0 0:50:56:b3:4f:fe ucst 1420 3 ae17.3347
>
> > -Original Message-----
> > From: Alexandre Snarskii
> > Sent: Tuesday, April 2, 2024 12:20 PM
> > To: Michael Hare
> > Cc: juniper-nsp@puck.nether.net
> > Subject: Re: [j-nsp] L3VPNs and on-prem D
p Type IndexNhRef Netif
A.B.C.D/32 user 0 0:50:56:b3:4f:fe ucst 1420 3 ae17.3347
> -Original Message-
> From: Alexandre Snarskii
> Sent: Tuesday, April 2, 2024 12:20 PM
> To: Michael Hare
> Cc: juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp]
On 4/3/24 18:06, Tom Beecher wrote:
My first thought was also to use BGP-LU.
Would a virtual router with an lt- interface connecting the VRF to the
global table be too expensive?
Mark.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
>
> but a BGP-LU solution exists even for this problem.
>
My first thought was also to use BGP-LU.
On Wed, Apr 3, 2024 at 2:58 AM Saku Ytti via juniper-nsp <
juniper-nsp@puck.nether.net> wrote:
> On Wed, 3 Apr 2024 at 09:45, Saku Ytti wrote:
>
> > Actually I think I'm confused. I think it will
nsp
> > Sent: Wednesday, April 3, 2024 1:58 AM
> > To: Mark Tinka
> > Cc: juniper-nsp@puck.nether.net
> > Subject: Re: [j-nsp] L3VPNs and on-prem DDoS scrubbing architecture
> >
> > On Wed, 3 Apr 2024 at 09:45, Saku Ytti wrote:
> >
> > > Actua
.net
> Subject: Re: [j-nsp] L3VPNs and on-prem DDoS scrubbing architecture
>
> On Wed, 3 Apr 2024 at 09:45, Saku Ytti wrote:
>
> > Actually I think I'm confused. I think it will just work. Because even
> > as the EgressPE does IP lookup due to table-label, the IP loo
On Wed, 3 Apr 2024 at 09:45, Saku Ytti wrote:
> Actually I think I'm confused. I think it will just work. Because even
> as the EgressPE does IP lookup due to table-label, the IP lookup still
> points to egressMAC, instead looping back, because it's doing it in
> the CleanVRF.
> So I think it
On 4/3/24 08:45, Saku Ytti wrote:
Actually I think I'm confused. I think it will just work. Because even
as the EgressPE does IP lookup due to table-label, the IP lookup still
points to egressMAC, instead looping back, because it's doing it in
the CleanVRF.
So I think it just works.
So OP
On Wed, 3 Apr 2024 at 09:37, Mark Tinka via juniper-nsp
wrote:
> At old job, we managed to do this with a virtual-router VRF that carried
> traffic between the scrubbing PE and the egress PE via MPLS, to avoid
> the IP loop.
Actually I think I'm confused. I think it will just work. Because even
On 4/3/24 08:07, Saku Ytti via juniper-nsp wrote:
If I understand you correctly, the problem is not that you can't copy
direct into CleanVRF, the problem is that ScrubberPE that does clean
lookup in in CleanVRF, has label stack of [EgressPE TableLabel],
instead of [EgressPE EgressCE], this
On Tue, 2 Apr 2024 at 18:25, Michael Hare via juniper-nsp
wrote:
> We're a US research and education ISP and we've been tasked for coming up
> with an architecture to allow on premise DDoS scrubbing with an appliance.
> As a first pass I've created an cleanL3VPN routing-instance to function
On Tue, Apr 02, 2024 at 07:43:01PM +0300, Alexandre Snarskii via juniper-nsp
wrote:
> On Tue, Apr 02, 2024 at 03:25:21PM +, Michael Hare via juniper-nsp wrote:
>
> Hi!
>
> Workaround that we're using (not elegant, but working): setup a
> "self-pointing" routes to directly connected
On Tue, Apr 02, 2024 at 03:25:21PM +, Michael Hare via juniper-nsp wrote:
Hi!
Workaround that we're using (not elegant, but working): setup a
"self-pointing" routes to directly connected destinations:
set routing-options static route A.B.C.D/32 next-hop A.B.C.D
and export these to
Hi there,
We're a US research and education ISP and we've been tasked for coming up with
an architecture to allow on premise DDoS scrubbing with an appliance. As a
first pass I've created an cleanL3VPN routing-instance to function as a clean
VRF that uses rib-groups to mirror the relevant
14 matches
Mail list logo