[j-nsp] GRE tunnel requires PIC?

Richard A Steenbergen ras at e-gerbil.net
Fri Aug 29 00:01:59 EDT 2003


On Thu, Aug 28, 2003 at 10:50:12AM -0700, harry wrote:
> Routing transit traffic over fxp0 is dangerous because it can generate a
> lot of traffic over the internal PFE/RE link (fxp1).
> 
> While a TS PIC is not free, I believe that Juniper felt it was better to
> pay more for being able to turn on services without the possibility of
> impacting existing services and routing protocol convergence/stability.

Last I looked, the risks I was willing to take on my network by enabling 
or disabling certain features was my choice, not my vendors'. :)

Besides, that's nonsense... You run the risk of having the fxp1 link 
filled by DoS if you choose not to place filters and policers on your lo0, 
you could easily do the same to limit v6-in-v4 tunnel traffic to small 
amounts.

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)


More information about the juniper-nsp mailing list