Re: [j-nsp] SRX for MPLS

[Miroslav Georgiev]

I tested everything from mpls, ldp, rsvp, l2vpns, l3vpns, vpls and other 
routing protocols.
There are some limitations for mtu, encapsulations, fragmentation and 
other small but pain in the ass things.
Best thing is to get some (2 or more srx210 or better) and to do your 
tests . After that you will consider buying them.
About security things - if you still need them you can separate the box 
in 2 virtual-routers or something else.

On 10/22/2010 05:54 PM, Paul Stewart wrote:
Has anyone done much l2vpn on them?  I know that's related for sure..;)
-----Original Message-----
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Miroslav Georgiev
Sent: Friday, October 22, 2010 10:05 AM
To: Will McLendon
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] SRX for MPLS

Unfortunately there are some vpls limitations on SRX and J-series
routers. You should check them first.
Besides that everything works.

On 10/22/2010 04:28 PM, Will McLendon wrote:
   
you can definitely do MPLS on J-series and SRX gateways.  It even says so
     
on the datasheet -- however, as was mentioned, you must put the device in
packet-based mode, and thus lose ALL security features (everything that is
configured under [edit security] -- so Zones, Stateful Policies, NAT, etc.
are all not available)
   
to add-on to Tim's comment, you will want to use the command 'delete
     
security' to wipe out that hierarchy, and then enable the packet-based mode:
   
set security forwarding-options family mpls mode packet-based.

there are other statements in that hierarchy to enable packet-based for
     
inet6 etc, but i've never turned that on...just the MPLS statement will turn
it into a regular router..  My main fear for your deployment would be the
environmental conditions.  I don't believe the SRX is specifically hardened
for that kind of environment (that isn't to say it wouldn't work, though).
   
Also, you aren't planning to put an entire BGP table into them are you?
     
I'm not sure how well that would work on the smaller boxes.  I think i've
heard of it being done, but never done it myself so I can't speak to the
stability of such a scenario.
   
Good luck,

Will
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



     
--
Regards,,,
Miroslav Georgiev
SpectrumNet Jsc.
+(359 2)4890604
+(359 2)4890619


_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp