Indeed, I remember our discussions on the topic before! I still haven't made much headway. It's worth pointing out, though, that the "not configured" state can pop up when you least expect it, such as an aggregate filtering action applied after a broadcast storm (which you THOUGHT you fixed, but for some reason a bunch of stuff doesn't work still and you can't get into the box and aren't sure why). Good to watch out for since a network where unexpected things don't happen isn't connected to anything and certainly doesn't have any administrators ;)
- Ross -----Original Message----- From: Jared Mauch [mailto:ja...@puck.nether.net] Sent: Tuesday, April 17, 2018 7:39 PM To: Saku Ytti Cc: Ross Halliday; juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Going Juniper > On Apr 17, 2018, at 7:02 PM, Saku Ytti <s...@ytti.fi> wrote: > > > DDoS protection out-of-the-box is for all practical purposes not > configured at all, which is unfortunate as that is what most people > run. When configured correctly Trio has best CoPP I know of in the > market, certainly better than Cisco or Arista have. I do wish that Juniper would look at what IOS-XR has done to make configuring it much easier out of the box. An ASR 9K w/ default LPTS is much nicer than a Juniper with default firewall filters. - Jared _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
