EX4400-24T Ethernet Switch
24-port 10/100/1000BASE-T + 550 W AC PS non-PoE AFO (Front-to-back airflow)
The EX4400 line of Ethernet access switches offers secure, cloud-ready access for enterprise campus, branch, and data center networks for the AI era and optimized for the cloud. The platforms boost network performance and visibility, meeting the security demands of today as well as for networks of the next decade. As part of the underlying infrastructure for Juniper Mist Wired Assurance, the EX4400 is purpose-built for, and managed by, the cloud. The switch leverages Mist AI to simplify operations and provide better visibility into the experience of connected devices, delivering a refreshing, user experience-first approach to access layer switching.
Key Features
• Cloud-ready, driven by Mist AI with Juniper Mist Wired Assurance and Marvis Virtual Network Assistant
• Ethernet VPN–Virtual Extensible LAN (EVPN-VXLAN) to the access layer
• End-to-end encryption using Media Access Control Security (MACsec) AES256
• IEEE 802.3bt Power over Ethernet (PoE++)
• Standards-based microsegmentation using group-based policies (GBP)
• Flow-based telemetry to monitor traffic flows for anomaly detection
• Precision Timing Protocol – Transparent clock
• 10-member Virtual Chassis support
The EX4400 line of Ethernet access switches offers secure, cloud-ready access for enterprise campus, branch, and data center networks for the AI era and optimized for the cloud. The platforms boost network performance and visibility, meeting the security demands of today as well as for networks of the next decade. As part of the underlying infrastructure for Juniper Mist Wired Assurance, the EX4400 is purpose-built for, and managed by, the cloud. The switch leverages Mist AI to simplify operations and provide better visibility into the experience of connected devices, delivering a refreshing, user experience-first approach to access layer switching.
Cloud Management with Juniper Mist Wired Assurance Driven by Mist AI
EX4400 switches can be quickly and easily onboarded (Day 0), provisioned (Day 1), and managed (Day 2+) from the cloud with Juniper Mist Wired Assurance, which brings AI-powered automation and insights that optimize experiences for end-users and connected devices. The EX4400 provides rich Junos® operating system telemetry data for Mist AI, which helps achieve simpler operations, shorter mean time to repair (MTTR), and streamlined troubleshooting.
In addition to Juniper Mist Wired Assurance, Marvis Virtual Network Assistant—a key part of The Self-Driving Network™—makes the Mist AI engine interactive. A digital extension of the IT team, Marvis offers automatic fixes or recommended actions, allowing IT teams to streamline how they troubleshoot and manage their network operations.
EVPN-VXLAN Technology
Most traditional campus networks have used a single-vendor, chassis-based architecture that worked well for smaller, static campuses with few endpoints. However, this approach is too rigid to support the changing needs of modern campus networks. The EX4400 supports EVPN-VXLAN, extending an end-to-end fabric from campus core to distribution to the access layer.
An EVPN-VXLAN fabric is a simple, programmable, highly scalable architecture built on open standards. This technology can be applied in both data centers and campuses for architectural consistency. A campus EVPN-VXLAN architecture uses a Layer 3 IP-based underlay network and an EVPN-VXLAN overlay network. A flexible overlay network based on a VXLAN overlay with an EVPN control plane efficiently provides Layer 2 and/or Layer 3 connectivity throughout the network. EVPN-VXLAN also offers a scalable way to build and interconnect multiple campus sites, delivering:
• Greater consistency and scalability across all network layers
• Multivendor deployment support
• Reduced flooding and learning
• Location-agnostic connectivity
• Consistent network segmentation
• Simplified management
Virtual Chassis Technology
Juniper’s Virtual Chassis technology allows multiple interconnected switches to operate as a single, logical unit, enabling users to manage all platforms as one virtual device. Up to 10 EX4400 switches can be interconnected as a Virtual Chassis using two dedicated 100GbE rear-panel ports (these ports accept 100G as well as 40G optics). Although configured as Virtual Chassis ports by default, the 100GbE uplinks can also be channelized as 2 x 40GbE or 4 x 10GbE/25GbE Ethernet uplink ports. The EX4400 switches can form a Virtual Chassis with any other models within the EX4400 product line.
