Yeah, the one unfortunate ting in the J-series and SRX-series is that after 9.6 you have to put in a whole bunch of config to turn it back into a router. JunOS on these "services" routers now wants to behave like a netscreen until bludgeoned otherwise. The way to achieve this is not intuitively obvious, especially the forwarding-options mpls (which affects inet, not just mpls) and the flow stuff. Owen Here's a useful template for those that care: security { zones { security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; bgp; ospf; router-discovery; } } interfaces { all; } } } alg { dns disable; ftp disable; h323 disable; mgcp disable; msrpc disable; sunrpc disable; real disable; rsh disable; rtsp disable; sccp disable; sip disable; sql disable; talk disable; tftp disable; pptp disable; } forwarding-options { family { inet6 { mode packet-based; } mpls { mode packet-based; } } } flow { allow-dns-reply; tcp-session { no-syn-check; no-syn-check-in-tunnel; no-sequence-check; } } } On Mar 31, 2010, at 4:23 PM, Iain Morris wrote:
Juniper's SSG5 and SRX100 are nice options for home. I've enjoyed an SSG5 for awhile now. SRX100 for junos. SSG5's pop up on ebay occasionally for a few $100.
-Iain
On Wed, Mar 31, 2010 at 4:18 PM, Marty Anstey <marty.anstey@sunwave.net>wrote:
Hopefully this e-mail is considered operational content :)
The recent thread on the new linkys kit and ipv6 support got me thinking about CPE choice.
What good off the shelf solutions are out there? Should one buy the high end d-link/linksys/netgear products? I've had bad experiences with those (netgear in particular).
Should one get a "real" cisco router? The 877 or something? Maybe an ASA or the new small business targeted ISR (can't recall the model number off hand right now). There is mikrotik but I'm not so sure about the operating system.
Is there a market for a new breed of CPE running OpenWRT or pfsense on hardware with enough CPU/RAM to not fall over?
Granted that won't cost $79.00 at best buy. However it seems to me that decent CPE is going to run a couple hundred dollars in order to have sufficient ram/cpu.
My current home router is a cisco 1841. I keep my 6mbps DSL line pretty much saturated all the time. Often times my wife will be watching Hulu in the living room, I'll be streaming music and running torrents (granted I have tuned my Azures client fairly well) all at the same time and it's a good experience. Running that kind of traffic load through my linksys would cause it to need a reboot once or more a day.
What are folks here running in SOHO environments that doesn't require too frequent oil changes :)
I run FreeBSD on a PIII; I can easily saturate my 15mbit cable connection without it breaking a sweat. I also have a couple Cisco 2610's, one of which is my ipv6 tunnel endpoint.
-M
-- -- - Iain Morris iain.t.morris@gmail.com