Screenos to Junos commands

This should be useful if you are new to junos, but old to screenos

http://kb.juniper.net/index?page=content&id=KB14000

Advertisements

What I have been up to: SRX performance is off the charts

Well I kind of hate just putting something about nothing, but just for updates sake. I have been stoopid busy lately. I just got through testing an srx3400 (which is the low-end midrange box, there are three other higher performing boxes) for performance using breaking point elite box. All I can say is wow, these product line is off the charts in terms of performance, mind boggling connections per second.  I have also been working on some new junoscripts to display in the cli a more concise summary of the policy hit counts much like you would see in IOS. I have also been working on a UAC/NAC proof of concept using juniper’s UAC, SA 2500, ex 4200, an SSG5 and an enterasys 2G4072-52.

Here is what i tested in SRX and some perf numbers (Junos 9.5)

Perf numbers:

Ran IMIX of tcp traffic, ramping up 150K new connections per second up to 1M concurrent sessions, 10Gbps throuhput for 10 mins. This was with full stateful firewall. This test was done using a breaking point elite with 2x10GE ports.

Also successfully ran 10Gbps udp at 1400bytes packets, 512 byte packets, no problem. 64 byte packets are a problem because there is a hard limit of 1M pps on each SPC.

Other SRX tests:

Jsrp – sessions are replicated, as of 9.5 only link detection for failover, 9.6 you can do track ip

NSM management – everything we wanted to see was there

Traffic logs – you can log session init, session close, idp deny, acl deny, however this must be sent out an IOC, not outa management port. this is because of the sheer volume of logs.

IDP – was able to block chat (Yahoo, gmail chat, aol IM)

Also working on some similar ns5k testing. I can post configs for any of this if anyone is interested.

Posted in Uncategorized. Tags: , . 6 Comments »

Mpls now part of Junos on EX switches

I have been waiting a while for this, the EX switches, at least the 3200 and 4200 support MPLS, L2 and L3 Vpns as of 9.5R1.8. No support for LDP signaled Mpls yet. I thought the EX8208 would not get MPLS until a few more releases down the road, but I could be wrong. Once I have a confirmation either way I will post it here.

Working on a VPLS network with trunked ports config

So currently I am working on a project that involves vpls, mpls, rsvp, COS, vlans, trunked ports, ospf and bgp. Once we get all of this working on our meshed M10i network I will have write-up to follow. Unfortunately MPLS does not seem to work in the olives due to the lack of a PFE? I thought this was all handled at the RE level, but from what  I have read this is incorrect. Anyways MPLS based on RSVP signaling does not seem to work. Also hope to have a layer 3 routed switch network config based on the EX4200 and virtual chassis sometime soon. Hopefully I can make up for the lack of activity on this blog 🙂 I will also post the Junoscripts I have working on.