[152074] in North American Network Operators' Group
Re: Cheap Juniper Gear for Lab
daemon@ATHENA.MIT.EDU (Leigh Porter)
Wed Apr 11 16:27:44 2012
From: Leigh Porter <leigh.porter@ukbroadband.com>
To: Carl Rosevear <crosevear@skytap.com>
Date: Wed, 11 Apr 2012 20:29:33 +0000
In-Reply-To: <CANZz31Yds+DCNwqZY-ong-uZk7QUx+es+O1DBvj2nqrw=kR4FA@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 11 Apr 2012, at 18:36, "Carl Rosevear" <crosevear@skytap.com> wrote:
> Yeah, I have to apply the term "awful" and "annoying" to the packet
> mode implementation on SRX/J-series. Anyway, I spent *hours* with JTAC
> on the phone trying to get the thing to just pass packets. Best part
> was, I didn't know how to do it and nor did they! I escalated, worked
> with many engineers. My key statement was "I just want my router to
> route. Make it do what it is supposed to do. No session tracking!
> This is not a firewall." So, now it doesn't require valid sessions to
> pass packets but it does still appear to *track* sessions in some
> tables and I am, of course, very curious when some attack vector will
> fill up some table.
>=20
I have had some rather odd issues with the SRX boxes but JTAC were pretty =
good at turning around fixes for me for my specific issues.
Since then I have had quite a lot of SRX boxes across the range running va=
rious MPLS services including MPLS over GRE with fragmentation/reassembly =
which has been working very well. Since 11.1R3 I've had no issues at all w=
ith them.
So yeah the new flow mode stuff had its issues, but as a *small* MPLS box =
it is very functional. Of course in MPLS mode, you turn the flow stuff off=
..
--
Leigh Porter
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
