[152078] in North American Network Operators' Group
Re: Cheap Juniper Gear for Lab
daemon@ATHENA.MIT.EDU (Jeff Richmond)
Wed Apr 11 18:06:57 2012
From: Jeff Richmond <jeff.richmond@gmail.com>
In-Reply-To: <8FC61074-8591-4A86-BACD-BD3249B91EE3@ukbroadband.com>
Date: Wed, 11 Apr 2012 15:06:17 -0700
To: Leigh Porter <leigh.porter@ukbroadband.com>,
Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
FWIW, when I took my JNCIE, I used all J-series running flow code =
(disabled) for my study pod and never had any issues. I have 9 physical =
routers plus a bunch of VRs on them. I agree there can be issues =
depending on what you are trying to do, but I am not sure why this is =
such a big deal if this is just a lab setup. I wouldn't test something =
on a J-series and expect to deploy it on M/MX/T in production or =
something, but that wasn't what the OP was asking to do. For a home lab =
I can't think of any reason not to use some J-series boxes.=20
-Jeff
On Apr 11, 2012, at 1:29 PM, Leigh Porter wrote:
>=20
> On 11 Apr 2012, at 18:36, "Carl Rosevear" <crosevear@skytap.com> =
wrote:
>=20
>> Yeah, I have to apply the term "awful" and "annoying" to the packet
>> mode implementation on SRX/J-series. Anyway, I spent *hours* with =
JTAC
>> on the phone trying to get the thing to just pass packets. Best part
>> was, I didn't know how to do it and nor did they! I escalated, =
worked
>> with many engineers. My key statement was "I just want my router to
>> route. Make it do what it is supposed to do. No session tracking!
>> This is not a firewall." So, now it doesn't require valid sessions =
to
>> pass packets but it does still appear to *track* sessions in some
>> tables and I am, of course, very curious when some attack vector will
>> fill up some table.
>>=20
>=20
> I have had some rather odd issues with the SRX boxes but JTAC were =
pretty good at turning around fixes for me for my specific issues.
>=20
> Since then I have had quite a lot of SRX boxes across the range =
running various MPLS services including MPLS over GRE with =
fragmentation/reassembly which has been working very well. Since 11.1R3 =
I've had no issues at all with them.
>=20
> So yeah the new flow mode stuff had its issues, but as a *small* MPLS =
box it is very functional. Of course in MPLS mode, you turn the flow =
stuff off..
>=20
>=20
> --
> Leigh Porter
>=20
>=20
>=20
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud =
service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________
>=20
