Hello All,
I am tasked with replacing an old linux router setup with Juniper gear in the near future. Though I am a Cisco guy myself.
Does anyone know of any older cheap Juniper gear I might find on Ebay so that I may build a home lab without going broke?
Thanks!
A slightly more useful way of answering this then just pointing to eBay
is to give some candidates.
Routing/switching *config*, firewalling - Branch SRX / J
The lower end SRX, and J series devices are nice as they take nearly all
the config (except MX-type bridging, and some EX bits), including MPLS.
Switching - EX [34]200
The 4200 & 3200 are essentially the flagship, and if you can only buy
one switch for a lab make it one of those
Routing - M5/10/7i/10i/20
A bunch of the smaller and older M series kit is now fairly cheaply
available. These are still quite nice boxes, and support SONET and ATM
unlike the platforms above should you need them.
MX Routing - MX 80 (new)
The MX80 (or as locked 5/10/40 variants) is by far the cheapest way to
test the MX-specific ethernet services, as long as you don't want BRAS
functionality.
Juniper do have a bunch more lines, but those are the most common
(there's also the E/ERX BRAS boxes and ScreenOS firewalls, but both are
not long for this world).
If you just want one box to get to know the OS an SRX2X0 (or possibly a
100) is by far the most flexible way, and can be had for < $500 used).
I think GNS3 can emulate Juniper devices.
-dan
Dan Brisson
Network Engineer
University of Vermont
(Ph) 802.656.8111
dbrisson@uvm.edu
I am tasked with replacing an old linux router setup with Juniper gear
in the near future. Though I am a Cisco guy myself.Does anyone know of any older cheap Juniper gear I might find on Ebay so
that I may build a home lab without going broke?A slightly more useful way of answering this then just pointing to eBay
is to give some candidates.Routing/switching *config*, firewalling - Branch SRX / J
The lower end SRX, and J series devices are nice as they take nearly all
the config (except MX-type bridging, and some EX bits), including MPLS.
But not so nice in that they run Services JunOS instead of real JunOS meaning that they behave like Netscreens with a JunOS style configuration file instead of behaving like Junipers.
If you're wanting to model Services JunOS, then, yes, the SRX-100 is a good candidate and dirt cheap.
If you want real JunOS, avoid SRX or J series at all costs.
Juniper do have a bunch more lines, but those are the most common
(there's also the E/ERX BRAS boxes and ScreenOS firewalls, but both are
not long for this world).
Don't forget their SSL VPN boxes which are an acquired doesn't behave at all like a Juniper device line of products.
If you just want one box to get to know the OS an SRX2X0 (or possibly a
100) is by far the most flexible way, and can be had for < $500 used).
With the caveat about Services JunOS above.
Owen
I find it humorous that you think J/SRX junos isn't real junos.
So what makes it not real junos? The fact it has a flowd process? Lets
technically talk about this for a moment.
Realistically one of the only differences between "flow based junos"
and the legacy "packet based junos" is the flowd process. Which can be
easily bypassed by issuing a couple of configuration commands. So what
exactly makes this platform/code so horrible and not "real" junos?
If anything to me it's a better platform to deploy and learn on. It's
more flexible as it comes with more advanced flow based features but
they are optional. There are certain limitations as mentioned
previously around the switching and class of service however these
same feature limitations were also in the "real" junos low end
devices.
If there are other differences that I am unaware of then by all means
feel free to educate me. I am well aware that branch devices don't
have the capabilities of the MX/M series in regards to ATM and other
such specific platforms, but you called this "not real junos". So lets
keep any responses limited to that aspect.
-Tim Eberhard
Have you considered this http://www.juniper.net/us/en/products-services/software/junos-platform/junosphere/lab/
Regards,
N.
I find it humorous that you think J/SRX junos isn't real junos.
So what makes it not real junos? The fact it has a flowd process? Lets
technically talk about this for a moment.
The fact that you can't put it into flow mode.
Realistically one of the only differences between "flow based junos"
and the legacy "packet based junos" is the flowd process. Which can be
easily bypassed by issuing a couple of configuration commands. So what
exactly makes this platform/code so horrible and not "real" junos?
Actually, not. Try again. It can be partially bypassed. There are real and
serious differences in how forwarding works in flow-based JunOS and
how it behaves under many circumstances.
If anything to me it's a better platform to deploy and learn on. It's
more flexible as it comes with more advanced flow based features but
they are optional. There are certain limitations as mentioned
previously around the switching and class of service however these
same feature limitations were also in the "real" junos low end
devices.
They aren't entirely optional and that is the problem. You can't actually
completely bypass them and they do sometimes get in the way.
If there are other differences that I am unaware of then by all means
feel free to educate me. I am well aware that branch devices don't
have the capabilities of the MX/M series in regards to ATM and other
such specific platforms, but you called this "not real junos". So lets
keep any responses limited to that aspect.
I believe that the flow-based routing goes quite a bit deeper than
just having a flowd. It causes a number of problems with tunnel
recursion among other things.
Sure, if you want a firewall, flow-based JunOS is a pretty nice set of
firewall features. However, if you just want to forward packets, it can
really suck to have to work around it's flow-based "features".
Owen
Does anyone know of any older cheap Juniper gear I might find on Ebay so that I may build a home lab without going broke?
I got my J series cheap off of ebay because it wouldn't power on. Turns out getting a replacement power supply was very difficult from Juniper or the manufacturer of the power supply. I ended up rebuilding a PC supply to do the job.
Now to find rack ears and a module slot cover. Juniper quoted $150+ for the rack ears. If I can find a set, I think I might look to make a bunch of them.
There is no "olives".
I find it humorous that you think J/SRX junos isn't real junos.
So what makes it not real junos? The fact it has a flowd process? Lets
technically talk about this for a moment.The fact that you can't put it into flow mode.
s/flow/packet/
(oops, wasn't awake yet)
If it runs JunOS, then yeah, it's real JunOS. It might not have the
feature you're looking for, but that's something different.
The Juniper ERX edge routers are what isn't "real" JunOS.
It's as if they were trying to make a clone of the IOS CLI:
http://www.juniper.net/us/en/products-services/software/junos-platform/junosphere/lab/
use. like.
randy
Actually, this is possible:
prox@asgard> show configuration security
forwarding-options {
family {
inet6 {
mode packet-based;
}
mpls {
mode packet-based;
}
}
}
The above is from an SRX210B, but the same configuration will work on
any J-series or /branch/ SRX-series platform.
Don't let the "mpls" keyword throw you off. This actually causes the
box to run the inet /and/ mpls address families in packet mode.
- Mark
I find it humorous that you think J/SRX junos isn't real junos.
If it runs JunOS, then yeah, it's real JunOS. It might not have the
feature you're looking for, but that's something different.
No, it's not. Flow mode is NOT packet mode and it doesn't really ever run packet
mode in the current version. This has fundamental and significant impacts on the
way packets are handled when being forwarded through the box which come with
side-effects that cannot be overcome by mere configuration changes.
The Juniper ERX edge routers are what isn't "real" JunOS.
It's as if they were trying to make a clone of the IOS CLI:
Those are not JunOS at all. They don't really try to pretend to be.
The SRX and J-Series Services routers, OTOH, are most definitely pretending to be
JunOS while not behaving like JunOS at certain fundamental levels.
Owen
The fact that you can't put it into flow mode.
s/flow/packet/
(oops, wasn't awake yet)Actually, this is possible:
prox@asgard> show configuration security
forwarding-options {
family {
inet6 {
mode packet-based;
}
mpls {
mode packet-based;
}
}
}The above is from an SRX210B, but the same configuration will work on
any J-series or /branch/ SRX-series platform.
Right, sort of. To the extent that it works. It doesn't actually do everything you
think it should, and, it's somewhat dependent on the version of JunOS as to
how well it does or doesn't work.
Don't let the "mpls" keyword throw you off. This actually causes the
box to run the inet /and/ mpls address families in packet mode.
I'm not unfamiliar or uninitiated in this regard. I had tickets with Juniper for
over a year and it escalated quite high up their escalation chain before they
finally admitted "Yeah, Services JunOS is different and it behaves differently
and if you need to do what you're trying to do, you should buy an M or MX
series."
It's quite unfortunate. I'd really like for the SRX series to not be so crippled for
my purposes.
Owen
Owen,
While I know you are a smart engineer and obviously have been working
with this gear for a long time you're really not adding anything or
backing up your argument besides saying yet again the packet
forwarding is different. While this maybe true..It's my understanding
that enabling packet mode does turn it into a normal packet based
junos.
Admittedly I have limited experience with turning these branch devices
into pure packet mode so instead of repeating the same thing over and
over why not provide links and other documentation showing the
difference?
Do you have an example of this crippledness?
While it may not forward packets exactly like an M-series or MX, for the OP's purpose of simply learning JUNOS in a home lab, it will work just fine. I learned quite a bit using Olives (which don't exist), with the understanding that there were a lot of limitations.
To the OP, I would also suggest checking out Juniper's website, specifically the 'Education' section. There are a ton of excellent learning tools on there - Learning Bytes, Web-Based Training, Day One books, etc.:
http://www.juniper.net/us/en/training/jnbooks/
https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=5853
https://learningportal.juniper.net/juniper/user_courses.aspx
-evt