known as Layer 2.

DLSw. Method of tunneling IBM System Network Architecture (SNA) and NetBIOS traffic over an IP network, used because Junos OS does not support NetBIOS. See also tunneling protocol.

DM. In NSM, an XML file that contains configuration data for an individual device. The DM is stored in the NSM Device Server. When you create, update, or import a device, the GUI Server edits the Abstract Data Model (ADM) to reflect the changes, then translates that information to the DM.

Software process used to define and analyze data requirements that support a business process.

Software language, such as YANG, used for data modeling. See also data modeling, YANG.

Chunk of data transiting the router from the source to a destination.

Virtual network path used to distribute data between nodes. Also known as transport plane. See also control plane.

DPDK. Set of libraries and drivers used in the development of applications that perform fast processing of packets on industry-standard processors, such as x86 processors.

channel service unit, CSU/DSU. A channel service unit connects a digital phone line to a multiplexer or other digital signal device. A data service unit connects data terminal equipment (DTE) to a digital phone line.

DSR. One of the control signals on a standard RS-232C connector that indicates whether the DCE is connected and ready to start.

General term for a repository of data, such as a database or an electronic file.

Collection of data bits in a data stream that are inverted for transmission.

DTE. RS-232-C interface that a computer uses to exchange information with a serial device, such as a computer, host, or terminal, that communicates with DCE. At the terminal end of a data transmission, DTE comprises the transmit and receive equipment. See also DCE.

DTR signal. Sent over a dedicated wire (RS-232 connection) from a computer (or terminal) to a transmission device to indicate that the computer is ready to receive data.

data-MDT tunnel. Multicast tunnel created and deleted based on defined traffic loads and designed to ease loading on the default MDT tunnel.

DLCI. 10-bit channel number attached to data frames to inform a Frame Relay network how to route the data in a Frame Relay virtual connection (a logical interface).

data-driven multicast distribution tree (MDT) tunnel. Multicast tunnel created and deleted based on defined traffic loads and designed to ease loading on the default MDT tunnel.

OSPF packet type used in the formation of an adjacency. The packet sends summary information about the local router’s database to the neighboring router.

Packet format defined by IP.

Method to collect traces and packet captures at different locations in a packet-processing path of an SRX Series Services Gateway. For example, on high-end SRX Series devices, packet captures can be collected at multiple processing units such as ingress network processor, services processing unit, egress network processor, and so on.

data center bridging. Set of IEEE specifications that enhances the Ethernet standard to allow it to support converged Ethernet (LAN) and Fibre Channel (SAN) traffic on one Ethernet network. DCB features include priority-based flow control (PFC), enhanced transmission selection (ETS), Data Center Bridging Capability Exchange protocol (DCBX), quantized congestion notification (QCN), and full-duplex 10-Gigabit Ethernet ports.

Data Center Bridging Capability Exchange protocol. Discovery and exchange protocol for conveying configuration and capabilities among neighbors to ensure consistent configuration across the network. It is an extension of the Link Layer Data Protocol (LLDP, described in IEEE 802.1ab, Station and Media Access Control Connectivity Discovery).

device control process. Junos OS interface process (daemon).

data carrier detect. Hardware signal defined by the RS-232C standard that indicates that the device, usually a modem, is online and ready for transmission.

• data communications equipment, data circuit-terminating equipment. Device, such as a modem, that provides the interface between a circuit and data terminal equipment (DTE).

• Distributed Computing Environment. An industry-standard software technology for setting up and managing computing and data exchange in a system of distributed computers. DCE is typically used in a large client/server network of computing systems that include servers of different sizes, scattered geographically. With DCE, application users can share applications and data at remote servers. Application programmers don't need to be aware of where their programs will run or where the data will be located.

destination class usage. Means of tracking traffic originating from specific prefixes on the customer edge router and destined for specific prefixes on the provider core router, based on the IP source and destination addresses.

distributed denial-of-service attack. Attack, typically a flood, from multiple source points. A DDoS attack can be more effective in disrupting services than a DoS, because the flood of incoming attacks are coming from multiple sources.

discard-eligible bit. In a Frame Relay network, header bit that notifies devices on the network that traffic can be dropped during congestion to ensure the delivery of higher priority traffic (those without the DE bit set).

Method of modifying the router’s active configuration. Portions of the hierarchy marked as inactive using this command are ignored during the router’s commit process as if they were not configured at all.

Amount of time that an OSPF router maintains a neighbor relationship before declaring that neighbor as no longer operational. Junos OS uses a default value of 40 seconds for this timer.

DPD. Method that recognizes the loss of the primary IPsec Internet Key Exchange (IKE) peer and establishes a secondary IPsec tunnel to a backup peer. It is a keepalive mechanism that enables the E Series router to detect when communication to a remote IPsec peer has been disconnected. DPD enables the router to reclaim resources and to optionally redirect traffic to an alternate failover destination. If DPD is not enabled, traffic continues to be sent to the unavailable destination. Also known as IKE keepalive.

Technique used by programmers to find and reduce the number of bugs, or defects, in a computer program or a piece of electronic hardware, thus making it behave as expected. See also tracing.

DI. Firewall methodology that builds on the strength of stateful inspection, integrating intrusion prevention technology to provide application-level attack protection at the network perimeter. The Deep Inspection firewall can efficiently perform network security functions as well as analysis on the application message to determine whether to accept or deny traffic.

Action performed by a security device when the permitted traffic matches an attack object specified in the rule. Deep Inspection actions include drop connection, drop packet, close client, and so on.

DI profile. Contains predefined attack object groups (created by Juniper Networks), and your own custom attack object groups. After creating the DI Profile, you add the Profile object in the Rule Option column of a firewall rule.

Router address that is used as the source address on unnumbered interfaces.

Configuration that takes place on a device that cannot locate a configuration (boot) file. You can set up two default configuration files for autoinstallation on the device: network.conf to specify IP address-to-hostname mappings for devices on the network, and router.conf to provide just enough configuration for your subsequent Telnet access.

Route used to forward IP packets when a more specific route is not present in the routing table. Often represented as 0.0.0.0/0, the default route is sometimes referred to as the route of last resort.

Difference or discrepancy. For example, in NSM, the difference between the configuration running on the physical device and the configuration in NSM is called the delta.

D-channel. Circuit-switched channel that carries signaling and control for B-channels. In Basic Rate Interface (BRI) applications, it can also support customer packet data traffic at speeds up to 9.6 Kbps. See also B-channel, BRI.

Network segment whose cost varies with usage, according to a service-level agreement (SLA) with a service provider. Demand circuits limit traffic based on either bandwidth (bits or packets transmitted) or access time. See also multicast.

DMZ. Physical or logical subnet used as an additional layer of security between an organization’s network and an untrusted network (often the Internet); a neutral zone used to secure a network from external access. An attacker only has access to equipment in the DMZ.

DoS. System security breach in which network services become unavailable to users.

DoS attack. Any attempt to deny valid users access to network or server resources by using up all the resources of the network element or server. Typically, an attacker sends a flood of information to overwhelm a service system’s resources, causing the server to ignore valid service requests.

Method of forwarding multicast traffic to interested listeners. Dense mode forwarding assumes that most of the hosts on the network will receive the multicast data. Routers flood packets and prune unwanted traffic every 3 minutes. See also sparse mode.

DPC. Network interface-specific card that can be installed in the router.

DWDM. Technology that enables data from different sources to be carried together on an optical fiber, with each signal carried on its own separate wavelength.

Data Encryption Standard. Method for encrypting information using a 56-bit key. Considered to be a legacy method and insecure for many applications. See also 3DES.

Data Encryption Standard-Cipher Block Chaining. Method for encrypting single DES keys.

DIS. An IS-IS router that is elected by priority on an interface basis. In the case of a tie, the router with the highest MAC address becomes the DIS. DIS is analogous to the designated router in OSPF, although the election process and adjacencies within multiaccess media differ significantly. DIS assists broadcast routers to synchronize their IS-IS databases.

DR.

• Router on a subnet that is selected to control multicast routes for the sources and receivers on the subnet. If several routers are present, the selected DR is the router with the highest priority. If the DR priorities match, the router with the highest IP address is selected as the DR. The source’s DR sends PIM register messages from the source network to the rendezvous point (RP). The receiver’s DR sends PIM join and PIM prune messages from the receiver network toward the RP.

• In OSPF, a router, selected by other routers, that is responsible for sending link-state advertisements (LSAs) that describe the network, thereby reducing the amount of network traffic and the size of the topology databases maintained on the other routers.

DCU. Means of tracking traffic originating from specific prefixes on the customer edge router and destined for specific prefixes on the provider core router, based on the IP source and destination addresses.

Number of bits of the network address used for the host portion of a CIDR IP address.

DSAP. Identifies the destination for which a logical link control protocol data unit (LPDU) is intended.

Person who uses an interface to control and manage a network security device.

dcd. Junos OS interface process (daemon).

Process of discovering devices in your network to add them to the Junos Space Network Management Platform database. Junos Space Network Management Platform uses SSH, ICMP ping, or SNMP to perform device discovery. The inventory and configuration of the device at the time of device discovery is added to the Junos Space Network Management Platform database. Use an IP address, a DNS hostname, an IP address range, or an IP subnet to discover devices and credentials, RSA keys, or SSH fingerprints to authenticate the discovered devices in the network.

Sets of rules that define subnets or ranges of IP addresses to scan for devices in your network.

DMI. In NSM, a common, secure management interface used by all device families. DMI is based on a common protocol and device-specific schemas for configuration, inventory management, logging, and status monitoring. DMI schemas can be updated without the need to upgrade NSM.

Displays information in NSM about individual devices, their configuration and connection status, and memory usage.

In NSM, component of the management system that handles communication between the GUI server and the device, collects data from the managed devices on your network, formats configuration information sent to your managed device, and consolidates log and event data.

Feature in Junos Space Network Management Platform to deploy a common configuration to multiple devices from the Junos Space user interface. You can access and configure all the configuration parameters for all devices supported on Junos Space Network Management Platform when you create the template. Before you deploy a device template to a device, you can assign the template to the device and validate the configuration in the template.

Software development method in which development and operations staff collaborate from design to release of new software and services. The purpose of the method is to optimize operational performance of the software, often with a goal of automating its development and deployment.

do not fragment (bit). One-bit flag in the IP datagram header that specifies if a datagram should be fragmented. A value of zero (0) indicates to fragment the datagram; a value of one (1) indicates not to fragment the datagram.

dynamic flow capture. Process of collecting packet flows that match a particular filter list to one or more content destinations using an on-demand control protocol that relays requests from one or more control sources.

Dynamic Host Configuration Protocol. Mechanism through which hosts using TCP/IP can obtain protocol configuration parameters automatically from a DHCP server on the network; allocates IP addresses dynamically so that they can be reused when no longer needed.

Mode in which a DHCP local server works with the Juniper Networks Session and Resource Control (SRC) software to provide an advanced subscriber configuration and management service. In equal access mode, the router enables access to non-PPP users. Non-PPP equal access requires the use of the E Series router DHCP local server and SRC software, which communicates with a RADIUS server.

Server that enables an E Series router not running DHCP relay or DHCP proxy server to monitor DHCP packets and keep information for subscribers based on their IP and MAC addresses. When this server application is used, all DHCP traffic to and from the external server is monitored by the router. The services provided by integrating the E Series router DHCP external server application with SRC software are similar to those provided when the DHCP local server is integrated with SRC software. This application is used with other features of the router to provide subscriber management.

Configuration settings sent within a DHCP message from a DHCP server to a DHCP client.

Configuration that enables the router to obtain an IP address from a DHCP server for a remote PPP client. Each virtual router (acting as a DHCP proxy client) can query up to five DHCP servers. For PPP users, the router acts as a DHCP client to obtain an address for the user.

Enhanced component of DHCP relay that manages host routes for DHCP clients, including selecting the single most appropriate offer from multiple DHCP servers.

Enhancement to the E Series router's DHCP relay component that manages host routes for DHCP clients, including selecting the single most appropriate offer from multiple DHCP servers. Also known as relay proxy.

Host that provides an IP address and configuration settings to a DHCP client. A J Series or an SRX Series device is a DHCP server.

Mode in which the DHCP local server operates as a basic DHCP server. Clients are not authenticated by default; however, you can optionally configure the DHCP local server to use AAA authentication for the incoming clients.

DHCP process that implements the DHCP client, allowing the device to obtain IP addresses from the network DHCP server, set other configuration parameters, manage TCP/IP settings propagation, and display client-related information.

Deep Inspection. Firewall methodology that builds on the strength of stateful inspection, integrating intrusion prevention technology to provide application-level attack protection at the network perimeter. The DI firewall can efficiently perform network security functions as well as analysis on the application message to determine whether to accept or deny traffic.

Deep Inspection profile. Contains predefined attack object groups (created by Juniper Networks), and your own custom attack object groups. After creating the DI Profile, you add the Profile object in the Rule Option column of a firewall rule.

The section of the admin server that helps you diagnose and fix any faults with your Junos App Balancer setup.

DM. Qualcomm protocol specification and mechanism used to collect debug logs from Sierra 3G wireless modem firmware.

Feature that reestablishes network connectivity through one or more backup ISDN dialer interfaces after a primary interface fails. When the primary interface is reestablished, the ISDN interface is disconnected.

Feature that enables a device to receive calls from the remote end of a backup ISDN connection. The remote end of the ISDN call might be a service provider, a corporate central location, or a customer premises equipment (CPE) branch office. All incoming calls can be verified against caller IDs configured on the router’s dialer interface. See also callback.

Feature that provides a device with full-time connectivity across an ISDN line. When routes on a primary serial T1, E1, T3, E3, Fast Ethernet, or PPPoE interface are lost, an ISDN dialer interface establishes a backup connection. To save connection time costs, the Services Router drops the ISDN connection after a configured period of inactivity. Services Routers with ISDN interfaces support two types of dial-on-demand routing backup: on-demand routing with a dialer filter and dialer watch. See also dialer filter, dialer watch.

Route definition that contains the dial-out target, as well as a domain name and profile. The domain name is used in the initial Access Request message. The profile is used to create the IP/Point-to-Point Protocol (PPP) stack for the dial-out session.

Control entity for a triggered IP flow that is used to manage the establishment of an associated L2TP session for dial-out.

Virtual router context and an IP address prefix, for which the arrival of an IP packet (a dial-out trigger) initiates a dial-out session.

IP packet that initiates a dial-out session.

DNIS. If users have a called number associated with them, the router searches the domain map for the called number. If it finds a match, the router uses the matching domain map entry information to authenticate the user. If the router does not find a match, it searches the domain map using normal processing.

Stateless firewall filter that enables dial-on-demand routing backup when applied to a physical ISDN interface and its dialer interface is configured as a passive static route. The passive static route has a lower priority than dynamic routes. If all dynamic routes to an address are lost from the routing table and the router receives a packet for that address, the dialer interface initiates an ISDN backup connection and sends the packet over it. See also dial-on-demand routing (DDR) backup, floating static route.

Logical interface for configuring dialing properties and the control interface for a backup ISDN connection.

One or more physical interfaces that are associated with a dialer profile.

Set of characteristics configured for the ISDN dialer interface. Dialer profiles allow the configuration of physical interfaces to be separated from the logical configuration of dialer interfaces required for ISDN connectivity. This feature also allows physical and logical interfaces to be bound together dynamically on a per-connection basis.

Dial-on-demand routing (DDR) backup feature that provides reliable connectivity without relying on a dialer filter to activate the ISDN interface. The ISDN dialer interface monitors the existence of each route on a watch list. If all routes on the watch list are lost from the routing table, dialer watch initiates the ISDN interface for failover connectivity. See also dial-on-demand routing (DDR) backup.

direct inward dialing. Feature of a trunk line that allows incoming calls to be routed directly to selected stations without help from an attendant.

