On 25 March 2016 at 17:28, Raphael Mazelier <[email protected]> wrote:
> What the point to separate upstream and downstream port on different MPC ? > (apart FIB size) If you've cocked up your lo0/ddos-protection config (have not yet seen network which has not) customer side attack won't bring your device down if it's on different mpc, as there is build-in policer from npu=>lc_cpu, so lc_cpu can only offer known amount of traffic to RE, which is not enough to congest you. It's minor benefit and I wouldn't separate MPCs based on this. Only reason I'd do edge/core MPC separation if I'm anyhow going to have enough MPC/ports to pull it off without extra CAPEX, then it would be no brainer. -- ++ytti _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
