[j-nsp] Very disappointed with Juniper

Rafał Szarecki rszarecki at gmail.com
Sat Apr 8 18:25:48 EDT 2006


W. Kevin,

See inline ..
> 1.) JUNOS seems steeped in BSD, one of my favorite OS's, is it true you 
> can run FreeBSD compiled binaries on JUNOS ?
>   
Currently JUNOS kernel requires that binaries are digitally signed. 
Untrusted binaries will not be executed.
> 2.) How is "controller redundancy" handled on the Juniper platform?
>   
I do not know what you asking about.
> 3.) Anyone here had to deal with 6-8 mpps ddos attacks on a Juniper, and 
>   if so, was the juniper cli responsive during the attacks, and what 
> mitigation abilities did the Juniper give you?  I'm accustomed to just 
> plain ios acl's for mitigation which is tough when there are 8-9 hundred 
> sources.
>   
If target in not a router, they just forward traffic without any impact 
of CLI or routing protocol. (execpt of course overloaded interfaces.)
If router is a traget, then you can fortyfy RE (routing engine) by 
filewall filter (stateless filters) executed on CF-chip (ASIC). No 
problem with performance at all.
Moreover you can use MP-BGP to propagate _definition of filters_ 
(inclufing protocols and ports !) from one place to many routers, base 
e.g by communities. This is IETF draft implementation.

exeptional packets (e.g. IP option set, TTL=1 etc) - turn off processing 
of IP options is good idea. For TTL=1 - CPU is involved (but not this 
same as RE) so no problem with CLI, but sometime you experience problem 
with internal communication in chassis.
> 4.) What are the support and upgrade options on equipment that one did 
> not purchase "new".  i.e. we acquired this M40, it seems to have JUNOS 
> 4.1 on it.  What kind of expense am I looking at to get the latest JUNOS 
> on it and basic telephone support for it?
>   
What do you mean telephone support? JTAC?
You say "aquire M40" but it is very important how this happen form legal 
point of view. JUNOS license is issued for chassis AND company/owner. So 
if you by chassis on e-bay you have to: purchase new license and ask 
JNPR to make audite (payeble). Then you will have 1 yeas support (phone 
JTAC and updates and upgrades).
But just contact with juniper sales representative.

 From technical perspective, AFAIK if HW is supported (even EoS from 
years), then newest JUNOS support them. For HW which is out of support - 
you cann't assume this.

Rafal Szarecki JNCIE
> --
> W. Kevin Hunt
> CCIE #11841
> Linux+ SME
>
> "There are 10 kinds of people in this world, those that understand 
> binary and those that do not."
>
> Chris Cappuccio wrote:
>   
>> I recently moved over several chan DS3s and a few clear DS3s from some ancient
>> 7507s to a Juniper M20... It was very exciting to get this new router, 40Mpps
>>     
> --snip--
>   IOS version that actually works properly.  What ever happened to 
> unexplained
>   
>> spontaneous reboots? Shit, I'm going to be out of a job soon.  I'm not quite
>> sure how to deal with this, everything "just works" "out of the box"....  
>>     
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
>   


More information about the juniper-nsp mailing list