[j-nsp] SRX firewall virtualization

james list jameslist72 at gmail.com
Fri Oct 2 08:44:19 EDT 2015 

Hi Youssef
so you use LSYS since quite time, is there a reason why you have decided
for that and not for VR ?

LSYS as far as I understand is limited to 32, right ?

Which is the throughput you get among LSYS ?


As far as I see now the only benefit of LSYS against VR is the separate
management... nothing more...
Less scalability, less features, etc...

Cheers

2015-10-02 14:36 GMT+02:00 Youssef Bengelloun-Zahr <youssef at 720.fr>:

> Hello,
>
> We've been using those in an 5600 cluster for quite some time now, no
> major worries. As usual, you will of course run into certain limitations /
> caveats of the technology. But hey, what did you expect ?  ;-)
>
> Number of L-SYS supported have increased over time with newer versions of
> Junos. Communications between L-SYS need to use lt-interfaces and L-SYS
> must be meshed using those in a hub-and-spoke fashion since 12.1X47.
>
> HTH and BR.
>
>
>
> 2015-10-02 11:22 GMT+02:00 james list <jameslist72 at gmail.com>:
>
>> Well indeed with SRX you can also associate zones+policies to the
>> interface
>> in the specific routing table
>> I guess it's something more from my point of view....
>>
>> and I see also some benefit against lsys, I understand that SRX high end
>> for example supoprt a few number of lsys...
>> isn,'t it ?
>>
>>
>>
>> 2015-10-02 10:56 GMT+02:00 Chris Jones <ipv6freely at gmail.com>:
>>
>> > VR is multiple routing tables.
>> >
>> > Lsys is logical systems... basically one step deeper in logical
>> > segmentation. Essentially multiple full routers in each box.
>> >
>> > On Fri, Oct 2, 2015 at 9:08 AM, james list <jameslist72 at gmail.com>
>> wrote:
>> >
>> >> Dear experts,
>> >>
>> >> I’d like to know your opinion about firewall virtualization inside SRX
>> >> boxes (high-end).
>> >>
>> >>
>> >> As far as I understand there are a couple of way: Logical Systems
>> (LSys)
>> >> and Virtual routers (VR).
>> >>
>> >>
>> >>
>> >> From your point of view:
>> >>
>> >>
>> >> 1)      Which are the main differences among Lsys and VR ?
>> >>
>> >> 2)      Which are pro and cons of LSys and VR ?
>> >>
>> >> 3)      If I need to put in communication two LSys in the same box
>> which
>> >> is
>> >> the maximum throughtput I can get ? Should I use lt- interface ?
>> >>
>> >> 4)      If I need to put in communication two VR  in the same boz
>> which is
>> >> the maximum throughtput I can get ? Should I use import/export ?
>> >>
>> >>
>> >>
>> >> If  inside the feedbacks you can provide any reference URL it will be
>> >> appreciated.
>> >>
>> >>
>> >>
>> >> Cheers
>> >>
>> >> James
>> >> _______________________________________________
>> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >
>> >
>> >
>> >
>> > --
>> > Chris Jones
>> > JNCIE-ENT #272
>> > CCIE# 25655 (R&S)
>> >
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
> --
> Youssef BENGELLOUN-ZAHR
>

More information about the juniper-nsp mailing list