DiffServ. An architecture based on RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers,that provides assured forwarding and expedited forwarding by classifying packets into one of a small number of aggregated flows or traffic classes for which you can configure different QoS characteristics. The Juniper Networks QoS architecture extends DiffServ to support edge features such as high-density queuing. DiffServ uses the type-of-service (ToS) byte to identify different packet flows on a packet-by-packet basis. DiffServ adds a Class Selector code point (CSCP) and a Differentiated Services code point (DSCP).

DiffServ-aware. Paradigm that gives different treatment to traffic based on the experimental (EXP) bits in the MPLS label header and allows you to provide multiple classes of service.

DSCP, DiffServ code point. Values for a 6-bit field defined for IPv4 and IPv6 packet headers that can be used to enforce class-of-service (CoS) distinctions in routers.

Routers in a network that have Differentiated Services enabled.

Type of constraint-based routing that can enforce different bandwidth constraints for different classes of traffic. It can also do call admission control (CAC) on each traffic engineering class when a label-switched path (LSP) is established.

Feature of SSH that provides server authentication by protecting against hackers who interject mimics to obtain your password, so that you can be confident that you are connected to your own router. A method of key exchange whereby an algorithm negotiates a session key without sending the key itself across the network, by allowing each party to pick a partial key independently and send part of it to each other. Each side then calculates a common key value. This is a symmetrical method, and keys are typically used only for a short time, then discarded and regenerated.

Differentiated Services. An architecture based on RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers, that provides assured forwarding and expedited forwarding by classifying packets into one of a small number of aggregated flows or traffic classes for which you can configure different QoS characteristics. The Juniper Networks QoS architecture extends DiffServ to support edge features such as high-density queuing. DiffServ uses the type-of-service (ToS) byte to identify different packet flows on a packet-by-packet basis. DiffServ adds a Class Selector code point (CSCP) and a Differentiated Services code point (DSCP).

Differentiated Services-aware. Paradigm that gives different treatment to traffic based on the experimental (EXP) bits in the MPLS label header and allows you to provide multiple classes of service.

Electronic file based on private and public key technology that verifies the identity of the certificate’s holder to protect data exchanged online. Digital certificates are issued by a certificate authority (CA).

DS. Discontinuous signal used in direct sequence spread spectrum modulation, also known as direct sequence code division multiple access (DS-CDMA). DS-CDMA is one of two approaches to spread spectrum modulation for digital signal transmission over the airwaves. In direct sequence spread spectrum, the stream of information to be transmitted is divided into small pieces, each of which is allocated across to a frequency channel across the spectrum.

DS0. In T-carrier systems, a basic digital signaling rate of 64 Kbps. The DS0 rate forms the basis for the North American digital multiplex transmission hierarchy.

DS1. In T-carrier systems, a digital signaling rate of 1.544 Mbps. A standard used in telecommunications to transmit voice and data between devices. See also T1.

DS3. In T-carrier systems, a digital signaling rate of 44.736 Mbps. This level of carrier can transport 28 DS1 level signals and 672 DS0 level channels within its payload. See also T3.

DSA. Cryptographic standard used for authenticating electronic documents, much as a written signature verifies the authenticity of a paper document.

DSL. Technology that increases the digital capacity of standard telephone lines into the home or office and provides always-on Internet operation. See also ADSL, SDSL.

DSLAM. Network device directly connected to subscriber premises that handles the copper termination and aggregates traffic into a higher-speed uplink. The output from a DSLAM is fed into the router through a DS3 or OC3 link.

Algorithm used by IS-IS and OSPF to make routing decisions based on the state of network links. Also known as shortest path first (SPF).

dual inline memory module. A 168-pin memory module that supports 64-bit data transfer.

direct inward and outward dialing. Feature of a trunk line that allows both incoming and outgoing calls to be routed directly without help from an attendant. See also DID, DOD.

DIOD. Feature of a trunk line that allows both incoming and outgoing calls to be routed directly without help from an attendant. See also DID, DOD.

DID. Feature of a trunk line that allows incoming calls to be routed directly to selected stations without help from an attendant.

DOD. Feature of a trunk line that allows outgoing calls to be routed directly to selected stations without help from an attendant.

Routes that are in the routing table because an interface has been configured with an IP address. Also known as interface routes.

First authentication or accounting server that you configure in RADIUS. This server is treated as the primary authentication or accounting server, the next server configured is the secondary, and so on. See also round-robin server access.

DSR. In Juniper Networks Media Flow Controller, a method of handling TCP traffic using a proxy.

In NSM, a command sent to managed devices. Directives include importing, updating, rebooting, and so on. When a command is sent to a device or group of devices, NSM creates a job for that command and displays information about that job in the NSM Job Manager.

designated intermediate system. An IS-IS router that is elected by priority on an interface basis. In the case of a tie, the router with the highest MAC address becomes the DIS. DIS is analogous to the designated router in OSPF, although the election process and adjacencies within multiaccess media differ significantly. DIS assists broadcast routers to synchronize their IS-IS databases.

Method of modifying the router’s active configuration. When portions of the hierarchy are marked as disabled (mainly router interfaces), the router uses the configuration but ignores the disabled portions.

A node in a pool that is not used—it is not monitored, and no traffic is sent to it. Disabling a node is an alternative to removing the node from the pool, but disabling it allows it to be reinstated more easily.

Junos OS syntax command used in a routing policy or a firewall filter. The command halts the logical processing of the policy or filter when a set of match conditions is met. The specific route or IP packet is dropped from the network silently. It can also be a next-hop attribute assigned to a route in the routing table.

DE. In a Frame Relay network, a header bit that notifies devices on the network that traffic can be dropped during congestion to ensure the delivery of higher priority traffic (those without the DE bit set).

DMT. Modulation method used by VDSL2 for separating a digital subscriber line signal so that the usable frequency range is divided into 256 frequency bands (or channels) of 4.3125 KHz each.

Memory device (stick) that plugs into a USB port to load a complete Junos OS configuration with VoIP onto a Services Router. You must first use an Electronic Preinstallation Worksheet (EPW) to download the configuration to the disk-on-key device. The EPW and disk-on-key device provide an alternative method to configure the router for VoIP.

DVMRP. Dynamically generates IP multicast delivery trees using a technique called reverse-path multicasting (RPM) to forward multicast traffic to downstream interfaces. An interior gateway protocol (IGP) that supports operations within an autonomous system (AS), but not between ASs. The multicast backbone of the Internet uses DVMRP to forward multicast datagrams. DVMRP is a dense-mode multicasting protocol and therefore uses a broadcast-and-prune mechanism. See also dense mode.

Method used in Bellman-Ford routing protocols to determine the best path to all routers in the network. Each router determines the distance (metric) to the destination and the vector (next hop) to follow.

One of two major dynamic routing classes, requires each router to inform its neighbors of its routing table. For each network path, the receiving router picks the neighbor advertising the lowest metric, then adds this entry into its routing table for readvertisement. This method has less computational complexity and less message overhead than the other major class (link-state routing).

DCE. An industry-standard software technology for setting up and managing computing and data exchange in a system of distributed computers. DCE is typically used in a large client/server network of computing systems that include servers of different sizes, scattered geographically. With DCE, application users can share applications and data at remote servers. Application programmers don't need to be aware of where their programs will run or where the data will be located.

DDoS. Attack, typically a flood, from multiple source points. A DDoS attack can be more effective in disrupting services than a DoS, because the flood of incoming attacks are coming from multiple sources.

Denial-of-service attack that uses multiple source addresses to scan ports on a network.

List that controls routing information that is accepted or transmitted to peer routers. Distribution lists always use access lists to identify routes for distribution. For example, distribution lists can use access lists to specify routes to advertise. See also access lists.

data-link connection identifier. 10-bit channel number attached to data frames to inform a Frame Relay network how to route the data in a Frame Relay virtual connection (a logical interface).

data link switching. Method of tunneling IBM System Network Architecture (SNA) and NetBIOS traffic over an IP network, used because Junos OS does not support NetBIOS. See also tunneling protocol.

Path formed by establishing data link control (DLC) connections between an end system and a local router configured for DLSw. Each DLSw circuit is identified by the circuit ID that includes the end system method authenticity code (MAC) address, local service access point (LSAP), and DLC port ID. Multiple DLSw circuits can operate over the same DLSw connection.

Set of TCP connections between two DLSw peers that is established after the initial handshake and successful capabilities exchange.

• data model. In NSM, an XML file that contains configuration data for an individual device and is stored in the NSM Device Server. When you create, update, or import a device, the GUI Server edits the Abstract Data Model (ADM) to reflect the changes, then translates that information to the DM.

• Diagnostic Mode. Qualcomm protocol specification and mechanism used to collect debug logs from Sierra 3G wireless modem firmware.

Device Management Interface. In NSM, a common, secure management interface used by all device families. DMI is based on a common protocol and device-specific schemas for configuration, inventory management, logging, and status monitoring. DMI schemas can be updated without the need to upgrade NSM.

discrete multitone. Modulation method used by VDSL2 for separating a digital subscriber line signal so that the usable frequency range is divided into 256 frequency bands (or channels) of 4.3125 KHz each.

demilitarized zone. Physical or logical subnet used as an additional layer of security between an organization’s network and an untrusted network (often the Internet); a neutral zone used to secure a network from external access. An attacker only has access to equipment in the DMZ.

dialed number identification service. If users have a called number associated with them, the router searches the domain map for the called number. If it finds a match, the router uses the matching domain map entry information to authenticate the user. If the router does not find a match, it searches the domain map using normal processing.

Domain Name System. A system that stores information about hostnames and domain names. It provides an IP address for each hostname and lists the e-mail exchange servers accepting e-mail addresses for each domain.

Repair process performed by the Domain Name System (DNS) Application Layer Gateway (ALG) to address issues related to Network Address Translation (NAT). DNS provides name-to-address mapping within a routing class, whereas NAT attempts to provide transparent routing between hosts in disparate address realms of the same routing class. As a result, NAT can cause some DNS issues that the DNS ALG must handle through the DNS doctoring process. The process translates a public address (the routable or mapped address) in a DNS reply to a private address (the real address) when the DNS client is on a private interface and translates a private address to a public address when the DNS client is on the public interface. DNS doctoring also involves parsing DNS packets and performing sanity checks. See also DNS, NAT.

Domain Name System-Application Level Gateway. Facilitates name-to-address mapping over bidirectional NAT or twice NAT.

DF. One-bit flag in the IP datagram header that specifies if a datagram should be fragmented. A value of zero (0) indicates to fragment the datagram; a value of one (1) indicates not to fragment the datagram.

Software container platform that is used to package and run applications as lightweight, portable containers.

DTD. Defines the elements and structure of an Extensible Markup Language (XML) document or data set.

direct outward dialing. Feature of a trunk line that allows outgoing calls to be routed directly to selected stations without help from an attendant.

• Logical grouping of devices, policies, and access privileges that can also contain templates, objects, VPNs, administrators, activities, authentication servers, and groups—a representation of all or a subset of the physical devices and functionality on a network. The domain at a level above a domain is the parent domain, and the domain at a level below a domain is the child domain. Domains at the same level are considered peer domains. Also refers to a collection of routers that use a common interior gateway protocol (IGP).

• Name in a network address that identifies the type of entity owning the address (for example, .com for commercial users or .edu for educational institutions) or the geographical location of the address (for example, .fr for France or .sg for Singapore). The domain is the last element of the address (for example, www.acm.org).

In NMS, the pull-down menu above the navigation tree where domains and subdomains are selected.

DNS. A system that stores information about hostnames and domain names. It provides an IP address for each hostname and lists the e-mail exchange servers accepting e-mail addresses for each domain.

DNS-ALG. Facilitates name-to-address mapping over bidirectional NAT or twice NAT.

DSP. Section of the Network Service Access Point (NSAP) address that uniquely identifies a system on the network.

denial of service. System security breach in which network services become unavailable to users.

denial-of-service attack. Any attempt to deny valid users access to network or server resources by using up all the resources of the network element or server. Typically, an attacker sends a flood of information to overwhelm a service system’s resources, causing the server to ignore valid service requests.

Method of label distribution whereby MPLS devices do not signal a FEC-to-label binding until requested to do so by an upstream device. Downstream on demand conserves labels by not binding until needed, and the label-switching router (LSR) receives label bindings (also known as label mappings) from a neighbor that is the next hop to a destination. It is used when RSVP is the signaling protocol. See also downstream unsolicited, independent control, ordered control.

Label distribution method whereby MPLS devices do not wait for a request from an upstream device before signaling FEC-to-label bindings. As soon as the LSR learns a route, it sends a binding for that route to all peer LSRs, both upstream and downstream. Downstream unsolicited does not conserve labels, because an LSR receives label mappings from neighbors that might not be the next hop for the destination; it is used by BGP or LDP when adjacent peers are configured to use the platform label space. See also downstream on demand, independent control, ordered control.

Dense Port Concentrator. Network interface–specific card that can be installed in the router.

dead peer detection. Method that recognizes the loss of the primary IPsec Internet Key Exchange (IKE) peer and establishes a secondary IPsec tunnel to a backup peer. It is a keepalive mechanism that enables the E Series router to detect when communication to a remote IPsec peer has been disconnected. DPD enables the router to reclaim resources and to optionally redirect traffic to an alternate failover destination. If DPD is not enabled, traffic continues to be sent to the unavailable destination. Also known as IKE keepalive.

Data Plane Development Kit. Set of libraries and drivers used in the development of applications that perform fast processing of packets on industry-standard processors, such as x86 processors.

designated router.

• Router on a subnet that is selected to control multicast routes for the sources and receivers on the subnet. If several routers are present, the selected DR is the router with the highest priority. If the DR priorities match, the router with the highest IP address is selected as the DR. The source’s DR sends PIM register messages from the source network to the rendezvous point (RP). The receiver’s DR sends PIM join and PIM prune messages from the receiver network toward the RP.

• In OSPF, a router, selected by other routers, that is responsible for sending link-state advertisements (LSAs) that describe the network, thereby reducing the amount of network traffic and the size of the topology databases maintained on the other routers.

A node in a pool that is being sent no new connections. When all existing connections and sessions to this node have expired, it can safely be removed from the pool.

Percentage value that expresses the likelihood that an individual packet will be dropped from the network. See also drop profile.

Template that defines parameters that allow packets to be dropped from the network, controlling the dropping behavior of a set of egress queues. The profile defines the range within the queue where random early detection (RED) operates, the maximum percentage of packets to drop, and the sensitivity to bursts of packets. Weighted random early detection (WRED) is an extension to RED that enables an administrator to assign different RED drop profiles to each color of traffic. When you configure drop profiles, there are two important values: the queue fullness and the drop probability. See also drop probability, queue fullness, RED.

• Differentiated Services (field). The IPv4 header ToS octet or the IPv6 Traffic Class octet used to mark packets to enable differentiated services. See also DiffServ.

• digital signal. Discontinuous signal used in direct sequence spread spectrum modulation, also known as direct sequence code division multiple access (DS-CDMA). DS-CDMA is one of two approaches to spread spectrum modulation for digital signal transmission over the airwaves. In direct sequence spread spectrum, the stream of information to be transmitted is divided into small pieces, each of which is allocated across to a frequency channel across the spectrum.

dual-stack Border Gateway Protocol. Router that runs both the IPv4 and the IPv6 protocol stack. DS-BGP routers are typically used to connect IPv6 islands across IPv4 clouds.

digital signal level 0. In T-carrier systems, a basic digital signaling rate of 64 Kbps. The DS0 rate forms the basis for the North American digital multiplex transmission hierarchy.

digital signal level 1. In T-carrier systems, a digital signaling rate of 1.544 Mbps. A standard used in telecommunications to transmit voice and data between devices. See also T1.

digital signal level 3. In T-carrier systems, a digital signaling rate of 44.736 Mbps. This level of carrier can transport 28 DS1 level signals and 672 DS0 level channels within its payload. See also T3.

