[j-nsp] J series packet mode

Eugeniu Patrascu eugen at imacandi.net
Thu Dec 19 09:43:15 EST 2013

On Thu, Dec 19, 2013 at 4:25 PM, Tom Storey <tom at snnap.net> wrote:

> Hi everyone.
> Whats the general consensus about using a J series entirely in packet mode?
When you enable packet-mode on J-Series you loose the stateful firewall

> Are there any gotchyas to be wary of, like missing features,
> performance hit? It looks like you can configure 3 address families
> for packet mode (iso, inet6, mpls) but not inet4. But, from what Im
> reading, enabling MPLS packet mode forces the whole box in to packet
> mode, including inet4.

You get to run IPv4, IPv6, MPLS and everything else.

> Source: http://www.juniper.net/us/en/local/pdf/app-notes/3500192-en.pdfpage 6
> Quote: "When MPLS is configured, there is no way of knowing if an IP
> packet entering the services gateway will require MPLS encapsulation
> until the packet is processed, so enabling MPLS can be used to force
> an SrX Series or J Series device to forward all IPv4 traffic in packet
> mode."
> FWIW the situation I am picturing would not require NAT or IPSEC or
> other services like that, just packet shifting with ACLs, some routing
> protocols (IS-IS/BGP), and something like VRRP for gateway redundancy.
You can still use IPSec. I'm not sure about NAT, but most probably you will
get it the old JUNOS way (no security zones).

> Im interested in using it more like a router than a firewall, just
> good old fashion packets and ACLs!
I use several J series precisely for this, including full routing tables,
and they work without any issues, including some virtual routers.

> As I understand it the J series were originally a packet mode box
> until Juniper switched the default behaviour to flow based. Has there
> been any major architecture changes that would rule out packet mode
> operation?
Switch on packet mode and you get a cheap, featureful router :)


More information about the juniper-nsp mailing list