dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
18

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet to DarkLogix

MVM

to DarkLogix

Re: [H/W] ccie "rack"

said by DarkLogix:

From what I've seen cisco is more true to the tech and juniper is more aimed to remove options that aren't commonly used, and then simpilify things in a way that makes it annoying.

terribly skewed, and in my opinion, incorrect perception.
i'll let users like TomS_ See Profile comment deeper, but juniper has a solid place in a lot of core and edge sp environments. the flexibility that is offered through their constructs far exceed what cisco has to offer in the same space. things like 'flexible-vlan-tagging' and 'ethernet-ccc' have been supported for some years now and offer flexibility that cisco is now beginning to offer on its kit. things like ng-vpn and mldp for p2mp lsp's have been common place in juniper-land for upwards of two years. cisco doesn't support ng-vpn for mcast within a vpn -- and a broad consensus of many providers has ng-vpn as the mcast vpn distribution mechanism of the future. these providers have tried things like draft-rosen -- which is supported on cisco -- and know that its insufficient.

as i said earlier -- discounting a technology maker because of a single instance or experience is terribly short-sited and will help you lose credibility in the marketplace faster than almost anything.

q.
cramer
Premium Member
join:2007-04-10
Raleigh, NC
Westell 6100
Cisco PIX 501

cramer

Premium Member

terribly skewed, and in my opinion, incorrect perception.

IME, not entirely... if you're doing things the way Juniper expects, which in 99% of cases would be "normal", the hidden/built-in defaults work. But in those 1% fringe cases, you run into odd things to be changed -- eg. IPSec timers. (try running IPSec between junipers over a sat link!)

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

1 recommendation

tubbynet

MVM

said by cramer:

terribly skewed, and in my opinion, incorrect perception.

IME, not entirely... if you're doing things the way Juniper expects, which in 99% of cases would be "normal", the hidden/built-in defaults work. But in those 1% fringe cases, you run into odd things to be changed -- eg. IPSec timers. (try running IPSec between junipers over a sat link!)

if you justify an opinion based on experiences seen 1% of the time -- i can't help you there.
i can say the same for cisco -- if you try to run things other than the way that cisco "expects" you to, then you're stuck trying to find out issues (one needn't look much past copp and hwrl on the c6k for proof of this).

there is a different thought process that goes into the design and configuration of the network. look at the differences that juniper assigns to a/d with respect to bgp as compared to cisco. look at the way that juniper handles marking of packets (egress, by the way) and compare that to how cisco marks (ingress, or egress, depending on code, platform, linecard, etc). neither one is "right" or "wrong" -- its what fits your network and the way that you engineer around things. again -- discounting juniper because of a single experience (or ~1% of experience) is a dogmatic following of vendor ideology and not what should be done in a true "best of breed" network.

i'm not a juniper supporter. i work for a *very* large cisco gold partner. we make a metric $hit-ton of money hocking cisco product. if you look past marketing fluff and cisco-spin -- you'll realize that cisco, juniper, and even other vendors, have a valid place in the network depending on use case and requirements. isn't that why we all have the rfp process, after all?

q.
aryoba
MVM
join:2002-08-22

aryoba to cramer

MVM

to cramer
JUNOS on some platforms do have hidden/built-in commands and parameters. People may not be aware that IOS also have hidden/built-in commands and parameters that will show up when you deactivate or change the values. For examples, IOS default OSPF administrative distance of 110 and JUNOS default OSPF preference of 10 (internal) and of 150 (external) do not show up in configuration unless the value is changed.

My guess is that the hiding reason is the same, to simplify the configuration lines with considerations that those default settings are sufficient in most situation (and perhaps soft-force people to be single-vendor user ).
meta
join:2004-12-27
00000

meta

Member

Thats why the show run ALL command was added for some newer platforms to show all values of the device configuration, including explicitly omitted defaults.

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix to cramer

Premium Member

to cramer
said by cramer:

terribly skewed, and in my opinion, incorrect perception.

IME, not entirely... if you're doing things the way Juniper expects, which in 99% of cases would be "normal", the hidden/built-in defaults work. But in those 1% fringe cases, you run into odd things to be changed -- eg. IPSec timers. (try running IPSec between junipers over a sat link!)

And ALG's that break ssl, ftp, and some other things.

also still I can't upload to an ESXi from my computer any large file, instead I have to copy it to a server then upload it to the esxi from the server, due to the srx's corrupting of some types of file transfers.

The call to juniper support that lead to finding that an ALG needed to be turned off took forever and they wanted to blame the program. (then the latest firmware update has broken SSL to any site that does online file storage, resulting in an odd ssl error)

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by DarkLogix:

And ALG's that break ssl, ftp, and some other things.

*all* alg's are craptastic.

run a standard firewall -- either through access-rules or zones. if you need additional security -- run an application-level firewall on the system in question so that it has intrinsic knowledge of ipc and sockets being created on the server. ephemeral ports are terrible news and you're relying on a device that is more 'static' to know what is 'best' for things that are in constant 'change'.

evidence of suck-mazing performance of juniper alg's can be found on j-nsp.

q.

TomS_
Git-r-done
MVM
join:2002-07-19
London, UK

1 recommendation

TomS_ to aryoba

MVM

to aryoba
said by aryoba:

hidden/built-in commands

show version and haiku
 

Doooo iittttt. :-)