SRX210 vs J2320

Robert_74 · April 2010

Completely lost and confused, any help wanted

I know that junos-jseries does not support prefix-specific feature on j2300, but junos-jsr does ( we are talking about minimum release 9.3)
However, j2300 does not support junos-jsr, only junos-jseries.

So, decided to buy a couple of SRXs, they do seem to be able to run both jseries and jsr, however the key word here is "seems" in other words I could not find explicit CLI reference to it ( searching disabilities, lack of practice, etc)

Can someone confirm whether SRX210 ( or any other SRX for the matter) support a) junos-jsr and b) prefix-specific feature ??

Many Thanks

Robert

Robert

Aldur · April 2010

I'm a little confused here too

What do you mean by "prefix-specific feature"? There are lots of "prefix-specific" features in JUNOS in general, such as in firewall filters, policy-statements, and prefix-lists to name a few.

I assume by jsr-junos you are referring to the flow based JUNOS? Is that correct.

Robert_74 · April 2010

Thanks Aldur and really sorry for possible confusion. I will try to behave

By prefix specific I mean this:

set firewall family inet prefix-action 1783 policer 1783
set firewall family inet prefix-action 1789 count
set firewall family inet prefix-action 1789 subnet-prefix-length 26
set firewall family inet prefix-action 1789 destination-prefix-length 30

This is from M series. Same I am getting on Olive with junos-jsr-9.3R2.8-export-cf256. I assume that if -jsr- supports the feature, and SRXs run on jsr, then SRXs support prefix part as well. But I am not sure hence the post ...

Thanks

Robert

Aldur · April 2010

heh, no worries, but thanks for the clarification.

And it actually doesn't look like it's supported on an SRX 210.

[edit firewall family inet]
root@home01# run show version 
Hostname: home01
Model: srx210-poe
JUNOS Software Release [10.0R2.10]
[edit firewall family inet]
root@home01# show                
##
## Warning: configuration block ignored: unsupported platform (srx210-poe)
##
prefix-action test {
    count;
    subnet-prefix-length 24;
    destination-prefix-length 32;
}

hoogen82 · April 2010

Maybe if you turn on the packet mode?

Aldur · April 2010

hoogen82 wrote: »

Maybe if you turn on the packet mode?

Are you referring to packet-mode for MPLS/INET6/ISO under security forwarding options?

[edit security forwarding-options] Hierarchy Level - JUNOS 10.0 Hierarchy and Standards Reference

hoogen82 · April 2010

Yes try the mpls mode packet-based

Aldur · April 2010

nope, still says unsupported platform

root@home01# top show security forwarding-options 
family {
    mpls {
        mode packet-based;
    }
}
[edit firewall family inet]
root@home01# show 
##
## Warning: configuration block ignored: unsupported platform (srx210-poe)
##
prefix-action test {
    count;
    subnet-prefix-length 24;
}

hoogen82 · April 2010

Okay just to confirm...

SRX 210 I believe doesn't have that support.. the command is hidden(just typing it would accept it but would it would show up as the unsupported config)....nor does SRX 640 or SRX 240..and so to conclude none of the branch series support this... I checked SRX100 too...

SRX 3400 does have this...and so does SRX 5000... It seems packet or flow doesn't matter...

Branch platforms just doesn't support this...including the Jseries when running the es image..

regress@cloyster# run show version
Hostname: cloyster
Model: srx3400
JUNOS Software Release [10.2B2]
JUNOS Support Tools Package [9.4-20090528.0]

[edit]
regress@cloyster# show firewall
family inet {
prefix-action test {
count;
subnet-prefix-length 24;
destination-prefix-length 30;
}
}

[edit]
regress@cloyster#

-Hoogen

Robert_74 · April 2010

Thanks Guys, really appreciate it !
Helped me to save a couple of grand.
The general idea was to find a cheaper substitution to M/T series ( really small project, no extra capacity required). Oh, dreams

SRX210 vs J2320

Comments