[j-nsp] SRX RVI MPLS facing

2015-12-27 Thread Dan Rimal 
Hi,

I am trying to use SRX240B as a VLAN capable switch and also VPLS
endpoint. VPLS works "well" for me with standard routed port, but when i
tried to use uplink port as a "switch port" and use RVI (routed vlan
interface) to connect to MPLS core, VPLS stop working: OSPF, BGP and
RSVP works well, VPLS instances also goes UP, but VPLS instances cannot
learn remote MAC adressess.

Remote VPLS instance (MX series) learn MAC from SRX side, but VPLS on
SRX with RVI cannot learn mac from MX side. L2 looks like works well,
for example, VRRP (on lt interface) was established (because SRX master
use VRRP well known dst MAC).

It is Junos 12.1X46-D35

My working uplink config:

interfaces {
ge-0/0/1 {
vlan-tagging;
mtu 1590;
unit 500 {
vlan-id 500;
family inet {
mtu 1500;
address 31.31.176.193/30;
}
family mpls;
}
}
}


And not working RVI configuration:

interfaces {
ge-0/0/1 {
mtu 1590;
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ 500 520 ];
}
}
}
}
vlan {
mtu 1590;
unit 500 {
family inet {
mtu 1500;
address 31.31.176.193/30;
}
family mpls;
}
}
}
vlans {
vl500 {
vlan-id 500;
l3-interface vlan.500;
}
vl520 {
vlan-id 520;
}
}


It looks like a junos bug for me (or maybe SRX L2 limitation). Has
anyone run into the same problem?

Thanks a lot,

Daniel

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-11-03 Thread tim.hunt 
Interesting/ disappointing to read that the top end SRXs don't support MPLS as 
it is clearly the intention to deploy MPLS to the edge with the smaller SRXs.

So what is Juniper's solution for concentration points in the network e.g. head 
offices etc?

Do the large SRXs have no support for Family mpls in any fashion? Is it on 
the roadmap (the statement below would suggest it is)? And if so when can it be 
expected?

Thanks,

Tim.

-Original Message-

Message: 1
Date: Fri, 22 Oct 2010 08:54:36 +0530
From: Jai Chandra Gundapaneni jaichan...@juniper.net
To: EXT - xmi...@gmail.com xmi...@gmail.com
Cc: 'juniper-nsp@puck.nether.net' juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] SRX for MPLS
Message-ID:
33e45efc4b29ee4195b9440b22f885ea584a8...@embx02-bng.jnpr.net
Content-Type: text/plain; charset=iso-8859-1

Sorry for the confusion. The top end SRX don't yet support the MPLS feature as 
yet. The top end SRX don't work in packet mode.  

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-10-25 Thread Miroslav Georgiev 
I tested everything from mpls, ldp, rsvp, l2vpns, l3vpns, vpls and other 
routing protocols.
There are some limitations for mtu, encapsulations, fragmentation and 
other small but pain in the ass things.
Best thing is to get some (2 or more srx210 or better) and to do your 
tests . After that you will consider buying them.
About security things - if you still need them you can separate the box 
in 2 virtual-routers or something else.


On 10/22/2010 05:54 PM, Paul Stewart wrote:

Has anyone done much l2vpn on them?  I know that's related for sure..;)

-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Miroslav Georgiev
Sent: Friday, October 22, 2010 10:05 AM
To: Will McLendon
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] SRX for MPLS

Unfortunately there are some vpls limitations on SRX and J-series
routers. You should check them first.
Besides that everything works.

On 10/22/2010 04:28 PM, Will McLendon wrote:
   

you can definitely do MPLS on J-series and SRX gateways.  It even says so
 

on the datasheet -- however, as was mentioned, you must put the device in
packet-based mode, and thus lose ALL security features (everything that is
configured under [edit security] -- so Zones, Stateful Policies, NAT, etc.
are all not available)
   

to add-on to Tim's comment, you will want to use the command 'delete
 

security' to wipe out that hierarchy, and then enable the packet-based mode:
   

set security forwarding-options family mpls mode packet-based.

there are other statements in that hierarchy to enable packet-based for
 

inet6 etc, but i've never turned that on...just the MPLS statement will turn
it into a regular router..  My main fear for your deployment would be the
environmental conditions.  I don't believe the SRX is specifically hardened
for that kind of environment (that isn't to say it wouldn't work, though).
   

Also, you aren't planning to put an entire BGP table into them are you?
 

I'm not sure how well that would work on the smaller boxes.  I think i've
heard of it being done, but never done it myself so I can't speak to the
stability of such a scenario.
   

Good luck,

Will
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



 

--
Regards,,,
Miroslav Georgiev
SpectrumNet Jsc.
+(359 2)4890604
+(359 2)4890619


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-10-23 Thread Keegan Holley 
On Fri, Oct 22, 2010 at 9:46 AM, Chris Evans chrisccnpsp...@gmail.comwrote:

 My question is what is the purpose of using a security device for pure
 routing purposes???   Why not just buy a router?


It seems like the point was for it to be both a router and a security
device.  They can boast about an ethernet based routing platform cheaper
than the MX80 in some cases as well as a security platform that runs JunOS.
 Most of the security features do not run in the routing mode and vice
versa, so you decide what you want it to do before you deploy.  It seems the
extra abilities would only come in handy if you were looking to repurpose
the box from one function to another. I suppose there's also a certain wow
factor as well.  I remember all the buzz before they came out about the MPLS
enabled firewall.  Things like being able to bring in connections over
ethernet and IPSEC all on the same box while doing stateful packet
inspection and such.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-10-22 Thread Will McLendon 
you can definitely do MPLS on J-series and SRX gateways.  It even says so on 
the datasheet -- however, as was mentioned, you must put the device in 
packet-based mode, and thus lose ALL security features (everything that is 
configured under [edit security] -- so Zones, Stateful Policies, NAT, etc. are 
all not available)

to add-on to Tim's comment, you will want to use the command 'delete security' 
to wipe out that hierarchy, and then enable the packet-based mode:

set security forwarding-options family mpls mode packet-based.

there are other statements in that hierarchy to enable packet-based for inet6 
etc, but i've never turned that on...just the MPLS statement will turn it into 
a regular router..  My main fear for your deployment would be the environmental 
conditions.  I don't believe the SRX is specifically hardened for that kind of 
environment (that isn't to say it wouldn't work, though).

Also, you aren't planning to put an entire BGP table into them are you?  I'm 
not sure how well that would work on the smaller boxes.  I think i've heard of 
it being done, but never done it myself so I can't speak to the stability of 
such a scenario.

Good luck,

Will
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-10-22 Thread Chris Evans 
My question is what is the purpose of using a security device for pure
routing purposes???   Why not just buy a router?
On Oct 22, 2010 9:34 AM, Will McLendon wimcl...@gmail.com wrote:
 you can definitely do MPLS on J-series and SRX gateways. It even says so
on the datasheet -- however, as was mentioned, you must put the device in
packet-based mode, and thus lose ALL security features (everything that is
configured under [edit security] -- so Zones, Stateful Policies, NAT, etc.
are all not available)

 to add-on to Tim's comment, you will want to use the command 'delete
security' to wipe out that hierarchy, and then enable the packet-based mode:

 set security forwarding-options family mpls mode packet-based.

 there are other statements in that hierarchy to enable packet-based for
inet6 etc, but i've never turned that on...just the MPLS statement will turn
it into a regular router.. My main fear for your deployment would be the
environmental conditions. I don't believe the SRX is specifically hardened
for that kind of environment (that isn't to say it wouldn't work, though).

 Also, you aren't planning to put an entire BGP table into them are you?
I'm not sure how well that would work on the smaller boxes. I think i've
heard of it being done, but never done it myself so I can't speak to the
stability of such a scenario.

 Good luck,

 Will
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-10-22 Thread Miroslav Georgiev 
Unfortunately there are some vpls limitations on SRX and J-series 
routers. You should check them first.

Besides that everything works.

