[AusNOG] Cisco 7201 vs Juniper SRX 550 for border routers

Skeeve Stevens skeeve+ausnog at eintellegonetworks.com
Tue Apr 15 15:37:52 EST 2014 

I've seen and heard about a hell of a lot of problems with the SRX650's.
 Even Juniper people have advised to steer clear depending on what you do
with them.  Clustering for example was a major issue and something I've had
issues with, but that said, since the problems, I've avoided them so I
don't know if they've been fixed in 12.x+ - I am too scared to try tbh and
the 550's work well.

I settled on the SRX550's because they are better value, performance was
good and the interface choices rocked.

If you need something bigger than the 550's... there are new models coming
out soon, but not sure when.


...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
skeeve at eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
linkedin.com/in/skeeve

twitter.com/theispguy ; blog: www.theispguy.com


The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting - IPv4 Brokering


On Tue, Apr 15, 2014 at 3:19 PM, Zone Networks - Joel <
joel at zonenetworks.com.au> wrote:

> Slightly off topic.. J
>
>
>
> why 550 and not 650’s Skeeve ?
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Skeeve
> Stevens
> *Sent:* Tuesday, 15 April 2014 3:14 PM
> *To:* Rhys Hanrahan
> *Cc:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] Cisco 7201 vs Juniper SRX 550 for border routers
>
>
>
> Rhys,
>
>
>
> Firstly, the 7201's are great LNS's... the only issue is throughput (max
> 1Gb)
>
>
>
> The SRX500's are great - firewalls.  We generally use them as such, with
> MX5's in front of them, but they can face the world just fine by themselves.
>
>
>
> You cannot compare a 7201 and SRX550 - completely different devices for
> different purposes.
>
>
>
> The MX5's can be LNS's (up to 4000 users), but they aren't that cheap.
>
>
>
> The SRX platform is excellent, but not all models... for example, I avoid
> the 650's.  The 550's I run in cluster in multiple locations and they seem
> to work great, with little or no issues and doing a multitude of tasks on
> the same box.
>
>
>
> If you want cheap (and nasty) go the Mikrotik, but wash yourself
> afterwards :)
>
>
>
> You should also not be doing BGP edge and LNS on the same device...
> separate for a happier life.
>
>
>
> Regarding features of the 7201.  They start at 1Gb TP with doing nothing
> else... but degrade quickly of you throw ACL's, QoS and rate-limiting at
> it, and if you want to destroy it, through PBR as well.  Then it will end
> up as an 877 :)
>
>
>
>
>
> ...Skeeve
>
>
>
> *Skeeve Stevens - *eintellego Networks Pty Ltd
>
> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>
> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>
> facebook.com/eintellegonetworks ; linkedin.com/in/skeeve
>
> twitter.com/theispguy ; blog: www.theispguy.com
>
>  The Experts Who The Experts Call
>
> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>
>
>
> On Tue, Apr 15, 2014 at 2:20 PM, Rhys Hanrahan <rhys at nexusone.com.au>
> wrote:
>
> Hi Everyone,
>
>
>
> We are currently in the middle of upgrading some our network hardware, and
> was hoping that I could get some input on deciding on a pair of border
> routers.
>
>
>
> Initially we were looking at the Juniper MX series for this role, but
> found it's a bit outside our price range (for now). In trying to keep it
> all Juniper (as we'll most likely use EX-series for our core and access
> layers), we have been looking at the Juniper SRX 550 routers for our
> border. They seem like they will do the job for our needs, but are missing
> LNS functionality, which is something we'd have to purchase 7201s for in
> the future, and so therefore I’m also looking at just buying 7201s instead.
>
>
>
> Logically to me, since the SRX is (apparently) newer hardware, it should
> perform better than the 7201s. My anecdotal evidence, however, suggests
> otherwise, and I'm looking to confirm that in terms of real-world
> performance. Comparing the spec sheets between the SRX 550 and the 7201, on
> paper it looks like the 7201 beats out the SRX in terms of performance
> (mainly PPS). It also sounds like the SRXs store multiple copies of BGP
> routes in memory and so where a pair of full sets of internet routes for
> the SRX is not possible, it's still possible on 7201s.
>
>
>
> From all that I've read and heard from various people, it seems that
> generally, the Juniper SRX series is not held in a high regard in terms of
> reliability or performance, compared to something like the MX series (which
> is to be expected really). Whereas I hear a lot of good things of the 7200
> series, despite the fact it's EOL, it's still being used and is a reliable
> range. Due to these factors, despite it being an older router, I am leaning
> towards the 7201s as it seems like an all-around better choice in terms of
> reliability and performance.
>
>
>
> My main hesitation in going with the 7201s is that, we'll be using them
> for quite a lot, and I'm unsure of how quickly the performance will drop if
> I start using more features. So I was hoping that someone could give some
> real-world input so say which would likely be the better choice. Overall
> right now, I’m still siding with a pair of 7201s.
>
>
>
> Here is a summary of what we'll be using the border routers for:
>
>    - BGP (Initially only a default route, but potentially 2xfull internet
>    routes in future. Plus IX routes.)
>    - OSPF (Up to 50 or so routes)
>    - Static NAT (up to 100K active translations)
>    - Up to 400 Mbps IP Transit
>    - Up to around 25K ACLs (we currently firewall customer servers on the
>    border. We're looking at moving the firewalling off to a dedicated box like
>    an SRX or ASA, but probably not at our current size, if possible).
>    - NAT64
>    - IPSec (around 10 Mbps of AES256/SHA traffic).
>    - NetFlow
>    - HSRP / VRRP
>    - IPv6 Support
>    - LNS (Up to 200 sessions).
>    - MPLS PE
>    - QinQ Tunnel / QinQ Termination
>
> Appreciate any insights that can be given on which path to take.
>
>
>
> Thanks!
>
>
>
> Rhys Hanrahan
>
> Chief Information Officer
>
> Nexus One Pty Ltd
>
>
>
> E: support at nexusone.com.au
>
> P: +61 2 9191 0606
>
> W: http://www.nexusone.com.au/
>
> M: PO Box 127, Royal Exchange NSW 1225
>
> A: Level 10, 307 Pitt Street, Sydney NSW 2000
>
>
>
> [image: cid:AC695111-1B5F-45C1-B097-6093A0880284]
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140415/afe68508/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7083 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140415/afe68508/attachment.png>

More information about the AusNOG mailing list