[j-nsp] SRX as a server load balancer for service redundancy?
joel jaeggli
joelja at bogus.com
Wed Aug 15 13:30:34 EDT 2012
On 8/15/12 10:08 AM, Majdi S. Abbas wrote:
> On Wed, Aug 15, 2012 at 09:53:07AM -0700, joel jaeggli wrote:
>> I'm generally down on the idea of putting a stateful firewall in
>> front of a service that accepts unsolicited incoming connections, it
>> will tend to be the least scalable item in the path.
> That's okay, anyone that does this is quickly going to turn off
> the involved ALG, as well as all the TCP state checks. They may even
> wind up in packet mode.
yeah agree, and it should do small packet up to a point, after which
it's unsuitable, but until then.
> Not that a 210 is super scalable to begin with... but now that
> the J-series has effectively been turned into the SRX line I suspect
> this is more common than we think.
> At least for Juniper's customers,
> given the obvious gap in the product line.
>
> --msa
>
More information about the juniper-nsp
mailing list