Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Why does de SSG140 have gigabit interfaces?

    Posted 02-18-2012 06:16

    Hi all,

     

    So I pulled an all-nighter to reconfigure our SSGs to transform our LAN links into giga-interfaces for our inter-VLAN routing, only to conclude with the fact that we can't get >150mbps out of it. Looking at the specs, apparently this box can do only 350mbps. Now I didn't really think of looking that up first. Why? Well, it has two giga-interfaces built-in with expansion cards of 8 and 16(!) giga-ports available. So with this in mind, no way in hell I would suspect it being able to do only 350mbps.

     

    So this whole case made me wonder: why in hell are there even two giga-interfaces built-in with the option to add even 16 more?? Are there any options available to increase the throughput of the box or something like that, like turning off screening for a zone and make it function as a pure router (but I do need access-lists as the whole point of our vlans is to isolate them from each other)?

    I'm just wondering what the use of those interfaces could be - apart from HA (and I wouldn't suspect anyone using like 6 or 8 giga-ports for redundant HA interfaces...).

     

    Thanks for your clarification

     

    Fréderic



  • 2.  RE: Why does de SSG140 have gigabit interfaces?
    Best Answer

    Posted 02-18-2012 21:03

    If you use a bridge groups then it basically acts as a switch and should be able todo full 1gbit speed. But as soon as you need to route anything then you will hit that limit.

     

    The SSG140 is getting a bit old now, the SRX240 is much faster and should be able to do 1gbit+



  • 3.  RE: Why does de SSG140 have gigabit interfaces?

    Posted 02-21-2012 04:26

    Hi all,

     

    Thanks for the replies. Good to know switching will be faster. Should've seen it really from that branch office point of view. We were actually looking to replace them with SRX's already, but in the meantime we need to carry on with these 🙂



  • 4.  RE: Why does de SSG140 have gigabit interfaces?

    Posted 02-20-2012 12:38

    As mwdmeyer said, switching (bridge groups) are one reason to have the faster ports.  The SSG140 is positioned as a branch office box, and often devices of that class are deployed in a multiple-duty scenario.  Acting as a local switch as well as a router/firewall is reasonable.

     

    Also, if the SSG is deployed in-line between routers or has a single uplink to the next hop, 100Mbps interfaces would choke the system's throughput.  Since it can move more than 100Mbps of traffic, it makes sense to have 1Gbps interfaces.

     

    1Gps interfaces doesn't imply the system can max out at that speed.  Some of the newer models can reach those speeds, but it's not a given for every product.  Along the same lines, we have some devices with 10Gbps interfaces that can't push a full 10Gbps of througput, but if it only had 1Gbps interfaces we'd have to connect multiple paths and trunk them or load balance across them, etc., to exceed 1Gbps of throughput.