[j-nsp] SRX firewall virtualization

Youssef Bengelloun-Zahr youssef at 720.fr
Fri Oct 2 08:36:56 EDT 2015 

Hello,

We've been using those in an 5600 cluster for quite some time now, no major
worries. As usual, you will of course run into certain limitations /
caveats of the technology. But hey, what did you expect ?  ;-)

Number of L-SYS supported have increased over time with newer versions of
Junos. Communications between L-SYS need to use lt-interfaces and L-SYS
must be meshed using those in a hub-and-spoke fashion since 12.1X47.

HTH and BR.



2015-10-02 11:22 GMT+02:00 james list <jameslist72 at gmail.com>:

> Well indeed with SRX you can also associate zones+policies to the interface
> in the specific routing table
> I guess it's something more from my point of view....
>
> and I see also some benefit against lsys, I understand that SRX high end
> for example supoprt a few number of lsys...
> isn,'t it ?
>
>
>
> 2015-10-02 10:56 GMT+02:00 Chris Jones <ipv6freely at gmail.com>:
>
> > VR is multiple routing tables.
> >
> > Lsys is logical systems... basically one step deeper in logical
> > segmentation. Essentially multiple full routers in each box.
> >
> > On Fri, Oct 2, 2015 at 9:08 AM, james list <jameslist72 at gmail.com>
> wrote:
> >
> >> Dear experts,
> >>
> >> I’d like to know your opinion about firewall virtualization inside SRX
> >> boxes (high-end).
> >>
> >>
> >> As far as I understand there are a couple of way: Logical Systems (LSys)
> >> and Virtual routers (VR).
> >>
> >>
> >>
> >> From your point of view:
> >>
> >>
> >> 1)      Which are the main differences among Lsys and VR ?
> >>
> >> 2)      Which are pro and cons of LSys and VR ?
> >>
> >> 3)      If I need to put in communication two LSys in the same box which
> >> is
> >> the maximum throughtput I can get ? Should I use lt- interface ?
> >>
> >> 4)      If I need to put in communication two VR  in the same boz which
> is
> >> the maximum throughtput I can get ? Should I use import/export ?
> >>
> >>
> >>
> >> If  inside the feedbacks you can provide any reference URL it will be
> >> appreciated.
> >>
> >>
> >>
> >> Cheers
> >>
> >> James
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
> >
> >
> > --
> > Chris Jones
> > JNCIE-ENT #272
> > CCIE# 25655 (R&S)
> >
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 
Youssef BENGELLOUN-ZAHR

More information about the juniper-nsp mailing list