Re: [j-nsp] Experience with J series

[Pavel Lunin]

Ups, I really missed the number of BGP routes limitation for SRX240. Sorry.

However 300K stated in the datasheet is not a hard limit for J series. It is
only a number well known to be supported with no issues. I wonder if this is
different for SRX.

But anyway BGP RR license is only available for J and SRX650, so
SRX100/210/240 do not support RR at all.

BTW, running 2 peers with fullview needs at least twice of 300k in RIB. J
series with JUNOS 9.5 is capable to load them all into RIB, but when it gets
to calculating best paths and populating FIB (which is also stored in DRAM
on J/SRX) the process can't get enough memory. Stripping off everything
longer than, say, /21 saves the deal. But you'd rather not go there if you
need to run full tables not only at the edge. Just use 9.3 packet mode.

--
Pavel

2009/9/26 Gregory Agerba 

> Hi Pavel,
>
> Thanks for your input.
>
> Based on factsheets the J series outperform BGP capabilities of the SRX
> series. The only out that outperform in SRX is the 650 which looks like a
> real good deal (thanks for pointing it out to me!).
>
> Nice weekend.
>
> - Gregory
>
> 2009/9/26 Pavel Lunin plu...@senetsy.ru
>
>>
>> I'd warn you guys of running peers with full BGP on J series with 1 Gig of
>> RAM. It was not a problem till 9.4. But since 9.4 JUNOS for J-series is flow
>> based only thus fwwd daemon preallocates plenty of memory for stateful
>> sessions tracking just like ScreenOS does. Even if you switch it to packet
>> context.
>>
>> I myself tried to run 2 peers with fullview on J2320 JUNOS 9.4/9.5 with 1
>> Gig and bumped into BGP session dropping with LowMem event.
>>
>> Moreover keep in mind that J2320/2350 are less valuable than SRX240 in
>> price/performace terms.
>>
>> --
>> Regards,
>> Pavel
>>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Experience with J series

[Pavel Lunin]

Hi 陈江,

You're right, this should be almost always done if you run several external
peers with fullview, but this code only switches the box into router
context. It doesn't make fwdd to free the memory. The router I used to show
the fwdd memory consumption is also given this piece of config.

I heard some talks Juniper is going to deploy different memory allocation
models based on the mode and even licenses (not sure whether they have much
sense), but by now router context does not give you any additional free
DRAM, fwdd still eats about 500 megs.

In new versions of JUNOS for J/SRX idpd daemon is also consuming quite a lot
of memory even if you do not need IDP. But there is no problem to turn it of
with [edit system processes] hierarchy.

So in some cases the best way will be just still use <= 9.3 packet mode.

--
Pavel

2009/9/26 陈江 

> if you running flow based JUNOS , you could try this knob to turn it into
> packet based mode:
>
> security {
>   forwarding-options {
> family {
> mpls {
> mode packet-based;
> }
> }
>   }
> }
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Experience with J series

[陈江]

if you running flow based JUNOS , you could try this knob to turn it into
packet based mode:

security {
  forwarding-options {
family {
mpls {
mode packet-based;
}
}
  }
}
On Sat, Sep 26, 2009 at 7:09 PM, Pavel Lunin  wrote:

> 2009/9/24 Chris Kawchuk 
>
> Yep. 30 ACL's with no issues (assuming straightforward things). Full BGP
> > Tables, OSPF area 0.0.0.0 inside, QoS, IPSEC.
>
>
> I'd warn you guys of running peers with full BGP on J series with 1 Gig of
> RAM. It was not a problem till 9.4. But since 9.4 JUNOS for J-series is
> flow
> based only thus fwwd daemon preallocates plenty of memory for stateful
> sessions tracking just like ScreenOS does. Even if you switch it to packet
> context.
>
> Here is some output from a J2350 runiing 9.6 in a lab enviroment.
>
> =
> p...@j2350> show system processes extensive
> [...]
>  PID USERNAMETHR PRI NICE   SIZERES STATETIME   WCPU COMMAND
>   11 root  1 171   52 0K12K RUN1069.4 95.80% idle
>  778 root  1  960   482M   482M select  71.0H  0.98% fwdd
> [...]
> =
>
> 482MB ! 9.5R1 eats even a bit more (some 60 megs plus).
>
> I myself tried to run 2 peers with fullview on J2320 JUNOS 9.4/9.5 with 1
> Gig and bumped into BGP session dropping with LowMem event.
>
> Moreover keep in mind that J2320/2350 are less valuable than SRX240 in
> price/performace terms.
>
> --
> Regards,
> Pavel
>  ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 
BR!



