Re: [j-nsp] ACL for lo0 template/example comprehensive list of 'things to think about'?

On Wed, 11 Jul 2018 18:22:36 + Chris Boyd wrote: > Team Cymru has a “JunOS Secure Template” that I found a good place to start. > It quotes version 4 though. I think that means it’s well tested? > > http://www.cymru.com/gillsr/documents/junos-template.pdf That document is old and should

Re: [j-nsp] ACL for lo0 template/example comprehensive list of 'things to think about'?

- On 13 Jul, 2018, at 11:30, Saku Ytti s...@ytti.fi wrote: > On Fri, 13 Jul 2018 at 06:19, Antti Ristimäki wrote: > >> I can see the reasoning behind disabling sub detection, but how would you >> then >> protect e.g. in a peering VLAN a single peer from killing also all the other >> BGP

Re: [j-nsp] How to maintain scripts

On Jul 13, 2018, at 4:43 AM, amor...@orion.amorsen.dk wrote: > > Maintaining scripts is a bit of a pain. > > Do you have scripts on most of your devices? We do, but we're a campus not a provider, so: - we don't upgrade code versions often - things are pretty homogenous (except for ELS vs

Re: [j-nsp] ACL for lo0 template/example comprehensive list of 'things to think about'?

On Fri, 13 Jul 2018 at 06:19, Antti Ristimäki wrote: > I can see the reasoning behind disabling sub detection, but how would you > then protect e.g. in a peering VLAN a single peer from killing also all the > other BGP sessions behind that specific ifl? I'm sure you were anticipating my