[j-nsp] J series packet mode
Eugeniu Patrascu
eugen at imacandi.net
Thu Dec 19 09:43:15 EST 2013
On Thu, Dec 19, 2013 at 4:25 PM, Tom Storey <tom at snnap.net> wrote:
> Hi everyone.
>
> Whats the general consensus about using a J series entirely in packet mode?
>
>
When you enable packet-mode on J-Series you loose the stateful firewall
capabilities.
> Are there any gotchyas to be wary of, like missing features,
> performance hit? It looks like you can configure 3 address families
> for packet mode (iso, inet6, mpls) but not inet4. But, from what Im
> reading, enabling MPLS packet mode forces the whole box in to packet
> mode, including inet4.
>
You get to run IPv4, IPv6, MPLS and everything else.
>
> Source: http://www.juniper.net/us/en/local/pdf/app-notes/3500192-en.pdfpage 6
>
> Quote: "When MPLS is configured, there is no way of knowing if an IP
> packet entering the services gateway will require MPLS encapsulation
> until the packet is processed, so enabling MPLS can be used to force
> an SrX Series or J Series device to forward all IPv4 traffic in packet
> mode."
>
> FWIW the situation I am picturing would not require NAT or IPSEC or
> other services like that, just packet shifting with ACLs, some routing
> protocols (IS-IS/BGP), and something like VRRP for gateway redundancy.
>
>
You can still use IPSec. I'm not sure about NAT, but most probably you will
get it the old JUNOS way (no security zones).
> Im interested in using it more like a router than a firewall, just
> good old fashion packets and ACLs!
>
>
I use several J series precisely for this, including full routing tables,
and they work without any issues, including some virtual routers.
> As I understand it the J series were originally a packet mode box
> until Juniper switched the default behaviour to flow based. Has there
> been any major architecture changes that would rule out packet mode
> operation?
>
>
Switch on packet mode and you get a cheap, featureful router :)
Regards,
Eugeniu
More information about the juniper-nsp
mailing list