Digital Signature Algorithm. Cryptographic standard used for authenticating electronic documents, much as a written signature verifies the authenticity of a paper document.

destination service access point. Identifies the destination for which a logical link control protocol data unit (LPDU) is intended.

Differentiated Services code point, DiffServ code point. Values for a 6-bit field defined for IPv4 and IPv6 packet headers that can be used to enforce class-of-service (CoS) distinctions in routers.

dynamic subscriber interface. Associated with a primary IP interface and dynamically created in response to an external event, such as packet detection or a DHCP event.

digital subscriber line. Technology that increases the digital capacity of standard telephone lines into the home or office and provides always-on Internet operation. See also ADSL, SDSL.

digital subscriber line access multiplexer. Network device directly connected to subscriber premises that handles the copper termination and aggregates traffic into a higher-speed uplink. The output from DSLAMs is fed into the router through a DS3 or OC3 link.

domain-specific part. Section of the Network Service Access Point (NSAP) address that uniquely identifies a system on the network.

• data set ready. One of the control signals on a standard RS-232C connector that indicates whether the DCE is connected and ready to start.

• direct server return. In Juniper Networks Media Flow Controller, a method of handling TCP traffic using a proxy.

data service unit. Device used to connect a DTE to a digital phone line. DSU converts digital data from a router to voltages and encoding required by the phone line. See also CSU/DSU.

Dynamic Tasking Control Protocol. Means of communicating filter requests and acknowledgments between one or more clients and a monitoring platform, used in dynamic flow capture (DFC) and flow-tap configurations. The protocol is defined in Internet draft draft-cavuto-dtcp-00.txt, DTCP, Dynamic Tasking Control Protocol.

document type definition. Defines the elements and structure of an Extensible Markup Language (XML) document or data set.

data terminal equipment. RS-232-C interface that a computer uses to exchange information with a serial device, such as a computer, host, or terminal, that communicates with DCE. At the terminal end of a data transmission, DTE comprises the transmit and receive equipment. See also DCE.

data terminal ready signal. Sent over a dedicated wire (RS-232 connection) from a computer (or terminal) to a transmission device to indicate that the computer is ready to receive data.

DIMM. A 168-pin memory module that supports 64-bit data transfer.

Method of managing guest network function (GNF) life cycle by using two touchpoints. In this method, a software-defined networking (SDN) controller (for example, OpenDaylight or ODL) sends RPCs to, and receive responses from, Juniper Device Manager (JDM) and the base system (BSYS) separately.

Two process execution systems located on the same physical processor. The dual-core processor architecture enables faster computing speed and greater data throughput.

DS-BGP. Router that runs both the IPv4 and the IPv6 protocol stack. DS-BGP routers are typically used to connect IPv6 islands across IPv4 clouds.

Transmission and reception of signals in both directions. See also full-duplex mode, half-duplex mode.

In RADIUS, a server that sends the accounting information to a particular router. You might use duplicate accounting to send the accounting information to a customer’s accounting server. See also broadcast accounting server.

Distance Vector Multicast Routing Protocol. Dynamically generates IP multicast delivery trees using a technique called reverse-path multicasting (RPM) to forward multicast traffic to downstream interfaces. An interior gateway protocol (IGP) that supports operations within an autonomous system (AS), but not between ASs. The multicast backbone of the Internet uses DVMRP to forward multicast datagrams. DVMRP is a dense-mode multicasting protocol and therefore uses a broadcast-and-prune mechanism. See also dense mode.

Allow the exchange of IP multicast traffic between routers separated by networks that do not support multicast routing.

dense wavelength division multiplexing. Technology that enables data from different sources to be carried together on an optical fiber, with each signal carried on its own separate wavelength.

data exchange interface. Specification developed by the switched megabit data services (SMDS) interest group to define the interaction between internetworking devices and CSUs/DSUs that are transmitting over an SMDS access line.

Dynamic call admission control application that blocks calls on a WAN interface when the bandwidth is exhausted. See also CAC.

Mechanism that temporarily prevents an ATM 1483 subinterface from autodetecting, accepting, and creating dynamic interface columns for a configurable time period.

Data set that contains all of the potential dynamic creative assets (such as headlines, logos, and images) to tailor content to the viewer on every single impression. Dynamic feeds enable you to update content easily and quickly, without having to update the creative assets.

DFC. Process of collecting packet flows that match a particular filter list to one or more content destinations using an on-demand control protocol that relays requests from one or more control sources.

DHCP. Mechanism through which hosts using TCP/IP can obtain protocol configuration parameters automatically from a DHCP server on the network; allocates IP addresses dynamically so that they can be reused when no longer needed.

Type of interface created through an external event, typically through the receipt of data over a lower-layer link, such as an ATM virtual circuit. The layers of a dynamic interface are created based on the packets received on the link and can be configured through RADIUS authentication, profiles, or a combination of RADIUS authentication and profiles. See also static interface.

MPLS network path established by signaling protocols such as RSVP and LDP.

Mechanism that enables the router to vary queue thresholds based on the amount of egress buffer memory in use. See also bandwidth oversubscription, static oversubscription.

Method that adjusts to changing network circumstances by analyzing incoming routing update messages. If a message indicates that a network change has occurred, the routing software recalculates routes and sends out new routing update messages, using different routes, based on current conditions of communications circuits. There are two common forms of dynamic routing: distance vector routing and link state routing.

DSI. Associated with a primary IP interface and dynamically created in response to an external event, such as packet detection or a DHCP event.

DTCP. Means of communicating filter requests and acknowledgments between one or more clients and a monitoring platform, used in dynamic flow capture (DFC) and flow-tap configurations. The protocol is defined in Internet draft draft-cavuto-dtcp-00.txt, DTCP: Dynamic Tasking Control Protocol.

One of two NAT methods used to assign a translated IP address. This method uses access list rules and NAT address pools. Use it when you want the NAT router to initiate and manage address translation and session flows between address realms on demand.

Module that supports dynamic tunnel-server ports. It provides both tunnel services and regular access services. Also known as shared tunnel-server module.

Type of virtual private network (VPN) that allows administrators to provide IPsec access to a gateway on a branch SRX Series device while also providing a way to distribute VPN software to remote clients through a secure Web portal. Also known as remote access VPN and IPsec VPN client.

European carrier. Standards that form part of the Synchronous Digital Hierarchy (SDH), in which groups of E1 circuits are bundled onto higher-capacity E3 links between telephone exchanges or countries. E-carrier standards are used just about everywhere in the world except North America and Japan, and are incompatible with the T-carrier standards.

EXP-inferred PSC-LSP. One of two types of LSPs used by MPLS to support differentiated services. The EXP field of the MPLS shim header is used to determine the per-hop behavior applied to the packet. See also L-LSP, shim header.

Evolved Universal Terrestrial Radio Access Network. Radio access network standard. E-UTRAN is a new air interface system. It provides higher data rates and lower latency and is optimized for packet data. It uses orthogonal frequency-division multiple access (OFDMA) for the downlink and single-carrier frequency-division multiple access (SC-FMDA) for the uplink.

High-speed WAN digital communication protocol that operates at a rate of 2.048 Mbps.

High-speed WAN digital communication protocol that operates at a rate of 34.368 Mbps and uses time-division multiplexing to carry 16 E1 circuits.

Common Criteria Evaluation Assurance Level 3. Compliance requirement defined by Common Criteria. Higher levels have more stringent requirements. See also Common Criteria.

Extensible Authentication Protocol. Industry standard for network access that acts as a transport for multiple authentication methods or types. Defined by RFC 2284, PPP Extensible Authentication Protocol (EAP).

EPD. For ATM2 interfaces only, a limit on the number of transmit packets that can be queued. Packets that exceed the limit are dropped. See also queue length.

External Border Gateway Protocol, external BGP. Configuration in which sessions are established between routers in different autonomous systems (ASs).

External Border Gateway Protocol session. Session between two BGP speakers that are in different autonomous systems. EBGP sessions typically exist between peers that are physically connected. See also IBGP session.

error checking and correction, error-checking code. Process of detecting errors during the transmission or storage of digital data and correcting them automatically. This usually involves sending or storing extra bits of data according to specified algorithms.

equal-cost multipath. Traffic load-balancing feature that enables traffic to the same destination to be distributed over multiple paths that have the same cost.

Encryption Control Protocol. Responsible for configuring and enabling data encryption algorithms on both ends of a PPP link.

Exchange Carriers Standards Association. Organization created after the divestiture of the Bell System to represent the interests of interexchange carriers.

Appliance between the Internet and the end user, nearer to the end user, that caches and delivers content such as Java scripts, common channel signaling (CSS), images, and so on. This frees up webservers for other processes. When Media Flow Controller is used as an edge cache, it is effectively a “reverse proxy,” that provides these benefits: reduces the network and CPU load on an origin server by servicing previously retrieved content, and enhances the user experience due to a decrease in latency.

In MPLS, the router located at the beginning or end of a label-switching tunnel. When at the beginning of a tunnel, it applies labels to new packets entering the tunnel. When at the end of a tunnel, it removes labels from packets exiting the tunnel. See also MPLS.

Emacs. Shortcut keystrokes used within the router’s command-line interface (CLI). These macros move the cursor and delete characters based on the sequence you specify.

electrically erasable programmable read-only memory. Chip used to store small amounts of configuration data.

Result of a weight or an assured rate. Users configure the scheduler node by specifying either an assured rate or a weight within a scheduler profile. An assured rate, in bits per second, is translated into a weight, referred to as an effective weight.

exterior gateway protocol. Distributes routing information to routers that connect separate autonomous systems. See also IGP, BGP.

Outbound, referring to packets exiting a device. See also ingress.

In MPLS, the last router in a label-switched path (LSP). See also ingress router.

Electronic Industries Association. United States trade group that represents manufacturers of electronic devices and sets standards and specifications.

Serial interface that employs the EIA-530 standard for the interconnection of DTE and DCE equipment.

equipment identity register. Mobile network database that contains information about devices using the network.

EEPROM. Chip used to store small amounts of configuration data.

EMI. Any electromagnetic disturbance that interrupts, obstructs, or otherwise degrades or limits the effective performance of electronics or electrical equipment.

EIA. United States trade group that represents manufacturers of electronic devices and sets standards and specifications.

EPW. Customized Microsoft Excel spreadsheet used with a disk-on-key USB memory stick to configure VoIP on a Services Router. You download the EPW from an Avaya website.

ESN. Standardized code that uniquely identifies a mobile device. It can be printed on the device and is also digitally assigned to the device’s firmware, and can be displayed by using a command such as show modem wireless interface firmware.

ESD. Stored static electricity that can damage electronic equipment and impair electrical circuitry when released.

ESD wrist strap. Strap with a metal contact that is tied to the user’s wrist in order to channel static electricity to a proper ground when the user handles sensitive computer equipment.

EMS. Web-based or other GUI for managing a specific network device.

editor macros. Shortcut keystrokes used within the router’s command-line interface (CLI). These macros move the cursor and delete characters based on the sequence you specify.

Software used by a router to operate the physical router components.

Special-purpose computer system designed to perform one or a few dedicated functions, usually embedded as part of a complete device that includes hardware and mechanical parts.

ETR. Feature that provides an emergency link between the telephone connected to the first line port on the TGM550 and the trunk connected to the trunk port on the TGM550 if power is disconnected from the Services Router or if the TGM550 becomes unregistered from its Media Gateway Controller (MGC).

electromagnetic interference. Any electromagnetic disturbance that interrupts, obstructs, or otherwise degrades or limits the effective performance of electronics or electrical equipment.

Element Management System. Web-based or other GUI for managing a specific network device.

ESP. Protocol for securing packet flows for IPsec using encryption, data integrity checks, and sender authentication, which are added as a header to an IP packet. If an ESP packet is successfully decrypted, and no other party knows the secret key the peers share, the packet was not wiretapped in transit. See also AH.

Process of changing data into a form that can be read only by the intended receiver. A software mechanism that makes data confidential by making it unreadable to everyone except the sender and the intended recipient. The receiver of the encrypted message must have the correct decryption key to decipher the message.

ECP. Responsible for configuring and enabling data encryption algorithms on both ends of a PPP link.

ES. Any nonrouting network node or host in OSI internetworking. See also intermediate system.

ES-IS. Protocol that resolves Layer 3 ISO network service access points (NSAPs) to Layer 2 addresses. ES-IS resolution is similar to the way ARP resolves Layer 2 addresses for IPv4.

The designation for an end user computer that accesses an IC Series device. An endpoint uses client software to access the device.

LCP negotiation option that identifies the system or device transmitting the packet.

ESAP. Secure Access (SA) plug-in that checks third-party applications on endpoints for compliance with the predefined rules you configure in a Host Checker policy.

ETS. Mechanism that provides finer granularity of bandwidth management within a link.

Evolved Node B. Device connected to the mobile phone network that communicates directly with mobile handsets, such as a base transceiver station in Global System for Mobile Communications (GSM) networks. An eNodeB is controlled by a radio network controller (RNC).

SNMP term for a MIB defined by a single vendor. In addition to providing consistency of management data representation across that vendor’s product line, the enterprise MIB also accounts for proprietary functions and value-added features not addressed by standard MIBs.

evolved packet core. Main component of System Architecture Evolution (SAE). The EPC supports the IP network and serves as the equivalent of a General Packet Radio Service (GPRS) network by using the mobility management entity (MME), Serving Gateway (SGW), and Packet Data Network Gateway (PGW) subcomponents. Also known as SAE core.

early packet discard. For ATM2 interfaces only, a limit on the number of transmit packets that can be queued. Packets that exceed the limit are dropped. See also queue length.

Electronic Preinstallation Worksheet. Customized Microsoft Excel spreadsheet used with a disk-on-key USB memory stick to configure VoIP on a Services Router. You download the EPW from an Avaya website.

Mode in which a DHCP local server works with the Juniper Networks Session and Resource Control (SRC) software to provide an advanced subscriber configuration and management service. In equal access mode, the router enables access to non-PPP users. Non-PPP equal access requires the use of the E Series router DHCP local server and SRC software, which communicates with a RADIUS server. Also known as DHCP equal access mode.

ECMP. Traffic load-balancing feature that enables traffic to the same destination to be distributed over multiple paths that have the same cost.

EIR. Mobile network database that contains information about devices using the network.

Explicit Route Object. Extension to RSVP that allows an RSVP PATH message to traverse an explicit sequence of routers that is independent of conventional shortest-path IP routing.

ECC, error-checking code. Process of detecting errors during the transmission or storage of digital data and correcting them automatically. This usually involves sending or storing extra bits of data according to specified algorithms.

A file sent to the client when no nodes are available to respond to its request. Error files are set up on a per-pool basis.

ECC, error checking and correction. Process of detecting errors during the transmission or storage of digital data and correcting them automatically. This usually involves sending or storing extra bits of data according to specified algorithms.

Frame with one or more bits with errors. This frame will be dropped at the next Ethernet node and become a lost frame.

Period of a second with one or more errored or lost frames.

end system. Any nonrouting network node or host in OSI internetworking. See also intermediate system.

End System-to-Intermediate System. Protocol that resolves Layer 3 ISO network service access points (NSAPs) to Layer 2 addresses. ES-IS resolution is similar to the way ARP resolves Layer 2 addresses for IPv4.

