[j-nsp] SRX, UDP traffic, routing asymmetry
Phil Mayers
p.mayers at imperial.ac.uk
Fri Dec 7 04:40:47 EST 2012
On 12/07/2012 05:05 AM, Michel de Nostredame wrote:
> On Thu, Dec 6, 2012 at 7:13 PM, 叶雨飞 <sunyucong at gmail.com> wrote:
>> downgrade to 9.3R4.4 then
>
> Unfortunately 9.3 is already EOLed (
> http://www.juniper.net/support/eol/junos.html )
>
> Tuning J/SRX into packet-mode will lost several valuable functions
> such as IPsec, Jflow... those are very important for small business.
>
> Selective-packet-mode is also a huge pain from operation point of
A "huge" pain? Really? Awkward I'll grant.
> view, also the Jflow will have problem under this.
>
> I believe the best solution is to keep pushing Juniper to bring
> packet-mode OS back to J-series with full functionality.
That would be nice, I agree.
>
> At this moment, Juniper does not have product, my personal opinion, to
> head-to-head compete against Cisco ISR. J-series could be the most
> closed product line to fill this gap.
Personally, I have the exact opposite opinion.
The packet mode / flow mode has some hassles. But the J/SRX devices
absolutely *annihilate* the Cisco ISR in terms of performance, and also
in terms of price/performance.
Cisco quoted performance for a 2951 is ~300Mbps, which an SRX210, at a
fraction of the cost, will easily beat. A J series just flattens it.
The ISR is a lacklustre platform IMO. It's amazingly slow for the cost,
and about the only thing it can do which a J/SRX in packet mode can't is
Netflow (which is a real lack) and IPSec (which you can do with a
flow-mode VR).
You could argue the flow-mode VR for IPSec is awkward, but it can mostly
be templated (which JunOS is good at, but IOS has no concept of).
Would the SRX with packet-mode JFlow & IPSec be even more awesome -
totally. But I think it holds its own against the ISR just on
price/performance.
More information about the juniper-nsp
mailing list