We are running into some serious management issues with our hub SDX-PRO routers, which have between 500 and 800 speedfusion profiles and upwards of 1200 static routes or outbound policies and some grouped networks with many entries.
The issues are not bugs - the router is working as designed. Rather they are evidence that although an SDX-PRO can handle 800 SF peers and an EPX 4000…no one on the GUI dev side has actually USED one with that kind of volume in use. Frankly, I cannot imagine managing thousands of peers/routes etc the way it is now.
I am going to break this up into multiple requests, as there are five different ones I would like to see, but they are unrelated to each other, other than that they are about capacity.
#5 is grouped networks. Again, on a border route you may have hundreds or even thousands of subnets or IPs in a group.
5a allow CSV view/edit. paste in a list instead of one at a time
5b a tool to auto-collapse redundant subnets. i.e. if all 16 /28s out of a /24 are in the group, replace them with a single /24 entry (that one is not really for me, I have an external tool to do that, but it is useful)
We are implementing this. Target to support it in the coming firmware release tentatively.
Can we get a final response and timeline on this?
This one we could really use. Also need to know what the practical limits are (i.e. that use of grouped networks in firewall rules is properly implemented using memory hash/b-tree or similar hi performance match).
We are moving towards allowing only whitelisted ips to reach out SIP server IPs. Normal connection will be over VPN with default block for public access, but we will whitelist the WAN and cellular static IPs of remote pepwaves in order to allow phones to connect if there is a VPN issue.
This means that we will have about 2500 IPs in a grouped network now, growing that by close to 100 IPs per month.
In other routers (low end junipers etc) I have had IP network filter lists of 15,000+ entries with no performance hit, but I need confirmation that that should be no issue on the pepwave (SDX-PRO)
This will be available in 9.0.0.