[j-nsp] J series users bitten by the massive memory useincrease with flow mode add, please file jtac cases.

Amos Rosenboim amos at oasis-tech.net
Thu Jul 22 15:36:36 EDT 2010 

Chris,

The discussion is about J series routers, not SRXs.
The J series are marketed as routers not security devices and turning  
them to security devices all of a sudden is a decision I still don't  
understand.

If you want to open a discussion about SRX we can do that.
I have no experience with the high end SRXs but a lot of experience  
with the lower end SRX devices (210-650) and I can honestly say that I  
consider them to be the worst piece of networking/security hardware I  
ever worked with.

The software quality for these devices is catastrophic, including many  
stability related bugs which crashed devices time after time.
The logging of the devices is so inconvenient and also affect  
performance significantly, to a level where logging advised by JTAC  
killed a device.
I heard this not only from colleagues but also from advanced JTAC  
engineers.
It came to a point where my company stopped selling SRX devices and  
talking to the local distributer I understand that the overall Juniper  
security sales (in our small country) declined significantly.

It's important to mention that I'm a big Juniper fan (especially for  
the Junos line of products), and I'm not looking to flame the product  
for nothing.

Regards

Amos


On Jul 22, 2010, at 9:49 PM, Chris Whyte wrote:

>> IMO Juniper has royally screwed up in the small router/CPE market.
>> One can hope that they won't perform similar stunts on the M/MX/T
>> series.
>>
>
> There's absolutely no reason why this would be considered. The fact  
> that you
> would make that statement leads me to believe that people might not
> understand why the SRX product line was created in the first place.
>
> The entire SRX product line (branch and high-end) covers the  
> performance
> spectrum across M and MX series but were created specifically as
> purpose-built security devices and therefore should be implemented  
> as such.
> In addition, in order to do high-end processing of (stateful) flows  
> you need
> dedicated and specific hw to achieve desired performance. That hw  
> doesn't
> exist on MX and T series. It only exists on high-end SRX (ie SPUs).
>
> Thanks, Chris
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list