> Saku Ytti [mailto:[email protected]]
> Sent: Friday, March 25, 2016 7:56 PM
>
> On 25 March 2016 at 21:39, Adam Vitkovsky
> <[email protected]> wrote:
>
> >> I believe Luis refers to FIB localisation introduced in 12.3:
> >>
> http://www.juniper.net/documentation/en_US/junos15.1/topics/concept/f
> >> ib-localization-overview.html>
> >>
> > Hmm interesting concept -then with this feature enabled where would the
> VRF filter be executed on FIB-remote PFE or FIB-local PFE?
>
> I'm not big fan, due to the potential multiple NPUs involved in lookups and
> multiple fabric travels. I'm not intimately familiar with the feature though.
>
Not a fan of VRF based features or localization
As far as I know you'll get involved with lookups on multiple NPUs either way,
though I'm not aware of any multiple fabric travels (apart from m-cast
replication god forbid :) )
> > Sorry I wasn’t clear I meant how the box performs when under DDoS
> attack.
>
> Do you mean transit DDoS? With proper QoS, should be fine.
>
Yeah transit DDoS and how it flows through the chassis along VPN traffic, well
"should be fine" but have anyone tested this actually please?
> > But yeah I guess I know what you mean with regards to lo0 filters I've been
> there, what I miss in Junos is the ability to say that only defined interfaces
> can be used to access the box. So one has to be very careful with the filter
> construction as well as understand the lo0 filter applicability rules posted
> here recently.
>
> You could use interface-groups, they are mutually exclusive with some
> forwarding filters though. I've previously used interface-groups to mark edge
> interfaces with 'privileged' access to control-plane, such like DHCP.
>
Not familiar with interface-groups but wouldn't want to restrict myself with
such an elemental thing I guess.
adam
Adam Vitkovsky
IP Engineer
T: 0333 006 5936
E: [email protected]
W: www.gamma.co.uk
This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of
this email are confidential to the ordinary user of the email address to which
it was addressed. This email is not intended to create any legal relationship.
No one else may place any reliance upon it, or copy or forward all or any of it
in any form (unless otherwise notified). If you receive this email in error,
please accept our apologies, we would be obliged if you would telephone our
postmaster on +44 (0) 808 178 9652 or email [email protected]
Gamma Telecom Limited, a company incorporated in England and Wales, with
limited liability, with registered number 04340834, and whose registered office
is at 5 Fleet Place London EC4M 7RD and whose principal place of business is at
Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
