[POC] Use Juniper SRX100H to support RTBH BGP scale with 120 BGP Peers

Since our company current RTBH router was EOL(Cisco 1800), and our security team would like to expand the RTBH scope to all office SSL VPN all over the world(more than 100s), so we are trying to survey a good candidate for this position.

We have a spare Juniper M10i and I believe it can meet the requirement for sure, but its too big so our operation team tried to leverage the lab device - Juniper SRX100H for this purpose. That's why I did this POC to prove the BGP scalability of SRX100H.

As below is the Juniper SRX100H hardware features, as a such small device but has 1GB RAM so it can do much more than my expectation in its control plane:

• DDR Memory: 1 GB
• Power supply adapter: 30 watts
• AC input voltage: 100 to240 VAC
• FastEthernetports: 8
• Consoleport: 1
• USB port: 1
• LEDs: 4
• NAND flash: 1 GB 

My POC topology as below is very simple and straight, I used a single cable connect between two SRX100H, then setup a trunk w/ 120 VLANs between them, each VLAN will have a direct connect EBGP session.

After all configuration was done, all 120 BGP neighbors were UP without issues:

lab@SRX100-2# run show bgp summary 

Groups: 1 Peers: 120 Down peers: 0

Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending

inet.0              2400         20          0          0          0          0

Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...

1.1.1.1                   1        215        216       0       1     3:23:49 20/20/20/0           0/0/0/0

2.2.2.1                   1        214        214       0       1     3:23:45 0/20/20/0            0/0/0/0

3.3.3.1                   1        213        214       0       1     3:23:41 0/20/20/0            0/0/0/0

...

118.118.118.1             1        213        214       0       1     3:23:39 0/20/20/0            0/0/0/0

119.119.119.1             1        213        214       0       1     3:23:35 0/20/20/0            0/0/0/0

120.120.120.1             1        213        214       0       1     3:23:31 0/20/20/0            0/0/0/0

lab@SRX100-2# run show bgp summary | match 0/0/0/0 | count

Count: 120 lines

And I configured 20 BGP networks annoncement to each neighbor:

lab@SRX100-2# run show route protocol bgp | count
Count: 2400 lines

Then check the SRX CPU and memory usage, its looks great!

lab@SRX100-2# run show chassis routing-engine
Routing Engine status:
    Temperature                 60 degrees C / 140 degrees F
    Total memory              1024 MB Max   461 MB used ( 45 percent)
      Control plane memory     560 MB Max   330 MB used ( 59 percent)
      Data plane memory        464 MB Max   135 MB used ( 29 percent)
    CPU utilization:
      User                       4 percent
      Background                 0 percent
      Kernel                     8 percent
      Interrupt                  0 percent
      Idle                      88 percent
    Model                          RE-SRX100H
    Serial ID                      AT1612AF0205
    Start time                     2014-03-05 09:40:12 UTC
    Uptime                         4 hours, 29 minutes, 8 seconds
    Last reboot reason             0x1:power cycle/failure 
    Load averages:                 1 minute   5 minute  15 minute
                                       0.11       0.13       0.07 

If you have similar case and realistic resource limitation, maybe you can consider to reuse your spare Juniper SRX to do this kind of job :)

Good luck!

POC Lab configurations:

• SRX100-1
• SRX100-2

Juniper RTBH Reference:

• BGP remote-triggered blackhole (RTBH) filter for Juniper 
• Remote Triggered Black Hole Filtering (RTBH) 
• Remote Triggered Black Hole Filtering and Flowspec 

Another related POC:

• [POC] Use Juniper Firefly Perimeter to support RTBH BGP scale with 120 BGP Peers