On 10/22/2010 04:28 PM, Will McLendon wrote:

you can definitely do MPLS on J-series and SRX gateways.  It even says so on 
the datasheet -- however, as was mentioned, you must put the device in 
packet-based mode, and thus lose ALL security features (everything that is 
configured under [edit security] -- so Zones, Stateful Policies, NAT, etc. are 
all not available)

to add-on to Tim's comment, you will want to use the command 'delete security' 
to wipe out that hierarchy, and then enable the packet-based mode:

set security forwarding-options family mpls mode packet-based.

there are other statements in that hierarchy to enable packet-based for inet6 
etc, but i've never turned that on...just the MPLS statement will turn it into 
a regular router..  My main fear for your deployment would be the environmental 
conditions.  I don't believe the SRX is specifically hardened for that kind of 
environment (that isn't to say it wouldn't work, though).

Also, you aren't planning to put an entire BGP table into them are you?  I'm 
not sure how well that would work on the smaller boxes.  I think i've heard of 
it being done, but never done it myself so I can't speak to the stability of 
such a scenario.

Good luck,

Will
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


   

--
Regards,,,
Miroslav Georgiev
SpectrumNet Jsc.
+(359 2)4890604
+(359 2)4890619


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-10-22 Thread Chris Kawchuk 
Simple Answer. Cost.

The SRX650 can handle about as much traffic as an M7i, at less half the price.

There's no equivalent J-series at that level. (J6350 would top out at 2Gbps).
Likewise, J-series runs virtually the same code now as the SRX series (in terms 
of security),

Which begs an answer to the question: Why not just buy a router?

Answer: What router? There's only security devices below the M7.

- CK.

P.S. there was a huge previous discussion regarding J-series only-flow-based 
earlier, which I'm sure you remember. =)

On 2010-10-23, at 12:46 AM, Chris Evans wrote:

 My question is what is the purpose of using a security device for pure
 routing purposes???   Why not just buy a router?

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-10-22 Thread Giuliano Cardozo Medalha 

We are studying it:

   * J Series or SRX Series devices do not support aggregated Ethernet
 interfaces. Therefore, aggregated Ethernet interfaces between CE
 devices and PE routers are not supported for VPLS routing
 instances on J Series or SRX Series devices.
   * VPLS routing instances on J Series or SRX Series devices use BGP
 to send signals to other PE routers. LDP signaling is not supported.
   * VPLS multihoming, which allows connecting a CE device to multiple
 PE routers to provide redundant connectivity, is not supported on
 J Series or SRX Series devices.
   * J Series or SRX Series devices do not support BGP mesh groups.
   * J Series or SRX Series devices support only the following
 encapsulation types on VPLS interfaces that face CE devices:
 extended VLAN VPLS, Ethernet VPLS, and VLAN VPLS. Ethernet VPLS
 over ATM LLC encapsulation is not supported.
   * Virtual ports are generated dynamically on a Tunnel Services PIC
 on some Juniper Networks routing platforms. J Series or SRX Series
 devices do not support Tunnel Services modules or virtual ports.
   * The VPLS implementation on J Series or SRX Series devices does not
 support dual-tagged frames. Therefore, VLAN rewrite operations are
 not supported on dual-tagged frames. VLAN rewrite operations such
 as pop-pop, pop-swap, push-push, swap-push, and swap-swap, which
 are supported on M Series and T Series routing platforms, are not
 supported on J Series or SRX Series devices.
   * Firewall filters for VPLS are not supported.



BGP Signaling must be a big limitation, because of address space of this 
boxes.

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-10-22 Thread Giuliano Cardozo Medalha 

We are studying it:

   * J Series or SRX Series devices do not support aggregated Ethernet
 interfaces. Therefore, aggregated Ethernet interfaces between CE
 devices and PE routers are not supported for VPLS routing
 instances on J Series or SRX Series devices.
   * VPLS routing instances on J Series or SRX Series devices use BGP
 to send signals to other PE routers. LDP signaling is not supported.
   * VPLS multihoming, which allows connecting a CE device to multiple
 PE routers to provide redundant connectivity, is not supported on
 J Series or SRX Series devices.
   * J Series or SRX Series devices do not support BGP mesh groups.
   * J Series or SRX Series devices support only the following
 encapsulation types on VPLS interfaces that face CE devices:
 extended VLAN VPLS, Ethernet VPLS, and VLAN VPLS. Ethernet VPLS
 over ATM LLC encapsulation is not supported.
   * Virtual ports are generated dynamically on a Tunnel Services PIC
 on some Juniper Networks routing platforms. J Series or SRX Series
 devices do not support Tunnel Services modules or virtual ports.
   * The VPLS implementation on J Series or SRX Series devices does not
 support dual-tagged frames. Therefore, VLAN rewrite operations are
 not supported on dual-tagged frames. VLAN rewrite operations such
 as pop-pop, pop-swap, push-push, swap-push, and swap-swap, which
 are supported on M Series and T Series routing platforms, are not
 supported on J Series or SRX Series devices.
   * Firewall filters for VPLS are not supported.



