SRX Services Gateway
Highlighted
SRX Services Gateway

Route based VPN on SRX and EX switch

‎06-13-2019 04:24 PM

Hi everyone,

I have some questions about ipsec implementation on SRX 550 and EX4300 switches.

 

 SRX:

1)Does SRX perform IPSEC in hardware ?  Generally, On Cisco, it is implemented on route engine ( control plane) therefore CPU intensive,  though now we can use dedicated card for ipsec  on some platform.

 

2) On SRX 550, what is maximum throughput we can expect on SRX 550?

 

3) Can st0 interface particapte in PIM dense mode?

 

EX switches:

1)  Can  EX 4300 do IPSEC in hardware? does it support st0 interface?

2)Does it support st0 interface?

3) What is the  maximum IPSEC  throughput we can expect on EX 4300?

4) Can st0 interface particapte in PIM dense mode?

 

 

Thanks and have a nice day!!

1 REPLY 1
SRX Services Gateway
Solution
Accepted by topic author sarahr202
‎06-14-2019 07:56 AM

Re: Route based VPN on SRX and EX switch

‎06-13-2019 04:42 PM

Hi sarahr202

 

1) HE SRXs does IPsec in hardware while Branch SRXs does it on routing-engine.

2) Asuming you are asking for VPN throughput, as per the following datasheet it is 1.0 Gbps. Expect less than that because you will achieve that number if you forward only large packets which is not the case on any real network.

          https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000281-en.pdf

3) The st0 interface does work with PIM Dense mode.

 

As for EX switches, they dont support IPsec VPNs.

 

I hope this answer your queries.

 

Please mark this comment as the Solution if applicable