[j-nsp] SRX Dynamic Address limits
Chris Lee
chris at datachaos.com.au
Fri Mar 1 06:10:51 EST 2024
Hi All,
Does anyone know if there's any specific limits/bounds/impacts on the
number of IP addresses that can be imported into a SRX Dynamic Address
list, specifically for an SRX345 ?
https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/dynamic-address.html
Have been trialling it for a little while now with a relatively small
number (around 3000 IPv4 and 1200 IPv6 entries), but looking to do some
further GeoIP restrictions which would likely be around another 22000 IPv4
entries I need to import for the specific countries I need. Will anything
topple/break with that many IP's in various dynamic lists ?
I've tried looking but my google-fu is failing to turn up any data on
limitations anywhere... I've found reference to address sets "One address
set can reference a maximum of 16384 address entries and a maximum of 256
address sets." but I'm not sure that this applies to dynamic address list
entries as I figure that restriction may have more to do with the SRX
having to parse a massive configuration file ?
Thanks,
Chris
More information about the juniper-nsp
mailing list