Hello, My comments inline.
BR. 2015-10-02 14:44 GMT+02:00 james list <jameslis...@gmail.com>: > Hi Youssef > so you use LSYS since quite time, is there a reason why you have decided > for that and not for VR ? > ==> I never said that, we use them both. As stated before by Chris Jones, L-SYS is a higher a higher level of abstraction and multitenancy that allows to create virtual boxes with dedicated ressources, etc. You can always create multiple VRs inside L-SYS as much as you need. These are two very different things. > > LSYS as far as I understand is limited to 32, right ? > ==> IIRC, I think the actual maximum is 32 L-SYS, submitted to licensing of course. > > Which is the throughput you get among LSYS ? > ==> I don't know, we never tested that. If I were to make a wild guess, I'd say pretty high because it's purely internal forwarding using logical interfaces. What kind of throughput are you looking for ? > > > As far as I see now the only benefit of LSYS against VR is the separate > management... nothing more... > Less scalability, less features, etc... > ==> Not true at all. Exception made for some specific limitations, you keep the exact some set of features and all. Ressources are just split over the multiple L-SYS plus you get seperte management. > > Cheers > > 2015-10-02 14:36 GMT+02:00 Youssef Bengelloun-Zahr <yous...@720.fr>: > >> Hello, >> >> We've been using those in an 5600 cluster for quite some time now, no >> major worries. As usual, you will of course run into certain limitations / >> caveats of the technology. But hey, what did you expect ? ;-) >> >> Number of L-SYS supported have increased over time with newer versions of >> Junos. Communications between L-SYS need to use lt-interfaces and L-SYS >> must be meshed using those in a hub-and-spoke fashion since 12.1X47. >> >> HTH and BR. >> >> >> >> 2015-10-02 11:22 GMT+02:00 james list <jameslis...@gmail.com>: >> >>> Well indeed with SRX you can also associate zones+policies to the >>> interface >>> in the specific routing table >>> I guess it's something more from my point of view.... >>> >>> and I see also some benefit against lsys, I understand that SRX high end >>> for example supoprt a few number of lsys... >>> isn,'t it ? >>> >>> >>> >>> 2015-10-02 10:56 GMT+02:00 Chris Jones <ipv6fre...@gmail.com>: >>> >>> > VR is multiple routing tables. >>> > >>> > Lsys is logical systems... basically one step deeper in logical >>> > segmentation. Essentially multiple full routers in each box. >>> > >>> > On Fri, Oct 2, 2015 at 9:08 AM, james list <jameslis...@gmail.com> >>> wrote: >>> > >>> >> Dear experts, >>> >> >>> >> I’d like to know your opinion about firewall virtualization inside SRX >>> >> boxes (high-end). >>> >> >>> >> >>> >> As far as I understand there are a couple of way: Logical Systems >>> (LSys) >>> >> and Virtual routers (VR). >>> >> >>> >> >>> >> >>> >> From your point of view: >>> >> >>> >> >>> >> 1) Which are the main differences among Lsys and VR ? >>> >> >>> >> 2) Which are pro and cons of LSys and VR ? >>> >> >>> >> 3) If I need to put in communication two LSys in the same box >>> which >>> >> is >>> >> the maximum throughtput I can get ? Should I use lt- interface ? >>> >> >>> >> 4) If I need to put in communication two VR in the same boz >>> which is >>> >> the maximum throughtput I can get ? Should I use import/export ? >>> >> >>> >> >>> >> >>> >> If inside the feedbacks you can provide any reference URL it will be >>> >> appreciated. >>> >> >>> >> >>> >> >>> >> Cheers >>> >> >>> >> James >>> >> _______________________________________________ >>> >> juniper-nsp mailing list juniper-nsp@puck.nether.net >>> >> https://puck.nether.net/mailman/listinfo/juniper-nsp >>> > >>> > >>> > >>> > >>> > -- >>> > Chris Jones >>> > JNCIE-ENT #272 >>> > CCIE# 25655 (R&S) >>> > >>> _______________________________________________ >>> juniper-nsp mailing list juniper-nsp@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/juniper-nsp >>> >> >> >> >> -- >> Youssef BENGELLOUN-ZAHR >> > > -- Youssef BENGELLOUN-ZAHR _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp