SRX Services Gateway
SRX Services Gateway

Managed CPE with various types of uplinks

‎04-14-2014 06:17 AM



We are looking at ways to offer our customers to connect to our VoIP-platform in various ways (IPSec/GRE over internet, L2 via some other provider's network, dark fiber) via a unit managed by us. Providing proactive monitoring (for example with an Accedian Nano-NID) of the connection and delivering a interface at their premises totaly to their specification with regards to IP-subnetting, IPv4/IPv6, port aggregation and media type. The traffic is then terminated in our SBC which handles overlapping IP-adressing and the such, so no address translation should be done.


Please se attached network diagram.


Current thinking is to run a virtual-router per customer in the terminating unit in our end and terminate every customer interface (wheter it be a physical or "virtual" GRE or IPSec-interfaces) together with a VLAN-interface in the VR. Then run BGP over that to be able to build redundant paths.


When it comes to the hardware, some EX switch would be nice mainly due to it not interfearing with traffic on L4 and above, SRX would be good as it offers added flexibility and ability to do IPSec and no additional licensing is needed for BGP. We would of course prefer to use a single type/model of device as CPE.


Considerations? Recommendations for CPE?


SRX Services Gateway

Re: Managed CPE with various types of uplinks

‎04-18-2014 08:30 PM

You could use SRX, as it supports ethernet-switching, stateful Firewall functions. IDP and UTM features.

Though your current requirement is not to have security features, later time you could use it on demand.


PS: This is my individual view, you would work with Juniper SE/Sales team and have right device.




Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!