[j-nsp] SRX240 - ready for prime time?
TCIS List Acct
listacct at tulsaconnect.com
Tue Mar 6 08:46:26 EST 2012
> Switching with a pair of 240s (and 650s) is supported in 11.1R3 and
> later, but it does not work with the smaller branch boxes. You need (at
> least) one extra cable between the boxes dedicated to switch traffic.
> Have not tried it myself, but it is in the release notes.
Is this extra cable b/t the boxes a "fabric" or "stacking" connector of sorts?
In the application I had in mind, I will be using (2) NICs from each server
using the Intel Pro/1000 ET's VMLB (virtual machine load balancing) feature.
VMLB requires a "stacked switch" to work properly when you distribute the
connections across multiple switches (that is, they must "look" like a single
switch).
>> - Can the SRX be used as a multi-tenant firewall to provide distinct
>> L3 public IP subnets on VLAN interfaces, with their own set of unique
>> firewall rules, and the possibility of overlapping Untrust IP networks
>> (e.g. multiple customers have 192.168.1.0/24), AND the ability to
>> terminate IPSEC VPN tunnels on these VLAN interfaces? (I'm looking for
>> something to provide multi-tenant firewall services to a small Cloud
>> hosting infrastructure)
>
> Most of these things I have done extensively without problems, but for
> one item, which I have not been able to verify. In 10.2 it was not
> possible to terminate an IPsec VPN tunnel on an RVI (Routed VLAN
> interface), only on normal interfaces. I do not know if that limitation
> has been lifted.
The vSYS (or whatever the SRX calls them) would work well for my application,
but I just wish it supported more than 20 (and the SRX 650 is very expensive for
just an increase in the # of vSYS).
--Mike
More information about the juniper-nsp
mailing list