jsw at inconcepts.biz
Thu Sep 27 20:21:03 EDT 2012
On Thu, Sep 27, 2012 at 7:13 PM, Dave Peters - Terabit Systems
<Dave at terabitsystems.com> wrote:
> We are considering deploying these for a customer's TOR, but I don't have any experience with them.
> Anybody out there have experience or comments good/bad on these? Anything I should know going in?
We have several QFX in production in clients' networks, doing L2, and
are mostly satisfied. We are recently working on a problem with high
amount of unknown-unicast or multicast traffic but we are not sure the
problem is the switch. If this is our only gripe, I'd say that is an
indicator the switch works well.
We haven't done any L3 or QFabric. The reason for no L3 is there are
some hard-coded CoPP "accept" rules that you cannot override by
configuration which make the switch unusually vulnerable to a DoS
attack. Juniper says they will not address this, so we don't have
hopes of using them for L3 in the future.
I think QFabric is brain-damaged and doubt we will ever try it.
Also, if you run software before 12.2, you should apply a fix
suggested by JTAC to stop the switch from hanging when you plug/unplug
the serial port, or send it a break. The PR# is finally un-hidden
(now that they have fixed it, go figure) and is available below. You
just need to modify /etc/rc.conf.platform or upgrade to 12.2.
This is the worst problem we had with the QFX and it took us a lot of
time to realize what was going on. Hopefully it will save you some
Overall, I continue to recommend QFX to my clients for layer-2 where
commit/rollback is beneficial. Outside of that, I believe it has
limited application at this time due to the CoPP problems; but Juniper
could decide to fix that if they think some customers will buy the
switch because of fixing it.
Jeff S Wheeler <jsw at inconcepts.biz> +1 502-523-6989 Mobile
Sr Network Operator / Innovative Network Concepts
More information about the juniper-nsp