[152052] in North American Network Operators' Group
Re: Cheap Juniper Gear for Lab
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Apr 10 21:32:16 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <20120411010207.GA2368@prolixium.com>
Date: Tue, 10 Apr 2012 18:30:37 -0700
To: Mark Kamichoff <prox@prolixium.com>
Cc: jgoodwin@studio442.com.au, "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Apr 10, 2012, at 6:02 PM, Mark Kamichoff wrote:
> On Tue, Apr 10, 2012 at 11:57:31AM -0700, Owen DeLong wrote:
>>> The fact that you can't put it into flow mode.
>> s/flow/packet/
>> (oops, wasn't awake yet)
>=20
> Actually, this is possible:
>=20
> prox@asgard> show configuration security =20
> forwarding-options {
> family {
> inet6 {
> mode packet-based;
> }
> mpls {
> mode packet-based;
> }
> }
> }
>=20
> The above is from an SRX210B, but the same configuration will work on
> any J-series or /branch/ SRX-series platform.
>=20
Right, sort of. To the extent that it works. It doesn't actually do =
everything you
think it should, and, it's somewhat dependent on the version of JunOS as =
to
how well it does or doesn't work.
> Don't let the "mpls" keyword throw you off. This actually causes the
> box to run the inet /and/ mpls address families in packet mode.
>=20
I'm not unfamiliar or uninitiated in this regard. I had tickets with =
Juniper for
over a year and it escalated quite high up their escalation chain before =
they
finally admitted "Yeah, Services JunOS is different and it behaves =
differently
and if you need to do what you're trying to do, you should buy an M or =
MX
series."
It's quite unfortunate. I'd really like for the SRX series to not be so =
crippled for
my purposes.
Owen
