[j-nsp] SRX as Little Juniper BGP Box

Buraglio, Nicholas D buraglio at illinois.edu
Mon Mar 29 12:27:17 EDT 2010 

We're using the SRX platform in a similar fashion without much issue.  The SRX series are a decent bang-for-your-buck box but it does have some gotchas, especially if you're using their clustering abilities on the smaller boxes (the larger chassis boxes work really well in every test and odd situation we've put them through).  As stated before, the SRX is really a firewall that can do routing in a logical, sane way.  It's not a router that can firewall, so all the normal caveats apply with as with a firewall device.  That said, I really like the SRX as a routing platform as well.  
I believe the IPv6 protocol is still a bit raw on the SRX, IIRC May should bring much better support for v6 with 10.2, I'm not even attempting v6 on them until I see a decent 10.2 release since we do a bit more than just route with them.

nb  



---
Nick Buraglio   
Network Engineer, CITES, University of Illinois / ICCN
GPG key 0x2E5B44F4
Phone: 217.244.6428
buraglio at illinois.edu

On Mar 22, 2010, at 8:53 PM, Rubens Kuhl wrote:

> Beware of the firewall nature of the SRX in situations like
> asymmetrical routing; you can make a workaround using selective
> firewall filters with the packet-mode clause, as long as you don't put
> traffic where the router is the destination in packet mode (this has
> to use flow mode).
> 
> 
> Rubens
> 
> 
> On Mon, Mar 22, 2010 at 5:11 PM, Jay Hanke <jhanke at myclearwave.net> wrote:
>> I’m in need of a box that will handle up to ½ gig of throughput and some
>> very low volume BGP (about 200 routes + default) for IPv4 and IPv6 in the
>> next couple of months.
>> 
>> 
>> 
>> I was looking at the sheets and the SRX appears to give a little more “bang
>> for buck” as compared to a j2320 or j2350. I wouldn’t be afraid of the EX
>> line but the cost of the AFL for BGP puts me out of the budget for the
>> project.
>> 
>> 
>> 
>> Has anyone used an SRX in a similar situation? Is the j-series still safer?
>> 
>> 
>> 
>> Thanks,
>> 
>> 
>> 
>> Jay
>> 
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list