[j-nsp] J series users bitten by the massive memory useincrease with flow mode add, please file jtac cases.

Heath Jones hj1980 at gmail.com
Thu Jul 22 18:16:47 EDT 2010


Chris I think you've hit the nail on the head here.. In my experience
communication from Juniper is, exactly that. Simplex mode only.
Any opening up of channels and getting the message from customers
and 'partners' back into Juniper is greatly appreciated!

Cheers



On 22 July 2010 20:59, Chris Whyte <cwhyte at juniper.net> wrote:

> I understand. I was specifically addressing the high-level comment/concern
> that Juniper might do the same (ie implement flow mode) on M/MX/T series.
> SRX serves this purpose. That's all.
>
> My concern is that not everyone seems to understand the high-level
> decisions
> behind architecture, product and feature direction. I personally find it
> difficult that anyone can understand specific details without understanding
> these fundamental decisions first. Hence I was just trying to chime in with
> that type of information. By injecting some of this commentary it is also
> likely that the decision makers at certain BUs at Juniper will see some of
> your concerns first hand. My intention is a positive one. I promise you.
> :-)
>
> Another way to look at it: It's akin to understanding the why Juniper chose
> the one OS architectural approach vs Cisco choosing the N x OS
> architectural
> approach. Why choose a vendor until you fully understand the benefits of
> their architectural decisions?
>
> Thanks, Chris
>
>
> On 7/22/10 12:36 PM, "Amos Rosenboim" <amos at oasis-tech.net> wrote:
>
> > Chris,
> >
> > The discussion is about J series routers, not SRXs.
> > The J series are marketed as routers not security devices and turning
> > them to security devices all of a sudden is a decision I still don't
> > understand.
> >
> > If you want to open a discussion about SRX we can do that.
> > I have no experience with the high end SRXs but a lot of experience
> > with the lower end SRX devices (210-650) and I can honestly say that I
> > consider them to be the worst piece of networking/security hardware I
> > ever worked with.
> >
> > The software quality for these devices is catastrophic, including many
> > stability related bugs which crashed devices time after time.
> > The logging of the devices is so inconvenient and also affect
> > performance significantly, to a level where logging advised by JTAC
> > killed a device.
> > I heard this not only from colleagues but also from advanced JTAC
> > engineers.
> > It came to a point where my company stopped selling SRX devices and
> > talking to the local distributer I understand that the overall Juniper
> > security sales (in our small country) declined significantly.
> >
> > It's important to mention that I'm a big Juniper fan (especially for
> > the Junos line of products), and I'm not looking to flame the product
> > for nothing.
> >
> > Regards
> >
> > Amos
> >
> >
> > On Jul 22, 2010, at 9:49 PM, Chris Whyte wrote:
> >
> >>> IMO Juniper has royally screwed up in the small router/CPE market.
> >>> One can hope that they won't perform similar stunts on the M/MX/T
> >>> series.
> >>>
> >>
> >> There's absolutely no reason why this would be considered. The fact
> >> that you
> >> would make that statement leads me to believe that people might not
> >> understand why the SRX product line was created in the first place.
> >>
> >> The entire SRX product line (branch and high-end) covers the
> >> performance
> >> spectrum across M and MX series but were created specifically as
> >> purpose-built security devices and therefore should be implemented
> >> as such.
> >> In addition, in order to do high-end processing of (stateful) flows
> >> you need
> >> dedicated and specific hw to achieve desired performance. That hw
> >> doesn't
> >> exist on MX and T series. It only exists on high-end SRX (ie SPUs).
> >>
> >> Thanks, Chris
> >>
> >>
> >>
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list