Endpoint Security Assessment Plug-in. Secure Access (SA) plug-in that checks third-party applications on endpoints for compliance with the predefined rules you configure in a Host Checker policy.

electrostatic discharge. Stored static electricity that can damage electronic equipment and impair electrical circuitry when released.

electrostatic discharge wrist strap. Strap with a metal contact that is tied to the user’s wrist in order to channel static electricity to a proper ground when the user handles sensitive computer equipment.

Electronic Serial Number. Standardized code that uniquely identifies a mobile device. It can be printed on the device and is also digitally assigned to the device’s firmware, and can be displayed by using a command such as show modem wireless interface firmware.

Encapsulating Security Payload. Protocol for securing packet flows for IPsec using encryption, data integrity checks, and sender authentication, which are added as a header to an IP packet. If an ESP packet is successfully decrypted, and no other party knows the secret key the peers share, the packet was not wiretapped in transit. See also AH.

extended service set identifier. Identifier of a service set that consists of all the building-block service sets (known as basic service sets) in a given network. See also SSID and BSSID.

BGP neighbor state that represents a fully functional BGP peering session.

Enterprise-level software hypervisors from VMware that do not need an additional operating system to run on host server hardware.

Local area network (LAN) technology used for transporting information from one location to another, formalized in the IEEE standard 802.3. Ethernet uses either coaxial cable or twisted-pair cable. Transmission speeds for data transfer range from the original 10 Mbps (10BaseT), to Fast Ethernet at 100 Mbps, to Gigabit Ethernet at 1000 Mbps.

Process that enables grouping of Ethernet interfaces at the Physical Layer to form a single Link Layer interface. Also known as 802.3ad link aggregation, link aggregation group (LAG), LAG bundle.

As defined in IEEE 802.3X, a flow control mechanism that temporarily stops the transmission of Ethernet frames on a link for a specified period. A receiving element sends an Ethernet PAUSE frame when a sender transmits data faster than the receiver can accept it. Ethernet PAUSE affects the entire link, not just an individual flow. An Ethernet PAUSE frame temporarily stops all traffic transmission on the link.

EVPN. Type of VPN that enables you to connect a group of dispersed customer sites by using a Layer 2 virtual bridge. As with other types of VPNs, an EVPN comprises customer edge (CE) devices (routers or switches) connected to provider edge (PE) devices. The PE devices can include an MPLS edge switch that acts at the edge of the MPLS infrastructure.

emergency transfer relay. Feature that provides an emergency link between the telephone connected to the first line port on the TGM550 and the trunk connected to the trunk port on the TGM550 if power is disconnected from the Services Router or if the TGM550 becomes unregistered from its Media Gateway Controller (MGC).

enhanced transmission selection. Mechanism that provides finer granularity of bandwidth management within a link.

European Telecommunications Standardization Institute. Nonprofit organization that produces voluntary telecommunications standards used throughout Europe.

E-carrier. Standards that form part of the Synchronous Digital Hierarchy (SDH), in which groups of E1 circuits are bundled onto higher-capacity E3 links between telephone exchanges or countries. E-carrier standards are used just about everywhere in the world except North America and Japan, and are incompatible with the T-carrier standards.

ETSI. Nonprofit organization that produces voluntary telecommunications standards used throughout Europe.

Evolution Data Optimized. Telecommunications standard for transmitting data through radio signals.

In Junos App Balancer, an event is raised when a particular change or occurrence takes place, such as an IP address transfer or a node failure or recovery. All events are logged to the global event log.

Classification groups and severity levels for system events that can be used to track system changes. Severity levels (categories) include: Emergency, Alert, Critical, Error, Warning, Notice, Info, and Debug.

An event handler configures the actions that the Junos App Balancer should take when an event in the associated event type occurs.

event identifier. System log message code that uniquely identifies a system log message. The code begins with a prefix indicating the software process or library that generated the event.

The Junos App Balancer’s log of events within the Junos App Balancer. These are graded as INFO, WARN, SERIOUS, FATAL and so on, and can be viewed within the Diagnose pages.

Enables you to create trigger conditions, test those conditions, and determine which action to take when a trigger meets those conditions, for object integers accessible in the SNMP agent, making it possible to monitor any aspect of a device without defining specific notifications. See also event table (mteEventTable), objects table (mteObjectsTable), SNMP Server Event Manager, trigger table (mteTriggerTable).

eventd. Process that performs configured actions in response to events on a routing platform that trigger system log messages.

SNMP term for a table that defines which action you want a device to take when a trigger occurs. This action can be in the form of a notification, setting a specified MIB object, or both. The results of these actions are controlled within two subordinate MIB tables—notification and set. One of the three parts of the Event MIB. See also objects table (mteObjectsTable), trigger table (mteTriggerTable).

A set of events, grouped for administrative convenience. When any event in a particular event type occurs, the Junos App Balancer can run the actions associated with that event type.

Event policy process that performs configured actions in response to events on a routing platform that trigger system log messages.

system events. System changes that can be classified into log event categories and that can be used for tracking purposes.

EV-DO. Telecommunications standard for transmitting data through radio signals.

eNodeB. Device connected to the mobile phone network that communicates directly with mobile handsets, such as a base transceiver station in Global System for Mobile Communications (GSM) networks. An eNodeB is controlled by a radio network controller (RNC).

EPC. Main component of System Architecture Evolution (SAE). The EPC supports the IP network and serves as the equivalent of a General Packet Radio Service (GPRS) network by using the mobility management entity (MME), Serving Gateway (SGW), and Packet Data Network Gateway (PGW) subcomponents. Also known as SAE core.

E-UTRAN. Radio access network standard. E-UTRAN is a new air interface system. It provides higher data rates and lower latency and is optimized for packet data. It uses orthogonal frequency-division multiple access (OFDMA) for the downlink and single-carrier frequency-division multiple access (SC-FMDA) for the uplink.

Ethernet VPN. Type of VPN that enables you to connect a group of dispersed customer sites by using a Layer 2 virtual bridge. As with other types of VPNs, an EVPN comprises customer edge (CE) devices (routers or switches) connected to provider edge (PE) devices. The PE devices can include an MPLS edge switch that acts at the edge of the MPLS infrastructure.

Junos OS routing policy match type that represents only the route specified in a route filter.

In a rate-limit profile, an action that drops, transmits, marks (IP and IPv6), or marks-exp (MPLS) when traffic flow exceeds the rate. The mark value is not supported for hierarchical rate limits, and the transmit values conditional, unconditional, and final are supported only on hierarchical rate limits.

IP packet that is not processed by the normal packet flow through the Packet Forwarding Engine. Exception packets include local delivery information, expired TTL packets, and packets with an IP option specified.

OSPF adjacency state in which two neighboring routers are actively sending database description packets to each other to exchange their database contents.

ECSA. Organization created after the divestiture of the Bell System to represent the interests of interexchange carriers.

XOR. Logical operator (exclusive disjunction) in which the operation yields the result of true when one, and only one, of its operands is true.

CLI mode assigned to a user that determines which functions that user can perform when logged in to the system. See also Global Configuration mode, Privileged Exec mode, privileged level, User Exec mode.

Experimental bits, located in each MPLS label and used to encode the CoS value of a packet as it traverses an LSP. Also known as class-of-service (CoS) bits.

E-LSP. One of two types of LSPs used by MPLS to support differentiated services. The EXP field of the MPLS shim header is used to determine the per-hop behavior applied to the packet. See also L-LSP, shim header.

In traffic engineering, a specific, defined path determined using RSVP signaling. The Explicit Route Object carried in the packets contains the explicit path information. Also known as signaled path.

ERO. Extension to RSVP that allows an RSVP PATH message to traverse an explicit sequence of routers that is independent of conventional shortest-path IP routing.

Subset of constraint-based routing where the constraint is an explicit route: the route the LSP takes is defined by the ingress node.

Type of shared shaper in which you select the active constituents in a scheduler profile. A subset of the interface traffic is shaped to the shared rate. See also implicit shared shaper, shared shaping.

Placing of routes from the routing table into a routing protocol.

Route map applied to a VRF to modify or filter routes exported from the VRF to the global BGP VPN routing information base (RIB) in the parent virtual router (VR). See also import map.

When you have two or more virtual routers on a security device, you can configure export rules that define which routes on one virtual router are allowed to learned by another virtual router. See also import rules.

OSPF adjacency state in which the neighboring routers negotiate to determine which router is in charge of the synchronization process.

In a Junos fusion, the network-facing ports on satellite devices. See also cascade port, Junos fusion, satellite device.

ESSID. Identifier of a service set that consists of all the building-block service sets (known as basic service sets) in a given network. See also SSID and BSSID.

EAP. Industry standard for network access that acts as a transport for multiple authentication methods or types. Defined by RFC 2284, PPP Extensible Authentication Protocol (EAP).

XML. Used for defining a set of markers, called tags, that define the function and hierarchical relationships of the parts of a document or data set.

XPath. Standard used in XSLT to specify and locate elements in the input document’s XML hierarchy. XPath is fully described in the W3C specification at http://w3c.org/TR/xpath. Also known as XML Path Language.

XSLT. Standard for processing XML data developed by the World Wide Web Consortium (W3C). XSLT performs XML-to-XML transformations, turning an input XML hierarchy into an output XML hierarchy. The XSLT specification is on the W3C website at http://www.w3c.org/TR/xslt.

EGP. Distributes routing information to routers that connect separate autonomous systems. See also IGP, BGP.

EBGP, external BGP. Configuration in which sessions are established between routers in different autonomous systems (ASs).

EBGP session. Session between two BGP speakers that are in different autonomous systems. EBGP sessions typically exist between peers that are physically connected. See also IBGP session.

XDR. Standard for the description and encoding of data. XDR can be used to transfer data between computers.

Cost included in a route when OSPF exports route information from external autonomous systems. There are two types of external metrics: Type 1 and Type 2. Type 1 external metrics are equivalent to the link-state metric; that is, the cost of the route, used in the internal autonomous system. Type 2 external metrics are greater than the cost of any path internal to the autonomous system.

Two BGP routers that are peers, and reside in two different autonomous systems.

Private network that connects two or more intranets, allowing secure sharing of a part of a business’s information with users outside the company, for example, allowing two or more companies or users to share resources and communicate over the Internet in their own virtual space. This technology greatly enhances business-to-business communications.

• Interconnection of network nodes using one or more network switches that function as a single logical entity.

• (of Linux servers) Python library and command-line tool for streamlining the use of SSH for application deployment or systems administration tasks.

Identify a packet as high or low priority based on its forwarding class, and associate schedulers with the fabric priorities.

FDL. Type of message that can be used to determine the status of a line and to display statistics for the remote end of a connection.

Group of system log messages that either are generated by the same software process (such as accounting statistics) or that concern a similar condition or activity (such as authentication attempts).

Process by which a standby or secondary system component automatically takes over the functions of an active or primary component when the primary component fails or is temporarily shut down or removed for servicing. During failover, the system continues to perform normal operations with little or no interruption in service. See also GRES, switchover.

In Junos App Balancer, if all the nodes in a pool should fail, requests are sent to its failure pool, if one is configured.

Any situation in which benign traffic causes an IDS (intrusion detection system) to generate an alert. Also known as false positive.

Any situation in which benign traffic causes an IDS (intrusion detection system) to generate an alert. Also known as false alert.

FEAC. T3 signal used to send alarm or status information from the far-end terminal back to the near-end terminal, and to initiate T3 loopbacks at the far-end terminal from the near-end terminal.

Term encompassing a number of Ethernet standards that carry traffic at the nominal rate of 100 Mbps, instead of the original Ethernet speed of 10 Mbps. See also Ethernet, Gigabit Ethernet.

Fast Ethernet port on a J4300 Services Router, and either a Fast Ethernet port or DS3 port on a J6300 Services Router. Only enabled ports are counted. A two-port Fast Ethernet PIM with one enabled port counts as one fast port. The same PIM with both ports enabled counts as two fast ports.

FRR. Mechanism for automatically rerouting traffic on an LSP if a node or link in an LSP fails, thus reducing the loss of packets traveling over the LSP. Also known as MPLS fast reroute (MPLS FRR).

In Junos App Balancer, the ability of a cluster or pool to cope with failure of one or more of its servers, without interruption to service.

FCAPS. ISO model that defines the categories for the functions of a network management system. Sometimes followed by the term management.

filter-based forwarding. Filter that classifies packets to determine their forwarding path within a router. FBF is used to redirect traffic for analysis. Also known as policy-based routing (PBR).

Fibre Channel. High-speed network technology used for storage area networks (SANs).

FCF. The two types of forwarders are:

• Fibre Channel switch that has all physical Fibre Channel ports and the necessary set of services as defined in the T11 Organization Fibre Channel Switched Fabric (FC-SW) standards.

• Device that has the necessary set of services defined in the T11 Organization Fibre Channel Switched Fabric (FC-SW) standards and which has the FCoE capabilities to act as an FCoE-based Fibre Channel switch, as defined by the Fibre Channel Backbone – 5 (FC-BB-5) Rev. 2.00 specification.

fault, configuration, accounting, performance, and security. ISO model that defines the categories for the functions of a network management system. Sometimes followed by the term management.

FC forwarder, FCoE forwarder. The two types of forwarders are:

• FC forwarder. Fibre Channel switch that has all physical Fibre Channel ports and the necessary set of services as defined in the T11 Organization Fibre Channel Switched Fabric (FC-SW) standards.

• FCoE forwarder. Device that has the necessary set of services defined in the T11 Organization Fibre Channel Switched Fabric (FC-SW) standards and which has the FCoE capabilities to act as an FCoE-based Fibre Channel switch, as defined by the Fibre Channel Backbone – 5 (FC-BB-5) Rev. 2.00 specification.

Fibre Channel over IP. IP-based storage networking technology developed by the IETF that overcomes the distance limitations of native Fibre Channel. With FCIP technology, Fibre Channel information is transmitted by tunneling data between geographically separated storage area networks (SANs) by using existing IP infrastructure, while keeping fabric services intact. Also known as Fibre Channel tunneling, storage tunneling. See also Fibre Channel, SAN.

Fibre Channel over Ethernet. Standard for transporting FC frames over Ethernet networks. FCoE encapsulates Fibre Channel frames in Ethernet so that the same high-speed Ethernet physical infrastructure can transport both data and storage traffic while preserving the lossless CoS that FC requires. FCoE servers connect to a switch that supports both FCoE and native FC protocols. This allows FCoE servers on the Ethernet network to access FC storage devices in the SAN fabric on one converged network

FCF. Device that has the necessary set of services defined in the T11 Organization Fibre Channel Switched Fabric (FC-SW) standards and which has the FCoE capabilities to act as an FCoE-based Fibre Channel switch, as defined by the Fibre Channel Backbone – 5 (FC-BB-5) Rev. 2.00 specification.

FIP. Layer 2 protocol that establishes and maintains Fibre Channel (FC) virtual links between pairs of FCoE devices such as server FCoE nodes (ENodes) and FC switches.

FIP snooping. Security feature enabled for FCoE VLANs on an Ethernet switch that connects FCoE nodes to Fibre Channel switches or FCFs. The two types of FIP snooping inspect data in FIP frames and use that data to create firewall filters that are installed on the ports in the FCoE VLAN. The filters permit only traffic from sources that perform a successful fabric login to the Fibre Channel switch. All other traffic on the VLAN is denied. FIP snooping can also provide additional visibility into FCoE Layer 2 operation.

Switch with a minimum set of features designed to support FCoE Layer 2 forwarding and FCoE security. The switch can also have optional additional features. Minimum feature support is:

• Priority-based flow control (PFC)

• Enhanced transmission selection (ETS)

• Data Center Bridging Capability Exchange (DCBX) protocol, including the FCoE application TLV

• FIP snooping (minimum support is FIP automated filter programming at the ENode edge)

A transit switch has a Fibre Channel stack even though it is not a Fibre Channel switch or an FC forwarder.

