Re: [j-nsp] VPLS Scaling
Not to mention the use of dynamic profiles for the application of filters and tag-manipulation policies on VPLS LSIs... Derick Winkworth CCIE #15672 (RS, SP), JNCIE-M #721 http://blinking-network.blogspot.com From: Stefan Fouant To: tim tiriche Cc: juniper-nsp@puck.nether.net Sent: Sun, July 24, 2011 9:55:33 AM Subject: Re: [j-nsp] VPLS Scaling On 7/23/2011 8:47 PM, tim tiriche wrote: > Does Juniper support VPLS with 802.1ah? > Has anyone deployed this? Hi Tim, On the MX Series devices, there is extensive support for (MAC) tunneling and bridging of Ethernet frames across Provider Backbone-Bridges which include the use and integration with VPLS as a transport mechanism. You'll find extensive per-port VLAN tag manipulation and normalization features which include support for 802.1ad (Q-in-Q) and 802.1ah (MAC-in-MAC). Take a look at the MX Solutions Guide which covers a lot of this in great detail - http://www.juniper.net/techpubs/en_US/junos11.1/information-products/topic-collections/solutions-guide-mx-series/mx-solutions-guide.pdf HTHs. Stefan Fouant JNCIE-ER, JNCIE-M, JNCIE-SEC, JNCI Technical Trainer, Juniper Networks http://www.shortestpathfirst.net http://www.twitter.com/sfouant ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] VPLS Scaling
On 7/23/2011 8:47 PM, tim tiriche wrote: Does Juniper support VPLS with 802.1ah? Has anyone deployed this? Hi Tim, On the MX Series devices, there is extensive support for (MAC) tunneling and bridging of Ethernet frames across Provider Backbone-Bridges which include the use and integration with VPLS as a transport mechanism. You'll find extensive per-port VLAN tag manipulation and normalization features which include support for 802.1ad (Q-in-Q) and 802.1ah (MAC-in-MAC). Take a look at the MX Solutions Guide which covers a lot of this in great detail - http://www.juniper.net/techpubs/en_US/junos11.1/information-products/topic-collections/solutions-guide-mx-series/mx-solutions-guide.pdf HTHs. Stefan Fouant JNCIE-ER, JNCIE-M, JNCIE-SEC, JNCI Technical Trainer, Juniper Networks http://www.shortestpathfirst.net http://www.twitter.com/sfouant ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] srx advice
You can put two or more logical interface from one routing-instance jut into one security zone and control the flow traffic through security policy such as "set security policy from-zone vr1 to-zone vr1 ... ". The security zone concept is just for management purpose and has nothing to do with the security policy implementation. LSYS in JUNOS 11.2 is first come to SRX HE not SRX branch. On Sat, Jul 23, 2011 at 1:13 AM, Farid Bouzemarene < farid.bouzemar...@magirus.com> wrote: > Just as a reminder : LSYS ( screenos vsys equivalent ) are arriving in 11.2 > on srx > > > > - Message d'origine - > De : Ben Dale [bd...@comlinx.com.au] > Envoyé : 22.07.2011 22:11 ZE10 > À : Richard Zheng > Cc : juniper-nsp@puck.nether.net > Objet : Re: [j-nsp] srx advice > > > > Hi Richard, > > Depending on your topology you can scale this out by having a common > "Untrust" zone for all customers (which is has interfaces in the inet.0 > instance) and simply leaking routes (interface(s), default or otherwise) > into specific customer VRs. > > Cheers, > > Ben > > On 22/07/2011, at 5:54 PM, Richard Zheng wrote: > > > Hi, > > > > I am trying to compare different models of srx. The application is to > setup > > virtual firewalls for several customers. The virtual router instance > should > > do it. The maximum number of security zones seems to be the limitation of > > srx. For example, SRX220 has maximum 24 zones and 15 virtual routers. > > Considering one virtual router needs at least 2 zones, one trusted and > one > > untrusted, how can you get more than 12 virtual routers with 24 zones? > > > > Am I missing something here? > > > > Thanks, > > Richard > > ___ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- BR! James Chen ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp