Discussion:
[j-nsp] SRX300 - How much MPLS can be done with that platform?
Alain Hebert
2018-08-24 14:31:14 UTC
Permalink
    Curious to know.

    The commands are there...  Most of the things seems functional up
to LDP.

    Have a good day.
--
-----
Alain Hebert ***@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443

_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.ne
Pavel Lunin
2018-08-24 15:12:48 UTC
Permalink
In stateless mode — as much as the cpus and ram can accommodate.
Performance and scaling should be somewhat near the IP packet-mode numbers,
and most major features are there.

In stateful mode — zero, if I didn't miss something.
Post by Alain Hebert
Curious to know.
The commands are there... Most of the things seems functional up
to LDP.
Have a good day.
--
-----
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman
Aaron Gould
2018-08-24 18:09:39 UTC
Permalink
Is that true? I was wondering if stateful mode does no mpls at all. I was recently wondering if I could use a Juniper SRX firewall in its purest firewall form, I think known as stateful mode, with MPLS encapsulation and services terminating directly inside of the SRX

Let me know , thanks

Aaron
Post by Pavel Lunin
In stateless mode — as much as the cpus and ram can accommodate.
Performance and scaling should be somewhat near the IP packet-mode numbers,
and most major features are there.
In stateful mode — zero, if I didn't miss something.
Post by Alain Hebert
Curious to know.
The commands are there... Most of the things seems functional up
to LDP.
Have a good day.
--
-----
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/lis
Alain Hebert
2018-08-24 18:16:03 UTC
Permalink
    Well...  Quick test with iperf v2.

[ 3] 0.0-10.0 sec 1000 MBytes 839 Mbits/sec

    On ge-0/0/3 right now =D

-----

set version 15.1X49-D140.2
set system host-name SITEA
set system time-zone America/Toronto
set system root-authentication encrypted-password
"$5$Pp.xrsCy$38kIaR9FL8FFwOn.KBDPYJOPLpReC906HV7GyKhNKG1"
set system name-server 8.8.8.8
set system name-server 8.8.4.4
set system login user calgah uid 2000
set system login user calgah class super-user
set system login user calgah authentication encrypted-password
"$5$6zYw7nsI$vk6zsBQ.ZsXGOx4xNuls9kw5LAfVyooF4sXgN/hKzQ7"
set system services ssh
set system services netconf ssh
set system services dhcp-local-server group jdhcp-group interface irb.0
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url
https://ae1.juniper.net/junos/key_retrieval
deactivate system license
set security forwarding-options family inet6 mode packet-based
set security forwarding-options family mpls mode packet-based
set security forwarding-options family iso mode packet-based
set interfaces ge-0/0/0 unit 0 family inet address 192.168.0.220/24
set interfaces ge-0/0/2 description Customers
set interfaces ge-0/0/2 flexible-vlan-tagging
set interfaces ge-0/0/2 encapsulation flexible-ethernet-services
set interfaces ge-0/0/2 unit 100 encapsulation vlan-ccc
set interfaces ge-0/0/2 unit 100 vlan-id 100
set interfaces ge-0/0/2 unit 200 encapsulation vlan-ccc
set interfaces ge-0/0/2 unit 200 vlan-id 200
set interfaces ge-0/0/3 description Eth-CCC
set interfaces ge-0/0/3 encapsulation ethernet-ccc
set interfaces ge-0/0/3 unit 0 family ccc
set interfaces ge-0/0/4 description MPLS_Path_A
set interfaces ge-0/0/4 unit 0 family inet address 10.10.10.2/31
set interfaces ge-0/0/4 unit 0 family iso
set interfaces ge-0/0/4 unit 0 family mpls
set interfaces ge-0/0/5 description MPLS_Path_B
set interfaces ge-0/0/5 unit 0 family inet address 10.10.11.2/31
set interfaces ge-0/0/5 unit 0 family iso
set interfaces ge-0/0/5 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 10.0.0.1/32
set interfaces lo0 unit 0 family iso address 49.0004.1000.0000.0001.00
set interfaces lo0 unit 0 family mpls
set protocols rsvp interface lo0.0
set protocols rsvp interface ge-0/0/4.0
set protocols rsvp interface ge-0/0/5.0
set protocols mpls interface lo0.0
set protocols mpls interface ge-0/0/4.0
set protocols mpls interface ge-0/0/5.0
set protocols isis interface ge-0/0/4.0 level 1 hello-authentication-key
"$9$2SgGiPfz6CuQFWL"
set protocols isis interface ge-0/0/4.0 level 1
hello-authentication-type simple
set protocols isis interface ge-0/0/5.0 level 1 hello-authentication-key
"$9$gL4UHf5F/A0z3"
set protocols isis interface ge-0/0/5.0 level 1
hello-authentication-type simple
set protocols isis interface lo0.0
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/5.0
set protocols ldp interface ge-0/0/4.0
set protocols ldp interface ge-0/0/5.0
set protocols ldp interface lo0.0
set protocols l2circuit neighbor 10.0.0.2 interface ge-0/0/2.100
virtual-circuit-id 100
set protocols l2circuit neighbor 10.0.0.2 interface ge-0/0/2.100
no-control-word
set protocols l2circuit neighbor 10.0.0.2 interface ge-0/0/2.200
virtual-circuit-id 200
set protocols l2circuit neighbor 10.0.0.2 interface ge-0/0/2.200
no-control-word
set protocols l2circuit neighbor 10.0.0.2 interface ge-0/0/3.0
virtual-circuit-id 300
set protocols l2circuit neighbor 10.0.0.2 interface ge-0/0/3.0
no-control-word


-----
Alain Hebert ***@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
Post by Aaron Gould
Is that true? I was wondering if stateful mode does no mpls at all. I was recently wondering if I could use a Juniper SRX firewall in its purest firewall form, I think known as stateful mode, with MPLS encapsulation and services terminating directly inside of the SRX
Let me know , thanks
Aaron
Post by Pavel Lunin
In stateless mode — as much as the cpus and ram can accommodate.
Performance and scaling should be somewhat near the IP packet-mode numbers,
and most major features are there.
In stateful mode — zero, if I didn't miss something.
Post by Alain Hebert
Curious to know.
The commands are there... Most of the things seems functional up
to LDP.
Have a good day.
--
-----
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
http
ML
2018-08-24 18:34:57 UTC
Permalink
This post might be inappropriate. Click to display it.
Pavel Lunin
2018-08-24 21:13:20 UTC
Permalink
You can selectively disable stateful processing using firewall filters but
you can't combine stateful and mpls for a given packet except with
recirculation.
Post by Aaron Gould
Is that true? I was wondering if stateful mode does no mpls at all. I was
recently wondering if I could use a Juniper SRX firewall in its purest
firewall form, I think known as stateful mode, with MPLS encapsulation and
services terminating directly inside of the SRX
Let me know , thanks
Aaron
Post by Pavel Lunin
In stateless mode — as much as the cpus and ram can accommodate.
Performance and scaling should be somewhat near the IP packet-mode
numbers,
Post by Pavel Lunin
and most major features are there.
In stateful mode — zero, if I didn't miss something.
Post by Alain Hebert
Curious to know.
The commands are there... Most of the things seems functional up
to LDP.
Have a good day.
--
-----
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.ne

Alexandre Snarskii
2018-08-24 15:34:53 UTC
Permalink
Post by Alain Hebert
    Curious to know.
Not too much. In my tests srx300 was able to serve only about
~260kpps (91Mbit) of small packets and ~110kpps (460Mbit) of
large ones. Numbers are somewhat 'half-duplex', for packets it's
overall performance, for bps - it's single direction. Actual screen
scrape on a peak survivable load (large packets):

Input rate : 465659072 bps (55027 pps)
Output rate : 463557760 bps (54989 pps)
Post by Alain Hebert
    The commands are there...  Most of the things seems functional up
to LDP.
l2circuits works fine.
Post by Alain Hebert
    Have a good day.
--
-----
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https:
Loading...