Cheap Juniper Gear for Lab

Owen DeLong owen at
Tue Apr 10 09:58:52 CDT 2012

On Apr 10, 2012, at 7:24 AM, Tim Eberhard wrote:

> I find it humorous that you think J/SRX junos isn't real junos.
> So what makes it not real junos? The fact it has a flowd process? Lets
> technically talk about this for a moment.

The fact that you can't put it into flow mode.

> Realistically one of the only differences between "flow based junos"
> and the legacy "packet based junos" is the flowd process. Which can be
> easily bypassed by issuing a couple of configuration commands. So what
> exactly makes this platform/code so horrible and not "real" junos?

Actually, not. Try again. It can be partially bypassed. There are real and
serious differences in how forwarding works in flow-based JunOS and
how it behaves under many circumstances.

> If anything to me it's a better platform to deploy and learn on. It's
> more flexible as it comes with more advanced flow based features but
> they are optional. There are certain limitations as mentioned
> previously around the switching and class of service however these
> same feature limitations were also in the "real" junos low end
> devices.

They aren't entirely optional and that is the problem. You can't actually
completely bypass them and they do sometimes get in the way.

> If there are other differences that I am unaware of then by all means
> feel free to educate me. I am well aware that branch devices don't
> have the capabilities of the MX/M series in regards to ATM and other
> such specific platforms, but you called this "not real junos". So lets
> keep any responses limited to that aspect.

I believe that the flow-based routing goes quite a bit deeper than
just having a flowd. It causes a number of problems with tunnel
recursion among other things.

Sure, if you want a firewall, flow-based JunOS is a pretty nice set of
firewall features. However, if you just want to forward packets, it can
really suck to have to work around it's flow-based "features".


> -Tim Eberhard
> On Tue, Apr 10, 2012 at 1:33 PM, Owen DeLong <owen at> wrote:
>> If you want real JunOS, avoid SRX or J series at all costs.
>>> Juniper do have a bunch more lines, but those are the most common
>>> (there's also the E/ERX BRAS boxes and ScreenOS firewalls, but both are
>>> not long for this world).
>> Don't forget their SSL VPN boxes which are an acquired doesn't behave at all like a Juniper device line of products.
>>> If you just want one box to get to know the OS an SRX2X0 (or possibly a
>>> 100) is by far the most flexible way, and can be had for < $500 used).
>> With the caveat about Services JunOS above.
>> Owen

More information about the NANOG mailing list