[j-nsp] SRX for MPLS

Chris Evans chrisccnpspam2 at gmail.com
Fri Oct 22 09:46:21 EDT 2010


My question is what is the purpose of using a security device for pure
routing purposes???   Why not just buy a router?
On Oct 22, 2010 9:34 AM, "Will McLendon" <wimclend at gmail.com> wrote:
> you can definitely do MPLS on J-series and SRX gateways. It even says so
on the datasheet -- however, as was mentioned, you must put the device in
packet-based mode, and thus lose ALL security features (everything that is
configured under [edit security] -- so Zones, Stateful Policies, NAT, etc.
are all not available)
>
> to add-on to Tim's comment, you will want to use the command 'delete
security' to wipe out that hierarchy, and then enable the packet-based mode:
>
> set security forwarding-options family mpls mode packet-based.
>
> there are other statements in that hierarchy to enable packet-based for
inet6 etc, but i've never turned that on...just the MPLS statement will turn
it into a regular router.. My main fear for your deployment would be the
environmental conditions. I don't believe the SRX is specifically hardened
for that kind of environment (that isn't to say it wouldn't work, though).
>
> Also, you aren't planning to put an entire BGP table into them are you?
I'm not sure how well that would work on the smaller boxes. I think i've
heard of it being done, but never done it myself so I can't speak to the
stability of such a scenario.
>
> Good luck,
>
> Will
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list