Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
More…
Facebook
Twitter
Digg
PrintStorm Control
Like other enterprise switches deployed at the edge of corporate networks, the EX 4200 offers a "storm control" feature to limit rates of potentially malicious traffic. We tested this feature using two denial-of-service (DoS) attacks, a broadcast storm and a SYN flood, and found the switch blocked broadcasts but forwarded SYNs.
For both tests, we configured a Mu Dynamics Mu-4000 security analyzer to generate DoS attacks at 100,000 frames per second, and then configured the Juniper switch to restrict such traffic to 1% of line rate, or around 1,500 frames per second. Using Spirent TestCenter's real-time rate counters, we verified that the Juniper switch did rate-limit broadcast traffic.
However, the switch didn't control the rate of Mu's SYN flood attack. Juniper says the current JUNOS release imposes rate controls only on broadcast and unknown unicast traffic (that is, traffic with no existing entry in the switch's MAC address table). That makes storm control useful in thwarting "bot" attacks against random, unknown destinations. It's not useful in stopping an attacker targeting specific servers.
Manageability and Usability
Assessing switch manageability is a two-part affair, with objective and subjective components. The objective part is easy, because it's based on empirical observations: We verified the EX 4200 supports management over IPv4 networks via SNMP, telnet, Secure Shell, Web, SSL and syslog. Commendably, none of these methods are enabled by default, and each (along with an FTP server) can be individually toggled on and off.
In terms of usability, the JUNOS CLI very easy to operate, even though our experience with JUNOS was limited and dated going into this test.
Unix geeks are sure to appreciate JUNOS's FreeBSD heritage; indeed, the system's CLI is a process running atop a C shell that users can drop into. The CLI also supports matching of output against regular expressions, and the syntax of many configuration parameters resembles that of many Unix configuration files. Anyone who's spent significant time in a Unix or Linux shell probably will feel at home with the JUNOS CLI.
IPv6 isn't yet fully supported in the EX line. The switch does not yet support routing of IPv6 traffic (this is slated for a release by year-end), though of course L2 switching is possible. Switch management over an IPv6 network is possible, but Web and SSL access methods aren't supported.
