Results 1 to 24 of 24
  1. #1
    Join Date
    Feb 2011
    Posts
    580

    Juniper J2320 for full BGP multihoming

    I am looking to deploy a new router for switching from a single provider to a multihomed setup including some peering. Looking at acquiring J2320 with 1MB for that purpose and wondering whether it will handle full BGP for a few years considering growth of routing tables and IPv6 transition? Juniper datasheet says 400k routes for this box. Does anybody have any guesses as to when will this router become too small for what I am thinking of using it for?

  2. #2
    Join Date
    Oct 2005
    Location
    Tucson AZ
    Posts
    367

  3. #3
    Join Date
    Feb 2011
    Posts
    580
    uplinks will either be FE or 1GE. Traffic is not significant- I am sure this router will have plenty of capacity left to spare as far as traffic requirements (and when the traffic requirements exceed this router's capacity it will then automatically justify an upgrade to a bigger box).

    This particular model because it is same hardware as SSG-320M and we already have several of those boxes. So we get the benefit of having the same spare power supplies, plug in modules, etc. Plus the units are space-efficient being 1U and reasonably power efficient.

  4. #4
    Join Date
    Oct 2005
    Location
    Tucson AZ
    Posts
    367
    Quote Originally Posted by DMDM View Post
    uplinks will either be FE or 1GE. Traffic is not significant- I am sure this router will have plenty of capacity left to spare as far as traffic requirements (and when the traffic requirements exceed this router's capacity it will then automatically justify an upgrade to a bigger box).

    This particular model because it is same hardware as SSG-320M and we already have several of those boxes. So we get the benefit of having the same spare power supplies, plug in modules, etc. Plus the units are space-efficient being 1U and reasonably power efficient.
    Well you definitely couldn't handle two upstreams with full tables regardless. Also there's reports of issues above 100Mbps on this unit.. might want to look at a 4350 or so if you're hooked on the J-series.

    Edit: Then again it looks like you can toss a 2GB module in here and get the extra table capacity.
    Last edited by LoginTech; 02-20-2011 at 06:49 PM.

  5. #5
    Join Date
    Jun 2001
    Location
    Denver, CO
    Posts
    3,301
    I would not go down this road. The J series is software based routing solution, not a hardware/ASICs based solution and will fall over under a moderate DDoS attack.
    Jay Sudowski // Handy Networks LLC // Co-Founder & CTO
    AS30475 - Level(3), HE, Telia, XO and Cogent. Noction optimized network.
    Offering Dedicated Server and Colocation Hosting from our SSAE 16 SOC 2, Type 2 Certified Data Center.
    Current specials here. Check them out.

  6. #6
    Join Date
    Jan 2005
    Location
    San Francisco/Hot Springs
    Posts
    988
    The 23XX models will not do what you need to do.
    You'll need a J4350 with 2GB of ram at a minimum.
    Also, all of the "services" JunOS revs are terrible.
    You'll either wanna stick with 9.3R4.4 or forget about J series.
    AppliedOperations - Premium Service
    Bandwidth | Colocation | Hosting | Managed Services | Consulting
    www.appliedops.net

  7. #7
    Join Date
    Jan 2005
    Location
    San Francisco/Hot Springs
    Posts
    988
    Quote Originally Posted by Jay Suds View Post
    The J series is software based routing solution, not a hardware/ASICs based solution and will fall over under a moderate DDoS attack.
    They'll forward around 60-100K packets per second, so as long as people are DOS'ing with big packets you'll be ok
    AppliedOperations - Premium Service
    Bandwidth | Colocation | Hosting | Managed Services | Consulting
    www.appliedops.net

  8. #8
    Join Date
    Feb 2011
    Posts
    580
    I have also found references of people running J2320 with 2GB, 2.5GB or even 4GB of RAM.

    What would be the smallest hardware-based router from Juniper that can handle multiple instances of full routing tables?

  9. #9
    Join Date
    Jan 2005
    Location
    San Francisco/Hot Springs
    Posts
    988
    You'd probably want an M7i, they go for around $5500 with 1 gige or 2 fast-e interfaces.
    AppliedOperations - Premium Service
    Bandwidth | Colocation | Hosting | Managed Services | Consulting
    www.appliedops.net

  10. #10
    Join Date
    Feb 2011
    Posts
    580
    Quote Originally Posted by appliedops View Post
    You'd probably want an M7i, they go for around $5500 with 1 gige or 2 fast-e interfaces.
    What about SRX650- would that be a better option considering it costs less and has 4GE onboard? Performance seems to be impressive too based on the datasheet.

    edit: I might have looked at the wrong price for SRX650 - as in "chassis only".