  James Chen
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Experience with J series

[Gregory Agerba]

Sorry to reply to myself, but I meant outperform J series, in the same
factor-size and price range.

2009/9/26 Gregory Agerba 

> Hi Pavel,
>
> Thanks for your input.
>
> Based on factsheets the J series outperform BGP capabilities of the SRX
> series. The only out that outperform in SRX is the 650 which looks like a
> real good deal (thanks for pointing it out to me!).
>
> Nice weekend.
>
> - Gregory
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Experience with J series

[Gregory Agerba]

Hi Pavel,

Thanks for your input.

Based on factsheets the J series outperform BGP capabilities of the SRX
series. The only out that outperform in SRX is the 650 which looks like a
real good deal (thanks for pointing it out to me!).

Nice weekend.

- Gregory

2009/9/26 Pavel Lunin plu...@senetsy.ru

>
> I'd warn you guys of running peers with full BGP on J series with 1 Gig of
> RAM. It was not a problem till 9.4. But since 9.4 JUNOS for J-series is flow
> based only thus fwwd daemon preallocates plenty of memory for stateful
> sessions tracking just like ScreenOS does. Even if you switch it to packet
> context.
>
> I myself tried to run 2 peers with fullview on J2320 JUNOS 9.4/9.5 with 1
> Gig and bumped into BGP session dropping with LowMem event.
>
> Moreover keep in mind that J2320/2350 are less valuable than SRX240 in
> price/performace terms.
>
> --
> Regards,
> Pavel
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Experience with J series

[Pavel Lunin]

2009/9/24 Chris Kawchuk 

Yep. 30 ACL's with no issues (assuming straightforward things). Full BGP
> Tables, OSPF area 0.0.0.0 inside, QoS, IPSEC.


I'd warn you guys of running peers with full BGP on J series with 1 Gig of
RAM. It was not a problem till 9.4. But since 9.4 JUNOS for J-series is flow
based only thus fwwd daemon preallocates plenty of memory for stateful
sessions tracking just like ScreenOS does. Even if you switch it to packet
context.

Here is some output from a J2350 runiing 9.6 in a lab enviroment.

=
p...@j2350> show system processes extensive
[...]
  PID USERNAMETHR PRI NICE   SIZERES STATETIME   WCPU COMMAND
   11 root  1 171   52 0K12K RUN1069.4 95.80% idle
  778 root  1  960   482M   482M select  71.0H  0.98% fwdd
[...]
=

482MB ! 9.5R1 eats even a bit more (some 60 megs plus).

I myself tried to run 2 peers with fullview on J2320 JUNOS 9.4/9.5 with 1
Gig and bumped into BGP session dropping with LowMem event.

Moreover keep in mind that J2320/2350 are less valuable than SRX240 in
price/performace terms.

--
Regards,
Pavel
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Experience with J series

[Patrik Olsson]

I am running J2320s high mem version as BGP gateway with ACLs and OSPF
towards other stuff on the inside. My company is a Webhotel. I have a
full feed coming down from my ISP.

I have about 10 Mbps concurrent traffic all the time and a couple of
thousand concurrent sessions.

