Cheap Juniper Gear for Lab

Leigh Porter leigh.porter at
Wed Apr 11 15:29:33 CDT 2012

On 11 Apr 2012, at 18:36, "Carl Rosevear" <crosevear at> wrote:

> Yeah, I have to apply the term "awful" and "annoying" to the packet
> mode implementation on SRX/J-series. Anyway, I spent *hours* with JTAC
> on the phone trying to get the thing to just pass packets.  Best part
> was, I didn't know how to do it and nor did they!  I escalated, worked
> with many engineers.  My key statement was "I just want my router to
> route.  Make it do what it is supposed to do.  No session tracking!
> This is not a firewall."  So, now it doesn't require valid sessions to
> pass packets but it does still appear to *track* sessions in some
> tables and I am, of course, very curious when some attack vector will
> fill up some table.

I have had some rather odd issues with the SRX boxes but JTAC were pretty good at turning around fixes for me for my specific issues.

Since then I have had quite a lot of SRX boxes across the range running various MPLS services including MPLS over GRE with fragmentation/reassembly which has been working very well. Since 11.1R3 I've had no issues at all with them.

So yeah the new flow mode stuff had its issues, but as a *small* MPLS box it is very functional. Of course in MPLS mode, you turn the flow stuff off..

Leigh Porter

This email has been scanned by the Symantec Email service.
For more information please visit

More information about the NANOG mailing list