[j-nsp] SRX100 for dual 100M uplink routing network in packet mode.

[叶雨飞]

Thx,  i am mostly disappointed in their implementation of nat/ipsec
require flow processing, it's totally unnecessary!  i hate session
tables too!

Although i heard horrible things about boot time on lower level srx
devices, it claims to need 5 minutes to boot up.  how is yours ?I'm
mostly interested in boot time under 10.4 (jtac recommend version)



On Tue, Nov 27, 2012 at 11:08 PM, Michel de Nostredame
<d.nostra at gmail.com> wrote:
> On Tue, Nov 27, 2012 at 2:52 PM, 叶雨飞 <sunyucong at gmail.com> wrote:
>> Hi,
>> I currently have 2 100mbps uplink (about 50% bandwidth  utilization,
>> 10kpps each), I am hoping to get a srx100 as the router, run it in
>> packet mode for most traffic except some low traffic nat/ipsec
>> management tunnels.
>> Is that going to be enough? or should I aim for srx210 or higher?
>
> From the SPEC, SRX100 can runs Firewall+Routing at 64 Byte-Packet to
> 70Kpps. It should able to move your 10Kpps x 2 = 20Kpps traffics
> around with no problem in packet-mode.
>
> However, if NAT/IPsec are also needed, you will have to run the box in
> flow-mode or selective-packet-mode for certain packets in flow-mode
> and others in packet-mode.
>
> Not sure if SRX100 can keeps the performance when doing things in
> selective-packet-mode, but consider it is implemented by using ACL
> (stateless firewall filter) on the inbound interfaces. Things sound
> worth a try. LAB testing or POC won't hurt, right?
>
> If you do able to perform some POC, please share the result to list :)
>
> PS: I just got a SRX100 and am going to do some POC with
> selective-packet-mode. Basically I want to route my traffic into GRE
> tunnel in packet-mode and route GRE packet over IPsec to remote SSG
> site in flow-mode because IPsec needs flow module. Hopefully this can
> suppress my session-table usage to only one for two records. I hate
> flow-mode JUNOS for a long long long time since J-series, but the SRX
> prices are simply irresistible.
>
> --
> Michel~