I NEVER had a problem with my routers :-)

Cheers
Patrik


>  Hi,
> 
> I am currently looking after a review for a pair of Juniper J2350.
> 
> The purpose is to build a mission-critical Internet access with two ISP (one
> on each box running full table) and have a VRRP fault tolerance and with a
> small budget. It is not for pushing huge traffic, I expect around 1 to 3
> Mbit average and some rare peaks at 8 - 10 Mbit during backup timeframes.
> 
> The features I will be using are firewall (< 30 ACLs), BGP, OSPF (both IPv4
> and IPv6) and maybe one VPN tunnel + QoS (?).
> 
> According to the technical datasheet, this gear supports 1 GB of DRAM and
> handle a maximum ~ 300k BGP routes.
> 
> I have seen in some lists that these models now can be upgraded to 2 GB of
> DRAM with just no issue. Some people report having had successful experience
> handling 500k routes with these littles gears.
> 
> I am just looking after some experience with them in this kind of
> environment. By the way, does this box include any GUI software to maintain
> firewall ACLs?
> 
> Thanks.
> 
1

-- 

//Patrik

Webkom
http://www.webkom.se

+46 (0)709 35 22 99
+46 (0)8 559 26 488


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Experience with J series

[Olof Kasselstrand]

If you don't wanna pay $800:

http://blog.linuxtoyz.com/?p=24

Full feed is not a problem. My J2300 with 1 GB RAM does that easily =)

// Olof

On Fri, Sep 25, 2009 at 2:48 AM, Truman Boyes  wrote:
> Or rather OpenBGPD and XORP generate JUNOS-like configuration files. :)
>
> On 25/09/2009, at 12:45 AM, Gregory Agerba wrote:
>
>> I've seen JunOS generates nice OpenBGPd-like configuration files.
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Experience with J series

[Truman Boyes]

Or rather OpenBGPD and XORP generate JUNOS-like configuration files. :)

On 25/09/2009, at 12:45 AM, Gregory Agerba wrote:


I've seen JunOS generates nice OpenBGPd-like configuration files.


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Experience with J series

[Gregory Agerba]

Chris, thanks for your input.


> I've seen much more in 1 Gb of RAM.; however 300k routes is fine for the
> global routing table. (which is ~290k or so). You'd have room-to-spare.


Good. Juniper probably ensure at least 300k routes, with other features
turned on.


> Yes. I've worked with J4350's and J6350's with 2 Gb of RAM, holding 2
> complete eBGP tables each and an iBGP table. for a total of 800k routes.
> Also seen it (by misconfiguration) hold 1.2 Million routes in BGP/inet.0.


Good again and for half price of a green C7201 ;-)


> Full GUI supported (web-Gui on the box) - however, as always, the power is
> in the command line. JunOS is easy to use, easy to learn, and "makes sense"
> from a command-line configuration perspective.


I rarely use GUI. On Cisco they produce loads of useless lines. I am a big
fan of CLI since my first Linux box. However, that's more in case someone
less skilled has to take it and add a firewall rule in case I am off few
days or whenever my plane would crash, until they change them.

I've seen JunOS generates nice OpenBGPd-like configuration files. I am
familiar with HP cli and Foundry CLI. I've also heard that JunOS is way
different than Cisco but that once you get used to the synthax, you don't
want to get back on Cisco one.

However, that is no big risk. They seem to be a nice option at all levels:
price, performances and features. I am just not sure to buy the DRAM from
Juniper, 800$ for one extra GB is a bit expensive.

