Routing

We have a number of J6350 routers deployed.  On some of them, IPsec tunnels are configured under the [edit security] hierarchy using st0 interfaces, which are using the "bind-interface" statement within the vpn config.  On other routers, IPsec tunnels are configured under the [edit services] hierarchy using sp-0/0/0 interfaces.  In the latter, next-hop service sets are used.

I'm not sure why these were configured using two different methods.  They all seem to be accomplishing the same thing - running ospf/bgp across the tunnels.  Are there any advantages to using one configuration method over the other?

Hello,

---

@mkwmike1 wrote:

We have a number of J6350 routers deployed.  On some of them, IPsec tunnels are configured under the [edit security] hierarchy using st0 interfaces, which are using the "bind-interface" statement within the vpn config.  

---

This is JUNOS-ES config style. JUNOS-ES (Enhanced Services) is the flavor of JUNOS first introduced on J-series in parallel with regular JUNOS, then JUNOS-ES made its way to SRX too. And regular JUNOS on J-series is now EOL (latest regular JUNOS supported on J-series is 9.3R4.4). Regular JUNOS on J-series is also referred to as "legacy services JUNOS".

---

@mkwmike1 wrote:

  On other routers, IPsec tunnels are configured under the [edit services] hierarchy using sp-0/0/0 interfaces.  In the latter, next-hop service sets are used.

 

 

---

This is regular JUNOS config style. It is supported on M/T-series (MS-PIC hardware is required on M/T-series), MX (MS-DPC is required) and J-series with "legacy services"/regular JUNOS 9.3R4.4 or earlier.

HTH

Thanks

Alex