
<html dir="ltr">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">

<style type="text/css" id="owaParaStyle"></style>

</head>

<body bgcolor="#FFFFFF" fpstyle="1" ocsi="0">

<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Hi Joseph,

<div><br>

</div>

<div>I had read similar things about MikroTiks for LNS - something along the lines of it can do L2TP VPDN, but not if the tunnel requires a password. Not sure if this is still the case.</div>

<div><br>

</div>

<div>I think at this point what we'd do is use 7201s as dedicated LNSs, and as has been suggested, split off other roles onto another box (like a MikroTik).</div>

<div>

<div><br>

<div style="font-family:Tahoma; font-size:13px">

<div style="font-family:Tahoma; font-size:13px">

<div style="font-family:Tahoma; font-size:13px"><font face="Tahoma" size="2">Rhys Hanrahan<br>

Chief Information Officer<br>

Nexus One Pty Ltd<br>

<br>

E: <a href="mailto:support@nexusone.com.au">support@nexusone.com.au</a><br>

P: +61 2 9191 0606<br>

W: http://www.nexusone.com.au/<br>

M: PO Box 127, Royal Exchange NSW 1225<br>

A: </font>Level 10 307 Pitt St, Sydney NSW 2000</div>

</div>

</div>

</div>

<div style="font-family: Times New Roman; color: #000000; font-size: 16px">

<hr tabindex="-1">

<div id="divRpF95976" style="direction: ltr;"><font face="Tahoma" size="2" color="#000000"><b>From:</b> AusNOG [ausnog-bounces@lists.ausnog.net] on behalf of Joseph Goldman [joe@apcs.com.au]<br>

<b>Sent:</b> Tuesday, 15 April 2014 3:01 PM<br>

<b>To:</b> ausnog@lists.ausnog.net<br>

<b>Subject:</b> Re: [AusNOG] Cisco 7201 vs Juniper SRX 550 for border routers<br>

</font><br>

</div>

<div></div>

<div>I have no experience with the Junipers but the 7201 you will find it already towards the upper end of it's capabilities with what you would like to do with it. MikroTik CCR definitely have the RAM, throughput and grunt to handle what you are after as a

 border router (for cheap) - but as an LNS, it depends how services are delivered to you. I don't believe they can do L2TP VPDN session hand-off properly. Happy to be proven wrong though.<br>

<br>

<br>

<div class="moz-cite-prefix">On 15/04/14 14:36, Tony Wicks wrote:<br>

</div>

<blockquote type="cite"><style>

<!--

@font-face

        {font-family:Wingdings}

@font-face

        {font-family:"Cambria Math"}

@font-face

        {font-family:Calibri}

@font-face

        {font-family:Tahoma}

@font-face

        {font-family:Cambria}

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0cm;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman","serif"}

a:link, span.MsoHyperlink

        {color:blue;

        text-decoration:underline}

a:visited, span.MsoHyperlinkFollowed

        {color:purple;

        text-decoration:underline}

p.MsoAcetate, li.MsoAcetate, div.MsoAcetate

        {margin:0cm;

        margin-bottom:.0001pt;

        font-size:8.0pt;

        font-family:"Tahoma","sans-serif"}

span.BalloonTextChar

        {font-family:"Tahoma","sans-serif"}

span.EmailStyle19

        {font-family:"Tahoma","sans-serif";

        color:black}

span.EmailStyle20

        {font-family:"Calibri","sans-serif";

        color:#1F497D}

.MsoChpDefault

        {font-size:10.0pt}

@page WordSection1

        {margin:72.0pt 72.0pt 72.0pt 72.0pt}

ol

        {margin-bottom:0cm}

ul

        {margin-bottom:0cm}

-->

</style>

<div class="WordSection1">

<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">To be frank here, with your requirements below you need better boxes. Juniper MX5 for routing and Cisco ASR1k for BNG. If you got for the EOL Cisco’s or lower

 end SRX Junipers you will just need to change them out when they run out of grunt. If you want cheap LNS then use Mikrotik CCR.</span></p>

<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<div>

<div style="border:none; border-top:solid #E1E1E1

            1.0pt; padding:3.0pt 0cm 0cm 0cm">

<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt; font-family:"Calibri","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:11.0pt; font-family:"Calibri","sans-serif""> AusNOG [<a class="moz-txt-link-freetext" href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">mailto:ausnog-bounces@lists.ausnog.net</a>]

<b>On Behalf Of </b>Rhys Hanrahan<br>

<b>Sent:</b> Tuesday, 15 April 2014 4:21 p.m.<br>

<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:ausnog@lists.ausnog.net" target="_blank">

ausnog@lists.ausnog.net</a><br>

<b>Subject:</b> [AusNOG] Cisco 7201 vs Juniper SRX 550 for border routers</span></p>

</div>

</div>

<p class="MsoNormal"> </p>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">Hi Everyone,

</span></p>

<div>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"> </span></p>

</div>

<div>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">We are currently in the middle of upgrading some our network hardware, and was hoping that I could get some input on deciding on a pair of border

 routers.</span></p>

</div>

<div>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"> </span></p>

</div>

<div>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">Initially we were looking at the Juniper MX series for this role, but found it's a bit outside our price range (for now). In trying to keep it

 all Juniper (as we'll most likely use EX-series for our core and access layers), we have been looking at the Juniper SRX 550 routers for our border. They seem like they will do the job for our needs, but are missing LNS functionality, which is something we'd

 have to purchase 7201s for in the future, and so therefore I’m also looking at just buying 7201s instead.</span></p>

</div>

<div>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"> </span></p>

</div>

<div>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">Logically to me, since the SRX is (apparently) newer hardware, it should perform better than the 7201s. My anecdotal evidence, however, suggests

 otherwise, and I'm looking to confirm that in terms of real-world performance. Comparing the spec sheets between the SRX 550 and the 7201, on paper it looks like the 7201 beats out the SRX in terms of performance (mainly PPS). It also sounds like the SRXs

 store multiple copies of BGP routes in memory and so where a pair of full sets of internet routes for the SRX is not possible, it's still possible on 7201s.</span></p>

</div>

<div>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"> </span></p>

</div>

<div>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">From all that I've read and heard from various people, it seems that generally, the Juniper SRX series is not held in a high regard in terms of

 reliability or performance, compared to something like the MX series (which is to be expected really). Whereas I hear a lot of good things of the 7200 series, despite the fact it's EOL, it's still being used and is a reliable range. Due to these factors, despite

 it being an older router, I am leaning towards the 7201s as it seems like an all-around better choice in terms of reliability and performance.</span></p>

</div>

<div>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"> </span></p>

</div>

<div>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">My main hesitation in going with the 7201s is that, we'll be using them for quite a lot, and I'm unsure of how quickly the performance will drop

 if I start using more features. So I was hoping that someone could give some real-world input so say which would likely be the better choice. Overall right now, I’m still siding with a pair of 7201s.</span></p>

</div>

<div>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"> </span></p>

</div>

<div>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">Here is a summary of what we'll be using the border routers for:</span></p>

</div>

<div>

<ul type="disc">

<li class="MsoNormal" style="color:black"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"">BGP (Initially only a default route, but potentially 2xfull internet routes in future. Plus IX routes.)</span>

</li><li class="MsoNormal" style="color:black"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"">OSPF (Up to 50 or so routes)</span>

</li><li class="MsoNormal" style="color:black"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"">Static NAT (up to 100K active translations)

</span></li><li class="MsoNormal" style="color:black"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"">Up to 400 Mbps IP Transit</span>

</li><li class="MsoNormal" style="color:black"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"">Up to around 25K ACLs (we currently firewall customer servers on the border. We're looking at moving the firewalling off to a dedicated

 box like an SRX or ASA, but probably not at our current size, if possible).</span>

</li><li class="MsoNormal" style="color:black"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"">NAT64

</span></li><li class="MsoNormal" style="color:black"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"">IPSec (around 10 Mbps of AES256/SHA traffic).</span>

</li><li class="MsoNormal" style="color:black"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"">NetFlow</span>

</li><li class="MsoNormal" style="color:black"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"">HSRP / VRRP</span>

</li><li class="MsoNormal" style="color:black"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"">IPv6 Support</span>

</li><li class="MsoNormal" style="color:black"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"">LNS (Up to 200 sessions).</span>

</li><li class="MsoNormal" style="color:black"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"">MPLS PE</span>

</li><li class="MsoNormal" style="color:black"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"">QinQ Tunnel / QinQ Termination</span>

</li></ul>

<div>

<div>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">Appreciate any insights that can be given on which path to take.</span></p>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"> </span></p>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">Thanks!</span></p>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"> </span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">Rhys Hanrahan</span><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">Chief Information Officer</span><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">Nexus One Pty Ltd</span><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"> </span><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">E: <a href="mailto:support@nexusone.com.au" target="_blank">support@nexusone.com.au</a></span><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">P: +61 2 9191 0606</span><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">W: <a href="http://www.nexusone.com.au/" target="_blank">http://www.nexusone.com.au/</a></span><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">M: PO Box 127, Royal Exchange NSW 1225</span><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">A: Level 10, 307 Pitt Street, Sydney NSW 2000</span><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"> </span><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"></span></p>

<p class="MsoNormal"><span lang="EN-AU" style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black"><img id="Picture_x0020_1" src="cid:part3.06030709.05000205@apcs.com.au" alt="cid:AC695111-1B5F-45C1-B097-6093A0880284" height="47" width="302" border="0"></span><span lang="EN-AU" style="font-size:11.0pt; font-family:"Cambria","serif"; color:black"></span></p>

</div>

</div>

</div>

</div>

<br>

<fieldset class="mimeAttachmentHeader" target="_blank"></fieldset> <br>

<pre>_______________________________________________

AusNOG mailing list

<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a>

<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a>

</pre>

</blockquote>

<br>

</div>

</div>

</div>

</div>

</body>

</html>