Re: Home CPE choice

[Owen DeLong <owen () delong com>]

Yeah, the one unfortunate ting in the J-series and SRX-series is that after 9.6
you have to put in a whole bunch of config to turn it back into a router.
JunOS on these "services" routers now wants to behave like a netscreen
until bludgeoned otherwise.  The way to achieve this is not intuitively
obvious, especially the forwarding-options mpls (which affects inet,
not just mpls) and the flow stuff.

Owen


Here's a useful template for those that care:

security {
    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                    bgp;
                    ospf;
                    router-discovery;
                }
            }
            interfaces {
                all;
            }
        }
    }
    alg {
        dns disable;
        ftp disable;
        h323 disable;
        mgcp disable;
        msrpc disable;
        sunrpc disable;
        real disable;
        rsh disable;
        rtsp disable;
        sccp disable;
        sip disable;
        sql disable;
        talk disable;
        tftp disable;
        pptp disable;
    }
    forwarding-options {
        family {
            inet6 {
                mode packet-based;
            }
            mpls {
                mode packet-based;
            }
        }
    }
    flow {
        allow-dns-reply;
        tcp-session {
            no-syn-check;
            no-syn-check-in-tunnel;
            no-sequence-check;
        }
    }
}

On Mar 31, 2010, at 4:23 PM, Iain Morris wrote:

> Juniper's SSG5 and SRX100 are nice options for home.  I've enjoyed an SSG5
> for awhile now.  SRX100 for junos.  SSG5's pop up on ebay occasionally for a
> few $100.
>
> -Iain
>
> On Wed, Mar 31, 2010 at 4:18 PM, Marty Anstey <marty.anstey () sunwave net>wrote:
>
> > > Hopefully this e-mail is considered operational content :)
> > >
> > >
> > > The recent thread on the new linkys kit and ipv6 support got me
> > > thinking about CPE choice.
> > >
> > > What good off the shelf solutions are out there? Should one buy the
> > > high end d-link/linksys/netgear products? I've had bad experiences
> > > with those (netgear in particular).
> > >
> > > Should one get a "real" cisco router? The 877 or something? Maybe an
> > > ASA or the new small business targeted ISR (can't recall the model
> > > number off hand right now). There is mikrotik but I'm not so sure
> > > about the operating system.
> > >
> > > Is there a market for a new breed of CPE running OpenWRT or pfsense on
> > > hardware with enough CPU/RAM to not fall over?
> > >
> > > Granted that won't cost $79.00 at best buy. However it seems to me
> > > that decent CPE is going to run a couple hundred dollars in order to
> > > have sufficient ram/cpu.
> > >
> > > My current home router is a cisco 1841. I keep my 6mbps DSL line
> > > pretty much saturated all the time. Often times my wife will be
> > > watching Hulu in the living room, I'll be streaming music and running
> > > torrents (granted I have tuned my Azures client fairly well) all at
> > > the same time and it's a good experience.  Running that kind of
> > > traffic load through my linksys would cause it to need a reboot once
> > > or more a day.
> > >
> > > What are folks here running in SOHO environments that doesn't require
> > > too frequent oil changes :)
> > I run FreeBSD on a PIII; I can easily saturate my 15mbit cable
> > connection without it breaking a sweat. I also have a couple Cisco
> > 2610's, one of which is my ipv6 tunnel endpoint.
> >
> > -M
>
>
> -- 
> -- -
> Iain Morris
> iain.t.morris () gmail com