2009/9/24 Chris Kawchuk 

>  The purpose is to build a mission-critical Internet access with two ISP
>> (one
>> on each box running full table) and have a VRRP fault tolerance and with a
>> small budget. It is not for pushing huge traffic, I expect around 1 to 3
>> Mbit average and some rare peaks at 8 - 10 Mbit during backup timeframes.
>>
>
> No Problem. J2350's are capable of this easily. e/iBGP with full tables,
> VRRP on the inside interface.
> Processing 8-10mbit/sec would hardly "sweat" the box.
>
> The features I will be using are firewall (< 30 ACLs), BGP, OSPF (both IPv4
>> and IPv6) and maybe one VPN tunnel + QoS (?).
>>
>
> Yep. 30 ACL's with no issues (assuming straightforward things). Full BGP
> Tables, OSPF area 0.0.0.0 inside, QoS, IPSEC.
>
> According to the technical datasheet, this gear supports 1 GB of DRAM and
>> handle a maximum ~ 300k BGP routes.
>>
>
> I've seen much more in 1 Gb of RAM.; however 300k routes is fine for the
> global routing table. (which is ~290k or so). You'd have room-to-spare.
>
> I have seen in some lists that these models now can be upgraded to 2 GB of
>> DRAM with just no issue. Some people report having had successful
>> experience
>> handling 500k routes with these littles gears.
>>
>
> Yes. I've worked with J4350's and J6350's with 2 Gb of RAM, holding 2
> complete eBGP tables each and an iBGP table. for a total of 800k routes.
> Also seen it (by misconfiguration) hold 1.2 Million routes in BGP/inet.0.
>
> I am just looking after some experience with them in this kind of
>> environment. By the way, does this box include any GUI software to
>> maintain
>> firewall ACLs?
>>
>
> Full GUI supported (web-Gui on the box) - however, as always, the power is
> in the command line. JunOS is easy to use, easy to learn, and "makes sense"
> from a command-line configuration perspective.
>
> - Chris.
>
>


-- 
Gregory Agerba - IT Consultant
Email : 
Phone : +41 78 667 00 34
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Experience with J series

[Chris Kawchuk]

The purpose is to build a mission-critical Internet access with two  
ISP (one
on each box running full table) and have a VRRP fault tolerance and  
with a
small budget. It is not for pushing huge traffic, I expect around 1  
to 3
Mbit average and some rare peaks at 8 - 10 Mbit during backup  
timeframes.


No Problem. J2350's are capable of this easily. e/iBGP with full  
tables, VRRP on the inside interface.

Processing 8-10mbit/sec would hardly "sweat" the box.

The features I will be using are firewall (< 30 ACLs), BGP, OSPF  
(both IPv4

and IPv6) and maybe one VPN tunnel + QoS (?).


Yep. 30 ACL's with no issues (assuming straightforward things). Full  
BGP Tables, OSPF area 0.0.0.0 inside, QoS, IPSEC.


According to the technical datasheet, this gear supports 1 GB of  
DRAM and

handle a maximum ~ 300k BGP routes.


I've seen much more in 1 Gb of RAM.; however 300k routes is fine for  
the global routing table. (which is ~290k or so). You'd have room-to- 
spare.


I have seen in some lists that these models now can be upgraded to 2  
GB of
DRAM with just no issue. Some people report having had successful  
experience

handling 500k routes with these littles gears.


Yes. I've worked with J4350's and J6350's with 2 Gb of RAM, holding 2  
complete eBGP tables each and an iBGP table. for a total of 800k  
routes. Also seen it (by misconfiguration) hold 1.2 Million routes in  
BGP/inet.0.



I am just looking after some experience with them in this kind of
environment. By the way, does this box include any GUI software to  
maintain

firewall ACLs?


Full GUI supported (web-Gui on the box) - however, as always, the  
power is in the command line. JunOS is easy to use, easy to learn, and  
"makes sense" from a command-line configuration perspective.


- Chris.

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Experience with J series

[Gregory Agerba]

 Hi,

I am currently looking after a review for a pair of Juniper J2350.

The purpose is to build a mission-critical Internet access with two ISP (one
on each box running full table) and have a VRRP fault tolerance and with a
small budget. It is not for pushing huge traffic, I expect around 1 to 3
Mbit average and some rare peaks at 8 - 10 Mbit during backup timeframes.

The features I will be using are firewall (< 30 ACLs), BGP, OSPF (both IPv4
and IPv6) and maybe one VPN tunnel + QoS (?).

According to the technical datasheet, this gear supports 1 GB of DRAM and
handle a maximum ~ 300k BGP routes.

I have seen in some lists that these models now can be upgraded to 2 GB of
DRAM with just no issue. Some people report having had successful experience
handling 500k routes with these littles gears.

I am just looking after some experience with them in this kind of
environment. By the way, does this box include any GUI software to maintain
firewall ACLs?

Thanks.

-- 
Gregory Agerba
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp