andkorn.org

a fine line between curiosity and madness.

Juniper SRX100H Internals

I recently bid on a used Juniper SRX100H (high-mem) on eBay. I got it for a decent price and it runs the latest Juniper SRX code. I bought the unit to use in my home testing lab, where I will be testing vendor compatibility (IE between Cisco and Juniper) as well as setting up lab environments. Since the unit is more than 2 years old I can safely assume that it is out of warranty, mostly because the eBay seller said he previously used it in his home lab. So after I made sure it worked properly the first thing I did was open it up!

(not pictured: power adapter)

The Juniper SRX100H is the smallest unit in the SRX lineup. Don’t be fooled by its size though, it still has all (most?) of the features of all the larger units! This little guy supports BGP, OSPF, multiple routing instances, CoS (QoS in Cisco lingo), and anything else you can think of that you would want in a larger unit. You can even cluster two of these together for redundancy/failover. The Chassis-based SRX units are a little different in the sense that they have custom ASICs for firewalling, etc., while the smaller SRXs have software-based firewalls.

Inside we have one large board with everything soldered onto the board. You cannot upgrade any of the hardware on the SRX100, nor can you install any add-on cards. This is unlike the Cisco ASA5505 that I also have, which can take a security add-on card (slot in the back) and a memory upgrade if you open the unit. The USB port on the front of the SRX allows for failover to 3G modem for Internet. The SRX also supports a CX111, which is a 3G modem connected via Ethernet to the SRX.

At the top of the picture (back of the unit) there are 3 headers labelled Connection 1, Connection 3, and Connection 4. I could not find Connection 2. No idea what these do, and I don’t really care to find out as I may fry the SRX in the process.

The cluster of four square chips next to the CPU heat sink are the RAM chips, which total to 1GB. There are also what look like to be two flash memory chips (one ST at the top and one Samsung in the middle). The SRX100 has a Marvell 88E6097-TAH1 which seems to be a 8-PORT FE + 3-PORT GE MANAGED SWITCH (8 PHYS + 3 SERDES) based on what I found on the web. SO the SRX100 uses Marvell 8-port fast-Ethernet switch silicon for the ports. In the SRX you address each port separately and they can (and in most deployments are) in separate security zones/networks. Or you can define a range of interfaces to act as a switch. It’s up to you really.

We also have a VIA VT6212L 4-port USB 2.0 chip, of which only one USB port is available. I believe this is a solid unit, and I think it will provide useful to me in a lab environment.

See Also

  • Juniper.net:SRX100 specs
  • Michael Dale’s review of Cisco ASA 5505 vs Juniper SSG 5 – he outlines the pros and cons of the two – outlining the limitations of both. While the SRX is much different than the SSG5, his article does show how the limitations of purchasing a small Cisco or Juniper will affect you. You can’t have it all when you buy such a small device!
  • One thing to note is while the ScreenOS-based (Netscreen OS) SSG lineup has small firewalls with wireless built-in, none of the SRX units have wireless. Instead, the SRX units can act as a wireless controller for an AX411 WAP. I do not know which specific models of SRX are supported.

Comments