Re: [j-nsp] SRX1400 opinions

Sun, 28 Apr 2013 13:09:12 -0700 

Hi Paul,

Thank You very much for the clarification. I will have only one ASBR. As for 
redundancy I'll go with a single 1400 unit and add a second in the future. 
Still, a single SRX1400 will be probably more stable then a single J6350. 

On the side note - does Juniper plan to have a replacement for J-series? Or we 
should switch to MX now?

Thanks again,
jim

From: plu...@senetsy.ru
Date: Sun, 28 Apr 2013 23:30:44 +0400
Subject: Re: [j-nsp] SRX1400 opinions
To: jim.howl...@outlook.com
CC: jjo...@danrj.com; juniper-nsp@puck.nether.net


Hi James,


So basically SRX1400 will do fine as BGP router + firewall?

Yes, it will though using a stateful firewall as ASBR has implications: traffic 
must go symmetrically, meaning forward and reverse flow of a given session must 
always go through same ASBR. In practice, it means that either you have a 
single stateful ASBR (clustered for redundancy) or you better build external 
routing domain with dedicated routers. Rule of thumb: if your AS has a single 
site with all external links terminated there — OK to use a firewall, if you 
have 2+ sites with external links here and there — you need routers.



A thing to consider about SRX1400 is its price/performance in comparison to 
SRX650. If you look at the performance numbers, you'll see it differs not as 
much as the price :) In terms of bps and concurrent sessions they are about of 
same capability. In terms of pps and cps SRX1400 is (IIRC) about 1.5 times more 
powerful. So in case of a limited budget, I would recommend to consider two 
SRX650 with clustering (if you wish, even active/active, though I think it's no 
use for most cases) instead of a single SRX1400. In this case you wull also 
need additional interface cards (not that expensive), as clustering consume 
three ports on each node.



On the other hand, SRX1400 is a hardware box with dedicated hardware for 
control and data plane, some screen options (way not all) are done in the 
packet ASIC, etc. So for the DC environment SRX1400 can be a better choice, 
especially if you are going to have more full BGP feeds in future and/or serve 
cps-intensive or short-packet applications. So if two boxes fits your budget, 
this might be a better way.


                                          
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Reply via email to