[j-nsp] SRX for MPLS

Paul Stewart paul at paulstewart.org
Fri Oct 22 10:54:55 EDT 2010


Has anyone done much l2vpn on them?  I know that's related for sure..;)

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Miroslav Georgiev
Sent: Friday, October 22, 2010 10:05 AM
To: Will McLendon
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] SRX for MPLS

Unfortunately there are some vpls limitations on SRX and J-series 
routers. You should check them first.
Besides that everything works.

On 10/22/2010 04:28 PM, Will McLendon wrote:
> you can definitely do MPLS on J-series and SRX gateways.  It even says so
on the datasheet -- however, as was mentioned, you must put the device in
packet-based mode, and thus lose ALL security features (everything that is
configured under [edit security] -- so Zones, Stateful Policies, NAT, etc.
are all not available)
>
> to add-on to Tim's comment, you will want to use the command 'delete
security' to wipe out that hierarchy, and then enable the packet-based mode:
>
> set security forwarding-options family mpls mode packet-based.
>
> there are other statements in that hierarchy to enable packet-based for
inet6 etc, but i've never turned that on...just the MPLS statement will turn
it into a regular router..  My main fear for your deployment would be the
environmental conditions.  I don't believe the SRX is specifically hardened
for that kind of environment (that isn't to say it wouldn't work, though).
>
> Also, you aren't planning to put an entire BGP table into them are you?
I'm not sure how well that would work on the smaller boxes.  I think i've
heard of it being done, but never done it myself so I can't speak to the
stability of such a scenario.
>
> Good luck,
>
> Will
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>    
-- 
Regards,,,
Miroslav Georgiev
SpectrumNet Jsc.
+(359 2)4890604
+(359 2)4890619


_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list