[j-nsp] SRX for MPLS

Miroslav Georgiev mgeorgiev at spnet.net
Fri Oct 22 10:04:36 EDT 2010


Unfortunately there are some vpls limitations on SRX and J-series 
routers. You should check them first.
Besides that everything works.

On 10/22/2010 04:28 PM, Will McLendon wrote:
> you can definitely do MPLS on J-series and SRX gateways.  It even says so on the datasheet -- however, as was mentioned, you must put the device in packet-based mode, and thus lose ALL security features (everything that is configured under [edit security] -- so Zones, Stateful Policies, NAT, etc. are all not available)
>
> to add-on to Tim's comment, you will want to use the command 'delete security' to wipe out that hierarchy, and then enable the packet-based mode:
>
> set security forwarding-options family mpls mode packet-based.
>
> there are other statements in that hierarchy to enable packet-based for inet6 etc, but i've never turned that on...just the MPLS statement will turn it into a regular router..  My main fear for your deployment would be the environmental conditions.  I don't believe the SRX is specifically hardened for that kind of environment (that isn't to say it wouldn't work, though).
>
> Also, you aren't planning to put an entire BGP table into them are you?  I'm not sure how well that would work on the smaller boxes.  I think i've heard of it being done, but never done it myself so I can't speak to the stability of such a scenario.
>
> Good luck,
>
> Will
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>    
-- 
Regards,,,
Miroslav Georgiev
SpectrumNet Jsc.
+(359 2)4890604
+(359 2)4890619




More information about the juniper-nsp mailing list