New Juniper Router Install

C

calvinj

[H]ard|Gawd
Joined
Mar 2, 2009
Messages
1,738
Guys,

I have a customer that is looking to install a J2350 and currently has the thoughts of removing their old cisco firewalls they are currently using.

Never touched one I usually work on Cisco stuff. Any tips or tricks or good places to start reading up on this thing?
 
http://www.juniper.net/techpubs/software/jseries/junos85/
pretty blanket there, but you get the idea. Ive always like junipers KB as well :eek:... seems very well put together.

CLI will be VERY different from what you're used to.. get used to programming again :D even down to the last "commit". You're lucky, ive always wanted to get more involved with Juniper.. guess im working for the wrong company, rofl
 
xphil3 said:
http://www.juniper.net/techpubs/software/jseries/junos85/
pretty blanket there, but you get the idea. Ive always like junipers KB as well :eek:... seems very well put together.

CLI will be VERY different from what you're used to.. get used to programming again :D even down to the last "commit". You're lucky, ive always wanted to get more involved with Juniper.. guess im working for the wrong company, rofl
Click to expand...

Trust me.. This isn't my choice. Customer has everything narrowed down to Cisco 2801 vs the J2350. They are joining this giant private fiber circuit which will get them like 3 research networks and the intenret in the neighborhood of 10, 20, or 30 up/down.

Your welcome to come down and do it :) Probably not a half bad Idea.. Part of this network needs BGP enabled. I understand BGP and how it works, but have never set it up.
 
One thing I'll say about Junipers support......it's FAN-TASTIC. Their forums too. Local support right here in the States. They call back to follow up with you too. I'm not familiar with their higher end models, but the few smaller ones and their SSL VPN appliances..I've gotten everything I need to do done through the web browser admin, never had to jump down to old CLI.

Rock stable devices. I reboot them perhaps once a year...only when doing upgrades on them.
 
calvinj said:
Trust me.. This isn't my choice. Customer has everything narrowed down to Cisco 2801 vs the J2350. They are joining this giant private fiber circuit which will get them like 3 research networks and the intenret in the neighborhood of 10, 20, or 30 up/down.

Your welcome to come down and do it :) Probably not a half bad Idea.. Part of this network needs BGP enabled. I understand BGP and how it works, but have never set it up.
Click to expand...

All this was supposed to be done on a 2801?! *cringes*

Just did some research on the J2350. Pretty hefty router/firewall for the price.

Sorry, can't offer any advice, just found it humorous that all that was supposed to be done on a 2801, i wouldn't of suggested anything smaller than a 3825.
 
WesM63 said:
All this was supposed to be done on a 2801?! *cringes*
Click to expand...

The actual place that we were getting this circuit made this is a recommendation along with 2 junipers and a couple of other routers.
 
calvinj said:
The actual place that we were getting this circuit made this is a recommendation along with 2 junipers and a couple of other routers.
Click to expand...

lol, That's ok, I've had Cisco SE's give me some pretty bad recommendations.
 
Guys, a 2801 could be an adequate device for edge here. You said 10/20/30Mpbs... if you want to base that estimate off of the raw performance data sheet you would be absolutely fine with the 2801 @ 30Mpbs(obviously you wouldn't do this but still).

Also consider utilization, I would say a 2801 could easily service a 20Mpbs circuit with moderate usage. Traffic flow is also key and understanding how big average packets sizes are going to be. 90,000pps(2801) isn't too shabby at all :eek:

The juniper would be way overkill, 200,000pps raw performance... 750Mpbs firewall forwarding for even a 30Mpbs circuit... that makes me giggle. That my friend is overengineering :)
 
A 2801 could be an adequate device ;)

I was more worried about the BGP portion. I have no ideas how many routes they would be getting, but from my experience, too many routes on a 2801 brings it to it's knees.
 
WesM63 said:
A 2801 could be an adequate device ;)

I was more worried about the BGP portion. I have no ideas how many routes they would be getting, but from my experience, too many routes on a 2801 brings it to it's knees.
Click to expand...
Ive worked on 2801's in production with over 15k routes via BGP, proc was at a scary 65% constant but didn't bring it to its knees(literally ran over 20 video calls at H.264 without issues). Hopefully hes not even considering running a full table as he didn't mention becoming a transit plus no dual homing mentioned either.
 
Yeah, that thing will die if it gets the full table. Doubt he has a need for it -- if it's eBGP, they'll probably just send him a default. If it's iBGP, obviously no issues there.

Come on wes, a 2801 isn't that bad. (And I used to think I was the expensive/spoiled troll on these forums... :D)
 
LOL... i guess I'm spoiled at times. 2801 isn't a bad router, just as long as it's used in the right place, for the right job.

With the minimal price difference between a 2801 and 2811/2821, it doesn't hurt to have the extra power.

Not to mention, my bosses would have my ass if I suggested a router and it ended up having more than 10-15% cpu utilization.
 
Worst thing I ever had was a bunch of 7600 w/sup720-3b @ 90% avg CPU sitting at the core of our MPLS for a bunch of datacenters...

Couldn't do anything during the day, so our fingers were crossed for 8 hours until we could fix the issue. Most nerve racking "sh proc cpu hi" I've ever been a part of. So yeah, I know what you mean about peace of mind having a low util.
 
just2cool said:
Worst thing I ever had was a bunch of 7600 w/sup720-3b @ 90% avg CPU sitting at the core of our MPLS for a bunch of datacenters...

