[AusNOG] Juniper vs Cisco vs Brocade - what's best for BGP routing?

Skeeve Stevens skeeve+ausnog at eintellegonetworks.com
Thu Dec 12 00:01:53 EST 2013 

Chris,


On Wed, Dec 11, 2013 at 10:43 PM, Chris Ricks
<chris.ricks at securepay.com.au>wrote:

>  ...
>
 We accept a few domestic-only transit tables and the memory usage for
> these tables is surprising given my past encounters with other routers -
> I've seen Cisco 7206 boxes handle 2 full transit tables and a few IX tables
> in the same memory as the Juniper gear handles 2 domestic-only + default
> route tables.
>

The way they do BGP is different... and I suspect you are referring to the
SRX platform.


> Juniper gear (in our experience) tends to do one thing very well. By that
> I mean that if a JunOS instance is tasked with one of switching, security
> or routing the outcomes are good. Stacking two of these functions can be
> problematic and seemingly requires regular reboots of devices (JSRP is
> really a non-negotiable for firewall and/or routers - VC is the same for
> switching).  That said, the JSRP failover for BGP isn't perfect, and you
> should expect to see convergence time on failover.
>

OK... you are talking SRX's.... and yes... they do routing, switching and
firewalling... but while we love Junipers and Junos... we'd never put an
SRX on the edge running BGP for anything critical.  Firewalls, UTM, etc...
yes, but for BGP we wouldn't use anything else (in Juniper) other than the
MX platform, specifically the MX80 Family (MX5's are great for multi-gig
traffic throughput).

At the moment for a customer I am rolling out MX5's at the edge with
SRX550's behind them for the firewall/UTM/VPN functionality.

MX's are an interesting platform, being Metro Ethernet Routers/Switches...
with excellent functionality that ASR's don't have (can't speak for
Brocade).  They are also SDN ready.

JSRP on the SRX's isn't fantastic, I will give you that.  We've had a bit
of trouble with 240's, 650's, etc... but as the SRX's branch out on their
version of Junos (for now), there is much more of a focus on making some of
these features even more stable.  There is a plan within Juniper to bring
the SRX Junos back into the mainline somewhere in 14 (I think).


> One concerning outcome we have seen is the current fracturing of the JunOS
> feature base. The "single OS" promise Juniper promotes is currently
> problematic - we have multiple JunOS devices fulfilling switching, routing
> and firewall duties and the disparity of recommended JunOS versions between
> them has grown over the last 12 - 24 months.
>

Yes.. this happens... but it is still a lot better than IOS12, 15, XR, XE,
NXOS, etc.  For the most part, while there are different platforms, Junos
is still just Junos - with minor variances on how some things are done and
what is supported on different platforms.

Juniper fully acknowledges some past issues with some aspects of Junos, and
has been heavily focused on fixing that in 2012-2013, and from our
experiences, things are a lot more stable.


> With those points in mind, the fact that you have a fairly complete BSD
> environment on each JunOS box is a big deal - scripting, inspection and
> problem solving skills come across well for System Admins, the versioning
> of configuration is a welcome and cheap safety net and we're yet to see
> interoperability problems with a significant number of other vendors and
> environments.
>

BSD for now... like others, Linux will be the future for Juniper.... expect
Junos to move towards Linux around 2015-2016 or a bit later.

But yes, the API into the Junos scripting, has made our lives so much
easier... especially for large scale, rapid and on-demand deployments.

In summary.. Chris... right tool, right job.  SRX's are security devices,
MX's are routers and EX's are switches... let them do the jobs that they
are designed for.

...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
skeeve at eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
linkedin.com/in/skeeve

twitter.com/theispguy ; blog: www.theispguy.com


The Experts Who The Experts Call
Juniper - Cisco - Cloud
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20131212/e9b5f66e/attachment.html>

More information about the AusNOG mailing list