On Thu, Dec 19, 2013 at 4:25 PM, Tom Storey <t...@snnap.net> wrote: > Hi everyone. > > Whats the general consensus about using a J series entirely in packet mode? > > When you enable packet-mode on J-Series you loose the stateful firewall capabilities.
> Are there any gotchyas to be wary of, like missing features, > performance hit? It looks like you can configure 3 address families > for packet mode (iso, inet6, mpls) but not inet4. But, from what Im > reading, enabling MPLS packet mode forces the whole box in to packet > mode, including inet4. > You get to run IPv4, IPv6, MPLS and everything else. > > Source: http://www.juniper.net/us/en/local/pdf/app-notes/3500192-en.pdfpage 6 > > Quote: "When MPLS is configured, there is no way of knowing if an IP > packet entering the services gateway will require MPLS encapsulation > until the packet is processed, so enabling MPLS can be used to force > an SrX Series or J Series device to forward all IPv4 traffic in packet > mode." > > FWIW the situation I am picturing would not require NAT or IPSEC or > other services like that, just packet shifting with ACLs, some routing > protocols (IS-IS/BGP), and something like VRRP for gateway redundancy. > > You can still use IPSec. I'm not sure about NAT, but most probably you will get it the old JUNOS way (no security zones). > Im interested in using it more like a router than a firewall, just > good old fashion packets and ACLs! > > I use several J series precisely for this, including full routing tables, and they work without any issues, including some virtual routers. > As I understand it the J series were originally a packet mode box > until Juniper switched the default behaviour to flow based. Has there > been any major architecture changes that would rule out packet mode > operation? > > Switch on packet mode and you get a cheap, featureful router :) Regards, Eugeniu _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp