Cheap Juniper Gear for Lab

• Previous message (by thread): Cheap Juniper Gear for Lab
• Next message (by thread): Cheap Juniper Gear for Lab
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11 Apr 2012, at 18:36, "Carl Rosevear" <crosevear at skytap.com> wrote:

> Yeah, I have to apply the term "awful" and "annoying" to the packet
> mode implementation on SRX/J-series. Anyway, I spent *hours* with JTAC
> on the phone trying to get the thing to just pass packets.  Best part
> was, I didn't know how to do it and nor did they!  I escalated, worked
> with many engineers.  My key statement was "I just want my router to
> route.  Make it do what it is supposed to do.  No session tracking!
> This is not a firewall."  So, now it doesn't require valid sessions to
> pass packets but it does still appear to *track* sessions in some
> tables and I am, of course, very curious when some attack vector will
> fill up some table.
> 

I have had some rather odd issues with the SRX boxes but JTAC were pretty good at turning around fixes for me for my specific issues.

Since then I have had quite a lot of SRX boxes across the range running various MPLS services including MPLS over GRE with fragmentation/reassembly which has been working very well. Since 11.1R3 I've had no issues at all with them.

So yeah the new flow mode stuff had its issues, but as a *small* MPLS box it is very functional. Of course in MPLS mode, you turn the flow stuff off..


--
Leigh Porter



______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________

• Previous message (by thread): Cheap Juniper Gear for Lab
• Next message (by thread): Cheap Juniper Gear for Lab
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]