  11. #11
    Join Date
    Jan 2005
    Location
    San Francisco/Hot Springs
    Posts
    988
    While the SRXes are great at firewalling, not so great at general all purpose routing... SRX650 is also like $12k, so pretty hugely more expensive than the J series.
    AppliedOperations - Premium Service
    Bandwidth | Colocation | Hosting | Managed Services | Consulting
    www.appliedops.net

  12. #12
    Join Date
    Feb 2011
    Posts
    580
    Quote Originally Posted by appliedops View Post
    You'd probably want an M7i, they go for around $5500 with 1 gige or 2 fast-e interfaces.
    It looks like you can only add one 1GE port per module based on Juniper's guide. They have this table entitled "Flexible, Scalable Connectivity" and it shows that M7i and M10i can NOT have any 2-port, 4-port or 10 port 1GE and nether can they have 10GE ports. So one 1GE on board plus max 4 additional 1GE ports is the limit of what Juniper calls "Scalable Connectivity"? Also I did not find exact pricing but those 1 port modules look expensive.

    Am I missing something?

  13. #13
    Join Date
    Jan 2005
    Location
    San Francisco/Hot Springs
    Posts
    988
    Yes, the Juniper PIC's that the M7 series will accept are 1Gbps only, even if you get a 4 Port GigE PIC. On the plus side, the M7/10i will actually forward at full PIC rate even under DOS.

    You can pick up the SX modules for around $1k/each used. Keep in mind this discussion originally started out with a J2350, a box incapable of forwarding a whole lot and barely expandable.
    AppliedOperations - Premium Service
    Bandwidth | Colocation | Hosting | Managed Services | Consulting
    www.appliedops.net

  14. #14
    Join Date
    Nov 2001
    Location
    London
    Posts
    4,856
    Quote Originally Posted by appliedops View Post
    While the SRXes are great at firewalling, not so great at general all purpose routing... SRX650 is also like $12k, so pretty hugely more expensive than the J series.
    We recently got a SRX650 for ~$10k new. Some decent pricing to be had if you shop around.
    Matthew Russell | Namecheap
    Twitter: @mattdrussell

    www.namecheap.com - hosting from a registrar DONE RIGHT!

  15. #15
    Join Date
    Feb 2011
    Posts
    580
    Quote Originally Posted by appliedops View Post
    Yes, the Juniper PIC's that the M7 series will accept are 1Gbps only, even if you get a 4 Port GigE PIC. On the plus side, the M7/10i will actually forward at full PIC rate even under DOS.

    You can pick up the SX modules for around $1k/each used. Keep in mind this discussion originally started out with a J2350, a box incapable of forwarding a whole lot and barely expandable.
    Incapable of forwarding- sure, but it is definitely expandable as far as ports go. By M7i standards of expandability the little J2320 is a monster as it can have 21 1GE ports vs 5 on M7i.

    All things considered I am at a loss trying to figure out what to buy from Juniper. J series is software-based and software runs on old hardware. The bottom M series models have this bizarre limitation on ports (maybe they are outdated just like J series is?) There really is no decent router option from Juniper in 1 to 5Gbps range... Maybe something is coming this year in their product pipeline?

  16. #16
    Join Date
    Feb 2011
    Posts
    580
    Quote Originally Posted by mdrussell View Post
    We recently got a SRX650 for ~$10k new. Some decent pricing to be had if you shop around.
    That looks like about the only option worth considering from Juniper for a small router, and then 10k sounds like a lot for a device that is "not so great at general all purpose routing"...

    Is that memory upgradable? 800k routes is plenty today but might not be enough in the future.

    Also, how does SRX behave under attack as far as forwarding performance?

  17. #17
    Join Date
    Jun 2001
    Location
    Denver, CO
    Posts
    3,301
    Juniper M series is a true router. It's not a layer 3 switch. It has support for a large and wide variety of Ethernet, OCx, ATM and other SONET based mediums / protocols. Also, all ports are fully hardware routed, ASICs based. Performance is not sacrificed in the name of port density. Typically, you would have 2+ M series routers on your edge and then trunk your traffic down to some core/distribution switches which will break out to your top of rack access switches.

    Your J2320 will fall flat on it's face if you try to run 21 gigabit ports at line rate (42Gbps total traffic). It's a software based router. Your 2320 will probably fall flat on it's face if you try to pass 10Gbps of IMIX traffic. Good luck trying to pass 10Gbps of 64 byte packets. It will crap out after about 100Mbps of 64-byte packets (89, actually, per the spec). Your Juniper M7/M7i/M10/M10i will pass this traffic all day long, regardless of packet size and will do it without any trouble, complaints or hassle.

    Preferring expandability for the sake of being oversubscribed by 20:1 is silly. Bottom line, the J2320 is designed for an enterprise branch office application. It is not designed to be sitting as an Internet facing eBGP router. There's a reason why they make xDSL modules for the J series ... cough, gag, groan.

    The SRX650 is rated at 900kpps @ 64-byte packets ~ 500Mbps.
    Jay Sudowski // Handy Networks LLC // Co-Founder & CTO
    AS30475 - Level(3), HE, Telia, XO and Cogent. Noction optimized network.
    Offering Dedicated Server and Colocation Hosting from our SSAE 16 SOC 2, Type 2 Certified Data Center.
    Current specials here. Check them out.

