[j-nsp] Maximum IPsec (st0) tunnels for SRX-series
Dale Shaw
dale.shaw+j-nsp at gmail.com
Sun May 5 20:02:33 EDT 2013
Hi all,
Just looking for some real-world experience with the maximum practical
number of IPsec tunnel (st0) interfaces supported on SRX-series --
everything from low end/branch up to high end.
The data sheets say:
SRX100: 128
SRX110: 128
SRX210: 256
SRX220: 512
SRX240: 1,000
SRX550: 2,000
SRX650: 3,000
SRX1400: ?
SRX3x00: 7,500
SRX5x00: 15,000
Those are some pretty hefty numbers as you move up the product family
but as we all know, sometimes data sheets are pure fantasy, dreamt up
by sales/marketing types after lavish and expensive liquid lunches.
I just wanted to know if anyone's seen control planes turn into molten
goop trying to wrangle, say, 100-150 tunnels.
(I'm not worried about forwarding performance as all I'm looking at
doing is fully-meshing an existing enterprise WAN where the SRX boxen
are doing a great job shuffling packets (er, I mean flows) around.)
cheers,
Dale
More information about the juniper-nsp
mailing list