BGP Signaling must be a big limitation, because of address space of this 
boxes.

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-10-22 Thread Paul Stewart 
Has anyone done much l2vpn on them?  I know that's related for sure..;)

-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Miroslav Georgiev
Sent: Friday, October 22, 2010 10:05 AM
To: Will McLendon
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] SRX for MPLS

Unfortunately there are some vpls limitations on SRX and J-series 
routers. You should check them first.
Besides that everything works.

On 10/22/2010 04:28 PM, Will McLendon wrote:
 you can definitely do MPLS on J-series and SRX gateways.  It even says so
on the datasheet -- however, as was mentioned, you must put the device in
packet-based mode, and thus lose ALL security features (everything that is
configured under [edit security] -- so Zones, Stateful Policies, NAT, etc.
are all not available)

 to add-on to Tim's comment, you will want to use the command 'delete
security' to wipe out that hierarchy, and then enable the packet-based mode:

 set security forwarding-options family mpls mode packet-based.

 there are other statements in that hierarchy to enable packet-based for
inet6 etc, but i've never turned that on...just the MPLS statement will turn
it into a regular router..  My main fear for your deployment would be the
environmental conditions.  I don't believe the SRX is specifically hardened
for that kind of environment (that isn't to say it wouldn't work, though).

 Also, you aren't planning to put an entire BGP table into them are you?
I'm not sure how well that would work on the smaller boxes.  I think i've
heard of it being done, but never done it myself so I can't speak to the
stability of such a scenario.

 Good luck,

 Will
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp



-- 
Regards,,,
Miroslav Georgiev
SpectrumNet Jsc.
+(359 2)4890604
+(359 2)4890619


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-10-22 Thread Giuliano Cardozo Medalha 

On 22/10/2010 11:46, Chris Evans wrote:

My question is what is the purpose of using a security device for pure
routing purposes???   Why not just buy a router?
On Oct 22, 2010 9:34 AM, Will McLendonwimcl...@gmail.com  wrote:


Price and size of the box.

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-10-22 Thread Chris Evans 
Ahhh the cost reason.  That is a huge reason we aren't buying much juniper
gear at this point in time. We only use m or mx devices along with the full
Cisco product catalog. Every solution we are doing lately costs 2 to 5 times
using juniper versus cisco.. I just can't justify juniper at this point in
time for most contexts due to cost alone. This is something I've been
yelling at my account team about.
On Oct 22, 2010 11:22 AM, Giuliano Cardozo Medalha giulian...@uol.com.br
wrote:
 On 22/10/2010 11:46, Chris Evans wrote:
 My question is what is the purpose of using a security device for pure
 routing purposes??? Why not just buy a router?
 On Oct 22, 2010 9:34 AM, Will McLendonwimcl...@gmail.com wrote:

 Price and size of the box.

 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-10-22 Thread Giuliano Cardozo Medalha 
Now we need to understand the limits for L2 VPNs e how can we use it 
integrated with JUNOS Space and Network Activator.



Ahhh the cost reason.  That is a huge reason we aren't buying much 
juniper gear at this point in time. We only use m or mx devices along 
with the full Cisco product catalog. Every solution we are doing 
lately costs 2 to 5 times using juniper versus cisco.. I just can't 
justify juniper at this point in time for most contexts due to cost 
alone. This is something I've been yelling at my account team about.


On Oct 22, 2010 11:22 AM, Giuliano Cardozo Medalha 
giulian...@uol.com.br mailto:giulian...@uol.com.br wrote:

 On 22/10/2010 11:46, Chris Evans wrote:
 My question is what is the purpose of using a security device for pure
 routing purposes??? Why not just buy a router?
 On Oct 22, 2010 9:34 AM, Will McLendonwimcl...@gmail.com 
mailto:wimcl...@gmail.com wrote:


 Price and size of the box.

