[j-nsp] SRX for MPLS

Will McLendon wimclend at gmail.com
Fri Oct 22 09:28:46 EDT 2010


you can definitely do MPLS on J-series and SRX gateways.  It even says so on the datasheet -- however, as was mentioned, you must put the device in packet-based mode, and thus lose ALL security features (everything that is configured under [edit security] -- so Zones, Stateful Policies, NAT, etc. are all not available)

to add-on to Tim's comment, you will want to use the command 'delete security' to wipe out that hierarchy, and then enable the packet-based mode:

set security forwarding-options family mpls mode packet-based.

there are other statements in that hierarchy to enable packet-based for inet6 etc, but i've never turned that on...just the MPLS statement will turn it into a regular router..  My main fear for your deployment would be the environmental conditions.  I don't believe the SRX is specifically hardened for that kind of environment (that isn't to say it wouldn't work, though).

Also, you aren't planning to put an entire BGP table into them are you?  I'm not sure how well that would work on the smaller boxes.  I think i've heard of it being done, but never done it myself so I can't speak to the stability of such a scenario.

Good luck,

Will


More information about the juniper-nsp mailing list