2 x SRX1k or 2k could be a good idea but it's not what I was asked for... I'll try a poll....
from the price list seems cheaper SRX6k or SRX14k than MX5... GDOI works just with single box ? and what about SSG ? regards > Subject: Re: [j-nsp] Best device to fit for a project > From: p...@westerlund.se > Date: Tue, 1 Apr 2014 10:17:00 +0200 > CC: juniper-nsp@puck.nether.net; bd...@comlinx.com.au > To: dim0...@hotmail.com > > Another possibility is a cluster of units to take care of the dual PSU > requirement. > > For the low end you can mount 2 SRX100 in a 1U tray, and make them a cluster. > Will not handle 100Mbps IPsec, but will do 10 Mbps easily, perhaps 50 Mbps > depending on how you count and configure (50 bidir is actually 100 in > processing power etc). None of the branch SRX have crypto chip, all IPsec is > done in CPU, have to watch that. > > Clustered 220/240 would take care of dual PSU for 100 Mbps IPsec, but > unfortunately two boxes. > > I don’t have pricing available and don’t run any of these myself, but what > about a small MX5 (or similar) with service-card (MS-MIC) for the hub site? > It claims throughput of 9Gbps. Would that fit the bill instead of the bigger > SRX boxes? > > /Per > > PS: With plain IPsec, no internet tunnel requirement, and SRX everywhere, you > can use GDOI (Group VPN, Cisco: GET VPN), but unfortunately that does not > work with clusters. Can’t have both right now, sorry. Saves lots of problems > managing pre-shared keys etc. > > 1 apr 2014 kl. 09:36 skrev Ben Dale <bd...@comlinx.com.au>: > > > SRX550 is pretty much your only option in the branch if you require dual > > power supply, but is in every other way overspecced (and thus priced) for > > the remainder of your branch requirements. If you can do without the RPS, > > then I'd go with either an SRX220 or 240, which will easily handle the > > remainder of your requirements. > > > > Are you sure you want 7-10GBps of IPSEC? I'm not sure what market you're > > in, but I don't imagine a 10Gbps WAN port is particularly cheap from your > > carrier (since you list price as being important). > > > > If you absolutely need this much crypto though, then you'll be looking at > > somewhere between an SRX650 and an SRX1400 plus appropriate 10G XPM/IOC. > > > > As for scalability - no issues - the 650 will support up to 3,000 tunnels > > and the 1400 was good for about 15,000 last time I looked - it's probably > > gotten better since then. > > > > Ben > > > > On 1 Apr 2014, at 4:37 pm, R S <dim0...@hotmail.com> wrote: > > > >> For a project (70 branch offices and 2 Headquarters connected in an > >> hub&spoke topology with IPSEC over MPLS among branch and HQ) I’m looking > >> for the best device which cover the following items: > >> > >> Branch: > >> Single device > >> At least two Ethernet interfaces (WAN/LAN) > >> Ipsec supporting 10-50-100 Mbs > >> Routing protocols such as BGP-OSPF > >> NAT > >> Redundant power supply (some site not but in principle I need it) > >> > >> HeadQuarter: > >> Single device with XE intf > >> At least two Ethernet interfaces (WAN/LAN) > >> IPSEC supporting up to 7-10 Gbs of IPSEC (the sum of branches) > >> Routing protocols such as BGP-OSPF > >> NAT > >> Redundant power supply > >> > >> Firewall is not needed, MPLS will be runned by the carrier, the devices > >> and IPSEC are on-top of MPLS. > >> I’m looking for the best solution in terms of scalability and price (very > >> important). > >> > >> Also any advice with experience for the decision is appreciated. > >> > >> Regards > >> > >> _______________________________________________ > >> juniper-nsp mailing list juniper-nsp@puck.nether.net > >> https://puck.nether.net/mailman/listinfo/juniper-nsp > > > > > > _______________________________________________ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