Microsegmentation Using Group-Based Policy
Group-based policies (GBP) leverage underlying VXLAN technology to provide location-agnostic endpoint access control. This allows network administrators to implement consistent security policies across the enterprise network domains. The EX4400 supports a standards-based GBP solution, allowing different levels of access control for endpoints and applications even within the same VLAN. Customers can simplify their network configuration by using GBP, avoiding the need to configure large numbers of firewall filters on all their switches. GBP can block lateral threats by ensuring consistent application of security group policies throughout the network, regardless of the location of endpoints and/or users.
Flow-Based Telemetry
Flow-based telemetry enables flow-level analytics, allowing network administrators to monitor thousands of traffic flows on the EX4400 without burdening the CPU. This improves network security by monitoring, baselining, and detecting flow anomalies. For example, if predefined flow thresholds are breached due to an attack, IP Flow Information Export (IPFIX) alerts can be sent to an external server so the attack can be quickly identified. Network administrators can also automate specific workflows, such as further examining the traffic or quarantining a port, to triage the issue.
Simplified Operations with Juniper Mist Wired Assurance
The EX4400 is fully cloud onboarded, provisioned, and managed by Juniper Mist Wired Assurance. The EX4400 is designed from the ground up to deliver the rich telemetry that enables AI for IT Operations (AIOps) with simplified operations from Day 0 to Day 2 and beyond. Juniper Mist Wired Assurance provides detailed switch insights for easier troubleshooting and improved time to resolution by offering the following features:
Day 0 operations — Onboard switches seamlessly by claiming a greenfield switch or adopting a brownfield switch with a single activation code for true plug-and-play simplicity.
Day 1 operations — Implement a template-based configuration model for bulk rollouts of traditional and campus fabric deployments, while retaining the flexibility and control required to apply custom site- or switch-specific attributes. Automate provisioning of ports via Dynamic Port Profiles.
Day 2 operations — Leverage the AI in Juniper Mist Wired Assurance to meet service-level expectations such as throughput, successful connects, and switch health with key pre- and post-connection metrics (see Figure 1). Add the self-driving capabilities in Marvis Actions to detect loops, add missing VLANs, fix misconfigured ports, identify bad cables, isolate flapping ports, and discover persistently failing clients (see Figure 2). And perform software upgrades easily through Juniper Mist cloud. The EX4400 switches also support secure packet capture (pcap) and export the same to an external collector (in the cloud), to aid in monitoring and troubleshooting any network performance issues.
EVPN-VXLAN for Campus Core, Distribution, and Access
The EX4400 switches can be deployed in campus and branch access layer networks or as top-of-rack switches in data center environments using 10GbE/25GbE uplinks to support technologies such as EVPN multihoming.
The main advantages of EVPN-VXLAN in campus networks are:
Flexibility of consistent VLANs across the network: Endpoints can be placed anywhere in the network and remain connected to the same logical L2 network, enabling a virtual topology to be decoupled from the physical topology.
Microsegmentation: The EVPN-VXLAN-based architecture lets you deploy a common set of policies and services across campuses with support for L2 and L3VPNs.
Scalability: With an EVPN control plane, enterprises can scale out easily by adding more core, aggregation, and access layer devices as the business grows without having to redesign the network or perform a forklift upgrade. Using an L3 IP-based underlay coupled with an EVPN-VXLAN overlay, campus network operators can deploy much larger and more resilient networks than would otherwise be possible with traditional L2 Ethernet-based architectures.
Juniper offers complete flexibility in choosing any of the following validated EVPN-VXLAN campus fabrics that cater to networks of different sizes, scale, and segmentation requirements:
EVPN multihoming (collapsed core or distribution): A collapsed core architecture combines the core and distribution layers into a single switch, turning the traditional three-tier hierarchal network into a two-tier network. EVPN Multihoming on a collapsed core eliminates the need for Spanning Tree Protocol (STP) across campus networks by providing link aggregation capabilities from the access layer to the core layer. This topology is best suited for small to medium distributed enterprise networks and allows for consistent VLANs across the network. This topology uses ESI (Ethernet Segment Identifier) LAG (Link Aggregation) and is a standards-based protocol.
Campus Fabric Core distribution: When EVPN VXLAN is configured across core and distribution layers, it becomes a campus Fabric Core Distribution architecture, which can be configured in two modes: centrally or edge routed bridging overlay. This architecture provides an opportunity for an administrator to move towards campus-fabric IP Clos without fork-lift upgrade of all access switches in the existing network, while bringing in the advantages of moving to a campus fabric and providing an easy way to scale out the network.
Campus Fabric IP Clos: When EVPN VXLAN is configured on all layers including access, it is called the campus fabric IP Clos architecture. This model is also referred to as “end-to-end,” given that VXLAN tunnels are terminated at the access layer. Due to the availability of VXLAN at access, it provides us with the opportunity to bring policy enforcement to the access layer (closest to the source) using Group Based Policy (GBP). Standards-based GBP tags bring the unique option to segment traffic both at a micro and macro level. GBP tags are assigned dynamically to clients as part of Radius transaction by Mist Cloud NAC. This topology works for small-medium and large campus architectures that need macro and micro segmentation.
In all these EVPN-VXLAN deployment modes, EX4400 switches can be used in standalone or Virtual Chassis configurations. All three topologies are standards-based and hence are inter-operable with 3rd party vendors.
Managing AI-Driven Campus Fabric with the Juniper Mist Cloud
Juniper Mist Wired Assurance brings cloud management and Mist AI to campus fabric. It sets a new standard that moves away from traditional network management towards AI-driven operations, while delivering better experiences to connected devices. The Juniper Mist Cloud streamlines deployment and management of campus fabric architectures by allowing:
• Automated deployment and zero touch deployment (ZTD)
• Anomaly detection
• Root cause analysis
Chassis-Class Availability
The EX4400 switches deliver high availability through redundant power supplies and fans, graceful Routing Engine switchover (GRES), and nonstop bridging and routing when deployed in a Virtual Chassis configuration.
In a Virtual Chassis configuration, each EX4400 switch is capable of functioning as a Routing Engine (RE). When two or more EX4400 switches are interconnected, a single control plane is shared among all Virtual Chassis member switches. Junos OS automatically initiates an election process to assign a master (active) and backup (hot-standby) RE. An integrated L2 and L3 GRES feature maintains uninterrupted access to applications, services, and IP communications in the unlikely event of a primary RE failure.
When more than two switches are interconnected in a Virtual Chassis configuration, the remaining switch elements act as line cards and are available to assume the backup RE position should the designated master fail. Master, backup, and line card priority status can be assigned to dictate the order of ascension; this N+1 RE redundancy, coupled with the GRES, nonstop active routing (NSR), and nonstop bridging (NSB) capabilities of Junos OS, assures a smooth transfer of control plane functions following unexpected failures.
The EX4400 implements the same slot/module/port numbering schema as other Juniper Networks chassis-based products when numbering Virtual Chassis ports, providing true chassis-like operations. By using a consistent operating system and a single configuration file, all switches in a Virtual Chassis configuration are treated as a single device, simplifying overall system maintenance and management.
Individually, the EX4400 offers a number of HA features that are typically associated with modular chassis-based switches. When combined with the field-proven Junos OS and L2/L3 failover capabilities, these features provide the EX4400 with true carrier-class reliability.
Redundant power supplies: The EX4400 line of Ethernet switches supports redundant, load-sharing, hot-swappable, and field-replaceable power supplies to maintain uninterrupted operations. Thanks to its compact footprint, the EX4400 requires significantly less power than chassis-based switches delivering equivalent port densities.
Hot-swappable fans: The EX4400 includes hot-swappable fans, providing sufficient cooling (for a short duration) even if one of the fans were to fail.
Nonstop bridging and nonstop active routing: NSB and NSR on the EX4400 ensure that control plane protocols, states, and tables are synchronized between primary and standby REs to prevent protocol flaps or convergence issues following a Routing Engine failover.
Redundant trunk group (RTG): To avoid the complexities of Spanning Tree Protocol (STP) without sacrificing network resiliency, the EX4400 employs redundant trunk groups to provide the necessary port redundancy and simplify switch configuration.
Cross-member link aggregation: Cross-member link aggregation allows redundant link aggregation connections between devices in a single Virtual Chassis configuration, providing an additional level of reliability and availability.
IPv4 and IPv6 routing support: IPv4 and IPv6 Layer 3 routing (OSPF and BGP) is available with an Enhanced license, enabling highly resilient networks.
MACsec AES256
The EX4400 switches support IEEE 802.1ae MACsec with AES-256-bit encryption to increase security of point-to-point traffic communications. MACsec provides encrypted communication at the link layer that is capable of identifying and preventing threats from denial of service (DoS) and other intrusion attacks, as well as man-in-the-middle, masquerading, passive wiretapping, and playback attacks launched from behind the firewall. When MACsec is deployed on all ports, the traffic is encrypted on the wire, but the traffic inside the switch is not. This allows the switch to apply network policies such as quality of service (QoS) or deep packet inspection (DPI) to each packet without compromising the security of packets on the wire. On the EX4400 switches, the MACsec AES-256 encryption capability is supported on all user-facing interfaces as well as the 25GbE extension modules.
PoE/PoE+/Poe++ Power, Perpetual and Fast PoE
The EX4400 delivers PoE for supporting connected devices such as phones, surveillance cameras, IoT devices, and 802.11AX/Wi-Fi 6 access points, offering a PoE power budget of up to 2200 W and supporting up to 90 W per port based on the IEEE 802.3bt PoE standard.
The EX4400 switches support perpetual PoE, which provides uninterrupted power to connected PoE powered devices (PDs) even when the switch is rebooting.
The EX4400 switches also support a fast PoE capability that delivers PoE power to connected endpoints during a switch reboot, even before the switch is fully operational. This is especially beneficial in situations where the endpoint only needs the power and is not necessarily dependent on network connectivity.
Junos Telemetry Interface
The EX4400 supports Junos telemetry interface (JTI), a modern telemetry streaming feature designed for switch health and performance monitoring. Sensor data can be streamed at configurable periodic intervals to a management system, enabling network administrators to monitor individual link and node utilization as well as troubleshoot issues such as network congestion in real time. JTI delivers the following features:
• Performance management by provisioning sensors to collect and stream data and analyze application and workload flow paths through the network
• Capacity planning and optimization by proactively detecting hotspots and monitoring latency and microbursts
• Troubleshooting and root cause analysis via high-frequency monitoring and correlation of overlay and underlay networks
Junos Operating System
The EX4400 switches run Junos OS, Juniper’s powerful and robust network operating system that powers all Juniper switches, routers, and firewalls. By utilizing a common operating system, Juniper delivers a consistent implementation and operation of control plane features across all products. To maintain that consistency, Junos OS adheres to a highly disciplined development process that uses a single source code and employs a highly available modular architecture that prevents isolated failures from bringing down an entire system.
These attributes are fundamental to the core value of the software, enabling all Junos OS-powered products to be updated simultaneously with the same software release. All features are fully regression tested, making each new release a true superset of the previous version. Customers can deploy the software with complete confidence that all existing capabilities are maintained and operate in the same way.
Flex Licensing
Juniper Flex licensing offers a common, simple, and flexible licensing model for EX Series access switches, enabling customers to purchase features based on their network and business needs.
Flex licensing is offered in Standard, Advanced, and Premium tiers. Standard tier features are available with the Junos OS image that ships with EX Series switches. Additional features can be unlocked with the purchase of a Flex Advanced or Flex Premium license.
The Flex and Premium licenses for the EX Series platforms are class-based, determined by the number of access ports on the switch. Class 1 (C1) switches have 12 ports, Class 2 (C2) switches have 24 ports, and Class 3 (C3) switches have 32 or 48 ports.
The EX4400 switches support both subscription and perpetual Flex licenses. Subscription licenses are offered for three- and five-year terms. In addition to Junos OS features, the Flex Advanced and Premium subscription licenses include Juniper Mist Wired Assurance. Flex Advanced and Premium subscription licenses also allow portability across the same tier and class of switches, ensuring investment protection for the customer.
Full specification and details can be found in the Product Datasheet PDF file
