[j-nsp] SRX as a server load balancer for service redundancy?

joel jaeggli joelja at bogus.com
Wed Aug 15 13:30:34 EDT 2012


On 8/15/12 10:08 AM, Majdi S. Abbas wrote:
> On Wed, Aug 15, 2012 at 09:53:07AM -0700, joel jaeggli wrote:
>> I'm generally down on the idea of putting a stateful firewall in
>> front of a service that accepts unsolicited incoming connections, it
>> will tend to be the least scalable item in the path.
> 	That's okay, anyone that does this is quickly going to turn off
> the involved ALG, as well as all the TCP state checks.  They may even
> wind up in packet mode.
yeah agree, and it should do small packet up to a point, after which 
it's unsuitable, but until then.
> 	Not that a 210 is super scalable to begin with... but now that
> the J-series has effectively been turned into the SRX line I suspect
> this is more common than we think.
>   At least for Juniper's customers,
> given the obvious gap in the product line.
>
> 	--msa
>



More information about the juniper-nsp mailing list