Fibre Channel over Ethernet VLAN. VLAN dedicated to carrying only FCoE traffic. FCoE traffic must travel in a VLAN. Only FCoE interfaces should be members of an FCoE VLAN. Ethernet traffic that is not FCoE traffic must travel in a different VLAN.

frame check sequence. Calculation added to a frame for error control. FCS is used in HDLC, Frame Relay, and other Data Link Layer protocols.

Fiber Distributed Data Interface. Set of ANSI protocols for sending digital data over fiber-optic cable. FDDI networks are token-passing networks, and support data rates of up to 100 Mbps (100 million bits). FDDI networks are typically used as backbones for wide area networks.

facilities data link. Type of message that can be used to determine the status of a line and to display statistics for the remote end of a connection.

far-end alarm and control. T3 signal used to send alarm or status information from the far-end terminal back to the near-end terminal, and to initiate T3 loopbacks at the far-end terminal from the near-end terminal.

Forwarding Engine Board. In M5 and M10 routers, provides route lookup, filtering, and switching to the destination port.

forwarding equivalence class. Set of packets with similar or identical characteristics that are forwarded in the same manner, on the same path, with the same forwarding treatment, and using the same MPLS label. FECs are defined in the base LDP specification and can be extended through the use of additional parameters. FECs are also represented in other label distribution protocols.

forward explicit congestion notification. In a Frame Relay network, a header bit transmitted by the source device requesting that the destination device slow down its requests for data. FECN and BECN minimize the possibility that packets will be discarded when more packets arrive than can be handled. See also BECN.

FIPS. Defines, among other things, security levels for computer and networking equipment. FIPS is usually applied to military environments.

Source from which a configurable threat feed originates. Configurable threat feeds provide actionable intelligence to policies about various types of threats. Juniper Networks Sky Advanced Threat Prevention (Sky ATP) is an example of a feed source. You can customize feed sources by adding IP addresses, domains, and URLs to your own lists.

forwarding information base. In the JunosE Software, the IP routing table. Referred to in the context of BGP.

FDDI. Set of ANSI protocols for sending digital data over fiber-optic cable. FDDI networks are token-passing networks, and support data rates of up to 100 Mbps (100 million bits). FDDI networks are typically used as backbones for wide area networks.

FC. High-speed network technology used for storage area networks (SANs).

Network of Fibre Channel devices that provides communication among devices, device name lookup, security, and redundancy.

FCoE. Standard for transporting FC frames over Ethernet networks. FCoE encapsulates Fibre Channel frames in Ethernet so that the same high-speed Ethernet physical infrastructure can transport both data and storage traffic while preserving the lossless CoS that FC requires. FCoE servers connect to a switch that supports both FCoE and native FC protocols. This allows FCoE servers on the Ethernet network to access FC storage devices in the SAN fabric on one converged network

FCoE VLAN. VLAN dedicated to carrying only FCoE traffic. FCoE traffic must travel in a VLAN. Only FCoE interfaces should be members of an FCoE VLAN. Ethernet traffic that is not FCoE traffic must travel in a different VLAN.

FCIP. IP-based storage networking technology developed by the IETF that overcomes the distance limitations of native Fibre Channel. With FCIP technology, Fibre Channel information is transmitted by tunneling data between geographically separated storage area networks (SANs) by using existing IP infrastructure, while keeping fabric services intact. Also known as Fibre Channel tunneling, storage tunneling. See also Fibre Channel, SAN.

FPGA. Semiconductor device that contains programmable logic components and interconnects. Also a category of hardware classifier.

FRU. Router component that customers can replace onsite.

first in, first out. Scheduling method in which the first data packet stored in the queue is the first data packet removed from the queue. All Junos OS interface queues operate in this mode by default.

Default behavior mode for E Series routers that contain redundant SRP modules, and available only to SRP modules. Characteristics of this mode include:

• Files and data in nonvolatile storage (NVS) remain synchronized between the primary (active) SRP module and standby SRP module.

• SRP modules reload all line modules and restart from saved configuration files.

• If the active SRP module switches over to the standby SRP, the router cold-restarts as follows: all line modules are reloaded; user connections are lost; forwarding through the chassis stops until the router SRP module recovers; the standby SRP module boots from the last known good configuration from NVS.

See also high availability mode, switchover.

FTP. Application protocol that is part of the TCP/IP stack model. Used for transferring files between network nodes. FTP is defined in RFC 959, File Transfer Protocol.

Process or device that screens packets based on certain characteristics, such as source address, destination address, or protocol, and forwards or discards packets that match the filter. Filters are used to control data packets or local packets. See also packet.

FBF. Filter that classifies packets to determine their forwarding path within a router. FBF is used to redirect traffic for analysis. Also known as policy-based routing (PBR).

FCoE Initialization Protocol. Layer 2 protocol that establishes and maintains Fibre Channel (FC) virtual links between pairs of FCoE devices such as server FCoE nodes (ENodes) and FC switches.

FCoE Initialization Protocol snooping. Security feature enabled for FCoE VLANs on an Ethernet switch that connects FCoE nodes to Fibre Channel switches or FCFs. The two types of FIP snooping inspect data in FIP frames and use that data to create firewall filters that are installed on the ports in the FCoE VLAN. The filters permit only traffic from sources that perform a successful fabric login to the Fibre Channel switch. All other traffic on the VLAN is denied. FIP snooping can also provide additional visibility into FCoE Layer 2 operation.

Federal Information Processing Standards. Defines, among other things, security levels for computer and networking equipment. FIPS is usually applied to military environments.

Federal Information Processing Standards (FIPS) 140-2 defines security levels for hardware and software that perform cryptographic functions. By meeting the applicable overall requirements within the FIPS standard, Juniper Networks M Series, MX Series, T Series, and PTX Series routers and EX Series switches running Junos OS in FIPS mode comply with the FIPS 140-2 Level 1 standard.

Virtual security appliance that provides security and networking services at the perimeter or edge in virtualized private or public cloud environments. Firefly Perimeter runs as a virtual machine (VM) on standard x86 servers. Renamed vSRX as of Junos OS Release 12.1X47-D20. See also vSRX.

Action performed by a security device when the device receives traffic that matches the direction, source, destination, and service. Firewall actions include permit, deny, reject.

Security gateway positioned between two networks, usually between a trusted network and the Internet. It is a means of controlling access to a network to protect it from misuse and malicious intent from other users (for example, denial-of-service attacks). A firewall ensures that all traffic that crosses it conforms to the organization's security policy. Firewalls track and control communications, deciding whether to pass, reject, discard, encrypt, or log them based on a defined set of security rules. A firewall, which can be either a physical or a virtual device, can also be used to secure sensitive portions of a local network.

At the firewall, a policy that evaluates the context of connections and permits or denies traffic based on the context, updating this information dynamically. Context includes IP source and destination addresses, port numbers, TCP sequencing information, and TCP connection flags. The context established in the first packet of a TCP session must match the context contained in all subsequent packets if a session is to remain active. Also known as access control list, authorization profile, packet filter. See also stateful firewall filter, stateless firewall filter.

Instructions and data programmed directly into the circuitry of a hardware device for the purpose of controlling the device. Firmware is used for vital programs that must not be lost when the device is powered off.

FIFO. Scheduling method in which the first data packet stored in the queue is the first data packet removed from the queue. All Junos OS interface queues operate in this mode by default.

FRS. Indicates that a product is released to production.

Method of reducing the number of update messages sent between BGP peers, thereby reducing the load on those peers without adversely affecting the route convergence time for stable routes. Also known as damping.

Condition of network instability where a route is announced and withdrawn repeatedly, often as the result of an intermittently failing link. Also known as route flapping.

FMS. An Adobe Systems proprietary data and media server that works with the Flash Player runtime application to create media-driven, multiuser rich Internet applications (RIAs).

Technique to temporarily provide additional capacity on a link to handle bursts in data, videoconferencing, or other variable bit rate applications. Also known as bandwidth on demand.

FPC. An interface concentrator on which physical interface cards (PICs) are mounted. An FPC is inserted into a slot in a Juniper Networks router. See also PIC.

Route with an administrative distance greater than the administrative distance of the dynamically learned versions of the same route. The static route is used only when the dynamic routes are no longer available. When a floating static route is configured on an interface with a dialer filter, the interface can be used for backup.

Method of forwarding multicast data packets in a dense-mode network. Flooding and pruning occur every 3 minutes.

Distribution and synchronization of the link-state database between OSPF routers.

Stream of routing information and packets that are handled by the Routing Engine and the Packet Forwarding Engine. The Routing Engine handles the flow of routing information between the routing protocols and the routing tables and between the routing tables and the forwarding tables, as well as the flow of local packets from the router physical interfaces to the Routing Engine. The Packet Forwarding Engine handles the flow of data packets into and out of the router physical interfaces.

Interface that combines multiple cflowd records into a compressed ASCII data file and exports the file to an FTP server for storage and analysis, allowing users to manipulate the output from traffic monitoring operations.

Junos OS syntax used in a routing policy or firewall filter. It alters the default logical processing of the policy or filter when a set of match conditions is met.

Application that monitors the flow of traffic and enables lawful interception of packets transiting between two routers. Traffic flows can be passively monitored by an offline router or actively monitored by a router participating in the network. See also active flow monitoring.

Method of reducing false positives, it correlates multiple TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) connections into a single flow to determine the validity of the traffic.

Uses Dynamic Tasking Control Protocol (DTCP) requests to intercept IPv4 packets in an active monitoring router and send a copy of packets that match filter criteria to one or more content destinations. Flow-tap configurations can be used in flexible trend analysis for detecting new security threats and for lawfully intercepting data.

Flow-based packet forwarding process that applies ingress interface filters and policers to packets entering the device. The flowd establishes the state of the packet's session and manages the packet as it transits the security flow and associated features, applying output filtering and traffic shaping before transmitting the packet out the egress interface.

Flash Media Server. An Adobe Systems proprietary data and media server that works with the Flash Player runtime application to create media-driven, multiuser rich Internet applications (RIAs).

FECN. In a Frame Relay network, a header bit transmitted by the source device requesting that the destination device slow down its requests for data. FECN and BECN minimize the possibility that packets will be discarded when more packets arrive than can be handled. See also BECN.

In an OSPF network, address used to direct packets to a next hop other than the OSPF router advertising the route. Normally, the OSPF forwarding address field is set to 0.0.0.0. Use this forwarding address only when the advertising router has an OSPF adjacency on the next hop and this adjacency is multi-access (not point-to-point or multipoint).

RSVP LSP tunnel through which one or more other RSVP LSPs can be tunneled.

Defined set associated with each received packet on a router. These classes affect the forwarding, scheduling, and marking policies applied as the packet transits a routing platform. The forwarding class plus the loss priority define the per-hop behavior. Also known as ordered aggregates (in the IETF Differentiated Services architecture).

FEB. In M5 and M10 routers, provides route lookup, filtering, and switching to the destination port.

FEC. Set of packets with similar or identical characteristics that are forwarded in the same manner, on the same path, with the same forwarding treatment, and using the same MPLS label. FECs are defined in the base LDP specification and can be extended through the use of additional parameters. FECs are also represented in other label distribution protocols.

FIB, forwarding table. In the JunosE Software, the IP routing table. Referred to in the context of BGP.

Table of best routes to all destinations reachable by the router. For each destination, the table has only the single best route to the destination selected from the IP routing table. The Junos OS routing protocol process installs active routes from its routing tables into the Routing Engine forwarding table. The kernel copies this forwarding table into the Packet Forwarding Engine, which determines which interface transmits the packets. Also known as kernel forwarding table, Cisco Express Forwarding (CEF).

FTE. Of all destinations reachable by the router, the single best route to a given destination selected from the IP routing table.

Flexible PIC Concentrator. An interface concentrator on which physical interface cards (PICs) are mounted. An FPC is inserted into a slot in a Juniper Networks router. See also PIC.

field-programmable gate array. Semiconductor device that contains programmable logic components and interconnects. Also a category of hardware classifier.

fully qualified domain name. The hostname and domain name for a specific system.

Interface that contains one or more of the 32 DS0 time slots that can be reserved from an E1 interface. (The first time slot is reserved for framing.)

Interface that contains one or more DS0 time slots reserved from an E1 or T1 interface, allowing service providers to provision part of the interface to one customer and the other part to another customer. The individual fractional interfaces connect to different destinations, and customers pay for only the bandwidth fraction used and not for the entire E1 or T1 interface. Fractional interfaces can be configured on both channelized PICs and PIMs and unchannelized, regular E1 and T1 PICs and PIMs.

Interface that contains one or more of the 24 DS0 time slots that can be reserved from a T1 interface. A DS0 portion of a 24-DS0 T1 line. Fractional T1s enable you to separate out one DS0 line or combine several lines into bundles (usually in multilink PPP).

In TCP/IP, the process of breaking packets into the smallest maximum size packet data unit (PDU) supported by any of the underlying networks. Required when IP must transmit a large packet through a network that transmits smaller packets, or when the MTU size of the other network is smaller. In the Open Systems Interconnection (OSI) Reference Model, this process is known as segmentation. For Junos OS applications, split Layer 3 packets can then be encapsulated in MLFR or MLPPP for transport.

• In Frame Relay, a feature that reduces excessive delays of Frame Relay packets by breaking them into smaller fragments that are then interleaved with real-time frames.

• In the Multilink Point-to-Point Protocol (MLPPP), fragmentation is the process by which a large packet is broken up into multiple smaller fragments for simultaneous transmission across multiple links of an MLPPP bundle. Reassembly is the process by which the destination router reassembles the fragments into the original packets.

FCS. Calculation added to a frame for error control. FCS is used in HDLC, Frame Relay, and other Data Link Layer protocols.

Public, connection-oriented packet service based on the core aspects of the Integrated Services Digital Network. It eliminates all processing at the Network Layer and greatly restricts Data Link Layer processing. Frame Relay is an efficient replacement for the older X.25 protocol that does not require explicit acknowledgment of each frame of data. It allows private networks to reduce costs by using shared facilities between the end-point switches of a network managed by a Frame Relay service provider. Individual data-link connection identifiers (DLCIs) are assigned to ensure that each customer receives only its own traffic.

FRF. Technical committee that promotes Frame Relay by negotiating agreements and developing standards.

Frame Relay local management interface. Provides the operator with configuration and status information relating to the Frame Relay VCs in operation. LMI specifies a polling mechanism to receive incremental and full-status updates from the network. The router can represent either side of the User-to-Network Interface (UNI) and supports unidirectional LMI. Bidirectional support for the Network-to-Network Interface (NNI) is also supported.

Signals that are carried at different frequencies and transmitted over a single wire or wireless medium.

Frame Relay Forum. Technical committee that promotes Frame Relay by negotiating agreements and developing standards.

Implementation of MLFR using multiple virtual connections to aggregate logical bandwidth for end-to-end Frame Relay, defined by the Frame Relay Forum in End-to-End Multilink Frame Relay Implementation Agreement FRF.15.

Implementation of MLFR in which a single logical connection is provided by multiplexing multiple physical interfaces for user-to-network interface and network-to-network interface (UNI/NNI) connections. Defined by the Frame Relay Forum in Multilink Frame Relay UNI/NNI Implementation Agreement FRF.16.1.

Physical or virtual location that a vendor uses for activities directly related to customers, such as billing or purchasing. See also back office, OSS.

The permanent, externally available IP address of a Junos App Balancer.

A server that is contactable from the Internet, such as a Junos App Balancer.

fast reroute. Mechanism for automatically rerouting traffic on an LSP if a node or link in an LSP fails, thus reducing the loss of packets traveling over the LSP. Also known as MPLS fast reroute (MPLS FRR).

First Revenue Shipment. Indicates that a product is released to production.

field-replaceable unit. Router component that customers can replace onsite.

forwarding table entry. Of all destinations reachable by the router, the single best route to a given destination selected from the IP routing table.

File Transfer Protocol. Application protocol that is part of the TCP/IP stack model. Used for transferring files between network nodes. FTP is defined in RFC 959, File Transfer Protocol.

Open-source deployment and management tool for OpenStack.

OSPF adjacency state that represents a fully functional neighbor relationship.

In virtual player functions, an HTTP media delivery method in which the entire media file is downloaded before playback, in contrast with other methods such as progressive download, which partially downloads before initiating playback, or streaming modes that simultaneously download and play back in real time. See also progressive download.

Virtualization technique in which the underlying hardware is fully simulated in one or more virtual machines (VMs). See also paravirtualization.

Transmission mode that supports transmission and reception of signals in both directions simultaneously. See also duplex mode, half-duplex mode.

VPN in which each site in the VPN can communicate with every other site in that same VPN. See also hub-and-spoke VPN, overlapping VPN.

FQDN. The hostname and domain name for a specific system.

Firewall authentication process that implements and manages user authentication configuration, and authenticates users who access the firewall.

management Ethernet interface. Permanent interface that provides an out-of-band method, such as SSH and telnet, to connect to the routing platform. SNMP can use the management interface to gather statistics from the routing platform. See also permanent interface.

Junos OS permanent interface used for communications between the Routing Engine and the Packet Forwarding Engine. This interface is not present in all routers.

Junos OS permanent interface used for communications between the Routing Engine and the Packet Forwarding Engine. This interface is not present in all routers.

GGSN call detail record. Collection of charges in ASN.1 format that is eventually billed to a Mobile Station user.

User data message sent in a path. It consists of a T-PDU plus a GTP header.

ITU-T G.992.1. International standard recommendation that describes ADSL. Annex A defines how ADSL works over twisted-pair copper (POTS) lines. Annex B defines how ADSL works over ISDN lines.

symmetric high-speed digital subscriber line (SHDSL). Standard published in 2001 by the ITU-T with recommendation ITU G.991.2. G.SHDSL incorporates features of other DSL technologies such as asymmetrical DSL (ADSL). See also SHDSL, ADSL.

Timer used in a distance-vector network that represents the time remaining before a route is removed from the routing table.

Program or device that converts one protocol or format to another, or acts as a go-between two or more networks that use the same protocols. In this case, the gateway functions as an entry/exit point to the network. Also, an older term for a router.

GGSN. Router that serves as a gateway between mobile networks and packet data networks.

Device that passes DHCP messages between DHCP clients and DHCP servers. Also known as relay agent.

Gigabit Interface Connector. Interface module card used on some security devices for connecting to a fiber optic network.

Convenient way to categorize groups of routes to facilitate the use of routing policies. Also known as private community or local-use community.

GPRS. Packet-switched service that enables high-speed wireless Internet and other data communications, allowing full mobility and wide-area coverage as information is sent and received across a mobile network. Using a packet data service, subscribers are always connected and always online so services are easy and quick to access.

GMPLS. A protocol that extends the functionality of MPLS to include a wider range of label-switched path (LSP) options for a variety of network devices.

Summary route that uses an IP address next hop to forward packets in an IP network. A generated route is functionally similar to an aggregated route.

GRE. General tunneling protocol that can encapsulate many types of packets to enable data transmission through a tunnel. GRE is used with IP to create a virtual point-to-point link to routers at remote points in a network. See also tunneling protocol.

GTC. Carries user-specific token cards for authentication.

Method of locating the geographic location of a computer device by tracing its IP address.

gateway GPRS support node. Router that serves as a gateway between mobile networks and packet data networks.

G-CDR. Collection of charges in ASN.1 format that is eventually billed to a Mobile Station user.

Interface between a GSN and an external network or the Internet.

GPIM. SRX mid-range services gateway network interface card (NIC) that includes standard GPIMs installed in a single-high, single-wide GPIM slot and has gigabit connectivity to the system backplane.

Term describing various technologies for implementing Ethernet networking at a nominal speed of one gigabit per second. Gigabit Ethernet is supported over both optical fiber and twisted-pair cable. Physical Layer standards include 1000BASE-T, 1 Gbps over CAT-5e copper cabling, and 1000BASE-SX for short to medium distances over fiber. See also Ethernet, Fast Ethernet.

Web-based Git or version control repository and Internet hosting service based on a graphical interface.

Autonomous system (AS) consisting of multiple subautonomous systems (sub-ASs).

Privileged Exec mode from which you can set parameters or enable features. Within Global Configuration mode, you can apply features globally to a router, enable a feature or function, disable a feature or function, and configure a feature or function. See also Privileged Exec mode, User Exec mode.

Top level, or root domain, that contains all subdomains (logical groupings of devices, policies, and access privileges). See also domain.

Route map applied to a VRF to modify and filter routes exported by the VRF to the global BGP non-VPN RIB in the parent VR. See also export map, global import map, import map.

Route map applied to a VRF to modify and filter routes imported to the the BGP RIB of the VRF from the global BGP non-VPN RIB in the parent VR. See also export map, global export map, import map.

Database maintained by IP on E Series router SRP modules. Contains at most one route per protocol to each prefix in the table. See also local routing table, forwarding table, routing table.

GSM. A second-generation (2G) mobile wireless networking standard defined by ETSI that uses TDMA technology and operates in the 900-MHz radio band. See also TDMA.

Generalized Multiprotocol Label Switching. A protocol that extends the functionality of MPLS to include a wider range of label-switched path (LSP) options for a variety of network devices.

Greenwich Mean Time, UTC, (Coordinated Universal Time). Historically referred to as Greenwich mean time (GMT), a high-precision atomic time standard that tracks Universal Time (UT) and is the basis for legal civil time all over the Earth. Time zones around the world are expressed as positive and negative offsets from UTC.

Interface between two GSNs within the same Public Land Mobile Network (PLMN).

guest network function. Router partition configured using the Junos node slicing feature. You can configure multiple GNFs on a physical router. A GNF logically owns the line cards assigned to it by the base system (BSYS), and maintains the forwarding state of the line cards. A GNF, equivalent to a standalone router, has its own Junos OS control plane, which runs as a virtual machine (VM). GNFs are configured and administered independently, and are operationally isolated from each other. See also BSYS, Junos node slicing, VNF.

Interface between two GSNs located in different Public Land Mobile Networks (PLMNs).

Gigabit Backplane Physical Interface Module. SRX Series mid-range services gateway network interface card (NIC) that includes standard GPIMs installed in a single-high, single-wide GPIM slot and has gigabit connectivity to the system backplane.

General Packet Radio Service. Packet-switched service that enables high-speed wireless Internet and other data communications, allowing full mobility and wide-area coverage as information is sent and received across a mobile network. Using a packet data service, subscribers are always connected and always online so services are easy and quick to access.

GRX. Acts as a hub for GPRS connections from roaming users, removing the need for a dedicated link between each GPRS service provider.

GTP. Transports IP packets between an SGSN and a GGSN. See also tunneling protocol.

Process that allows a router whose control plane is undergoing a restart to continue to forward traffic while recovering its state from neighboring routers. Without graceful restart, a control plane restart disrupts services provided by the router. Implementation varies by protocol. Also known as nonstop forwarding. See also cold restart, warm restart.

GRES. In a router that contains a primary and a backup Routing Engine, allows the backup Routing Engine to assume the primary role automatically, with no disruption of packet forwarding. Also known as Stateful Switchover (SSO).

Junos OS feature that allows a change from the primary device, such as a Routing Engine, to the backup device without interruption of packet forwarding.

Broadcast request for a router’s own IP address to check whether that address is being used by another node. Primarily used to detect IP address duplication.

generic routing encapsulation. General tunneling protocol that can encapsulate many types of packets to enable data transmission through a tunnel. GRE is used with IP to create a virtual point-to-point link to routers at remote points in a network. See also tunneling protocol.

IP tunnel that uses GRE-encapsulated IP packets to enable data transmission. The resulting encapsulated packet contains a GRE header and a delivery header. Consequently, the packet requires more processing than an IP packet, and GRE can be slower than native routing protocols. GRE tunnels can be secured with IPsec.

GMT, UTC, (Coordinated Universal Time). Historically referred to as Greenwich mean time (GMT), a high-precision atomic time standard that tracks Universal Time (UT) and is the basis for legal civil time all over the Earth. Time zones around the world are expressed as positive and negative offsets from UTC.

graceful Routing Engine switchover. In a router that contains a primary and a backup Routing Engine, allows the backup Routing Engine to assume the primary role automatically, with no disruption of packet forwarding. Also known as Stateful Switchover (SSO).

Collection of related BGP peers that organizes previously created devices into user-defined groups, making it easier for you to configure and manage devices in your domain. Groups enable you to execute certain NSM operations on multiple security devices at the same time.

IP address used as the destination address in a multicast IP packet. The group address functionally represents the senders and interested receivers for a particular multicast data stream.

Represents a statement that sets conditions for authentication requirements that enable you to combine multiple external user objects. You can create group expressions using the operator OR, AND, or NOT to combine user objects, user group objects, or other group expressions.

Scheduler node associated with a {port interface, traffic-class group} pair. Because the logical interface is the port, only one such scheduler node can exist for each traffic-class group above the port. This node aggregates all traffic for traffic classes in the group.

Secure remote access method that uses L2TP/IPsec when connecting to networks that do not use a certificate authority (CA) to issue certificates. A group preshared key is associated with a local IP address in the E Series router and is used to authenticate L2TP/IPsec clients that target this IP address as their VPN server address. Group preshared keys are not fully secure; they open to man-in-the-middle attacks. Digital certificates are preferred instead.

GPRS Roaming Exchange. Acts as a hub for GPRS connections from roaming users, removing the need for a dedicated link between each GPRS service provider.

Global System for Mobile Communications. A second-generation (2G) mobile wireless networking standard defined by ETSI that uses TDMA technology and operates in the 900-MHz radio band. See also TDMA.

generic token card. Carries user-specific token cards for authentication.

GPRS tunneling protocol. Transports IP packets between an SGSN and a GGSN. See also tunneling protocol.

Tunnel in the GTP-U plane defined for each PDP context in the GSNs. A GTP tunnel in the GTP-C plane is defined for all PDP contexts with the same PDP address and APN (for Tunnel Management messages) or for each MS (for messages not related to Tunnel Management). A GTP tunnel is identified in each node with a TEID, an IP address, and a UDP port number. A GTP tunnel is necessary to forward packets between an external network and an MS user.

GGSN tunneling protocol, control. Allows an SGSN to establish packet data network access for a Mobile Station. See also tunneling protocol.

Control messages exchanged between GSN pairs in a path to transfer GSN capability information between the pairs, to create, update and delete GTP tunnels, and for path management.

GTP Protocol Data Unit. Either a GTP-C message or a GTP-U message.

GGSN tunneling protocol, user plane. Carries Mobile Station user data packets. See also tunneling protocol.

GTP-User Data message. Messages exchanged between GSN pairs or GSN/RNC pairs in a path to carry user data packets, and used as signaling messages for path management and error indication.

In cloud computing, a discrete virtual machine (VM) that runs on a hypervisor‐based host and shares its resources. A VM can be a virtualized workstation or server or other type of hardware. Each VM runs its own operating system image and applications that can be different from that of another VM running on the same host.

See virtual machine.

GNF. Router partition configured using the Junos node slicing feature. You can configure multiple guest network functions (GNFs) on a physical router. A GNF logically owns the line cards assigned to it by the base system (BSYS), and maintains the forwarding state of the line cards. A GNF, equivalent to a standalone router, has its own Junos OS control plane, which runs as a virtual machine (VM). GNFs are configured and administered independently, and are operationally isolated from each other. See also base system, Junos node slicing, virtual network function.

Manages the system resources in NSM and data that drives NSM functionality. It contains the NSM databases and centralizes information for devices, their configurations, attack and server objects, and policies.

ITU-T recommendation that describes packet-based multimedia communications over networks that do not guarantee class of service, such as IP networks, providing a widely used standard for VoIP and conferencing that is modeled on ISDN PRI. It is implemented as an Application Layer Gateway (ALG) that provides secure VoIP communication between terminal hosts, such as IP phones and multimedia devices, in which the gatekeeper devices manage call registration, admission, and call status for VoIP calls. The gatekeepers can reside in the two different zones, or in the same zone. Also known as ITU-T H.323.

high availability. Configuring devices to ensure service continuity in the event of a network outage or device failure. Used to provide fault detection and correction procedures to maximize the availability of critical services and applications. High availability provides both hardware-specific and software-specific methods to ensure minimal downtime and ultimately improve the performance of your network. See also high availability mode, chassis cluster.

hybrid access gateway. Logical function in the operator network that implements the network-side mechanisms for simultaneous use of both fixed broadband and 3GPP access networks. The gateway enables subscriber management by aggregating a subscriber’s traffic from the two networks.

Transmission mode that supports transmission and reception of signals in both directions, but not at the same time. See also duplex mode, full-duplex mode.

Process of exchanging signaling information between two communications devices to establish the method and transmission speed of a connection.

hierarchical assured rate. Calculation process that dynamically adjusts bandwidth for scheduler nodes—a more powerful and efficient method of configuring assured rates than static assured rates. See also SHA-1, MD5.

HDD. Refers to system storage media used for caching functions and installation procedures.

Secure server with all appropriate security patches and bug fixes. These systems are designed to resist penetration.

HMAC. Mechanism for message authentication that uses cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function—for example, MD5 or SHA-1—in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. Defined in RFC 2104, HMAC: Keyed-Hashing for Message Authentication.

Cryptographic technique applied over and over (iteratively) to a message of arbitrary length to produce a hash “message digest” or “signature” of fixed length that is appended to the message when it is sent. In security, it used to validate that the contents of a message have not been altered in transit. The Secure Hash Algorithm (especially SHA-1) and Message Digest 5 (MD5) are commonly used hashes. See also SHA, SHA-1, MD5.

host bus adapter. Physical mechanism that connects a host system to a server or storage devices.

hard disk drives. Refers to system storage media used for caching functions and installation procedures.

High-Level Data Link Control. International Telecommunication Union (ITU) standard for a bit-oriented Data Link Layer protocol on which most other bit-oriented protocols are based. Also known as High-Speed Data Link Control.

HOLB. When an ingress port sends traffic to multiple egress ports, congestion on one egress port can affect uncongested egress ports. For example, an ingress port sends traffic to two egress ports. One egress port experiences congestion and sends a message to the ingress port to stop sending traffic. The ingress port stops sending traffic and buffers it instead. However, the ingress port buffers all traffic, not just traffic destined for the congested port, so traffic destined for the uncongested port is also stopped because of HOLB.

Junos OS extension to the RMON alarm system that provides predefined monitoring for file system, CPU, and memory usage. The health monitor also supports unknown or dynamic object instances such as Junos OS processes.

IP-based, bidirectional packet connection between the router and backup router in an MX Series Virtual Chassis. The member routers forming the heartbeat connection exchange heartbeat packets that provide critical information about the availability and health of each member router. During a disruption or split in the Virtual Chassis configuration, the heartbeat connection prevents the member routers from changing primary and backup roles unnecessarily. Without the heartbeat connection, a change in roles in such a situation can produce undesirable results, such as having two primary routers or no primary router.

Amount of time an OSPF router continues to send a hello packet to each adjacent neighbor.

Process used by an RSVP router to enhance the detection of network outages in an MPLS network.

Messages used to detect adjacent peers and maintain adjacency.

