[j-nsp] Questions about EX4550 switches

[Doug McIntyre]

On Wed, Nov 16, 2016 at 03:02:04PM +0800, Rod Bio wrote:
> 1. Configuring firewall gives me "Warning: statement ignored: 
> unsupported platform (ex4550-32f)" when including "except". I'm trying 
> to filter ALL traffic except from some IP but except is not working.

Indeed, filters tend to be a grab bag of what the underlying hardware
supports. The MX's tend to support the most paths, and the switches
support some subset, and are different per switch depending on underlying
chipset and what it will support.

You'll just have to do the filter a different way to make it effective. 
Thankfully you usually have some choices in how to proceed. 

> 2. All the box have 13.2X51-D35.3 (Junos 13.2??) but juniper site says 
> 12.3R12 is suggested as of the moment. JunOS 15 and 16 is available for 
> the box (I think) but I am not sure what to follow.

Generally, it is best to follow what JTAC suggests as the most
stable. You'll have the best results with it.

BUT, I know on this platform (EX4550), that certain interface cards require
newer code in the 13.2 series of code releases. So, make sure you check
out the requirements of all the modules installed in the switch. I know
the 40GB expansion module requires 13.2X of some version. I don't run
any expansion modules, and I run 12.3 releases on mine. 

Network ops tend to be very conservative (probably being bitten way
too many times). JunOS 15 and 16 are way too far out there to consider
for me. I'd consider running them only if there are any super
compelling reason or feature you absolutely need out of that train.

To tell you the truth, the EX switches tend to be pretty far behind
the JunOS train. I would worry too much about runing "the latest".

This is much like the Cisco Catalyst switches, where they run 12.1 and
12.2S IOS for ever and ever?