[f-nsp] SLX 9640 experiences
Jörg Kost
jk at ip-clear.de
Tue Nov 19 15:34:02 EST 2019
So, to leave this to posterity ;),
SLX 18r2a has been comfortable for us since June, we could stay focused
on "business" and not on toying around with the devices anymore. From my
bug tracking ambitions there are still two cases opened, but they have
been root-caused already.
SLX 20 will come around in the beginning of next year and boy I can't
wait to read the release notes.
On the MLX side of life 6.2d works well and NI-17371 / NI-21231 have
been important fixes for us.
On 3 Jun 2019, at 22:21, Jörg Kost wrote:
> One of the currently not fixed and non root-caused bugs on the SLX
> that I have found, is about Receive-ACLs. When you alter the receive
> ACL, the ACL can randomly spread to other switched interfaces and
> therefore will block pass-through traffic for the world, till you
> workaround (e.g. rebind and pray).
>
> That's a heartbreaking bug and I don't know if this is 9540 exclusive.
>
> Also in contrast to the MLX, the BGP daemon likes to talk TCP to the
> world by default and you may want to apply an ACL for known IPv6 and
> IPv4 peering partners or networks and block all the others. This is
> also true for the netconf/ssh on port 830 and don't forget the classic
> "ntp disable serve" command, too.
>
> On 3 Jun 2019, at 17:31, Robert Hass wrote:
>
>> Can you reveal what bugs you found ? We just received Arista and will
>> start
>> testing tomorrow. I'm extremely interested in FIB convergence time
>> (full
>> DFZ) and quality of Receive-ACLs (Control Plane protection against
>> DDoS).
>>
>> On Mon, Jun 3, 2019 at 4:00 PM Aaron <aaron at wholesaleinternet.net>
>> wrote:
>>
>>> We have 2 of these. They're based off the VDX platform, not the MLX
>>> so
>>> there are some differences in the command syntax. Nothing major
>>> though. For us they were not ready for production. We found 3 bugs
>>> right off the bat that have prevented us from using them. A new
>>> software version was released last week. We'll be testing it today.
>>> Hopefully it'll do the trick because from the testing we've done
>>> already
>>> they are little workhorses. And really, for the price they can't be
>>> beat.
>>>
>>> Aaron
>>>
More information about the foundry-nsp
mailing list