Message sent out to the current network to announce the presence of the current routing instance to the network. Hello packets aid in the discovery of neighbors and in a router being able to connect to other devices on the network. When an OSPF interface is created, the interface sends Hello packets to the network to announce itself.

Establishes and maintains neighbor relationships; communication between neighbors is bidirectional. The hello protocol also dynamically discovers neighboring routers on broadcast or point-to-point networks.

HAR. Calculation process that dynamically adjusts bandwidth for scheduler nodes—a more powerful and efficient method of configuring assured rates than static assured rates. See also SHA, SHA-1, MD5.

HRR. Scheme for allocating bandwidth to queues in proportion to their weights.

HA. Configuring devices to ensure service continuity in the event of a network outage or device failure. Used to provide fault detection and correction procedures to maximize the availability of critical services and applications. High availability provides both hardware-specific and software-specific methods to ensure minimal downtime and ultimately improve the performance of your network. See also high availability mode, chassis cluster.

Ensures rapid system module recovery following a switchover. High availability mode uses an initial bulk file transfer and subsequent transaction-based mirroring. High availability mode also keeps state and dynamic configuration data from memory synchronized between the primary and standby modules. Also known as stateful switchover.

HSDPA. Enhanced 3G mobile communications protocol.

Process by which a module allows oversubscription of Ethernet packets. The module manages oversubscription by prioritizing and dropping certain packets. Also known as oversubscribed Ethernet.

Mode whereby, when the keepalive timer expires, the interface first verifies whether any frames were received from the peer in the prior keepalive timeout interval. If so, the interface does not send an LCP echo request (keepalive). Keepalive packets are sent only if the peer is silent (if no traffic was received from the peer during the previous keepalive timeout interval). Also known as smart keepalive. See also low-density keepalive mode.

HDLC. International Telecommunication Union (ITU) standard for a bit-oriented Data Link Layer protocol on which most other bit-oriented protocols are based. Also known as High-Speed Data Link Control.

HSCSD. Circuit-switched wireless data transmission for mobile users, at data rates up to 38.4 Kbps.

HDLC. International Telecommunication Union (ITU) standard for a bit-oriented data-link layer protocol on which most other bit-oriented protocols are based. Also known as High-Level Data Link Control.

HSSI. Interface that supports high-speed WAN switching services such as Frame Relay and Switched Multimegabit Data Service (SMDS) trunk encapsulation. You can configure an interface to act as data communications equipment (DCE) or data terminal equipment (DTE).

Vertical graph that represents different amounts by thin, color-coded bands or bars. These bars represent a frequency distribution; heights of the bars represent observed frequencies.

Home Location Register. Database containing information about a subscriber and the current location of a subscriber’s Mobile Station.

Hashed Message Authentication Code. Mechanism for message authentication that uses cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function—for example, MD5 or SHA-1—in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. Defined in RFC 2104, HMAC: Keyed-Hashing for Message Authentication.

Method for IS-IS that prevents unauthorized routers from injecting false routing information into your network or forming adjacencies with your router. The router creates secure digests of the packets, encrypted according to the HMAC MD5 message-digest algorithms. The digests are inserted into the packets from which they are created. Depending on the commands you issue, the digests can be inserted into hello packets, link-state PDUs, complete sequence number PDUs, and partial sequence number PDUs. Also known as MD5 authentication.

head-of-line blocking. When an ingress port sends traffic to multiple egress ports, congestion on one egress port can affect uncongested egress ports. For example, an ingress port sends traffic to two egress ports. One egress port experiences congestion and sends a message to the ingress port to stop sending traffic. The ingress port stops sending traffic and buffers it instead. However, the ingress port buffers all traffic, not just traffic destined for the congested port, so traffic destined for the uncongested port is also stopped because of HOLB.

Timer used by distance-vector protocols to prevent the propagation of incorrect routing knowledge to other routers in the network.

Maximum number of seconds allowed to elapse between successive keepalive or update messages that a BGP system receives from a peer. In OSPF, the maximum amount of time between instances of initiating Shortest Path First (SPF) computations.

HLR. Database containing information about a subscriber and the current location of a subscriber’s Mobile Station.

Number of routers that data packets must traverse between RIP networks. See also RIP metric.

In cloud computing, virtualized software whose hypervisor allows multiple guest VMs to run on it concurrently and share its resources.

HBA. Physical mechanism that connects a host system to a server or storage devices.

A standards-based component that provides a wide variety of security checks for endpoints. Host Checker policies are configured on the IC Series device.

Name defined by a security application using known host information such as IP address, MAC address, username, and hostname and used to assign an identifier to the host.

Internet Group Management Protocol (IGMP) packet sent by a router to determine whether interested receivers exist on a broadcast network for multicast traffic.

IGMP packet sent by an interested receiver for a particular multicast group address. Hosts send report messages when they first join a group or in response to a query packet from the local router.

On an M160 router, provides the routing and system management functions of the router. Consists of the Routing Engine and Miscellaneous Control Subsystem (MCS).

Comprises a Routing Engine and an adjacent Control Board (CB), and provides the routing and system management functions of the router.

Configuration that takes place on a device for which you have created a host-specific autoinstallation configuration file (hostname.conf). The hostname.conf file contains all the information necessary for configuring the named host device. See also hostname.conf.

Host-specific configuration file for autoinstallation on a device that contains all the information necessary for configuring the device. In the filename, hostname is replaced with the hostname that you are assigning to the device.

Media content that is often requested. Media Flow Controller caches content hierarchically according to how “hot” it is: short tail video (a few videos requested often by many clients) can be cached closer to the subscriber, while long tail video (videos seldom requested) can be kept deeper in the network.

One or more files that update an operational E Series router. Hot fixes can do any of the following: address one or more specific, critical software issues by replacing or adding functionality to one or more software components; enable the delivery of software updates without having to load an entire software release; or deploy debugging code to collect data that facilitates troubleshooting of software issues.

In Junos OS, method used with link services intelligent queuing interfaces (LSQ) to enable rapid switchover between primary and secondary (backup) PICs. See also warm standby.

Disconnecting or connecting peripherals without interrupting system operations. Media Flow Controller supports hot swapping of caching storage drives.

Used to describe a component that can be inserted into the chassis while the device is running.

Software or hardware component that can be installed or uninstalled while the software is running, as well as the software application that supports the installation and uninstallation of such components. Juniper Networks Service Automation is a hot-pluggable application.

Used to describe a component that can be removed from the chassis while the device is running.

hierarchical round-robin. Scheme for allocating bandwidth to queues in proportion to their weights.

One part of the integrated scheduler used to extend ATM QoS functionality on all E Series router ASIC-enabled line modules. See also SAR scheduler.

High-Speed Circuit Switched Data. Circuit-switched wireless data transmission for mobile users, at data rates up to 38.4 Kbps.

High Speed Downlink Packet Access. Enhanced 3G mobile communications protocol.

high-speed serial interface. Interface that supports high-speed WAN switching services such as Frame Relay and Switched Multimegabit Data Service (SMDS) trunk encapsulation. You can configure an interface to act as data communications equipment (DCE) or data terminal equipment (DTE).

Hypertext Transfer Protocol. Method used to publish and receive information on the Web, such as text and graphic files.

Hypertext Transfer Protocol over Secure Sockets Layer. Similar to HTTP with an added encryption layer that encrypts and decrypts user page requests and pages that are returned by a webserver. Used for secure communication, such as payment transactions.

Sharing model in which one physical site acts as a hub (for example, Main Office), while other physical sites act as spokes. Spoke sites are connected to each other through a hub site. In a hub-and-spoke topology, the network communications between two spokes always travel through the hub.

Type of VPN in which spoke sites in the VPN can communicate only with the hub sites; they cannot communicate with other spoke sites. See also full-mesh VPN, overlapping VPN.

Coordinated and simultaneous use of two different access paths by a single subscriber. One path is through a fixed broadband (DSL) access network and the other path is through a wireless access network (LTE).

HAG. Logical function in the operator network that implements the network-side mechanisms for simultaneous use of both fixed broadband and 3GPP access networks. The gateway enables subscriber management by aggregating a subscriber’s traffic from the two networks.

A cloud type composed of two or more public and private clouds that remain unique but are bound together, providing the benefits of multiple deployment models. Hybrid clouds can be maintained by both internal and external providers. They require on‐premises resources and offsite, remote, server‐based cloud infrastructure.

hybrid customer premises equipment. Customer premises equipment (CPE) that has two WAN access interfaces for simultaneous support of both fixed broadband access and 3GPP-based wireless access.

hybrid CPE. Customer premises equipment (CPE) that has two WAN access interfaces for simultaneous support of both fixed broadband access and 3GPP-based wireless access.

Mechanism used by the synchronous Ethernet equipment clock (EEC) on the Modular Port Concentrator (MPC) that derives the frequency from Synchronous Ethernet and the phase and time of day from PTP for time synchronization. Time synchronization includes both phase synchronization and frequency synchronization.

HTTP. Method used to publish and receive information on the Web, such as text and graphic files.

HTTPS. Similar to HTTP with an added encryption layer that encrypts and decrypts user page requests and pages that are returned by a webserver. Used for secure communication, such as payment transactions.

Software on a single physical host computer that creates and manages multiple guest virtual machines. Type 1 (bare-metal) hypervisors run directly on hardware with no host operating system and type 2 hypervisors run on top of a host operating system, such as Linux. See also virtual machine.

integrated DHCP access server. Feature that enables you to use RADIUS start and stop attributes to track user events such as the lifetime of an IP address.

Information frame used to transfer data in sequentially numbered logical link control protocol data units (LPDUs) between link stations.

24-bit service instance identifier field carried inside an I-TAG. The I-SID defines the service instance to which the frame is mapped.

Field defined in the IEEE 802.1ah provider MAC encapsulation header that carries the service instance information (I-SID) associated with the frame.

IOA, input/output adapter. Physical interface that pairs with line modules to provide connectivity to E120 and E320 routers. See also I/O module.

Juniper Networks ASIC responsible for segmenting data packets into 64-byte J-cells and for queuing result cells before transmission.

• Physical interface that pairs with line modules to provide connectivity to an ERX router. See also IOA.

• In Juniper IDP Series, it contains the traffic interfaces that receive and send network traffic and is a field-replaceable unit (FRU).

IOV. Virtualization of physical devices, such as network interface cards (NICs) and CPUs, that enables data transfer in a network. See also single-root I/O virtualization.

Infrastructure as a Service. Physical or virtual cloud servers and other resources—such as switches, routers, firewalls, storage devices, load balancers, and other network equipment—that are leased to customers as needed. IaaS providers offer customers the ability to scale services up or down easily without having to make the capital investment in equipment and expertise. See also cloud computing, NaaS, PaaS, SaaS.

Internet Assigned Numbers Authority. Regulatory group that maintains all assigned and registered Internet numbers, such as IP and multicast addresses. See also NIC.

Inter Access Point Protocol. IEEE 802.11F recommendation that describes optional extensions to IEEE 802.11, which defines wireless access-point communications among multivendor systems.

Internal Border Gateway Protocol. BGP configuration in which sessions are established between routers in the same autonomous system (AS). See also EBGP.

Session between two BGP speakers that are in the same autonomous system (AS). IBGP requires that BGP speakers within an autonomous system be fully meshed, meaning that there must be a BGP session between each pair of peers within the AS. IBGP does not require that all the peers be physically connected. See also EBGP session.

Inter-Chassis Control Protocol. Protocol that enables MC-LAG peers to exchange control information and coordinate with each other to ensure that data traffic is forwarded properly. See also MC-LAG.

interchassis control link. Link used to forward data traffic across MC-LAG peers. This link provides redundancy when a link failure (for example, an MC-LAG trunk failure) occurs on one of the active links. The ICL can be a single physical Ethernet interface or an aggregated Ethernet interface. Also known as interchassis link (ICL) or interchassis link-protection link (ICL-PL). See also MC-LAG.

Internet Control Message Protocol. Network Layer protocol that provides a query and response system for a router or destination host to report an error in data traffic processing to the original source of the packet. Used in router discovery, ICMP allows router advertisements that enable a host to discover addresses of operating routers on the subnet. An ICMP echo request is also known as a ping.

Type of denial-of-service attack that sends ICMP pings so large or so numerous that they overload a system with echo requests, causing the system to expend all its resources responding until it can no longer process valid network traffic. Also known as ping flood, smurf attack.

IRDP. Used by DHCP clients that enables a host to determine the address of a router that it can use as a default gateway.

Integrated Drive Electronics. Type of hard disk on a Routing Engine.

International Data Encryption Algorithm. One of the methods at the heart of Pretty Good Privacy (PGP), it uses a 128-bit key. IDEA is patented by Ascom Tech AG and is popular in Europe.

initial domain identifier. Part of an ATM address format that contains the address fields describing the address allocation and issuing authority.

interface definition language. Language-agnostic way of defining APIs. An IDL file contains interface and type library definitions. Also known as interface description language.

Initial BGP neighbor state in which the local router refuses all incoming session requests.

• initial domain part. Portion of a CLNS address that consists of the AFI and IDI. See also AFI, IDI.

• Intrusion Detection and Prevention. Name of a Juniper Networks product line of security devices that run the IDP OS (operating system).

intrusion detection service. Inspects all inbound and outbound network activity and identifies suspicious patterns that might indicate a network or system attack from someone attempting to break into or compromise a system.

International Electrotechnical Commission. International standards organization that deals with electrical, electronic, and related technologies. See ISO.

Institute of Electrical and Electronics Engineers. International professional society for electrical engineers.

Set of standards that applies to the data link and physical layers of networks carrying frames of different sizes. In practice, IEEE 802 applies to LANs and metropolitan area networks (MANs). See also IEEE, LAN, MAN.

IEEE standard for a Layer 2 frame structure that supports VLAN identification and CoS traffic classification.

IEEE standard that defines a method for powering network devices through an Ethernet cable. This standard enables remote devices (such as VoIP telephones) to operate without a separate, external power source. Also known as Power over Ethernet (PoE).

Internet Engineering Task Force. International community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet.

Internet Group Management Protocol. Host-to-router signaling protocol for IPv4 to report multicast group memberships to neighboring routers and determine whether group members are present during IP multicasting. Similarly, multicast routers, such as E Series routers, use IGMP to discover which of their hosts belong to multicast groups and to determine whether group members are present.

Method by which a router issues IGMP host messages on behalf of hosts that the router discovered through standard IGMP interfaces. The router acts as a proxy for its hosts.

interior gateway protocol. Distributes routing information to routers within an autonomous system, such as IS-IS, OSPF, or RIP. See also EGP.

Internet Key Exchange. Part of IPsec that provides ways to exchange keys for encryption and authentication securely over an unsecured medium such as the Internet. IKE enables a pair of security gateways to:

• Dynamically establish a secure tunnel over which security gateways can exchange tunnel and key information.

• Set up user-level tunnels or SAs, including tunnel attribute negotiations and key management. These tunnels can also be refreshed and terminated on top of the same secure channel.

IKE employs Diffie-Hellman methods and is optional in IPsec (the shared keys can be entered manually at the endpoints).

IP address of the entity that is one of two endpoints in an IKE/ISAKMP SA.

Method that recognizes the loss of the primary IPsec Internet Key Exchange (IKE) peer and establishes a secondary IPsec tunnel to a backup peer. It is a keepalive mechanism that enables the E Series router to detect when communication to a remote IPsec peer has been disconnected. DPD enables the router to reclaim resources and to optionally redirect traffic to an alternate failover destination. If DPD is not enabled, traffic continues to be sent to the unavailable destination. Also known as dead peer detection (DPD).

Policies that define a combination of security parameters to be used during the IKE SA negotiation. IKE policies are configured on both security gateway peers, and there must be at least one policy on the local peer that matches a policy on the remote peer. If that is not the case, the two peers are not able to successfully negotiate the IKE SA, and no data flow is possible.

In NSM, a representation of an IKE proposal, which is a set of encryption keys and authentication algorithms used to negotiate a VPN connection.

IKE process that implements tunnel management for IPsec VPNs, provides authentication of endpoint entities, and generates keys for packet authentication and encryption.

incumbent local exchange carrier. Any commercial telecom company that was in business after the breakup of AT&T in 1984 and before the Telecommunications Act of 1996.

Integrated Local Management Interface. Specification developed by the ATM Forum that incorporates network management capabilities into the ATM user-to-network interface (UNI) and provides bidirectional exchange of management information between UNI management entities (UMEs).

inverse multiplexing for ATM. Technique for transporting ATM traffic over a bundle of T1 or E1 interfaces. A single data stream is divided into multiple concurrent streams that are transmitted at the same time across separate channels (such as T1 or E1 interfaces) and are then multiplexed back into the original data stream at the other end.

Single file that contains the contents of a computer’s hard drive, including the operating system and software applications plus information such as partition details, boot sectors, and the file allocation table. See also reimage.

Internet Message Access Protocol. Standard protocol for accessing e-mail on a remote server from a local client. IMAP is an Application Layer Internet protocol using the underlying Transport Layer protocols to establish host-to-host communication services for applications.

International Mobile Station Equipment Identity. Unique code used to identify an individual Mobile Station to a GSM network.

Type of shared shaper in which the system automatically selects the active constituents. A shared-shaping rate is configured on the best-effort node or queue, and QoS locates the other constituents automatically. See also explicit shared shaper, shared shaping.

Installation of routes from the routing protocols into a routing table.

Route map applied to a VRF to modify and filter routes imported to the BGP RIB of the VRF from the global BGP VPN RIB in the parent VR. See also export map, global import map.

When you have two or more virtual routers on a security device, you can configure import rules on one virtual router that define which routes are allowed to be learned from another virtual router. If you do not configure any import rules for a virtual router, all routes that are exported to that virtual router are accepted. See also export rules.

International Mobile Subscriber Identity. Information that identifies a particular subscriber to a GSM network.

International Mobile Telecommunications-2000. Global standard for third-generation (3G) wireless communications, defined by a set of interdependent ITU Recommendations. IMT-2000 provides a framework for worldwide wireless access by linking the diverse systems of terrestrial and satellite-based networks.

Change made to the device configuration from the Junos Space user interface. See also out-of-band change.

In NSM, mode of policy management performed on a single device, using the NSM Device Editor. If this method is selected to manage a J Series or an SRX Series device, then the NSM Policy Manager, the Object Manager, and the VPN Manager are all disabled for that device.

ISSU. General term for one of several different ways that Juniper Networks platforms upgrade software versions with minimal disruption to network traffic. Unified ISSU is used for routing platforms, which operate at Layer 2 and Layer 3. Nonstop software upgrade (NSSU) is used for switching platforms that operate at Layer 2 and Virtual Chassis configurations. Topology-independent in-service software upgrade (TISSU) is used for virtual environments, where devices are not linked by a hardware-based topology. See also NSSU, TISSU, and unified ISSU.

Constituent that is ignored by the shared shaper mechanism. See also active constituent, constituent.

Inverse Address Resolution Protocol. Way of determining the IP address of the device at the far end of a circuit.

In the context of a secure interface, already secured traffic arriving on that interface (identified based on its SPI). This traffic is cleared and checked against the security parameters set for that interface.

ILEC. Any commercial telecom company that was in business after the breakup of AT&T in 1984 and before the Telecommunications Act of 1996.

MPLS label distribution method whereby the LSR sending the label acts independently of its downstream peer. It does not wait for a label from the downstream LSR before it sends a label to peers. See also ordered control.

Default Junos OS routing table for IPv4 unicast routers.

Default Junos OS routing table for storing the multicast cache for active data streams in the network.

Default Junos OS routing table for storing unicast IPv4 routes specifically used to prevent forwarding loops in a multicast network.

Default Junos OS routing table for storing the egress IP address of an MPLS label-switched path.

Default Junos OS routing table for storing information generated by the Multicast Source Discovery Protocol (MSDP).

Default Junos OS routing table for storing unicast IPv6 routes.

Compromised host systems to which network attackers have very likely gained unauthorized access.

Metric value used in distance-vector protocols to represent an unusable route. For RIP, the infinity metric is 16.

ITaaS. Operational model where the information technology (IT) service provider delivers an IT service to a firm. The IT service provider focuses on the needs and outcomes of the firm to assist in improving the overall health of the business.

Policy management component of a Juniper Networks UAC solution.

Policy enforcement point or firewall within a Juniper Networks UAC solution.

IaaS. Physical or virtual cloud servers and other resources—such as switches, routers, firewalls, storage devices, load balancers, and other network equipment—that are leased to customers as needed. IaaS providers offer customers the ability to scale services up or down easily without having to make the capital investment in equipment and expertise. See also cloud computing, Network as a Service, Platform as a Service, Software as a Service.

Data that has been placed on a Media Flow Controller and analyzed and queued for deployment.

Inbound, referring to packets entering a device. See also egress.

In MPLS, the first router in a label-switched path (LSP). See also egress router.

OSPF adjacency state in which the local router has received a hello packet but bidirectional communication is not yet established.

IDI. Part of an ATM address format that contains the address fields describing the address allocation and issuing authority.

IDP. Portion of a CLNS address that consists of the AFI and IDI. See also AFI, IDI.

Policy that evaluates a condition before the normal route lookup. See also output policy, policy, secondary input policy.

IOA, I/O adapter. Physical interface that pairs with line modules to provide connectivity to E120 and E320 routers. Also known as I/O module.

I/O module. Physical interface that pairs with line modules to provide connectivity to E120 and E320 routers. Also known as I/O adapter.

Junos OS command that allows a user to reorder terms in a routing policy or a firewall filter, or to change the order of a policy chain.

In a NAT context, IP translated address of an inside host as seen by an outside host and network.

In a NAT context, configured IP address that is assigned to a host on the inside network.

In a NAT context, the local portion of a network that uses private, not publicly routable, IP addresses that you want to translate.

Commonly used NAT configuration, in which an inside host sends a packet to the outside network and the NAT router translates the source information. Then, in the inbound direction, the NAT router restores the original information. For outbound traffic, the NAT router translates the inside local address into the inside global address.

Routing table that shows route flows through BGP.

IEEE. International professional society for electrical engineers.

I-DAS. Feature that enables you to use RADIUS start and stop attributes to track user events such as the lifetime of an IP address.

IDE. Type of hard disk on a Routing Engine.

Extended version of IS-IS that supports the routing of datagrams by means of IP or CLNS. Without the extensions, IS-IS routes datagrams only by means of CLNS.

ILMI. Specification developed by the ATM Forum that incorporates network management capabilities into the ATM user-to-network interface (UNI) and provides bidirectional exchange of management information between UNI management entities (UMEs).

IPLC. Integrated optical card that occupies a PIC or an FPC slot within the PTX3000 chassis. The PTX3000 supports an IPLC base module and an IPLC expansion module. The IPLC base module provides the combined functionalities of optical multiplexing and demultiplexing, optical amplification, optical equalization, and optical channel monitoring. The IPLC expansion module interfaces with the IPLC base module to increase the add/drop capacity of the system up to 64 channels.

IRB. Provides simultaneous support for Layer 2 (L2) bridging and Layer 3 (L3) routing within the same bridge domain. Packets arriving on an interface of the bridge domain are L2 switched or L3 routed based on the destination MAC address. Packets addressed to the router’s MAC address are routed to other L3 interfaces.

QoS scheduler that provides extended ATM QoS functionality. The integrated scheduler consists of two schedulers in series—the hierarchical round robin (HRR) scheduler and the segmentation and reassembly (SAR) scheduler.

ISDN. Set of digital communications standards that enable the transmission of information over existing twisted-pair telephone lines at higher speeds than standard analog telephone service. An ISDN interface provides multiple B-channels (bearer channels) for data and one D-channel for control and signaling information. See also B-channel, D-channel.

IQ. M Series and T Series routing platform interfaces that offer granular quality-of-service (QoS) capabilities; extensive statistics on packets and bytes that are transmitted, received, or dropped; and embedded diagnostic tools.

IAPP. IEEE 802.11F recommendation that describes optional extensions to IEEE 802.11, which defines wireless access-point communications among multivendor systems.

Routing of packets among different autonomous systems (ASs). See also EBGP.

Services that support VPNs across AS boundaries. Also known as interprovider services.

ICCP. Protocol that enables MC-LAG peers to exchange control information and coordinate with each other to ensure that data traffic is forwarded properly. See also MC-LAG.

Network traffic that indicates human involvement in a normally automated process, such as a user typing commands. It appears different from other traffic because one end of the connection is manually controlled. For example, in an automated process, TCP packets can be batched and sent in bulk. However, in a connection between a program and a user, packets are sent when they become available; characters display as they are typed (not after the word is complete). Interactive programs transmit several short IP packets containing individual keystrokes and their echoes, reflecting the real-time actions of a user (or attacker).

ICL. Link used to forward data traffic across MC-LAG peers. This link provides redundancy when a link failure (for example, an MC-LAG trunk failure) occurs on one of the active links. The ICL can be a single physical Ethernet interface or an aggregated Ethernet interface. Also known as interchassis link (ICL) or interchassis link-protection link (ICL-PL). See also MC-LAG.

In a BGP route reflection, the redistribution of routing information by a route reflector system to all nonclient peers (BGP peers not in the cluster). See also route reflection.

Alarm triggered by the state of a physical link on a fixed or installed PIM, such as a link failure or a missing signal. Interface alarms are triggered by conditions on a T1 (DS1), Fast Ethernet, serial, or T3 (DS3) physical interface or by conditions on the sp-0/0/0 adaptive services interface for stateful firewall filter, NAT, IDP, or IPsec services. To enable an interface alarm, you must explicitly set an alarm condition.

Value added to all received routes in a distance-vector network before they are placed into the routing table. Junos OS uses a cost of 1 for this value.

IDL. Language-agnostic way of defining APIs. An IDL file contains interface and type library definitions. Also known as interface description language.

Configurable pool of labels from which multiple smaller pools (ranges) of labels can be created. Interfaces are configured to use labels only from a particular pool.

Addition to the SONET Automatic Protection Switching (APS) functionality that helps promote redundancy of the link PICs used in LSQ configurations. If the active SONET PIC fails, links from the standby PIC are used without causing a link renegotiation. Also known as link-state replication.

Routes that are in the routing table because an interface has been configured with an IP address. Also known as direct routes.

Packet sampling method used by packet capture, in which entire IPv4 packets flowing in the input or output direction, or both directions, are captured for analysis.

A logical group of interfaces that describe the characteristics of a set of service VLANs, logical interfaces, or customer VLANs, including the members of the set and the name of the traffic control profiles. See also S-VLAN.

Label used in JunosE Software to identify both the physical location (such as chassis slot and port number) of a particular interface type on the router and the logical interface, such as a channelized T3 interface. Used in conjunction with an interface type to uniquely identify the interface on the router. See also interface type.

Label used in JunosE Software to identify the type of interface you are configuring on the router. For example, gigabitEthernet indicates a Gigabit Ethernet interface. Used in conjunction with an interface specifier to uniquely identify the interface on the router. See also interface specifier.

Physical and logical channels on a router, switch, or security device that define how data is transmitted to and received from lower layers in the protocol stack. See also subinterface.

IGP. Distributes routing information to routers within an autonomous system, such as IS-IS, OSPF, or RIP. See also EGP.

In IS-IS, the network entity that sends and receives packets and can also route packets. A router in OSI internetworking. See also ES.

IS-IS. Link-state, interior gateway routing protocol for IP networks that uses the shortest-path-first (SPF) algorithm to determine routes.

IBGP. BGP configuration in which sessions are established between routers in the same autonomous system (AS). See also EBGP.

IDEA. One of the methods at the heart of Pretty Good Privacy (PGP), it uses a 128-bit key. IDEA is patented by Ascom Tech AG and is popular in Europe.

IEC. International standards organization that deals with electrical, electronic, and related technologies. See ISO.

IMEI. Unique code used to identify an individual Mobile Station to a GSM network.

IMSI. Information that identifies a particular subscriber to a GSM network.

IMT-2000. Global standard for third-generation (3G) wireless communications, defined by a set of interdependent ITU Recommendations. IMT-2000 provides a framework for worldwide wireless access by linking the diverse systems of terrestrial and satellite-based networks.

ISO. Worldwide federation of standards bodies that promotes international standardization and publishes international agreements as International Standards.

CISPR. An International Electrotechnical Commission (IEC) committee whose principal task is to prepare standards that offer protection of radio reception from interference sources at the higher end of the frequency range (from 9 kHz and above), such as electrical appliances of all types; the electricity supply system; industrial, scientific, and electromedical RF; broadcasting receivers (sound and TV); and IT equipment (ITE).

ITU-T. Group supported by the United Nations that makes recommendations and coordinates the development of telecommunications standards for the entire world. Formerly known as the CCITT.

Now known as ITU-T (Telecommunication Standardization Sector), or CCITT, organization that coordinates standards for telecommunication on behalf of the ITU (International Telecommunication Union). The ITU is a United Nations specialized agency. ITU-T is a subcommittee of ITU. See also ITU-T.

IANA. Regulatory group that maintains all assigned and registered Internet numbers, such as IP and multicast addresses. See also NIC.

ICMP. Network Layer protocol that provides a query and response system for a router or destination host to report an error in data traffic processing to the original source of the packet. Used in router discovery, ICMP allows router advertisements that enable a host to discover addresses of operating routers on the subnet. An ICMP echo request is also known as a ping.

IETF. International community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet.

IGMP. Host-to-router signaling protocol for IPv4 to report multicast group memberships to neighboring routers and determine whether group members are present during IP multicasting. Similarly, multicast routers, such as E Series routers, use IGMP to discover which of their hosts belong to multicast groups and to determine whether group members are present.

IKE. Part of IPsec that provides ways to exchange keys for encryption and authentication securely over an unsecured medium such as the Internet. IKE enables a pair of security gateways to:

• Dynamically establish a secure tunnel over which security gateways can exchange tunnel and key information.

• Set up user-level tunnels or SAs, including tunnel attribute negotiations and key management. These tunnels can also be refreshed and terminated on top of the same secure channel.

IKE employs Diffie-Hellman methods and is optional in IPsec (the shared keys can be entered manually at the endpoints).

IMAP. Standard protocol for accessing e-mail on a remote server from a local client. IMAP is an Application Layer Internet protocol using the underlying Transport Layer protocols to establish host-to-host communication services for applications.

Juniper Networks ASIC responsible for using the forwarding table to make routing decisions within the Packet Forwarding Engine. The Internet Processor ASIC also implements firewall filters.

IP. Used for sending data from one point to another on the Internet, it provides the functions necessary to deliver blocks of data (datagrams) from a source to a destination over an interconnected system of networks, where sources and destinations are identified by fixed length addresses. See also IP address, IPv6.

IPCP. Establishes and configures IP over the Point-to-Point Protocol (PPP).

IPoA. Interface stacking configuration supported on E Series routers. An IPoA interface is IP over ATM 1483 over ATM AAL5 over ATM.

IPsec. Provides security to IP flows through the use of authentication and encryption:

• Authentication verifies that data is not altered during transmission and ensures that users are communicating with the individual or organization that they believe they are communicating with.

• Encryption makes data confidential by making it unreadable to everyone except the sender and intended recipient.

  The secure aspects of IPsec are usually implemented in three parts: the authentication header (AH), the Encapsulating Security Payload (ESP), and the Internet Key Exchange (IKE).