On Apr 10, 2012, at 7:24 AM, Tim Eberhard wrote:
I find it humorous that you think J/SRX junos isn't real junos.
So what makes it not real junos? The fact it has a flowd process? Lets technically talk about this for a moment.
The fact that you can't put it into flow mode.
Realistically one of the only differences between "flow based junos" and the legacy "packet based junos" is the flowd process. Which can be easily bypassed by issuing a couple of configuration commands. So what exactly makes this platform/code so horrible and not "real" junos?
Actually, not. Try again. It can be partially bypassed. There are real and serious differences in how forwarding works in flow-based JunOS and how it behaves under many circumstances.
If anything to me it's a better platform to deploy and learn on. It's more flexible as it comes with more advanced flow based features but they are optional. There are certain limitations as mentioned previously around the switching and class of service however these same feature limitations were also in the "real" junos low end devices.
They aren't entirely optional and that is the problem. You can't actually completely bypass them and they do sometimes get in the way.
If there are other differences that I am unaware of then by all means feel free to educate me. I am well aware that branch devices don't have the capabilities of the MX/M series in regards to ATM and other such specific platforms, but you called this "not real junos". So lets keep any responses limited to that aspect.
I believe that the flow-based routing goes quite a bit deeper than just having a flowd. It causes a number of problems with tunnel recursion among other things. Sure, if you want a firewall, flow-based JunOS is a pretty nice set of firewall features. However, if you just want to forward packets, it can really suck to have to work around it's flow-based "features". Owen
-Tim Eberhard
On Tue, Apr 10, 2012 at 1:33 PM, Owen DeLong <owen@delong.com> wrote:
If you want real JunOS, avoid SRX or J series at all costs.
Juniper do have a bunch more lines, but those are the most common (there's also the E/ERX BRAS boxes and ScreenOS firewalls, but both are not long for this world).
Don't forget their SSL VPN boxes which are an acquired doesn't behave at all like a Juniper device line of products.
If you just want one box to get to know the OS an SRX2X0 (or possibly a 100) is by far the most flexible way, and can be had for < $500 used).
With the caveat about Services JunOS above.
Owen