[AusNOG] Cisco 7201 vs Juniper SRX 550 for border routers
Tony Wicks
tony at wicks.co.nz
Tue Apr 15 16:23:57 EST 2014
With your budget I really think you should look at the Mikrotik range, they
can do 10G easily and LNS works really well. Most Network guys are still in
the "it can't work, it's too cheap" mindset, but really it's better to get a
really good set of Mikrotik's than a crappy old set of name brand routers. I
used them for LNS termination of dial ups 10 years ago and I know of many
small ISP's using them for everything. I've also has faster and better
support out of them than Cisco, that's for sure.
http://routerboard.com/CCR1036-8G-2Splus
There is a 72core box with dual power coming out very soon.
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Rhys
Hanrahan
Sent: Tuesday, 15 April 2014 5:44 p.m.
To: Skeeve Stevens
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Cisco 7201 vs Juniper SRX 550 for border routers
Hi Skeeve,
Appreciate the feedback. Would you suggest that a cluster of SRX 550s on the
edge, with 7201s as dedicated LNSs could work in our situation? Would it be
likely that the SRX 550 can obtain the kind of throughput (or close to) that
I'm looking for?
Multiple roles on our edge is hard for us to avoid since we're coming from a
router on a stick setup. Bringing in a collapsed core and distribution layer
is new for us. 1:1 NAT is also hard to avoid, given the difficulty of
obtaining IPs - just filling out our current cage will likely more than use
up the maximum /22 allocation. So it's something we've always done for
customer servers, to try and conserve space as much as possible.
I've looked at ASR1Ks and MX5 bundles, and it's just too much of a jump in
price for us right now (considering what hardware we're coming from - think
Linux router). I could go for MikroTik, but rather something that can be
more widely supported and with more documentation, so it's easier for our
team to support.
Moving to something like those is definitely on the road-map, but we need an
affordable border router to get us half-way there, and build up the customer
base before we move all the way to MX or ASR routers.
Rhys Hanrahan
Chief Information Officer
Nexus One Pty Ltd
E: support at nexusone.com.au <mailto:support at nexusone.com.au>
P: +61 2 9191 0606
W: http://www.nexusone.com.au/
M: PO Box 127, Royal Exchange NSW 1225
A: Level 10 307 Pitt St, Sydney NSW 2000
_____
From: Skeeve Stevens [skeeve+ausnog at eintellegonetworks.com]
Sent: Tuesday, 15 April 2014 3:13 PM
To: Rhys Hanrahan
Cc: ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] Cisco 7201 vs Juniper SRX 550 for border routers
Rhys,
Firstly, the 7201's are great LNS's... the only issue is throughput (max
1Gb)
The SRX500's are great - firewalls. We generally use them as such, with
MX5's in front of them, but they can face the world just fine by themselves.
You cannot compare a 7201 and SRX550 - completely different devices for
different purposes.
The MX5's can be LNS's (up to 4000 users), but they aren't that cheap.
The SRX platform is excellent, but not all models... for example, I avoid
the 650's. The 550's I run in cluster in multiple locations and they seem
to work great, with little or no issues and doing a multitude of tasks on
the same box.
If you want cheap (and nasty) go the Mikrotik, but wash yourself afterwards
:)
You should also not be doing BGP edge and LNS on the same device... separate
for a happier life.
Regarding features of the 7201. They start at 1Gb TP with doing nothing
else... but degrade quickly of you throw ACL's, QoS and rate-limiting at it,
and if you want to destroy it, through PBR as well. Then it will end up as
an 877 :)
...Skeeve
Skeeve Stevens - eintellego Networks Pty Ltd
skeeve at eintellegonetworks.com <mailto:skeeve at eintellegonetworks.com> ;
www.eintellegonetworks.com <http://www.eintellegonetworks.com/>
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
facebook.com/eintellegonetworks <http://facebook.com/eintellegonetworks> ;
linkedin.com/in/skeeve <http://linkedin.com/in/skeeve>
twitter.com/theispguy <http://twitter.com/theispguy> ; blog:
www.theispguy.com <http://www.theispguy.com/>
The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
On Tue, Apr 15, 2014 at 2:20 PM, Rhys Hanrahan <rhys at nexusone.com.au
<mailto:rhys at nexusone.com.au> > wrote:
Hi Everyone,
We are currently in the middle of upgrading some our network hardware, and
was hoping that I could get some input on deciding on a pair of border
routers.
Initially we were looking at the Juniper MX series for this role, but found
it's a bit outside our price range (for now). In trying to keep it all
Juniper (as we'll most likely use EX-series for our core and access layers),
we have been looking at the Juniper SRX 550 routers for our border. They
seem like they will do the job for our needs, but are missing LNS
functionality, which is something we'd have to purchase 7201s for in the
future, and so therefore I'm also looking at just buying 7201s instead.
Logically to me, since the SRX is (apparently) newer hardware, it should
perform better than the 7201s. My anecdotal evidence, however, suggests
otherwise, and I'm looking to confirm that in terms of real-world
performance. Comparing the spec sheets between the SRX 550 and the 7201, on
paper it looks like the 7201 beats out the SRX in terms of performance
(mainly PPS). It also sounds like the SRXs store multiple copies of BGP
routes in memory and so where a pair of full sets of internet routes for the
SRX is not possible, it's still possible on 7201s.
>From all that I've read and heard from various people, it seems that
generally, the Juniper SRX series is not held in a high regard in terms of
reliability or performance, compared to something like the MX series (which
is to be expected really). Whereas I hear a lot of good things of the 7200
series, despite the fact it's EOL, it's still being used and is a reliable
range. Due to these factors, despite it being an older router, I am leaning
towards the 7201s as it seems like an all-around better choice in terms of
reliability and performance.
My main hesitation in going with the 7201s is that, we'll be using them for
quite a lot, and I'm unsure of how quickly the performance will drop if I
start using more features. So I was hoping that someone could give some
real-world input so say which would likely be the better choice. Overall
right now, I'm still siding with a pair of 7201s.
Here is a summary of what we'll be using the border routers for:
* BGP (Initially only a default route, but potentially 2xfull internet
routes in future. Plus IX routes.)
* OSPF (Up to 50 or so routes)
* Static NAT (up to 100K active translations)
* Up to 400 Mbps IP Transit
* Up to around 25K ACLs (we currently firewall customer servers on the
border. We're looking at moving the firewalling off to a dedicated box like
an SRX or ASA, but probably not at our current size, if possible).
* NAT64
* IPSec (around 10 Mbps of AES256/SHA traffic).
* NetFlow
* HSRP / VRRP
* IPv6 Support
* LNS (Up to 200 sessions).
* MPLS PE
* QinQ Tunnel / QinQ Termination
Appreciate any insights that can be given on which path to take.
Thanks!
Rhys Hanrahan
Chief Information Officer
Nexus One Pty Ltd
E: support at nexusone.com.au <mailto:support at nexusone.com.au>
P: +61 2 9191 0606
W: http://www.nexusone.com.au/
M: PO Box 127, Royal Exchange NSW 1225
A: Level 10, 307 Pitt Street, Sydney NSW 2000
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140415/a98b44f6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7083 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140415/a98b44f6/attachment-0001.png>
More information about the AusNOG
mailing list