Couldn't do anything during the day, so our fingers were crossed for 8 hours until we could fix the issue. Most nerve racking "sh proc cpu hi" I've ever been a part of. So yeah, I know what you mean about peace of mind having a low util.
Click to expand...
should have went with the BXL :D Thank goodness for the extra TCAM! Why so high though?

Wes, couldn't agree more with your last post.. right tool for the right job.
Now that we jacked the shit out of Calvins thread.... Calvin, keep us posted on how it goes :cool:
 
Well I'm sorry i did leave out a bit-o-information because at the time it didn't pertain.

Anyways the deal is that the fiber circuit that we are joining up on is actually a full 100 mb circuit. All of the research networks and such will be full 100 mb to my doorstep, but the internet is what will be at the 10/20/30/40/50...

Also the BGP is 30k routes.

So the Juniper is looking more and more promising everyday.
 
just2cool said:
Worst thing I ever had was a bunch of 7600 w/sup720-3b @ 90% avg CPU sitting at the core of our MPLS for a bunch of datacenters...

Couldn't do anything during the day, so our fingers were crossed for 8 hours until we could fix the issue. Most nerve racking "sh proc cpu hi" I've ever been a part of. So yeah, I know what you mean about peace of mind having a low util.
Click to expand...

:eek:

Yea, that would be scary. Luckily, I haven't had that in a while, last time was 85% utilization on a PIX 521. (Firewall at a ISP)

Calvinj, Sorry we keep taking these threads OT!
 
calvinj said:
Well I'm sorry i did leave out a bit-o-information because at the time it didn't pertain.

Anyways the deal is that the fiber circuit that we are joining up on is actually a full 100 mb circuit. All of the research networks and such will be full 100 mb to my doorstep, but the internet is what will be at the 10/20/30/40/50...

Also the BGP is 30k routes.

So the Juniper is looking more and more promising everyday.
Click to expand...
Okay, this is what I dont understand.... I see so many little guys taking partial tables when not needed. You say one circuit? If so, do NOT take 30k routes... theres 100% no point as you cant control ingress nor egress traffic, taking that large of a routing table is pointless.

If you're going over 100Mpbs + 50 Mpbs to the edge you're going to need more than that juniper if you fully utilize it, but im sure you wont. :p
 
Yeah don't worry, they were 3BXLs :D. I was intentionally setting you up for that one. Success. Don't be telling me that they should have been 3Cs now!

Long story short, the cause was a hell of a lot of multicast RPF failures when we were trying to throw it over MPLS.

Edit: 30K routes? One link? Default or summarize that man. If the link goes down or loses the ability to route to certain prefixes, you're screwed anyway.
 
xphil3 said:
Okay, this is what I dont understand.... I see so many little guys taking partial tables when not needed. You say one circuit? If so, do NOT take 30k routes... theres 100% no point as you cant control ingress nor egress traffic, taking that large of a routing table is pointless.

If you're going over 100Mpbs + 50 Mpbs to the edge you're going to need more than that juniper if you fully utilize it, but im sure you wont. :p
Click to expand...

Should People like you set this up in the first place what you said would have made perfect sense, but like I noted above even giving some of these guys Cisco SE credit is a long stretch. I'm sorry I didn't make up the requirements. Just having to find something that will follow what these guys what.
 
just2cool said:
Yeah don't worry, they were 3BXLs :D. I was intentionally setting you up for that one. Success. Don't be telling me that they should have been 3Cs now!
Click to expand...
ROFL:p, I dont sell this crap... i swear. Also, I wouldn't recommend you the 3C(XL).... you clearly dont like more bandwidth ;) and on a more serious note not running VSS so really no reason.
calvinj said:
Should People like you set this up in the first place what you said would have made perfect sense, but like I noted above even giving some of these guys Cisco SE credit is a long stretch. I'm sorry I didn't make up the requirements. Just having to find something that will follow what these guys what.
Click to expand...
So its only one circuit? Maybe you can go back and tell that that theres no reason to have a partial table like that? Come at them strong and let them support why they want to have 30,000 routes in their routing table along with A DEFAULT ROUTE to reach everything else. You can do it :)
 
xphil3 said:
So its only one circuit? Maybe you can go back and tell that that theres no reason to have a partial table like that? Come at them strong and let them support why they want to have 30,000 routes in their routing table along with A DEFAULT ROUTE to reach everything else. You can do it :)
Click to expand...

Sure why not... They aren't happy that I've opposed and argued out a few things with them. One more thing to add to the plate
 
what research networks are they connecting to? chances are i work with some or all of them.
 
cymon said:
National LambdaRail?
Click to expand...

Chances are it's some regional optical network. There are a bunch of them out there that have Lambda Rail in the name as well, though I guess it could just as easily be NLR, which would be the Global NOC as well. We like to do it all :)
 
Well thought I would revive and old thread see if any new Juniper Users are lurking about.

The router has been up for about a month now just connecting us to the private research networks. Currently about 12k BGP routes are built. Word on the street is that the internet is suppose to be able to be piped through in about 20-30 days.

Here is what I need now. I need something similar to Cisco's IPSLA for Juniper.

What I want to do is take our old DSL Connection and basically just put it into a port on the Juniper and let the Juniper Decide on where to fail over the internet too just as a backup for the facility.

Let me tell ya. It was a fun challenge, but coming from nothing but Cisco it very much was a challenge.
 
You must log in or register to reply here.
Back
Top