Re: [j-nsp] (No subject)

Barry, Thanks for the link. I had to laugh at this: 'you are tired of arguing with your network architecture team (“we are here to transport packets” vs “the Internet firewall” ;-)'. 20 years later, that still rings awfully true for me. This diagram accurately displays how I've built a

Re: [j-nsp] L3VPNs and on-prem DDoS scrubbing architecture

On Tue, Apr 02, 2024 at 07:43:01PM +0300, Alexandre Snarskii via juniper-nsp wrote: > On Tue, Apr 02, 2024 at 03:25:21PM +, Michael Hare via juniper-nsp wrote: > > Hi! > > Workaround that we're using (not elegant, but working): setup a > "self-pointing" routes to directly connected

Re: [j-nsp] L3VPNs and on-prem DDoS scrubbing architecture

On Tue, Apr 02, 2024 at 03:25:21PM +, Michael Hare via juniper-nsp wrote: Hi! Workaround that we're using (not elegant, but working): setup a "self-pointing" routes to directly connected destinations: set routing-options static route A.B.C.D/32 next-hop A.B.C.D and export these to

[j-nsp] L3VPNs and on-prem DDoS scrubbing architecture

Hi there, We're a US research and education ISP and we've been tasked for coming up with an architecture to allow on premise DDoS scrubbing with an appliance. As a first pass I've created an cleanL3VPN routing-instance to function as a clean VRF that uses rib-groups to mirror the relevant