[j-nsp] M7i w/ASM for cflowd / fw

Rutger Bevaart rutger.bevaart at illian.net
Wed Apr 13 07:33:20 EDT 2005


hello list,

I am slightly confused as to the features offered by the ASM. Ideally I
would like to use an M7i as a ASBR, collecting data to cflowd for DDOS and
traffic analysis and protecting the infrastructure using firewall rules to
block outside access to the control-plane of the AS infrastructure (not
just this router, but all loopbacks and interfaces of all routers witin
the AS).

Now, from the Juniper docs I understand that in order to use JFlow I need
to add an ASM to the config (additional $10K) which includes the JFlow
license (foregoing the NAT/FW) thing. Can I export cflowd compatible data
just using 'accounting' or does that also use/require the ASM?

Can control-plane protection be implemented on just the RE, or is the ASM
mandatory for that? Suppose I want to ACL telnet/ssh access to a couple of
subnets internal to the AS for all external IP's, could that be done using
a simple RE solution or is the ASM required for that?

Coming from another vendor's view of the world it is sometimes difficult!

Thanks for any replies,
Rutger




More information about the juniper-nsp mailing list