  18. #18
    Join Date
    Feb 2011
    Posts
    580
    Thanks for all the feedback guys. I might have found what I was looking for (combining my original requirements with what I learned here)- a (preferrably 1U) router that does at least 1Gbps in traffic, high pps rate, has reasonable number of 1GE ports and has memory expansion capability to handle well over 1 million routes. That would be Cisco 7201. Any comments?

  19. #19
    Take a look @vyatta. Its a software based router. People still have in mind how bad the first software router with PCI and Pentium architecture was.

    Hardware has been changed since than a lot and a software router can be realy good compared to hadware routers nowadays especialy comparing the price!

    But let numbers speak for their own. (2 Million packets per second)

    http://www.vyatta.com/downloads/data..._datasheet.pdf

  20. #20
    Join Date
    Oct 2005
    Location
    Tucson AZ
    Posts
    367
    Quote Originally Posted by DMDM View Post
    Thanks for all the feedback guys. I might have found what I was looking for (combining my original requirements with what I learned here)- a (preferrably 1U) router that does at least 1Gbps in traffic, high pps rate, has reasonable number of 1GE ports and has memory expansion capability to handle well over 1 million routes. That would be Cisco 7201. Any comments?
    It's definitely a better choice than the J2320 imho.

  21. #21
    Join Date
    May 2002
    Location
    Raleigh, NC
    Posts
    699
    Quote Originally Posted by DMDM View Post
    Thanks for all the feedback guys. I might have found what I was looking for (combining my original requirements with what I learned here)- a (preferrably 1U) router that does at least 1Gbps in traffic, high pps rate, has reasonable number of 1GE ports and has memory expansion capability to handle well over 1 million routes. That would be Cisco 7201. Any comments?
    As you probably read, the 7201 is a 7200 VXR platform with a NPE-G2 built in. Depending on how much of a premium rackspace is for you, you may want to compare it to a 7204VXR chassis + NPE-G2 which would give you more slots to add interfaces.

    The Brocade CER 2000 router series was mentioned recently in another thread, at a similiar price point and 1U size. It would give you the advantage of a hardware-based forwarding platform which should hold up in a high-PPS attack.
    Tranquil Hosting

  22. #22
    Join Date
    Jun 2008
    Posts
    33

    +1 for Vyatta

    I use vyatta as well in a KVM instance to do OpenVPN, OSPF, and firewall. It works quite well.

    For your instance I would install it on a dedicated server with lots of RAM and good quality gigabit nics.

    Also a support contract for Vyatta wouldn't be a bad thing either. If you are comfortable configuring Cisco products Vyatta has a cli interface that is almost like Cisco actually I like it better.

  23. #23
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    Quote Originally Posted by DMDM View Post
    Incapable of forwarding- sure, but it is definitely expandable as far as ports go. By M7i standards of expandability the little J2320 is a monster as it can have 21 1GE ports vs 5 on M7i.

    All things considered I am at a loss trying to figure out what to buy from Juniper. J series is software-based and software runs on old hardware. The bottom M series models have this bizarre limitation on ports (maybe they are outdated just like J series is?) There really is no decent router option from Juniper in 1 to 5Gbps range... Maybe something is coming this year in their product pipeline?
    What are you going to do with 21 x GE ports? The J2320's routing capacity is 150 kpps which is good for about 73 Mbps (64 byte packets) or ~1716 Mbps at MTU.

    As others have stated the M7i is ASIC based and will handle substantially more traffic. I encourage you to read the product sheets closely.

  24. #24
    Join Date
    May 2005
    Location
    Bay Area
    Posts
    1,211
    A couple things here.

    First of all, if you are worried about memory constraints for full routes, it would be very simple to just write an import route policy to restrict the routes learned to say /22 and shorter. You shouldn't really take any hit on performance.

    Technically the SRX650 is still a branch level device, but we run them in the datacenter.

    That being said, the SRX is an excellent device and does routing just as well as any of the M series routers, arguably. The SRX is designed for people who don't want both a firewall and a router, and it has asic for everything. Forwarding performance is excellent and the box does most everything at wire speed, including IPS functions. They also run JunOS, which is a great step up from screenOS.

    Is anyone able to explain to me why the SRX isn't great at general routing?

    Morgan

Similar Threads

  1. Replies: 0
    Last Post: 02-17-2011, 03:13 PM
  2. Replies: 0
    Last Post: 02-10-2011, 01:54 PM
  3. Full Rack 20AMP /28 5Mbps 100Mbps Uplink - Full BGP - $695.00
    By SenseiSteve in forum Colo Hosting Offers
    Replies: 0
    Last Post: 02-03-2011, 11:40 AM
  4. Juniper BGP Network Engineer Required.
    By ukhost4u in forum Employment / Job Offers
    Replies: 0
    Last Post: 06-16-2010, 10:15 AM
  5. Juniper BGP Network Engineer Required.
    By ukhost4u in forum Employment / Job Requests
    Replies: 0
    Last Post: 06-16-2010, 10:14 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •