[j-nsp] completely disable session (flow) in netscreen

Dan Farrell danno at appliedi.net
Sun Mar 7 01:56:43 EST 2010


Just taking a stab... 

... if they are SSG/J boxes, what about loading JUNOS onto them, which is not flow-based?

We had the opportunity to do this with a pair of SSG 520M's. It entailed getting a separate flash card from Juniper with the JUNOS image that physically replaced the Netscreen image flashcard in the box.

Of course, if this were at all workable for you, it would entail a completely new configuration on your part, with you basically translating your Netscreen functionality into JUNOS. 

Not sure if that would even be worth it for you, but YMMV.


Dan

danno at appliedi.net

________________________________________
From: juniper-nsp-bounces at puck.nether.net [juniper-nsp-bounces at puck.nether.net] On Behalf Of Michel de Nostredame [d.nostra at gmail.com]
Sent: Saturday, March 06, 2010 4:34 AM
To: Juniper nsp
Subject: [j-nsp] completely disable session (flow) in netscreen

Hi,

The problem I encountered is that I am doing many route-based tunnels
on many NetScreen boxes, and sometimes there will be asymmetric routes
over tunnels and physical interfaces.

Asymmetric paths in traditional routers / L3-switches will not be a
problem, but in NetScreen that will cause session drops and/or
traceroute timeouts, in my case.

I am wondering if there is any way to *completely* disable the
concepts of session (or flow ...) in a NetScreen to make it acts like
a "router".

Thanks in advance.
--
Michel~
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list