[prev in list] [next in list] [prev in thread] [next in thread]
List: juniper-nsp
Subject: Re: [j-nsp] =?utf-8?q?Using_a_QFX5100_without_QFabric=3F?=
From: Andrey Kostin <ankost () podolsk ! ru>
Date: 2017-10-27 20:50:01
Message-ID: f03fa86b992d6775a6a75f869f8621f2 () podolsk ! ru
[Download RAW message or body]
Chris Wopat писал 25.10.2017 13:00:
> On 10/24/2017 05:30 PM, Vincent Bernat wrote:
>> ❦ 24 octobre 2017 14:29 -0400, Andrey Kostin <ankost@podolsk.ru> :
>>
> Straight up saying "don't put public IPs on them" doesn't seem like
> the best advice to me. You can certainly do this, we do and it's
> fine.
> When you craft your RE protection filter you just have to squeeze a
> bit more space here or there compared to say, an MX filter. You
> should
> have this enabled weather you're using public IPs or not.
>
> Regarding TCAM programming, it's loud and clear when this happens via
> a console message and a sev0 syslog message.
Yes, that's true, and we spend a decent amount of time packing lo0
filters in a tiny TCAM after discovered that filter input-list silently
allows everything except the first filter and doesn't generate any
complaint.
So, no objection for public IPs but only careful filter planning
required.
--
Kind regards,
Andrey
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic