[j-nsp] Best device to fit for a project

R S dim0sal at hotmail.com
Tue Apr 1 05:06:09 EDT 2014


the hub have to support the sum of all the branches, hence definetely more than 1 Gbs...
you're arrived to my same conclusion, I'd a look to MX but it's a bit more expensive...

tks

> From: bdale at comlinx.com.au
> To: dim0sal at hotmail.com
> CC: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Best device to fit for a project
> Date: Tue, 1 Apr 2014 07:36:37 +0000
> 
> SRX550 is pretty much your only option in the branch if you require dual power supply, but is in every other way overspecced (and thus priced) for the remainder of your branch requirements.  If you can do without the RPS, then I'd go with either an SRX220 or 240, which will easily handle the remainder of your requirements.
> 
> Are you sure you want 7-10GBps of IPSEC?  I'm not sure what market you're in, but I don't imagine a 10Gbps WAN port is particularly cheap from your carrier (since you list price as being important).  
> 
> If you absolutely need this much crypto though, then you'll be looking at somewhere between an SRX650 and an SRX1400 plus appropriate 10G XPM/IOC.
> 
> As for scalability - no issues - the 650 will support up to 3,000 tunnels and the 1400 was good for about 15,000 last time I looked - it's probably gotten better since then.
> 
> Ben
> 
> On 1 Apr 2014, at 4:37 pm, R S <dim0sal at hotmail.com> wrote:
> 
> > For a project (70 branch offices and 2 Headquarters connected in an hub&spoke topology with IPSEC over MPLS among branch and HQ) I’m looking for the best device which cover the following items:
> > 
> > Branch:
> > Single device 
> > At least two Ethernet interfaces (WAN/LAN)
> > Ipsec supporting 10-50-100 Mbs
> > Routing protocols such as BGP-OSPF
> > NAT
> > Redundant power supply (some site not but in principle I need it)
> > 
> > HeadQuarter:
> > Single device with XE intf 
> > At least two Ethernet interfaces (WAN/LAN)
> > IPSEC supporting up to 7-10 Gbs of IPSEC (the sum of branches)
> > Routing protocols such as BGP-OSPF
> > NAT
> > Redundant power supply
> > 
> > Firewall is not needed, MPLS will be runned by the carrier, the devices and IPSEC are on-top of MPLS.
> > I’m looking for the best solution in terms of scalability and price (very important).
> > 
> > Also any advice with experience for the decision is appreciated.
> > 
> > Regards
> > 		 	   		  
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
 		 	   		  


More information about the juniper-nsp mailing list