[j-nsp] SRX for MPLS

Miroslav Georgiev mgeorgiev at spnet.net
Mon Oct 25 04:16:36 EDT 2010 

I tested everything from mpls, ldp, rsvp, l2vpns, l3vpns, vpls and other 
routing protocols.
There are some limitations for mtu, encapsulations, fragmentation and 
other small but pain in the ass things.
Best thing is to get some (2 or more srx210 or better) and to do your 
tests . After that you will consider buying them.
About security things - if you still need them you can separate the box 
in 2 virtual-routers or something else.

On 10/22/2010 05:54 PM, Paul Stewart wrote:
> Has anyone done much l2vpn on them?  I know that's related for sure..;)
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Miroslav Georgiev
> Sent: Friday, October 22, 2010 10:05 AM
> To: Will McLendon
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] SRX for MPLS
>
> Unfortunately there are some vpls limitations on SRX and J-series
> routers. You should check them first.
> Besides that everything works.
>
> On 10/22/2010 04:28 PM, Will McLendon wrote:
>    
>> you can definitely do MPLS on J-series and SRX gateways.  It even says so
>>      
> on the datasheet -- however, as was mentioned, you must put the device in
> packet-based mode, and thus lose ALL security features (everything that is
> configured under [edit security] -- so Zones, Stateful Policies, NAT, etc.
> are all not available)
>    
>> to add-on to Tim's comment, you will want to use the command 'delete
>>      
> security' to wipe out that hierarchy, and then enable the packet-based mode:
>    
>> set security forwarding-options family mpls mode packet-based.
>>
>> there are other statements in that hierarchy to enable packet-based for
>>      
> inet6 etc, but i've never turned that on...just the MPLS statement will turn
> it into a regular router..  My main fear for your deployment would be the
> environmental conditions.  I don't believe the SRX is specifically hardened
> for that kind of environment (that isn't to say it wouldn't work, though).
>    
>> Also, you aren't planning to put an entire BGP table into them are you?
>>      
> I'm not sure how well that would work on the smaller boxes.  I think i've
> heard of it being done, but never done it myself so I can't speak to the
> stability of such a scenario.
>    
>> Good luck,
>>
>> Will
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
>>
>>      
-- 
Regards,,,
Miroslav Georgiev
SpectrumNet Jsc.
+(359 2)4890604
+(359 2)4890619

More information about the juniper-nsp mailing list