[AusNOG] Cisco 7201 vs Juniper SRX 550 for border routers

Jacob Kino jacob at interconnekt.com.au
Tue Apr 15 14:58:39 EST 2014 

I agree with James - we had a similar requirement to you overall and split the LNS requirement to a separate platform as this made more sense and widened the field.

You can purchase new old stock Cisco 7201's pretty cheaply. We only use ours for DSL tails and terminate everything else on our hardware based routers which can do multiple 10 gig.

Cheers,

Jacob


Jacob Kino

[Description: Description: Description: Description: cid:image001.png at 01CB42C9.6D8BCF90]

Suite 5, 25-27 Izett St
Prahran, VIC, 3181

e-mail     jacob at interconnekt.com.au<mailto:jacob at interconnekt.com.au>
phone     1300 852 842
fax          03 9011 6298
www      www.interconnekt.com.au<http://www.interconnekt.com.au/>




From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of James Braunegg
Sent: Tuesday, 15 April 2014 2:52 PM
To: Tony Wicks; 'Rhys Hanrahan'
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Cisco 7201 vs Juniper SRX 550 for border routers

Dear Rhys

The Problem with both the Cisco 7200 and SRX550 platforms these are essential software based routers with no dedicated Asics and limited capacity for expansion and growth with 10gbit interfaces becoming more common these days I can see transit requirements increasing significantly !!

Buying a routing platform which is has hardware asics for the data and control plane will give you large amounts of flexibility and growth, however your LNS requirements makes your hardware choice limited !

Kindest Regards

James Braunegg
P:  1300 769 972  |  M:  0488 997 207 |  D:  (03) 9751 7616
E:   james.braunegg at micron21.com<mailto:james.braunegg at micron21.com>  |  ABN:  12 109 977 666
W:  www.micron21.com/ddos-protection<http://www.micron21.com/ddos-protection>   T: @micron21


[Description: Description: Description: Description: M21.jpg]
This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer.

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Tony Wicks
Sent: Tuesday, April 15, 2014 2:37 PM
To: 'Rhys Hanrahan'
Cc: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] Cisco 7201 vs Juniper SRX 550 for border routers

To be frank here, with your requirements below you need better boxes. Juniper MX5 for routing and Cisco ASR1k for BNG. If you got for the EOL Cisco's or lower end SRX Junipers you will just need to change them out when they run out of grunt. If you want cheap LNS then use Mikrotik CCR.

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Rhys Hanrahan
Sent: Tuesday, 15 April 2014 4:21 p.m.
To: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: [AusNOG] Cisco 7201 vs Juniper SRX 550 for border routers

Hi Everyone,

We are currently in the middle of upgrading some our network hardware, and was hoping that I could get some input on deciding on a pair of border routers.

Initially we were looking at the Juniper MX series for this role, but found it's a bit outside our price range (for now). In trying to keep it all Juniper (as we'll most likely use EX-series for our core and access layers), we have been looking at the Juniper SRX 550 routers for our border. They seem like they will do the job for our needs, but are missing LNS functionality, which is something we'd have to purchase 7201s for in the future, and so therefore I'm also looking at just buying 7201s instead.

Logically to me, since the SRX is (apparently) newer hardware, it should perform better than the 7201s. My anecdotal evidence, however, suggests otherwise, and I'm looking to confirm that in terms of real-world performance. Comparing the spec sheets between the SRX 550 and the 7201, on paper it looks like the 7201 beats out the SRX in terms of performance (mainly PPS). It also sounds like the SRXs store multiple copies of BGP routes in memory and so where a pair of full sets of internet routes for the SRX is not possible, it's still possible on 7201s.

>From all that I've read and heard from various people, it seems that generally, the Juniper SRX series is not held in a high regard in terms of reliability or performance, compared to something like the MX series (which is to be expected really). Whereas I hear a lot of good things of the 7200 series, despite the fact it's EOL, it's still being used and is a reliable range. Due to these factors, despite it being an older router, I am leaning towards the 7201s as it seems like an all-around better choice in terms of reliability and performance.

My main hesitation in going with the 7201s is that, we'll be using them for quite a lot, and I'm unsure of how quickly the performance will drop if I start using more features. So I was hoping that someone could give some real-world input so say which would likely be the better choice. Overall right now, I'm still siding with a pair of 7201s.

Here is a summary of what we'll be using the border routers for:

  *   BGP (Initially only a default route, but potentially 2xfull internet routes in future. Plus IX routes.)
  *   OSPF (Up to 50 or so routes)
  *   Static NAT (up to 100K active translations)
  *   Up to 400 Mbps IP Transit
  *   Up to around 25K ACLs (we currently firewall customer servers on the border. We're looking at moving the firewalling off to a dedicated box like an SRX or ASA, but probably not at our current size, if possible).
  *   NAT64
  *   IPSec (around 10 Mbps of AES256/SHA traffic).
  *   NetFlow
  *   HSRP / VRRP
  *   IPv6 Support
  *   LNS (Up to 200 sessions).
  *   MPLS PE
  *   QinQ Tunnel / QinQ Termination
Appreciate any insights that can be given on which path to take.

Thanks!

Rhys Hanrahan
Chief Information Officer
Nexus One Pty Ltd

E: support at nexusone.com.au<mailto:support at nexusone.com.au>
P: +61 2 9191 0606
W: http://www.nexusone.com.au/
M: PO Box 127, Royal Exchange NSW 1225
A: Level 10, 307 Pitt Street, Sydney NSW 2000

[cid:AC695111-1B5F-45C1-B097-6093A0880284]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140415/f3850b37/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 11500 bytes
Desc: image001.png
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140415/f3850b37/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 2683 bytes
Desc: image002.jpg
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140415/f3850b37/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 7083 bytes
Desc: image003.png
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140415/f3850b37/attachment-0001.png>

More information about the AusNOG mailing list