[j-nsp] Outgrowing a QFX5100

Mike Gonnason gonnason at gmail.com
Tue Sep 20 00:57:47 EDT 2022 

Hi Jason,

Do you have any more details about what limitations you are encountering on
the QFX?  Is it hardware related or software?

You can use the feature explorer to see what is supported:
https://apps.juniper.net/feature-explorer/feature-family-info.html?ffKey=102&familyName=Authentication%20and%20Access%20Control

MX will generally support more features or be more capacity than the
EX/QFX, but as you can see 802.1x is a wide ranging topic with plenty of
corner-case features.

As for a "step-up", it is really just a different use case and
requirements. The QFX is a solid switching performer, with plenty of
support for modern data center tech. I have deployed a bunch of QFX5120 in
a EVPN config but also have some in VC or standalone, however none doing
802.1x.

-Mike Gonnason




On Fri, Sep 16, 2022 at 12:12 PM Jason Healy via juniper-nsp <
juniper-nsp at puck.nether.net> wrote:

> Looking for a little wisdom from the list.
>
> We're a small school campus that's been running a QFX 5100 as our core
> switch/router for several years.  It's been a good piece of equipment but
> we continue to hit weird limitations and I'm wondering if we're pushing the
> platform too hard.
>
> My question is, what would be the logical "step up" from the qfx on a
> small network?  I'm thinking the MX240 as it's the smallest router that has
> redundant REs.  However, I have no experience with the router family (we're
> all EX/QFX).  I'd consider a newer member of the QFX family, but I'd need
> to know I'm not going to bump into a bunch of weird "unsupported on this
> platform" issues.
>
> Does the MX line handle all the layer-2 stuff that the QFX has, like DHCP
> snooping, vlan firewall filters, or even dot1x?  Coming from the switching
> family, I wasn't sure how prevalent those features are on the layer-3
> equipment, or if they're configured in some totally different way.
>
> I'm fine with EOL/aftermarket equipment; we've got a pretty traditional
> layer-2 spoke-and-hub setup with layer-3 for IRB and a default route to our
> ISP (no VXLAN, tunneling, etc).  Our campus isn't growing so capacity isn't
> a huge issue (we're 1g/10g uplinks everywhere, and the 10g aren't close to
> saturation).  I *might* want 40g as a handoff to an aggregation layer, but
> that's about it.  Thus, I'm OK with a relative lack of new features.
>
> Thanks,
>
> Jason
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list