 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net 
mailto:juniper-nsp@puck.nether.net

 https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] SRX for MPLS

2010-10-21 Thread Giuliano Cardozo Medalha 

People,

Does anyone uses SRX routers for MPLS (VPLS) Transport ?

We are thinking about the use of SRX220 under some conditions:

- Use it in a not a good environment without air conditioning and a lot 
of dust ... external box temperature rises from 35 to 42 Celsius.
- Be the point to interconnect POPs using point to point radios 
(100~1000 Mbps)
- Using it to provide a VPLS infrastructure for L2 transport and client 
isolation until the start of the backbone (M7i and MX80 Routers)

- SRX220 to provide OSPFv2 and OSPFv3 L3 gateway for some routed clients.

The figure showed at the following link tries to resume it at all:

http://www.wztech.com.br/JUNIPER/Topology.png

It is possible to use this box in a such project ?  Do you have any 
experience using it to do this type of topology ?


Is is possible that SRX220 can work fine under so strength environment 
conditions ?  Could it blow up or goes down ?


If someone has implemented this kind of environment can please share the 
experiences ?


Thanks a lot,

Giuliano







___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] SRX for MPLS

2010-10-21 Thread Giuliano Cardozo Medalha 

People,

Does anyone uses SRX routers for MPLS (VPLS) Transport ?

We are thinking about the use of SRX220 under some conditions:

- Use it in a not a good environment without air conditioning and a lot 
of dust ... external box temperature rises from 35 to 42 Celsius.
- Be the point to interconnect POPs using point to point radios 
(100~1000 Mbps)
- Using it to provide a VPLS infrastructure for L2 transport and client 
isolation until the start of the backbone (M7i and MX80 Routers)

- SRX220 to provide OSPFv2 and OSPFv3 L3 gateway for some routed clients.

The figure showed at the following link tries to resume it at all:

http://www.wztech.com.br/JUNIPER/Topology.png

It is possible to use this box in a such project ?  Do you have any 
experience using it to do this type of topology ?


Is is possible that SRX220 can work fine under so strength environment 
conditions ?  Could it blow up or goes down ?


If someone has implemented this kind of environment can please share the 
experiences ?


Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-10-21 Thread Jai Chandra Gundapaneni 
Hi Giuliano,

We do not support MPLS on SRX platforms.



Thanks  Regards,
 Jai 

- Original Message -
From: juniper-nsp-boun...@puck.nether.net juniper-nsp-boun...@puck.nether.net
To: juniper-nsp@puck.nether.net juniper-nsp@puck.nether.net
Sent: Thu Oct 21 19:48:46 2010
Subject: [j-nsp] SRX for MPLS

People,

Does anyone uses SRX routers for MPLS (VPLS) Transport ?

We are thinking about the use of SRX220 under some conditions:

- Use it in a not a good environment without air conditioning and a lot 
of dust ... external box temperature rises from 35 to 42 Celsius.
- Be the point to interconnect POPs using point to point radios 
(100~1000 Mbps)
- Using it to provide a VPLS infrastructure for L2 transport and client 
isolation until the start of the backbone (M7i and MX80 Routers)
- SRX220 to provide OSPFv2 and OSPFv3 L3 gateway for some routed clients.

The figure showed at the following link tries to resume it at all:

http://www.wztech.com.br/JUNIPER/Topology.png

It is possible to use this box in a such project ?  Do you have any 
experience using it to do this type of topology ?

Is is possible that SRX220 can work fine under so strength environment 
conditions ?  Could it blow up or goes down ?

If someone has implemented this kind of environment can please share the 
experiences ?

Thanks a lot,

Giuliano







___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-10-21 Thread Tim Eberhard 
I don't believe that's the case. You can do MPLS (I can't say I've ever done
it, but I know the config is possible) the major catch with that is the SRX
will be switched to packet mode (vs flow) and you loose the flow
capabilities of the SRX platform. Basically you can turn the SRX into a
branch router and do MPLS but the MPLS router+firewall isn't possible.

security {
forwarding-options {
family {
mpls {
mode packet-based;
}
}
}
}

Hope this clears things up,
-Tim Eberhard

On Thu, Oct 21, 2010 at 9:59 PM, Jai Chandra Gundapaneni 
jaichan...@juniper.net wrote:

 At least not yet I should say.

 Thanks  Regards,
  Jai

 - Original Message -
 From: Jai Chandra Gundapaneni
 To: 'giulian...@uol.com.br' giulian...@uol.com.br; '
 juniper-nsp@puck.nether.net' juniper-nsp@puck.nether.net
 Sent: Thu Oct 21 19:57:52 2010
 Subject: Re: [j-nsp] SRX for MPLS

 Hi Giuliano,

 We do not support MPLS on SRX platforms.



 Thanks  Regards,
  Jai

 - Original Message -
 From: juniper-nsp-boun...@puck.nether.net 
 juniper-nsp-boun...@puck.nether.net
 To: juniper-nsp@puck.nether.net juniper-nsp@puck.nether.net
 Sent: Thu Oct 21 19:48:46 2010
 Subject: [j-nsp] SRX for MPLS

 People,

 Does anyone uses SRX routers for MPLS (VPLS) Transport ?

 We are thinking about the use of SRX220 under some conditions:

 - Use it in a not a good environment without air conditioning and a lot
 of dust ... external box temperature rises from 35 to 42 Celsius.
 - Be the point to interconnect POPs using point to point radios
 (100~1000 Mbps)
 - Using it to provide a VPLS infrastructure for L2 transport and client
 isolation until the start of the backbone (M7i and MX80 Routers)
 - SRX220 to provide OSPFv2 and OSPFv3 L3 gateway for some routed clients.

 The figure showed at the following link tries to resume it at all:

 http://www.wztech.com.br/JUNIPER/Topology.png

 It is possible to use this box in a such project ?  Do you have any
 experience using it to do this type of topology ?

 Is is possible that SRX220 can work fine under so strength environment
 conditions ?  Could it blow up or goes down ?

 If someone has implemented this kind of environment can please share the
 experiences ?

 Thanks a lot,

 Giuliano







 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp

 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-10-21 Thread Jai Chandra Gundapaneni 
Sorry for the confusion. The top end SRX don't yet support the MPLS feature as 
yet. The top end SRX don't work in packet mode.  

--Original Message--
From: EXT - xmi...@gmail.com
To: Jai Chandra Gundapaneni
Cc: giulian...@uol.com.br
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] SRX for MPLS
Sent: Oct 22, 2010 08:43

I don't believe that's the case. You can do MPLS (I can't say I've ever done 
it, but I know the config is possible) the major catch with that is the SRX 
will be switched to packet mode (vs flow) and you loose the flow capabilities 
of the SRX platform. Basically you can turn the SRX into a branch router and do 
MPLS but the MPLS router+firewall isn't possible. security {     
forwarding-options {         family {             mpls {                 mode 
packet-based;                 }             }         } } Hope this clears 
things up, -Tim Eberhard On Thu, Oct 21, 2010 at 9:59 PM, Jai Chandra 
Gundapaneni jaichan...@juniper.net wrote: At least not yet I should say. 
Thanks  Regards,  Jai - Original Message - From: Jai Chandra 
Gundapaneni To: 'giulian...@uol.com.br' giulian...@uol.com.br; 
'juniper-nsp@puck.nether.net' juniper-nsp@puck.nether.net Sent: Thu Oct 21 
19:57:52 2010 Subject: Re: [j-nsp] SRX for MPLS Hi Giuliano, We do not support 
MPLS on SRX platforms. Thanks  Regards,  Jai - Original Message - 
From: juniper-nsp-boun...@puck.nether.net juniper-nsp-boun...@puck.nether.net 
To: juniper-nsp@puck.nether.net juniper-nsp@puck.nether.net Sent: Thu Oct 21 
19:48:46 2010 Subject: [j-nsp] SRX for MPLS People, Does anyone uses SRX 
routers for MPLS (VPLS) Transport ? We are thinking about the use of SRX220 
under some conditions: - Use it in a not a good environment without air 
conditioning and a lot of dust ... external box temperature rises from 35 to 42 
Celsius. - Be the point to interconnect POPs using point to point radios 
(100~1000 Mbps) - Using it to provide a VPLS infrastructure for L2 transport 
and client isolation until the start of the backbone (M7i and MX80 Routers) - 
SRX220 to provide OSPFv2 and OSPFv3 L3 gateway for some routed clients. The 
figure showed at the following link tries to resume it at all: 
http://www.wztech.com.br/JUNIPER/Topology.png It is possible to use this box in 
a such project ?  Do you have any experience using it to do this type of 
topology ? Is is possible that SRX220 can work fine under so strength 
environment conditions ?  Could it blow up or goes down ? If someone has 
implemented this kind of environment can please share the experiences ? Thanks 
a lot, Giuliano ___ juniper-nsp 
mailing list juniper-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/juniper-nsp 
___ juniper-nsp mailing list 
juniper-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/juniper-nsp 
Thanks  Regards,
 Jai 
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX for MPLS

2010-10-21 Thread Barny Sanchez 
High-end SRXs (SRX3000s and SRX5000s) do not support packet-based only 
processing.  

Branch SRX (SRX100s, SRX200s, SRX650s) support either packet-based only, 
flow-based only or mixed mode (selective packet services).  Please refer to the 
following app note for some great examples:  
https://www.juniper.net/us/en/local/pdf/app-notes/3500192-en.pdf
 

Thanks,

Barny Sanchez
Sr. Consulting Engineer, Security Products  Solutions
Juniper Networks



On Oct 21, 2010, at 9:13 PM, Tim Eberhard wrote:

I don't believe that's the case. You can do MPLS (I can't say I've ever done
it, but I know the config is possible) the major catch with that is the SRX
will be switched to packet mode (vs flow) and you loose the flow
capabilities of the SRX platform. Basically you can turn the SRX into a
branch router and do MPLS but the MPLS router+firewall isn't possible.

security {
   forwarding-options {
   family {
   mpls {
   mode packet-based;
   }
   }
   }
}

Hope this clears things up,
-Tim Eberhard

On Thu, Oct 21, 2010 at 9:59 PM, Jai Chandra Gundapaneni 
jaichan...@juniper.net wrote:

 At least not yet I should say.
 
 Thanks  Regards,
 Jai
 
 - Original Message -
 From: Jai Chandra Gundapaneni
 To: 'giulian...@uol.com.br' giulian...@uol.com.br; '
 juniper-nsp@puck.nether.net' juniper-nsp@puck.nether.net
 Sent: Thu Oct 21 19:57:52 2010
 Subject: Re: [j-nsp] SRX for MPLS
 
 Hi Giuliano,
 
 We do not support MPLS on SRX platforms.
 
 
 
 Thanks  Regards,
 Jai
 
 - Original Message -
 From: juniper-nsp-boun...@puck.nether.net 
 juniper-nsp-boun...@puck.nether.net
 To: juniper-nsp@puck.nether.net juniper-nsp@puck.nether.net
 Sent: Thu Oct 21 19:48:46 2010
 Subject: [j-nsp] SRX for MPLS
 
 People,
 
 Does anyone uses SRX routers for MPLS (VPLS) Transport ?
 
 We are thinking about the use of SRX220 under some conditions:
 
 - Use it in a not a good environment without air conditioning and a lot
 of dust ... external box temperature rises from 35 to 42 Celsius.
 - Be the point to interconnect POPs using point to point radios
 (100~1000 Mbps)
 - Using it to provide a VPLS infrastructure for L2 transport and client
 isolation until the start of the backbone (M7i and MX80 Routers)
 - SRX220 to provide OSPFv2 and OSPFv3 L3 gateway for some routed clients.
 
 The figure showed at the following link tries to resume it at all:
 
 http://www.wztech.com.br/JUNIPER/Topology.png
 
 It is possible to use this box in a such project ?  Do you have any
 experience using it to do this type of topology ?
 
 Is is possible that SRX220 can work fine under so strength environment
 conditions ?  Could it blow up or goes down ?
 
 If someone has implemented this kind of environment can please share the
 experiences ?
 
 Thanks a lot,
 
 Giuliano
 
 
 
 
 
 
 
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
 
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
 
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp