Juniper SSG-550 Performance

Apr 17, 2008

Does anyone have any experience running Juniper SSG-550 firewalls in a high-traffic hosting environment?

I run network operations for a hosting provider in Australia. We currently have two J4350s running as border routers, and we are looking at putting two Juniper SSG-550s behind the border routers to do stateful firewalling / NAT.

We'll be using active/active NSRP on the SSGs for load balancing and failover.

My concern is that these devices may not be able to handle our traffic load. They have a hard-set limit of 256,000 "concurrent sessions" which may not be enough for us in peak times. Almost all of our traffic is HTTP though, so I would imagine sessions would timeout quite quickly?

View 5 Replies


ADVERTISEMENT

Firewall - Looking At Juniper

Oct 5, 2009

I need to protect about 80 servers from certain attacks some of them are being victim of. Altogether, these servers use about 200Mbps being almost all of them webservers. The last time, one of them was a victim of a DDoS attack which made all the rest get some packet loss (because this attack was consuming all the bandwidth we had available).

I was looking at Juniper solutions, however I get a bit confused with all the products they have to offer. First, I was looking at IDP series, but they seem a bit pricey and I believe I don´t need all those IDP functions those devices are capable of. NetScreen is also too expensive for me. I´m looking at a budget of 10.000$ aprox.

I found SRX series and after taking a look at SRX240 and SRX650 specs [url] those firewall numbers seem very nice and perfect for my problem. Would this be a wise choice? This device would act also as the main router for our racks. Please let me know if there are other recommendations that fit the specified budget (10K).

View 14 Replies View Related

Juniper J Series

May 9, 2008

Can anyone give any real world numbers as to what each model of the Juniper-J series router is capable of? How much do these routers cost, and where is the best place to get them from?

View 14 Replies View Related

Juniper SSG Series

Dec 26, 2007

In one of our racks, we now just have two Procurve (J4900B) switches, and run software firewalls on our CentOS servers. We are now looking towards a hardware firewall to ease managment and reduce load on our servers.

One of our suppliers reccomends the SSG140 from Juniper, and it seems to cover our needs. The SSG320 however seems to have more features, like layer3 routing. Could this device replace our Procurve switches, and act as a firewall/switch?

Anyone familiar with these devices and have some input on what to choose? How does the anti-ddos and bruteforce attack functions work out, do they hold up? Anyone tested the Deep Inpspection Signature module? Is it worth having for a ISP/Webhost?

View 6 Replies View Related

Juniper J-series

Nov 10, 2007

any experience and feedback on Juniper J-series routers?

View 4 Replies View Related

Procurve Vs. Cisco Vs. Juniper

Oct 11, 2009

I've been reading and searching on here as much as I can to try to help me in making a decision, unfortunately when I think I know what to do, I read something else and get confused again.

We are in the process of moving networks within our datacenter and will have 2 drops coming into our half-cabinet. We have about 7 servers in there, some for our own use and some for clients. In all cases, we manage the servers and are the only ones with root access (no need for VLANs for the purpose of protecting IPs etc).

We currently have a single drop and use an HP procurve 2524 layer2 switch that has been in there for over 6 years and never had a single hiccup. We also don't push much traffic at all though. Under 5mbps combined.

My question though is this: moving to the new network we will have 2 drops that are set up as HSRP on their end (upstream of me, I don't have to worry about having two switches). In order to use the dual feeds, we will need a Layer3 switch. One feed will be active, the other is not, both are connected to the switch via a VLAN and provide a gateway for VLAN2 to use. I have never used a layer3 switch, though I'm not *too* concerned since I don't expect we'll be doing anything too complex. My understanding is that one VLAN (VLAN1) will be set up with an IP address assigned to each drop and that VLAN1 will create a gateway for VLAN2. The second VLAN (VLAN2) will be all our "inside" client IPs that will then route through VLAN1.

I was briefly checking out the cisco 3750, but I think it's overkill...? I don't want to spend too much money, since I don't think we need any complex setups, at the same time, I don't want to waste money by buying something that won't work efficiently down the road.

My immediate short-list is now an HP procurve 2610, an HP procurve 3500 J9470A (not the YL), and a Cisco 3560 24-TS.

Of course, then someone mentioned Juniper (whom I have zero experience with either) and hence the title to my thread... I'm thoroughly confused. I was looking at the EX3200-24T.

Ok, so if I have to boil this down to some simple requirements/thoughts... here goes:

1. I only need 24 ports for now.

2. I use SNMP currently to monitor usage for clients (and overall)

3. I like HPs and have used them for layer2, I like their lifetime warranty and software availability

4. I don't have direct experience with Cisco at all.

5. Aside from routing from one VLAN (provider side) to another VLAN (my side), I don't think I need any other special features (hence the hp 2610 being ok I think, since it offers "lite layer3")

6. Some people say HP is great for layer2 but not for layer3? Now I dont' know what to think.

7. Currently use about 2mbps and might jump to 3 or 4mbps, but don't have major needs. I'd like for this switch to be able to last me a while though... so maybe 20~40mbps+? (but still not the hundreds of mbps that others here push

8. If possible, I'd LIKE to limit some servers to 1mbps or 2mbps on a per-port basis... but this is not a hard requirement. (I think this takes the 2610 out).

Budget: I like the $500 price tag of the 2610, but can spend the $1500~$2000 for the HP 3500, Cisco 3560, or Juniper. I would just rather not, if the price/features are not justifiable.

Hopefully I've provided enough information for someone to offer their insight? I think a few strategic key points or questions from someone with more experience might be what I need to help me bust through the "too many choices" fog and end up with the best switch for my situation...

View 14 Replies View Related

Configuring Juniper Netscreen-25

Nov 10, 2007

I am tried of not finding a good documentation on now to configure netscreen-25 firewall.

This is the current setup;

Ethernet Drop -> Netscreen (connected via straight RJ-45)

NetScreen -> Switch (Connected via cross-over cable)

This is the what I want to be able to do...

I am assigned a 76.36.57.32/27 subnet
Netmask 255.255.255.224
Gateway 76.36.57.33

1) Make Netscreen accessible via IP 76.36.57.34 for remote management.

2) I dont want netscreen to assign IPs for my wired devices because I've already set all their IPs and those are the ones I want to use.

Now, I did read the manual [url] and went to Network -> Interfaces -> Ethernet 1 Trust *edit* and in the "IP address" box I typed 76.36.57.34 and netmask "/27".

In the "Manage IP" box, I typed 76.36.57.39/27 according to the manual.

After doing all that, I cant access any of my "wired" devices behind firewall and neither can I access the firewall itself with the IP I assigned.

View 6 Replies View Related

Juniper SSG5 And Public IPs

Dec 19, 2007

we have this Juniper SSG5 firewall, our very first Juniper and wanted to use it.

While I am able to use it in NAT mode, I have been unsuccessful to use it in route mode.

We have Public IPs from the same segment and I wanted to use it with the firewall but it appears that I can't assign IPs for each port if the IP is from the same segment.

Does it mean that we can't use it other than in NAT mode?

What we want to accomplish is to have one of IPs to act as gateway and filter or route in/out traffic to/from our other IPs.

View 0 Replies View Related

JaguarPC Performance VS. LiquidWeb Performance

Jul 13, 2007

I am using dreamhost host 3 of my web sites and 1 blog. Dreamhost is great, offers alot space and bandwidth.

but I think they are oversellling their space, sometimes it gets really slow. (overselling ? ok, I dont really know, but sometimes its really slow, and most my asian readers said need to refresh to load the page. I am wondering if theres a way to check if they are overselling or not.)

I am thinking about buying vps, even tho, I still got 5 month left with dreamhost.

I found 2 vps companies are highly recommanded on this forum, JaguarPC and LiquidWeb.

theres already a post compared both companies in terms of price and service. I say I will pick JagarPc, cuz, its basic plan just 20 USD, and htey got promotion now, its even cheaper. and basic Liquidweb vps plan is 60 bucks.

I am wondering why Jagarpc is so cheap , are they overselling? how can we check if they are overselling.

I found a few posts saying how good jaguarPc is. and they are not overselling, but those members just signed up this month, and only have 1-3 posts. I cannot really trust those new members.

Can someone share their experience with JaguarPC? compare JaguarPc performance and liquidweb performance. antoher question is switch from dreamhost to JaguarPC basic vPS plan, will performance gets better?

last question: VPS account allows 3 IP, 3ip = 3 domains? if not, how many domains can I have?

View 14 Replies View Related

Juniper SSG 520/550 Vs Cisco ASA 5520 (5540)

May 3, 2009

We are searching a firewall for our small colocation.

We have chosen the Juniper SSG 520/550 or a Cisco ASA 5520 (eventually the 5540).

We want primaly filter ddos attacks on our webservers (bot-network, attacking a domain, port 80) and syn flood attacks (port 80).

Do you have real experience with the Juniper or Cisco devices?

Can we integrate such device in the fellowing network design:
(where to put the firewall ?)

- Uplink 1gbit datacenter -> our HP Procurve gigabit switch

- HP Procurve switch -> Servers

We are using /30 as eth0 "bridged", and /29 /28 /27 "routed" over eth0.

I would prefer a "live analysis" of our traffic. Is that possible?

View 12 Replies View Related

Cisco ASA 5505 Vs. Juniper Netscreen 5GT

Oct 23, 2007

I've been looking at these two Firewalls for a quite some time and I am not sure which one I should go with. Price is not a factor since both are around the same price range.

The firewall is going to be in between my DROP and LAYER3 Switch.

So...FastE -> Firewall -> Layer3

As you can see, I dont want any fancy VLAN stuff or anything like that since my switch can take care of all that. I just want a firewall which is easy to configure and manage and has DDoS protection built-in.

If you have any other hardware based firewalls in the price range of ASA 5505 and Netscreen 5GT then I would want to hear about those as well.

View 14 Replies View Related

Juniper ScreenOS / SSG Block A User Agent

Nov 25, 2008

I have a SSG-320M I manage, and would like to know if I can block traffic to our web servers based on the user agent hitting us? I know user agents that keep using more and more IP addresses to crawl us, one already taking up some 30 or 40 addresses under my policies and its a pain to identify these by hand and keep updating the firewall every few days to add new IP addresses for them. Is there somewhere I can add part of the user agent I do not want to ever see again? Right now I do this by having a policy at the top saying "BadBotsGroup" is denied. But I want to deny anyone with a user agent "OneUserAgent" or "SecondUserAgent"

It seems so important and simple, but I do not see anything about being able to do this. Thanks for help and pointers. Right now we have special code at the top of our sites that blocks these bots, but I would much rather do it in one location at the firewall.

View 3 Replies View Related

HP 2910al, Summit X350, Juniper EX3200, Netgear Gs724at

Aug 23, 2009

Looking to upgrade to a new switch and have the following in mind. Budget is around 1-2k. We're pushing 500mbps upstream so i want to make sure that the unit can handle that well. Lots of full speed traffic between servers too.

No fancy features required, and the only need is port trunking, which all of these have.

I look at the specs for latency and pps, but I'm not sure if you can trust these figures.

Anyone have experience with the following.

HP Procurve 2910al-24
$1430
latency <2.9us
131 Mpps
176 Gbps
Bonus: 10Gb capability with expansion module

Extreme Networks Summit x350
$1300
latency < ?
65 Mpps
88 Gbps
Bonus: 10Gb capability with expansion module

Juniper Juniper EX3200-24T
$1800
latency < ?
65 Mpps
88Gbps
Bonus: 10Gb capability with expansion module
Bonus: 8 ports are POE

Netgear GS724AT
$350
latency <3us
??? Mpps
48Gbps

View 9 Replies View Related

Cisco 6509 With SUP720-3BXL Or Juniper M40i For Routing

Nov 5, 2007

to build a new 10GE network and have received offers from Juniper and Cisco distributors.

Juniper seems to be a bit more expensive. It was our first choice at the beginning untill we saw many big ISP's using cisco 6509 with SUP720-3BXL for routing.

Is there anyone with experience on both products? How about support for both of these?

View 14 Replies View Related

MS SQL Performance

Sep 7, 2008

We run a very busy web application written in .net . The backend is SQL 2005. The server running SQL for this web app is slammed constantly. CPU is red lined, and the disks are queuing up because they cant keep up with the demand. What I am wondering is what do the big websites do to gain performance? What direction should we start moving in to get ahead of the curve. We are using an HP DL 580 with 4 x quad core xeons and the fastest SAS drives we could get.

View 14 Replies View Related

PHP 6 Performance

May 12, 2008

Any rumors known already?

View 4 Replies View Related

LVM(2) Performance

Dec 10, 2007

Does anyone have experience using LVM2? We'd rely on hardware RAID mirroring for the underlying physical redundancy, but we're very interested in LVM2's storage virtualization features.

If anyone can share their experiences with LVM2 with regards to performance and possibly use in a SAN environment,

View 2 Replies View Related

VPS Performance

Apr 20, 2007

Hypothetical Scenario:

Let's say I've got a single website built in Drupal (using PHP and MySQL). It gets less than a 1,000 visits per day and needs very little storage or bandwidth. The site is currently on a shared host and it runs okay, but often has very slow page loads due to sluggish MySQL calls and other traffic on the server. Sometimes the homepage loads in 2s but other times it takes 20-30s depending on time of day. The client is sick of this performance on such a low traffic site and wants to improve the situation.

Question: Will a VPS really provide that much better performance than a shared host?

Remember I'm talking ONLY about page load time under minimal load. No need to take into account scaling or Digg/Slashdot effects.

I know dedicated is the best option but it seems crazy for such a low traffic site. A lot of the VPS offers are very attractive in theory (managed and affordable) but in practice I'm concerned that even a 512MB VPS with 1GB burst won't make much of a performance difference.

Mainly I don't want to go to the hassle and extra monthly expense of moving everything to a VPS for only a minimal gain.

View 14 Replies View Related

Godaddy VPS With Low Performance

May 2, 2007

We shifted one website based on Article Dashboard (its an article directory script coded in Zend) to a Godaddy VPS ($35 per month) from a shared hosting account with hostgator.

This VPS is really slow compared to hostgator account.

Can anyone tell what we should do?

View 6 Replies View Related

RAID 5/6 Performance

Sep 30, 2009

Im planning on buying a NAS from my provider for using as a backend to my VPSes (around 15). The plan is to put the server images on the NAS so the VPSes can be moved without interruption between different nodes.

The server i have looked on so far is the following:

CPU: Xeon 3330 2,67Ghz
RAM: 4GB DDR2
HDD: 8*Barracuda 7200.12 1000GB, 7200rpm, 32MB, SATA-II
RAID: 3Ware 9650SE
Network: Intel 2*1Gbit

Would it be enough to fill the Gbit-line?

The budget is pretty tight so if it's possible to do this with SATA drives it would be great, otherwise it could be a possibilty to go down in diskspace and switch the SATA drives to SCSI/SAS drives.

View 3 Replies View Related

VPS Performance / Server

Apr 12, 2009

We are getting into VPS hosting and wanted to get some opinions and feedback as we're quite unsure on what to expect as for performance and how many clients we can generally keep on a box.

For now we've bought 3 dell R710 with dual Xeon L5520, 72GB ram and 8 x 2.5" SAS drives.

We are thinking of a base offering of 512 megabytes of ram and
was hoping to get about 40-50 onto a server.

With 40 there should be -plenty- free ram and plenty drivecache.

Then a next offering of 1 gig ram and next one of 2 gigs.

Even if we do the biggest 2 gig offering with 25 on a server we should have free ram to spare.

The software would be virtuozzo.

Any thoughts on this, am I expecting too much, or am I being fairly realistic?

View 6 Replies View Related

Poor Xen Performance

Nov 7, 2009

I have been working with Xen over the last week or so and I can't figure out why the performance is downgraded so much when booting into Xen. There are certain things that seem just as fast but other things just don't seem normal.

I have tried this on two different quad-core systems, one new generation (York) with CentOS5 and one old (Kent) with Debian Lenny but neither seem to produce good speeds.

For example, when I use the default kernels I can usually get about ~600 score out of unixbench-wht and things such as top and core systems show up as 0% cpu when running top.

When I boot into Xen kernel however, whether it been from Dom0 or the guest OS, top uses about 3% CPU and unixbench-wht produces scores under 250.

I have set vcpus to 4 and have even tried vcpu-pin 0 0, 1 1, 2 2, 3 3 but nothing seems to be changing anything. The disk speeds seem about the same (hdparm). I'm assuming it is something with the CPU,

View 2 Replies View Related

Performance Of 2 X 1TB RAID1

Feb 7, 2009

I have to leave the Supermicro servers and use only Dell. I have this question.

There is a big difference in performance between these two RAID configurations?

Dell - 2 x 1TB RAID1 PERC6

Supermicro - 4 x 500GB RAID10 3ware 4 port

It is for use with webhosting.

View 14 Replies View Related

Performance -VPS Setup

Nov 6, 2009

I need some advice on my situaton at my host, and possibly some frame of reference as to what can/should be expected from a VPS setup like mine and what I can expect it to manage.

I have a site that sees some traffic of about 150k pageviews per day. On any given day, it peaks for roughly a timespan of 4 hours per day where there may be about 5 req/s.

I use a standard setup (LAMP) running mod_php in Apache, not fast cgi. I have a VPS on Virtuozzos Power Panel that has 1,5 GB RAM and really an unkonwn amount of CPU. I haven't been able to ascertain that information but probably could if I asked my host.

The problem is that during these hours it gets a bit slow from time to time. Running TOP shows sometimes a staggering amount of waiting processes i.e. the load is quite high (15 - 25).

So, I'm now really at a fork in the road where I either start looking into going with a different setup, say Nginx + PHP-FPM (FCGI) and try to see if that makes a difference. I'm not really an admin so I would be kind of lost on that. I could also start looking into my code to see if I can cache more or do smarter stuff etc.

However, before doing any of the above, I'd like to ask this crowd here if you think that I've sort of hit the roof on what can be expected from a VPS of the size I just told you about. That my situation is quite normal and that the real solution is actually just to upgrade my VPS. Is it?

View 8 Replies View Related

Scaling Performance

Apr 14, 2009

Lets assume that we (me and the people I'm working with) were to launch a really powerful website. Then all of a sudden there is more demand for the website than the backend infrastructure can handle.

What do we do?

- 1000 users (ok so one powerful server should be enough).

- 2000 users (lets setup an additional server to work as the HTTP while the powerful server acts as the database only).

- 3000 users (lets eliminate all the commercial linux programs and install a fresh version of linux on both boxes and compile only the programs we need).

- 5000 (lets setup another server that handles the sessions).

- 6000 (lets setup a static-only server to deliver the non-dynamic content).

- 7000 (lets do some caching ... ugh maybe it won't be enough).

Any greater and what? We've run out of ideas on how to separate the code logic and how to optimize every byte of data on the website! What do we do? We can buy more servers, but how do we balance the load?

This is where I'm stuck at. In the past I've separated the load in a modular sense (one server does this and one server does that), but eventually I'll come across a wall.

how clustering works? What I wanna know is how is the information, whether it be the server-side code or the static information, is shared across machines. Is it worth it anymore to learn these things, or is it worth it just to host with a scalable hosting solution like AWS?

View 1 Replies View Related

7200 Rpm HDD Vs. 10k Rpm HDD Performance

Aug 22, 2008

How much faster is a 10k rpm HDD vs a 7200 rpm HDD in a server environment?

IMO, a 7200 rpm HDD is much faster than 5400 rpm HDD when it comes down to desktop PCs..

Just wondering if it's worth upgrading to a 10k rpm HDD from a 7200 rpm HDD and losing about 1TB of storage as well...

(Comparing specifically 2 750GB 16mb cache 7200rpm SATA 2 HDD RAID 1 with 2 150GB 16mb cache 10krpm HDD in RAID 1)

View 6 Replies View Related

Disk IO Performance

Mar 26, 2008

From the Disk I/O performance is it better

1) to have main PHP file with 10 includes

2) all 11 files as one file

3) the difference is not big

Suppose
a) a low traffic site

b) a high traffice site

View 7 Replies View Related

Performance Benchmark

Feb 19, 2008

I have several VPS's that I run. Some run LAMP, others RoR, and my latest runs with Nginx + Cherrypy (python).

To be honest, I've never run any benchmarks to see how well the servers performed under stress. But I'd like to start.

Are there are good (free) programs out there that will stress test my web servers? I develop on windows, but deploy on linux, so either platform is ok. I'm most interested in how many concurrent connections can be maintained.

View 2 Replies View Related

Joomla + VPS Performance

Dec 9, 2008

I currently have a VPS in the UK that I host my clients joomla sites off and the specs of this VPS server are as below:

- 20 GB SA-SCSI Disk Space
- 350GB bandwidth
- Full root access / Parallels/WHM/cPanel
- 2 Dedicated IPs
- 384 MB SLM RA

I am now running around 10 joomla based sites off of this VPS, 5-6 of which are Ecommerce based sites. Whilst I am probably only using 10gb of the overall disk-space so far, in terms of performance, should I continue to add clients to this server or should I keep the more hungry sites on this server and move some of the less resource intensive non-ecommerce sites to another VPS? Or would it be in my best interest to upgrade to a Dedicated server where I will have all my own resources?

View 6 Replies View Related

Performance Levels Between USA And UK

Apr 17, 2008

I’m moving my web server from the US to the UK.

Would I be roughly right in assuming that an American customer accessing a UK server will see similar speeds to what I have been getting as a UK customer accessing the same site on a US server?

View 1 Replies View Related

RAID Performance?

Jul 25, 2008

Is there any RAID performance decrease if per say you have a 24-RAID 3ware hardware card and you already have a 6x RAID partion on RAID 5 but then you are now adding per say 18x of HDD and your going to make it to another partion of RAID 5 does the performance stay the same or decrease?

The question as to why you would have different RAID partions is because if you were to buy a 8U you would want it as an investment to avoid buying smaller cases to eliminate the amount of money on new motherboard/cpu/ram per each system and add hard drives whenever you can and RAID them.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved