[j-nsp] Using SRX's for BGP and Firewalling
Julien Goodwin
jgoodwin at studio442.com.au
Mon Nov 8 19:47:31 EST 2010
On 09/11/10 02:38, Maqbool Hashim wrote:
> Hi,
>
> I'm looking at doing a multihomed BGP setup using two upstream Internet providers. We are obtaining PI space and would like to announce our PI space via BGP to our upstreams. I'm looking at using one of the SRX range from Juniper to handle the BGP and firewalling requirement for us. We don't need a full routing table. Is it a realistic proposal to do the BGP and firewalling on one device (an SRX) ? Or am I creating a rod for my own back by not using separate BGP routers and using separate devices to do the firewalling for me. I'd be interested in hearing if other people are using the SRX's in a similar way.
Thunderbird just ate my response, grr.
BGP full feed on an SRX650 is fine, if you disable flow mode (as much as
you can, don't forget the ALG's).
BGP with a default inbound and advertising a few routes is fine with
firewalling.
Combining a full feed with firewalling is a bad idea, at least on the
branch kit, and probably the SRK1k and 3k.
--
Julien Goodwin
Studio442
"Blue Sky Solutioneering"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20101109/90dae71c/attachment.bin>
More information about the juniper-nsp
mailing list