Hi Paul, Thank You very much for the clarification. I will have only one ASBR. As for redundancy I'll go with a single 1400 unit and add a second in the future. Still, a single SRX1400 will be probably more stable then a single J6350.
On the side note - does Juniper plan to have a replacement for J-series? Or we should switch to MX now? Thanks again, jim From: plu...@senetsy.ru Date: Sun, 28 Apr 2013 23:30:44 +0400 Subject: Re: [j-nsp] SRX1400 opinions To: jim.howl...@outlook.com CC: jjo...@danrj.com; juniper-nsp@puck.nether.net Hi James, So basically SRX1400 will do fine as BGP router + firewall? Yes, it will though using a stateful firewall as ASBR has implications: traffic must go symmetrically, meaning forward and reverse flow of a given session must always go through same ASBR. In practice, it means that either you have a single stateful ASBR (clustered for redundancy) or you better build external routing domain with dedicated routers. Rule of thumb: if your AS has a single site with all external links terminated there — OK to use a firewall, if you have 2+ sites with external links here and there — you need routers. A thing to consider about SRX1400 is its price/performance in comparison to SRX650. If you look at the performance numbers, you'll see it differs not as much as the price :) In terms of bps and concurrent sessions they are about of same capability. In terms of pps and cps SRX1400 is (IIRC) about 1.5 times more powerful. So in case of a limited budget, I would recommend to consider two SRX650 with clustering (if you wish, even active/active, though I think it's no use for most cases) instead of a single SRX1400. In this case you wull also need additional interface cards (not that expensive), as clustering consume three ports on each node. On the other hand, SRX1400 is a hardware box with dedicated hardware for control and data plane, some screen options (way not all) are done in the packet ASIC, etc. So for the DC environment SRX1400 can be a better choice, especially if you are going to have more full BGP feeds in future and/or serve cps-intensive or short-packet applications. So if two boxes fits your budget, this might be a better way. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp