On Mon, Nov 8, 2010 at 7:47 PM, Julien Goodwin <jgood...@studio442.com.au>wrote:
> On 09/11/10 02:38, Maqbool Hashim wrote: > > Hi, > > > > I'm looking at doing a multihomed BGP setup using two upstream Internet > providers. We are obtaining PI space and would like to announce our PI > space via BGP to our upstreams. I'm looking at using one of the SRX range > from Juniper to handle the BGP and firewalling requirement for us. We don't > need a full routing table. Is it a realistic proposal to do the BGP and > firewalling on one device (an SRX) ? Or am I creating a rod for my own back > by not using separate BGP routers and using separate devices to do the > firewalling for me. I'd be interested in hearing if other people are using > the SRX's in a similar way. > > Thunderbird just ate my response, grr. > > BGP full feed on an SRX650 is fine, if you disable flow mode (as much as > you can, don't forget the ALG's). > What's the point of doing BGP on a firewall with firewallling turned off? > > BGP with a default inbound and advertising a few routes is fine with > firewalling. > > You could probably do this with openwrt if you found the right platform. > Combining a full feed with firewalling is a bad idea, at least on the > branch kit, and probably the SRK1k and 3k. > > -- > Julien Goodwin > Studio442 > "Blue Sky Solutioneering" > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp