On Thu, Sep 27, 2012 at 7:13 PM, Dave Peters - Terabit Systems <d...@terabitsystems.com> wrote: > We are considering deploying these for a customer's TOR, but I don't have any > experience with them. > > Anybody out there have experience or comments good/bad on these? Anything I > should know going in?
We have several QFX in production in clients' networks, doing L2, and are mostly satisfied. We are recently working on a problem with high amount of unknown-unicast or multicast traffic but we are not sure the problem is the switch. If this is our only gripe, I'd say that is an indicator the switch works well. We haven't done any L3 or QFabric. The reason for no L3 is there are some hard-coded CoPP "accept" rules that you cannot override by configuration which make the switch unusually vulnerable to a DoS attack. Juniper says they will not address this, so we don't have hopes of using them for L3 in the future. I think QFabric is brain-damaged and doubt we will ever try it. Also, if you run software before 12.2, you should apply a fix suggested by JTAC to stop the switch from hanging when you plug/unplug the serial port, or send it a break. The PR# is finally un-hidden (now that they have fixed it, go figure) and is available below. You just need to modify /etc/rc.conf.platform or upgrade to 12.2. https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR769146 This is the worst problem we had with the QFX and it took us a lot of time to realize what was going on. Hopefully it will save you some trouble! Overall, I continue to recommend QFX to my clients for layer-2 where commit/rollback is beneficial. Outside of that, I believe it has limited application at this time due to the CoPP problems; but Juniper could decide to fix that if they think some customers will buy the switch because of fixing it. My $0.02 -- Jeff S Wheeler <j...@inconcepts.biz> +1 502-523-6989 Mobile Sr Network Operator / Innovative Network Concepts _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp