802.1ad or 802.1ah?
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Bill Blackford
Sent: Friday, February 04, 2011 11:46 AM
To: 'juniper-nsp'
Subject: [j-nsp] MX bridge-domains
I considered holding off on this questio
Yep, familiar with the concept and practice. Our level of control over the
networks/boxes in question varies, so it's nice to know what tools I've got in
the toolbox..
Ryan
On Feb 4, 2011, at 11:01 PM, "Doug Hanks" wrote:
> There's a feature in DNS called "views." It's a bit similar to sour
There's a feature in DNS called "views." It's a bit similar to source routing.
Depending on where the DNS request comes from, it's able to return a different
result.
Doug
-Original Message-
From: Ryan Goldberg [mailto:rgoldb...@compudyne.net]
Sent: Friday, February 04, 2011 8:57 PM
T
Excellent info. Thanks. Scenario 1, while admittedly silly, can occur when the
public ip is what's in dns and rather than playing dns tricks (because perhaps
in a given situation dns tricks are not available or are onerous). Very happy
to hear scenario 2 Just Works.
I'm nabbing an srx100 - no
I forgot to mention that your option 2 "just works" with the SRX with all
variations.
Doug
-Original Message-
From: Doug Hanks
Sent: Friday, February 04, 2011 8:42 PM
To: 'Ryan Goldberg'; Julien Goodwin
Cc: juniper-nsp@puck.nether.net
Subject: RE: [j-nsp] SRX advice
That's a silly setu
That's a silly setup, because 10.1.1.33 should just talk directly to 10.1.1.200
because they're on the same subnet.
This also creates an interesting packet trace
1) SA: 10.1.1.33, DA: 123.123.123.123
2) SRX NATs 123.123.123.132 to 10.1.1.200
3) SA: 10.1.1.33, DA: 10.1.1.200
4)
I apologize - that was a premature "send" from my phone due to an errant
thumb...
I'll rephrase a little.. Let's say I have (on the same box):
Private net 10.1.1.0/24 src-natted on its way to the internet to public address
123.123.123.123
Also, 123.123.123.123:80 is dst-natted to 10.1.1.200:8
I'm not quite understanding your NAT requirement. On the other hand I can tell
you from personal experience that SRX has some of the best NAT support I've
used.
Here are some common deployment methods for NAT and how to use them on the SRX.
http://kb.juniper.net/library/CUSTOMERSERVICE/technot
Regarding the odd-setup
Can SRX boxes do (for lack of a better term) "nat loopback"? In other words,
say you have private net x src natted to public address y. And you have
private network a src natted to public address b. Additionally you have some
dst nat going the other direction for
Where do you need to transport them? Also, are you running mpls? I would
probably use some mpls based service, L2VPN, VPLS, EoMPLS etc. If not I'd
probably just use generic switches, juniper or no. The cost per port is
much lower.
On Fri, Feb 4, 2011 at 2:45 PM, Bill Blackford
wrote:
> I cons
I considered holding off on this question until I gained a better understanding
on what I really need but then thought I'd like to head down the right path
before I get too deep.
The scenario:
I have a need to carry customers on individual tags though the network to
provide IP on the far end.
Be aware though that COS is very router and interface specific, so while a
generic example like this will work in most cases, it won't work in all. For
example, with some PICs you cannot have more than one med-high+ priority:
[edit class-of-service interfaces]
'ge-5/1/0'
More than one sche
I think that's a good direction to go. I would only recommend going with a
pair of SRX650s so that you can install a cluster and provide high availability.
Doug
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Ryan G
Thanks everyone for the replies -
After some deliberation, we are leaning towards a single SRX650 to replace
watchguards a, b and c, and a pair of SRX100 for watchguard d. The 2821 will
likely hang around, as it is not problematic in the least, and all the tunnels
it terminates are cisco VTI-
Depending on your hardware you can have up to 16 forwarding classes. I wrote
a very basic 3 class example here (Network Control, Expedited Forwarding,
and BE) to get you started. Network Control is your control plane protocols.
There are a lot more options than what is here. I would recommend check
All control plane functions are on the primary node and the secondary node acts
like a backup RE and linecard. You can use the cluster active/passive or you
can use active/active. You aren't forced to only use active/passive. There's
a control link that synchronizes all of the runtime objects
a 2821) terminates a bunch of lan-to-lan ipsec tunnels (VTI style) to 1841s
all over the place. box is completely VRFed, no global table, all the tunnels
land in the INTERNET vrf and pop out in customer vlans, each their own vrf.
10-30Mbit
One of the large drawbacks on SRX has been lack of supp
17 matches
Mail list logo
