dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
20
aryoba
MVM
join:2002-08-22

aryoba to TomS_

MVM

to TomS_

Re: [H/W] Value

said by TomS_:

Why not just get a pair of decent, standalone switches, instead of modules for a router?

Ive always bee a fan of leaving routing to routers and switching to switches.

I think because routing capabilities on Cisco 3560 and 3750 switches are limited. For instance the switches only support VRF lite while 3845 router support the standard VRF routing.

Perhaps a better bang is to get Juniper SRX firewall that can do BGP, VRF, L2 VPN, Spanning Tree, and security in one box

Da Geek Kid
join:2003-10-11
::1

Da Geek Kid

Member

I would actually use either a ex-3200 or for full redundancy ex-4200 for mpls, etc capabilities..

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix

Premium Member

well I would never use a junicrap device at home, and if I had a say I wouldn't at work ether.

Da Geek Kid
join:2003-10-11
::1

Da Geek Kid

Member

Now that would completely makes sense. Since that would only mean you have not experienced Cisco like the rest of us, but in time you will see beyond tunnel vision.

My mom always said never put your eggs in one basket.

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

1 edit

DarkLogix

Premium Member

and never put your eggs in a broken basket.
you haven't had the experience I have with juniper in time you'll come to hate it as much as me.

Da Geek Kid
join:2003-10-11
::1

Da Geek Kid

Member

broken basket is correct. No manufacturer is perfect being Fortinet, Juniper, Brocade, Cisco, Alcatel, Nortel, etc... They all do great in some of their devices and all can be used in a one network efficiently.
aryoba
MVM
join:2002-08-22

aryoba

MVM

Based on my experience, Juniper is stable when you do not do anything fancy; just pure routing, pure switching, or pure firewall. This is why Juniper is popular in ISP environment where they are part of core infrastructures.

Cisco on the other hand may be designed towards corporate environment, so they may withstand with fancy stuff corporations need. Cisco online documentation is also another plus compared to Juniper.

Btw, if you ever work with Arista; I think you'll love them

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by aryoba:

Btw, if you ever work with Arista; I think you'll love them

if you like cheap, feature poor white boxes that are just meant to pass packets.

q.
aryoba
MVM
join:2002-08-22

aryoba

MVM

said by tubbynet:

said by aryoba:

Btw, if you ever work with Arista; I think you'll love them

if you like cheap, feature poor white boxes that are just meant to pass packets.

q.

When the intention is not doing anything fancy, just pure speed and throughput; I think Arista will do in some situations specially when you can be getting paid $$$$ as a result of designing such network

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by aryoba:

When the intention is not doing anything fancy, just pure speed and throughput; I think Arista will do in some situations specially when you can be getting paid $$$$ as a result of designing such network

yes. the issue is that the lack of features have an opportunity cost to the customer. understanding and knowing this is pretty important to ensure that you don't end up making someone very angry later down the road.

i'm not saying that cheap, fast, and dumb is bad. if there wasn't money to be had, cisco would not be producing the nexus 9000 series. there is a lot of money to be made in the msdc space and cisco needs an answer to compete with arista. api's and cost will be king here.

q.
aryoba
MVM
join:2002-08-22

aryoba

MVM

On different perspective, the upside of Arista is that you always get the right person every time you call the first time for technical support. The support (either technical or administrative) can also provide pretty quick solution. None of these are applied to larger vendors such as Cisco and Juniper, where they have layers of supports and long process of getting things done.

I recalled that some Arista people came from Cisco due to situation that Cisco has been too bureaucratic, too layer-up, and too slow to push things through. Maybe this is the reason why Arista CLI commands are very much similar to Cisco. Even Arista support is capable to read through Cisco IOS tech-support dump

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by aryoba:

the upside of Arista is that you always get the right person every time you call the first time for technical support.

if you call tac for anything more than a hardware rma -- you're holding it wrong(tm).

q.

Da Geek Kid
join:2003-10-11
::1

Da Geek Kid to aryoba

Member

to aryoba
I can attest to the fact about cisco that you get the round robin with TAC just trying to find an issue where routing says switching, switching says vpn, etc, etc, etc back to routing... lol
HELLFIRE
MVM
join:2009-11-25

HELLFIRE

MVM

...depends who designed the gongshow in the first place. Straight up 6500 routing / switching, I haven't had
too many round robins. THEN you get ppl that think that putting EVERYTHING and the kitchen sink into a chassis...
then scream, rant and rave when it doesn't work, and to "get Cisco on the line..."

Or the *shudder* IOS / CATOS hybrid jobs that JUST seem to not want to die. I swear sometimes I just want to
put an IOS TAC engineer and a CATOS TAC engineer in a room and let them fight to the death...

My 00000010bits

Regards

TomS_
Git-r-done
MVM
join:2002-07-19
London, UK

2 edits

TomS_ to DarkLogix

MVM

to DarkLogix
Juniper is far from broken. Pretty sure Ive said something like this in response to one of your anti-Juniper "rants" in the past.

If Juniper were anywhere near as bad as you purport it to be I doubt theyd still be in business, and I doubt theyd be powering the cores of numerous tier 1 networks around the globe. Id wager that a lot of your activity online each day passes through a lot of Juniper kit. And given the fact its not all crashing and burning it must be doing an alright job.

Youre going to have to get specific with your definition of broken so that your objections have more credability. Until then they are just a generic, weightless stabs in my view.

Quite simply nothing is perfect.
TomS_

TomS_ to aryoba

MVM

to aryoba
Which platform are you talking about when you say nothing fancy?

Da Geek Kid
join:2003-10-11
::1

Da Geek Kid to TomS_

Member

to TomS_
OK, so juniper aint perfect, I agree and neither is cisco. One easy example is the SRX class and it's VPN capability is just utter, hmm, let's say you could only set it for site to site. The dynamic VPN is non existent. If you Could get going, it would only work on very specific devices and certain options only.

TomS_
Git-r-done
MVM
join:2002-07-19
London, UK

TomS_

MVM

Those are the kinds of examples of "broken" that I am asking DarkLogix to make.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to Da Geek Kid

MVM

to Da Geek Kid
I'm also curious about what you mean by the comment "The dynamic VPN is non existent" as well Da Geek Kid See Profile
I'm guessing this is with an SRX serving as a remote access VPN headend in a (non)split tunnel configuration
with IPSec or SSL VPN, right?

Got an example... just for reference? Also what did JTAC have to say about that... if anything?

Regards

Da Geek Kid
join:2003-10-11
::1

Da Geek Kid

Member

JTAC unsupported still. It works on screenOS and btw split or not does not matter although non-split is the goal. Hence, Fortinet...
aryoba
MVM
join:2002-08-22

aryoba to HELLFIRE

MVM

to HELLFIRE
We have been using remote dynamic VPN solution to SRX firewall to RDP or simply ssh into servers and PCs from home or anywhere in the world. Though our connectivity attempt experience has not been well, it is still working. In addition, JTAC was able to assist with any problem we had during those not-well experience.

Just sharing
aryoba

aryoba to TomS_

MVM

to TomS_
said by TomS_:

Which platform are you talking about when you say nothing fancy?

Here is an Arista link describing a solution using 7150 switch when the network requirement is simple, pure performance and throughput; which such switches have been in production network in lots of organizations.
»www.aristanetworks.com/e ··· 0-series
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to aryoba

MVM

to aryoba
@Da Geek Kid / aryoba
Ahh, thanks for sharing that.

Regards

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix

Premium Member

Wow just looking over ebay I lucked out on the 3845 with an AC-IP powersupply

just an 3845 AC-IP power supply is going for over $200 and I got a chassis with one for under $100 (still had to buy the MB but still nice deal)

but looks like I'll have to pony up the $200 for the 2nd one (doubtfull I'll find another like it) (took note that the 3845's part number was "cisco3845 - AC -IP V05" and after asking the seller if it was the AC or AC-IP it was confirmed to be the AC-IP powersupply

woot lucky me.
then thanks to googleing I got the 1gb ram upgrade at a good price, and the seller of the MB sent me the missing 128MB flash.

so all that's left is to get a 2nd powersupply but that's not urgent, I plan to swap the 3845 in for the 3745 this weekend then hopefully I'll be able to get a good price on selling the 3745 gear.
DarkLogix

DarkLogix

Premium Member

Well just booted the 3845 seems it doesn't have the latest Rommon

I wonder you think there's any chance the MB seller might be able to provide the latest Rommon? (I know there's no way I'll get the latest IOS though)

Da Geek Kid
join:2003-10-11
::1

Da Geek Kid

Member

why would you need the latest rommon? are you going to run a card that the rommon does NOT recognize in IOS?

I detest folks who'd always want to upgrade just so that they say it runs the latest code... Well latest Code SUCKS! unless your current code SUCKS a lot more that you can tell, then OK!

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix

Premium Member

Well in the past I has an issue on my 3745 with an outdates rommon and using 512mb ram with a 2nd NM module

I look at Rommon as a bios update and IOS as an OS update and I always like to have the latest bios on any server/computer/ect before it goes into use.

TomS_
Git-r-done
MVM
join:2002-07-19
London, UK

TomS_

MVM

So, work out if you have an issue that needs fixing by a more recent ROMMON, then worry about trying to get an update for it.

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix

Premium Member

Well I just now swapped routers but it looks like the nat isn't working out

I'll post a new thread
DarkLogix

DarkLogix

Premium Member

all's working good on the new router

heres a pic of my network.
»Home network updated