Monday, March 29, 2010

Juniper J-series routers in packed-based mode

Star from JUNOS 9.4, the packet-mode (traditional) JUNOS for J-series is no longer exist; the only version is flow-mode J-series JUNOS (the ES version.) However, packet-based mode is quite handy if people simple need a small router without worry about those session-table, symmetric routing, and etc.

In JUNOS 9.6, a statement under [security] section could bring the J-series box back to pure packet-based mode. Actually that is a side effect of another statement, but it is a good side effect, from this point of view. Which is a statement that make MPLS family to be run under packet-mode, and the side effect is to bring inet family also into packet-mode.

Under this mode, all other security policy (under [security] section) is no longer available, but stateless firewall filter works well (under [firewall] section.)

The configuration is,
[edit]
delete security
set security forwarding-options family mpls mode packet-based
There do have other side effects that IPsec VPN is no longer avalible, because IPsec VPN in 9.6 is flow-based.

No comments: